%!PS-Adobe-2.0
%%Creator: dvips(k) 5.78 Copyright 1998 Radical Eye Software (www.radicaleye.com)
%%Title: notes.dvi
%%Pages: 250
%%PageOrder: Ascend
%%BoundingBox: 0 0 596 842
%%EndComments
%DVIPSCommandLine: dvips -f notes.dvi
%DVIPSParameters: dpi=600, compressed
%DVIPSSource:  TeX output 1999.09.29:1650
%%BeginProcSet: texc.pro
%!
/TeXDict 300 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1}
ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div
hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul
TR[matrix currentmatrix{dup dup round sub abs 0.00001 lt{round}if}
forall round exch round exch]setmatrix}N /@landscape{/isls true N}B
/@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B
/FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{
/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N
string /base X array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N
end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{
/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]
N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup
length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{
128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub
get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data
dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N
/rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup
/base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx
0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff
setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff
.1 sub]/id ch-image N /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N
/cp 0 N{rc 0 ne{rc 1 sub /rc X rw}{G}ifelse}imagemask restore}B /G{{id
gp get /gp gp 1 add N dup 18 mod S 18 idiv pl S get exec}loop}B /adv{cp
add /cp X}B /chg{rw cp id gp 4 index getinterval putinterval dup gp add
/gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw cp 2 copy get dup 0 eq{pop 1}{
dup 255 eq{pop 254}{dup dup add 255 and S 1 and or}ifelse}ifelse put 1
adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255 eq{pop 127}{dup 2
idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2 index string
putinterval adv}B /set{rw cp fillstr 0 4 index getinterval putinterval
adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv 1 chg}
{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{
adv rsh nd}{1 add adv}{/rc X nd}{1 add set}{1 add clr}{adv 2 chg}{adv 2
chg nd}{pop nd}]dup{bind pop}forall N /D{/cc X dup type /stringtype ne{]
}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup
length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{
cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul
add .99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore userdict
/eop-hook known{eop-hook}if showpage}N /@start{userdict /start-hook
known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X
/IE 256 array N 2 string 0 1 255{IE S dup 360 add 36 4 index cvrs cvn
put}for pop 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N
/RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley
X /rulex X V}B /V{}B /RV statusdict begin /product where{pop false[
(Display)(NeXT)(LaserWriter 16/600)]{dup length product length le{dup
length product exch 0 exch getinterval eq{pop true exit}if}{pop}ifelse}
forall}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale rulex ruley false
RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR rulex ruley scale 1 1
false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave newpath transform
round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg
rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail
{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}
B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{
4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{
p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p
a}B /bos{/SS save N}B /eos{SS restore}B end

%%EndProcSet
TeXDict begin 39158280 55380996 1000 600 600 (notes.dvi)
@start
%DVIPSBitmapFont: Fa cmsy6 6 1
/Fa 1 49 df<EA01E0EA03F0A4EA07E0A213C0120FA21380A2EA1F00A2121EA2123E123C
A25AA3127012F05A12600C1A7E9B12>48 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fb cmcsc10 12 26
/Fb 26 123 df<EC7FC0903803FFF890380FC07E90393F001F80017E6D7E496D7E48486D
7E48486D7EA248486D7E000F8149147E001F157FA3003F1680A249143F007F16C0A600FF
16E0B3A2007F16C0A66C6CEC7F80A3001F1600A36C6C14FEA200075D6D130100035D6C6C
495A6C6C495A017E495A6D495A90260FC07EC7FC903803FFF89038007FC02B447BC137>
48 D<1438147814F81303130F13FFB5FC13F713071200B3B3B0497E497EB712C0A32242
76C137>I<49B4FC010F13F0013F13FC9038FC03FF2601E00013C0D807C0EB3FE048486D
7E90C76C7E001E6E7E4881003814030078811270007C80B416807F7F81A46C485B6CC7FC
C8FC17005DA25E15075E4B5AA24B5A5E4B5A4B5A4BC7FC5D4A5A4A5A4A5AEC0FC04A5A92
C8FC143E5C5C495A4948EB0380EB078049C7FC011EEC07005B5B5B48485C485A49141E48
B612FE5A5A5A5AB75AA329427AC137>I<157015F8A34A7EA24A7EA3EC077FA2020F7FEC
0E3FA2021E7FEC1C1FA24A6C7EA202787FEC7007A24A6C7EA2010180ECC001A2010380EC
8000A249C7127FA2498191B6FCA24981011CC7121F013C810138140FA201788101701407
A201F06E7E5B000182487E000782D81FF84A7EB5027F13F8A335347CB33D>97
D<B77E16F016FC3A03FC0003FF6C4801001380EE3FC017E0161FEE0FF0A217F8A21607A2
160FA217F0161F17E0EE3FC0EE7F80EEFF00ED03FE90B612F0A29039F80007FE9238007F
80EE1FC0EE0FF0EE07F817FC160317FE160117FFA617FE1603A2EE07FCEE0FF8EE1FF0EE
3FE0486C903801FFC0B8120016FC16E030337BB23A>I<4AB4EB0180021FEBF00391B5EA
FC0701039038007E0FD907F8EB0F9FD91FE0EB03DF4948EB01FF01FFC8FC4848157F4848
153FA24848151F4848150F121F491507123F5BA2007F1603A3484892C7FCAB6C7EEF0380
A2123FA27F001F16076D1600000F5E6C6C150E6C6C151E171C6C6C153C6C6C5DD93FC05C
6D6CEB03E0D907F8495A902703FF807FC7FC0100EBFFFC021F13F00201138031357BB33B
>I<B7FC16F016FC3A03FE0003FF6C489038007F80EE1FE0707E707E707E1601707E177F
A21880173F18C0A2EF1FE0A418F0AA18E0A4EF3FC0A21880177F180017FE16015F4C5AEE
0FF04C5AEE7FC0486CD903FFC7FCB712FC16F093C8FC34337BB23E>I<B812F0A3D803FE
C7123F6C48EC07F816011600A21778A21738A3171C1507A31700A25DA25D157F90B6FCA3
9038FC007F151F81A2811707A3170E92C7FCA4171EA2173CA2177C17FC16011607486C14
3FB812F8A330337BB238>I<B812C0A3D803FEC7FC6C48EC1FE0160716031601A21600A4
1770A2150EA21700A3151EA2153E15FE90B5FCA3EBFC00153E151EA2150EA592C8FCAB48
B4FCB512FEA32C337BB235>I<DA03FF1303021FEBE00791B5EAF80F0103903800FE1FD9
0FF8EB1F3FD91FE0EB07BFD97F806DB4FC49C77E484880484881484881A2484881121F49
81123F5BA2007F82A25B00FF93C7FCAA4BB512F86C7EA2DB00011380003F6F1300837F12
1F7F120F6C7E7F12036C7E6C6C5DEB7FC0D91FE05BD90FF8EB07DF903A03FF803F8F0100
9038FFFE07021FEBF80302030180C7FC35357BB340>I<B5D8F803B512E0A3D803FEC738
0FF8006C486E5AB390B7FCA301FCC71207B3A3486C4A7EB5D8F803B512E0A333337BB23D
>I<B512F8A33803FE006C5AB3B3A7487EB512F8A315337BB21E>I<90383FFFFEA3903800
7FE0EC1FC0B3B1127EB4FCA4EC3F805A0070EB7F006C137E001E5B380F83F83803FFE0C6
90C7FC1F347BB22A>I<B500F890380FFFF0A3D803FEC76C13806C48913803FC0017F04C
5A5F4CC7FC161E5E5E5EED03E04B5A4B5A4BC8FC153E5D15F014014A7E4A7E140F4A7EEC
7CFF4A6C7EEBFDF09039FFE03FC04A6C7EEC800FD9FE007F496D7E6F7EA26F7E6F7E8283
707E707EA2707E707E83160383486C913807FF80B500F8011F13F8A335337BB23F>I<B5
12FEA3000390C9FCEA01FCB3A9EE01C0A416031780A41607A2160F161FA2167FEEFF0048
6C1307B8FCA32A337BB233>I<D8FFFEEE7FFFA26D93B5FC000318C06C1880D9DF80EC01
DFA2D9CFC0EC039FA3D9C7E0EC071FA2D9C3F0140EA3D9C1F8141CA2D9C0FC1438A3027E
1470A26E14E0A391391F8001C0A291390FC00380A3913907E00700A2913803F00EA36E6C
5AA26E6C5AA3ED7E70A26F5AA3486C6D5A487ED81FFC6D48EB3FC0B50080020FB5FCA2ED
070040337BB24A>I<D8FFFC91383FFFE07FA2D801FF020713006EEB01FC6E6D5A1770EB
DFE0EBCFF013C780EBC3FC13C180EBC0FF80816E7E6E7EA26E7E6E7E1403816E7E140081
ED7F80ED3FC0A2ED1FE0ED0FF0150716F8ED03FC150116FEED00FF167F17F0163F161FA2
160F1607486C1403487ED81FFC1401B56C1300A2177033337BB23D>I<EC07FF023F13E0
903901FE03FC903907F0007FD90FC0EB1F80D93F80EB0FE049C76C7E01FE6E7E48486E7E
48486E7E4848157FA24848ED3F80001F17C0A24848ED1FE0A3007F17F049150FA300FF17
F8AA007F17F06D151FA2003F17E0A26D153F001F17C0A26C6CED7F80000717006D5D0003
5E6C6C4A5A6C6C4A5A017F4A5A6D6C495AD90FC0EB1F80D907F0017FC7FC903901FE03FC
9039003FFFE0020790C8FC35357BB33F>I<B7FC16F016FC3A03FE0003FF6C489038007F
80EE3FC0EE1FE0EE0FF0A2EE07F8A217FCA617F8A2EE0FF0A2EE1FE0EE3FC0EEFF00ED03
FE90B612F816C001FCC9FCB3A2487EB512F8A32E337BB238>I<EC07FF023F13E0903901
FE03FC903907F0007FD90FC0EB1F80D93F80EB0FE049C76C7E01FE6E7E48486E7E48486E
7E0007824981000F17804848ED3FC0A2003F17E049151FA2007F17F0A249150FA200FF17
F8AA007F17F0A26D151F003F17E0A36C6CED3FC0A26C6CED7F80000702F814009026F803
FE5B0003D907075B3B01FC0E0381FC3B00FE0C01C3F8017F903800E7F0D93F8CEBEFE0D9
0FCCEB7F80D907FE91C7FC903901FF03FC9027003FFFF813180207133C91C7123E183804
3F137893381FC1F8EFFFF0A37013E0A27013C0701380701300EE007C35427BB33F>I<B6
12F8EDFF8016E03A03FE000FF86C48EB03FEED00FF707E707E83161FA283A55FA24C5A5F
4CC7FC16FEED03FCED1FF090B6128003FCC8FC9038FC003FED0FC06F7E6F7E6F7E821500
82A382A383A4EFC01CA2167FEFE03C486C023F1338B500F890381FF07893380FF8F09338
03FFE0CAEA7F8036347BB23C>I<90390FF0018090387FFE0348B512873907F00FEF390F
C001FF48C7FC003E143F151F5A150F5A1507A36C1403A27E6C91C7FC6C7E7FEA3FF8EBFF
806C13FC6CEBFFC06C14F06C80C614FE011F7F01031480D9001F13C014019138003FE015
1F150FED07F0150312E01501A37EA216E06C1403A26CEC07C06CEC0F806C6CEB1F0001E0
133ED8FBFE13FC00F0B55AD8E01F13E0D8C00390C7FC24357BB32E>I<007FB812C0A390
3A8007FC003F277E0003F8130F007C16070078160300701601A200F017E0A2481600A6C7
1600B3AA4A7E4A7E010FB512FEA333327CB13B>I<B500F890383FFFE0A3D803FEC70007
13006C48EC01FC705A1770B3AE000016F06D5DA2017E1401017F4A5A7F6D6C495A6E49C7
FC6D6C131ED903F0137C903901FE03F89039007FFFE0021F1380DA03FCC8FC33347BB23D
>I<B500F091387FFF80A30003018091381FFC006C90C8EA0FE06C6D5D017F5E6D6C4AC7
FC171E6D6C5C6D6C143817786D6C5C6D6C5C16016D6C495A6D6C5C16076E6C48C8FC9138
3FC00E161E6E6C5A91380FF03816786E6C5A6E6C5AEDFDC0EC01FF6E5B93C9FC81B14B7E
023F13FEA339337EB23D>121 D<003FB7FCA39039FC0001FE01E01303018014FC90C7EA
07F8003E140F003C15F0007CEC1FE00078EC3FC0A2ED7F800070ECFF00A24A5A4A5AC712
075D4A5A141F5D4A5A4A5AA24AC7FC495AA2495A495A130F4A1307495A133F5C495A49C7
FC160F485A485AA24848141E485A001F153E49147E484814FE007F140349131FB7FCA328
337BB232>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fc cmmi8 8 17
/Fc 17 117 df<14C0A5497EA700F0EC03C039FF83F07F003FB61200000F14FC000114E0
6C6C1380D91FFEC7FCEB07F8497EA2497EEB3F3FEB3E1F496C7EEB7807496C7EA248486C
7E48486C7E49137090C71230222180A023>63 D<013FB512FEEEFFC0903A00FE0007F0EE
01F84AEB007E8301018118804A140F18C00103150718E05CA21307A25CA2130FA24A140F
A2131F18C04A141FA2013F1680173F91C81300A249157EA2017E5D5F01FE14014C5A494A
5A4C5A00014BC7FC163E4914FCED03F00003EC1FC0B7C8FC15F8332D7CAC3A>68
D<013FB71280A2D900FEC7127F170F4A1407A20101150318005CA21303A25C1630010714
7094C7FC4A136016E0130F15019138C007C091B5FC5BECC0074A6C5AA2133FA20200EB00
0CA249151C92C71218017E1538173001FE15705F5B4C5A000115034C5A49140F161F0003
4AB4C7FCB8FC5E312D7DAC34>I<90383FFFFCA2903800FE00A25CA21301A25CA21303A2
5CA21307A25CA2130FA25CA2131FA25CA2133FA291C7FCA25BA2137EA213FEA25BA21201
A25BA21203B512E0A21E2D7DAC1F>73 D<ED7FC0913807FFF891381F807E91397C001F80
D901F0EB0FC0D907E0EB03E0D90F8014F049C71201013EEC00F84915FC5B12014848157E
485AA2485A121FA2485A17FE90C9FC5AA300FEED01FCA3EE03F8A217F0160717E0160FEE
1FC01780007EED3F005E6C157E5E6C6C495AED03E06C6CEB0FC06C6C49C7FCD803F8137E
3900FE03F890383FFFC0D907FEC8FC2F2F7CAD36>79 D<013FB6FC17E0903A00FE0007F0
EE01FC4AEB007EA2010181A25C1880010316005F5CA2010715FEA24A5C4C5A010F4A5A4C
5A4AEB1F8004FFC7FC91B512F84914C00280C9FCA3133F91CAFCA35B137EA313FE5BA312
015BA21203B512E0A2312D7DAC2D>I<913807F00691383FFE0E9138F80F9E903903E001
FE903807800049C7127C131E49143CA2491438A313F81630A26D1400A27FEB7F8014F86D
B47E15F06D13FC01077F01007F141F02011380EC003F151F150FA215071218A3150F0038
1500A2151EA2007C5C007E5C007F5C397B8003E039F1F00F8026E07FFEC7FC38C00FF027
2F7CAD2B>83 D<B500C090380FFFC0A2D807F8C73801FC006C48EC00F05F4C5A5F6D4AC7
FC120116065EA25E6D5C12005E5EA24B5A6D49C8FCA2017E13065DA25D017F5BA26D5B5D
A24A5A0283C9FCA2EB1F86148CA2149814F0A26D5A5CA25C91CAFCA21306322E7CAC29>
86 D<90260FFFFCEB7FFFA29026007FC0EB0FF06E48148018006E6C131E1718020F5C6F
5B02075C6F485A020349C7FCEDF8065E6E6C5A5E6E6C5A5EED7F8093C8FC6F7EA26F7E15
3F156FEDCFE0EC018791380307F0EC0703020E7F141C4A6C7E14704A6C7E495A4948137F
49C7FC010E6E7E5B496E7E5BD801F081D807F8143FD8FFFE0103B5FCA2382D7EAC3A>88
D<EB07E0EB1FF890387C1CE0EBF80D3801F00F3803E007EA07C0120FD81F8013C0A2EA3F
00140F481480127EA2141F00FE14005AA2EC3F02EC3E06A25AEC7E0E007CEBFE0C14FC01
01131C393E07BE18391F0E1E38390FFC0FF03903F003C01F1F7D9D25>97
D<13F8121FA21201A25BA21203A25BA21207A25BA2120FEBC7E0EB9FF8EBB83C381FF01E
EBE01F13C09038800F80EA3F00A2123EA2007E131FA2127CA2143F00FC14005AA2147EA2
147C14FC5C387801F01303495A383C0F806C48C7FCEA0FFCEA03F0192F7DAD1E>I<EB01
F8EB0FFE90383E0780EB7C01D801F813C03803F0073807E00FEA0FC001801380121F48C8
FCA25A127EA312FE5AA51560007C14E0EC01C0EC03806CEB0F00001E131C380F81F83807
FFE0C648C7FC1B1F7D9D1F>I<157C4AB4FC913807C380EC0F87150FEC1F1FA391383E0E
0092C7FCA3147E147CA414FC90383FFFF8A2D900F8C7FCA313015CA413035CA413075CA5
130F5CA4131F91C8FCA4133EA3EA383C12FC5BA25B12F0EAE1E0EA7FC0001FC9FC213D7C
AE22>102 D<14FCEB03FF90380F839C90381F01BC013E13FCEB7C005B1201485A15F848
5A1401120F01C013F0A21403121F018013E0A21407A215C0A2000F130F141F0007EB3F80
EBC07F3803E1FF3800FF9F90383E1F0013005CA2143EA2147E0038137C00FC13FC5C495A
38F807E038F00F80D87FFEC7FCEA1FF81E2C7E9D22>I<90387C01F89038FE07FE3901CF
8E0F3A03879C0780D907B813C0000713F000069038E003E0EB0FC0000E1380120CA2D808
1F130712001400A249130F16C0133EA2017EEB1F80A2017C14005D01FC133E5D15FC6D48
5A3901FF03E09038FB87C0D9F1FFC7FCEBF0FC000390C8FCA25BA21207A25BA2120FA2EA
FFFCA2232B829D24>112 D<903807E03090381FF87090387C1CF0EBF80D3801F00F3903
E007E0EA07C0000F1303381F800715C0EA3F00A248130F007E1480A300FE131F481400A3
5C143E5A147E007C13FE5C1301EA3E07EA1F0E380FFCF8EA03F0C7FC13015CA313035CA2
1307A2EBFFFEA21C2B7D9D20>I<130E131FA25BA2133EA2137EA2137CA213FCA2B512F8
A23801F800A25BA21203A25BA21207A25BA2120FA25BA2001F1310143013001470146014
E0381E01C0EB0380381F0700EA0F0EEA07FCEA01F0152B7EA919>116
D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fd cmr6 6 7
/Fd 7 110 df<1438B2B712FEA3C70038C7FCB227277C9F2F>43
D<13FF000313C0380781E0380F00F0001E137848133CA248131EA400F8131FAD0078131E
A2007C133E003C133CA26C13786C13F0380781E03803FFC0C6130018227DA01E>48
D<13E01201120712FF12F91201B3A7487EB512C0A212217AA01E>I<EA01FC3807FF8038
1C0FC0383003E0386001F0EB00F812F86C13FCA2147C1278003013FCC7FC14F8A2EB01F0
EB03E014C0EB0780EB0F00131E13385B5B3801C00CEA0380380600185A5A383FFFF85AB5
12F0A216217CA01E>I<13FF000313C0380F03E0381C00F014F8003E13FC147CA2001E13
FC120CC712F8A2EB01F0EB03E0EB0FC03801FF00A2380003E0EB00F01478147C143E143F
1230127812FCA2143E48137E0060137C003813F8381E03F0380FFFC00001130018227DA0
1E>I<14E01301A213031307130F130D131913391371136113C11201EA03811301120612
0E121C12181230127012E0B6FCA2380001E0A6EB03F0EB3FFFA218217DA01E>I<3A0F0F
F00FF03AFF3FFC3FFC9039703E703E3A1FC01FC01F6C486C487EA201001300AD3BFFF0FF
F0FFF0A22C157D9432>109 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fe cmbsy10 12 2
/Fe 2 21 df<007FBA12F8BB12FCA46C19F84606779B59>0 D<1A78F101FC1907191F19
7F953801FFF8060713C0061F1300F07FFC943801FFF0050713C0051F90C7FCEF7FFC9338
01FFF0040713C0041F90C8FCEEFFFC030313F0030F13C0033F90C9FCEDFFFC020313F002
0F1380DA3FFECAFCECFFF8010313E0010F1380D93FFECBFCEBFFF8000313E0000F1380D8
3FFECCFCEAFFF813E0A213F8EA7FFE380FFF80000313E0C613F8EB3FFE90380FFF800103
13E0010013F8EC3FFE91380FFF80020313E0020013FCED3FFF030F13C0030313F0030013
FCEE3FFF040713C0040113F09338007FFCEF1FFF050713C0050113F09438007FFCF01FFF
060713C0060113F09538007FFC191F19071901F100781A00B2003FBA12F04819F8BB12FC
A36C19F8465C77C459>20 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Ff cmmib10 12 2
/Ff 2 64 df<127812FE6C7E13E013F8EA3FFE380FFF80000313E0C613F8EB3FFE90380F
FF80010313E0010013F8EC3FFE91380FFF80020313F0020013FCED3FFF030F13C0030313
F0030013FCEE1FFF040713C0040113F09338007FFCEF1FFF050713C0050113F09438007F
FCF01FFF060713C0060113F89538007FFC191FA2197F953801FFF8060713C0061F1300F0
7FFC943801FFF0050713C0051F90C7FCEF7FFC933801FFF0040713C0041F90C8FCEEFFFC
030313F0030F13C0033F90C9FCEDFFFC020313F0020F1380DA3FFECAFCECFFF8010313E0
010F1380D93FFECBFCEBFFF8000313E0000F1380D83FFECCFCEAFFF813E0138048CDFC12
78464477BA59>62 D<156015F0A34A7EA64A7EA64A7E00401720D8FFC0ED3FF0D9FF87EB
1FFF91B7FC6C17E0001F17800007EEFE00000116F86C6C15E0011F158001074AC7FC0101
14F86D5C6E5BA291B57EA24980A249EB9FFC150F49486C7EECFC0349486C7E4A7E49486D
7E4A133F49486D7E91C7120F013E1407496E7E0178140101306E5A34327EB139>I
E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fg cmex10 10 12
/Fg 12 126 df<EE03C0160F163F167F923801FF004B5A4B5AED0FF04B5A4B5A4B5A4BC7
FC5C5D4A5A14075D4A5AA2141F5DA24A5AA44A5AB3B3B3B214FF92C8FCA35B5CA2495AA2
5C13075C130F495A5C133F495A49C9FC485A485A485A485AEA1FC0485AB4CAFC12FCA2B4
FCEA3F806C7EEA0FF06C7E6C7E6C7E6C7E6D7E6D7E131F806D7E130780130380A26D7EA2
807FA381147FB3B3B3B26E7EA46E7EA281140FA26E7E8114036E7E81806F7E6F7E6F7E6F
7EED07FC6F7E6F7E9238007FC0163F160F16032AF8748243>40 D<EC01F01407140F143F
147F903801FFC0491380491300495A495A495A495A5C495A485B5A91C7FC485AA2485AA2
485AA2123F5BA2127F5BA412FF5BB3B3A71C4B607E4A>56 D<EAFFC0B3B3A77F127FA47F
123FA27F121FA26C7EA26C7EA26C7E807E6C7F6D7E806D7E6D7E6D7E6D7E6D13806D13C0
9038007FF0143F140F140714011C4B60804A>58 D<EC1FF8B3B3A7143F15F0A4EC7FE0A3
15C014FFA2491380A215005B5C1307495A5C131F495A5C495A495A4890C7FC485A485A48
5A485AEA7FE0EAFF8090C8FC12FCB4FC7FEA7FE0EA1FF06C7E6C7E6C7E6C7E6C7F6D7E6D
7E806D7E130F806D7E1303807F1580A26D13C0A2147F15E0A3EC3FF0A415F8141FB3B3A7
1D9773804A>60 D<EAFFC0B3A90A1B60804A>62 D<0078EF078000FCEF0FC0B3B3B3B3A4
BAFCA47E6C18803A537B7F45>70 D<0078EF078000FCEF0FC0B3B3B3A46C171F007E1880
A2007F173F6C1800A26D5E001F177E6D16FE6C6C4B5A6D15036C6C4B5A6C6C4B5A6C6C4B
5A6C6C6CEC7FC06D6C4A5AD93FF8010790C7FC6DB4EB3FFE6D90B55A010315F06D5D6D6C
1480020F01FCC8FC020113E03A537B7F45>83 D<913801FFE0020F13FC027FEBFF8049B6
12E04981010F15FC499038003FFED93FF8EB07FFD97FC001007F49486E7E4848C8EA1FE0
48486F7E48486F7E48486F7E49150148486F7E49167E003F177F90CA7EA2481880007E17
1FA200FE18C048170FB3B3B3A40078EF07803A537B7F45>I<EE7F80ED0FFF157F4AB5FC
140F143F5C49B6FC13075B4991C7FC4913E090B5C8FC4813F84813E014804848C9FC485A
EA1FF0485A5B485A48CAFCA25A5A5A291B838925>122 D<B4FC13F813FF14C014F814FE
8015C015F081C66C7F01037F9039007FFF80020F7F02037F1400ED3FF06F7EED07FC6F7E
15016F7EEE7F80A2163F161F160F291B818925>I<12F87E7E7EA26C7E6C7E7F6C7EEA0F
FC6C7E6C6C7E14E06C13F86C13FF013F13E06D13FF6DECFF807F13016D7E80140F14016E
7E150FED007F291B839A25>I<EE0F80161F163F167FA2EEFF004B5A15034B5AED1FF84B
5AEDFFE01403020F5B027F5B902603FFFEC7FC017F5BB65A5D15C092C8FC5C14F814C091
C9FC13F890CAFC291B819A25>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fh lasy10 12 2
/Fh 2 51 df<127012FCB4FC13C013F0EAF7FCEAF1FF38F07FC0EB1FF0EB07FCEB01FF90
38007FC0EC1FF0EC07FE913801FF809138007FE0ED1FF8ED03FE923800FF80EE3FE0EE0F
F8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00FF0A2F03FE0F0FF80
943803FE00EF0FF8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EEFF80DB03FEC8FCED1FF8
ED7FE0913801FF80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FCEB1FF0EB7FC0D8F1FFCB
FCEAF7FCEAFFF013C090CCFC12FC12703C3A78B54D>3 D<003FB9FC481880BAFCA200F0
CA1207B3B3ADBAFCA37E393977BE4A>50 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fi cmsy8 8 6
/Fi 6 85 df<B812C0A32A037A9137>0 D<130C131EA50060EB01800078130739FC0C0F
C0007FEB3F80393F8C7F003807CCF83801FFE038007F80011EC7FCEB7F803801FFE03807
CCF8383F8C7F397F0C3F8000FCEB0FC039781E078000601301000090C7FCA5130C1A1D7C
9E23>3 D<137813FE1201A3120313FCA3EA07F8A313F0A2EA0FE0A313C0121F1380A3EA
3F00A3123E127E127CA35AA35A0F227EA413>48 D<171017F0160116031607A2160FA216
1F161B163B1633167316E3A2ED01C316831503EE03F81507150E1601151C1538A2157015
E0A2EC01C0EC038083EC0700140E92B5FC141F5C5C0270C77E5C495AD82003157E387007
80D8780FC8127FEAFE3ED8FFFE160449ED3F9C4916F86C4816E06C48ED1FC06C48ED0E00
0007CBFC36337EAF38>65 D<496C13FC0107EB07FF011F011F1380017F017F13C03B01FF
81E07FE03A039F03801F3A021F0F000F26003F1E13075C4A14C014F84AEB0F804A14004A
131E017F14384A5B4B5A9138000F80033EC7FC9038FE01FF020713E0021F13F849487F91
38001FFE4848EB03FF1500EE7F8049143FA20003151FA25BA21207491500A2000F153E5B
5E001F1578013C5C01FEEB01C03A3FFFC01F80003ED9FFFEC7FC486C13F8D8703F13C026
C007FCC8FC2B2F7EAD2E>I<180C183C0107B712F8011F16E0017F16C048B81200270380
007CC8FC000FC712FC121E123E007E495A127C12FC12F000C0495AC7FCA34A5AA44A5AA4
4A5AA4143F92C9FCA4147EA3147C14FCA25C1301A25C13035CA2495A5C010ECAFC130836
347DAE27>84 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fj cmbx12 17.28 43
/Fj 43 122 df<94387FFF80041FB512F04BB612FC030F81037F6F7E4AB5D8E0077F4A49
C76C7E020F01F0EC1FF04A01C0147F4A90C8487E4A485C4A484A7F49495C495BA2495B4E
7F49705B5DA3725B725B725B735A96C9FCAB0503B512FEBBFCA6D8000F01E0C7120184B3
B3AF003FB6D8F803B71280A651657DE45A>12 D<EA01FCEA07FF4813804813C04813E048
13F0A2B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FC151574942D>46
D<16F04B7E1507151F153FEC01FF1407147F010FB5FCB7FCA41487EBF007C7FCB3B3B3B2
007FB91280A6395D74DC51>49 D<913801FFF8023FEBFFC049B612FC010715FF011F16C0
4916F09026FFFC0180489026C0003F13FE4890C7000F7FD807FC0203148048486E14C048
486E14E0496F13F0D83FFC816D17F8486C816E6E13FCB57E19FE6E80A219FFA283A36C5B
A26C5B6C90C8FCD807FC5DEA01F0CA14FEA34D13FCA219F85F19F04D13E0A24D13C01980
94B512004C5B604C5B4C5B4C5B604C5B4C48C7FC4C5A4C5A4B13E04B5B4B5B4CC8FC4B5A
4B5A4B5ADB7FC0143F4B5A4A90C8FC4A5A4A48157EEC0FF04A5A4A5A4A5A4AC912FEEB01
FC495A4948ED01FC4948150749B8FC5B5B90B9FC5A4818F85A5A5A5A5ABAFCA219F0A440
5D78DC51>I<92B5FC020F14F8027F14FF49B712E001078249D9C01F13FC90273FFC0003
7FD97FE001007FD9FF806E7F4848C86C7F6D834801C06E7F487F6E826E80486D82A4805C
A37E4A4A5B6C5B6C5B6C495E011FC85A90C95CA24D5B6194B5FC4C91C7FC604C5B4C13F0
041F5B047F1380030FB5C8FC020FB512FC17E0178017F8EFFF8091C7001F13E0040313F8
7013FE706C7E7113C0717F85717F85838585A2711480A31AC0A2EA03FCEA0FFF487F487F
487FA2B57EA21A80A35F1A005C6C604A5C616C494A5B49C8FCD81FF84B5B6C6C4B5B6CB4
6C91B55A6C01F001035C6C9026FF801F49C7FC6C6C90B65A6D16F0010F16C0010193C8FC
D9003F14F0020149C9FC425E79DC51>I<F01F804E7E187F18FFA25F5F5F5FA25F5F5FA2
94B5FC5E5E5EA25E5EEE3FBFEE7F3FA216FEED01FCED03F8ED07F0A2ED0FE0ED1FC0ED3F
8016005D15FE4A5A4A5AA24A5A4A5A4A5A4A5AA24AC7FC14FE495A5C1303495A495A495A
5C133F49C8FC13FE485AA2485A485A485A5B121F485A48C9FC12FEBCFCA6CA6CEBC000B1
037FB8FCA6485E7CDD51>I<01C0EE01C0D801F8160F01FF167F02F0EC07FFDAFF8090B5
FC92B712801900606060606060604DC7FC5F17F017C04CC8FC16F8D9FC7F90C9FC91CBFC
AEED3FFF0203B512F0021F14FE027F6E7E01FDB712E090B5D8E00F7F9126FC000313FC02
F001007F02C06E7E91C86C13804917C0496F13E05B6C486F13F090C9FC19F8A219FC8319
FEA419FFA3EA03F0EA0FFC487E487E487FA2B57EA319FEA35C4D13FC6C90C8FC4917F85B
D83FF04B13F013806C6C17E06D4B13C06C6C4B13806C6C92B51200D803FE4A5B6C6C6C49
5B6C01E0011F5BD97FFE90B55A6DB712C06D5E01074BC7FC010115F0D9003F1480020301
F0C8FC405E78DC51>I<EE1FFF0303B512E0031F14F892B612FE020381020FD9F8037F4A
9039C0007FC0027F90C7EA1FE0DAFFFC6E7E4901F014074949EC7FF8494914FF49495B49
90C7487F5B49485C495AA2485BA25A48496E5BA248705B715B4A6F5A4894C8FCA35AA25C
5A923801FFE0030F13FE033F6D7E4B14E002C1B612F8B526C3FE037F913AC7F0007FFF03
C0011F7FDACF806D7F02DFC76C7F02DE6E7F14FE4A6E7F854A82A24A8283A24A1780A41A
C05CA27EA77EA3806C1980A37E1A007E5F6C6D5EA26C606E4A5B7E6D6C4A5B6E5E6D6C4A
5B6D6D495B6D01E0017F90C7FC01039039FC03FFFE6D90B612F86D5E023F15C0020F92C8
FC020114FCDA001F1380425E79DC51>I<EA01FCEA07FF4813804813C04813E04813F0A2
B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FCC8FCB3A4EA01FCEA07FF481380
4813C04813E04813F0A2B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FC154074
BF2D>58 D<F00FE04E7EA24E7EA34E7EA24E7EA34D7FA24D80A24D80A34D80A24D80A34D
80A2DD7FBF7FA2181F05FF8017FE04016D7FA24D7E04038217F804076D80A24D7E040F82
17E0041F6D80A24D7F043F825F047F6E7FA294C77E4C825E03016F7FA24C800303845E03
076F80A24C80030F845E031F6F80A24C81033F845E037F707F93B9FCA292BA7EA24A85A2
03FCC912070203865D020771805D86020F864B82021F865D87023F864B83027F8692CBFC
874A864A840101875C0103738090381FFFC0B700E092B812FEA66F647BE37A>65
D<BB12F0F2FF801BF81BFEF3FFC088D800010280C814F8081F7F080713FF748074808675
7F757FA2757FA28987A289A965A263656365636598B55A505C5091C7FC505B081F5B087F
13F04FB512C096B6C8FC93B812F81BC01BF8F3FF801CE00480C8001F13F8080313FE746D
7E746C7F757F757F89757F757F89871E80A27514C0A41EE087A663A21EC0A3631E80A251
14006365515B63515B98B55A08035C080F5C97B6C7FCBD5A1CF81CE099C8FC1BF898C9FC
63627AE173>I<942601FFFEED03C0057FD9FFF01407040FB600FE140F047FDBFFC0131F
0303B800F0133F030F05FC137F033F9127F8007FFE13FF92B548C73807FF81020302F002
0113C34A02809138003FF7021F49C96CB5FC4A01F816074A01E08291B54816004991CB7E
494984494984495B494984498649498490B55A88485C884891CDFC481C7F5C5A1D3F5C5A
A21D1F485BA34899C7FCA35CA2B5FCB07EA280A37EA2F50FC06C7FA37E801D1F6C1D8080
7E6C6E193F1E006C6E611D7E6D6D19FE6D6D616D1A016D6D4E5A6D6D18076D6D4E5A6D6D
6C4D5A6D6E4D5A6E6D4D5A6E01F84C48C7FC6E01FEEE07FE02076D6CED1FFC6E02F0ED7F
F0020002FE913803FFE0033FD9FFF8013F1380030F91B7C8FC030317FCDB007F16E0040F
1680DC007F02F8C9FC050191CAFC626477E275>I<BB12E0F2FF801BF01BFE757E1CF0D8
00010280C7000780DF003F13FE08076D7E080180746C7F091F7F7513FC757F09017F878A
767F767F888A767FA2767FA2767FA28A881F80A37614C0A41FE0A5891FF0B09AB512E0A5
1FC0A4521480A31F006466A2525BA2525BA2525B525BA2525B99B55A5191C7FC515B515B
091F5B097F5B50B512C008075C083F91C8FC0707B512FCBD12F01CC051C9FC1BF81B8008
E0CAFC6C627AE17C>I<BD12FCA488A2D8000102C0C71201F1000F1A01F2007F1B3F1B0F
1B07757EA28787A288A3F43F80A31C1FA3197EA3F40FC0A499C7FC19FEA31801A2180318
07181F18FF93B6FCA6EEC000181F180718031801A21800A21D7E197EA21DFCA696C81201
1DF8A31C03A3F407F0A31C0FA21C1F1C3F1DE01C7F1CFF63631B0F093F13C098B5FC1A07
97B6FCBEFCA31D80A35F617AE06A>I<BD12E0A41CF0A2D8000102C0C71207F1003F1A0F
1A031A001B7F1B3FF31FF81B0FA21B07A21B03A21B011CFCA31B00A419FCA21C7EA41C00
A21801A31803A21807180F183FEF01FF93B6FCA6EEC001EF003F180F18071803A21801A3
1800A896C9FCB3A5B912F8A657617AE065>I<B700E0040FB712808282A28282D800016E
DC000101FCC7FC719338001FC0A283838302FD8014FC6F7F6F7F836F80816F806F80846F
806F8082707F8470807080827080857080708083717F8571807180837180718086718084
727F727F8772807280847280877280737F85737F1C807314C07314E0857314F07314F81C
FC7413FE867413FF74149F1DDF7414FF868686A287878787A287878787A28888888888A2
8890261FFFC084B700F8831D7FA21D3F1D1F775A71627AE17E>78
D<BB7E1AFCF2FFC01BF81BFE757ED800010280C7001F80070114F0DF003F7F080F7F747F
747F7414807414C0A27513E0A21DF0A27513F8A41DFCA91DF8A45113F0A21DE0A298B512
C01D8062501400505B505B083F5B4FB512E0071F5C93B9C7FC1BFC1BF01B8008F0C8FC04
C0CCFCB3B3A2B97EA65E627AE16E>80 D<DBFFFEEC01E0020FD9FFE01303027F02FC1307
49B7EA800F010716E0011FEEF01F49D9C007EBFC3F4948C7383FFE7FD9FFF00207B5FC48
4914014801806E7E4890C97E48170F4982001F834982123F844848177FA2193FA200FF18
1FA36D170FA27FA26D17078080806E93C7FC6C13FCECFF8015F86CECFFC016FC6CEDFFE0
17FE6CEEFFE018F86C17FE6C717E6C846C18F06D836D836D836D83010318807F6D6C17C0
020F17E01401DA000F16F01500040715F8EE007F050314FC1700183F84060713FE84A200
7C8300FC83A2197FA3193F7EA21AFC7EA36D18F86D177FA26D18F06D17FF6D18E06D5E6D
18C06D6C4B138002E05D02F84B130002FEED3FFE9026CFFFE0ECFFFC018701FF010713F0
010191B65A486C6C5E021F93C7FC48010315FC48D9007F14E048020149C8FC476477E25A
>83 D<001FBEFCA64849C79126E0000F148002E0180091C8171F498601F81A0349864986
A2491B7FA2491B3F007F1DC090C9181FA4007E1C0FA600FE1DE0481C07A5CA95C7FCB3B3
B3A3021FBAFCA663617AE070>I<B800F8011FB80203B7FCA6D8000F91C9000102E0CAEB
FE006D72F207F0707260230F6D73627072171F6D6A708277173F6D7397C7FC70846B6E72
197E707217FE6E726170855118016E6870731503636E68704C6E15076E68718451180F6E
DE7E7F607172151F6E06FE61714B7E08016F153F6E4E6C95C8FC71840803616F4D6C177E
7102076F15FE6F66714B7E080F7013016F4D6C5F7185081F18036F4D6C5F71023F701307
6F94C75F728450180F6F047E6E5E7272131F1AFE6F4C6E5EDEE00171133F6F4C6E93C9FC
06F084070361704B6E157E06F87213FE1907704B6E5DDEFC0F1881704B6E5D06FE19C107
1F18C3704B6E5DDEFF3F18E7706407BFC9FC07FF18FF704A705CA3704A705CA27099CAFC
4F82A27149705BA37149705BA27149705BA37149705BA37190CB5BA27148725AA3714872
5A714872CBFCA0637DE1A7>87 D<913807FFFC91B612E0010715FC011F15FF4916C09027
7FFC003F7FD9FFC0010F7F4801F001037F486D6D7F707F486D6E7E85717FA2717FA36C49
6E7FA26C5B6C5BEB3F8090C9FCA70303B6FC92B7FC140F147F0103B5EAFE0F010F148001
3FEBFC004913E048B512804849C7FC485B4813F05A5C485B5A5CA2B5C8FCA45FA25F806C
5E806C16FB6ED903F37F6C6DD907E313FF6C01FCD91FC114FE6C9027FF80FF8114FF0001
91B5C6FC6C6C4A7F011F02F8131F010302E0010313FE9026003FFECAFC48437BC14E>97
D<903807FF80B6FCA6C6FC7F7FB3A8EFFFF8040FEBFF80047F14F00381B612FC038715FF
038F010014C0DBBFF0011F7FDBFFC001077F93C700017F4B6E7F03F86F7E4B6F7E4B1780
4B6F13C0A27313E0A27313F0A21BF8A37313FCA41BFEAE1BFCA3611BF8A31BF0611BE0A2
4F13C06F17804F13006F5D6F4B5A6F4A5B4AB44A5B4A6C6C010F5B9126F83FE0013F13C0
9127F00FFC01B55A4A6CB648C7FCDAC00115F84A6C15E091C7001F91C8FC90C8000313E0
4F657BE35A>I<92380FFFF04AB67E020F15F0023F15FC91B77E01039039FE001FFF4901
F0010113804901C0010713C049494913E0017F90C7FC49484A13F05C485B5A485BA2485B
7113E05A4A6E13C048701380943800FE0095C7FC5A5CA3B5FCAE7E80A37EA2806C18FCA2
6C6D150119F86C7F6C17036EED07F06C6D16E06C6D150F6D6DEC1FC06D6DEC7F806D01F0
ECFF00010701FCEB03FE6D9039FF803FFC010091B512F0023F5D020F1580020102FCC7FC
DA000F13C03E437BC148>I<F17FF8050FB5FCA6EF000F8484B3A892380FFF804AB512F8
020F14FE023FECFF8391B712E301039138007FF34901F8EB0FFB011F01E00103B5FC4901
8013004990C87E4948814849814849814A815A485BA25A5C5AA35A5CA3B5FCAE7EA46C7F
A37EA26C7FA26C6D5DA26C6D5D6C5F6C6D5D6D6C92B5FC6D6C0203806D01C049806D01F0
D91FF7EBFFFE6D9039FE01FFE7010190B612876D6CECFE07021F14F8020314E09127003F
FE00ECC0004F657BE35A>I<92380FFFC04AB512FC020FECFF80023F15E091B712F80103
D9FE017F499039F0003FFE4901C0EB0FFF4990C76C7F49486E7F49486E7F49486E7F4884
4849157F48844A153F48845A4A151F855AA3485B721380A3B5FCA291B9FCA41A000280CB
FCA67EA3807EA37E6E160F6CF01F80A26C6D163F6C19006E5E6C6D16FE6C606D6C15016D
6C6CEC07F86D6D4A5A6D01F0EC3FE0010301FC49B45A6D9026FFC01F90C7FC6D6C90B55A
021F15F8020715E0020092C8FC030713F041437CC14A>I<EE3FFC0307B51280033F14C0
4AB612F0020715F84A9038F03FFC4AEB807F913A7FFE00FFFE4A5A4B4813FF4913F05B49
13E0A24913C0A27013FE4949EB7FFCEF3FF8EF1FF0EF07C094C7FCB0B812C0A6D8001F01
C0C8FCB3B3B0007FB612FCA638657CE431>I<DBFFFEEC0FF8020FD9FFE0EBFFFE027FDA
FC037F49B7000F1480010793B6FC49D9F01F02F913C049D9800314814948C7EBFC034948
027F7F4948EC3FFE4805FF14804A6E6D130048F0803E97C7FC48496E7FA34884A96C60A3
6C6D4A5BA26C95C8FC6E5C6C5F6D6C4A5A6D6C4A5A90271FFF80035BDBF01F5B4990B65A
4993C9FCD97C7F14FCD9FC0F14E049C649CAFC000191CCFCA37FA212037F6C7E8014E091
B77E18FEF0FFC06C18F019FC6D17FF6D84866D846D84013F8448BAFC48854801E0C71201
4890C9000F7F484816014848EE007F4848717E8512FF5B85A56D5F007F616D173F003F61
6D177F6C6C4D5A6C01C003035B6C6D4B5B6C01F8031F5BC601FF92B5C7FC6D01F8011F5B
011F90B712F8010717E0010094C8FC020F15F0DA003F01FCC9FC4A5F7CC051>I<903807
FF80B6FCA6C6FC7F7FB3A8EF1FFF94B512F0040714FC041F14FF4C8193267FE07F7F9227
81FE001F7FDB83F86D7FDB87F07FDB8FC0814C7F039FC78015BE03BC8003FC825DA25DA2
5DA45DB3B2B7D8F007B71280A651647BE35A>I<EB0FE0EB3FF8497E497E487F4880A248
80A76C5CA26C91C7FC6C5B6D5A6D5AEB0FE090C9FCAF903807FF80007FB5FCA6C6FC7F7F
B3B3AEB712C0A622657BE42C>I<903807FF80B6FCA6C6FC7F7FB3A90503B61280A6DD00
3FEB8000DE0FF8C7FC4E5A4E5A4E5A4E5ADD03FEC8FC4D5A4D5A4D5A4D5AEFFF804C90C9
FC4C5A4C5A4C5AEE3FE04C5A4C7E158103837F038F7F039F7F15BF92B57E838415FC4B6C
7F4B6C7F03E080ED801F707F707F8482707F7080A2717F717F8583717F717F8583717F71
80868495B512F0B7D8E00FECFFF0A64C647BE355>107 D<903807FF80B6FCA6C6FC7F7F
B3B3B3B3ADB712E0A623647BE32C>I<902607FF80D91FFFEEFFF8B691B500F00207EBFF
80040702FC023F14E0041F02FF91B612F84C6F488193267FE07F6D4801037F922781FE00
1F9027E00FF0007FC6DA83F86D9026F01FC06D7F6DD987F06D4A487F6DD98FC0DBF87EC7
804C6D027C80039FC76E488203BEEEFDF003BC6E4A8003FC04FF834B5FA24B5FA24B94C8
FCA44B5EB3B2B7D8F007B7D8803FB612FCA67E417BC087>I<902607FF80EB1FFFB691B5
12F0040714FC041F14FF4C8193267FE07F7F922781FE001F7FC6DA83F86D7F6DD987F07F
6DD98FC0814C7F039FC78015BE03BC8003FC825DA25DA25DA45DB3B2B7D8F007B71280A6
51417BC05A>I<923807FFE092B6FC020715E0021F15F8027F15FE494848C66C6C7E0107
01F0010F13E04901C001037F4990C87F49486F7E49486F7E49486F7E48496F13804819C0
4A814819E04819F04A814819F8A348496F13FCA34819FEA4B518FFAD6C19FEA46C6D4B13
FCA36C19F8A26C6D4B13F0A26C6D4B13E06C19C06E5D6C19806C6D4B13006D6C4B5A6D6C
4B5A6D01C001035B010701F0010F13E06D01FE017F5B010090B7C7FC023F15FC020715E0
020092C8FC030713E048437CC151>I<902607FF80EBFFF8B6010FEBFF80047F14F00381
B612FC038715FF038F010114C09227BFF0003F7FC6DAFFC0010F7F6D91C76C7F6D490201
7F03F86E7F4B824B6F13804B6F13C0A27313E0A21BF0851BF8A2851BFCA47313FEAE4F13
FCA41BF861A21BF0611BE0611BC06F4B13801B006F92B5FC6F4A5B6F4A5B03FF4A5B7001
1F5B04E0017F13C09226CFFC03B55A03C7B648C7FC03C115F803C015E0041F91C8FC0403
13E093CBFCB3A3B712F0A64F5D7BC05A>I<DB0FFFEC01F04AB500E01303020F02F81307
023F14FE91B7130F01030280EB801F49903AFC001FC03F011F01F0EB0FE04901C0903803
F07F4949903801F8FF90B5C87E484992B5FC48498184485B48835C48835C5A845C5AA4B5
5AAE6C7FA47E80A27EA26C6D5D606C7F606C6D5D6C7F6C94B5FC6D6C5C6D6D13076D01E0
EB0FEF6D01F8EB3FCF6D9039FE01FF8F010190B6120F6D6C14FC021F14F0020314C09139
003FFE0092C8FCB3A3053FB612FCA64E5D7BC055>I<D90FFFEB0FFCB690383FFF8093B5
12E04B14F04B14F8923907FC7FFC92390FE0FFFEC6EC1F806DD93F0113FF6D133E157E15
7C15F8A215F07013FEA24BEB7FFCEF3FF8EF0FE04B90C7FCA55DB3B0B712F8A638417BC0
42>I<913A3FFF8007800107B5EAF81F011FECFE3F017F91B5FC48B8FC48EBE0014890C7
121FD80FFC1407D81FF0801600485A007F167F49153FA212FF171FA27F7F7F6D92C7FC13
FF14E014FF6C14F8EDFFC06C15FC16FF6C16C06C16F06C826C826C826C82013F1680010F
16C01303D9007F15E0020315F0EC001F1500041F13F81607007C150100FC81177F6C163F
A2171F7EA26D16F0A27F173F6D16E06D157F6D16C001FEEDFF806D0203130002C0EB0FFE
02FCEB7FFC019FB65A010F5DD8FE0315C026F8007F49C7FC48010F13E035437BC140>I<
EC07E0A6140FA5141FA3143FA2147FA214FF5BA25B5B5B5B137F48B5FC000F91B512FEB8
FCA5D8001F01E0C8FCB3AFEF0FC0AC171F6D6D1480A2173F6D16006F5B6D6D137E6D6D5B
6DEBFF836EEBFFF86E5C020F14C002035C9126003FFCC7FC325C7DDA3F>I<902607FFC0
ED3FFEB60207B5FCA6C6EE00076D826D82B3B3A260A360A2607F60183E6D6D147E4E7F6D
6D4948806D6DD907F0ECFF806D01FFEB3FE06D91B55A6E1500021F5C020314F8DA003F01
8002F0C7FC51427BC05A>I<B700C00103B512FCA6C66C01C0C8381FFE006D6DED07F0A2
6D6D5E190F6D6D5E191F6D606F153F6D95C7FC6F5DA26D6D157E19FE6D6E5C18016E5E70
13036E5E701307A26E6D5C180F6E6D5C181F6E6D5C183F6E93C8FC705BA26E6D13FEA26E
6E5A17816FEBC1F817C36F5C17E76F5C17FFA26F5CA26F5CA26F91C9FCA26F5BA36F5BA2
705AA2705AA2705AA2705A4E417DBF55>I<007FB600C0017FB512F8A6D8001F01F8C700
03EBE0006D040090C7FC6D6D4A5A6D6D4A5A6D6D4A5A70495A6D4C5A6E7F6E6D495A6E6D
495A7049C8FC6E4A5A6E6D485A6E6D485A6E13FFEF8FF06EEC9FE06FEBFFC06F5C6F91C9
FC5F6F5B816F7F6F7F8481707F8493B57E4B805D4B80DB0FF37FDB1FE17F04C080153F4B
486C7F4B486C7F4A486D7F4A486D7F4A5A4B6D7F020F6E7F4A486D7F4A486D804A5A4AC8
6C7F49486F7F4A6F7F0103707FEB3FFFB600F049B7FCA650407EBF55>120
D<B700C00103B512FCA6D8003F01C0C8381FFE006FED07F0A26D6D5E190F6D6D5E191F6D
6D5E193F6D95C7FC6F5D6D177E6F15FEA26D6E495AA26E6D5C18036E6D5C18076E5E7013
0F6E5E70131FA26E6D495AA26E6D91C8FC606E6D137E18FE6E5D17816F5C17C3A26FEBE7
F0A26FEBF7E017FF6F5CA26F5CA26F91C9FCA36F5BA26F5BA2705AA2705AA2705AA35FA2
5F163F94CAFC5E167E16FED807E05CD81FF81301487E486C495AA2B5495AA24B5A5E151F
4B5A6C4849CBFC15FEEBFC01393FF807FC391FF03FF06CB55A6C5C6C91CCFCC613FCEB1F
E04E5D7DBF55>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fk cmr10 10 36
/Fk 36 122 df<121C127FEAFF80A213C0A3127F121C1200A412011380A2120313005A12
06120E5A5A5A12600A19798817>44 D<121C127FEAFF80A5EA7F00121C0909798817>46
D<EB01C013031307131F13FFB5FCA2131F1200B3B3A8497E007FB512F0A31C3879B72A>
49 D<EB0FF0EB7FFE48B57E3903E03FE0390F000FF0000E6D7E486D7E486D7E12300070
6D7E126012FCB4EC7F807FA56CC7FC121CC8FCEDFF00A34A5A5D14035D4A5A5D140F4A5A
4A5A92C7FC147C5C495A495A495A495A91C8FC011EEB01805B5B49130348481400485A48
5A000EC75A000FB6FC5A5A485CB6FCA321387CB72A>I<EB07F8EB3FFF4913C03901F80F
F03903C007F848486C7E380E0001000F80381FE0006D7FA56C5A6C5AC85A1401A25D4A5A
A24A5A5DEC0F80027EC7FCEB1FFCECFF809038000FE06E7EEC01FC816E7EED7F80A216C0
A2153F16E0A2121EEA7F80487EA416C049137F007F1580007EC7FC0070ECFF006C495A12
1E390F8003F83907F00FF00001B512C06C6C90C7FCEB0FF8233A7DB72A>I<1538A3157C
A315FEA34A7EA34A6C7EA202077FEC063FA2020E7FEC0C1FA2021C7FEC180FA202387FEC
3007A202707FEC6003A202C07F1501A2D901807F81A249C77F167FA20106810107B6FCA2
4981010CC7121FA2496E7EA3496E7EA3496E7EA213E0707E1201486C81D80FFC02071380
B56C90B512FEA3373C7DBB3E>65 D<913A01FF800180020FEBE003027F13F8903A01FF80
7E07903A03FC000F0FD90FF0EB039F4948EB01DFD93F80EB00FF49C8127F01FE153F1201
4848151F4848150FA248481507A2485A1703123F5B007F1601A35B00FF93C7FCAD127F6D
ED0180A3123F7F001F160318006C7E5F6C7E17066C6C150E6C6C5D00001618017F15386D
6C5CD91FE05C6D6CEB03C0D903FCEB0F80902701FF803FC7FC9039007FFFFC020F13F002
011380313D7BBA3C>67 D<B648B512FEA30001902680000313006C90C76C5AB3A491B6FC
A391C71201B3A6486D497EB648B512FEA337397DB83E>72 D<B649B5FCA3000101809038
007FF06C90C8EA3F80053EC7FC173C17385F5F4C5A4C5A4CC8FC160E5E5E5E5E4B5AED07
80030EC9FC5D153E157E15FF5C4A7F4A6C7E140E4A6C7E4A6C7E14704A6C7E4A6C7E1480
4A6C7E6F7EA26F7F707EA2707E707EA2707EA2707E707EA2707E707F8484486D497FB601
1FEBFF80A339397DB841>75 D<B612E0A3000101C0C8FC6C90C9FCB3AD1718A517381730
A31770A317F0A216011603160FEE1FE0486D13FFB8FCA32D397DB834>I<B712C016F816
FE000190398001FF806C90C7EA3FC0EE0FE0EE07F0EE03F817FC17FE1601A217FFA717FE
A2EE03FCA2EE07F817F0EE0FE0EE3FC0923801FF0091B512FC16F091C9FCB3A5487FB6FC
A330397DB839>80 D<B612FEEDFFE016F8000190388007FE6C90C76C7EEE3FC0707E707E
707EA2707EA283A65FA24C5AA24C5A4C5AEE3F8004FFC8FCED07FC91B512E05E9138000F
F0ED03F8ED00FE82707E707EA2161F83A583A6F00180A217F8160F1803486D01071400B6
6D6C5A04011306933800FE0ECAEA3FFCEF07F0393B7DB83D>82 D<D90FF813C090383FFE
0190B512813903F807E33907E000F74848137F4848133F48C7121F003E140F007E1407A2
007C140312FC1501A36C1400A37E6D14006C7E7F13F86CB47E6C13F8ECFF806C14E06C14
F86C14FEC680013F1480010714C0EB007F020713E0EC007FED3FF0151F150FED07F8A200
C01403A21501A37EA216F07E15036C15E06C14076C15C06C140F6DEB1F80D8FBF0EB3F00
D8F0FE13FE39E03FFFF8010F13E0D8C00190C7FC253D7CBA2E>I<003FB812E0A3D9C003
EB001F273E0001FE130348EE01F00078160000701770A300601730A400E01738481718A4
C71600B3B0913807FF80011FB612E0A335397DB83C>I<B6903807FFFEA3000101809038
007FE06C90C8EA1F80EF0F001706B3B2170E6D150C80171C133F17186D6C14385F6D6C14
F06D6C5C6D6C495A6D6CEB07806D6C49C7FC91387F807E91381FFFF8020713E09138007F
80373B7DB83E>I<007FB590383FFFFCA3C601F801071380D97FE0D903FCC7FC013FEC01
F06D6C5C5F6D6C5C6D6C13034CC8FC6D6C1306160E6D6C5B6DEB8018163891387FC0306E
6C5A16E06E6C5A91380FF18015FB6EB4C9FC5D14036E7EA26E7F6F7EA24B7E15DF913801
9FF09138038FF8150F91380607FC91380E03FE140C4A6C7EEC38000230804A6D7E14E04A
6D7E49486D7E130391C76C7E01066E7E130E010C6E7E011C1401013C8101FE822607FF80
010713E0B500E0013FEBFF80A339397EB83E>88 D<EB1FE0EBFFFC3803E03F3907000F80
390F8007E0486C6C7E13E06E7EA26E7E6C5A6C5AC8FCA4147FEB07FFEB3FE0EBFE00EA03
F8EA0FF0EA1FC0123F485A90C7FC160C12FEA31401A26C13036CEB077C903980063E1838
3FC01E3A0FE0781FF03A03FFF00FE03A007F8007C026277DA52A>97
D<EA03F012FFA3120F1203B0EC1FE0EC7FF89038F1E03E9039F3801F809039F7000FC001
FEEB07E049EB03F049EB01F85BED00FCA216FEA2167E167FAA167E16FEA216FC15016D14
F8ED03F07F01EEEB07E001C6EB0FC09039C7801F00903881E07E903800FFF8C7EA1FC028
3B7EB92E>I<EB03FC90381FFF8090387E03E03901F80070484813F83907E001FC380FC0
03A2EA1F80123F90380001F848EB00F01500A2127E12FEAA127E127FA26C14067F001F14
0E6D130C000F141C6C6C13386C6C13706C6C13E039007C07C090381FFF00EB07F81F277D
A525>I<ED0FC0EC03FFA3EC003F150FB0EB03F8EB1FFF90387E078F9038F801EF3903F0
007F4848133F4848131FA24848130F123F90C7FC5AA2127E12FEAA127E127FA27EA26C6C
131FA26C6C133F6C6C137F6C6CEBEFF03A01F801CFFF39007C078F90381FFE0FD907F813
C0283B7DB92E>I<EB07F8EB1FFF90387C0FC03901F803E03903F001F0D807E013F8380F
C0004848137CA248C7127E153E5A153F127E12FEA3B7FCA248C8FCA5127EA2127FA26C14
037F001F14076C6C13060007140E6D131CD801F013386C6C137090387E03E090381FFF80
903803FC0020277EA525>I<147E903803FF8090380FC1E0EB1F8790383F0FF0137EA213
FCA23901F803C091C7FCADB512FCA3D801F8C7FCB3AB487E387FFFF8A31C3B7FBA19>I<
ED03F090390FF00FF890393FFC3C3C9039F81F707C3901F00FE03903E007C03A07C003E0
10000FECF000A248486C7EA86C6C485AA200075C6C6C485A6D485A6D48C7FC38073FFC38
060FF0000EC9FCA4120FA213C06CB512C015F86C14FE6CECFF804815C03A0F80007FE048
C7EA0FF0003E140348140116F8481400A56C1401007C15F06CEC03E0003F1407D80F80EB
0F80D807E0EB3F003901FC01FC39007FFFF0010790C7FC26387EA52A>I<EA03F012FFA3
120F1203B0EC0FF0EC3FFCECF03F9039F1C01F809039F3800FC0EBF70013FE496D7EA25B
A35BB3A3486C497EB500C1B51280A3293A7EB92E>I<EA0380EA0FE0487EA56C5AEA0380
C8FCAAEA03F012FFA312071203B3AA487EB512C0A312387EB717>I<EA03F012FFA3120F
1203B1913801FFFCA39138007FC01600157C15705D4A5A4A5A4AC7FC141E1438147814FC
13F1EBF3FEEBF73F01FE7FEBF81F496C7E8114076E7E6E7E811400157E157F811680ED1F
C0486CEB3FF0B500C0B5FCA3283A7EB92C>107 D<EA03F012FFA3120F1203B3B3AD487E
B512C0A3123A7EB917>I<2703F00FF0EB1FE000FFD93FFCEB7FF8913AF03F01E07E903B
F1C01F83803F3D0FF3800FC7001F802603F70013CE01FE14DC49D907F8EB0FC0A2495CA3
495CB3A3486C496CEB1FE0B500C1B50083B5FCA340257EA445>I<3903F00FF000FFEB3F
FCECF03F9039F1C01F803A0FF3800FC03803F70013FE496D7EA25BA35BB3A3486C497EB5
00C1B51280A329257EA42E>I<EB03FE90380FFF8090383E03E09038F800F84848137C48
487F48487F4848EB0F80001F15C090C712074815E0A2007EEC03F0A400FE15F8A9007E15
F0A2007F14076C15E0A26C6CEB0FC0000F15806D131F6C6CEB3F006C6C137EC66C13F890
387E03F090381FFFC0D903FEC7FC25277EA52A>I<3807E01F00FFEB7FC09038E1E3E090
38E387F0380FE707EA03E613EE9038EC03E09038FC0080491300A45BB3A2487EB512F0A3
1C257EA421>114 D<EBFF03000313E7380F80FF381E003F487F487F00707F12F0A2807E
A27EB490C7FCEA7FE013FF6C13E06C13F86C7F00037FC67F01071380EB007F141F00C0EB
0FC01407A26C1303A37E15806C13077EEC0F00B4131E38F3C07C38E1FFF038C03F801A27
7DA521>I<1318A51338A31378A313F8120112031207001FB5FCB6FCA2D801F8C7FCB215
C0A93800FC011580EB7C03017E13006D5AEB0FFEEB01F81A347FB220>I<D803F0EB07E0
00FFEB01FFA3000FEB001F00031407B3A4150FA3151F12016D133F0000EC77F86D9038E7
FF8090383F03C790381FFF87903A03FC07E00029267EA42E>I<B53A1FFFE03FFEA3260F
F8009038000FF86C48017EEB03E018C00003023EEB0180A26C6C013FEB0300A36C6CEC80
06156FA2017E9038EFC00C15C7A2D93F016D5A15830281EBF038D91F831430150102C3EB
F87090260FC6001360A2D907E66D5A02EC137CA2D903FCEB7F804A133FA2010192C7FC4A
7FA20100141E4A130E0260130C37257EA33C>119 D<B538803FFEA33A0FF8000FF06C48
EB07C00003EC03806C7E16007F00001406A2017E5BA2137F6D5BA26D6C5AA2ECC070010F
1360A26D6C5AA214F101035BA2D901FBC7FCA214FF6D5AA2147CA31438A21430A2147014
60A25CA2EA7C0100FE5B130391C8FC1306EAFC0EEA701C6C5AEA1FF0EA0FC027357EA32C
>121 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fl cmbx10 10 6
/Fl 6 115 df<B500F80403B512F06E5EA26E5ED8007FF1E000A2D97BFF161EA201796D
5DA201786D5DA26E6C5DA36E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C141EA3
6E6D5BA26E6D5BA26F6C5BA26F6C485AA36F6C485AA26F6C485AA26F6C48C7FCA2923803
FF1EA36F13BCA26F13F8A2705AA2705AA213FCB500FC6D4848B612F0A2EE0F80EE070054
397DB85B>77 D<EB3FFE0003B512E0000F14F8391FF00FFE003FEB03FF6D6C7F6E7FA26F
7EA26C5A6C5AEA0380C8FCA2EC3FFF010FB5FC137F3901FFF87F00071380380FFE00EA3F
F85B485A12FF5BA415FF6D5A127F263FF00713F83B1FFC1FBFFFC0390FFFFE1F0003EBF8
0F39003FE0032A257DA42E>97 D<EE7F80ED7FFFA4150381AF903801FF81010F13F1013F
13FD9038FFC07F0003EB001FD807FC1307000F8048487F5B123FA2485AA312FFAA127FA2
7F123FA26C6C5B000F5C6C6C5B6C6C4913C02701FF80FD13FE39007FFFF9011F13E10103
13012F3A7DB935>100 D<EA01F0EA07FC487EA2487EA56C5AA26C5AEA01F0C8FCA913FF
127FA412077EB3A9B512F8A4153B7DBA1B>105 D<01FEEB7FC000FF903803FFF8020F13
FE91381F03FFDA3C011380000713780003497E6D4814C05CA25CA291C7FCB3A3B5D8FC3F
13FFA430257DA435>110 D<9038FE03F000FFEB0FFEEC3FFF91387C7F809138F8FFC000
075B6C6C5A5CA29138807F80ED3F00150C92C7FC91C8FCB3A2B512FEA422257EA427>
114 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fm cmr7 7 1
/Fm 1 50 df<13381378EA01F8121F12FE12E01200B3AB487EB512F8A215267BA521>49
D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fn cmr8 8 37
/Fn 37 122 df<9138FF807E01079038E1FF80903A1F807FC3C0D93E00EB87E049EBFF07
4913FE485A00039138FC018049017CC7FCAAB712FCA22703E0007CC7FCB3A6486C13FE3A
7FFF0FFFF0A22B2F7FAE29>11 D<14FF010713E090381F80F090383E003849137C4913FC
485A1203491378153092C7FCA7157CB612FCA23803E000157CB3A5486C13FE3A7FFF0FFF
E0A2232F7FAE27>I<EC0380B3A4B812FCA3C7D80380C7FCB3A42E2F7CA737>43
D<EB3FC0EBFFF03803E07C48487E48487E497E001EEB0780A2003E14C0A248EB03E0A500
FC14F0B0007C14E0A3007E1307003E14C0A36CEB0F806C14006D5A3807C03E3803F0FC38
00FFF0EB3FC01C2D7DAB23>48 D<130C133C137CEA03FC12FFEAFC7C1200B3B113FE387F
FFFEA2172C7AAB23>I<EB7F803801FFF0380780FC380E003F48EB1F8048EB0FC05A0060
EB07E012F000FC14F07E1403A3007C1307C7FCA215E0140F15C0141F1580EC3F00147E14
7C5C495A495A495A495A011EC7FC5B5B4913305B485A4848136048C7FC000E14E0001FB5
FC5A4814C0B6FCA21C2C7DAB23>I<EB3FC03801FFF03807C0FC380E007E487FEC1F8000
3F14C0A2EB800F1300A2000C131FC7FC1580A2EC3F00143E5C5CEB03F0EBFFC014F0EB00
FC143FEC1F8015C0140F15E0A2EC07F0A21238127C12FEA3EC0FE012F8006014C0007013
1F6C1480001EEB3F00380780FC3801FFF038007FC01C2D7DAB23>I<140EA2141E143EA2
147E14FEA2EB01BE1303143E1306130E130C131813381330136013E013C0EA0180120313
001206120E120C5A123812305A12E0B612FCA2C7EA3E00A9147F90381FFFFCA21E2D7EAC
23>I<000CEB0180380FC01F90B512005C5C14F014C0D80C7EC7FC90C8FCA8EB1FC0EB7F
F8380DE07C380F801F01001380000E130F000CEB07C0C713E0A2140315F0A4127812FCA4
48EB07E012E0006014C00070130F6C14806CEB1F006C133E380780F83801FFE038007F80
1C2D7DAB23>I<EB03F8EB0FFE90383E0780EBF8013901F007C03803E00FEA07C0EA0F80
A2391F00078091C7FC123EA2127EA2127CEB0FC038FC3FF0EBF07C38FDC01EB4487E0100
1380EC07C04814E0A214034814F0A4127CA3127EA2003E14E01407121E001F14C06CEB0F
803907801F003803C03E6C6C5A38007FF0EB1FC01C2D7DAB23>I<EB3F80EBFFF03803E0
783807C03E48487E48487E003E14801407007E14C0127C00FC14E01403A315F0A5007C13
07127EA2003E130F7E6C131F3807803B3803E0F33800FFC390383F03E013001407A215C0
A2140F001E1480003F14005C143E143C003E5B001C5B380E03E03807FF80D801FEC7FC1C
2D7DAB23>57 D<4A7E4A7EA34A7EA24A7EA3EC1BF81419A2EC30FCA2EC70FEEC607EA24A
7EA349486C7EA2010380EC000FA201066D7EA3496D7EA2011FB57EA29038180001496D7E
A349147EA201E0147F4980A20001ED1F801203000716C0D80FF0EC3FE0D8FFFC0103B5FC
A2302F7EAE35>65 D<B612FCEDFF803A03F8000FC00001EC03F06F7E6F7E82167E167FA6
167E16FE5E4B5A4B5AED0FE0ED7F8090B6C7FC16E09039F80003F0ED01FC6F7E167F8217
80161F17C0A61780163F17005E16FEED03FC0003EC0FF0B712C04BC7FC2A2D7DAC32>I<
B612F815FF3A03F8001FE00001EC03F0ED00F8167E82EE1F80160F17C0EE07E0A2EE03F0
A217F81601A317FCAA17F8A3EE03F0A217E0160717C0160FEE1F80EE3F00167E5EED03F0
0003EC1FE0B7128003F8C7FC2E2D7DAC36>68 D<B712FEA23903F800010001EC003E8282
82A282A3178016011518A293C7FCA31538157815F890B5FCA2EBF800157815381518A217
60A392C712C0A4160117801603A21607160F163F0003913801FF00B8FCA22B2D7EAC30>
I<B612FCEDFF803A03F8000FE00001EC03F0ED00F882167E167F821780A617005E167E5E
5EED03F0ED0FE090B6128003FCC7FC01F8C9FCB2487EB512F0A2292D7EAC30>80
D<90383F80303901FFF0703807C07C390F000EF0001E13074813034813011400127000F0
1470A315307EA26C1400127E127FEA3FE013FE381FFFE06C13FC6C13FF00011480D8003F
13E013039038003FF0EC07F81401140015FC157C12C0153CA37EA215787E6C14706C14F0
6CEB01E039F78003C039E3F00F0038E07FFE38C00FF01E2F7CAD27>83
D<B500C090380FFFC0A2D807FCC73803FE006C48EC00F800015E5F6C7E5F6D1401017E5D
A26D4AC7FCA26E5B011F140680010F5CA26D6C5BA26E133801031430A26D6C5BA26E13E0
01005C8091387E0180A26E48C8FCA21583EC1F86A2EC0FCCA215FC6E5AA26E5AA36E5AA2
6E5A322E7FAC35>86 D<EAFFE0A3EAE000B3B3B3A7EAFFE0A30B4379B114>91
D<EAFFE0A31200B3B3B3A712FFA30B437FB114>93 D<13FF000713C0380F01F0381C00F8
003F137C80A2143F001E7FC7FCA4EB07FF137F3801FE1FEA07F0EA1FC0EA3F80EA7F0012
7E00FE14065AA3143F7E007E137F007FEBEF8C391F83C7FC390FFF03F83901FC01E01F20
7D9E23>97 D<EB1FE0EB7FFC3801F01E3803E0073907C01F80EA0F80EA1F005A003EEB0F
00007E90C7FCA2127C12FCA9127EA215C07E6C130101801380380FC0033907E007003801
F03E38007FF8EB1FC01A207E9E1F>99 D<15F8141FA214011400ACEB0FE0EB7FF83801F8
1E3803E0073807C003380F8001EA1F00481300123E127EA25AA9127C127EA2003E13017E
EB8003000F13073903E00EFC3A01F03CFFC038007FF090391FC0F800222F7EAD27>I<EB
1F80EBFFF03803E0783807C03E380F801E381F001FEC0F80123E007E130715C0127C12FC
A3B6FCA200FCC8FCA5127EA2003E14C0123F6C1301390F80038001C013003803E00F3801
F03C38007FF8EB1FC01A207E9E1F>I<EB03F0EB0FFCEB3E1EEB7C3F13F8EA01F0A23803
E00C1400AAB512E0A23803E000B3A6487E387FFF80A2182F7FAE16>I<EA0780EA0FC0EA
1FE0A4EA0FC0EA0780C7FCA8EA07C012FFA2120F1207B3A5EA0FE0EAFFFCA20E2E7EAD14
>105 D<130FEB1F80EB3FC0A4EB1F80EB0F0090C7FCA8EB07C013FFA2130F1307B3AD12
30127838FC0F80A21400485AEA783EEA3FF8EA07E0123C83AD16>I<EA07C012FFA2120F
1207ADEC1FFEA2EC0FF0EC07C05D020EC7FC5C5C5C5CEBC3C013C7EBCFE0EBDFF013F9EB
F0F8497EEBC07E143E80816E7E14076E7E816E7E486C487E3AFFFE07FF80A2212E7EAD25
>I<2607C07FEB07F03BFFC3FFC03FFC903AC783F0783F3C0FCE01F8E01F803B07DC00F9
C00F01F8D9FF8013C04990387F000749137EA249137CB2486C01FEEB0FE03CFFFE0FFFE0
FFFEA2371E7E9D3C>109 D<3807C0FE39FFC3FF809038C703E0390FDE01F0EA07F8496C
7EA25BA25BB2486C487E3AFFFE1FFFC0A2221E7E9D27>I<EB1FE0EB7FF83801F03E3803
C00F3907800780390F0003C04814E0003EEB01F0A248EB00F8A300FC14FCA9007C14F8A2
6CEB01F0A26CEB03E0A2390F8007C03907C00F803901F03E0038007FF8EB1FE01E207E9E
23>I<3807C0FE39FFC7FF809038CF03E0390FDC01F03907F800FC49137E49133E49133F
ED1F80A3ED0FC0A8151F1680A2ED3F00A26D137E6D137C5D9038FC01F09038CE07E09038
C7FF80D9C1FCC7FC01C0C8FCA9487EEAFFFEA2222B7E9D27>I<380781F838FF87FEEB8E
3FEA0F9CEA07B813B0EBF01EEBE000A45BB0487EB5FCA2181E7E9D1C>114
D<3801FE183807FFB8381E01F8EA3C00481378481338A21418A27E7EB41300EA7FF06CB4
FC6C13C06C13F0000113F838001FFC130138C0007E143EA26C131EA27EA26C133CA26C13
7838FF01F038E3FFC000C0130017207E9E1C>I<1360A413E0A312011203A21207121FB5
12F0A23803E000AF1418A714383801F03014703800F860EB3FE0EB0F80152A7FA81B>I<
3AFFFC07FF80A23A0FF003FC000003EB01F0000114C06D485A000091C7FCEB7C06EB3E0E
6D5A14B8EB0FB0EB07E013036D7E497E1307EB067C497EEB1C1F01387FEB700F496C7E6E
7ED803C07F00076D7E391FE003FC3AFFF007FFC0A2221D7F9C25>120
D<3AFFFC01FFC0A23A0FE0007E000007147C1538000314306D137000011460A26C6C5BA2
EBFC01017C5BEB7E03013E90C7FCA2EB1F06A2148EEB0F8CA2EB07D8A2EB03F0A36D5AA2
6D5AA2495AA2130391C8FC1278EAFC06A25B131CEA7838EA7070EA3FE0EA0F80222B7F9C
25>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fo cmmi12 12 16
/Fo 16 122 df<EB01FCD907FF15E0011F13C0017F6DEB01C090B56C1480486E13032603
FE0715002707F000FC5B01C0017C130648C76C130E001E021E130C001C80003C6E131C00
381618486E1338EE8030006002011370176000E016E0C86D5A150016C15F16C394C7FC16
E316E71666166E166CA2167C1678A3167016F05EA35EA31501A25E1503A44BC8FCA35D15
0EA45DA45DA333417EAB33>13 D<1730A317701760A317E05FA316015FA3160394C8FCA3
5E1606A3160E160C013E1607D9FF80ED1F802603C3C0011CEB3FC0260703E01318260601
F0157F000E173F001C1538D818030230131F0038170F0030170700701570D86007026013
035CA2D8E00F02E0148000C049491301EA001F4A150303011500013F5C14006049010314
06017E91C7FC180E180C01FE49141C4901061418183860030E1460030C14E04D5A4D5A03
1C49C7FC0318130E017E5D5F6D01385B90261F80305BD90FC0EB03C0D907F0010FC8FC90
3901FE707C9039003FFFF002031380DA0060C9FC15E05DA314015DA3140392CAFCA35C14
06A3140E140C3A597DC43F>32 D<EC07FE91387FFFC049B512F0010714F890391FF003FE
49C7127E0178143E01E0140848481400485A90C9FC5A1206A412077EEB803E3901E7FFC0
39007FC1E014FFD801E75BD80380C8FC48C9FC120E5A5A5A1260A212E05AA4ED01806C14
036C150000705C0078140E003E143C391FC003F86CB512E000035CC649C7FCEB1FF0272F
7EAC2E>34 D<F101C04F7E190186A21900861A781A7C86A286747EA2747E747E87747E74
7E1B7E87F31F80F30FC0F307F0007FBC12F8BD12FEA27E571C7BB262>42
D<137EEA01FF1207EA0FFEEA1FC0EA3F00127C127812F85AA67E1278127C123FEA1FC0EA
0FFEEA07FF1201EA007E10187BAE1B>44 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A
0A78891B>58 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A3120113
80120313005A1206120E5A5A5A12600B1D78891B>I<F001C0F007E0181FF07FC0943801
FF00EF07FCEF1FF0EF7FC04C48C7FCEE0FFCEE3FF0EEFFC0030390C8FCED0FF8ED3FE0ED
FF80DA03FEC9FCEC1FF8EC7FE0903801FF80D907FECAFCEB1FF0EB7FC04848CBFCEA07FC
EA1FF0EA7FC048CCFCA2EA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FE903801FF
809038007FE0EC1FF8EC03FE913800FF80ED3FE0ED0FF8ED03FF030013C0EE3FF0EE0FFC
EE01FF9338007FC0EF1FF0EF07FCEF01FF9438007FC0F01FE01807F001C03B3878B44C>
I<127012FCB4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FE903801FF809038
007FE0EC1FF8EC03FE913800FF80ED3FE0ED0FF8ED03FF030013C0EE3FF0EE0FFCEE01FF
9338007FC0EF1FF0EF07FCEF01FF9438007FC0F01FE0A2F07FC0943801FF00EF07FCEF1F
F0EF7FC04C48C7FCEE0FFCEE3FF0EEFFC0030390C8FCED0FF8ED3FE0EDFF80DA03FEC9FC
EC1FF8EC7FE0903801FF80D907FECAFCEB1FF0EB7FC04848CBFCEA07FCEA1FF0EA7FC048
CCFC12FC12703B3878B44C>62 D<15C0A54A7EA84A7EA500FCEE0FC0D87FE0913801FF80
D81FFF91383FFE0000079039FBF7FFF8000190B612E0D8003F92C7FC010F14FC010314F0
010014C0023F90C8FC6E5AA24A7E4A7FA29138FF3FC0ECFE1F49486C7EECF80749486C7E
49486C7EECC0004948137C91C7123C49143E011E141E4980013880496E7E016014013230
81B031>I<91B87E19F019FC02009039C00007FF6F489038007FC003FFED1FE0737E93C8
6C7E737E19014A707E5D1A7FA20203EF3F805DA21BC014075DA3140F4B17E0A3141F4B17
C0A3143F4B167FA3027F18804B16FFA302FF180092C95A62A24917034A5F19076201034D
5A5C4F5A620107173F4A5F4FC7FC19FE010F4C5A4A15034E5AF00FE0011F4C5A4A4B5A06
FFC8FC013FED01FCEF0FF84AEC3FE001FF913803FF80B848C9FC17F094CAFC4B447CC351
>68 D<EC0FC0EC7FF0903901F8381C903907E01C7E90380FC00E90393F0007FE496D5A13
FE485A49130100035D485A120F491303001F5DA2485A1507007F5D5BA2150F00FF5D90C7
FCA2151F5E5AA2033F1330EE00701760A24B13E017C015FE007E130102031301003ED907
3E1380003F010E13036C011C14006C6C486C5A3A07C0F00F0E3A01FFC007FC3A007F0001
F02C2D7CAB33>97 D<01F8D903FCEC7F80D803FED91FFF903803FFE0D8071F903B7C0FC0
0F81F83E0E0F80E007E01C00FC001C9026C3C0030178137C271807C700D9F0E0137E02CE
902601F1C0133E003801DCDAFB80133F003001D892C7FCD90FF814FF0070495C0060495C
A200E04949485CD8C01F187E4A5C1200040715FE013F6091C75BA2040F14014960017E5D
1903041F5D13FE494B130762043F160E0001060F130C4992C713C0191F4CED801C00031A
1849027E1638F2003004FE167000071A60494A16E0F201C0030192380F0380000FF18700
494AEC03FED80380D90070EC00F84F2D7DAB55>109 D<01F8EB03FCD803FEEB1FFFD807
1F90387C0FC03B0E0F80E007E03A0C07C3C003001CD9C7007F001801CE1301003801DC80
003013D8EB0FF800705B00605BA200E0491303D8C01F5D5C12001607013F5D91C7FCA216
0F495D137E161F5F13FE49143F94C7FC187000014B136049147E16FE4C13E0000317C049
150104F81380170300071700495D170EEE781C000FED7C3849EC1FF0D80380EC07C0342D
7DAB3A>I<02FCEB07E0903A03FF801FFC903A0F07C0781E903A1C03E0E01F903A3801F1
C07FD9700013804901FB13FF4848EBFF00495B000316FE90C71438484A13001206140100
0E5C120CC7FC14035DA314075DA3140F5DA3021F143817305D1770023F1460121E003F16
E0267F807FEB01C0026F148000FF01EF1303D901CFEB070000FE903887C00E267C03835B
3A3C0F01E0783A1FFC00FFE0D803F0EB3F80302D7EAB37>120 D<133ED9FF8014E02603
C3C0EB03F0380703E0380601F0000E1507001C16E0EA180312380030150F007016C0EA60
075C161FD8E00F158000C05BEA001F4A133F1700133F91C7FC5E49147E137EA216FE01FE
5C5BA215015E485AA215035EA200001407150F6D5C017C131F153F6D13FF90391F03CFC0
903807FF8F903801FC0F90C7121F5EA2153F93C7FCD807C05BD81FE0137E5DA24848485A
4A5A01805B39380007C00018495A001C49C8FC6C137C380781F83803FFE0C66CC9FC2C40
7DAB30>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fp cmbx12 14.4 46
/Fp 46 122 df<EEFFFC031FEBFF804AB612E0020781021F9038C00FF8913A7FFE0003FC
DAFFF0EB00FE4949EB03FF4901805B4990C7487F49485CA2495A4D7F013F6F5B5CA37190
C7FC715AEF01F894C9FCA90403B512C0BAFCA526003FFCC7120783B3B3A6003FB5D8FC03
B612C0A542547DD34B>12 D<151E153E157E15FCEC01F8EC07F0EC0FE0EC1FC01580143F
EC7F0014FE1301495A5C1307495AA2495A133F5C137FA2495AA24890C7FCA25A5BA21207
A2485AA3121F5BA3123FA25BA3127FA55B12FFB3A3127F7FA5123FA37FA2121FA37F120F
A36C7EA21203A27F7EA26C7FA26D7EA2133F80131F6D7EA26D7E1303806D7E1300147FEC
3F80141F15C0EC0FE0EC07F0EC01F8EC00FC157E153E151E1F7973D934>40
D<127012F8127C127E7EEA1FC06C7E6C7E12037F6C7E6C7E7F6D7E133F806D7EA26D7E80
130780A26D7EA26D7EA215807FA215C0A2EC7FE0A315F0143FA315F8A2141FA315FCA514
0F15FEB3A315FC141FA515F8A3143FA215F0A3147F15E0A3ECFFC0A21580A25B1500A249
5AA2495AA25C130F5C495AA2495A5C137F49C7FC5B485A485A5B1207485A485A48C8FC12
7E127C5A12701F7979D934>I<B712F0AB240B7F9F2D>45 D<EC3FFE0103B512E0010F14
FC013F14FF90B712C048D9C07F7F2703FE000F13F8D807F801037FD80FE06D7F48486D7F
48488001F01680486C6E13C07F486C6E13E07FA27013F0A56C5AA26C5AEA0FF0EA03C0C9
14E05EA218C05E1880A24C13005F4C5A4B5B5F4B5B5F4B5B4B90C7FC4B5A5E4B5AED7FE0
4B5A4A5B4A48C8FC4A5A5D4A48EB01F04A5AEC3F804AC7FC02FEEC03E0495A495A495A49
5AD91F80140749C8FC013E150F017FB7FC90B812C05A5A5A5A5A5A5AB9FC1880A4344E79
CD43>50 D<177C17FE1601A216031607160FA2161F163F167F16FFA25D5D5DA2ED0FBF15
1FED3F3F157E157C15F81401EC03F0EC07E015C0140FEC1F80EC3F00143E5C14FC495A49
5A5C495A130F495A91C7FC133E137E5B485A5B485A1207485A5B48C8FC5A127E5ABA12C0
A5C96C48C7FCAF020FB712C0A53A4E7CCD43>52 D<ED0FFF92B512E0020780021F14FC91
397FFE03FE903A01FFF0007F4901C0EB3F804990C7121F4948EC7FC0494814FF49484913
E049485B01FF5C485BA2485B5AA2486F13C04A6D1380486F1300177E94C7FC5AA291CAFC
5AA21508913801FFF8020713FFB54814C04A14F04AC66C7E023C6D7E4A6D7E4A6D7E7013
804A15C0A24A15E07013F05C18F8A491C714FCA37EA67EA46C17F880A27E18F06C5D18E0
6C6D15C07E6E4913806C6D15006D6C495A6D6CEB7FFC6DB448485A6D90B55A010315C001
0092C7FC023F13FC020713C0364F7ACD43>54 D<171F4D7E4D7EA24D7EA34C7FA24C7FA3
4C7FA24C7FA34C7FA24C80A283047F80EE7E3F04FE8016FC830301814C7E03038116F083
0307814C7E030F8116C083031F814C7E033F8293C7FC844B82037E8003FE825D84020183
4B800203835D840207834B80020F8392B8FCA24A83A24A8492C9FC854A84027E8202FE84
5C850101854A820103855C850107854A82010F855C011F83D9FFFC84B600F8020FB712E0
A55B537BD266>65 D<BA12C019FEF1FFC01AF01AFCD8000701F0C7000313FFDE007F7F73
7F070F7F737F878587858785A287A84F5BA263616361634F5B4F5B077F90C7FC4E485A06
0713F892B812E097C8FC861AF003F0C7000313FE9539003FFF80070F13E0737F07017F87
737F747E1C807413C0A27413E0A31CF0A386A362A31CE0A2621CC0A250138097B5FC1C00
4F5B19074F5B073F13F04EB55ABC128098C7FC1AF81AC007F8C8FC54527CD160>I<9326
01FFFCEC01C0047FD9FFC013030307B600F81307033F03FE131F92B8EA803F0203DAE003
EBC07F020F01FCC7383FF0FF023F01E0EC0FF94A01800203B5FC494848C9FC4901F88249
49824949824949824949824990CA7E494883A2484983485B1B7F485B481A3FA24849181F
A3485B1B0FA25AA298C7FC5CA2B5FCAE7EA280A2F307C07EA36C7FA21B0F6C6D1980A26C
1A1F6C7F1C006C6D606C6D187EA26D6C606D6D4C5A6D6D16036D6D4C5A6D6D4C5A6D01FC
4C5A6D6DEE7F806D6C6C6C4BC7FC6E01E0EC07FE020F01FEEC1FF80203903AFFE001FFF0
020091B612C0033F93C8FC030715FCDB007F14E0040101FCC9FC525479D261>I<BA7E19
FCF1FF801AF01AFCD8000701F0C7000F13FF060014C0071F7F070713F807017F737F747E
747F747F86747F747F8886888688A2757EA31D8087A21DC0A51DE0A387A963A31DC0A51D
80A2631D00A3515AA2646264505B6264505B505B5090C7FCF2FFFE4F5B07075B071F5B96
B512C0060F91C8FCBB5A1AF01AC007FCC9FC19805B527CD167>I<BC1280A5D8000701F8
C7000114C0F0001F19071901851A7F1A3F1A1FA2F20FE0A21A07A31A03A318F81BF01A01
A497C7FC1701A317031707170F177F92B6FCA59238F8007F170F170717031701A317001B
3EA31B7CA395C8FCA21BFCA21BF8A21A01A31A031BF01A071A0FA21A1F1A3FF27FE0F101
FF1907191F0603B5FCBCFCA21BC0A34F517CD058>I<BB12FEA5D8000701F8C700077FF0
007F191F190785858586861B80A21A1FA31A0FA41BC006F81307A497C7FCA31701A31703
1707170F177F92B6FCA59238F8007F170F170717031701A31700A795C9FCB3B812F8A54A
517CD055>I<B812F8A5D8000701F8CAFCB3B3A91A7CA41AFC1AF8A51901A31903A21907
1AF0190FA2191F193F197F19FF180360183F4DB5FCBB12E0A546527CD151>76
D<B600FC073FB512FE6F61A26F96B6FCA2D80007F5C00070EF01EFA202EF6DEF03CFA202
E76DEF078FA202E36DEF0F0FA202E16D171EA302E06D173CA26F6C1778A26F6C17F0A26F
6DED01E0A26F6DED03C0A36F6DED0780A26F6DED0F00A26F6D151EA26F6D5DA3706C5DA2
706C5DA2706D495AA2706D495AA2706D495AA3706D49C7FCA2706D131EA2706D5BA2716C
5BA3716C5BA271EB81E0A271EBC3C0A271EBE780A27101FFC8FCA3715BA2715BA2725AA2
725AA2D93FFC6F5AB74DB712FEA2725AA2725A77527CD180>I<B600F893B7FC81818182
D800076E9239003FFC00F307E082828202EF7F8214E702E37F02E18002E080836F7F816F
7F6F7F6F7F83816F806F80707F707F8482707F707F707F85827080717F717F717F858371
7F717F7114801AC0837213E07213F07213F87213FC1AFE847213FF7214877214C71BE773
13F7857313FF8585A28585858686A286868686A286861B7FD93FFC183FB7171FA21B0F1B
07755A60527CD169>I<93380FFFC00303B6FC031F15E092B712FC0203D9FC0013FF020F
01C0010F13C0023F90C7000313F0DA7FFC02007F494848ED7FFE4901E0ED1FFF49496F7F
49496F7F4990C96C7F49854948707F4948707FA24849717E48864A83481B804A83481BC0
A2481BE04A83A2481BF0A348497113F8A5B51AFCAF6C1BF86E5FA46C1BF0A26E5F6C1BE0
A36C6D4D13C0A26C6D4D1380A26C1B006C6D4D5A6E5E6C626D6C4C5B6D6D4B5B6D6D4B5B
6D6D4B5B6D6D4B5B6D6D4B90C7FC6D6D4B5A6D01FF02035B023F01E0011F13F0020F01FC
90B512C0020390B7C8FC020016FC031F15E0030392C9FCDB001F13E0565479D265>I<BA
FC19F819FF1AE086D8000701F0C7001F13FC060113FF726C13807313C0070F13E01BF085
7313F81BFCA27313FEA41BFFA81BFEA31BFC61A21BF84F13F04F13E0614F13C04F13004E
485A061F5B92B812F01AC04FC7FC19E003F8CBFCB3AEB812C0A550527CD15C>I<B912F0
F0FF8019F819FF1AC0D8000701F0C714F0060F7F060113FE727F737F737F85737F87A273
7FA387A863A2616363A24F5B4F5B4F90C8FC4F5A06035B060F13F095B512C092B8C9FC19
F819E019F89226F0000313FE9439007FFF80061F7F727F727F86727F8486A2727FA887A7
1D1C1D3E8785A275137E73157C7315FC736D13F8B86C6DEBF801739038FE07F07390B512
E0736C14C0080F1400CEEA7FFC5F537CD164>82 D<91260FFF80130791B500F85B010702
FF5B011FEDC03F49EDF07F9026FFFC006D5A4801E0EB0FFD4801800101B5FC4848C87E48
488149150F001F824981123F4981007F82A28412FF84A27FA26D82A27F7F6D93C7FC14C0
6C13F014FF15F86CECFF8016FC6CEDFFC017F06C16FC6C16FF6C17C06C836C836D826D82
010F821303010082021F16801400030F15C0ED007F040714E01600173F050F13F08383A2
00788200F882A3187FA27EA219E07EA26CEFFFC0A27F6D4B13806D17006D5D01FC4B5A01
FF4B5A02C04A5A02F8EC7FF0903B1FFFC003FFE0486C90B65AD8FC0393C7FC48C66C14FC
48010F14F048D9007F90C8FC3C5479D24B>I<003FBC1280A59126C0003F9038C0007F49
C71607D87FF8060113C001E08449197F49193F90C8171FA2007E1A0FA3007C1A07A500FC
1BE0481A03A6C994C7FCB3B3AC91B912F0A553517BD05E>I<B700FC017FB600FE91B612
F0A5D8003F01C0C8001F01E0C9EBF8006F71EE0FC06D7161876F1C1F6D7196C7FC6F8373
606D1E3E6F836D7160876F1CFC6D666F4B801F016D66704A806E525A88704A17076E059F
5F70021F80080F160F6E6570023F806EDC3E074CC8FC8870027E5F6EDC7C03163E7002FC
804F6C167E6E1C7C700101814F6C16FC6E745B70010317016E4C6D5D060716C00580496D
14036F63DDC00F16E04F6D14076F07F05BDDE01F170F6F92C76C5D1DF8DDF03E6E141F6F
98C9FCDDF87E16FC067C6E5C6FF1FE3EDDFCFC177E6F4A6E147C1DFFDDFFF06E14FC6F62
A24E816F62A270496F5BA24E817061A295C97E7061A270487090CAFCA37048705AA24D16
01040360A27048705A84537DD18B>87 D<EC7FFF0107B512F0013F14FE90B77E48D9E00F
7F2703FE000113F0486C6D7F6EEB3FFC48826E131F83707FA36C496D7FA26C90C7FC6C5A
C9FCA6037FB5FC020FB6FC91B7FC01071487013FEBF0074913803901FFFC004813F0485B
485B485B4890C7FC5A5BA2485AA45EA26D5C007F151D163D6C6C02797F6C6D01F113F86C
9026C003E0EBFFE06C9027F81FC07F13F06C90B5487EC64B7E011F01FC010713E0010101
E090C8FC3C387CB641>97 D<EB3FF0B5FCA51203C6FCB3A4923801FFE0030F13FE033FEB
FFC092B612F002F301017F913AF7F8003FFEDAFFE0EB0FFF03806D7F92C76C7F4A6E7F4A
824A6E7FA2727EA285A28584A31A80AC1A00A44E5AA36118FF616E4A5BA26E4A5B6E4A5B
6F495BDACFC04990C7FCDA87F0EB7FFC913A03FE03FFF849C6B612E0496D148049011F01
FCC8FC90C7000313C041547BD24B>I<913801FFF8021FEBFF8091B612F0010315FC010F
9038C00FFE903A1FFE0001FFD97FFC491380D9FFF05B4817C048495B5C5A485BA2486F13
8091C7FC486F1300705A4892C8FC5BA312FFAD127F7FA27EA2EF03E06C7F17076C6D15C0
7E6E140F6CEE1F806C6DEC3F006C6D147ED97FFE5C6D6CEB03F8010F9038E01FF0010390
B55A01001580023F49C7FC020113E033387CB63C>I<4DB47E0407B5FCA5EE001F1707B3
A4913801FFE0021F13FC91B6FC010315C7010F9038E03FE74990380007F7D97FFC0101B5
FC49487F4849143F484980485B83485B5A91C8FC5AA3485AA412FFAC127FA36C7EA37EA2
6C7F5F6C6D5C7E6C6D5C6C6D49B5FC6D6C4914E0D93FFED90FEFEBFF80903A0FFFC07FCF
6D90B5128F0101ECFE0FD9003F13F8020301C049C7FC41547CD24B>I<913803FFC0023F
13FC49B6FC010715C04901817F903A3FFC007FF04948EB1FF8D9FFE06D7E488248496D7E
48814A15805A4890C76C13C0A24817E0A282485A18F0A312FFA390B8FCA318E049CAFCA5
127FA46C7EA26C17E0EF01F06C7F17036C17E06C6D14076C6DEC0FC06CEE1F806D6CEC3F
00D93FFC14FE6D6CEB03FC903A0FFFC03FF8010390B55A010015C0021F49C7FC020113F0
34387CB63D>I<ED3FFC0203B5FC020F14C0023F14E09139FFF81FF0499038C03FF849EB
807F49903800FFFC495A495AA2495AA2EE7FF8495AEE3FF0EE0FC093C7FCAEB712E0A526
007FF8C8FCB3B3A7007FB512FEA52E547CD329>I<DA3FFF14FF0103B5D8F00713C0010F
DAFC1F13E0013FECFF7F90267FFC0F9038FF9FF09026FFE001EBF83F48496C13E0484990
387FF01F4890C7D83FF813E0489338FC0FC0F0078048486E6CC7FCA2003F82A9001F5EA2
6C6C4A5AA26C5E6C6D495A6C6D495A6C6D485BDAFC0F5B4890B6C8FCD803EF14FC01C314
F02607C03F90C9FC91CBFCA2120FA37FA213F813FE90B7FC6C16F817FF18C06C836C836C
836D828448B9FC12074848C700031480D81FF8EC003F4848150748486F13C083485A83A5
6D5D007F18806D5D003F18006C6C4B5AD80FFEED1FFC6C6C6CEC7FF86C01E049485A6C01
FE011F5B6C6CB71280010F03FCC7FC010115E0D9000F01FCC8FC3C4F7CB543>I<EB3FF0
B5FCA51203C6FCB3A4EE1FFC93B512C0030314F0030F8092391FE07FFC92393F001FFE03
7C8003F07FDAF1E081ECF3C0DAF7807F8502FFC7FC5CA25CA45CB3ACB6D8F807B612C0A5
42537BD24B>I<137F497E487F487F487F487FA76C5B6C5B6C5B6C5B6DC7FC90C8FCADEB
3FF0B5FCA512017EB3B3A6B612E0A51B547BD325>I<EB3FF0B5FCA51203C6FCB3A54CB5
12F8A59339003FFE00EF1FE04D5A4D5A4DC7FCEE01FCEE07F84C5A4C5AEE3F8004FFC8FC
4B5A4B5AED07F0ED1FE0153F4B7E4B7E02F37F02F77F91B5FC82039F7F030F7F4A7EDAF8
037F02F0806F7F6F7F167F707E83707F707F8284707F707F82717E84717E1980B6D8F003
B6FCA540537CD247>107 D<EB3FF0B5FCA512017EB3B3B3B1B612F0A51C537BD225>I<D9
3FF0D91FFCEDFFE0B591B500C0010713FE030302F0011F6D7E030F6E017F8092271FE07F
FCD9FF037F922A3F001FFE01F8007F0003027C9126FF03E080C602F06DD90780137FDAF1
E0038FC77FDAF3C0159EDAF7806D01BC143F07FC8102FFC75C4A5EA24A5EA44A5EB3ACB6
D8F807B6D8C03FB512FEA567367BB570>I<D93FF0EB1FFCB591B512C0030314F0030F80
92391FE07FFC92393F001FFE0003027C80C602F07FDAF1E081ECF3C0DAF7807F8502FFC7
FC5CA25CA45CB3ACB6D8F807B612C0A542367BB54B>I<913801FFE0021F13FE91B612C0
010315F0010F9038807FFC903A1FFC000FFED97FF86D6C7E49486D7F48496D7F48496D7F
4A147F48834890C86C7EA24883A248486F7EA3007F1880A400FF18C0AC007F1880A3003F
18006D5DA26C5FA26C5F6E147F6C5F6C6D4A5A6C6D495B6C6D495B6D6C495BD93FFE011F
90C7FC903A0FFF807FFC6D90B55A010015C0023F91C8FC020113E03A387CB643>I<903A
3FF001FFE0B5010F13FE033FEBFFC092B612F002F301017F913AF7F8007FFE0003D9FFE0
EB1FFFC602806D7F92C76C7F4A824A6E7F4A6E7FA2717FA285187F85A4721380AC1A0060
A36118FFA2615F616E4A5BA26E4A5B6E4A5B6F495B6F4990C7FC03F0EBFFFC9126FBFE07
5B02F8B612E06F1480031F01FCC8FC030313C092CBFCB1B612F8A5414D7BB54B>I<9126
01FFE0EB0780021F01F8130F91B500FE131F0103ECFF80010F9039F03FC03F499039800F
E07F903A7FFE0003F04948903801F8FF4849EB00FD4849147F4A805A4849805A4A805AA2
91C87E5AA35B12FFAC6C7EA37EA2806C5EA26C6D5CA26C6D5C6C6D5C6C93B5FC6C6D5B6D
6C5B6DB4EB0FEF010F9038C07FCF6D90B5120F010114FED9003F13F80203138091C8FCB1
040FB61280A5414D7CB547>I<90397FE003FEB590380FFF80033F13E04B13F09238FE1F
F89139E1F83FFC0003D9E3E013FEC6ECC07FECE78014EF150014EE02FEEB3FFC5CEE1FF8
EE0FF04A90C7FCA55CB3AAB612FCA52F367CB537>I<903903FFF00F013FEBFE1F90B7FC
120348EB003FD80FF81307D81FE0130148487F4980127F90C87EA24881A27FA27F01F091
C7FC13FCEBFFC06C13FF15F86C14FF16C06C15F06C816C816C81C681013F1580010F15C0
1300020714E0EC003F030713F015010078EC007F00F8153F161F7E160FA27E17E07E6D14
1F17C07F6DEC3F8001F8EC7F0001FEEB01FE9039FFC00FFC6DB55AD8FC1F14E0D8F80714
8048C601F8C7FC2C387CB635>I<143EA6147EA414FEA21301A313031307A2130F131F13
3F13FF5A000F90B6FCB8FCA426003FFEC8FCB3A9EE07C0AB011FEC0F8080A26DEC1F0015
806DEBC03E6DEBF0FC6DEBFFF86D6C5B021F5B020313802A4D7ECB34>I<D93FF8913801
FFC0B50207B5FCA50003ED001FC61607B3AE5FA35FA2017F5D173B177B6D6C14F3DC01E3
13F06D6CD907C3EBFFC0903A0FFFC03F836D90B51203010114FE6D6C13F8020701E091C7
FC42377BB54B>I<B600F00107B5FCA5C601F8C8EA7FC06EED3F00A26D6C153E187E013F
167C6E15FC6D5E6F13016D5E6F13036D5E8117076D6D5C170F6D6D5C171F6D93C7FC6F5B
027F143E6F137E023F147C6F13FCA26E6D5A16816EEBC1F016C36E5C16E76E5C16FF6E5C
A26E91C8FCA36F5AA26F5AA26F5AA26F5AA26F5A6F5A40357DB447>I<B6D8E07FB5D8C0
03B512C0A5000101F0C701F0C7381FF8006E027FED07E06C715DA26E023F150F017F705D
6E181F013F7092C7FC177F6E606D92B5143E6F177E6D71137C5E03C001F315FC6D02036E
5B03E001E114016D05E05B160703F001C014036D020F02F05B03F8EB807FF1F8076D021F
5E03FCD9003F130F027F04FC5B5EDBFE3E90381FFE1F023F017E93C8FCDBFF7C010F5B6E
EEFF3E16FC4C6D13FE6E5F4C7F6E5FA24C7F6E5F4C7F6E5FA24C147F6E5F93C8123F6F5E
A2033E6FC9FC5A357DB461>I<007FB500F090387FFFFEA5C66C48C7000F90C7FC6D6CEC
03F86D6D495A6D6D495A6D4B5A6F495A6D6D91C8FC6D6D137E6D6D5B91387FFE014C5A6E
6C485A6EEB8FE06EEBCFC06EEBFF806E91C9FCA26E5B6E5B6F7E6F7EA26F7F834B7F4B7F
92B5FCDA01FD7F03F87F4A486C7E4A486C7E020F7FDA1FC0804A486C7F4A486C7F02FE6D
7F4A6D7F495A49486D7F01076F7E49486E7E49486E7FEBFFF0B500FE49B612C0A542357E
B447>I<B600F00107B5FCA5C601F8C8EA7FC06EED3F00A26D6C153E187E013F167C6E15
FC6D5E6F13016D5E6F13036D5E8117076D6D5C170F6D6D5C171F6D93C7FC6F5B027F143E
6F137E023F147C6F13FCA26E6D5A16816EEBC1F016C36E5C16E76E5C16FF6E5CA26E91C8
FCA36F5AA26F5AA26F5AA26F5AA26F5AA35E150F5E151F93C9FC5DD81FC0133E486C137E
486C137C486C13FC5D14015D14034A5A6C48485A49485A263FC07FCAFCEB81FE6CB45A6C
13F000035BC690CBFC404D7DB447>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fq line10 10 10
/Fq 10 84 df<1C0C1C1E1C3E1C7C1CF8F301F0F303E0F307C0F30F80F31F001B3E6363
505A505A505A505A50C7FC1A3E62624F5A4F5A4F5A4F5A4FC8FC193E61614E5A4E5A4E5A
4E5A4EC9FC183E60604D5A4D5A4D5A4D5A4DCAFC173E5F5F4C5A4C5A4C5A4C5A4CCBFC16
3E5E5E4B5A4B5A4B5A4B5A4BCCFC153E5D5D4A5A4A5A4A5A4A5A4ACDFC143E5C5C495A49
5A495A495A49CEFC133E5B5B485A485A485A485A48CFFC123E5A5A5A1260575782D453>
0 D<1718173C177C177817F817F0160117E0160317C016071780160F17005E161E163E16
3C167C167816F85E15015E15035E15075E150F93C7FC5D151E153E153C157C157815F85D
14015D14035D14075D140F92C8FC5C141E143E143C147C147814F85C13015C13035C1307
5C130F91C9FC5B131E133E133C137C137813F85B12015B12035B12075B120F90CAFC5A12
1E123E123C127C127812F85A12602E5782D42A>I<1C0C1C3E1CFEF303FCF30FF8F33FE0
F3FF80973803FE00F20FF8F23FE0F2FF80DF03FEC7FCF10FF8F13FE0F1FF80DE03FEC8FC
F00FF8F03FE0F0FF80DD03FEC9FCEF0FF8EF3FE0EFFF80DC03FECAFCEE0FF8EE3FE0EEFF
80DB03FECBFCED0FF8ED3FE0EDFF80DA03FECCFCEC0FF8EC3FE0ECFF80D903FECDFCEB0F
F8EB3FE0EBFF80D803FECEFCEA0FF8EA3FE0EA7F8000FECFFC12F81260572E82AB53>8
D<1C0C1C3E1C7EF301FCF303F8F30FE0F31FC0F37F001BFEF203F8505AF21FC0505A08FE
C7FC4F5AF107F04F5AF13F804FC8FCF001FC4E5AF00FE04E5A067FC9FC18FEEF03F84D5A
EF1FC0EF7F8005FECAFCEE03FCEE07F0EE1FC04C5A04FECBFC4B5AED07F04B5AED3F804B
CCFCEC01FC4A5AEC0FE04A5A027FCDFC14FEEB03F8495AEB1FC0495A01FECEFC485AEA07
F0485AEA3F8048CFFC12FC5A1260573B82B853>17 D<F10180F103C019071A80190FF11F
00193E193C197C614E5A6118034E5A4E5A96C7FC60183E60187818F84D5A4D5A6017074D
5A4DC8FC171E173E5F5F5F16014C5A4C5A5F160F4CC9FC163E163C167C5E4B5A5E15034B
5A4B5A93CAFC5D153E5D157815F84A5A4A5A5D14074A5A4ACBFC141E143E5C5C5C130149
5A495A5C130F49CCFC133E133C137C5B485A5B1203485A485A90CDFC5A123E5A127812F8
5A1260425782D43E>19 D<126012F07E127C7E7E6C7E6C7E6C7E6C7E6C7E137C7F7F6D7E
6D7E6D7E6D7E6D7E147C80806E7E6E7E6E7E6E7E6E7E157C81816F7E6F7E6F7E6F7E6F7E
167C8282707E707E707E707E707E177C8383717E717E717E717E717E187C8484727E727E
727E727E727E197C8585737E737E737E737E737E1A7C8686747E747E747E747E747E1B7C
8787F30F80F307C0F303E0F301F0F300F81C7C1C3E1C1E1C0C575782D453>64
D<126012F07E1278127C123C123E121E121F7E7F12077F12037F12017F12007F1378137C
133C133E131E131F7F801307801303801301801300801478147C143C143E141E141F8081
1407811403811401811400811578157C153C153E151E151F818215078215038215018215
00821678167C163C163E161E161F821780160717C0160317E0160117F0160017F8177817
7C173C17182E5782D42A>I<126012F812FEEA7F80EA3FE0EA0FF8EA03FEC66C7EEB3FE0
EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE913800FF80ED3FE0ED0FF8ED03FE9238
00FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00F
F8F003FE953800FF80F13FE0F10FF8F103FE963800FF80F23FE0F20FF8F203FE973800FF
80F33FE0F30FF8F303FCF300FE1C3E1C0C572E82AB53>72 D<126012F87E127F6C7EEA0F
E06C7EEA01FC6C7EEB3F806D7EEB07F06D7EEB00FE147FEC1FC06E7EEC03F86E7EEC007F
6F7EED0FE06F7EED01FC6F7EEE3F80707EEE07F0EE03FCEE00FEEF7F80EF1FC0EF07F071
7EEF00FE187FF01FC0727EF003F8727EF0007F737EF10FE0737EF101FC737EF23F80747E
F207F0747EF200FE1B7FF31FC0F30FE0F303F8F301FCF3007E1C3E1C0C573B82B853>81
D<126012F07E1278127C7E7E7E7F6C7E6C7E12017F6C7E137C133C133E7F6D7E1307806D
7E6D7E130080147C80141E141F6E7E6E7E1403816E7E6E7E1578157C818181826F7E6F7E
1501826F7E167C163C163E82707E160783707E707E160083177C83171E171F717E717E17
0384717E717E1878187C84848485727E727E180185727E197C193C193E85F10F8019071A
C01903F10180425782D43E>83 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fr cmtt12 12 70
/Fr 70 127 df<00085B003EEB07C0007FEB0FE0A24814F0A26C14E0B3A2007E1307003E
14C0A20008EB01001C1E75BD33>34 D<D803E01438D80FF8147C486C14FEA2486C13015E
EA7F7FD87E3F13035E00FEEB8007D8FC1F5CA2150F5EA2151F5ED8FE3F133F007E01005B
A2D87F7F137FD83FFE91C7FC5D6C485BA2380FF801D803E05BC7FC14035D14075DA2140F
5D141F5DA2143F5DA2147F92C8FC5C5CA213015C13035CA20107147C4A48B4FC4B138013
0F4A4813C0131F9139C00FEFE016C7013F011F13F002801383137F1400A25B5BA2120149
14C70003020F13E04914EF923807FFC01207496D1380A26C486D13006C48EB007C2C4D7D
C433>37 D<EB03E0EB0FF8497E497E497E90B5FC9038FE3F803801FC1F13F8000380EBF0
0FA7141F5D91393F87FFE001F84913F00001137F147E14FE9026F9FC0713E001FF903801
F8006C13F8ECF00302E05B1507D97FC05B14809038FF000F485D148048141F4801C05B5A
391FEFE03FD83FC791C7FC903887F07FD87F03137EECF8FE6D6C5A12FEEB00FF6E5AA291
393FF00180EE03C091391FE007E0140F6CEB1FF06C133FEC7FF8903980FFFE0FD83FC301
FF13C0D9FFFC13FF6C496C13806C497E6CD9E00F13006C90388007FE3A00FE0001F82C3F
7DBD33>I<EA07C0EA0FF0EA1FF8A213FCA213FE120F1207EA007EA613FE13FCA21201EA
03F8A2EA07F0120FEA1FE0EA7FC0EAFF8013005A5A12700F1E6EBC33>I<140FEC3F8014
7F14FF491300495AEB07F8495A495A495A495A49C7FC5B12015B485A12075B120F5B121F
5BA2123F5BA2127F90C8FCA45A5AAD7E7EA47F123FA27F121FA27F120F7F12077F12036C
7E7F12007F6D7E6D7E6D7E6D7E6D7EEB03FE6D7E6D1380147F143FEC0F00194D6FC433>
I<127812FE7E7F6C7E6C7EEA0FF06C7E6C7E6C7E6C7E6D7E133F80131F6D7E8013078013
03801301A2801300A28080A41580143FAD147F1500A45C5CA213015CA213035C13075C13
0F5C495A133F5C137F49C7FC485A485A485A485AEA3FE0485A485A90C8FC5A1278194D78
C433>I<14F0497EA8007015E000F8EC01F000FE140700FF140F01C1133F01F113FF263F
F9F913C0000FB61200000314FCC614F06D5B011F1380D907FEC7FC90381FFF80017F13E0
90B57E000314FC000F14FF263FF9F913C026FFF1F813F001C1133F0101130F00FE140700
F814010070EC00E000001500A86D5A242B79B333>I<140E141F4A7EB0003FB7FC481680
B812C0A36C16806C1600C7D83F80C7FCB06EC8FC140E2A2B7CB333>I<EA07C0EA0FF0EA
1FF8123F13FCA213FEA2121F120F1207EA007E13FEA213FC1201EA03F81207EA0FF0EA7F
E012FF13C013005A12780F196E8A33>I<003FB612FC4815FEB8FCA36C15FE6C15FC2807
7BA133>I<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B0B6C8A33>I<167016F8
ED01FCA2150316F8150716F0A2150F16E0151F16C0153F1680157F1600A25D5D14015D14
035D14075DA2140F5D141F5D143F5D147F92C7FCA25C5C13015C13035CA213075C130F5C
131F5C133F5CA2137F91C8FC5B5B12015B12035BA212075B120F5B121F5B123F5BA2127F
90C9FC5A5AA2127C1238264D7AC433>I<14FF010313C0010F13F0497F497F497F9038FF
81FF3A01FE007F804848EB3FC049131F4848EB0FE0A24848EB07F0A24848EB03F8A24848
EB01FCA348C812FEA4007E157E00FE157FAE6C15FF6C15FEA46D1301003F15FCA26D1303
001F15F8A26C6CEB07F0A26C6CEB0FE06D131F6C6CEB3FC0A26CB4EBFF806C018113006D
B45A6D5B6D5B6D5B010313C0010090C7FC283F7BBD33>I<EB01E0497EA21307A2130FA2
131F133F137F13FF1203123F5AEAFFF713E71387EA7E071200B3B3A2003FB512FE488016
80A216006C5C213E76BD33>I<EB03FF011F13E0017F13FC48B57E48ECFF804815C0260F
FE0313E03A1FF0007FF049EB1FF84848130F49EB03FC127F90C7EA01FE4814005A6C15FF
167FA3127E123CC9FCA216FF16FEA2150116FC150316F81507ED0FF0ED1FE0153F16C0ED
7F80EDFF004A5AEC07FC4A5A4A5A4A5A4A5A4A5A4990C7FC495AEB07F8EB1FF0495A495A
495A4890C8FC4848143E4848147FEA0FF0485A48B7FCB8FCA37E6C15FE283E7BBD33>I<
903801FFC0010F13F8013F13FE90B67E48814881489038807FF03A0FFC000FF801F06D7E
484813036F7EA21500A26C5A6C5AC9FC15015EA215034B5A150F4B5A4B5A913803FFC001
03B55A4991C7FC5D8116C06D8090C76C7EED0FF8ED03FC6F7E6F7E821780163FA2EE1FC0
A3123C127EB4FCA2163F1780167F6C16006D5C6D495A6C6C1303D81FF8EB0FFC3A0FFF80
7FF86C90B55A6C5D6C15806C6C91C7FC010F13FC010113C02A3F7CBD33>I<0007B612F0
4815F85AA316F001C0C8FCB0ECFFC001C713F801DF7F90B6FC168016C0028013E09039FC
001FF001F0EB0FF849130749EB03FC6C4813016CC713FEC9FCA216FF167FA41218127EA2
B415FF16FEA24814016C15FC6C14036DEB07F86D130F6C6CEB1FF06C6CEB7FE09039FE03
FFC06CB612806C150000015C6C14F8013F13E0010390C7FC283E7BBC33>53
D<127CB8128017C0A4178048C813004B5A4B5A007C4A5AC8485A5E151F4B5A4B5A93C7FC
5D5D4A5A14035D14075D140F5D141F5D143F5DA24AC8FCA25C5CA213015CA3495AA41307
5CA5130F5CAA6D5A6D5A2A3F7CBD33>55 D<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80
EA1F00C7FCB3A3121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B2B6CAA33>58
D<EA07C0EA0FE0EA1FF0EA3FF8A5EA1FF0EA0FE0EA07C0C7FCB3A3EA07C0EA0FE0EA1FF0
EA3FF8A213FCA3121F120F12071200A2120113F81203EA07F0120FEA1FE0127FEAFFC013
80130012FC12700E396EAA33>I<161C167E16FF15035DED1FFEED3FFCEDFFF84A13E002
0713C04A1300EC3FFEEC7FF849485A4913C0010F5B4948C7FCEB7FFCEBFFF000035B4813
80001F90C8FCEA3FFC485AEAFFE05B7FEA7FF86C7E6CB4FC00077F6C13E0C67FEB7FFCEB
1FFE6D6C7E01037F6D13F06D6C7EEC3FFEEC0FFF6E13C0020113E06E13F8ED3FFCED1FFE
ED07FF811500167E161C28337BB733>I<003FB7FC481680B812C0A36C16806C1600CBFC
A9003FB7FC481680B812C0A36C16806C16002A177CA933>I<1238127EB4FC13C07FEA7F
F86C7E6CB4FC00077F6C13E0C67FEB7FFCEB1FFE6D6C7E01037F6D13F06D6C7EEC3FFEEC
0FFF6E13C0020113E06E13F8ED3FFCED1FFEED07FF815DED1FFEED3FFCEDFFF84A13E002
0713C04A1300EC3FFEEC7FF849485A4913C0010F5B4948C7FCEB7FFCEBFFF000035B4813
80001F90C8FCEA3FFC485AEAFFE05B90C9FC127E123828337BB733>I<EC1F804A7E4A7E
A34A7EA314F901017FA501037FA214F0A201077FA4ECE07E010F137FA449486C7EA54948
6C7EA4017F80EC000FA291B5FCA290B67EA43A01FE0007F8491303A4000381491301A300
0781491300D87FFF90380FFFE0B56C4813F06E5AA24A7E6C496C13E02C3E7DBD33>65
D<007FB512F8B7FC16C082826C813A03F8000FFCED03FE15016F7E82A2EE3F80A7EE7F00
A25E4B5AA2ED07FCED1FF890B65A5E1680828216F89039F8000FFCED01FE6F7EEE7F8016
3F17C0161FA2EE0FE0A7161F17C0A2163FEE7F8016FF4B1300150F007FB65AB75A5E16E0
5E6C4AC7FC2B3D7DBC33>I<91391FE00780DAFFFC13C00103EBFF0F010F148F4914FF5B
90387FF81F9038FFC00748497E4848487E497F485A167F485A49143F121F5B003F151F5B
A2127F90C8EA0F8093C7FCA25A5AAD7E7EA36DEC0F80003FED1FC0A27F121F7F000F153F
6D15806C7E167F6C6CECFF007F3A01FF8003FE6C6D485A90397FF81FF86DB55A6D5C6D5C
010391C7FC010013FCEC1FE02A3F7CBD33>I<003FB512F04814FCB7FC826C816C813A03
F8007FF0ED1FF8ED07FC15036F7E8281EE7F80A2163F17C0161FA217E0160FA4EE07F0AD
160F17E0A4161F17C0163FA21780167FEEFF00A24B5A15034B5AED1FF8ED7FF0003FB6FC
4815C0B75A93C7FC6C14FC6C14F02C3D7EBC33>I<003FB712E04816F0B8FCA27E7ED801
FCC71207A8EE03E093C7FCA6151F4B7EA490B6FCA69038FC003FA46FC7FC92C8FCA817F8
EE01FCA9003FB7FC5AB8FCA27E6C16F82E3D7EBC33>I<003FB712E04816F0B8FCA27E7E
D801FCC71207A8EE03E093C7FCA7151F4B7EA490B6FCA69038FC003FA46FC7FC92C8FCB1
383FFFF8487FB57EA26C5B6C5B2C3D7DBC33>I<003FB612804815C0B712E0A26C15C06C
1580260003F8C7FCB3B3AD003FB612804815C0B712E0A26C15C06C1580233D78BC33>73
D<387FFFF8B57E80A25C6C5BD801FCC9FCB3B3A3EE03E0EE07F0A9007FB7FCB8FCA46C16
E02C3D7DBC33>76 D<D83FF8EC1FFC486CEC3FFE486CEC7FFFA2007F16FE6C6CECFFFC00
0716E001EF14F7EC8001A39039E7C003E7A3ECE007A201E314C7A2ECF00FA201E11487EC
F81FA201E01407A2ECFC3FA2EC7C3EA2EC7E7EEC3E7CA3EC1E78EC1FF8A2EC0FF0A3EC07
E0EC03C091C7FCAED83FFCEC3FFC486CEC7FFEB591B5FCA26C48EC7FFE6C48EC3FFC303D
7FBC33>I<D87FFC90381FFFE0486C4913F07FA36C6D6C13E00003913800FC0013F780A2
13F380A3EBF1F0A38013F0A280A2147C147EA2143E143FA2801580A3140F15C0A2140715
E0A2140315F0A21401A215F81400A3157CA3153C153EA2151E151F387FFF80B5EAC00FA3
15076C496C5A2C3D7DBC33>I<003FB512FC48ECFF80B712E016F86C816C813A01FC000F
FF030313801500EE7FC0163FEE1FE0160FA217F01607A6160F17E0A2161FEE3FC0167FEE
FF801503030F130090B65A5E5E16E0168003FCC7FC01FCC9FCB3383FFFE0487FB57EA26C
5B6C5B2C3D7EBC33>80 D<007FB57EB612F815FE81826C812603F8007FED3FF0ED0FF815
076F7E1501A26F7EA74B5AA215034B5A150FED3FF0EDFFE090B65A5E93C7FC5D8182D9F8
007F153F6F7E150F821507AA173E177FA416F8030313FF267FFFC014FEB538E001FF17FC
81EE7FF86C49EB3FF0C9EA0FC0303E7EBC33>82 D<D907FE137890393FFFC07C90B5EAF0
FC4814FC000714FF5AEBFC03391FF0007F4848133F0180131F007F140F90C71207481403
5AA21501A46CEC00F86C15007F7F6C7E7FEA1FFE380FFFE06C13FF6C14F06C14FC6C6C13
FF011F1480010314C0D9003F13E0020313F09138003FF8ED0FFC1507ED03FE1501150016
FFA2007C157F12FEA56C15FF16FE7FED01FC6D130301F0EB07F801FC130F9039FF807FF0
91B512E016C000FC1580013FEBFE00D8F80F5BD8780013E0283F7BBD33>I<003FB712F8
4816FCB8FCA43AFE000FE001A8007CED00F8C71500B3B3A40107B512C049804980A26D5C
6D5C2E3D7EBC33>I<273FFFE001B5FC486D481480B56C4814C0A26C496C14806C496C14
00D801FCC7EA0FE0B3B3A36D141F00005EA26D143F6D5DA26D6C49C7FC6E5B6D6C485AEC
F00390390FFC0FFC6DB55A6D5C6D5C6D6C1380DA1FFEC8FCEC07F8323E80BC33>I<D87F
FF903803FFF8B56C4813FCA46C496C13F8D807F09038003F806D147F00031600A36D5C00
015DA46C6C495AA46D13036D5CA3EC8007013F5CA3ECC00F011F5CA46D6C485AA46D6C48
5AA4010391C7FC6E5AA30101137EA2ECFCFEA201005BA5EC7FF8A46E5AA26E5A6E5A2E3E
7EBC33>I<D83FFCEC3FFC486CEC7FFEB591B5FCA26C48EC7FFE6C48EC3FFCD80FC0EC03
F0A76D1407000716E0A86C6CEC0FC0A2EC07E0EC0FF0EC1FF8A3000116809039F83FFC1F
EC3E7CA4EC7E7EA200001600A2EC7C3E01FC5CECFC3FA3ECF81F017C143EA590397DF00F
BEA3013D14BC90393FE007FCA5ECC003011F5C6D486C5A303E7FBC33>I<007FB512C0B6
12E0A415C048C8FCB3B3B3ABB612C015E0A46C14C01B4D6CC433>91
D<1238127C12FEA27E7E7F123FA27F121F7F120F7F12077F1203A27F12017F12007F7F80
133FA280131F80130F801307801303A28013018013008080A281143F81141F81140F8114
07A28114038114018114008181A21680153F16C0151F16E0150F16F01507A216F8150316
FC1501A2ED00F81670264D7AC433>I<007FB512C0B612E0A47EC7120FB3B3B3AB007FB5
FCB6FCA46C14C01B4D7DC433>I<EB7FFE0003B512C04814F048804880819038E007FF02
007F6C486D7E6C48133FC8121F82150FA4EC0FFF0103B5FC131F90B6FC120348140F4813
80381FFC00EA3FE0485A5B48C7FC5AA47E151F6C6C133F6D13FF263FF8077F6CB712F06C
16F86C14F76C14E3C61401903A3FF8003FF02D2B7BAA33>97 D<EA3FFC487E12FFA2127F
123F1200AC4AB4FC020F13C0023F13F04A13FC91B57E90B7FCDAFE071380DAF80013C002
E0137F4AEB3FE04A131F91C7EA0FF016074915F81603A217FC1601A81603A217F87F1607
17F06E130F6EEB1FE0163F6EEB7FC09139F801FF80DAFE07130091B55A495C6E5B6E13E0
D97E0F138090263C03FEC7FC2E3D7FBC33>I<ECFFFC0107EBFF80011F14C0017F14E090
B612F05A48EB800F3807FE00D80FF8EB07E049EB03C0484890C7FC485AA2485A90C9FCA3
5A5AA77E7EA27FA26C6CEB01F06DEB03F8121FD80FF813076D14F06CB4131F6C9038E07F
E06C90B5FC6C15C06D1400011F5B010713F8010013C0252B79AA33>I<ED7FF84B7E5CA2
80157F1501ACEB01FF010F13C1013F13F14913FD90B6FC5A4813803907FE003FD80FF813
1F4848130F491307484813035B007F140190C7FCA25AA25AA87E7E15037F003F14077F6C
6C130F6D131F6C6C133F6D137F3907FF81FF6C90B612F06C02FD13F86C02F913FC013F13
E1010F018113F8902601FE0013F02E3D7DBC33>I<ECFF80010713F0011F13FC017F13FF
90B612804815C048018013E03907FE001FD80FF8EB0FF049EB07F848481303485A49EB01
FC127F90C7FC16FE150012FEB7FCA516FC48C9FC7E7EA27F123F6D147C001F15FE7F6C6C
1301EA07FC6DEB07FC3A03FFC03FF86C90B5FC6C6C14F06D14C0010F14800103EBFE0090
38007FF0272B7BAA33>I<ED3FF0913801FFFC020713FE141F4A13FF5CECFFC04913004A
137E494813184A1300A8003FB612F84815FCB7FCA36C15F8260003F8C7FCB3AD003FB612
804815C0A46C1580283D7DBC33>I<EE1FC0D901FEEBFFF090260FFFC313F8013F13F749
90B512FC90B7FC4815F148010313812607FC00EB80F849017F1360484890383FC0004913
1FA2001F8149130FA66D131F000F5DA26D133F6C6C495A6D13FF2603FF0390C7FCECFFFE
485C5D5DD80FCF13C0D9C1FEC8FC01C0C9FCA36C7E7F6CB512FEEDFFC06C15F800078148
15FF4816809026E0000713C0D83F80EB007F48C8EA1FE0160F007E150700FE16F0481503
A56C1507007FED0FE06D141FD83FE0EC7FC0D81FF8903801FF80270FFF801F13006C90B5
5A6C5DC615F0013F14C0010F91C7FC010013F02E437DAB33>I<EA3FFC487E12FFA2127F
123F1200AC4AB4FC020713C0021F13F0027F7F91B57E90B6FC9138FE03FEECF801ECF000
02C07F825C91C7FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FFA26C496C13FE6C
496C13FC303D7FBC33>I<14E0EB03F8A2497EA36D5AA2EB00E091C8FCAA383FFFF8487F
A47EEA0001B3AD007FB612C0B712E016F0A216E06C15C0243E78BD33>I<EA7FF8487EA4
127F1200AC4AB512C04A14E04A14F0A26E14E06E14C09139000FF0004B5A4B5A4B5A4BC7
FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4A7E01FD7F90B5FC81ECF3F8ECE3FC14C1EC80FEEC
007F5B496D7E6F7E82150F6F7E6F7E8215016F7E3B7FFFF80FFFF0B56C4813F817FCA217
F86C496C13F02E3D7EBC33>107 D<383FFFFC487FB5FCA27E7EC7FCB3B3AD003FB612F8
4815FCB712FEA26C15FC6C15F8273D7ABC33>I<267FC0FC137E3BFFE3FF01FF8001EF01
877F90B500CF7F15DF6C91B57E0007010F1387496CEB03F801FC13FE9039F803FC01A201
F013F8A301E013F0B3A53C7FFE0FFF07FF80B548018F13C0A46C486C01071380322B80AA
33>I<393FFC01FF267FFE0713C000FF011F13F0027F7F007F90B57E6CB6FCC69038FE03
FEECF801ECF00002C07F825C91C7FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FF
A26C496C13FE6C496C13FC302B7FAA33>I<EB01FE90380FFFC0013F13F0497F48B512FE
48804801031380EBFC00D80FF0EB3FC04848EB1FE049130F003F15F0491307007F15F890
C71203A2007E140100FE15FCA86C14036C15F8A36D1307003F15F06D130F6C6CEB1FE06D
133F6C6CEB7FC06C6CEBFF80EBFF036C90B512006C5C6C6C13F86D5B010F13C0D901FEC7
FC262B7AAA33>I<393FFC01FF267FFE0F13C000FF013F13F04A13FC007F90B57E6CB7FC
C6D9FE071380DAF80013C002E0137F4AEB3FE04A131F91C7EA0FF016074915F81603A217
FC1601A81603A217F87F160717F06E130F6EEB1FE0163F6EEB7FC09139F801FF80DAFE07
130091B55A495C6E5B6E13E0020F1380DA03FEC7FC91C9FCB0383FFFF8487FB57EA26C5B
6C5B2E417FAA33>I<02FF137C0107EBE0FE011F13F0017F13FC90B512FE4814FF4813C0
3907FE003FD80FF8131F4848130F49130748481303A24848130190C7FCA2481400A25AA8
7E7E15017F003F14037F6C6C13076D130F6C6C131F6C6C137F9038FF81FF6CEBFFFE6C14
FC6C6C13F86D13F0010F13C0903801FE0090C8FCB092387FFFFC92B512FEA46F13FC2F41
7CAA33>I<3A7FFF8003FEB539C01FFF80037F13E002C1B5FC02C314F06C13C73A001FCF
FE0FECDFF09139FFC007E092388003C04AC8FCA25C5C5CA25CA45CB1007FB512FEB7FCA4
6C5C2C2B7DAA33>I<90381FFE0F90B5EACF80000314FF120F5A5A387FF003EB800000FE
C7127F153F5AA36CEC1F006C91C7FCEA7FC0EA3FFEEBFFF06CEBFF80000714F06C14FCC6
6C7F010F7FD9003F1380020113C09138003FE0007C140F00FEEC07F01503A27EA27F6D13
076DEB0FE06D131F9039FC01FFC090B61280A200FDECFE0000FC5CD8F83F13F0D8780790
C7FC242B79AA33>I<EB03C0497E130FAA003FB612FC4881B7FCA36C5D26000FE0C8FCB3
A3161FEE3F80A5167F6E14006D6C485A9138FE07FE6DB5FC5E6D5C6D14E0023F1380DA07
FCC7FC29377EB633>I<D83FFCEB1FFE486C497E00FF5CA2007F80003F800000EC007FB3
A75EA25D6D5B5D90387FC03F91B612FC6D15FE6DEC7FFF6D13FE6D01F813FE01009038C0
3FFC302B7FAA33>I<3B3FFFC00FFFF0486D4813F8B56C4813FCA26C496C13F86C496C13
F0D801F8C7EA7E006D14FE00005DA26D1301017E5CA2017F13036D5CA2EC8007011F5CA2
ECC00F010F5CA36D6C485AA3ECF03F010391C7FCA26E5A0101137EA2ECFCFE01005BA214
FF6E5AA36E5AA26E5A6E5A2E2B7EAA33>I<3B7FFF8007FFF8B56C4813FC6E5AA24A7E6C
496C13F8D80FC0C7EA0FC06D141F00071680A56D143F00031600A3EC0FC0EC1FE0A23A01
F83FF07EA3EC7FF8147CA20000157C9039FCFCFCFCA3ECF87CA2017C5C017D137EECF03E
A2017F133FA26D486C5AA3ECC00F90390F8007C02E2B7EAA33>I<3B3FFFC07FFF80486D
B512C0B500F114E0A26C01E014C06C496C13803B00FE000FE000017F495AEB3F804B5A6D
6C48C7FC90380FE07E903807F0FEECF1FC903803FBF8EB01FF6D5B5D6E5A143F6E5A143F
814A7E14FF903801FBF0ECF9F8903803F1FCEB07E0157E90380FC07F011F6D7E90383F80
1F02007F496D7E01FE6D7E484813033B7FFFC03FFFE0B56C4813F0A46C496C13E02C2B7D
AA33>I<3B7FFF801FFFE0B56C4813F06E4813F8A24A6C13F06C496C13E0D803F8C7EAFC
00000114015E7F000014036D5C137EA2017F495A7FA26E485A131FA26D6C485AA214E001
0749C7FCA214F01303157EEB01F8A2157C010013FC14FC5D147C147DEC3FF0A36E5AA36E
5AA2141F5DA2143F92C8FCA3147EA214FE003F5B1301387F83F81387EB1FF0EBFFE06C5B
5C6C90C9FC6C5AEA03F02D417DAA33>I<000FB712804816C05AA317800180C713004B5A
4B5A4B5A4B5A6CC7485AC8485A4B5A4BC7FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4AC8FC49
5A495A495A495A495A495A495A49C7EA0F804848EC1FC0485A485A485A485A485A48B7FC
B8FCA46C16802A2B7DAA33>I<1238127C12FEB3B3B3B3127C1238074D6AC433>124
D<013E13079039FF800F8000039038C01FC048EBE03F48EBF07F489038F9FF803A7FE7FF
FE00D8FF835B01015B486C5B007CEB7FC00038011FC7FC220C78BC33>126
D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fs cmti12 12 62
/Fs 62 125 df<4CB414FC040F9039C003FF80933B3F81F00783C0933B7C00781F01E04C
9038F83F03923C01F001FC3E07F003030103EB7E0F922607E007EB7C1F19FCDB0FC001F8
14E0943A03F0F80FC0DD01E1EB0780031FD9000190C7FC5E180361153F93C7FCA2180761
5D157EA2180F6115FE91B912F0A3DA00FCC7D81F80C7FC1401A25D183F96C8FCA214035D
A260187E14075DA218FE60140F5DA2170160141F5DA2170360143F92C7FCA21707605C14
7EA2170F6014FE5CA24D5AA2495A95C9FC5F5C0103153E177E001CEBE038007F02FE137C
26FF07E114FC02C15C4C5AEB0F8100FE903901FC03E0D8F81F9038F007C03B701E00E00F
80D8783CD9F83ECAFCD81FF0EB3FF8D807C0EB0FE04C5A83C53C>11
D<EF7FF80407B5FC93391FC00FC093393E0001E004FCEB00F04B4813014B4813075E0307
140FA24B5A19E0031FEC03804C90C7FCA3153F93C9FCA45D157EA415FE91B8FCA260DA00
FCC7127E020115FE4B5CA317016014035D170360A214074B130760A3020F140F4B5CA317
1F021F5D5DA2053F13E01801023F16C092C7FCA2EF7F03057E13805C027E15071900173E
180E02FEEC1E1E4AEC1F1CEF07F8EF01E094C8FC495AA35C1303A2001C5B127FEAFF075C
A2495A00FE90CBFCEAF81FEA701EEA783CEA1FF0EA07C03C5A83C537>I<EFFFC00407EB
F83F93381F807E93397E000F7F04F8EB1F7E4B48EB3FFE0303147F4B4813FF19FC4B5A18
7E183D4B48EB01F8A31803033F15F093C7FCA218074B15E0A2157E180F19C0A215FE91B8
FC1980A2DA00FCC7121F0201153F4B1500A3600203157E5DA218FE6014075D170160A214
0F4B130360A3021F14074B5CA3050F1338023FEDC07892C71470A3051F13F04AED80E014
7E188119C0170F02FEED83804AEC0787F0C700EF01FEEF0078494892C7FCA4495AA3001C
5BEA7F0700FF5BA25C130F00FE90CBFCEAF81E12F0EA783CEA1FF0EA07C0405A83C539>
I<141EEC3F80ECFFC0A35B1580A315005BA25CA35C1307A25CA35C130FA25CA35C131FA2
5CA349C7FCA3133EA35BA31378A35BA35BA35B90C8FCA9120FEA3FC0127FA212FFA35B6C
C8FC123C1A4776C61E>33 D<13F0EA03F8EA07FC120FA6EA03CCEA001C1318A213381330
A2137013E013C0120113801203EA0700120E5A5A5A5A5A0E1D6BC41E>39
D<13F0EA03FC1207A2EA0FFEA4EA07FCEA03CCEA000C131C1318A2133813301370136013
E0EA01C013801203EA0700120E5A5A5A5A5A0F1D7A891E>44 D<007FB5FCB6FCA214FEA2
1805789723>I<16C01501A215031507ED0F80151F153F157F913801FF005C140F147F90
3807FCFEEB0FF0EB0700EB00015DA314035DA314075DA3140F5DA3141F5DA3143F5DA314
7F92C7FCA35C5CA313015CA313035CA313075CA2130FA2131F133FB612FCA25D224276C1
32>49 D<ED03FCED1FFF037F13C0913801FE07913903F001E091380FE00091381F800391
383F000F027E131F5C495A495A010715C04948EB07004A90C7FC131F495AA249C9FCA213
FE1201A2485AEC07F09038F83FFC0007EBF81F9039F9C00F803A0FFB8007C0EBF70001FE
80491303001F815B5B82485AA3491307127F5BA2150F5E90C7FCA2151F485DA25A4B5AA2
007E5D157F93C7FC5D5D4A5A003E495A003F5C4A5A6C6C485A000FEB3F80D9C0FEC8FC38
03FFFC6C13F038007F802B4475C132>54 D<ED1FE0EDFFFC020313FF913907E03F809139
1F800FC091393E0007E04A13034A14F049481301495AA2495AA2495AA21603011F15E0A2
16076E14C0EE0F806E131F6EEB3F006E133E6D6C5B02FF13F0ED83E06DEBC7C06D01FFC7
FC6D13FC6D5B6E7E6E7E91B57ED901EF7FD907837FEB1F01D93E007F496D7E49133F4848
131F4848130F48486D7E48481303001F140190C7FC5A003E1400007E5D127CA2150100FC
5D5A4B5AA24B5A127C4B5A4BC7FC6C143E003F5C6C495A390FC003F03907F01FC06CB5C8
FCC613FCEB1FE02C4477C132>56 D<ED3FC0EDFFF0020313FC91380FE07E91383F803F4A
487E02FC14800101140F494814C0495A495AA2495A133F4A14E0137FA249C7FC161FA248
16C05BA2163F12035BA2167F17804914FFA34B130012015D5D00005D6D130F017C131D15
3B6DEB73FC90381F03E3903907FF83F8903801FC0790C7FC5E150F5E151F5E4B5AA24BC7
FCA2001C14FE007F5C48495A4A5A14074A5A485C00F8013FC8FC48137E5C387C07F0383F
FFE06C1380D803FCC9FC2B4476C132>I<130FEB1FC0133FEB7FE013FFA214C0EB7F8014
00131E90C7FCB3A5120FEA3FC0127FA212FFA35B6CC7FC123C132B76AA1E>I<EF038017
07A24D7EA2171FA2173F177FA217FFA25EA2EE03BF1607173F160F160E161C841638171F
167016F016E0ED01C0A2ED0380A2ED0700A2150E151E151C5D845D170F5D14015D14035D
4AC7FC92B6FC5CA2021CC7120F143C14385CA24A81A249481407A2495A130791C8FC130E
131EA25B137C13FC00014C7ED807FE151FB500E00107B512F8A219F03D477BC648>65
D<DC0FF8130393B513070307ECC00F923A1FF803E01F923A7FC000F81E4BC7EA7C3EDA03
FCEC3C7EDA0FF0EC1EFE4A48EC0FFC4A4814074AC8FC02FE1503494816F8130349481501
495A494816F0495A137F5C01FF17E04890C9FCA2485A19C0485AA2485A95C7FC121F5BA2
123F5BA3127F5BA4485AA41838A218781870A218F0007F5F1701601703003F5F17076D4B
C7FC001F160E171E6C6C5D6D5D00075E6C6C4A5A6DEC07C06C6C4A5AD8007F023EC8FCD9
3FC013FC90391FF807F00107B512C0010191C9FC9038001FF0404872C546>67
D<91B712F818FF19C00201903980003FF06E90C7EA0FF84AED03FCF000FE4B157FA2F13F
800203EE1FC05DF10FE0A214074B16F01907A2140F5D1AF8A2141F5DA2190F143F5D1AF0
A2147F4B151FA302FF17E092C9123FA34918C04A167F1A80A2010317FF4A1700A24E5A13
074A4B5A611807010F5F4A4B5A181F61011F4C5A4A4BC7FC18FE4D5A013F4B5A4A4A5A4D
5A017FED3FC005FFC8FC4AEB03FE01FFEC1FF8B812E094C9FC16F845447AC34A>I<91B9
12C0A30201902680000313806E90C8127F4A163F191F4B150FA30203EE07005DA314074B
5D190EA2140F4B1307A25F021F020E90C7FC5DA2171E023F141C4B133C177C17FC027FEB
03F892B5FCA39139FF8003F0ED00011600A2495D5CA2160101034B13705C19F061010791
C8FC4A1501611803010F5F4A150796C7FC60131F4A151E183E183C013F167C4A15FC4D5A
017F1503EF0FF04A143F01FF913803FFE0B9FCA26042447AC342>I<91B91280A3020190
2680000713006E90C8FC4A163FA24B81A30203160E5DA314074B151E191CA2140F5D1707
5F021F020E90C7FC5DA2171E023F141C4B133CA2177C027F5CED800392B5FCA291B65AED
00071601A2496E5A5CA2160101035D5CA2160301075D4A90CAFCA3130F5CA3131F5CA313
3F5CA2137FA313FFB612E0A341447AC340>I<DC0FF81306DCFFFE130E03079038FF801E
923A1FF807E03E923A7F8001F03CDA01FEC7EA787CDA03F8EC3CFCDA0FF0141D4A48EC1F
F8DA3F80140F4AC8FCD901FE1507494816F05C01071603495A494816E0495A137F5C01FF
17C04890C9FC5B12031980485AA2485A95C7FC121F5BA2123F5BA3127F5BA4485A043FB5
12E0A39339001FF80060A360A2007F163F60A3177F003F5F7F121F17FF6D93C7FC000F5D
6C6C5C7F6C6C4A5A6C6CEC1F3E6C6C143ED93FC0EBF81E903A1FF007F01C0107B5EAC00C
010149C9FC9038003FF03F4872C54B>I<91B6D8803FB512E0A302010180C7387FE0006E
90C86C5A4A167FA24B5EA219FF14034B93C7FCA26014074B5DA21803140F4B5DA2180714
1F4B5DA2180F143F4B5DA2181F147F92B75AA3DAFF80C7123F92C85BA2187F5B4A5EA218
FF13034A93C8FCA25F13074A5DA21703130F4A5DA21707131F4A5DA2170F133F4A5DA201
7F151FA24A5D496C4A7EB6D8803FB512E0A34B447AC348>I<027FB512E091B6FCA20200
EBE000ED7F8015FFA293C7FCA35C5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3
147F5DA314FF92C8FCA35B5CA313035CA313075CA3130F5CA3131F5CA2133FA25CEBFFE0
B612E0A25D2B447BC326>I<91B66C90383FFFF8A302010180C7000F13006E90C8EA07FC
4A17F01AC04B4B5A4FC7FC193C02035E4B5DF003E0F0078002074BC8FC4B141E6018F802
0F4A5A4BEB03C04D5A4DC9FC021F141E4B137C17F04C5A023F495A4B487E161F163F027F
497EED80FFED81EF923883CFF89138FF8F8FED1E07033C7F157849EBF00303E07F15C092
380001FF495A5C707FA213074A6E7EA2173F010F825C171F84131F4A140F84A2013F6F7E
5CA2017F6F7EA24A4A7E496C4A7FB66C90B512FC5E614D447AC34B>75
D<91B612F0A25F020101C0C7FC6E5B4A90C8FCA25DA314035DA314075DA3140F5DA3141F
5DA3143F5DA3147F5DA314FF92C9FCA35B5CA3010316104A1538A21878010716705C18F0
18E0010F15015C18C01703011F15074A1580170FA2013FED1F004A5C5F017F15FE16034A
130F01FFEC7FFCB8FCA25F35447AC33D>I<91B56C93387FFFC08298B5FC02014DEBC000
6E614A5FA203DF4C6CC7FC1A0E63912603CFE05D038F5F1A381A711407030FEEE1FCA2F1
01C3020FEE0383020E60F107036F6C1507021E160E021C60191CF1380F143C023804705B
A2F1E01F0278ED01C091267003F85EF003801A3F02F0ED070002E0030E5CA24E137F1301
02C04B91C8FC606201036D6C5B02805F4D5A943803800113070200DA07005BA2050E1303
495D010E606F6C5A1907011E5D011C4B5CA27048130F133C01384B5C017892C7FC191F01
F85C486C027E5DD807FE027C4A7EB500F00178013FB512C0A216705A447AC357>I<91B5
6C49B512E0A28202009239000FFC00F107F0706E5A4A5F15DF705D1907EC03CFDB8FF892
C7FCA203875D02077F0303150EA270141EEC0F01020E161C826F153C141E021C6E133816
7F1978023C800238013F1470A27113F00278131F02705E83040F130102F014F84A5E1607
EFFC0313014A01035C17FE1807010314014A02FF90C8FCA2705B0107168F91C8138E177F
18DE5B010EED3FDC18FCA2011E151F011C5EA2170F133C01386F5A1378A201F81503486C
5EEA07FEB500F01401A2604B447AC348>I<EE1FF84BB5FC923907F01FC092391F8003F0
92397E0001F8DA01F86D7EDA03E0147EDA0FC0804A48EC1F804AC813C0027E150F4A16E0
49481507494816F01307495A494816F8013F16035C137F49C9FC4917FC120112035B1207
491607120FA25B121F19F849160F123FA34848EE1FF0A3183F19E0485A19C0187FA2F0FF
80A219005F604D5AA2007F4C5A4D5AA24D5A003F5F4D5A6D4BC7FC001F5E4C5A6C6C5DEE
03F06C6C4A5A0003ED1FC06C6C4A5A6C6C027EC8FC017EEB01F890393F8007F090390FE0
3F80902603FFFEC9FC9038007FE03E4872C54B>I<91B712F018FEF0FF80020190398000
7FE06E90C7EA1FF04AED07F818034B15FCF001FE1403A24B15FFA21407A25DA2140FF003
FE5DA2021F16FC18074B15F8180F023F16F0F01FE04B15C0F03F80027FED7F0018FE4BEB
03FCEF0FF002FFEC7FC092B6C7FC17F892CAFC5BA25CA21303A25CA21307A25CA2130FA2
5CA2131FA25CA2133FA25CA2137FA25C497EB67EA340447AC342>I<EE1FF84BB5FC9239
07F01FC092391F8007F092397E0001F8DA01F86D7E4A48147EDA0FC0804A4815804AC8EA
1FC0147E4AED0FE013014948ED07F0495A495A011F17F8495A5C137F49C9120319FC485A
000317075B12075B120FA25B121FF00FF85B123FA34848EE1FF0A449EE3FE012FF19C018
7FA2198018FF190090C95A604D5AA26C4C5A6D5E170F03F85C003FD907FE495ADA0F0749
5ADA1C0349C7FC3A1FC0380180023014FE000F0170EB81FCD9E060EB83F00007913800C7
E03B03F0E001CFC02601F8C0EBFF80D800FC4AC8FCD97EE013F890393F6007F090270FF0
3FC013300103B5FC9026007FE11470DA0003146018E0A2170170485A170770485A923807
F83F93B5C7FCA26F5B5FA25F6F5B6F13C0043FC8FC3E5972C54B>I<91B77E18F818FE02
0190398001FF806E90C7EA3FC04AED1FE0F00FF04BEC07F8180319FC14034B15FEA31407
5DA3020FED07FC5DA2F00FF8141F4B15F0F01FE0F03FC0023F16804BEC7F0018FEEF03F8
027F4A5A4BEB1FC04CB4C7FC92B512F891B612E092380003F8EE00FE177F496F7E4A6E7E
A28413034A140FA2171F13075CA2173F130F5CA24D5A131F5CA3013F170E5CA2017FEE80
1E191C4A163C496C1638B66C90383FC070051F13F094380FE1E0CA3803FF80943800FE00
3F467AC347>I<DB03FE130C92390FFF801C037FEBE03C9238FE03F8913A03F0007C7C4A
48EB3EF84A48131F4A48130F4AC7FC027EEC07F05C1703495A18E0495AA213074A15C0A3
130F1880A28094C7FCA280806D7EECFFE015FC6DEBFF806D14F016FC6D14FF023F80020F
801403DA003F7F150703007F163F161F160FA21607A3120716031607A2485EA2120E160F
001E5EA2001F4B5AA2484BC7FC6D143E167E6D5C007F4A5A6D495AD87CF0495AD8787CEB
1F8027F03F807FC8FC90381FFFFCD8E00713F039C0007F80364879C537>I<48B912F85A
A2913B0007FC001FF0D807F84A130701E0010F140349160148485C90C71500A2001E021F
15E05E121C123C0038143F4C1301007818C0127000F0147F485DA3C800FF91C7FC93C9FC
A35C5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3147F5DA314FF92CAFCA35B5C
A21303A21307497E007FB612C0A25E3D446FC346>I<B6913807FFFEA25C000301C00200
13E06C90C9EA7F00183E183C60A26C1770601701604D5AA24DC7FC5F170E6E5CA2017F5D
177817705FA24C5AA24C5A16076E91C8FC160E133F5E163C16385EA25E15015E6E485AA2
4BC9FC131F150E151E151C5DA25D15F05DECF1C0A290380FF38014F792CAFC14FEA25CA2
5C5CA25C13075CA25C91CBFC3F466CC348>86 D<023FB5D8C003B512E0A21780020001F8
C7387FFC006F48EC3FE06F48158097C7FC031F153E705C1978030F15E07013014E5A0307
4A5A7091C8FC180E03035C705B187803015C70485A606FEB83800587C9FC178FEE7FDE17
FC5F705A5F161F83A2160F4C7EA2163FEE77FC16F7ED01E3923803C3FEED07831601030E
7F151CED3C004B805D4B6D7E4A5A4A5A4AC76C7E5C141E4A6E7E14384A140F4A81495A01
031507494881130F133F017F4B7E2603FFC04A7E007F01F849B512FEB5FC614B447CC348
>88 D<007FB54AB51280B65CA2000101E09139007FF0006C49ED3FC04A93C7FC6D6C153E
601878013F5E6E4A5A604D5A6D6C4AC8FC5F171E010F151C6E5C5F010715F06E495A5F4C
5A6D6C49C9FC5E161E0101141C6E5B5E16F06DEB81E05EED8380DA7F87CAFC15CF15DEEC
3FDC15F85DA26E5A5D143FA35D147FA392CBFC5CA35C1301A35C1303A3495AA3497E000F
B512F8A341446DC348>I<021FB712F85C19F093C7121F03F0EC3FE0DA7FC0EC7FC04BEC
FF80027EC813004A5C4A4A5A4D5A49484A5A4A5D4D5A4A143F01034B5A4A4A5A4C90C7FC
01075D91C712034C5A4C5A90C8485A5F163F4C5A4C5A4B90C8FC5E15034B5A4B5A4B5A5E
4B5A157F4B5A4A90C9FC4A5A5D14074A5A4A4814E04A5A5D027F14014A485C4990C7FC49
4814034A5D130749481407495A49484AC7FC5C49485C01FF151E4890C8123E4848157E48
4815FE494A5A000F1503484814074848EC3FF84848EB03FF90B7FCB8FC5F3D4479C33C>
I<EC1F80EC7FE0903901F07070903907C039F890380F801D90381F001F013E6D5A137E5B
484813075E485A120749130F000F5DA2485A151F003F5D5BA2153F007F92C7FC90C7FCA2
5D157E12FEA29238FE0380EDFC071700A2007E13015E913803F80E1407003E010F131E16
1C6C131C02385B3A0F80F078783A07C3E07C703A01FF801FE03A007E000780292D76AB32
>97 D<EB0FE0EA07FFA338001FC0130F131FA25CA3133F91C8FCA35B137EA313FE5BA312
015BEC1F80EC7FE03903F9E0F89038F3C07C9038F7003E13FE48487F5BA2491480485AA2
5BA2121F5BA2153F123F90C7FCA2157F481500127EA25D5D5AA24A5AA24A5AA2007C5C4A
5A140F5D4A5A003C49C7FC003E137E001E5B6C485A380783E03803FF80C648C8FC214676
C42D>I<EC0FE0EC7FF8903801F81E903807E00F90390F80078090381F0003017E14C049
131F0001143F5B4848EB7F801207485AED3E00484890C7FCA2485AA2127F90C9FCA35A5A
A45AA5ED0180ED03C0ED0780A2007CEC0F00007E141E003E147C15F06CEB03E0390F800F
802607C07EC7FC3801FFF838007FC0222D75AB2D>I<EE07F0ED03FFA39238000FE01607
160FA217C0A2161FA21780A2163FA21700A25EA2167EA216FEA25EEC1F80EC7FE1903801
F071903907C039F890380F801D90381F001F013E130F017E5C5B48481307A248485C1207
49130F120F5E485A151F123F495CA2153F127F90C790C7FCA25DA200FE147EA29238FE03
80160703FC1300A2007E13015E913803F80E1407003E010F131E161C6C131C02385B3A0F
80F078783A07C3E07C703A01FF801FE03A007E0007802C4676C432>I<EC0FE0EC7FF890
3801F83E903807C00F90391F800780EB3F00017E14C0491303485A48481307000715805B
000F140F484814005D4848133E15FCEC07F0007FEBFFC0D9FFFEC7FC14C090C9FC5A5AA5
5AA4ED0180ED03C0007CEC0780A2007EEC0F00003E141E157C6C14F06CEB03E03907800F
802603C07EC7FC3801FFF838003FC0222D75AB2D>I<EE0F80EE3FE0EEF870923801F038
923803E0F8923807E1FC16C3ED0FC7A2EE87F892381F83F0EE81E0EE8000153F93C7FCA4
5D157EA415FE5DA349B512FEA390260001F8C7FCA314035DA414075DA4140F5DA4141F5D
A4143F92C8FCA55C147EA314FE5CA413015CA4495AA35C1307121C007F5B12FF495AA291
C9FC485AEAF81E485AEA7878EA1FF0EA07C02E5A83C51E>I<15FCEC03FF91390F838380
91393E01CFC091387C00EF4A13FF4948137F010315804948133F495A131F4A1400133F91
C75A5B167E13FE16FE1201495CA215011203495CA21503A2495CA21507A25EA2150F151F
5E0001143F157F6C6C13FF913801DF8090387C039F90383E0F3FEB0FFCD903F090C7FC90
C7FC5DA2157EA215FEA25DA2001C495A127F48495A14074A5A485C023FC8FC00F8137E38
7C01F8381FFFE0000390C9FC2A407BAB2D>I<14FE137FA3EB01FC13001301A25CA21303
A25CA21307A25CA2130FA25CA2131FA25C157F90393F83FFC091388F81F091381E00F802
387F4948137C5C4A137EA2495A91C7FCA25B484814FE5E5BA2000314015E5BA200071403
5E5B1507000F5DA249130F5E001F1678031F1370491480A2003F023F13F0EE00E090C7FC
160148023E13C01603007E1680EE070000FEEC1E0FED1F1E48EC0FF80038EC03E02D467A
C432>I<143C147E14FE1301A3EB00FC14701400AE137C48B4FC3803C780380703C0000F
13E0120E121C13071238A21278EA700F14C0131F00F0138012E0EA003F1400A25B137EA2
13FE5B12015BA212035B141E0007131C13E0A2000F133CEBC038A21478EB807014F014E0
EB81C0EA0783EBC7803803FE00EA00F8174378C11E>I<16F0ED03F8A21507A316F0ED01
C092C7FCAEEC01F0EC07FCEC1E1EEC380F0270138014E0130114C0EB03800107131F1400
A2130E153F131E011C140090C7FC5DA2157EA215FEA25DA21401A25DA21403A25DA21407
A25DA2140FA25DA2141FA25DA2143FA292C7FCA25C147EA214FE001C5B127F48485A495A
A248485A495AD8F81FC8FCEA707EEA3FF8EA0FC0255683C11E>I<14FE137FA3EB01FC13
001301A25CA21303A25CA21307A25CA2130FA25CA2131FA25C167E013F49B4FC92380783
C09138000E07ED3C1F491370ED603F017E13E0EC01C09026FE03801380913907000E00D9
FC0E90C7FC5C00015B5C495AEBF9C03803FB8001FFC9FCA214F03807F3FCEBF07F9038E0
1FC06E7E000F130781EBC003A2001F150FA20180140EA2003F151E161C010013E0A2485D
A2007E1578167000FE01015B15F1489038007F800038021FC7FC2A467AC42D>I<EB03F8
EA01FFA3380007F013031307A214E0A2130FA214C0A2131FA21480A2133FA21400A25BA2
137EA213FEA25BA21201A25BA21203A25BA21207A25BA2120FA25BA2121FA25BA2123FA2
90C7FCA2387F01C01303007E1380A2130700FE130012FCA25B130EEA7C1E131CEA3C3CEA
3E786C5AEA07C0154678C419>I<D801F0D90FE0EB07F0D803FCD97FF8EB3FFC28071E01
F03EEBF81F3E0E1F03C01F01E00F80271E0F8700D983807F001C018E90390F870007003C
019C148E003801B802DC8002F814FC26781FF05C0070495CA24A5C00F0494948130FD8E0
3F6091C75B1200043F141F4960017E92C7FCA24C143F01FE95C7FC49147E6104FE147E12
01494A14FE610301EE0780000305011400494A14F8A2030302035B0007F0F00E495C1A1E
0307EDE01C000F193C494A153862030F020113F0001FF0F1E0494A903800FF800007C7D8
0380023EC7FC492D78AB50>I<D801F0EB0FE0D803FCEB7FF83A071E01F03E3A0E0F03C0
1F001ED987001380001C018E130F003C139C003801B814C014F838781FF000705BA25C00
F049131FD8E03F158091C7FC1200163F491500137EA25E01FE147E5B16FE5E1201491301
5E170F00030203130E4914F0A20307131E0007EDE01C5B173CEEC038000F167849157017
E0ED03C1001FEDE3C049903801FF000007C8127C302D78AB37>I<EC0FE0EC7FFC903801
F83E903907E00F8090390F8007C0EB1F00017EEB03E04914F0A248481301484814F81207
485AA2485AA2485A1503127F90C7FCA215074815F05AA2150F16E05AED1FC0A21680153F
16005D157E5D007C495A007E495A003E5C4A5A6CEB1F80260F803EC7FC3807C0FC3801FF
F038003F80252D75AB32>I<D903E0137E903A07F801FF80903A0E3C0783E0903A1C1E0F
01F0903A3C1F1C00F801385B017849137C01705BA24A48137E01E05BA292C7FC00015B13
C0147EC7FC02FE14FEA25CA20101140117FC5CA20103140317F85CA20107EC07F0A24AEB
0FE0A2010F15C0EE1F80163F1700496C137E5E4B5A9138B803F090393F9C07E091389E0F
80DA07FEC7FCEC01F849C9FCA2137EA213FEA25BA21201A25BA21203A21207B512F0A25C
2F3F7FAB32>I<91381F800C91387FE01C903901F0703C903907C0387890390F801CF890
381F001D013E130F017E14F05B48481307A2484814E012075B000F140F16C0485AA2003F
141F491480A3007F143F90C71300A35D00FE147EA315FE5DA2007E1301A24A5A1407003E
130FA26C495A143B380F80F33807C3E73901FF87E038007E071300140F5DA3141F5DA314
3F92C7FCA25CA25C017F13FEA25D263F76AB2D>I<D801F0EB3F803A03FC01FFF03A071E
03C0F83A0E0F0F007C001E90389E01FC001C139CECB803003813F0A2D91FE013F80078EC
00E00070491300A200F05BEAE03F91C8FC1200A25B137EA313FE5BA312015BA312035BA3
12075BA3120F5BA3121F5B0007C9FC262D78AB29>I<EC0FE0EC7FF8903801F01E903803
C00F90390780078090380F0003011E14C0150749131FA2017CEB3F801378137CED0E0092
C7FC137E137F14F014FF6D13C06D13F06D7F6D7F1300EC0FFE14011400157F81120E003F
141E487EA2153E48C7123CA200FC5C12705D0078495A6C495A6CEB0F80260F803EC7FC38
03FFF838007FC0222D7AAB28>I<1470EB01F8A313035CA313075CA3130F5CA3131F5CA2
007FB512E0B6FC15C0D8003FC7FCA25B137EA313FE5BA312015BA312035BA312075BA312
0F5BA2EC0780001F140013805C140E003F131EEB001C143C14385C6C13F0495A6C485AEB
8780D807FEC7FCEA01F81B3F78BD20>I<137C48B414072603C780EB1F80380703C0000F
7F000E153F121C0107150012385E1278D8700F147E5C011F14FE00F05B00E05DEA003FEC
0001A2495C137E150313FE495CA215071201495CA2030F13380003167849ECC070A3031F
13F0EE80E0153F00011581037F13C06DEBEF8300000101148090397C03C787903A3E0F07
C70090391FFE01FE903903F000782D2D78AB34>I<017C143848B414FC3A03C78001FE38
0703C0000F13E0120E001C14000107147E1238163E1278D8700F141E5C131F00F049131C
12E0EA003F91C7123C16385B137E167801FE14705BA216F0000115E05B150116C0A24848
EB0380A2ED0700A2150E12015D6D5B000014786D5B90387C01E090383F0780D90FFFC7FC
EB03F8272D78AB2D>I<017CEE038048B4020EEB0FC02603C780013FEB1FE0380703C000
0E7F5E001C037E130F01071607123804FE130300785DEA700F4A1501011F130100F00180
4914C012E0EA003FDA000314034C14805B137E0307140701FE1700495CA2030F5C000117
0E495CA260A24848495A60A2601201033F5C7F4B6C485A000002F713036D9039E7E00780
90267E01C349C7FC903A1F0781F81E903A0FFF007FF8D901FCEB0FE03B2D78AB41>I<02
F8133FD907FEEBFFE0903A0F0F83C0F0903A1C07C780F890393803CF03017013EE01E0EB
FC07120101C013F8000316F00180EC01C000074AC7FC13001407485C120EC7FC140F5DA3
141F5DA3143F92C8FCA34AEB03C01780147EA202FEEB0700121E003F5D267F81FC130E6E
5BD8FF83143CD903BE5B26FE079E5B3A7C0F1F01E03A3C1E0F83C0271FF803FFC7FC3907
E000FC2D2D7CAB2D>I<137C48B414072603C780EB1F80380703C0000F7F000E153F001C
1600130712385E0078157EEA700F5C011F14FE00F0495B12E0EA003FEC00015E5B137E15
0301FE5C5BA2150700015D5BA2150F00035D5BA2151F5EA2153F12014BC7FC6D5B00005B
EB7C0390383E0F7EEB1FFEEB03F090C712FE5DA214015D121F397F8003F0A24A5A484848
5A5D48131F00F049C8FC0070137E007813F8383801F0381E07C06CB4C9FCEA01FC294078
AB2F>I<027C130749B4130F49EB800E010F141E49EBC03CEDE03890393F03F07890397C
00FDF00178EB3FE00170EB03C001F0148049130790C7EA0F00151E5D5D5D4A5A4A5A4A5A
4AC7FC141E5C5C5C495A495A495A49C8FC011E14F04914E05B491301485A4848EB03C0D8
07B0130701FEEB0F80390FCF801F3A1F07E07F00393E03FFFED83C015B486C5B00705C00
F0EB7FC048011FC7FC282D7BAB28>I<B812F0A22C02779B32>I<BE12C0A25A02759B64>
I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Ft cmsy10 12 52
/Ft 52 120 df<007FB912E0BA12F0A26C18E03C04789A4D>0 D<121FEA3F80EA7FC0EA
FFE0A5EA7FC0EA3F80EA1F000B0B789E1C>I<0060160600F0160F6C161F007C163E6C16
7C6C16F86C6CEC01F06C6CEC03E06C6CEC07C06C6CEC0F806C6CEC1F00017C143E6D5C6D
5C6D6C485A6D6C485A6D6C485A6D6C485A6D6C48C7FCEC7C3E6E5A6E5A6E5A6E5AA24A7E
4A7EEC3E7C4A7E4A7E49486C7E49486C7E49486C7E49486C7E49C77E013E147C49804980
4848EC0F804848EC07C04848EC03E04848EC01F048C912F8003E167C48163E48161F4816
0F00601606303072B04D>I<14034A7E4A7E4A7E4A7EEC7CF8ECF87C49487E49487E4948
6C7E49486C7E49486C7E013E6D7E496D7E49147C4848804848804848EC0F804848EC07C0
48C8EA03E0003EED01F048ED00F848167CA2007C16F86CED01F06CED03E06C6CEC07C06C
6CEC0F806C6CEC1F006C6C143E6C6C5C017C5C6D495A6D495A6D6C485A6D6C485A6D6C48
C7FC903801F03E6D6C5AEC7CF8EC3FF06E5A6E5A6E5A6EC8FC2E2E7EAF33>5
D<49B4FC010F13E0013F13F890B512FE48EB01FF3A03F8003F80D807E0EB0FC0D80F80EB
03E048C7EA01F0001E1400003E15F8003C1578007C157C0078153C00F8153E48151EA86C
153E0078153C007C157C003C1578003E15F8001E15F0001F14016C6CEB03E0D807E0EB0F
C0D803F8EB3F803A01FF01FF006CEBFFFE013F13F8010F13E0010190C7FC27267BAB32>
14 D<49B4FC010F13E0013F13F890B512FE48804815804815C04815E04815F0A24815F8
A24815FCA2B712FEAA6C15FCA26C15F8A26C15F0A26C15E06C15C06C15806C15006C5C01
3F13F8010F13E0010190C7FC27267BAB32>I<007FBA1280BB12C0A26C1980CEFCB0007F
BA1280BB12C0A26C1980CEFCB0007FBA1280BB12C0A26C1980422C7BAE4D>17
D<92B712E0020F16F0143F91B812E001030180C9FCD90FF8CAFCEB1FE0EB3F80017ECBFC
13F8485A485A485A5B120F48CCFC121E123E123CA2127C1278A212F85AAA7E1278A2127C
123CA2123E121E121F6C7E12077F6C7E6C7E6C7E137E6D7EEB1FE0EB0FF8903803FF8001
0090B712E0023F16F0140F020016E092CAFCB0001FB912E04818F0A26C18E03C4E78BE4D
>I<007FB612F0B8FC17C06C16F0C9EA1FFCEE01FF706C7EEF1FC0EF07E0EF01F0717E18
7C84181E181FF00F80180719C01803A219E01801A219F01800AA180119E0A2180319C0A2
18071980180FF01F00181E183E60604D5AEF07E0EF1FC0EF7F804C48C7FCEE1FFC007FB7
12F0B812C094C8FC6C15F0CDFCB0007FB91280BA12C0A26C18803C4E78BE4D>I<19E0F0
03F0180FF03FE0F0FF80943803FE00EF0FF8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EE
FF80DB03FEC8FCED1FF8ED7FE0913801FF80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FC
EB1FF0EB7FC04848CBFCEA07FCEA1FF0EA7FC048CCFCA2EA7FC0EA1FF0EA07FCEA01FF38
007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0EC07FC913801FF809138007FE0ED1FF8
ED07FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80
F03FE0F00FF01803F000E01900B0007FB912E0BA12F0A26C18E03C4E78BE4D>I<127012
FCB4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0
EC07FC913801FF809138007FE0ED1FF8ED07FE923800FF80EE3FE0EE0FF8EE03FE933800
FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00FF0A2F03FE0F0FF80943803FE00EF0F
F8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EEFF80DB03FEC8FCED1FF8ED7FE0913801FF
80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FCEB1FF0EB7FC04848CBFCEA07FCEA1FF0EA
7FC048CCFC12FC1270CDFCB0007FB912E0BA12F0A26C18E03C4E78BE4D>I<D907F81780
D93FFFEE01C090B512C04814F048804814FE270FF807FF1503261FC00001C0158048C7D8
3FE01407003EDA0FF8140F486E6CEC1F000078DA01FF5C00706E01C013FE00F092393FF8
07FC486FB55A04075C705C04005C053F90C7FC0040EE07F8CEFCA4D907F81780D93FFFEE
01C090B512C04814F048804814FE270FF807FF1503261FC00001C0158048C7D83FE01407
003EDA0FF8140F486E6CEC1F000078DA01FF5C00706E01C013FE00F092393FF807FC486F
B55A04075C705C04005C053F90C7FC0040EE07F8422C7BAF4D>25
D<1AF0A3861A78A21A7C1A3CA21A3E1A1E1A1F747EA2747E747E87747E747E1B7E87757E
F30FE0F303F8007FBC12FEBE1280A26CF3FE00CEEA03F8F30FE0F31F8051C7FC1B7E6350
5A505A63505A505AA250C8FC1A1E1A3E1A3CA21A7C1A78A21AF862A359347BB264>33
D<18034E7E85180385180185727E1978197C8585737E86737E737E007FBA7EBB7E866C85
CDEA0FC0747EF203F8F200FEF37F80F31FE0F307FC983801FF80A2983807FC00F31FE0F3
7F8009FEC7FCF203F8F207E0505A007FBBC8FCBB5A626C61CCEA03F04F5A4F5A624FC9FC
193E61197819F84E5A6118036118076172CAFC59387BB464>41 D<02C0130C496C131EB3
B3AF00C0170C00F0173C00FC17FC00FE1601D83F81ED07F0D80FC1ED0FC0D807E1ED1F80
D801F9ED7E00D800FD5D017FEC1FF8011F15E0010F5D01075D010392C7FC6D6C133E0100
143C6E137C027C5B6E485A021E5BEC1F03020F5B9138078780A2DA03CFC8FCA2EC01FEA2
6E5AA31578A31530A236587DC43D>43 D<031CED01C0033E4B7E033C1501037C82037815
0003F8824B16780201177C4B163C0203173E4A48824B82020F844ACA6C7E023E717E027E
8491BA7E498549854985D90FC0CBEA1F804948727E017FCCEA07F001FCF101F8D803F8F1
00FED80FE0F23F80D83FC0F21FE0B4CEEA07F8A2D83FC0F21FE0D80FE0F23F80D803F8F2
FE00C66CF101F8017FF107F0D91F80F00FC06D6C4E5A6DBBC7FC6D616D616D61027ECAEA
03F0023E606E4D5A6E6C4C5A020795C8FC6F5E6E6C163E0201173C6F167C020017786F16
F803785E037C1501033C5E033E1503031C6F5A5D387DB464>I<92B6FC020F1580143F91
B7120001030180C8FCD90FF8C9FCEB1FE0EB3F80017ECAFC13F8485A485A485A5B120F48
CBFC121E123E123CA2127C1278A212F85AA3B9FC1880A2180000F0CBFCA37E1278A2127C
123CA2123E121E121F6C7E12077F6C7E6C7E6C7E137E6D7EEB1FE0EB0FF8903803FF8001
0090B6FC023F1580140F02001500313A78B542>50 D<1706170F171F171E173E173C177C
177817F817F0160117E0160317C016071780160F17005E161E163E163C167C167816F85E
15015E15035E15075E150F93C7FC5D151E153E153C157C157815F85D14015D14035DA214
075D140F92C8FC5C141E143E143C147C147814F85C13015C13035C13075C130F91C9FC5B
131E133E133C137C137813F85B12015B12035B12075B120F90CAFC5A121E123E123C127C
127812F85A1260305C72C600>54 D<126012F0B012FC12FEA212FC12F0B0126007267BAB
00>I<0060171800F0173CA26C177C00781778A2007C17F8003C17F0003E1601001E17E0
A2001F16036C17C0A26D1507000717806D150F00031700A26D5D0001161EA26D153E0000
163C90B712FC6D5DA3013CC85AA2013E1401011E5D011F14036D5DA26E130701075DA26E
130F010392C7FC6E5B0101141EA26E133E0100143CA26E137C02781378027C13F8023C5B
A2EC3E01021E5BA2EC1F03020F5B158702075BA215CF020390C8FCA215FF6E5AA26E5AA3
1578A21530364780C437>I<007FB712E0B812F0A27ECAFCB3AA001FB7FC5A5A7ECAFCB3
AB007FB7FCB8FCA26C16E02C457BC437>I<007FB812FCB912FEA27ECB121EB3A4180C37
1B7BA342>I<4B7E4B7EA215075EA2ECFF87010313EF90260F80FFC7FC90383E003F497F
498048488048488049133F0007EC3DF049133C000FEC7CF8157848C7137CA248ECF87E15
F0A2140148ECE07F007E81A2140315C0A200FE010714801580A3140F1500A25C141EA314
3E143CA3147C1478A214F85CA31301007E491400A213035C007F5DA2D83F07147E5CA213
0F001F90C7127C018F14FC000F5D139F01DE130100075DD803FE495A5B00014A5A00004A
5A017C49C7FC017E133E90387F80F89038FBFFE001F0138091C9FCA212015BA26C5A2955
7CCC32>I<16C04B7EB3B3B3A7007FBA1280BB12C0A26C198042427BC14D>63
D<190E193E197EF001FE1803A21807A2180FA2181FA2183F183B187B187318F318E31701
18C31703188317071803170F171EA2173CA21778177017F0EE01E0A2EE03C0A2DC07807F
EE0F00A2161EA24C7F5EA25E15015E4B5A15074C81DB0F1FB6FCED1F7F4BB7FCA25D92B8
FC03F0C8FC0201834A5A4A5A5D0030130F007049C96C7E143E00F8137E6C5B6C48488326
FF87F0043F133801FFF0F8F04AEFFFE04A18C04A70138091CAEBFE006C48EF0FF86C48EF
07C06C4894C8FCEA07E04D4D7DC750>65 D<DA01C0EB01FE020791381FFF80DA1F8090B5
12E0027F010314F0D901FF010F14F80107023F14FC49EC7E01499139F8007FFE013CD983
E0131F01204948130F0100494813074BC7FC033E1403037E15FC495B5D19F85D4BEC07F0
19E04B15C049EE0F804BEC1F00187E92C812F8EF03F04948EC1FC0EF7F80DC03FEC7FC4A
EB1FF893B5FC90260FF80314C04B14F04B804A4880DB00077F011F02007F053F13804A14
0F7113C0834948807113E0A2187F495AA2183F91C9FCA24917C0A25B00011880A249EE7F
00187E485A604D5A2607F0305DD9F1F04A5A48486C4A5AD9EFFEEC1F80496C6C017EC7FC
001F9138F003FC019F90B512F0D83F8F15C0010792C8FCD87E0114F82678007F13C000E0
D90FFCC9FC3F487DC541>I<EE01FE93381FFF8093B512C0030714E0151F157F913801FE
01913903F0007FDA07C0133F021FC713C0143E5C4A1580495A4948EC7F001307495A4948
14FEA249C7485A495D137E494A5AEE07C0000193C7FC484891C8FCA2485AA3485AA2121F
A25B123FA4485AA512FFA77FA3171E6D5D007F16FC4C5A6D4A5A6D5D003F4B5A6D4A5A6D
4AC7FC6C6C143E6C01C013F89138F803F06C90B55A6C15806C4AC8FC6C14F8013F13C0D9
07FCC9FC33487FC534>I<031FB512C00203B7FC021F16E091B812F8010317FE010F717E
90283FE07FC03F80D97E00020080D801F84A011F7FD803E004077F484804017F000FEF00
7F4848717E003F02FF151F737E48C782007E92C8FC4872138012F0008084C8FC4A5A85A4
4A5AA21B00A34A5AA24F5A5D62140FA24B4B5A141F4F5A4B5EA2023F4C5A4F5A5D027F4C
C7FC197E92C9127C6102FE4B5A4E5A4E5A49484B5A063EC8FC01035E4A4A5AEF07E04948
EC1FC005FFC9FCEE07FC4948EBFFF091B61280017F4ACAFC90B612F04815804802F8CBFC
4891CCFC49447EC34D>I<0403B712F8043F16FE4BB9FC1507151F157FDBFC0090C7EA07
FE912703F001FEEC01F8DA07C017F0DA0F801780021F94C7FCEC3F004A495A147E14FE5C
49485C4A1307495A91C7FC90C85B160FA25FA2161F5FA2163F5FA2167F94B612C0A293B7
FC624FC7FC4B5D04FCC712704B4891C8FCA34B5AA24B5AA25E151F5E153FA24BCBFCA215
FEA25D14015D486C485AEA07C0001F495A383FE00FD87FF05B39FFFC1F80D87FFF90CCFC
14FE6C5B6C13F06C5B00031380D800FCCDFC50477EC348>70 D<EF07F8EF7FFE4CB5FC04
0714805E043F14C0EE7C0F923801F8034B487EED07E0030F7F4B5A4B5AA24BC713804B15
004B14FC020115F04B14C0020392C7FC5D1407A24A5AA2141F5DA2143F5DA2147F5DA214
FFA292CAFC5BA35C1303A35C1307A25CA2130F5CA2495AA349481608197C494816F891C9
1203180790B56CEC0FF04814F803FFEC1FE04803F014C004FE1480489239FFE03F00D80F
E0EDFFFC261FC00F5D263F800115E0007EC7001F5C007C020391C7FC00F09138003FF03E
487DC545>76 D<DC03801960040F1AE04C7E043F1901047FF103C01E071E0F1E1F83F63F
8004FF197F1EFF65715F651F004B6104EF60DCCFF85F1D7E1DFD0303F1F9FE0487EF01F1
711603F407E10307F00FC10407EF1F83706CEE3F031C7E030F62030E18FC706CED01F8F3
03F0031CEF07E098380FC007706DEC1F804BEF3F00661B7E4B6D6C5C505A505A4B6E4948
130F053F4A5A02014D5A4B163F716C49C7FC4A4804FE5D6272485A4AC7000F495A72485A
4A4C48141F020E0207495A7248C8FC4A0203137EF0FFFE023C5E02386E5B02785E02706E
5B02F05E0010496F5AD8380194C9FC267C03C0153ED87F87041CEFF830B548031018F095
CAEBFFE091CE14C0491D809A380FFE00491CF86C48F307C06C4898C8FCEA07E06C4B7DC5
78>I<F50FE01DFF1C031C0F64645213C0161E043E94B5128004FEF0C0004B6CDC01FCC7
FC1CF01CC0515A4B7FA251C8FC83A21B0E8316BF03075FA2EE9FF0041F163C1B3883ED0F
0F63030E7F16071BF0031E6D5D1603151C711401705E153C033880704B5AA20378800370
017F14077291C9FCA203F0133F4B6E5B051F140EA24A4880050F141E1A1C4A4880170772
133C4AC71538170384020E6E1478F18070A24A6E13C01AF0726C5A5CF03FF0027816F102
7092381FF9C0001801F016FD001C49150FD83E0117FF267FC3C08101FF705B5CB58291C9
91CAFC725A6C4817786C4894CBFC6C5AEA03F0635283CC52>I<DB01C0EB3FC0923A0780
01FFF892261F000F13FE033E013F7F03FC90B61280912601F00115C0912803E007E03F13
E0913A0F800F800791281F001F000113F0023E013E6D13F84A49147F4A49143F902601F0
0116FC49484848141F49484848140F130F4948484815FE90263F001F15075E017E133F49
91C8FC4B15034848137E00035C495B0007495A15804848CAFC1AFC121F5BA2123FF107F8
A2485AA21AF0190FA200FF19E0A2F11FC0A21A80193F1A006D177EA2614E5A7F007F4D5A
4E5A6D5F4E5A6C6C4CC7FC6D163E606C6C5E6D4B5A6C6DEC07C06C01E04A5A6E023FC8FC
6C01FC14FC6C9039FFC00FF86C91B512E06D1580011F02FCC9FC6D14F0010391CAFC9038
003FF047487AC54F>I<031FB512F00203B77E021F16F091B812FC010317FF010F188090
283FE07FC00F14C0D97E00DA007F13E0D801F84A010F13F0D803E016034848040013F800
0F187F4848EF3FFC003F02FF151FA248C790C8120F127E48180712F0008019F8C75A5DA2
1AF0190F1AE04A5A1AC0F11F80A24BED3F000207167E197C614E5A4A484A5A4E5A061FC7
FC4B143E18FC021FEC07F0EF7FE09239C07FFF8091273FC1FFFCC8FC03C313F0038F1380
DB9FFCC9FC027F13800380CAFC92CBFC5CA25CA2495AA3495AA213075CA2130F5CA2495A
A3495A91CCFC137E137C136046497EC345>I<031FB512FC0203B712E0021F16FC91B9FC
010318C0010F8490283FE07FC00380D97E00DA001F7FD801F84A1303D803E004007F4848
173F000F181F4848170F003F14FF190748C790C8FC007E615A12F0008061C75A4B4B5AA2
62191F624A484BC7FC193E61614E5A4A48EC07E0F00F80063FC8FCEF03FC4B48B45A020F
010F13E04C90C9FC4B485A4C7E021F90B5FC041F7FDBC0077F023F7F707F158082027F6E
7E92C7FC717E5C4A81171F13014A6E7E1B0349486E6C141F1B3E73137C49486E6D13F8F2
01F049486E9038E003E09638F007C0719038FC1F80494892397FFFFE006249486F13F091
C96C13C0013C7048C7FC0170EE03F050467EC354>82 D<EF7FF0933807FFFE043FEBFF80
93B612E0030315F0030F15F892381F800F92267E000113FC03F8EB007F4A48141F020315
0F4A5A020FED07F85D021F16F0023F16E019C0F00F00027F150895C7FC81A281A2816E7E
816E6C7E16E06E13F86E13FE6EEBFFC06E14F06E6C13FC031F7F03076D7E030180DB003F
7F040F7F04037F82706C7E173F010E6F7E017C150F5BD803F01507485A48481503121F48
485EA2127F60A200FF4C5A7F604D5A6D5E6D4BC7FC6C6C153E6D5D01FFEC01F06C01C0EB
07E06C01FCEB7FC06C90B6C8FC6C15FC6C15E0C61580013F01FCC9FC010313803E487EC5
3C>I<1B3C1B7CF201F8020FB912F091BA12E001031980010FF0FE004918F8017F188001
F8C7D807F0C9FCD803F0140F4848141F120F48485D003F153FA2127F5F4848147F90C8FC
5A00F85E00E015FFC9FCA294CAFC5DA35E1503A35E1507A35E150FA35E151FA35E153FA3
5E157FA35E15FFA293CBFCA25CA25D1403A25DA24A5AA34A5AA24A5AA25D143F5D027ECC
FC147814604E4E7CC636>I<D907F81678D93FFF16FE4901C04A7E48B56C1680486E5CD8
07C36D16C0390F807FFC9038001FFEC7000F9238003FE06E6C150F6E16076E6D1403A26E
6D1401A2157F7015C0153FA219036F6C1580A3F107006F7E61190E191E0307151CA261A2
70147861A24E5A03035D18034E5AA24EC7FC181EA2606018F8604D5A17034D5A4D5A95C8
FC5F173E5F5FEEFDF016FF5F5F5F94C9FC5E5E00204A5A00705D4B5A00F04A5A6CEC7F80
4BCAFC6C495A6CEB07F839FF801FF09038E07FE06CB55A92CBFC6C5B5C6C13F06C13C000
0390CCFCEA00FC43527DC343>89 D<0060170C00F0171EB3B3A76C173E0078173CA2007C
177C6C17F8001E17F0001F16016C6CED03E0D807E0ED0FC06C6CED1F80D801FEEDFF006C
6C6CEB03FED93FFCEB7FF86DB65A0103158001004AC7FC020713C0373D7BBA42>91
D<913807FFC091B512FE01036E7E011F15F0903A3FFC007FF8D9FF80EB03FE4848C87ED8
03F0ED1F804848ED0FC0D80F80ED03E048C9EA01F0001E1600003E17F848177C0078173C
A200F8173E48171EB3B3A70060170C373D7BBA42>I<1538157CA315FEA24A7E15EF0203
7F15C702077F1583A2020F7F1501021F7FEC1E00023E7F023C1378027C137C0278133CA2
02F8133E4A131E0101141F4A7F0103814A13070107814A1303A2010F8191C71201498101
1E1400013E81013C1578017C157C0178153C01F8153E49151EA20001161F498100031780
491507000717C0491503000F17E090C91201A24817F0001E1600003E17F8003C1778007C
177C0078173C00F8173E48171EA20060170C373D7BBA42>94 D<0060170C00F0171EA26C
173E0078173C007C177C003C1778003E17F8001E17F0001F16016C17E0A26D1503000717
C06D1507000317806D150F000117006D5D0000161EA26D153E0178153C017C157C013C15
78013E15F8011E5D011F14016D5D6E130301075DA26E130701035D6E130F010192C7FC6E
5B0100141E6E133E0278133CA2027C137C023C1378023E13F8021E5BEC1F01020F5B1583
02075BA215C702035B15EF020190C8FC15FF6E5AA2157CA31538373D7BBA42>I<126012
F0B3ADB9128018C0A300F0CBFCB3AE126032457BC43D>I<ED0FE015FF913803FC00EC0F
E0EC3FC04A5A4AC7FC5C495AA2495AB3AD495AA2495A131F495A495A01FEC8FCEA07F8EA
FFE0A2EA07F8EA00FEEB7F806D7E6D7E130F6D7EA26D7EB3AD6D7EA26D7E806E7E6E7EEC
0FE0EC03FC913800FFE0150F236479CA32>102 D<12FEEAFFE0EA07F8EA00FEEB7F806D
7E6D7E130F6D7EA26D7EB3AD6D7EA26D7E806E7E6E7EEC0FE0EC03FC913800FFE0A29138
03FC00EC0FE0EC3FC04A5A4AC7FC5C495AA2495AB3AD495AA2495A131F495A495A01FEC8
FCEA07F8EAFFE048C9FC236479CA32>I<140C141EA2143E143C147C1478A214F814F013
0114E0A2130314C013071480A2130F14005B131EA2133E133C137C1378A213F85BA21201
5B12035BA212075B120F90C7FCA25A121E123E123CA2127C127812F85AA27E1278127C12
3CA2123E121E121F7EA27F12077F1203A27F12017F1200A27F1378A2137C133C133E131E
A2131F7F14801307A214C0130314E01301A214F0130014F81478A2147C143C143E141EA2
140C176476CA27>I<126012F0A27E1278127C123CA2123E121E121F7EA27F12077F1203
A27F12017F1200A27F1378137C133CA2133E131EA2131F7F14801307A214C0130314E013
01A214F0130014F81478A2147C143C143E141EA2143E143C147C1478A214F814F0130114
E0A2130314C013071480A2130F14005B131EA2133E133CA2137C137813F85BA212015B12
035BA212075B120F90C7FCA25A121E123E123CA2127C127812F85AA2126017647BCA27>
I<126012F0B3B3B3B3B3A81260046474CA1C>I<126012F0A27E1278A2127C123C123E12
1EA2121F7EA27F1207A27F12037F1201A27F1200A27F1378A2137C133C133E131EA2131F
7FA2801307A2801303801301A2801300A2801478A2147C143C143E141EA2141F80A28114
07811403A2811401A2811400A2811578157C153CA2153E151EA2151F81A21680150716C0
1503A216E01501A216F01500A216F81678167C163CA2163E161EA2160C27647BCA32>
110 D<0060173000F01778B3B3B2B912F8A36C17F0353B7ABA42>116
D<003FB912F84818FCA219F80078CCFCB3B3AE007FB912F819FCA26C18F8CDFCB0007FB9
12F8BA12FCA26C18F83E4E78BE4D>118 D<007FB912F0BA12F8A27ECC1278B3B3AE007F
B912F8BAFCA26C18F0CDFCB0007FB912F8BA12FCA26C18F83E4E7ABE4D>I
E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fu cmr12 12 91
/Fu 91 128 df<B91280A300019038C000036C6C489038003FC0171F17071703A21701A2
EF00E0A31860A418701830A31800B3B3A58048487EB612F8A334447CC33D>0
D<027FB67EA39126001FFEC9FC6F5A6F5AA8B46CEFFF8001E01603D81FF0933807FC006C
6C4C5A0007606D161F000360A26D163F000160AC6C6C5F187FA4D97F804BC7FCA2013F5E
02C01401131F02E04A5A010F5ED907F01407D903F85DD901FC4A5AD900FE4A5A027F027F
C8FCDA1FC713FE0207B512F8020114C09126001FFCC9FCED07F8A84B7E4B7E027FB67EA3
41447BC34C>9 D<9239FFC001FC020F9038F80FFF913B3F803E3F03C0913BFC00077E07
E0D903F890390FFC0FF0494890383FF81F4948EB7FF0495A494814E049C7FCF00FE04991
393FC0038049021F90C7FCAFB912F0A3C648C7D81FC0C7FCB3B2486CEC3FF0007FD9FC0F
B512E0A33C467EC539>11 D<4AB4FC020F13E091387F80F8903901FC001C49487FD907E0
130F4948137F011FECFF80495A49C7FCA25B49EC7F00163E93C7FCACEE3F80B8FCA3C648
C7FC167F163FB3B0486CEC7FC0007FD9FC1FB5FCA330467EC536>I<913801FFC0020FEB
FB8091387F803F903801FC00494813FFEB07E0EB1FC0A2495A49C7FC167F49143F5BAFB8
FCA3C648C7123FB3B2486CEC7FC0007FD9FC1FB5FCA330467EC536>I<DBFF80EB3FE002
0F9039F001FFFC913B3F807C0FF01F913CFC000E3F800380D903F86D48486C7E4948D90F
FC804948D93FF8130F4948017F4A7E49485C49C75BA25B494B6D5A041F6E5A96C8FCACF1
07F0BBFCA3C648C7391FC0001F190F1907B3B0486C4A6C497E007FD9FC0FB50083B512E0
A34B467EC551>I<131F1480133F137FA2EBFF00485A485A5B485A485A138048C7FC123E
123C5A12E0124011126CC431>19 D<1606A25E161C1618163816305EEC7F80903903FFF0
C090380FC0FC90393E001F8049130F01F0EB03C04848497E0003814848EB0CF84848147C
1518001F157E48C7487E157015604802E01380007EECC01FEC0180A200FED9030013C0A2
1406140E140C141C14185CA25C007E16805CD87F01143F003F4914001303001F90C7123E
0186147E000F157C01CC14FC00075DD803F8495A00014A5A00004A5A017E011FC7FC9038
7F807E9038C7FFF89038C07F804848C9FCA248CAFC5A1206120E120C5AA22A3F7DB431>
28 D<121EEA7F80EAFFC0A9EA7F80ACEA3F00AB121EAC120CA5C7FCAA121EEA7F80A2EA
FFC0A4EA7F80A2EA1E000A4778C61B>33 D<001EEB03C0397F800FF000FF131F01C013F8
A201E013FCA3007F130F391E6003CC0000EB000CA401E0131C491318A300011438491330
0003147090C712604814E0000614C0000E130148EB038048EB070048130E0060130C1E1D
7DC431>I<EC03F0EC0FF8EC3E1EEC7C0E4A7E49487E130302E07F01071301A3EB0FC0A4
150393CAFC14E05D1506150E5D1518010713386E5A156015E0ECF1C0DAFB800107B512C0
6DB4C7FC5C4A9139007FFC000101EE1FE019806E6FC7FC0100160E497E495E496C6C1418
010E1638496C6C1430011816709026381FE05C01705E496C6C1301D801C06D5C00030107
1403D807806D91C8FC000F6D6C5B001F0101140E003F6E130C90C7EB801C48027F5BEEC0
304891383FE070031F5B705AED0FF9923807FB806D6DB4C812C05E6F7E007F6E6D13016D
6E6C14804C6C13036C6C496D1400001F912603CFF85B6C6C90260F07FC130E6C6C90263E
01FE133C3D03FE01F800FF80F8C6B54890383FFFF0013F0180010713C0D907FCC890C7FC
42497CC64C>38 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A31201
1380120313005A1206120E5A5A5A12600B1D78C41B>I<140C141C1438147014E0EB01C0
1303EB0780EB0F00A2131E5BA25B13F85B12015B1203A2485AA3485AA348C7FCA35AA212
3EA2127EA4127CA312FCB3A2127CA3127EA4123EA2123FA27EA36C7EA36C7EA36C7EA212
017F12007F13787FA27F7FA2EB0780EB03C01301EB00E014701438141C140C166476CA26
>I<12C07E12707E7E7E120F6C7E6C7EA26C7E6C7EA21378137C133C133E131E131FA2EB
0F80A3EB07C0A3EB03E0A314F0A21301A214F8A41300A314FCB3A214F8A31301A414F0A2
1303A214E0A3EB07C0A3EB0F80A3EB1F00A2131E133E133C137C13785BA2485A485AA248
5A48C7FC120E5A5A5A5A5A16647BCA26>I<14F0A2805CA70078EC01E000FCEC03F0B414
0FD87F80EB1FE0D83FC0EB3FC03A0FF060FF003903F861FC3900FC63F090383F6FC0D90F
FFC7FCEB03FCEB00F0EB03FCEB0FFF90383F6FC09038FC63F03903F861FC390FF060FF3A
3FC0F03FC0D87F80EB1FE0D8FF00EB0FF000FC14030078EC01E0C790C7FCA7805CA2242B
7ACA31>I<16C04B7EB3AB007FBAFCBB1280A26C1900C8D801E0C9FCB3AB6F5A41407BB8
4C>I<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A312011380120313
005A1206120E5A5A5A12600B1D78891B>I<B612C0A61A067F9721>I<121EEA7F80A2EAFF
C0A4EA7F80A2EA1E000A0A78891B>I<1618163CA2167C1678A216F816F0A2150116E015
0316C0A215071680A2150F1600A25D151EA2153E153CA2157C157815F85DA214015DA214
035DA214075DA2140F92C7FC5C141EA2143E143CA2147C1478A214F85CA213015CA21303
5C13075CA2130F91C8FCA25B131EA2133E133CA2137C137813F85BA212015BA212035BA2
12075BA2120F90C9FCA25A121E123E123CA2127C1278A212F85AA2126026647BCA31>I<
14FF010713E090381F81F890383E007C01FC133F4848EB1F8049130F4848EB07C04848EB
03E0A2000F15F0491301001F15F8A2003F15FCA390C8FC4815FEA54815FFB3A46C15FEA5
6D1301003F15FCA3001F15F8A26C6CEB03F0A36C6CEB07E0000315C06D130F6C6CEB1F80
6C6CEB3F00013E137C90381F81F8903807FFE0010090C7FC28447CC131>I<143014F013
011303131F13FFB5FC13E713071200B3B3B0497E497E007FB6FCA3204278C131>I<EB03
FE90381FFFC0017F13F03901F80FFC3903C001FE48486C7E000EC7EA7F8048EC3FC0ED1F
E04815F00030140F007015F800601407126CB415FC7F7F1503A46C4813076CC7FCC8FC16
F8A2150F16F0151F16E0A2ED3FC0ED7F8016005D5D4A5A4A5A4A5A5D4A5A4A5A4AC7FC14
7C5C5C495A495A495A49C7120C131E5B013814185B5B485A4848143848C81230000E1570
001FB612F0A25A5AB712E0A326427BC131>I<49B4FC010F13E0013F13FC9038FE01FE3A
01F0007F80D803C0EB3FC048C7EA1FE0120EED0FF0EA0FE0486C14F8A215077F5BA26C48
130FEA03C0C813F0A3ED1FE0A2ED3FC01680ED7F0015FE4A5AEC03F0EC1FC0D90FFFC7FC
15F090380001FCEC007FED3F80ED1FC0ED0FE016F0ED07F816FC150316FEA2150116FFA3
121EEA7F80487EA416FE491303A2007EC713FC00701407003015F80038140F6C15F06CEC
1FE06C6CEB3FC0D803E0EB7F803A01FE01FE0039007FFFF8010F13E0010190C7FC28447C
C131>I<ED0380A21507150FA2151F153FA2157F15FFA25CEC03BF153F14071406140C14
1C141814301470146014C013011480EB03005B13065B131C13185B1370136013E0485A5B
120390C7FC1206120E120C5A123812305A12E0B812C0A3C8383F8000ADEDFFE0027FEBFF
C0A32A437DC231>I<000615C0D807C0130701FCEB7F8090B612005D5D5D15E015802606
3FFCC7FC90C9FCAE14FF010713C090381F01F090383800FC01F0137ED807C07F49EB1F80
16C090C7120F000615E0C8EA07F0A316F81503A216FCA5123E127F487EA416F890C71207
5A006015F0A20070140F003015E00038EC1FC07E001EEC3F806CEC7F006C6C13FE6C6C48
5A3901F807F039007FFFE0011F90C7FCEB07F826447BC131>I<EC07FCEC3FFF91B512C0
903903FC03E0903907E000F0D91FC0133849C71258017EEB01FC01FE1303491307485A48
5AA24848EB03F8000FEC01F092C7FC485AA3485AA3127FA29038007F80903801FFF09038
0780FC39FF0E003E49EB1F8049EB0FC049EB07E0136001E0EB03F04914F8150116FC5BED
00FEA390C812FFA47EA57F123FA216FE121F15016D14FC120FED03F86C7EED07F06C6C14
E06C6CEB0FC06C6CEB1F80017EEB3F0090383F80FE90380FFFF8010313E0010013802844
7CC131>I<121CA2EA1F8090B712C0A3481680A217005E0038C8120C0030151C00705D00
60153016705E5E4814014B5A4BC7FCC81206150E5D151815385D156015E04A5AA24A5A14
0792C8FC5CA25C141E143EA2147E147CA214FCA21301A3495AA41307A6130FAA6D5AEB01
C02A457BC231>I<14FF010713E0011F13F890387F00FE01FC133FD801F0EB1F804848EB
0FC049EB07E00007EC03F048481301A290C713F8481400A47FA26D130116F07F6C6CEB03
E013FC6C6CEB07C09039FF800F806C9038C01F006CEBF03EECF87839007FFEF090383FFF
C07F01077F6D13F8497F90381E7FFFD97C1F1380496C13C02601E00313E048486C13F000
079038007FF84848EB3FFC48C7120F003EEC07FE150148140016FF167F48153FA2161FA5
6C151E007C153EA2007E153C003E157C6C15F86DEB01F06C6CEB03E06C6CEB07C0D803F8
EB1F80C6B4EBFF0090383FFFFC010F13F00101138028447CC131>I<14FF010713E0011F
13F890387F80FC9038FC007E48487F4848EB1F804848EB0FC0000FEC07E0485AED03F048
5A16F8007F140190C713FCA25AA216FE1500A516FFA46C5CA36C7E5D121F7F000F5C6C6C
1306150E6C6C5B6C6C5BD8007C5B90383F01E090390FFF80FE903801FE0090C8FC150116
FCA4ED03F8A216F0D80F801307486C14E0486C130F16C0ED1F80A249EB3F0049137E001E
C75A001C495A000F495A3907E01FE06CB51280C649C7FCEB1FF028447CC131>I<121EEA
7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3A5121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A
2B78AA1B>I<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3A5121E127FEAFF80A213
C0A4127F121E1200A512011380A3120313005A1206120E120C121C5A5A12600A3E78AA1B
>I<007FBAFCBB1280A26C1900CEFCB0007FBAFCBB1280A26C190041187BA44C>61
D<EB0FFC90387FFFC03901F007F039078001FC000EC77E48147F48EC3F804815C0006014
1F00FE15E07E7FA56CC7FC001CEC3FC0C8FCED7F80A2EDFF004A5AEC03F84A5A5D4A5A4A
5A92C7FC143E143C5CA2147014F05CA25C1301A35CA990C9FCAAEB03C0EB0FF0A2497EA4
6D5AA2EB03C023467BC52E>63 D<16C04B7EA34B7EA34B7EA34B7EA3ED19FEA3ED30FFA2
03707FED607FA203E07FEDC03FA2020180ED801FA2DA03007F160FA20206801607A24A6D
7EA34A6D7EA34A6D7EA20270810260147FA202E08191B7FCA249820280C7121FA249C87F
170FA20106821707A2496F7EA3496F7EA3496F7EA201788313F8486C83D80FFF03037FB5
00E0027FEBFFC0A342477DC649>65 D<B8FC17E017FC00019039C00003FF6C6C4801007F
EF3FC0717E717E717E84170384170184A760A21703601707604D5A4D5AEF7FC04DC7FCEE
03FEEE3FF091B65A17FC0280C7B47EEF1FC0EF0FF0717E717E717E717E1980187F19C0A2
183F19E0A8F07FC0A2198018FF4D1300A24D5AEF0FFC4D5AEF7FE048486C903803FFC0B9
C7FC17FC17C03B447CC345>I<DB0FFE146092B500C013E0020314F0913A0FFC01FC0191
393FC0003E02FFC7EA0F83D903FCEC03C74948EC01E74948EC00FF4948157F4948153F49
48151F49C9120F485A491607120348481603A248481601A248481600A2123FA249176012
7FA31900485AAE6C7EA21960A2123F7FA2001F18E07F000F18C0A26C6C160119806C6C16
0312016DEE07006C6C16066D6C150E6D6C5D6D6C5D6D6C15786D6C5D6D6C4A5AD900FFEC
0780DA3FC0011FC7FCDA0FFC13FC0203B512F0020014C0DB0FFEC8FC3B487BC546>I<B8
FC17F017FC00019039C00007FF6C499038007FC0017FED1FE0EF07F0EF03FC717E717E84
727E727E727EA2727E85180385A2180185A38584A31A80AD1A00A36061A3611803611807
61180F614E5A183F614EC7FC18FEEF03FC4D5AEF1FE001FFED7FC0486DD907FFC8FCB812
FC17F094C9FC41447CC34B>I<B912F8A3000101C0C7127F6C6C48EC07FC17011700187C
183C181CA284A31806A4180704067FA395C7FCA4160EA2161E163E16FE91B5FCA3EC8000
163E161E160EA21606A319C0A3F0018093C7FCA41803A21900A260A260A2181EA2183E18
7EEF01FE170748486C147FB95AA33A447CC342>I<B912F0A3000101C0C7127F6C6C48EC
0FF817031701170018781838A2181CA3180CA4180E1806160CA21800A5161CA2163C167C
ED01FC91B5FCA3EC8001ED007C163C161CA2160CA793C8FCB08048487EB612F8A337447C
C340>I<DB0FFE146092B500C013E0020314F0913A0FFC01FC0191393FC0003E02FFC7EA
0F83D903FCEC03C74948EC01E74948EC00FF4948157F4948153F4948151F49C9120F485A
491607120348481603A248481601A248481600A2123FA2491760127FA396C7FC485AAD4C
B612C06C7EA293C7387FF000725A003F171F7FA2121F7F120FA26C7EA26C7E6C7EA26C7E
6D7E6D6C153F6D7E6D6C157F6D6C15E7D903FEEC01C7D900FFEC0383DA3FE0EB0F01DA0F
FCEBFE000203B500F81360020002E090C7FCDB0FFEC9FC42487BC54D>I<B6D8C003B6FC
A3000101E0C70007138026007F80913801FE00B3A991B7FCA30280C71201B3AC2601FFE0
913807FF80B6D8C003B6FCA340447CC349>I<B612F0A3C6EBF0006D5A6D5AB3B3B3A449
7E497EB612F0A31C447DC323>I<010FB512FEA3D9000313806E130080B3B3AB123F487E
487EA44A5A13801300006C495A00705C6C13076C5C6C495A6CEB1F802603E07FC7FC3800
FFFCEB1FE027467BC332>I<B600C049B512C0A3000101E0C8387FFC006C49ED3FE06D48
1680063EC7FC183C183860604D5A4D5A4DC8FC171E17385F5F4C5A4C5A4CC9FC160E5E5E
5E5E4B5A4B7E4B7E150F4B7E4B7E1577EDE3FE913881C1FFEC8381DA87007F028E6D7E14
9C02B86D7E02F06D7E14C04A6D7E707EA2707E707EA2707F717EA2717E717EA2717E717E
A2717E717EA2717F8585496C82486D4A13FCB600C0011FEBFFE0A343447CC34C>I<B612
F8A3000101E0C9FC6C6C5A5CB3B31830A418701860A518E0A3EF01C0A217031707A2170F
173F177FEE01FF48486C011F1380B9FCA334447CC33D>I<B56C933807FFFC6E5EA20001
F1FE0026006FE0EE1BF8A3D967F01633A2D963F81663A3D961FC16C3A3D960FEED0183A2
027FED0303A36E6C1406A36E6C140CA26E6C1418A36E6C1430A36E6C1460A26E6C14C0A3
6E6CEB0180A3037FEB0300A292383F8006A36F6C5AA36F6C5AA26F6C5AA36F6C5AA36F6C
5AA26FB45AA370C7FC13F0A2486C143ED80FFFEF0FFEB500F0011C0107B512FCA34E447B
C359>I<B56C020FB5FC8080C6040013F06D6CED1F80D96FF8ED0F00A2D967FC1506EB63
FEA2EB61FF01607FA26E7E6E7EA26E7E6E7EA26E7E6E7EA26E7E6E7FA26F7E6F7EA26F7E
6F7EA26F7E6F7EA26F7E6F1380A2EE7FC0EE3FE0A2EE1FF0EE0FF8A2EE07FCEE03FEA2EE
01FF701386A2EF7FC6EF3FE6A2EF1FF6EF0FFEA217071703A217011700A201F0167E183E
487ED80FFF161EB500F0150EA2180640447CC349>I<ED1FFC4AB512C0913907F007F091
391F8000FC027EC7123FD901F8EC0FC049486E7E49486E7E49486E7E49486E7E49C9127E
017E8201FE834848707E4848707EA24848707EA2000F84491603001F84A24848707EA300
7F84A24982A300FF1980AD6C6C4C1300A4003F606D1603A2001F60A26C6C4C5AA26C6C4C
5AA20003606D161F6C6C4C5A000060017F4CC7FC6E5D013F5E6D6C4A5AD907E0EC03F06D
6C4A5AD901FCEC1FC0D9007E4AC8FCDA1F8013FC913907F007F00201B512C09126001FFC
C9FC41487BC54C>I<B712FCEEFFC017F800019039C0000FFC6C6C48EB01FF9338007F80
EF1FE0170FEF07F018F8EF03FCA218FE1701A218FFA718FEA2170318FCA2EF07F818F0EF
0FE0EF1FC0EF7F80933801FE00EE0FFC91B612F017800280C9FCB3AA3801FFE0B612C0A3
38447CC342>I<B712E016FF17C000019039C0003FF86C6C48EB03FCEE00FF717E717E71
7E717E717EA284170384A760A21707604D5AA24D5A4D5A4DC8FCEE01FEEE07F8EE3FE091
B6C9FC16FC913980007F80EE0FE0707EEE03FC707E160083717EA2717EA784A71A608417
1FA21AE0716C13C02601FFE002071301B600C01680943801FC03943900FE0700CBEA3FFE
F007F843467CC348>82 D<49B41303010FEBE007013F13F89039FE00FE0FD801F8131FD8
07E0EB079F49EB03DF48486DB4FC48C8FC4881003E81127E82127C00FC81A282A37E82A2
7EA26C6C91C7FC7F7FEA3FF813FE381FFFE06C13FE6CEBFFE06C14FC6C14FF6C15C0013F
14F0010F80010180D9001F7F14019138001FFF03031380816F13C0167F163F161F17E000
C0150FA31607A37EA36C16C0160F7E17806C151F6C16006C5D6D147ED8FBC05CD8F9F049
5AD8F07C495A90393FC00FE0D8E00FB51280010149C7FC39C0003FF02B487BC536>I<00
3FB912F8A3903BF0001FF8001F01806D481303003EC7150048187C0078183CA20070181C
A30060180CA5481806A5C81600B3B3A54B7EED7FFE49B77EA33F447DC346>I<B600C001
0FB5FCA3000101E0C813F026007F80ED1F80F00F00A21806B3B3A7180E6D6C150CA2181C
131F6E1518010F163818306D6C1570606D6C14016D6C5D6D6CEC0780027F4AC7FC6E6C13
1EDA1FE0137C913907FC03F00201B55A6E6C1380DB07FCC8FC40467CC349>I<B692383F
FFF0A3000301E003071300C649ED01FC4A5E017F705A6E5E133F616E1501011F5FA26D6C
4BC7FCA28001071606A26E150E0103160CA26D6C5DA2806D5EA26F1470027F156081023F
5DA281021F4A5AA26F1303020F92C8FC8102071406A26F130E0203140CA26E6C5BA2816E
5CA2EE8070037F1360A26F6C5AA216E092381FE180A216F3030F90C9FC16FBED07FEA36F
5AA36F5AA26F5AA3166044467EC349>I<B60107B500F890380FFFFEA3000301E0D9001F
90C813F06C0180DA0FFCED3FC091C86C48ED1F006C871C0E6D6C6E7E1C0CA26D6C6F5DA3
6EDA06FF1538011F1A30A26E020E6D1470010FDB0C7F1560A26E021C7F0107DB183F5DA2
856D6CDA301F4A5AA36D6C4A6C6C49C7FCA36D6C4A6C6C1306A3DB80016E130E027FDA80
03140CA2DBC00380023FDA00015CA203E081021F01066D5CA36E6C486E6C5AA36E6C486E
6C5AA36F48EC1FE1020360A2DBFE7015F302010160020F90C8FCA2DBFFE015FB6E49EC07
FEA36F486E5AA36FC86C5AA3031E6F5AA4030C16605F467EC364>I<003FB500E0011FB5
FCA3C691C7000713E0D93FFC020190C7FC6D4815FC010F6F5A6D6C15E0A26D6C4A5A6D6C
5D4DC8FC6D6D5B6E6C13065F6E6C131C6E6C13185F6E6C13706E6C13605F913803FE01DA
01FF5B4CC9FC6E1387ED7FC616CCED3FFC6F5A5E6F7E6F7EA26F7E82A203067F150E9238
0C7FC04B6C7E15389238301FF04B6C7E15E04B6C7E4A486C7E14034B6C7E02066D7F140E
020C6E7E4A6E7E143802306E7E4A6E7E14E04A6E7E49486E7E130349C86C7E496F7F5B49
6C8201FF83000701E0020313F8B500F8021FEBFFF0A344447EC349>I<B66C91380FFFFC
A3000101F8C8000313C026007FE0923800FE0061013F17F06D6C5E80010F5F6D6C4B5A18
036D6C93C7FC6E15066D160E6D6D140C181C6E6C14186E6C5C18706E6C146018E06E6C5C
6E6C495A17036E6C91C8FC5F6E6C13066E6D5A171C92387FC0185FED3FE06F6C5A17E06F
6C5AEEF980ED07FF6F90C9FCA26F5AB3A6923807FF800203B6FCA346447FC349>I<EAFF
FCA4EAF000B3B3B3B3B3A2EAFFFCA40E6476CA1B>91 D<01C01318000114384848137048
C712E0000EEB01C0000C1480001C13030018140000385B003013060070130E0060130CA3
00E0131C481318A400CFEB19E039FFC01FF801E013FCA3007F130FA2003F130701C013F8
390F0001E01E1D71C431>I<EAFFFCA4EA003CB3B3B3B3B3A2EAFFFCA40E647ECA1B>I<13
C01201EA0380EA0700120E120C121C12181238123012701260A312E05AA412CFEAFFC013
E0A3127FA2123F13C0EA0F000B1D79C41B>96 D<EB07FC90383FFF809038F80FE03903C0
03F048C66C7E000E6D7ED80FC0137E486C137F6D6D7EA36F7EA26C5AEA0380C8FCA4EC0F
FF49B5FC90380FFE1FEB3FC0EBFF00EA03FC485A485A485A485A127F5B176048C7FCA315
3FA36D137F007F14EF6D9038C7E0C0003F13013A1FE00783F13B07F81E03FF802701FFFC
0113003A001FE0007C2B2E7CAC31>I<EA01FC12FFA3120712031201B3EC03FC91380FFF
8091383C07E091387001F89039FDE0007E02807F01FFEC1F8091C713C049EC0FE0491407
17F0A2EE03F8A217FCA2160117FEAB17FC1603A217F8A2EE07F0A26DEC0FE017C06D141F
01FBEC3F80D9F380EB7E00D9E1C05B9039E0F001F89039C03C07E09039801FFF80C7D803
FCC7FC2F467DC436>I<EC7F80903803FFF090380FC07C90383F000F01FCEB03804848EB
01C00003140F4848EB1FE049133F120F485AA2485AED1FC0007FEC070092C7FCA290C9FC
5AAB7E7FA2123F16307F001F15706C6C146016E06C6C14C06C6C13010001EC03806C6CEB
0700013F131E90381FC078903807FFF001001380242E7DAC2B>I<167FED3FFFA3150181
82B3EC7F80903803FFF090380FC07C90383F000E017E1307496D5AD803F87F48487F5B00
0F81485AA2485AA2127FA290C8FC5AAB7E7FA2123FA26C7EA2000F5D7F6C6C5B00035C6C
6C9038077F806C6C010E13C0013F011C13FE90380FC0F8903803FFE09026007F0013002F
467DC436>I<EB01FE903807FFC090381F03F090387E00FC49137E48487F485A4848EB1F
80000F15C049130F121F484814E01507A2007F15F090C7FCA25AA390B6FCA290C9FCA67E
A27FA2123F16306C7E1670000F15606D14E06C6C14C0000314016C6CEB03806C6CEB0700
013E131E90381F80F8903803FFE0010090C7FC242E7DAC2B>I<EC0FE0EC7FF8903801F8
1E903803F03F90390FE07F8090381FC0FF5C133F495AA2ED7F0001FE131C92C7FCAFB67E
A3C648C8FCB3B2486C7E007F13FFA321467EC51E>I<EE0F80D901FCEB7FE0903A0FFF81
F0F090393F07E3819039FC01FF033A01F800FE014848017E13E00007027FC7FC497F000F
8149131F001F81A9000F5D6D133F000792C7FC6D5B0003147E6C6C5B6D485A3903BF07E0
90380FFF80260701FCC8FC90CAFCA25AA37F6C7E7F90B512F86C14FF16E06C15F86C6C80
48B67E3A07C0000FFF48481300003FC8EA3F80003E151F48ED0FC0A2481507A56C150F00
7C1680007E151F003E16006C153E6C6C5CD807E0495AD801F8EB07E0D8007FEB3F809026
1FFFFEC7FC010113E02C427DAC31>I<EA01FC12FFA3120712031201B3EC01FE913807FF
C091381E07F091383801F802707FECE000D9FDC07F5C01FF147F91C7FCA25BA35BB3A848
6CECFF80B5D8F83F13FEA32F457DC436>I<EA01E0EA07F8A2487EA46C5AA2EA01E0C8FC
ADEA01FC12FFA3120712031201B3B0487EB512F8A315437DC21C>I<143C14FFA2491380
A46D1300A2143C91C7FCADEC7F80EB3FFFA31300147F143FB3B3AA123E127F39FF807F00
A2147EA25C6C485A383C01F06C485A3807FF80D801FEC7FC195785C21E>I<EA01FC12FF
A3120712031201B3A292381FFFE0A36F1300ED07F816E05E5E030EC7FC5D5D5D5D4A5A4A
5A4AC8FC5CEC3F804A7E14FF9038FDCFE09038FF8FF01407496C7E01FC7F14016E7E8181
6F7E82151F6F7E821507826F7E8282486C491380B5D8F81F13F8A32D457DC433>I<EA01
FC12FFA3120712031201B3B3B3A5487EB512F8A315457DC41C>I<D801FC01FFEC1FE000
FF010701E0EBFFFC913B0F03F801E07F913C3C01FC07803F800007903C7000FE0E001FC0
000349D97E1C130F2601FDC0D97F38804A143001FFDA3FF06D7E91C75BA2495DA3495DB3
A8486C4A6C497EB5D8F81FB50003B512E0A34B2C7DAB52>I<3901FC01FE00FF903807FF
C091381E07F091383801F8000701707F0003EBE0002601FDC07F5C01FF147F91C7FCA25B
A35BB3A8486CECFF80B5D8F83F13FEA32F2C7DAB36>I<EC7F80903803FFF090380FC0FC
90383E001F496D7E496D7E48486D7E48486D7E48486D7E000F81A24848147E003F157FA2
90C87E481680A44816C0AA6C1680A26D147F003F1600A2001F157E6D14FE000F5D6D1301
00075D6C6C495A6C6C495A6C6C495A013E49C7FC90381FC0FE903807FFF89038007F802A
2E7DAC31>I<3901FC03FC00FF90380FFF8091383C07E091387001F83A07FDE000FE0001
0180137F01FFEC3F8091C7EA1FC04915E049140F17F0160717F8160317FCA3EE01FEABEE
03FCA3EE07F8A217F0160F6D15E0EE1FC06D143F17806EEB7E00D9FDC05B9039FCF003F8
91383C0FE091381FFF80DA03FCC7FC91C9FCAE487EB512F8A32F3F7DAB36>I<91387F80
03903903FFE00790380FE07890393F801C0F90387E000E496D5AD803F8EB039F0007EC01
BF4914FF48487F121F5B003F81A2485AA348C8FCAB6C7EA3123F7F121F6D5C120F6D5B12
076C6C5B6C6C497E6C6C130E013F131C90380FC0F8903803FFE09038007F0091C7FCAEEE
FF80033F13FEA32F3F7DAB33>I<3903F803F000FFEB1FFCEC3C3EEC707F0007EBE0FF38
03F9C000015B13FBEC007E153C01FF13005BA45BB3A748B4FCB512FEA3202C7DAB26>I<
90383FE0183901FFFC383907E01F78390F0003F8001E1301481300007C1478127800F814
38A21518A27EA27E6C6C13006C7E13FC383FFFE06C13FC6C13FF6C14C06C14E0C614F001
1F13F81300EC0FFC140300C0EB01FE1400157E7E153EA27EA36C143C6C147C15786C14F8
6CEB01F039F38003E039F1F00F8039E07FFE0038C00FF01F2E7DAC26>I<1306A5130EA4
131EA3133E137EA213FE12011207001FB512F0B6FCA2C648C7FCB3A4150CAA017E131C01
7F1318A26D133890381F8030ECC070903807E0E0903801FFC09038007F001E3E7EBC26>
I<D801FC147F00FFEC3FFFA300071401000380000181B3A85EA35DA212006D5B017E9038
077F80017F010E13C06D011C13FE90380FC078903803FFF09026007F8013002F2D7DAB36
>I<B539F001FFFCA3000790C7EA7FE06C48EC1F8000011600160E1200160C017F5CA280
013F5CA26E1370011F146080010F5CA2ECF00101075CA26D6C48C7FCA26E5A01011306A2
6D6C5AA214FF6E5AA215B8EC3FB015F06E5AA36E5AA26E5AA36EC8FC2E2C7EAA33>I<B5
00E0B539E03FFF80A30007903C000FFE000FFC00D803FCD903F8EB03F8F001E012010301
5D6D80000060A26D6E13036DD9037E91C7FCA20280017F5B013FD9063F1306A2D91FC06E
5AED0C1FA2D90FE06E5AED180FA2D907F06E5AED3007A2D903F86E5AED6003A2902601FC
E06D5AEDC00117FCD900FFECFD80ED800017FF027F92C8FC92C77EA26E147E023E143EA2
021E143C021C141CA2412C7EAA46>I<B539F007FFFCA30003D9C00113C0C6496C130001
7F14FC013F5C6E13E06D7E010F495A6D6C485A02F890C7FC903803FC060101130E6E5A90
3800FF186E5AEC3FF05D141F140F6E7E81140FEC0DFCEC19FEEC38FF4A7E9138603F8002
C07F0101131F49486C7E02007F01066D7E010E1303496D7E013C80017C80D801FC1580D8
0FFE4913C0B5D8800F13FFA3302B7FAA33>I<B539F001FFFCA3000790C7EA7FE06C48EC
1F8000011600160E0000150C6D141C6D1418A26E1338013F1430A26D6C5BA26E13E0010F
5CA26D6C485AA2ECF803010391C7FCA2903801FC06A2ECFE0E0100130CA2EC7F18A215B8
EC3FB0A2EC1FE0A36E5AA26E5AA36EC8FCA21406A35CA25CA2123C007E5BB4FC5CA25CEA
FE01387C0380D87007C9FCEA3C1EEA0FFCEA03F02E3F7EAA33>I<003FB612E0A29038C0
003F90C713C0003CEC7F800038ECFF00A20030495A0070495AA24A5A0060495AA24A5A4A
5AA2C7485A4AC7FC5B5C495A13075C495A131F4A1360495A495AA249C712C0485AA2485A
485A1501485A48481303A24848EB07804848131F00FF14FF90B6FCA2232B7DAA2B>I<B9
FCA23002809B31>I<BF1280A26102809B62>I<001EEB0780007FEB0FE039FF801FF0EBC0
3FA4EB801F397F000FE0001EEB07801C0A76C231>127 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fv cmbx12 24.88 45
/Fv 45 122 df[<96380FFFFE060FB612E04DB712FC051F16FF94B912C0040784041F18
F8047F9126FC001F7F4BB6008001017F030702F8C8EA3FFF4B02E0030F7F033F02804B7F
4B49C9127F92B54893B57E4A02F05D4A4A4B804A4A5D4A4A84634A91C9FC4A5BA24A5B51
80755C91B5FC5EA3755CA2755C755C755CE23FFEC8FCF40FF899CAFCAF083FB612FCBFFC
A9C702FCC912038787B3B3B3B2003FB800F0013FB812F0A9>116
144 123 271 129 12 D[<EF01F8EF07FC170F171F177FEE01FF1607161F93B5FC150315
3F0203B6FC49B7FCB9FCA615C3ECFC03EBFE00C8FCB3B3B3B3B3AE007FBC1280A9>81
135 110 262 116 49 D[<93381FFFF00303B612E0033F15FC4AB812C0020717F0021F17
FC027F17FF49BA12C0010719F049DA800F814901F8C715FE4901C0021F804948C8000781
49486F814801F00300814849708048018070804890CA6C806E70804813F002FC7080486D
70158080486E6F15C0817315E081B6836F19F0A3861DF8A56C5CA26C5CA26C5C6C91CAFC
6C5B000113F826007FE01AF090CCFC62A21DE0A297B6FC1DC0A24F1580A24F150064A24F
5C64614F5C644F5C644F91C7FC96B55A4E5C634E5C4E5C4E5C98C8FC4E5B4E5B4E5B95B5
12E04D5C624D49C9FC4D5B4D5B4D13E04D5B4D5B4D48CAFC4C5B4C5B4C5B4C01C0ED0FF8
4C5B4C90C9FC4C5A4C48EE1FF04B13F04B5B4B5B4B5B4B90CAFCDB3FFC173F4B4818E04B
5A4A5B4A49177F4A90CBFC4A4818FF5D4A485F4A48053F13C04ABBFC91BCFC5B5B5B5B49
1B805B5B90BDFC5A5A5A5A481C005A5ABEFCA464A4>93 135 117
262 116 I[<933807FFFE93B612F8030FEDFF80033F16F04AB812FE0207717E4A18E002
3F844A9026FC003F14FC49B500C00107804901FCC70001804901F06E6C14C04901C06F80
4990C97E4A708049488549B46C6F8015E090B500F8846F8148878181A2481C808285A461
A36C92C8FC1D006C5CA26D5B6D494B5C6D5B010713C0010190C95D90CB5A64A24F5C6461
644F5C96B6C7FC634E5C4E5C4E14E04E5C063F5C95B548C8FC050314F80407B612E00307
B712804B4BC9FC19F885F1FFC01AF86F16FF92C86C14C0060714F0060114FC7280073F6D
7E738073807314F888738085881D807315C0A21DE0861DF0A21DF8A27414FCA41DFEEB7F
F03801FFFC487F000F6D7E4880A248804880A3B67E1DFCA45014F8A34B19F07E97B612E0
5D1DC06C5C4B4B15806C91C9FC02FC4C15006C494C5C6C01C0616E4C5C6C01F84C5C6C01
FE4C5C6C6D6C4B5C6D01F04AB65A011F01FF020792C7FC6D02F8017F14FC010391B85A01
0019E0023F1880020F4DC8FC020317F0DA007F1680030303F8C9FCDB000F49CAFC>95
137 118 262 116 I[<F37FC0517E6262A2626262A2626297B5FC61A2616161A2616161
96B6FCA2606060A2606060F07FEF19CF18FF4D138F4D130F18FE1707EF0FFCEF1FF8EF3F
F018E0177FEFFFC04C138018005E4C5A4C5A4C5A5F163F4C5A4C5A5F5D4B90C7FC4B5A4B
5A5E151F4B5A4B5A5E15FF4A5B4A90C8FC4A5A5D140F4A5A4A5A5D147F4A5A495B4990C9
FC5C1307495A495A5C133F495A495A485B91CAFC5A485A485A5B121F485A485A485A90BE
12FEA9CC003F02E0C7FCB3A6040FBA12FEA9>103 136 122 263
116 I[<010E1AE0D91FC0F007F002F0183F02FFEF01FF03E0160F03FF4BB5FC04FE91B6
5A93B95AA26499C7FC6363636363636398C8FC1AFC621AE06297C9FC19FC19F019C04ECA
FC18F0DAF87F49CBFC92CEFCB3A394B5FC041F14F84BB77E030716E0031F16FC037F16FF
02F9B912C002FBDA800F8091B526F0000114F893C86C7F03FC6F7F03F06F7F03C06F804B
6F804AC96C804A854A70804A85854A856D5A90CC6C7FA21D80A21DC0A21DE086A21DF0A5
1DF8A3EB7FC03801FFF000077F4813FE5A487F815A81B6FCA31DF0A41DE0625D6C1CC092
CAFC5C1D806C01F894B6FC4A1A006C13C001F8CA485C6C6C626D5F0007636D4D5C6C6D61
6C01E05E6C6D4C5C6E4C5CD97FFE93B548C7FC6D6C6C4A5C6D01E002075C010701FC023F
5C6D9026FFE003B612C06D91B8C8FC6D6C5F021F17F0020717C0020194C9FC6E6C15F003
0792CAFCDB007F13C0>93 137 117 262 116 I[<95380FFFE00503B6FC053F15C04CB7
12F8040782043F16FF93B97E4B8403079126FE003F7F031F02E001037F4B91C87F92B500
FCED3FFC4A02F06F7E4A02C0150F4A4A92B5FC4A91C812034A01FC5D4A494B14804A495D
91B5FC494A4B14C0495C494A5DA24991C9FC5B5D5B5D5B90B57114805D48731400A2745B
484A705B745B48070013E098C8FCA2485CA35AA35AA34B903807FFE0053FEBFF80484BB6
12F04C15FC040F15FF4C16C04C16F093267FF803809327FF80003F13FEB600C190C7000F
7FDBC3FC6E80DBC7F86E804C6E80DBCFE06E80DBDFC06F7F4C6F7F03FF8493C96C7F5D1D
804B7014C0A21DE05D1DF0A25D7414F8A34B19FCA47E1DFEA25DA67EA56C80A46C1CFCA3
7EA21DF87E81626C1CF0A26C1CE0A26D6D19C0626D1B806D6D1900626D6D606D6D4C5B70
5F6D95B55A6D6E4A5C6D6E4A5C6E01F84A5C6E6D021F91C7FC6E01FF027F5B0207DAF007
B55A6E91B712F00200606F1780031F4CC8FC030316F8030016C0041F4AC9FC04001480>
95 137 118 262 116 I[<48B4FCA3487F14E014FE91B512F893BB12E0A45AA41EC01E80
1E0048646565A2656565654899C7FCA26464646402E0CB5BD83FFCCB5A494E5B505B4997
C8FC505A505A49183F505A007F4F5A63494D5B4F5B614F90C9FC4F5A4848604F5A4F5A19
FFCB485B4E5B624E90CAFC604E5A61183F4E5AA24E5A5F615F4D5BA25F4D5BA25F96CBFC
5FA24D5AA25EA24C5BA25EA25EA24C5BA25EA35E60A293B5FCA35DA35DA35D60A35DA65D
A75DAE6F5CA36F5C6F91CCFC6F5B6F5B9238007FF0EE1FC0>99 142
115 267 116 I[<F31FF0517E517EA2517EA3507FA25080A25080A35080A25080A35080
A25080A397B67EA24F81A34F82A24F82A34F82A2DF1FFD811AFC62073F6D80A2DF7FF081
871AE007FF6D80A24E01C081871A804E6E81A24E0100828761060F6E81A24E4883876106
3F6F80A24E486E80A26106FF6F80A24D496E80A2614D7081A24D90C86C81A260050F7081
A24D486F81A260053F7180A24D487080A26005FF7180A24C497080A2604C7281A24C90CA
6C81A25F040F728194BDFC4C88A34C88A24C88A3DCFFE0CB001F80A24B497280A25F4B74
81A24B90CC6C81A25E030F7481A24B487381A25E033F7580A24B487480A25E03FF7580A2
4A497480A25E4A7681A24A90CE6C81A25D91261FFF8074810103B512FEB900C0040FBA12
FEA9>159 145 120 272 176 65 D[<BFFC1EFEF6FFE01FFCF7FF8020E020FC8C7A7EC7
00034ACA001F15E00B0381E3007F800C1F80788078800C01818E788179808B8E8B8E8B8E
A27980A4791580AB551500A4555CA26A676A676A555C9CB65AA2545D5492C7FC545C5414
F80C3F5C9BB65A5315800B0F4AC8FC0B7F14F80A1FB612E094BCC9FC1FF81F801FF8F7FF
8020F020FE4DCA00016E7EE3003F14F00C07807814FE0C006E7E79807980798079807980
8E7980791580A27915C023E08C23F0A223F88CA223FCA38C23FEAB5614FCA55614F8A29D
B612F0A35515E06723C055158067551500555C555C9CB6FC0C035D5415E00C1F5D9BB75A
0B0F93C7FCC212FC6921E021800EFCC8FC20F09DC9FC1FF00CFCCAFC>143
142 120 269 165 I[<0803B500C0EE01F00703B600FEEE03F8077FDBFFE015070607B8
00FC150F063F05FF151F4DBA00E0143F050F07F8147F053F07FE14FF94BC5B04039326F8
000FECC003040F4BC86CEBF007043F03C0030F6D5A93B648C900036D5A4B03F09339007F
FF3F030703C0051F90B5FC4B92CB7E033F02FC18034B02F08492B648844A0380193F4A92
CD7E4A4A864A4A864A02F0864A4A864A8991B65A494B874992CF7E4C885B494A885E498B
494A88A2495C8D90B65A8D5A5E48217FA24892D1FC223FA25A5DA248211FA3485CFA0FF0
9FC7FCA25AA45DA3B6FCB27EA381A47EA46C80FA07F0FA0FF87EA2817EA36C6F1D1F23F0
7E827E223F6D6E1EE0A26D6E1D7F23C06D6E1DFF7F705213806D806D55130070646D6F64
6D6F515A6E6E1B1F6E6E515A6E6E515A6E6E1BFF6E6E505B6E6E505B6E6F4F5B6E03E04F
90C7FC6F6EF13FFE6F02FC4F5A030F02FF4E485A6F03C005075B030103F0051F5B6F03FE
057F1380043FDAFFE00303B5C8FC040F03FE033F13FC0403DBFFF80107B55A040093B812
E0053F1A80050F4FC9FC050119F8DD003F18C0060795CAFCDE007F16F0070393CBFCDF00
0314C0>141 146 115 271 168 I[<BE12FEF5FFFCF6FFC01FFCF7FF8020E020FC20FF21
C0C7000392C9000116F0E2000F810B0015FE0C1F800C0315C00C00810D3F8079800D0714
FE79807981796C808C7A807A808F7A807A808C8F7A818DA17E8DA17E8DA17EA27B80A2A1
7E8DA17EA28DA17EA3A113808DA3A113C0A57B15E0A6A113F0B3A2A113E0A569A113C0A5
A11380A269A2A11300A3575CA2A15AA269A15A69A15AA2575CA15A69A15A9EB6FC5692C7
FC6B565C68565C565C565C565C9DB65A5592C8FC0D075C555C0D3F5C9CB65A0C0315C00C
0F5D0C7F92C9FC0B07B612FC52B712F0C212C09ECAFC20FC20F020800DFCCBFC1FE00CFC
CCFC53CDFC>156 142 120 269 178 I[<C21280A421C0A5C700030380C81201F40007F5
007F0C1F14E01E071E018A1F3F8B8B8B7913F0A28B8BA2207FA3203F21F8201FA4200FA3
21FC2007A4F47FC0A3F803FEA49DC7FCA31CFFA463A263A26363631B7F50B5FC1A1F95B8
FCA9953880001F1A01747E1B1F878787A287A287A41C7FAA99CBFCB3AFBC12F0A9>127
141 120 268 146 70 D[<BC1280A9C7000103C0C8FCB3B3B3B3B3B3B0BC1280A9>73
142 121 269 87 73 D[<BC12F0A9C700030380CEFCB3B3B3B3A5F8FF80A4672100A667
A368A21F07A41F0FA3555AA21F3FA21F7FA21FFFA2666668666666666653B5FC651D0F53
5C1D7F0A03B6FC1C1F0903B7FCC1FCA468A5>121 142 120 269
140 76 D[<B96C0C3FB812E07266729BB9FC7265A37265A27265C70003A101F8C8FC72F5
0FF7A2706DF51FE7A3706EF43FC7A2706EF47F87A2706EF4FF07A2706EF301FEA3706EF3
03FCA2706EF307F8A2706EF30FF0A2716DF31FE0A3716EF23FC0A2716EF27F80A2716EF2
FF00A2716E4F5AA3716E4F5AA2716E4F5AA2716E4F5AA2726D4F5AA3726E4E5AA2726E4E
5AA2726E4EC7FCA2726E4D5AA3726E4D5AA2726E4D5AA2726E4D5AA2736D4D5AA3736E4C
5AA2736E4C5AA2736E4CC8FCA3736E4B5AA2736E4B5AA2736E4B5AA2736E4B5AA3746D4B
5AA2746E4A5AA2746E4A5AA2746E4AC9FCA3746E495AA2746E495AA2746E495AA2746E49
5AA3756D495AA2756E485AA2756E485AA2756E48CAFCA375ECF1FEA275ECFBFCA275ECFF
F8A2755DA3765CA2765CA2765CA27691CBFCA3765B4A7F49B500FE715BB900FC51BB12E0
765BA2765BA3775A775A775A>203 142 120 269 220 I[<B900C04EB912F8848484A284
848485C7000399C7000302FCC7FC73DF000F90C8FC73745A858585A28570807081708182
867081708170818286718071817181718183877181718171818487728172817281728184
8872817281738085897381738173817381A27381738174807481868A7481748174817481
A27481758075817581878B758175817581878B7680768176817681888C76817681768189
8C7715807715C07715E07715F08921F87715FC7715FE7814FF8A22877815C77815E77815
F77815FFA28A8A8B8B8BA28B8B8B8BA28B8C8C8C8CA28C8C8C8CA28D8D8D8D8DA24A6D88
49B500FE88B900FC86227FA2223F221F220F2207A27C5A>165 142
120 269 182 I[<97B512F0077FECFFE00607B712FE067FEEFFE00503B912FC051FF0FF
80057F19E00403BB12FC040F9226E0007F14FF043F02FCC7000315C04C02E0DA007F804B
B60080031F14F8030702FCC9000314FE4B4A70804B02E0706C80037F0280051F14E092B6
CB6C804A4A72804A4A72804A02F00600804A4A737F4A4A73804A8B4A4A738091B6CD6C80
494A7480A2494A7480494A7480498C4C86498D4C87498D494A7580A290B68B4C87488EA2
4892CF6C80A3488E4B88A2488EA3484A761580A34823C0A5484A7615E0A7B621F0B36C23
E0A26F64A56C23C0A46F646C2380A36C23006F64A26C6AA270636C6AA26C6A70636C6A70
636D69A26D6E98B65AA26D6E505DA26D6E5092C7FC6D6870626D6E505C6D686D6F4F5C6E
6E4F5C6E6E4F5CA26E6E96B65A6E6E4E92C8FC6E6E4E5C020102FF060F14F86E6F4D5C6F
6E4D5C6F02F094B65A030F6E4C92C9FC6F02FE04075C03016E6C031F14F86F03F092B65A
043F02FE020715C0040FDAFFF090B7CAFC040392B812FC04001AF0051F198005074ECBFC
DD007F17E0060F94CCFCDE007F15E0070002F0CDFC>148 146 115
271 175 I[<BE12F8F5FFF01EFF1FE01FFCF7FF8020E020F820FEC7000392C9000781E2
003F15C00B03810B00810C3F8078800C07807880788178818E8B8E8B8E8B8EA28EA28B8E
A42380AC2300A46A67A26AA26A676A676A9CB65A6A665492C7FC545C0C1F5C545C9BB612
E00B075D0B3F5D0A07B648C8FC95BB12F820E0208055C9FC1FF09CCAFC1EF00BF8CBFC06
80D0FCB3B3B2BB12FEA9>137 142 120 269 159 I[<BD12FCF4FFFCF5FFE01EFCF6FFC0
1FF01FFE797E20E0C7000392C96C15F80A0181E2003F14FF0B07810B0115E0776C807880
7880788078808A78818E7881A28E8B8EA37980A48EAA6AA3676AA26AA29CB65AA26A545D
9FCAFC66545C545C545C545C9BB612C0535D0B074ACBFC0B3F5C52B612F00A7F15C095BB
CCFC1FF81FC054CDFC1EF81EFE787E95C8000315E0E1003F14F80A0F14FE0A0380768176
6C807780778077808C77807780A27781A27781A28DA28A8DA88DA98DA87BED1FC0A1EB3F
E0A28AA28D8AA1137F7C15C08A7818FF7C1580786F5B781900BB00FC6F6F5B796E495A79
02FEEB1FFC799139FFC07FF80D0792B55A0D015F796C5E0E1F5E0E034BC7FCD4001F14F8
E7003F13C0>163 144 120 269 173 82 D[<93260FFFF8163E4BB600E0153F031F03FE
5D037FDBFFC05C0203B800F05B020F05FC5B4A05FF5B027FF0C00F91B526FC000FECF01F
010302C0D9007F6D5A4949C800076D5A4901F8030090B6FC4901E0163F4949160F494982
90B5CA12014A834849844849181F87484984A2484984874886A248498588A24887A388A2
B58680A36E85A3806E85A28080816C6E725A03F096C7FC8115FE6F7E6C15F0EEFF8017F8
6CEEFFC018FC6CEFFFE019FE6CF0FFF01AFE6CF1FFC06C1AF01BFC6C1AFF6D1AC06D866D
1AF86D866D866D866D876D87023F866E860207860201866E7E031F85030385ED007F0407
1980EE003F050318C0EF001F060117E0F0000F1900080F15F01A031A007514F81B1F8787
7514FC87A2007F86486C86A288A288A46D86A31EF87FA37F1EF0A26D626D1CE0A27F6D50
13C0A26E1B806E616E1B0002F896B5FC6E4E5B6E4E5B6E6C5F03E04D5B03F84D5B03FE4D
5BDBFFC093B55A04F803035C496CD9FF80021F91C7FCD9FC1F02FF49B55AD9F80792B75A
496C19F049C66149011F18804901074DC8FC90C817F848031F16C04803004BC9FC007C04
011480>102 146 115 271 129 I[<000FC312F8A6488EA304C0C7001F02FCC7120103F8
C8F0000F03C01C0192C9737E02FC1E1F4A8A02E01E034A8A4A8A4890CA757EA249203F49
201FA349200FA2492007A4492003007F8EA4498CA848487A1380A6CC99C7FCB3B3B3B3AA
030FBD12F8A9>145 140 120 267 162 I[<BB00C00507B812F8A9C7001F4ACE000192C7
FC71E1000713E06E791380A2846E5590C8FC846E555A846E555AA26E6F64223F846F545A
846F545AA26F6E6469846F535B856F5390C9FC856F66210F856F535A856F535A8570525A
A28570525A8570515B8570515BA2706F96CAFC688670515A8670515A867064203F867150
5A8671505A8671636786714F5B87714F90CBFC87714F5AA287714F5A87714F5A87724E5A
A2726E5E1FFF87724D5B87724D5B887296CCFC6688724D5A88724D5A8872601E3F88734C
5A88734C5A88734B5BA21CFF734B5B1D8373038790CDFC1DC773EDCFFEA273EDEFFC1DFF
A2735EA2745DA2745DA3745DA2745DA27492CEFCA3745CA2745CA2745CA3755BA2755BA2
755BA2755BA27590CFFC755A>165 144 123 269 176 86 D<93B512FC037FECFFF00207
B8FC023F17E091B912F84918FE0107727E499126C0007F14E04901E0C7000F80496D0203
80496D020014FE6F6F7F90B570806F6F8085486E6F807380A27380A28885886C5CA26D49
82886D5B6D5B010713C0010190CAFC90CCFCA90603B7FC050FB8FC0403B9FC167F0307BA
FC153F4AB7EA807F020FEDE000023F02FCC7FC91B612E0010392C8FC4914FC011F14F049
14C0495C90B548C9FC485C485C485C485C5A5D485CA24891CAFCA3B6FC5CA397B6FCA461
806C60F107EF6C6E150F6F16CF6C183F6FDB7F8F806C6EDBFF0F14E06C02FCDA03FE15FE
6C6E91260FFC0791B5FC6C6E6CD93FF817806C923AF803FFF003013F91B6487E010FEF80
00010394C77E010004FC141F021F03F0140702010380DA007F1400DA000701F8CDFC695F
79DD71>97 D[<ED1FF0017FB5FCB7FCA9EA003F1307A27FB3B296383FFFC00607B512FE
063FECFFE04DB712F8050716FF051F17C0057F17F094B5D8C00F8004F301FCC714FE04F7
01E0023F7F93B50080020F804DC86C14E005F80301804D6F804D707F05808294CA804C71
7F4C7180A24C71808BA27680A28B88A28BA28BA3888BA52080B02000A56764A267A36764
67A2525CA267647062704D91C7FC704D5BA2714C5B7193B55A05F04B5CDCBFF84B5CDC1F
FC030F5C4B6CB44B91C8FC7001C0027F5B4B6C01F00103B55A4BC601FF013F14F04B6D90
B712C04B011F94C9FC4B6D16FC4B010316F092C86C15804A030F02F8CAFC90CB49CBFC>
113 144 121 270 129 I<94387FFFF0041FB612E093B712FE0307707E031F17F092B97E
4A18FE020784021F9126F8000F14804A0280010014C04A49C74814E049B500F85C494A17
F0494A5C495C494A4A14F84991C8FC5D495B90B5FC5D5A485C7314F05A4B6F14E05A7314
C0487214804B93383FFE00F20FF84896C8FCA4485CA5B6FCB07EA281A37EA36C80A37E6F
18FE6CF201FFA26C6E5F1CFE6C801B076C6EEF0FFC6D7F70EE1FF86DF13FF06D6E167F6D
6EEEFFE06D02F84B13C06D6E5D6D02FF030F13806D03C0023F1300023F02F0903801FFFC
6E9126FF801F5B020792B65A6E18C0020060033F4CC7FC030716F8030016C0041F4AC8FC
DC007F13C0585F78DD67>I[<F53FE098B6FC4FB7FCA996C77E1B0FA287B3B294383FFF80
040FB512FC93B71280030716E0031F16F8037F16FE4AB9128702074AC66C13C7021F02E0
010713F74A91C890B6FC4A01FC153F49B548150F4902E081494A81494A814991CA7E495B
8749498390B548835A5D5AA2485CA25A5D5AA35AA25D5AA5B6FCB07EA57E81A37EA27EA2
817EA26C80A26C626C6E5F636D7F6D6D94B6FC6D606D6D1607705D6D6E4B81010102F015
7F6D6E92B712FE6E01FE020301EF91B512806E6D6C011F13CF020FDAF801B5120F020391
B612FE6E17F86E6C16E0030F16800301EDFC00DB003F14E0040049C74AC8FC>113
144 120 270 129 I<94387FFFC0040FB6FC93B712E0030716FC031F16FF037F17C04AB9
12F00207DAF80380021F912680003F13FE4A49C7000F7F4A01F802038049B5486E804902
C06E6C7F494A6F7F4991C9FC49727F4949707F4B84498490B548707F5A4B198048855D48
1CC086481CE05D5A871DF05AA25D5AA21DF887A2B6FCA392BBFCA51DF00380CDFCA77EA4
817EA37EA2817EA26CF307F06FF00FF87E816C1B1F6F19F06C1B3F6D6DF07FE06D7FF4FF
C06D6E4C13806D6E5E6D02F04C13006D6EEE1FFE6D6E4C5A6D6C01FFEEFFF86E02E00203
5B6E02FC021F5B02079126FFC003B55A6E92B7C7FC020060033F17F8030F17E003011780
DB003F03FCC8FC040315C0DC000F01F8C9FC5D5F7ADD6A>I[<95383FFF80050FB512F094
B612FE040781041F16C0047F824BB87E0307DAF8077F031FDAC00F7F4B49C6487F4B495B
92B500F0814A4A5B4A5C4A93B612805F4A91C7FC5C5E5C5E5C731400A24C6E5B91B56F5B
A2735B070313E00700138097C8FCB3A4BA12F8A9C702FCCBFCB3B3B3B3A2003FB9FCA9>
81 144 121 271 71 I<F5FFC093260FFFFC030F13F04BB600E0027F7F031F03FE49B512
FE037F9226FF8007800203B8EAF01F020FDDFC3F15804A7148133F027FDA003F90B500F0
14C091B500F80107ED807F4902E00101ECFC00010702806D6C5B93C87E49496F7F49496F
7F49496F6D6D1380491A8077130090B5486F6E6C5AF503F84875C8FCA2484A6F80A44887
AB6C63A46C6E4B5CA26C63A26D6D4B5CA26D97C9FC6D6D4B5B6D6D4B5B6D6D4B5B705C01
0102E049B512E06D02F801075C4902FF013F5C4992B648CAFC496002F317F090260FE07F
1680031F4BCBFC90261FC00115E0DB000F01FCCCFC013F91CFFCA3137FA280A380A28080
806E7E15F092B812F06DF0FFE01BFEF3FFC06D1AF81CFE767E6D1BE06D87896D1BFE6D87
7F6E878A0103BD7E130F013F8890BEFC4802E0C9003F814891CBFC4801FC180F48490601
804849727E484985884849737F88A2B55A88A66E616C65A26E616C6D4F5B6C656E616C6D
4F5B6C6D96B55A6C6D6C05035C6F5FC602F0051F49C7FC6D01FC057F5B6DD9FF800303B5
5A010F02F8033F14E06DDAFFE0010FB65A010192B9C8FCD9003F19F8020F19E0020196C9
FCDA001F17F0030194CAFCDB000192CBFC6A887ADD74>I[<ED1FF0017FB5FCB7FCA9EA00
3F1307A27FB3B2963803FFFC073FEBFFE096B612F8060715FE061F6F7E4E16E095B87E4D
D9FC03804DD9C000804D48C76C7FDD0FF880DD1FE0824D486E804D5A05FEC881DCF1FC81
5F04F385EEF7F04D81EEFFC0A24D84A294C9FCA25EA35EA45EB3B3AFB9D8E001B912C0A9
>114 143 119 270 129 I[<EC3FC0ECFFF0010313FC497F497F498049804980A290B67E
A24881A86C5DA26D5CA26D5C6D5C6D91C8FC6D5B6D5B010013F0EC3FC091CAFCB3A3ED1F
F0017FB5FCB7FCA9EA003F1307A27FB3B3B3B0B91280A9>49 144
119 271 65 I[<ED1FF0017FB5FCB7FCA9EA003F1307A27FB3B3B3B3B3B3ACB912C0A9>
50 143 119 270 65 108 D<DB3FE0912601FFFC943801FFFC017FB5031FD9FFE0041FEB
FFE0B792B600FC93B612FC060303FF030315FF060F04C0020F16C0063F04F0023F16F095
B86C91B87E4DD9FC036E49D9FC03804DD9C0006E49D9C000804D48C7003F6D4948C7003F
7FDD0FF86EDB0FF880D8003F4B48714848830107DB3FC06E9126C03FC06E804D484E5A6D
4BC86F48C881DCE1FE6FDAE1FE814D61DCE3F8DEF3F884DCE7F0F0F7F04D6F4B81DCEFC0
F0FFC0A2DCFF804F84A294C993C9FCA24C61A34C61A44C61B3B3AFB900E090B900E090B9
12E0A9B35D77DCC2>I<DB3FE0913803FFFC017FB5033FEBFFE0B792B612F8060715FE06
1F6F7E4E16E095B87E4DD9FC03804DD9C000804D48C76C7FDD0FF880D8003FDB1FE08201
074B486E804D5A6D03FEC881DCE1FC815F04E385EEE7F04D81EEEFC0A2DCFF8084A294C9
FCA25EA35EA45EB3B3AFB9D8E001B912C0A9725D77DC81>I<94381FFFF00407B612C004
7F15FC0303B87E030F17E0037F17FC4ABAFC4A9126FC007F80020F02C0010714E04A49C8
80027F01F8033F13FC91B5486F7F4902C003077F494A6F804991C96C8049497080494971
7F49874949717FA290B548717F48884B83481D80A2481DC04B83481DE0A2481DF0A3484A
7114F8A4481DFCA5B61BFEAF6C1DFCA56C6E4D14F8A36C1DF0A36C1DE06F5F6C1DC0A26C
6E4D1480A26C1D006F5F6C646D6D4D5B6F94B5FC6D636D6D4C5C6D6E4B5C6D6E4B5C6D02
F0031F5C6D6E4B91C7FC6D6C01FE92B512FC6ED9FFC001075C6E02FC017F5C020791B812
C0020196C8FC6E6C17FC031F17F003031780DB007F03FCC9FC040715C0DC001F01F0CAFC
675F7ADD74>I<DB1FF091381FFFC0017FB50203B6FCB7021F15E095B712FC050316FF05
0F17C0053F17F094B912FC04F1DAC01F8004F79026FC00018093B500E06D6C14C0D8003F
93C86C8001074B030F8005F86F806D03E06F804D6F804D8194CA6C7F4C864C71805E7680
A27680A27680A28B88A28BA288A28BA4882080B0200064A467A26467A3525CA267646764
67647062704D91C7FC7094B55AA2714B5C714B5C714B5C05F84B5C71033F5C05FF4B91C8
FC06C049B55A04FB01F001075C04F801FF017F14F07190B712C0051F94C9FC7116FC0503
16F0DD007F1580060F02F8CAFC060049CBFC96CDFCB3ACB912E0A9718579DC81>I<DB7F
C049B47E90B6021F13F8B7027F13FE4DB67E4D15E04D814D814D01077F94263FF00F7F94
387FC01F4D48487FD8003F16000107DAC1FE491480EEC3FC6D5DEEC7F05F16CF5F16DF4D
6D1400A204FFC76C5BA2735B4C6E5B735B070013C04C92C8FCA45EA65EB3B3AAB912FCA9
515D79DC5F>114 D<92261FFFF814F80203B638C001FC023FEDFC0791B8121F010317FF
130F013F9038F8001F4990C8FCD9FFF8153F4801E0150F484915034849814890CAFC197F
4848173F191F485AA2007F180FA31907487EA27FA28002E0705A6E93C8FC14FC14FF15F0
6CECFF8016FCEEFFF06CEEFF8018F06C17FE727E6C18E0856C18FC6C846C727E6C856D84
011F846D841303010084023F83140F020183EC001FDB007F16801603DC000F15C0170018
3F060F14E0007F1703486C82727E857F85857FA2857F1BC07FA27F1B806D5F7F1B006E5E
6E5F6E163F6E4C5A02FC4C5A6E03035B6E6C4A5B03F0023F5B03FF0107B55A01F991B7C7
FCD9F07F16FCD9E01F16F0D9800716C0D9000193C8FC48D9003F14F8007C020349C9FC4B
5F78DD5C>I[<ED03FEA81507A5150FA4151FA3153FA2157FA215FFA25CA25C5CA25C5C5C
5C91B5FC13035B131F017F91B712F00007BAFCBBFCA7C74AC9FCB3B3AAF101FFB1616E17
FE82A219076E17FC836EEE0FF871131F6E6EEB3FF071137F6E6EEBFFE06EDAFF0313C06E
92B512806E1700033F5D6F5D03075D030015E0041F1480040001FCC7FC>72
132 124 258 90 I<DB0FF8F01FF0017FB594B6FCB74BB7FCA9D8003F94C77E0107190F
A26D85B3B3B063A463A263A27F6398B6FCA26DF001FB7015036EEF07F3E00FE3806E6D15
1FE07FC314FF6E6D6CDAFF83EDFFC06E6E010313036E02FCEB3FFE6E91B612FC020017F8
6F16E0031F16800303EDFE00DB007F14F8040102C093C8FC725E77DC81>I<B90303B7FC
A9D8000702F8CA000FEBFE006D6E050013E0666D6E6164826D5090C7FC836E4F5AA26E6E
4C5AA26E6E4C5AA26E6E5F1C3F836E4F5A836E4F5AA26E6E4B5BA26E6E4B90C8FCA26F6E
5D1B07846F4D5A846F4D5AA26F6E4A5AA26F6E4A5AA26F6E5D1BFF846F4C5B846F4C90C9
FCA2706E485AA27002C05B1A0F7002E05B1A1F19F0704B5A19F8704B5AA2706E485AA270
6E5B96B5FC7093CAFCA3715CA2715CA2715CA2715CA3715CA2715CA2715CA27191CBFCA2
725AA3725A725A725A705D7BDB7B>I<B800FE017FB700F8023FB612F8A9D8000F02F0C8
000702C0C9003FEBF800100313806D6E6F7390C7FC775E6D69706F6E1607A26D6E6F6277
160F6D6970706D161FA26E6E6F61516D163F6E687192B6167FA26E68714A6F15FF6E6871
4A608A6E9DC8FC714A6F5C6E6771DA0FFD17078A6E06F86071021F6F140F6E67714A486C
161F8A6F4D6C5F72017F6F143F6F667249486C167F8A6F4D6C5F72487113FFA26F02F04A
6C4B5B4F17C06F4C6D94C9FCDEF807715AA26F02FC496D4B5A070F17F06F4C6D5EDEFE1F
EFF80FA26F02FF496E4A5A073F17FC704B6E5D07FFEFFE3FA2704B6E4A5A1FFF704B6E5D
20FFA27092C86C5DA2704A6F92CAFCA3704A6F5CA2704A6F5CA3704A705BA27149705BA3
7149705BA27149705BA37190CA6C5BA271487190CBFC7148715A9D5D7BDBA8>I<007FB8
6C49B712FEA9C792C9000F02C0C7FC6E6E030101F0C8FC715F6E6E4B5B6E6E4B5B6E4E90
C9FC6E6E5E71151F6E6E4B5A6E6E4B5A6E4E5A6F6E495B72495B6F6E495B6F806F6E4990
CAFC6F4C5A72495A6F6E495A6F6E495A6F03815B705E7014C307E75B7091B5CBFC705D70
5D705D6282705D715C8386718071807180837180864D814D815F4D81874D814D81DDFFF3
804C13E14C01C1804C0180814E6C804C6E804C487F4C48824C486D804C486D804B496D80
4B497F73804B49834B90C86C804B486F804B48814B486F804B48844C6F804A71804A496F
804A49814A90CA814A487180023F7280010FB500E07080B8031FB812E0A9735C7CDB7B>
I<007FB800C04AB71280A9D800034ACA000791C7FC6D080013F0775A6D6E4E5AA26E6E60
64836E4F90C8FC836E4F5A836E4F5AA26E6E4C5AA26E6E5F1C3F6E6E5F1C7F836E4F5A84
6F4D5B846F4D90C9FCA26F6E4A5AA26F6E5D1B0F846F4D5A846F4D5A846F4D5AA26F6E4A
5AA2706E5C627002C091CAFC6219E0704B5A19F0704B5AA2706E485AA2706E485AA27002
FE5B1A7F19FF704B5AA2715DA27192CBFCA2715CA2715CA3715CA2715CA2715CA2715CA2
725BA27290CCFCA3725AA2725AA24E5AA24E5AA261187FA24E5AA24D5B13FE2603FF804A
90CDFC000F13E0486D4A5A487F486D4A5AA260B56C141F4D5AA24D5A17FF604C5B4A4990
CEFC6C5D4C5A6C49EB3FFC4A495A6C4948485A9026FE80075B270FFFC03F5B6C90B6CFFC
6C5D6C15F86C6C5C011F14C0010749D0FC9038007FE071857CDB7B>I
E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fw cmbx12 12 61
/Fw 61 123 df<DB3FFEEB07FE0207B539C07FFF80023F02F1B512E0913CFFF003FFFE07
F00103D980019038F81FF849494801F013FCD91FFC49EBE03F49485B18C0495A18804948
EE1FF8A270EC07E07091C7FCABBA12F0A4C69026E000030180C7FCB3B2007FD9FFC1B67E
A446457EC441>11 D<ED1FFE0203B512C0021F14F09139FFF803F8010390388000FC4990
C77ED91FFCEB03FF013F5C5C495A4C13804948150082A3705AEE00F894C7FCA74BB51280
B9FCA4C69038E00003B3B2007FD9FFC1B6FCA438457EC43E>I<EC01C01403EC0F80EC1F
00143E5C14FC495A495A495AA2495A131F495AA249C7FC5B5B12015B1203A2485AA3485A
A3121F5BA2123FA35B127FA612FFA25BAE7FA2127FA6123F7FA3121FA27F120FA36C7EA3
6C7EA212017F12007F7F6D7EA26D7E130F6D7EA26D7E6D7E6D7E147C8080EC0F80EC03C0
14011A6475CA2C>40 D<12E07E127C7E7E6C7E7F6C7E6C7E6C7EA26C7E7F137FA26D7E80
131F80130F80A26D7EA36D7EA3801301A280A37F1580A615C0A2147FAE14FFA21580A615
005BA35CA213035CA3495AA3495AA25C131F5C133F5C49C7FCA213FE5B485AA2485A485A
485A5B48C8FC123E5A12F05A1A647ACA2C>I<B612F8A91D097F9A25>45
D<EA0780EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA07800E0E788D1F>I<
EC3FF849B5FC010F14E090393FF01FF890397FC007FC49486C7E48496C7E48486D138048
48EC7FC0A24848EC3FE0A2001F16F0A2003F16F849141FA2007F16FCA600FF16FEB3A300
7F16FCA5003F16F86D143FA2001F16F0A2000F16E06D147F000716C0A26C6CECFF806C6C
4913006C6D485A6D6C485A90393FF01FF8010FB512E0010314809026003FF8C7FC2F427C
C038>48 D<EC03C01407141F147FEB03FF133FB6FCA313C3EA0003B3B3AFB712FCA42641
77C038>I<ECFFE0010F13FE013FEBFFC090B612F02603FE017F3A07F0007FFED80FC0EB
1FFF48486D138048C76C13C04816E001C07F01F06D13F012FF7F6F13F8A56C5A6C5A6C5A
C9FC4B13F0A34B13E017C05D17804B13005E4B5A4B5A5E4B5AEDFF804A90C7FC4A5AEC07
F84A5A4A5AEC3F804AC71278147E5CD901F014F8494814F0495A495A49C8FC013C140149
140390B7FC4816E05A5A5A5A5A5AB812C0A42D417BC038>I<ECFFF0010713FF011F14C0
D97F8013F09039FC003FFCD803F06D7E48486D7EA2D80FF86D138013FE001F16C07FA66C
5A6C4815806C485BC81400A24B5A5E4B5A4B5A4B5A4A1380DA0FFEC7FC903807FFF85D15
FF90C713C0ED3FF0ED1FFC6FB4FC6F138017C08117E017F081A217F8A2EA0FC0EA3FF048
7EA2487EA317F05DA26C4815E04915C0495BD83F804913806C6C1500D80FF0EB3FFE6CB4
EBFFF8000190B55A6C6C14C0011F49C7FC010113E02D427BC038>I<161F5EA25E5E5DA2
5D5D5D5DA25D5D92B5FCEC01F715E7EC03C7EC0787140FEC1F07141E143C147814F8EB01
F014E0EB03C0EB0780130FEB1F00131E5B5B13F85B485A485A485A120F90C7FC121E5A12
7C5AB91280A4C8000F90C7FCAC027FB61280A431417DC038>I<0007150301E0143F01FF
EB07FF91B55A5EA25E16E05E5E4BC7FC15F815E04AC8FC01C0C9FCAAEC3FF001C3B5FC01
CF14C09039DFE03FF09039FE000FFC01F86D7E496D7E491580496D13C06C5AC814E08117
F0A317F8A31206EA1FC0EA7FE07F12FF7FA317F05B5D6C4815E01380007CC714C06C5C6C
16806D4913006C6C495AD807F0EB3FFCD803FEEBFFF0C6B65A013F1480010F01FCC7FC01
0113C02D427BC038>I<4AB47E021F13F0027F13FC903901FF807F903A07FC001F804948
130FD93FE0EB1FC04948137F01FFECFFE048495A481300A2485A120FA248486D13C0EE7F
80EE1E00003F92C7FCA25B127FA3EC1FFE00FF90387FFFC091B512F09039F9E00FF89039
FBC007FC9039FF8003FF4A7E17804915C06F13E05B17F0A317F85BA4127FA5123FA317F0
6C7EA2000F16E05D6C6C15C017806C6C4913006C6D5A6C9038C00FFC90397FF03FF8011F
B55A010714C0010191C7FC9038003FF82D427BC038>I<121E121F13FC90B712FEA44816
FC17F817F017E0A217C01780481600007EC8127E007C157C16FC00784A5A4B5A4B5A00F8
5D48140F4B5A4BC7FCC8127E157C15FC4A5A14035D14075D140F141F5D143FA2147F5D14
FFA35BA34990C8FCA35BA65BAA6D5A6D5A6D5A2F447AC238>I<EC7FF00103B5FC010F14
C090393F801FF090397C0007FC4848EB01FE48486D7E49800007168049143F000F16C016
1F121FA27FA27F7F01FE143F6D158002C0137F02F014006C01FC13FEECFE016C9038FF83
FCEDE7F06CECFFE06C15806C92C7FC6D14C06D80010F14F86D80011F80017F802601FE3F
14802603FC0F14C02607F80314E04848C6FC48486D13F04848131F150748486D13F81500
00FF157F90C8123F161F160FA21607A36D15F0A2007F150F6D15E0123F6DEC1FC06C6CEC
3F806C6CEC7F00D807FEEB01FE3A03FFC00FFCC690B512F0013F14C0010F91C7FC010013
F02D427BC038>I<EC7FF0903807FFFE011F6D7E90397FE03FE09039FF801FF048496C7E
48486D7E00076E7E484880001F80003F16805B007F16C08117E012FFA217F0A617F8A400
7F5CA4123F5D6C7E000F5C6C7E00035C6C6C131E6C6D5A90387FFFF8011F5B010301C013
F090C8FCA317E05DA2EA03C0D80FF015C0487E486C15805D17004B5AA24B5A49495A6C48
5C01C0EB7FE0000F4A5A2607F8035B6CB548C7FC6C14F86C6C13E0D907FEC8FC2D427BC0
38>I<EA0780EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA0780C7FCB0EA07
80EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA07800E2C78AB1F>I<EE1F80
A24C7EA24C7EA34C7EA24B7FA34B7FA24B7FA34B7F169F031F80161F82033F80ED3E0703
7E80157C8203FC804B7E02018115F0820203814B137F0207815D173F020F814B7F021F82
92C77EA24A82023E80027E82027FB7FCA291B87EA2D901F8C700017F4A80A20103834A15
7F0107834A153FA249488284011F8491C97E4984133E842601FFC083B6020FB612F0A44C
457CC455>65 D<B9FC18F018FE727E26003FFCC7000713E005017F717FF03FFC85727E84
1A80A27213C0A84E1380A21A00604E5A614E5A4D485A4D13C0051F90C7FC91B712FC18F0
18FF02FCC7000313C0050013F0F03FFC727E727E7213801AC07213E0A27213F0A31AF8A8
1AF0601AE0601AC0604E13804E1300F0FFFE050713F8BA5A19C04EC7FC18E045447CC350
>I<DCFFF81470031F01FF14F04AB6EAE0010207EDF803023F9039E003FE07DAFFFEC7EA
7F0F4901F0EC1FDF010701C0EC07FF4949804948C87E4948814948167F4948163F484916
1F5A4849160FA248491607A24890CA1203A25A5B1901127FA296C7FC5B12FFAE127F7FA2
1AF0123FA27F7E19016C6D17E0A26C6D16031AC06C6D16076C19806C6D160F6D6CEE1F00
6D6C163E6D6C5E6D6C6C5D6D6DEC03F0010101F04A5A6D01FEEC3FC091283FFFE001FFC7
FC020790B512FC020115F0DA001F1480030001F8C8FC44467AC451>I<B9FC18F018FE72
7E26003FFEC7001F13E0050113F8716C7EF01FFF06077F727F727F727F197F86737EA273
7EA2737EA21B80A2851BC0A51BE0AD1BC0A51B8061A21B00A24F5AA24F5A62197F4F5A4E
5B4E5B4E5B061F90C7FC4E5A943801FFF8051F5BBA12C04EC8FC18F095C9FC4B447CC356
>I<BA12F8A4D8001F90C700037FEF003F180F180318011800A2197C197E193EA2191EA4
0578131F85A396C7FCA217F8A316011603161F92B5FCA4ED001F160316011600A30578EB
01E0A3F103C0A394C7FCA21907A21A80190FA3191FA2193FF17F0061601807181F4DB5FC
BBFC61A343447DC34A>I<BA1280A426003FFEC7001F13C01701EF007F183F181F180F18
07A2F003E0A31801A4F000F0EE01E0A31900A31603A31607160F167F91B6FCA49138FE00
7F160F16071603A31601A693C9FCB0B712F0A43C447CC346>I<B712E0A4D8001F90C7FC
B3B3B3A6B712E0A423447DC32A>73 D<B712F0A426003FFECAFCB3B3F00780A4180F1900
A460A360A2187EA218FE170117031707171F177FEE03FFB95AA439447CC343>76
D<B500FE067FB512806E95B6FCA26F5ED8003F50C7FCA2013D6DEE03DFA2013C6DEE079F
A26E6CEE0F1FA26E6C161EA26E6C163CA36E6C1678A26E6C16F0A26E6DEC01E0A26E6DEC
03C0A36E6DEC0780A26F6CEC0F00A26F6C141EA26F6C5CA36F6C5CA26F6C5CA26F6D485A
A26F6D485AA26F6D485AA3706C48C7FCA293383FF81EA2706C5AA2706C5AA3706C5AA270
5BA2705BA2705BA213FFB66EC7007FB61280A2173E171C61447CC36A>I<B64BB512FE81
81A2D8003F6D91390001FE006FED007881013D7F81133C6E7E6E7F6E7F6E7F6E7F82806E
7F6E7F6F7E6F7F83816F7F6F7F6F7F6F7F6F7F8382707F707F707F707F8482707F707F71
7E7113807113C019E0837113F07113F87113FC7113FE19FF847213F884848484A2848419
7F193F191FA2190F190701FF1703B6160119001A78A24F447CC358>I<923807FFC092B5
12FE0207ECFFC091261FFE0013F0DA7FF0EB1FFC902601FFC0EB07FF010790C7000113C0
49486E7F49486F7E49486F7E49486F7E49486F7E48496F7E4819804A814819C091C97E48
19E0A248487013F0A2003F19F8A3007F19FC49177FA400FF19FEAD007F19FC6D17FFA300
3F19F8A36C6C4C13F0A36C6D4B13E0A26C6D4B13C06C19806E5D6C19006C6D4B5A6D6C4B
5A6D6C4B5A6D6C4B5A6D6C4A5B6D01C001075B010101F0011F90C7FC6D01FEEBFFFE023F
B612F8020715C002004AC8FC030713C047467AC454>I<B9FC18F018FE727ED8001F90C7
001F13E005017F716C7E727E727E85721380A27213C0A31AE0A81AC0A34E1380A24E1300
614E5AF0FFF84D5B051F13C092B7C7FC18FC18C092CBFCB3A9B712E0A443447DC34D>I<
B812F8EFFFC018F818FED8001F90C7383FFF80050713E005017F716C7E727E85727EA272
7FA286A762A26097C7FC61183F614E5A943801FFE005075B057F90C8FC92B612F818C084
DB000113F89338003FFEEF0FFF717F717F858385A2717FA785A61B0F85A2187F1B1F726C
131E72143EB700E06DEB807C72EBE0F80601EBFFF0726C13E0CC0007138050457DC354>
82 D<DAFFE0131C010701FE133C013F9038FF807C90B6EAE0FC489038801FF93A03FC00
03FF4848EB007F4848143F4848141F4848140F1607007F1503491401A2160012FF177CA2
7F173C7F7F7F6D92C7FC6CB4FC14E014FE6CEBFFF015FF6C15E016FC6C816C6F7E6C826C
826C6C81011F810107811300020F80140003077FED007F82040F138082A200F08182A382
7EA218007EA26C5D5F7E6D4A5A13E06D4A5A01FC4A5AD9FF80EB3FE026FE7FF8EBFFC0D8
FC1FB6C7FCD8F80714FC48C614F0480107138031467AC43E>I<003FBA12E0A49026FE00
0FEB800301F0EE007FD87FC0EF1FF049170F90C71607007E1803007C1801A300781800A4
00F819F8481978A5C81700B3B3A40107B8FCA445437CC24E>I<B76C010FB512F8A42600
3FFEC9380FF800F103E0B3B3A9011F17076280190F6D60A26D6D4BC7FC6D5F6F153E6D6D
5D6DEE01FCDA7FF84A5A6E6CEC0FF0DA0FFFEC3FE06E9039F003FF80020190B6C8FC6E6C
14FC030F14E09226007FFEC9FC4D457CC356>I<B792B6FCA4C66C48C900031300013FEF
007C6E17FC6D606F15016D608119036D606F15076D606F150F6D6081191F6D6D93C7FC61
027F163E6F157E023F167C8119FC6E6D5C18016E5E7013036E5E8218076E6D5C180F6E5E
70131F6E93C8FC705B037F143E82187E033F147C7013FC6F5C17816F5C17C117C36F5C17
E76F5C17FF6F5CA36F91C9FCA2705AA2705AA3705AA2705AA2705AA250457EC355>I<B6
00FE017FB691B512FEA426007FFCC8D83FFEC800011300F5003C6E70167C013F70177880
7415F86D705F6F7014016D705FA26F7014036D64814E6D14076D646F70140F6D041E94C7
FCA26F023E6D5C6DDC3C7F151E81027F037C6D5CF0783F6F70147C023F4B6C1578A26F01
016F13F86E4B6C5D16806E02036F485A4E7E04C0EEE0036E4A486C5DA2DCE00FEDF0076E
4B6C5D16F06E4A6F48C8FC051E7F04F8705A6E4A027F131EA2DCFC7CEDFE3E037F017802
3F133C04FE16FF033F01F85E4D8004FF17F86F496E5BA36F496E5BA26F604D80A26F90C8
6C5BA36F486F90C9FCA26F48167EA30478163C6F457EC374>I<001FB812FEA402F8C713
FC02804913F849C75A01F816F0494A13E0495C4916C048485C4C138090C814005E003E4B
5A5F5D4B5B003C5E5D5F4B5BC85A5F4B90C7FC5D5E4B5A5C5E4A5B5C5E4A5B5C5E4A90C8
FC5C5D4A5A49160F5D495B5B5D4949141F5B4B141E5B4990C8FC4A153E13FF485B4A157E
5A484915FE4A14014816034A14074849140F48EE3FFC91C812FF4848140FB9FCA438447A
C344>90 D<903807FFF0017F13FF48B612C03A03FC007FF0486CEB1FF8486CEB0FFE6F7E
A26F7FA26F7F6C5A6C5AEA00F090C7FCA44AB5FC147F0107B6FC013F13C19038FFF80100
0313E0481380381FFE00485A5B127F5B12FF5BA35DA26D5B6C6C5B003F141ED81FFE4913
F83C0FFF80F87FFFC00003EBFFF0C6ECC01F90390FFE0007322C7DAB36>97
D<EB7FC0B5FCA412037EB3ED1FF802C1B5FC02C714E09139DFC03FF89139FF000FFC02FC
EB03FE4A6D7E4A15804A6D13C04A15E0177F18F0A2EF3FF8A318FCAB18F8A3177F18F0A2
18E017FF6E15C06E4913806E491300027C495A496C495A903AFC1FC07FF0D9F807B512C0
D9F00191C7FC9039E0003FF036457DC43E>I<EC3FFF0103B512F0010F14FC90393FF001
FE9039FFC003FF4849481380481300485A485A121F5B003F6E13006F5A007FEC00784991
C7FCA312FFAA127FA27FA2123FEE03C06C7E16076C6C15806C6C140F6C6DEB1F006C6D13
3E6C6D13FC90393FF807F8010FB512E0010314809026003FF8C7FC2A2C7CAB32>I<EE03
FEED07FFA4ED001F160FB3EC3FF0903803FFFE010FEBFF8F90393FF807EF9039FFC001FF
48903880007F4890C7123F4848141F4848140F121F5B123FA2127F5BA312FFAB127FA36C
7EA2121F7F000F151F6C6C143F0003157F6C6C14FF6CD9C0037F90277FF01FCF13FC011F
B5120F010313FC9038007FE036457CC43E>I<EC3FFC0103B57E011F14E090393FF81FF8
9039FFC007FC48496C7E48496C7E48486D13804848147F17C0485A003FED3FE0A2127F49
15F0A2161F12FFA290B7FCA301F0C9FCA5127FA36C7EA217F06C7E000F15016C6C15E016
036C6CEC07C0C66DEB1F80D97FE0EB7F0090393FFC03FE010FB512F8010114E09026001F
FEC7FC2C2C7DAB33>I<4AB4FC021F13E091B512F00103EB83F8903907FE0FFCD90FFC13
FE90381FF81F133FEB7FF0A2EBFFE0ED0FFCA2ED03F092C7FCABB612F8A4C601E0C7FCB3
B2007FEBFFE0A427457DC422>I<177E9139FFE003FF010FD9FE071380013F9039FF9F9F
C0903AFFC07FFE3F489038001FF84848130F4848EB07FC000F9238FE1F80001F9238FF0F
00496D90C7FCA2003F82A7001F93C7FCA26D5B000F5D00075D6C6C495A6C6C495A489038
C07FE091B51280D8078F49C8FC018013E0000F90CAFCA47F7F7F90B612C016FE6C6F7E17
E06C826C16FC7E000382000F82D81FF0C7123FD83FC014074848020113808248C9FC177F
A46D15FF007F17006C6C4A5A6D1403D81FF8EC0FFCD807FEEC3FF03B01FFC001FFC06C6C
B6C7FC010F14F80100148032417DAC38>I<EB7FC0B5FCA412037EB3ED07FE92383FFFC0
92B512F09139C3F03FF89139C7C01FFC9138CF000F02DE8014FC4A6D7EA25C5CA35CB3A8
B60083B512FEA437457CC43E>I<13FC487E487E4813804813C0A66C13806C13006C5A6C
5A90C7FCACEB7FC0EA7FFFA412037EB3B0B6FCA418467CC520>I<EB7FC0B5FCA412037E
B393387FFFE0A493380FF800EE07E0EE1FC04CC7FC167E5EED03F8ED07E04B5A4B5A037F
C8FC15FEECC1FCECC3FE14C7ECDFFF91B57E82A202F97F02E17F02C07FEC807F6F7E826F
7E816F7F836F7F816F7F83707E163F17FFB60003B512F8A435457DC43B>107
D<EB7FC0B5FCA412037EB3B3B3A5B61280A419457CC420>I<90277F8007FFEC0FFEB501
3F01C090387FFF8092B5D8F001B512E0913D81F81FFC03F03FF8913D87C00FFE0F801FFC
000390268F000790381E000F6C019E6E488002BC5D02B86D496D7E14F84A5DA24A5DA24A
5DB3A8B60081B60003B512FEA4572C7CAB5E>I<90397F8007FEB590383FFFC092B512F0
913983F03FF8913987C01FFC000390388F000F6C019E8014BC02B86D7E14F85C5CA35CB3
A8B60083B512FEA4372C7CAB3E>I<EC1FFC49B512C0010F14F890393FF80FFE90397FC0
01FF4848C7EA7FC048486E7E48486E7E000F8249140F001F82A2003F82491407007F82A3
00FF1780AA007F1700A46C6C4A5AA2001F5E6C6C4A5AA26C6C4A5A6C6C4A5A6C6D495A6C
6D485B90273FF80FFEC7FC010FB512F8010114C09026001FFCC8FC312C7DAB38>I<9039
7FC01FF8B500C1B5FC02C714E09139DFC03FF89139FF001FFC000301FCEB07FE6C496D7E
4A15804A6D13C04A15E08218F0177F18F8A3EF3FFCAB18F8177FA318F017FF18E05E6E15
C06E4913806E4913006E495A6E495A9139DFC07FF002C7B512C002C191C7FC9138C03FF0
92C9FCAFB67EA4363F7DAB3E>I<DA3FF0131E902603FFFC133E010F01FF137E903A3FF8
0FC0FE9039FFE003E0489038C001F14890388000FB4890C7127F4848143F001F151F5B00
3F150F5B127FA35B12FFAB6C7EA3123F7F121F6D141F000F153F6C6C147F6C15FF6C6D5A
6C9038E003EF90393FF01FCF6DB5120F010313FC9038007FE091C7FCAF0307B512FCA436
3F7CAB3B>I<90387F807FB53881FFE0028313F091388F87F891389F0FFC000390389E1F
FE6C13BC14B814F814F0A29138E00FFCED07F8ED01E092C7FCA25CB3A6B612E0A4272C7D
AB2E>I<90391FFE038090B512CF000314FF380FF003391FC0007F48C7123F48141F007E
140FA200FE1407A27E7F6D90C7FC13F0EBFF806C13FCECFF806C14E015F86C14FE6C8012
03C61580013F14C01301D9000F13E0140000F0147F153F6C141FA2150F7E16C07E6C141F
168001C0133F6DEB7F009038F801FC00FCB55AD8F03F13E026E007FEC7FC232C7CAB2C>
I<EB01E0A51303A41307A2130FA2131FA2133F137F13FF1203000F90B51280B7FCA3C601
E0C7FCB3A4ED01E0A91503D97FF013C0A2013FEB0780ECF80F90391FFC1F00903807FFFE
010113F89038003FE0233F7EBE2C>I<D97FC049B4FCB50103B5FCA40003EC000F6C81B3
A85EA25EA26C5DA26E5B017FD901F7138090273FF807E713FE010FB512870103EBFE0790
38007FF8372C7CAB3E>I<B6903803FFFCA4000101C09038007F806EEC3E006C163C8001
7F5D8017F8013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6D
EBE01E163E6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90
C8FCA26E5AA26E5AA21578362C7EAB3B>I<B5D8FE1FB539801FFFF0A400039027C0007F
E0C7EAFE006C033F157C7114786E17F86C6F6C5C6E1601017F6E6C5CA26E011F1403013F
6F5C6E013F1407011F6F5CA26E0179140F010F048090C7FC6E01F95C6D02F0EBC01E1580
6D902681E07F5B18E003C3157C6D9139C03FF07815E76DDA801F5B18F803FF14F96E9039
000FFDE018FF6E486D5BA36E486D5BA26E486D90C8FCA24B7F02075DA26E48147C4B143C
4C2C7EAB51>I<B500FE90383FFFF0A4000101E0903807F8006C6DEB03E06D6C495A013F
4A5A6D6C49C7FC6E5B6D6C137E6DEB807C6D6D5A6DEBC1F0EDE3E06DEBF7C06EB45A806E
90C8FC5D6E7E6E7F6E7FA24A7F4A7F8291381F3FFCEC3E1F027C7F4A6C7E49486C7F0103
6D7F49487E02C08049486C7F49C76C7E013E6E7E49141F48B46E7EB500E090B512FCA436
2C7EAB3B>I<B6903803FFFCA4000101C09038007F806EEC3E006C163C80017F5D8017F8
013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6DEBE01E163E
6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90C8FCA26E5A
A26E5AA21578A215F85D14015D001F1303D83F805B387FC007D8FFE05B140F92C9FC5C14
3E6C485A5C383F07F0381FFFC06C5BD801FCCAFC363F7EAB3B>I<001FB71280A39026FC
000F130001E05B49495A49495A90C75B15FF003E495B5E4A5B003C5B4A5B93C7FC5C4A5A
C7485A5D14FF495B5D495B5B495B92380007805B495A495A4A130F01FF1500485B5C4849
5B5A485B91C75A485D48485C4848EB03FE49131FB7FCA3292C7DAB32>I
E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fx cmti10 10.95 6
/Fx 6 117 df<147E49B47E903907C1C38090391F80EFC090383F00FF017E137F491480
4848133F485AA248481400120F5B001F5C157E485AA215FE007F5C90C7FCA21401485C5A
A21403EDF0385AA21407EDE078020F1370127C021F13F0007E013F13E0003E137FECF3E1
261F01E313C03A0F8781E3803A03FF00FF00D800FC133E252977A72E>97
D<EE3F80ED1FFF1700A2ED007FA2167EA216FEA25EA21501A25EA21503A25EA21507A25E
147E903801FF8F903807C1CF90391F80EFC090383F00FF017E137F5B48486D5A485AA248
5A000F92C7FC5B001F5CA24848137EA215FE127F90C75AA214015A485CA2140316384814
F0A21407167891380FE070127C021F13F0007E013F5B003E137FECF3E1261F01E35B3A0F
8781E3802703FF00FFC7FCD800FC133E294077BE2E>100 D<EC3F80903801FFE0903807
E0F890381F803CEB3E0001FC131E485A485A12074848133E49133C121F4848137C15F8EC
03F0397F000FE0ECFF80B5EAFC0014C048C8FCA45AA61506150E151E007C143C15786C14
F0EC01E06CEB07C0390F801F003807C0FC3801FFF038007F801F2976A72A>I<1478EB01
FCA21303A314F8EB00E01400AD137C48B4FC38038F80EA0707000E13C0121E121CEA3C0F
1238A2EA781F00701380A2EAF03F140012005B137E13FE5BA212015BA212035B14381207
13E0000F1378EBC070A214F0EB80E0A2EB81C01383148038078700EA03FEEA00F8163E79
BC1C>105 D<D801F0D93F80137F3D07FC01FFE003FFC03D0F3E07C1F80F83F03D0E1F0F
00FC1E01F8001E011C90387C3800001C49D97E707F003C01F05C0038157F4A5C26783FC0
5C12704A91C7FC91C7127E00F003FE1301494A5CEA007EA20301140301FE5F495CA20303
1407000160495C180F03075D0003051F13E0494A1480A2030FEC3F810007F001C0495CA2
031F91383E0380120F494AEC0700A2033F150E001FEF1E1C4991C7EA0FF80007C7000EEC
03E0432979A74A>109 D<EB01C0EB03F01307A25CA2130FA25CA2131FA25CA2133FA291
C7FCA2007FB51280B6FC1500D8007EC7FC13FEA25BA21201A25BA21203A25BA21207A25B
A2120FA25BA2121F141C1380A2003F133C1438EB0078147014F05C495AEA1F03495A6C48
C7FCEA07FCEA01F0193A78B81E>116 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fy cmtt10 10.95 15
/Fy 15 120 df<120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3FC0EA0F000C0C6E8B30>
46 D<16E0ED01F0ED03F8A2150716F0150F16E0151F16C0153F1680A2157F16005D5D14
015D14035D14075D140F5D141F5DA2143F5D147F92C7FC5C5C13015C13035C13075C130F
5C131F5CA2133F5C137F91C8FC5B5B12015B12035B12075B120F5BA2121F5B123F5B127F
90C9FC5A5AA2127C123825477BBE30>I<120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3F
C0EA0F00C7FCAF120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3FC0EA0F000C276EA630>
58 D<EB7FFC0003B57E000F14E015F84880819038E007FF02017F390FC0007F6C48133F
C87F151FA391B5FC130F137F48B6FC12075A003FEB801FEBF800EA7FE0138048C7FC5AA4
6C143F6C6C137F6D13FF383FF80F90B712C06C16E07E000314E7C6140390263FF80013C0
2B277CA630>97 D<913801FFE04A7F5CA28080EC0007ABEB03FE90381FFF87017F13E790
B6FC5A5A481303390FFC007FD81FF0133F49131F4848130F5B007F140790C7FCA25A5AA7
7E7E150F7F003F141F7F6D133F6C6C137F390FF801FFEBFE076CB712C06C16E06C02F713
F06C6C13C7011F010713E0902607FC0313C02C387DB730>100 D<EA3FFC487E12FFA212
7F123F1200ABEC03FE91380FFFC0023F7F91B57E90B67E82ECFE07ECF00102E07FECC000
5C91C7FCA35BB33B3FFFF81FFFF8486D4813FCB500FE14FEA26C01FC14FC6C496C13F82F
3880B730>104 D<14E0EB03F8A2497EA36D5AA2EB00E091C8FCA9381FFFF8487F5AA27E
7EEA0001B3A9003FB612C04815E0B7FCA27E6C15C023397AB830>I<EA7FF8487EA4127F
1200AB0203B512804A14C017E0A217C06E14809139001FE0004B5A4B5A4BC7FC4A5A4A5A
EC0FF84A5A4A5A4A5A4A5A01FD7F90B57E8114F7ECE3F8ECC1FCEC81FEEC00FF497F496D
7E6F7E826F7E15076F7E6F7E3B7FFFF81FFFE0B56C4813F017F8A217F06C496C13E02D38
7FB730>107 D<267FC0FC137E3BFFE7FF03FF8001EF01877F90B500CF7F92B57E7E0007
010F1387496CEB03F89039FC03FE0101F813FC01F013F8A301E013F0B3A23C7FFE0FFF07
FF80B548018F13C0A46C486C01071380322781A630>109 D<393FFC03FE3A7FFE0FFFC0
00FF013F7F91B57E6CB67E6C81C6EBFE07ECF00102E07FECC0005C91C7FCA35BB33B3FFF
F81FFFF8486D4813FCB500FE14FEA26C01FC14FC6C496C13F82F2780A630>I<393FFC03
FE3A7FFE1FFF8000FF017F13E090B612F86C816C81C69038FE07FFECF001DAC00013804A
EB7FC091C7123FEE1FE05B160FA217F01607A7160F17E07F161F17C06E133F6EEB7F806E
13FFDAF00313009138FC0FFE91B55A5E495C6E5B021F1380DA03FCC7FC91C9FCAE383FFF
F8487FB57EA26C5B6C5B2C3B80A630>112 D<3A3FFF800FF8489038C07FFFB500C1B512
8014C36C01CF14C06C13DF3A001FFFFC3F15E09238801F809238000F0002FC90C7FCA25C
5CA25CA35CAF003FB512FC4880B7FCA26C5C6C5C2A277EA630>114
D<EB0780497E131FA9003FB612E04815F0B7FCA36C15E026001FC0C7FCB216F8ED01FCA4
150302E013F890380FF0079138F81FF06DB5FC16E06D14C06D14006D6C5AEC1FF026327E
B130>116 D<D83FFCEB3FFC486C497E00FF14FFA2007F147F003F143F00001400B3A415
01A215036D130F90387FC03F91B612F86D15FC17FE6D5B010701F813FC01019038C07FF8
2F2780A630>I<3B3FFFC01FFFE0486D4813F0B515F8A26C16F06C496C13E0D807E0C7EA
3F00A26D5C0003157EA56D14FE00015DEC0F80EC1FC0EC3FE0A33A00FC7FF1F8A2147DA2
ECFDF9017C5C14F8A3017E13FBA290393FF07FE0A3ECE03FA2011F5C90390F800F802D27
7FA630>119 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fz cmsy10 10.95 2
/Fz 2 25 df<EE3FFC0307B512E0033F14FC92B7FC0203D9E00713C0DA0FFCC7EA3FF0DA
1FE0EC07F8DA3F80EC01FC02FEC9127FD901F8EE1F804948707E4948707ED90F80EE01F0
49CB7E013E187C49840178181E01F8181F4848F00F804848F007C049180300071AE04918
01000F1AF090CDFC481AF8001E1A78A2003E1A7C003C1A3CA2007C1A3E00781A1EA300F8
1A1F481A0FAD6C1A1F00781A1EA3007C1A3E003C1A3CA2003E1A7C001E1A78A2001F1AF8
6C1AF06D180100071AE06D180300031AC06D18076C6CF00F806C6CF01F000178181E017C
183E6D606D606D6C4C5AD907E0EE07E06D6C4C5A6D6C4C5AD900FE047FC7FCDA3F80EC01
FCDA1FE0EC07F8DA0FFCEC3FF0913B03FFE007FFC0020090B6C8FC033F14FC030714E092
26003FFCC9FC50557BC05B>13 D<D91FE01620D97FF816703801FFFE486D7E48804814F0
9038E01FF8271F8007FC15E0393E0001FE003CD9007F1401007CDA3FC013030078DA0FE0
14C00070DA07F81307DB03FEEB1F8048913A01FF807F006F90B5FC043F5B705B04075B04
0113E000409238007F803C157BA047>24 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: FA cmr10 10.95 38
/FA 38 122 df<EC0FC0EC3FE0ECF878903801F018903803E01C903807C00C130FEC800E
011F1306A2EB3F00A4150EEC800CA2151C5D153015705D6D6C5A14C1ECC38002C7CAFC02
EE91383FFFFCEB0FEC14FC4A020313C06D48913800FE006E15F818706D6C1560010716E0
496C5D011D1501D939FF4A5A017093C7FC496D5B0001017F1406496C6C130E00036E5B26
07801F1418000F6E1338001F6D6C5B383F0007486E5B6E6C485AEC01FF486D495A0487C8
FCED7FCEED3FEEDB1FFC14186D6D5AA2007F6E6C14386D6D6C1430003F4A6C14706D496C
6C13E0001F91391E3FC0016C6C903AFC1FF003C03D07FC07F007FC0F800001B5D8C001B5
12006C6C90C7EA7FFCD90FF8EC0FF03E437CC047>38 D<1430147014E0EB01C0EB038013
07EB0F00131E133E133C5B13F85B12015B12035B1207A2485AA348C7FCA35AA2123EA212
7EA4127CA312FCB2127CA3127EA4123EA2123FA27EA36C7EA36C7EA212037F12017F1200
7F13787F133E131E7FEB07801303EB01C0EB00E014701430145A77C323>40
D<12C07E12707E7E121E7E6C7E7F12036C7E7F12007F1378137C133C133EA27FA3EB0F80
A314C0A21307A214E0A41303A314F0B214E0A31307A414C0A2130FA21480A3EB1F00A313
3EA2133C137C137813F85B12015B485A12075B48C7FC121E121C5A5A5A5A145A7BC323>
I<B512FEA617067F951E>45 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A0A798919>
I<14C013031307131F137FEA07FFB5FC139FEAF81F1200B3B3ACEB7FF0B612F8A31D3D78
BC2D>49 D<EB07FC90383FFF8090B512E03903F01FF839078007FC390F0001FE001E6D7E
001C158048EC7FC05AED3FE01260B4FC6DEB1FF07FA56C5A6CC7FC120CC813E0153FA216
C0157F168015FF16004A5A5D4A5A4A5A5D4A5A4A5A4AC7FC147E147C5C495AEB03C0495A
49C8FC011E14305B13385B491460485A485A48C8FC000E15E0001FB6FCA25A4815C0B7FC
A3243D7CBC2D>I<EB03FCEB1FFF90387E07C09038FC03F048486C7E48486C7E4848137C
000F147E4848137F81003F15805B007F15C0A2151F12FF16E0A516F0A5127F153FA36C7E
A2001F147F120F6C6C13FF6D13DF000313013900F8039F90387E0F1FD91FFE13E0EB07F0
90C7FCA2ED3FC0A41680157FD80F801400487E486C13FEA24A5A5D49485AEB8007391E00
0FE04A5A260FC07FC7FC3803FFFE6C13F838003FC0243F7CBC2D>57
D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3121E127FEAFF80A213C0A4127F121E
1200A412011380A3120313005A1206120E120C121C5A1230A20A3979A619>59
D<1507A34B7EA34B7EA24B7EA34B7E156FA2EDEFF815C7A291380187FC1583A291380303
FE1501A291380600FFA34A6D7EA34A6D7EA34A6D7EA20270800260130FA202E0804A1307
A201018191B6FCA2498191C71201A201068182A2496F7EA3496F7EA3496F7EA21370717E
13F800014C7ED80FFE4B7EB500E0010FB512F8A33D417DC044>65
D<011FB512FCA3D9000713006E5A1401B3B3A6123FEA7F80EAFFC0A44A5A1380D87F005B
006C130700705C6C495A6C495A000F495A2603C07EC7FC3800FFF8EB3FC026407CBD2F>
74 D<D907FC130C90391FFF801C017F13F03A01FC03F83C3A03F0003E7CD807C0EB1FFC
48481307001F140348C71201003E1400127E167C007C153C12FCA2161CA36C150CA27EA2
6C6C14007F7FEA3FF8EBFF806C13F86CEBFF806C14F06C14FC6C14FF6C15C0013F14E001
0714F0EB007F020713F89138007FFC150FED07FE15031501ED00FFA200C0157FA3163FA2
7EA36C153EA26C157E167C6C15FC6C15F86C14016DEB03F001E0EB07E0D8F9F8EB0FC03A
F07F803F803AE01FFFFE00010713F839C0007FC028427BBF33>83
D<003FB91280A3903AE0007FE00090C76C48131F007EEF0FC0007C170700781703007017
01A300601700A5481860A5C81600B3B14B7E4B7E0107B612FEA33B3D7DBC42>I<B500FE
017FB5D88003B5FCA3000301C0010101E0C7EA7FF86C90C849EC0FE07148EC07807E716C
150080017F1906717E6E180E013F190C4D7E80011F614D7E17676D6C60EFE7FC17C36D6C
6084EE01816D6C60A24CC67E6D6C4D5AA20406EB7F806E17036D96C7FC4CEB3FC003805E
027F17064CEB1FE003C0160E023F170C4CEB0FF015E0021F5F047014F804601307DA0FF0
5E04E014FC4C1303DA07F85E19FEDBF9801301DA03FD5EA203FFC812FF6E5FA24B157F02
0094C8FCA24B81A2037C153E0378151EA20338151C0330150C58407EBD5D>87
D<EB0FF8EBFFFE3903F01F8039070007E0486C6C7E9038E001F8D81FF07F6E7EA3157F6C
5AEA0380C8FCA4EC1FFF0103B5FC90381FF87FEB7F803801FC00EA07F8EA0FE0485A485A
A248C7FCEE018012FEA315FFA3007F5BEC03BF3B3F80071F8300261FC00E13C73A07F03C
0FFE3A01FFF807FC3A003FC001F0292A7DA82D>97 D<EA01FC12FFA3120712031201B1EC
03FC91381FFF8091387C07E09138E001F09039FDC000FCD9FF80137E91C77E4915804914
1F17C0EE0FE0A217F0A2160717F8AA17F0A2160FA217E0161F17C06D1580EE3F006D5CD9
FB8013FE9039F1C001F89039E0E003F09039C0780FC09026801FFFC7FCC7EA07F82D407E
BE33>I<49B4FC010F13E090383F00F8017C131E4848131F4848137F0007ECFF80485A5B
121FA24848EB7F00151C007F91C7FCA290C9FC5AAB6C7EA3003F15C07F001F140116806C
6C13036C6CEB0700000314066C6C131E6C6C133890383F01F090380FFFC0D901FEC7FC22
2A7DA828>I<ED01FC15FFA3150715031501B114FF010713C190381F80F190387E003949
131FD803F81307485A49130348481301121F123F5B127FA290C7FCA25AAA7E7FA2123FA2
6C7E000F14037F000714076C6C497E6C6CEB1DFFD8007C017913F890383F01E190380FFF
C1903A01FE01FC002D407DBE33>I<EB01FE90380FFFC090383F03F09038FC01F848486C
7E4848137E48487F000F158049131F001F15C04848130FA2127F16E090C7FCA25AA290B6
FCA290C9FCA67EA27F123F16606C7E16E0000F15C06C6C13016DEB03806C6CEB0700C66C
130E017E5B90381F80F8903807FFE0010090C7FC232A7EA828>I<EC1FC0EC7FF8903801
F83C903807E07E90380FC0FFEB1FC1EB3F811401137FEC00FE01FE137C1500AEB6FCA3C6
48C7FCB3AE487E007F13FFA320407EBF1C>I<167C903903F801FF903A1FFF078F809039
7E0FCE0F9039F803FC1F3A03F001F80F170048486C6CC7FC000F8049137E001F147FA800
0F147E6D13FE00075C6C6C485AA23901F803E03903FE0FC026071FFFC8FCEB03F80006CA
FC120EA3120FA27F7F6CB512E015FE6C6E7E6C15E06C810003813A0FC0001FFC48C7EA01
FE003E140048157E825A82A46C5D007C153E007E157E6C5D6C6C495A6C6C495AD803F0EB
0FC0D800FE017FC7FC90383FFFFC010313C0293D7EA82D>I<EA01FC12FFA31207120312
01B1EC01FE913807FFC091381E07E091387803F09138E001F8D9FDC07F148001FF6D7E91
C7FCA25BA25BB3A6486C497EB5D8F87F13FCA32E3F7DBE33>I<EA01E0EA07F8A2487EA4
6C5AA2EA01E0C8FCACEA01FC127FA3120712031201B3AC487EB512F0A3143E7DBD1A>I<
1478EB01FEA2EB03FFA4EB01FEA2EB00781400AC147FEB7FFFA313017F147FB3B3A5123E
127F38FF807E14FEA214FCEB81F8EA7F01387C03F0381E07C0380FFF803801FC00185185
BD1C>I<EA01FC12FFA3120712031201B292387FFF80A392381FFC00ED0FE0168093C7FC
151C5D5D5D4A5AEC0780020EC8FC141E143F4A7E14FF9038FDDFC09038FF9FE0140F9038
FC07F001F87F6E7E1401816E7E81826F7E151F826F7EA282486C14FEB539F07FFFE0A32B
3F7EBE30>I<EA01FC12FFA3120712031201B3B3B1487EB512F8A3153F7DBE1A>I<2701F8
01FE14FF00FF902707FFC00313E0913B1E07E00F03F0913B7803F03C01F80007903BE001
F87000FC2603F9C06D487F000101805C01FBD900FF147F91C75B13FF4992C7FCA2495CB3
A6486C496CECFF80B5D8F87FD9FC3F13FEA347287DA74C>I<3901F801FE00FF903807FF
C091381E07E091387803F000079038E001F82603F9C07F0001138001FB6D7E91C7FC13FF
5BA25BB3A6486C497EB5D8F87F13FCA32E287DA733>I<14FF010713E090381F81F89038
7E007E01F8131F4848EB0F804848EB07C04848EB03E0000F15F04848EB01F8A2003F15FC
A248C812FEA44815FFA96C15FEA36C6CEB01FCA3001F15F86C6CEB03F0A26C6CEB07E06C
6CEB0FC06C6CEB1F80D8007EEB7E0090383F81FC90380FFFF0010090C7FC282A7EA82D>
I<3901FC03FC00FF90381FFF8091387C0FE09138E003F03A03FDC001FC6CB4486C7E91C7
127F49EC3F805BEE1FC017E0A2EE0FF0A3EE07F8AAEE0FF0A4EE1FE0A2EE3FC06D1580EE
7F007F6E13FE9039FDC001F89039FCE007F09138780FC0DA1FFFC7FCEC07F891C9FCAD48
7EB512F8A32D3A7EA733>I<3901F807E000FFEB1FF8EC787CECE1FE3807F9C100031381
EA01FB1401EC00FC01FF1330491300A35BB3A5487EB512FEA31F287EA724>114
D<90383FC0603901FFF8E03807C03D381F000F003E1303003C1301127C0078130012F815
60A27E7E7E6D1300EA7FF8EBFFC06C13F86C13FE6C7F6C1480000114C0D8003F13E00103
13F0EB001FEC0FF800C01303A214017E1400A27E15F07E6C130115E06CEB03C039FF8007
8039F1E01F0038E0FFFC38C01FE01D2A7DA824>I<130CA5131CA4133CA2137CA213FC12
0112031207001FB512C0B6FCA2D801FCC7FCB3A21560A9000014E06D13C0A2EB7F01013F
1380EB1F83903807FF00EB01FC1B397EB723>I<D801FC14FE00FF147FA3000714030003
140100011400B3A51501A31503120015076DEB06FF017E010E13806D4913FC90381FC078
903807FFE00100903880FE002E297DA733>I<B539E007FFE0A32707FE000113006C48EB
007C1678000115707F00001560A2017F5CA2EC8001013F5CA26D6C48C7FCA26E5A010F13
06A26D6C5AA2ECF81C01031318A26D6C5AA2ECFE7001001360A2EC7FC0A36E5AA26EC8FC
A3140EA22B287EA630>I<B53BC3FFFE01FFF8A33D0FFE003FF0007FC06C48D91FC0EB1F
800003020F15000001170E70130C15076C6C6E5BA27F6D6E5B150D02801570013F6E1360
151802C015E0011FD938FE5BED307ED90FE090387F0180ED603FA2D907F00283C7FCEDC0
1F02F81487010315C69138F9800F02FD14CED901FF14ECED00076D15F84A1303A2027E5C
027C1301A2023C5C0238130002185C3D287EA642>I<B539F01FFFE0A300039039C007FE
00C690388003F8D97F0013E002805BD93FC05B011F49C7FC90380FE00EECF00C6D6C5A01
0313386D6C5A6E5A6D6C5A6E5A143F81141F6E7E4A7E4A7E1473EC61FCECC1FE903801C0
FF49487E49486C7E010680010E6D7E49130F013C6D7E017C80D801FC80D80FFE497EB590
383FFFF8A32D277FA630>I<B539E007FFE0A32707FE000113006C48EB00FC0001157816
706C7E16607F6D5CA26D6C485AA2ECC003011F91C7FCA290380FE006A2ECF00E0107130C
14F801035BA2ECFC380101133014FE01005BA2EC7FC0A36E5AA26EC8FCA3140EA2140CA2
141C1418A25CA200181370007E1360B413E05C13015C4848C9FCEA7E07EA700EEA383CEA
1FF8EA07E02B3A7EA630>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: FB cmsl12 14.4 13
/FB 13 116 df<0103BA12F05BA21BE0D9000301E0C7120F6E4914001A3F1A1F4C150F1A
071A03A21A015C93C9FCA55C5D1BC0A4020F150E5D97C7FCA3181E021F151C5D183CA218
7C18FC023F4A5A4B130F92B6FCA4913A7FF0001FF04B13071701A21700A202FF5D5DA549
4B5A5D94CAFCA45B92CCFCA55B5CA5130F5CA2497E496C7E007FB612E0B7FCA34C527BD1
4C>70 D<0107B600FC013FB612E0A24D17C0A2D9000301F0C8001FEB80006E01C06F48C7
FCA34C5EA41A1F5C93C95BA41A3F5C4B5FA41A7F140F4B5FA41AFF141F4B5FA4614AB9FC
63A303F0C8120161147F4B94C8FCA46114FF4B5EA4190F5B4B5EA4191F5B92C95BA4193F
5B4A5FA4197F130F4A5FA2496C4C7E496C4B7FB7D88007B612FCA204005EA25B527BD158
>72 D<0107B500E0037FB512E0821DC082D900010503EBF8006E9438007FC07070C7FC4A
183EDBCFFE161E1B1CEDC7FFA203C36D153C140303816D1538A203807FA2706C15781407
4B6C6C1570A2707EA2706C15F05C020E6D6C5DA2707FA2706D1301141E021C6F5C82A271
7E1A03023C6E7E023860717EA2717E1A0702786E7E027095C8FC711380A27113C06202F0
6E13E04A170EF07FF0A2F03FF81A1E0101EE1FFC4A171CF00FFEA2F007FF1A3C010318BC
4A6F13B81AF884A284130791CA6C5AA2193FA249171FA249715A497E496C16073803FFF8
B600C01503A24B6F5AA25B527BD158>78 D<0107B8FC19F019FE737ED900039026E00007
13E06E499038007FF8F11FFCF107FE4C6E7E737F737FA2747E5C93C97FA55C5DA4505A14
0F4B5F61634F90C7FC62021F16074BED0FF84F5A4F5AF1FF80060390C8FC023FED0FFC4B
ECFFF092B7128006FCC9FC84923AF00003FF80027F9138007FE04B6E7EF00FF8727E8572
7E14FF4B8086A45B5DA5495E92C8FCA5494C90C8FC5CA2F301C0A21B03010F1A804A811B
07496C05801300496C6F5CB76C6D141E736C5A93C86C6C5A73B45ACC00075B9638007F80
52547BD156>82 D<EC03FF023F13E091B512FC903903FC01FE903A07C0007F8049C76C7E
496E7EEB3FC06E6D7E137F707EA35C6D5A6DC7FC90C8FCA3160FA25FED07FF0203B5FC02
1F138F9138FFE01F903807FE00D91FF05CEB7FC049C7FCEA03FE4848143F485A48485D5B
485A007F173849147FEF807012FF90C812FFA25DA24BEB00E04B7E6D130E007F91391E3F
81C06C6C013C1383D81FF001F0EBC7803C0FFC07E01FFF006CB500805BC649486C5AD91F
F0EB03E0353679B43B>97 D<EDFFC0020713F8023F13FE91387F80FF903A01FC003FC0D9
07F8EB1FE0D90FE0130F4948EB07F0494814F849C712035B4848EC01FC485AA2485A120F
5B121F5B123FA348B7FCA301C0C9FC12FF5BAA127F17E0A216016C6C15C016036C6CEC07
80000F16006D5C6C6C141E6C6C147C6C6C14F06C6CEB03E090393FE01F80010FB5C7FC01
0313F89038007FC02E3679B434>101 D<F003F0DB07F8EB1FFCDB7FFFEB7FFE4AB538C1
F87E913A07F80FF3C0913B0FE003FF00FE91393FC001FE91267F8000147C4AC714104A02
7F1300495A0103825C1307A2495AA417FF95C7FC5CA24C5AA26E495A01075D4C5A6D6C49
5A6D6C495A496C495A91267F81FEC8FC9039071FFFFCD90E0713E0D91E0190C9FC011CCB
FCA2133CA5133EA2EB3F8091B512FCEEFFC06D15F817FE6D8118C0133F01FEC700077FD8
03F89138007FF04848151FD80FC0150F48481507003F707E90C9FC5A007E1601170300FE
5F5AA26C1607007E4C5A60007F161F6C6C4B5A6C6C03FFC7FC6C6CEC01FC6C6CEC07F8D8
03FEEC3FE03B00FFC003FF80013FB548C8FC010714E09026007FFEC9FC3F4E7FB43B>
103 D<EC03C0EC0FF0EC1FF8143FA2147FA4EC3FF0EC1FE0EC0F8091C7FCB0EC7FC0EB7F
FF1580A290B5FC13031300A21500A55B5CA513035CA513075CA5130F5CA5131F5CA5133F
5CA2137F497E007FEBFFC0B6FC1580A21D507CCF21>105 D<EC03FEEB03FF5B15FCA2EB
001F1407A315F8A5140F15F0A5141F15E0A5143F15C0A5147F1580A514FF1500A55B5CA5
13035CA513075CA5130F5CA5131F5CA5133F5CA2137FEBFFF0007FEBFFE0B612C0A31F53
7CD221>108 D<91277F8003FE4AB4FC90B590261FFFC0010F13E0DB007F01F0013F13F8
922701F80FFC9038FC07FE923D03C003FE01E001FF010390260F00019038078000010001
1E6D6C48C7EA7F804B151E4A485D037015384B6E48143F6E485D4B4A48147F5B92C85BA2
4A93C8FCA301034B16FF4A4B1600A5010703035D4A4B5DA5010F030715034A4B5DA5011F
030F15074A4B5DA5013F031F150F4A4B5DA2017F033F151FD9FFF0DA7FF8EC3FFC007F90
26FFE03FB5D8F01FB512F8B648484A4814F0A35D347CB363>I<91397F8007FE90B59038
1FFFC0DB007F7F923901F80FF8923907C007FC010390380F00030100011E6D7E5DECFE70
A24B13006E5A4B13015B92C7FCA25CA2170313034A5DA4170713074A5DA4170F130F4A5D
A4171F131F4A5DA4173F133F4A5DA2017F157FD9FFF0ECFFF0007F9026FFE07FEBFFE0B6
48B612C0A33B347CB341>I<ED7FC0913803FFFC021F13FF91397F807F80903A01FE000F
E0D903F86D7ED907E06D7ED91FC06D7E4948130049C8127E017E157F5B0001EE3F80485A
12074916C0120FA2485AA2003F17E05BA2127FA34848ED7FC0A5EFFF80A390C913005E5F
A26C6C4A5AA24C5A003F5E4C5A6C6C141F5F6C6C4A5A6C6C4AC7FCED01FCD803FC495AC6
6CEB0FF090397FC07FC0011FB5C8FC010713F8010013C0333678B43B>I<DA07FE13E091
383FFFC149B512F3903A03FC01FFC090390FC0007F4948133F49C7121F017E140F5BEE07
80485AA4120317007F7F6D91C7FC6C13C014F8ECFFC06C14FC6D13FF6D14C06D806D8001
0380D9007F7F14039138003FFE15076F7E001C8081A282A2003E157EA45E123F485D6D13
014B5A6D495A6D495AD87CF0495AD8F87E01FFC7FC39F03FFFFCD8E00F13F0D8C00390C8
FC2B367CB42E>115 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: FC cmsy10 14.4 4
/FC 4 84 df<943807FFF094B67E040715F0043F15FE93B87E03039026FC001F13E0030F
0180010013F8DB3FFCC8EA1FFEDBFFE0923803FF804A018003007F4A48CAEA3FE0DA0FF8
EF0FF8DA1FE0EF03FC4A48717E4A48717E02FECCEA3F804948737E4948737E4948737E49
48737E4A19014948737E49CE127E491B7F017E8749757E491B0F000189491B0700038949
1B03000789491B01000F89491B00001F8990D0127CA2481D7E003E1D3EA3007E1D3F007C
89A400FC1E80481D0FAE6C1D1F007C1E00A4007E65003E1D3EA3003F1D7E6C1D7CA26D1C
FC000F656D1B010007656D1B030003656D1B070001656D1B0F0000656D1B1F017E51C7FC
017F636D1B7E6D6C626D6C4F5A6E19036D6C4F5A6D6C4F5A6D6C4F5A6D6C4F5ADA7F8006
FFC8FC6E6C4D5A6E6C4D5ADA0FF8EF0FF8DA03FEEF3FE06E6C6CEEFFC06E01E003035BDB
3FFCDB1FFEC9FC92260FFF80ECFFF8030301FC011F13E0030090B71280043F4BCAFC0407
15F004001580050701F0CBFC696E79D478>13 D<DD07801A03050F63DD3FC062057F6369
05FF1B3E217E21FE72190120034C642007200F201F72193F207F4C6420FF05DF61726067
040762179F058F4F5B72F03FBF040FF27F3F050F19FFF601FE716C18FC041F963803F87F
041EDF07F05BF60FE00503181F043E6DEF3FC0043CF17F801F000CFE13FF4C6C6D4B485C
1D03535A04F04E5A716D4B5A6603014F485A4CF07F00726C5D52485D4B484D5A525A0307
6E6C4A5A4C60525A4BC76D023F5C061F4B5A52C7FC031E4D5A726C495A033E4D4893C7FC
033C4D5A73495A4B0207143F73495A515A4B6E4990C85AF283FE02016FEB87FC4BEECFF8
0203EFDFF04B6EEBFFE0634A486F5B98C9FC020F705A4AC95B0008725A001E013E5F003F
017E704884D9E0FC5FD87FFF7148F083C04A70CAECCF804A93CB14FF2200B5487613FC4A
6621E06C49761380001F90D1007CC7FC6C489BC8FCEA01F882597DD390>77
D<93B612FC031FEDFFE092B812FC0207EFFF80023F18E091BA7E010319FC490181D98007
8090261FF003DA003F7FD93F8004071480D9FE00040014C0484892C87E4848061F13E048
4884000F8548487213F086003F5C494A81127F90C7FC00FE1A7F12F800401BE0C8485AA2
1CC0A21C804C16FF031F1800A2505AA24C4B5A033F5F1A07505A4C5E505A037F4C5A50C7
FC4C15FE4F5A03FFED07F04F5A4CEC3F8007FFC8FC4AED07FCF0FFF84CB512E004071480
4A4949C9FCDBFE3F13F04C138005FCCAFC913907FCFF8093CCFCA24A5AA34A5AA34A5AA3
4A5AA34A5AA34990CDFCA25C1303A25C13075C130F5C5CEB1F8091CEFC131854587DD153
>80 D<F07FF80507B57E053F14E04CB612F8040715FE041F814C16809338FFC00FDB01FC
C714C0DB07F0143F4B48140F4B48804B4880157F4BC86C1380A24A5A0203180062020717
F84F5A1A80020F93C8FCA281A282A282826E7F826E13FE826E14C06E14F06F13FC6F13FF
030F14C06F14F0030114FC6F6C13FF041F80040714E0040180706C7F051F7F05077F717F
1700727F84D903C06F7F011F82D97F808149C9FCD803FE82EA07F8484882121F4960123F
A2007F96C7FCA26100FF17036D5F616D16074E5A6D5F6D4C5A6C6C4C5A6E4BC8FC6C01E0
EC01FC6EEC07F86C01FEEC1FF06C903AFFE003FFC06C91B6C9FC6C16FCC616F06D15C001
1F4ACAFC010314F09026003FFECBFC4A567ED348>83 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: FD cmr12 14.4 1
/FD 1 100 df<EC0FFE91387FFFE049B512F8903907F801FE90391FE0001FD93F80EB07
8049C7EA0FC001FE143F484815E00003157F485A485AA2485AEE3FC0003FED0F004991C7
FCA2127FA35B12FFAB127F7FA3123F6D1570121F6D15F0000F16E06D140112076C6CEC03
C06D15806C6C14076C6DEB0F00D93FC0131E6D6C137C903907FC03F06DB55AD9007F1380
DA0FF8C7FC2C367CB434>99 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: FE cmr17 24.88 25
/FE 25 118 df[<1AF04F7E4F7EA34F7EA34F7EA34F7FA34F7FA34F7FA296B57EA219FB
06018019F319F106038019E119E0060780F1C07FA2060F804F7EA2061F814F7EA2063E81
86067E81187C8606FC8160860501824E7FA20503824E7FA20507824E147FA24D48818705
1F8395C8FC874D83173E87057E83177C8705FC834D81A20401844D81A20403844D81A24C
48831C7F040F845F88041F8594CAFC884C85043E83A2047E85047C83A204FC854C8393BB
FC4B86A24B86A3DB07E0CB7F5E1D7F030F865E89031F8793CC7EA24B87033E85A2037E87
037C85A24B87890201885D890203885D890207884B1A7FA2020F884B86A2021F8992CE7E
5C8C4A878C5C8A498A497F010F6D507F496D88017F6D083F7F0007B500FE4FB612C0B700
C095B812F0A6>132 145 123 272 143 65 D[<96261FFF8016380607B512FC063FDAFF
8015784DB712E0050F04FC15F8053F04FF14014CB526FE000F7F4C02C0010001E0130304
0F01FCC8EA1FF0043F01E0DB07FC130793B50080ED01FE4B49CA007F130F030701F8EF3F
804B01E094381FC01F4B49EF07E04B90CB3803F03FDBFFFEF001F84A49953800FC7F4A49
197E4A01E0F13FFF4A5B4A49858A4A90CD7E4A5A4A48864949865D4988495B49491B7FA2
49491B3FA24990CF121F5B5C01FF1D0F5C5A4A1C075AA24A1C035AA25C481E01A3485BA2
1F005AA25CA2481F00A691D2FCB5FCB37E80A67EA28020787EA36C7FA37E6E1DF820F07E
80A26C6D1C0120E07E80017F1D036E1DC06D1D076D7F20806D6D1B0F6F1C006D656D6D1B
1E6D6D1B3E676D7F6E6C636E6C1A016E6D62704F5A6E6D19076E6D4F5A6E6D4F5A6E6D4F
C7FC6E6D197EDB3FFF616F01C04D5A6F6D4D5A6F01F8EF0FE0030101FE4D5A6F6D6CEE7F
80043F01E0DB01FEC8FC040F01FCED0FFC0403D9FFC0EC7FF07002FE903807FFE0DC003F
90B71280050F4CC9FC050116F0DD003F15C0060702FCCAFCDE001F13C0>117
147 118 271 138 67 D[<BF12FEA58AD8001F0280C9120F010349CB123F6D4918071C00
6D871D1F891D03777FA2891E7F1E3FA21E1FA3787EA31E07A31E03A38BA21E01A7E003C0
811E00A49CC7FCA61A07A41A0FA21A1FA21A3F1A7FF101FF1907197F92B9FCA603FCC87E
19071901F1007F1A3F1A1FA21A0FA21A07A41A03A4F703C0A4F70780A397CAFCA4F70F00
A567A31F1E1F3EA41F7EA21F7C1FFCA31E01A21E031E07671E0F1E1F1E3F1E7F1EFF651D
07535B491B7F52B5FC496D181F011F6D6C0407B6FCC0FCA267A4>114
141 117 268 130 69 D[<BF12F0A58AD8001F0280C97E010349CA12016D49EF001F1C07
6D1A01881D3F1D1F777E1D07A21D031D01A21D00A21E7C1E7EA21E3EA41E1EA31E1FA28A
A71F801E07F20780A39BC7FCA81A0FA41A1FA21A3FA21A7F1AFF1903190F96B5FC92B9FC
A603FCC8FC190F190319001A7F1A3FA21A1FA21A0FA41A07AB97CBFCB3B0497FA2496D7E
011F14F8B912C0A6>105 141 117 268 124 I[<B800FC033FB8FCA6D8001F02E0CA0007
ECF800010391CC14C06D49735BA26D497390C7FCB3B3B392BDFCA603FCCC123FB3B3B3A6
496D4F7FA2496D96B57E011F02E0050714F8B800FC033FB8FCA6>120
141 117 268 143 72 D[<B9FCA6D8000FECF000010114806D91C7FCA26E5AB3B3B3B3B3
B3AD91B5FCA24980010F14F0B9FCA6>48 141 118 268 68 I[<B912C0A6D8001F02F8CD
FC010314806D49CEFCA26D5BB3B3B3B3A61EF0A5F501E0A81D03A31EC0A31D07A41D0FA3
1D1F1E801D3FA21D7FA21DFFA264646452130064646451B5FC1B0749191F1B7F496D0403
B6FC011F6D6C157FBFFC65A5>100 141 117 268 119 76 D[<B600FE9AB612FE6F64A3
7063A2D8001FF9F000D903F76DE107BF138001019EC7FCA2D900F36D98380F3FFEA202F1
6D1B1EA302F06D1B3CA36F6C1B78A36F6C1BF0A270F201E081A26F6DF103C0A36F6DF107
80A36F6DF10F00A36F6D191EA26F6D61A3706C61A3706C61A3706C4E5AA2706D4D5AA370
6D4D5AA3706D4DC7FCA3706D171EA2706D5FA3716C5FA3716C5FA3716C4C5AA2535A717F
A2716D4B5AA3716D4BC8FCA3716D151EA3716D5DA2726C5DA3726C5DA3726C4A5AA3726D
495AA2726D495AA3726D49C9FCA3726D131EA3726D5BA2736C5BA3736C5BA3736C485AA3
73EB83C0A2F387807313C7A27301EFCAFCA37313FEA3496C705BA3496C715A497E496C71
484D7E497F017F01E09AB57E0003B500FC7048040714F0B700F0083FB712FEA2745AA374
5A>151 141 116 268 176 I[<B600FC060FB7FC8181A282A2D800076EDD003F14C00100
6E0607EBFE000B0113F870725B02F7755A02F36D735A70735A14F102F07F7073C7FC8183
816F7F838183816F7F83816F7FA2707E8482707FA2707F8482707F84828482717E858385
83717F8583717FA2717F8583727EA2727F8684727F86848684727F86848685737F878573
7FA2737F8785737FA2737F8786747F88868886747F88868886747F8887751380A27513C0
1DE0877513F0A27513F81DFC877513FE1DFF881E8F887613CF1EEF881EFF8888A28888A2
89A28989A2496C86A289496C86497E496C86497F017F01E0850003B500FC86B712F08AA2
8A8AA2>120 141 117 268 143 I[<F17FFE061FB512F895B7FC050716E0053FD9C00313
FCDDFFF8C7EA1FFF040301C0020313C0040F90C913F0DC3FFCEE3FFCDC7FF0EE0FFE4B48
48706C7E4B018004017F030F90CB13F0DB1FFCF03FF84B48727E4B48727E4B48727E4A49
727F4A49727F4A90CD7F4A48747E021F884A48747E4A48747E4A48747EA24949747F4949
747F498A4B86498A92CFFC498A4948767EA24948767EA201FF8A4A884820804A884820C0
A348497613E0A348497613F0A34820F8A24A884820FCA54820FEA291D1FCA5B51FFFB26C
6D5213FEA76C20FC6E64A36C20F8A26E64A26C20F0A26E646C20E0A36C6D5213C0A26C20
806E646C20006E64017F66A26D6C525AA26D6D505BA26D6D505B6D666F626D666D6D505B
6F626D9BC7FC6E6C505A6E6C505A6E6C505A6E646E6D4E5B70606E6D4E5B02006D4E90C8
FC6F6C4E5A6F6C4E5A6F6C4E5A6F6C4E5A030301C0040313C06F6D4C5B9226007FF8DC1F
FEC9FCDC3FFEEE7FFC93260FFF80913801FFF0040301E0020713C0040001FC023F90CAFC
943B3FFFC003FFFC050790B612E005011680DD001F02F8CBFC9526007FFECCFC>128
147 118 271 149 I[<BB12FCF2FFF01BFEF3FFC01CF01CFCD8001F0280C8003F13FF01
0349C9000114C06D49DC003F7F090713F86D07017F757FF43FFF767F767F767F767F767F
767FA2777E8A891F80A2891FC0A21FE0A289A21FF0AB1FE0A3651FC0A31F80651F006566
A2535A525B6664525B525B525B5290C7FCF4FFFC515B09075B093F13C050B55A083F49C8
FC92BA12F81CC051C9FC1BF008FCCAFC03FCCFFCB3B3B3A2497FA2497F011F14E0B812FC
A6>108 141 117 268 130 I[<922601FFF01507031FEBFF8092B600F05C020315FC020F
03FF5C023F16C091B5D8000F01F05B4901F09038007FF84901C0DA0FFE5B010F90C8EA03
FFD91FFC03006D5A4948EE3FC04948EE1FE14AEE0FF14948EE07FB484916014890CBB5FC
5B48488486484884A248488486123F4984A2007F85A24984A212FF87A387A37F87A37FA2
007F867FA27F7F003F97C7FC7F806C7F806C7F806C13FE806C14C06C14F8EDFF806C15F0
6D14FF6D15F06D15FF6D16F06D16FE6DEEFFE06D17F86D6C16FE021F707E020717E00201
17F86E6C82030F82030082040F82040082051F81050181DD001F801801DE003F7F070F7F
8507017F85741380867413C0867413E0A2867413F0A286A200F01A7F1CF8A21B3FA41B1F
7EA57EA21CF0A27E1B3F7E1CE07F1B7F6D1AC0A26D19FF1C806D606D1A006D606D616D18
076E4D5AD9DFC04D5A6E60D98FF0173FD987FC4D5AD903FF4C485A010001C04B5B48D97F
F04B90C7FCDA3FFEED1FFE4890260FFFC0ECFFF8020301FF01075B486D91B612C06E6C5E
48020F4BC8FC030115F048DA003F14C0040001FCC9FC>85 147 118
271 106 83 D[<001FC112C0A603C0C700070280C7121F02FCC8000149C9FC4801E06F49
041F13E091CA1807498901F81D00491E7F491E3F491E1FA2491E0FA290CB1907A2003E1F
03A3007E20F0007C1F01A600781F00A800F820F8482078A7CC1A00B3B3B3B3AC4E7F4E7F
4E80067F14F8047FB912F8A6>125 140 122 267 138 I[<B800C0030FB700FC0403B7FC
A6C66C02E0CA00074ACB001F14E0010F91CB000102F0060714006D497202C0060113FC6D
497349725B4B73755A6DA16D5AA15E6F73755A6D89A193C7FC6F85027FA1121E8B6F856E
A15A8B7084A1157C6E506D1978A27022F86E7661657021016E76616570DE1E7F19036EA1
5A0B3E7F70F03C3F6E595A0B7C8070F0781FA1140F6E08F86E95C8FC537E7069037F7617
1E52487E70213E6F76173C1C03714D6C197C6F22780A0781714D7E6F6A0A0F817194C7FC
A113016F4E6F5F0A1E147F711F036F765F5280711F076F775E1C7C7104786E170F6F9FC9
FC0AF882714C80047F201E090183714C80A1133E70040371153C5280721E7C7076157851
4880721EF870765D1B0F7292C916017068518372021E167F70555A093E8372023C82A112
0770047C725C097882721D0F707791CAFC51827265057F76131E1A01724A70153E711E3C
08038507804982716608078507C04982A112F871020F735B98CBFC07E01B01710AFE5B08
1E187F07F01B03710AFF5B1A3EDFF83C7213077166087C1A87DFFC7884710B8FCBFC08F8
1ACF73488423DFDE7FFF1BFE5084A272645084A27264A250847264A297CDFC7264A24F1A
7FA20603644F1A3FA20601644F1A1FA2060099CCFC4F86>192 144
126 268 197 87 D<ED0FFF92B512F0020714FE021F6E7E91267FF00313E04AC7EA7FF8
D903FCEC1FFCD907F0EC07FFD90FC06E7F49486E7F49C97F013E707E49707E49161F8549
707E48B4FC02C06F7E80486D836E81A3727FA46C5BA238007FC06D5A90CAFCA8053FB5FC
041FB6FC4BB7FC031FEBFE0192B512800203EBF800021F1380DA7FFEC7FC903801FFF049
13C0010F5B4948C8FC495A495A48485A5C485B485B4890C9FCA2485AA248481A3CA2485A
A312FF5B60A460A2606D160E007F171E181C6D163C003F4D6C6C13786D16F06C6C15016C
6D4A486C6C13F06C6DEC07C06C6D913B1F801FF801E06C01F8DA3E00EBFC0326007FFED9
01FC90390FFF9FC090283FFFC00FF86DEBFF80010F90B500E06D1400010103806D5BD900
3F01FCC813F8020301C0ED1FC0565C78DA5F>97 D<EE3FFC0303B512C0031F14F8037F14
FF912701FFE00313C0020790C7EA3FE0DA0FFCEC07F8DA3FF0EC01FC4A48EC007E4A4881
4949ED0F804990C9EA07C04948EE03E0495A4948EE01F0013F17004948EE0FF84A163F01
FF177F4849EEFFFC60485BA25A91C9FC5AA248487013F8A2F13FE0003FF01FC04994C7FC
A2127FA45BA212FFAF127F7FA4123FA27FA2121FA27F6C190F806C191F1A1E6C7F1A3E6C
6D173C6C197C6E17786D6C17F8013F18F06D6C16016EEE03E06D6CEE07C06D6DED0F806D
6D151F6D6DED3F006D6C6C157EDA3FFC15F86EB4EC03F0020701C0EB1FE0020101F8EBFF
806E6CB548C7FC031F14F8030314C09226003FFCC8FC485C79DA54>99
D[<1BFCF11FFF0607B5FCA6F0000719001A7F1A3FA21A1FB3B3A4EE1FFC0303B512C003
1F14F8037F14FE913B01FFF801FF8002079039C0001FC04A48C7EA07F0DA3FF8EC01F84A
48EC007CDAFFC0153E4949151F4990C9EA0F9F4948EE07DF4948EE03FF494882013F8349
5A4948177F1A3F485B1A1F485B5A91CBFC5AA25B121FA2123F5BA3127FA35BA212FFAF12
7FA37FA3123FA36C7EA3120F7F7EA26C6D173FA26C6D177FA26C6D17FF017F5F806D6C5E
011FEF07DF6D6CEE0F9F6D6C93381F1FFE6D6C163E6D6D037C7F6D01E0DA01F8806E6CDA
03F014F0DA1FFCDA0FC0ECFFF06EB4EC7F8002039039E007FE00020090B512F8033F14E0
030791C7FC9226007FF04BC7FC>92 144 121 270 106 I[<EB07F0497E497E497E497E
90B57EA76D90C7FC6D5A6D5A6D5A6D5A90C9FCB3ACEC1F8048B5FC127FA6C67E131F7F7F
A27FB3B3B3AE497F497F013F13F8B712F8A6>37 137 121 264 52
105 D[<EC1F800003B5FCB6FCA6C6FC131F7F7FA27FB3B3B3B3B3B3AD497F497F013F13
F8B712FEA6>39 143 121 270 52 108 D<023F912601FFE0933807FF800003B5021F01
FE047F13F8B6027FD9FFC04AB6FC4CB600F0020715C0932607FC0101FC91261FF00713F0
93280FC0001FFE4AC76C7E043FC76C6C02FC6E7E047C020390268001F0EC0FFEC64B6E6D
48486E7E011F49486E6D48486E7F6D4948704848826D4A037F91C87E4B48DCF81E836D49
C9003F4981030E1838031E93261FFC78707E4B60A24BEFFDE009FF8403707049163F15F0
4B60A34B95CAFCA44B5FB3B3B0496D4C6C4D7E496D4C6D4C7E013F01F893B500E003036D
7EB700FE0103B700F8010FB712E0A6935A79D9A0>I<023F913801FFE00003B5021F13FE
B6027FEBFFC04CB612F0932607FC0113FC933A0FC0001FFE043FC76C7E047C02037FC64B
6E7F011F49486E7F6D4948826D4A157F4B48826D49C9123F150E031E707E5DA25D870370
160F15F05DA35DA45DB3B3B0496D4C7E496D4C7F013F01F893B512E0B700FE0103B712F8
A65D5A79D96A>I<EE1FFE4BB512E0030F14FC037FECFF809226FFF0037F020390398000
7FF0DA0FFCC7EA0FFCDA1FF0EC03FEDA7FE06E6C7EDAFF806E6C7E4990C96C7E4948707E
4948707E4948707E4948707EA24948707E4948707F01FF854A177F48864890CB6C7EA248
8649181F000F86A34848727EA3003F86A34848721380A500FF1BC0AF007F1B80A26D60A3
003F1B00A3001F626D181FA2000F62A26C6C4E5AA26C626E177F6C626E17FF6C626D6C4C
5BA26D6C4C90C7FC6D6C4C5A6D6C4C5A0107606D6C4C5A6D6C4C5A6D01C0EDFFC06E6C4A
5BDA3FF8020790C8FCDA0FFCEC0FFC6EB46CEB7FF802019039F003FFE06E6CB61280030F
02FCC9FC030114E09226001FFECAFC525C7ADA5F>I<023FEC0FF00003B5EC7FFEB649B5
1280040714E093391FF00FF093383F803F93397E007FF85EC6DA01F0EBFFFC011F495A6D
5C6D13075E6D49C7FC4BEC7FF8151E031CEC1FE0033CEC0780033891C7FC1578A2157015
F0A25DA45DA55DB3B3AB815B497F013F13FCB812C0A63E5A7AD949>114
D<15F0A91401A61403A41407A4140FA2141FA2143FA2147FA214FF5B5B5B5B5B137F90B9
FC120FBAFCA4C7D87FF0C9FCB3B3AAF001E0B218036E6C15C0A318076E6C1580A2180F6E
6C1500606E6C141E6E6D133E606E6D5B6E9038F001F092393FFC07E06FB55A03075C0301
49C7FC9238001FF03B807DFE49>116 D<DA1F80177E0003B593380FFFFEB60303B5FCA6
C6EF0003011FEF007F6D183F6D181FA26D180FB3B3AE1A1FA41A3FA31A7FA26D18FFA2F1
01EF816DEF03CFF1078FA26E6C92380F0FFF191E6E6C033C806E6C0378806E6CDA01F014
F86E6CDA03E0ECFFF86E6C6CEB0FC06E01F8EB7F806E6CB5EAFE00031F14F8030314E092
26003FFEC791C7FC5D5B79D96A>I E
%EndDVIPSBitmapFont
end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%PaperSize: A4

%%EndSetup
%%Page: 0 1
0 0 bop 383 1805 a FE(SEMANTICS)60 b(WITH)j(APPLICA)-16
b(TIONS)1078 2107 y(A)62 b(F)-16 b(ormal)61 b(In)-5 b(tro)5
b(duction)904 2545 y FD(c)870 2549 y FC(\015)p FB(Hanne)38
b(Riis)g(Nielson)2158 2545 y FD(c)2124 2549 y FC(\015)p
FB(Flemming)d(Nielson)864 3281 y FA(c)839 3284 y Fz(\015)o
FA(The)47 b(w)m(ebpage)h Fy(http://www.daimi.au.dk/)p
Fz(\030)-7 b Fy(hrn)47 b FA(con)m(tains)839 3397 y(information)19
b(ab)s(out)i(ho)m(w)g(to)g(do)m(wnload)g(a)g(cop)m(y)h(of)f(this)f(b)s
(o)s(ok)g(\(sub-)839 3510 y(ject)31 b(to)g(the)g(conditions)d(listed)h
(b)s(elo)m(w\).)839 3670 y(The)41 b(b)s(o)s(ok)h(ma)m(y)h(b)s(e)e(do)m
(wnloaded)g(and)h(prin)m(ted)f(free)h(of)g(c)m(harge)839
3783 y(for)34 b(p)s(ersonal)f(study;)j(it)e(ma)m(y)h(b)s(e)f(do)m
(wnloaded)g(and)g(prin)m(ted)f(free)839 3896 y(of)28
b(c)m(harge)h(b)m(y)f(instructors)f(for)h Fx(imme)-5
b(diate)36 b FA(photo)s(cop)m(ying)28 b(to)h(stu-)839
4008 y(den)m(ts)35 b(pro)m(vided)g(that)h(no)g(fee)g(is)f(c)m(harged)h
(for)g(the)f(course;)k(these)839 4121 y(p)s(ermissions)29
b(explicitly)h(exclude)i(the)h(righ)m(t)f(to)i(an)m(y)f(other)g
(distri-)839 4234 y(bution)19 b(of)j(the)f(b)s(o)s(ok)g(\(b)s(e)g(it)g
(electronically)f(or)h(b)m(y)g(making)g(ph)m(ysical)839
4347 y(copies\).)839 4507 y(All)29 b(other)h(distribution)d(should)h(b)
s(e)i(agreed)h(with)e(the)i(authors.)839 4667 y(This)22
b(is)i(a)h(revised)f(edition)f(completed)i(in)e(July)g(1999;)29
b(the)c(original)839 4780 y(edition)e(from)i(1992)i(w)m(as)f(published)
21 b(b)m(y)k(John)f(Wiley)h(&)f(Sons;)j(this)839 4893
y(should)h(b)s(e)i(ac)m(kno)m(wledged)h(in)e(all)g(references)i(to)g
(the)g(b)s(o)s(ok.)p eop
%%Page: 1 2
1 1 bop 3441 130 a Fw(i)p 0 193 3473 4 v eop
%%Page: 5 3
5 2 bop 0 1181 a Fv(Con)-6 b(ten)g(ts)0 1733 y Fw(List)37
b(of)g(T)-9 b(ables)2688 b(vii)0 1954 y(Preface)3019
b(ix)0 2174 y(1)90 b(In)m(tro)s(duction)2652 b(1)146
2296 y Fu(1.1)100 b(Seman)m(tic)32 b(description)g(metho)s(ds)66
b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)
h(.)g(.)g(.)g(.)142 b(1)146 2418 y(1.2)100 b(The)33 b(example)f
(language)g Fw(While)64 b Fu(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)142 b(7)146
2540 y(1.3)100 b(Seman)m(tics)32 b(of)g(expressions)72
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
g(.)g(.)f(.)h(.)g(.)g(.)g(.)142 b(9)146 2662 y(1.4)100
b(Prop)s(erties)32 b(of)g(the)h(seman)m(tics)g(.)50 b(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
93 b(15)0 2882 y Fw(2)d(Op)s(erational)37 b(Seman)m(tics)2107
b(19)146 3004 y Fu(2.1)100 b(Natural)31 b(seman)m(tics)38
b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(20)146
3126 y(2.2)100 b(Structural)32 b(op)s(erational)e(seman)m(tics)35
b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)
g(.)g(.)g(.)93 b(32)146 3248 y(2.3)100 b(An)33 b(equiv)-5
b(alence)32 b(result)48 b(.)i(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h
(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
b(40)146 3370 y(2.4)100 b(Extensions)34 b(of)e Fw(While)64
b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(44)146 3492
y(2.5)100 b(Blo)s(c)m(ks)32 b(and)h(pro)s(cedures)81
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)
g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(50)0 3713 y Fw(3)d(Pro)m(v)-6
b(ably)37 b(Correct)f(Implemen)m(tation)1554 b(63)146
3834 y Fu(3.1)100 b(The)33 b(abstract)g(mac)m(hine)e(.)50
b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(63)146 3956 y(3.2)100
b(Sp)s(eci\014cation)31 b(of)i(the)g(translation)f(.)50
b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)93 b(69)146 4078 y(3.3)100 b(Correctness)85
b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)
g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
b(73)146 4200 y(3.4)100 b(An)33 b(alternativ)m(e)e(pro)s(of)h(tec)m
(hnique)39 b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(81)0 4421 y Fw(4)d(Denotational)37
b(Seman)m(tics)2054 b(85)146 4543 y Fu(4.1)100 b(Direct)31
b(st)m(yle)j(seman)m(tics:)43 b(sp)s(eci\014cation)48
b(.)i(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
(.)93 b(85)146 4664 y(4.2)100 b(Fixed)32 b(p)s(oin)m(t)g(theory)84
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)
g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(93)146 4786
y(4.3)100 b(Direct)31 b(st)m(yle)j(seman)m(tics:)43 b(existence)37
b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)
g(.)g(.)g(.)44 b(107)146 4908 y(4.4)100 b(An)33 b(equiv)-5
b(alence)32 b(result)48 b(.)i(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h
(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44
b(112)146 5030 y(4.5)100 b(Extensions)34 b(of)e Fw(While)64
b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(117)0 5251
y Fw(5)90 b(Static)37 b(Program)f(Analysis)1958 b(133)146
5373 y Fu(5.1)100 b(Prop)s(erties)32 b(and)h(prop)s(ert)m(y)g(states)44
b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)
h(.)g(.)g(.)g(.)44 b(135)146 5494 y(5.2)100 b(The)33
b(analysis)42 b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
44 b(142)1710 5849 y(v)p eop
%%Page: 6 4
6 3 bop 251 130 a Fw(vi)2944 b(Con)m(ten)m(ts)p 251 193
3473 4 v 430 515 a Fu(5.3)99 b(Safet)m(y)34 b(of)e(the)h(analysis)52
b(.)e(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(153)430 636 y(5.4)99
b(Bounded)34 b(iteration)e(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
44 b(160)283 854 y Fw(6)91 b(Axiomatic)35 b(Program)h(V)-9
b(eri\014cation)1587 b(169)430 974 y Fu(6.1)99 b(Direct)32
b(pro)s(ofs)g(of)g(program)f(correctness)98 b(.)50 b(.)g(.)g(.)g(.)g(.)
f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(169)430
1094 y(6.2)99 b(P)m(artial)31 b(correctness)k(assertions)d(.)50
b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)44 b(175)430 1215 y(6.3)99 b(Soundness)35
b(and)d(completeness)54 b(.)c(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f
(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(183)430
1335 y(6.4)99 b(Extensions)34 b(of)e(the)h(axiomatic)d(system)68
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
g(.)44 b(191)430 1456 y(6.5)99 b(Assertions)34 b(for)e(execution)h
(time)99 b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(200)283 1674 y Fw(7)91
b(F)-9 b(urther)37 b(Reading)2348 b(209)283 1891 y(A)62
b(Review)36 b(of)i(Notation)2200 b(213)283 2109 y(App)s(endices)2741
b(212)283 2327 y(B)67 b(In)m(tro)s(duction)36 b(to)h(Miranda)h
(Implemen)m(tations)1092 b(217)430 2448 y Fu(B.1)79 b(Abstract)33
b(syn)m(tax)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)
g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44
b(217)430 2568 y(B.2)79 b(Ev)-5 b(aluation)31 b(of)h(expressions)39
b(.)50 b(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)
g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(218)283 2786 y Fw(C)66
b(Op)s(erational)37 b(Seman)m(tics)f(in)h(Miranda)1468
b(221)430 2906 y Fu(C.1)78 b(Natural)32 b(seman)m(tics)37
b(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(221)430
3027 y(C.2)78 b(Structural)32 b(op)s(erational)e(seman)m(tics)35
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)
g(.)g(.)g(.)44 b(223)430 3147 y(C.3)78 b(Extensions)34
b(of)e Fw(While)65 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44
b(225)430 3268 y(C.4)78 b(Pro)m(v)-5 b(ably)33 b(correct)g(implemen)m
(tation)97 b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)44 b(227)283 3485 y Fw(D)61 b(Denotational)36
b(Seman)m(tics)h(in)g(Miranda)1415 b(229)430 3606 y Fu(D.1)73
b(Direct)32 b(st)m(yle)h(seman)m(tics)27 b(.)50 b(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
g(.)g(.)44 b(229)430 3726 y(D.2)73 b(Extensions)34 b(of)e
Fw(While)65 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44
b(230)430 3847 y(D.3)73 b(Static)32 b(program)f(analysis)h(.)50
b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(230)283 4065 y Fw(Bibliograph)m(y)2675
b(233)283 4282 y(Index)38 b(of)g(Sym)m(b)s(ols)2454 b(235)283
4500 y(Index)3029 b(237)p eop
%%Page: 7 5
7 4 bop 0 1180 a Fv(List)77 b(of)g(T)-19 b(ables)146
1632 y Fu(1.1)100 b(The)33 b(seman)m(tics)g(of)f(arithmetic)f
(expressions)f(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)93 b(13)146 1752 y(1.2)100 b(The)33 b(seman)m(tics)g(of)f(b)
s(o)s(olean)f(expressions)63 b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(14)146 1956 y(2.1)100
b(Natural)31 b(seman)m(tics)i(for)f Fw(While)24 b Fu(.)50
b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h
(.)g(.)g(.)g(.)93 b(20)146 2076 y(2.2)100 b(Structural)32
b(op)s(erational)e(seman)m(tics)j(for)f Fw(While)98 b
Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
b(33)146 2197 y(2.3)100 b(Natural)31 b(seman)m(tics)i(for)f(statemen)m
(ts)h(of)f Fw(Blo)s(c)m(k)53 b Fu(.)d(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f
(.)h(.)g(.)g(.)g(.)93 b(52)146 2317 y(2.4)100 b(Natural)31
b(seman)m(tics)i(for)f(v)-5 b(ariable)31 b(declarations)55
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
b(52)146 2437 y(2.5)100 b(Natural)31 b(seman)m(tics)i(for)f
Fw(Pro)s(c)g Fu(with)g(dynamic)g(scop)s(e)h(rules)51
b(.)f(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(54)146 2558 y(2.6)100
b(Pro)s(cedure)33 b(calls)f(in)g(case)h(of)f(mixed)g(scop)s(e)h(rules)g
(\(c)m(ho)s(ose)g(one\))69 b(.)49 b(.)h(.)g(.)g(.)g(.)93
b(56)146 2678 y(2.7)100 b(Natural)31 b(seman)m(tics)i(for)f(v)-5
b(ariable)31 b(declarations)g(using)h(lo)s(cations)82
b(.)50 b(.)g(.)g(.)g(.)93 b(58)146 2798 y(2.8)100 b(Natural)31
b(seman)m(tics)i(for)f Fw(Pro)s(c)g Fu(with)g(static)g(scop)s(e)h
(rules)101 b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
b(59)146 3002 y(3.1)100 b(Op)s(erational)30 b(seman)m(tics)j(for)f
Fw(AM)101 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(65)146 3122 y(3.2)100
b(T)-8 b(ranslation)31 b(of)h(expressions)89 b(.)50 b(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
93 b(70)146 3243 y(3.3)100 b(T)-8 b(ranslation)31 b(of)h(statemen)m(ts)
h(in)f Fw(While)50 b Fu(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)f(.)h(.)g(.)g(.)g(.)93 b(71)146 3446 y(4.1)100 b(Denotational)30
b(seman)m(tics)i(for)g Fw(While)g Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(86)146
3566 y(4.2)100 b(Denotational)30 b(seman)m(tics)i(for)g
Fw(While)f Fu(using)i(lo)s(cations)58 b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)44 b(119)146 3687 y(4.3)100 b(Denotational)30
b(seman)m(tics)i(for)g(v)-5 b(ariable)31 b(declarations)63
b(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(121)146
3807 y(4.4)100 b(Denotational)30 b(seman)m(tics)i(for)g(non-recursiv)m
(e)i(pro)s(cedure)g(declarations)71 b(.)50 b(.)44 b(122)146
3928 y(4.5)100 b(Denotational)30 b(seman)m(tics)i(for)g
Fw(Pro)s(c)93 b Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(123)146 4048 y(4.6)100
b(Denotational)30 b(seman)m(tics)i(for)g(recursiv)m(e)i(pro)s(cedure)g
(declarations)c(.)50 b(.)g(.)g(.)g(.)44 b(125)146 4168
y(4.7)100 b(Con)m(tin)m(uation)31 b(st)m(yle)j(seman)m(tics)e(for)g
Fw(While)27 b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)44 b(128)146 4289 y(4.8)100 b(Con)m(tin)m(uation)31
b(st)m(yle)j(seman)m(tics)e(for)g Fw(Exc)61 b Fu(.)49
b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44
b(130)146 4492 y(5.1)100 b(Analysis)32 b(of)g(expressions)62
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)
g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(143)146 4613 y(5.2)100
b(Analysis)32 b(of)g(statemen)m(ts)i(in)d Fw(While)100
b Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
(.)g(.)g(.)44 b(144)146 4816 y(6.1)100 b(Axiomatic)30
b(system)k(for)e(partial)e(correctness)84 b(.)50 b(.)g(.)g(.)g(.)g(.)g
(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(178)146 4936
y(6.2)100 b(Axiomatic)30 b(system)k(for)e(total)f(correctness)88
b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44
b(192)146 5057 y(6.3)100 b(Exact)33 b(execution)g(times)f(for)g
(expressions)54 b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)
h(.)g(.)g(.)g(.)44 b(202)146 5177 y(6.4)100 b(Natural)31
b(seman)m(tics)i(for)f Fw(While)f Fu(with)h(exact)h(execution)h(times)
79 b(.)49 b(.)h(.)g(.)g(.)g(.)44 b(203)146 5297 y(6.5)100
b(Axiomatic)30 b(system)k(for)e(order)g(of)h(magnitude)e(of)h
(execution)h(time)46 b(.)k(.)g(.)g(.)g(.)44 b(204)1683
5849 y(vii)p eop
%%Page: 8 6
8 5 bop 251 130 a Fw(viii)2654 b(List)37 b(of)h(T)-9
b(ables)p 251 193 3473 4 v eop
%%Page: 9 7
9 6 bop 0 1180 a Fv(Preface)0 1632 y Fu(Man)m(y)37 b(b)s(o)s(oks)f(on)h
(formal)c(seman)m(tics)k(b)s(egin)e(b)m(y)i(explaining)e(that)h(there)g
(are)h(three)f(ma)5 b(jor)0 1752 y(approac)m(hes)34 b(to)e(seman)m
(tics,)h(that)f(is)145 1923 y Ft(\017)49 b Fu(op)s(erational)30
b(seman)m(tics,)145 2115 y Ft(\017)49 b Fu(denotational)30
b(seman)m(tics,)j(and)145 2308 y Ft(\017)49 b Fu(axiomatic)30
b(seman)m(tics;)0 2478 y(but)36 b(then)g(they)h(go)e(on)h(to)f(study)i
(just)f Fs(one)43 b Fu(of)35 b(these)i(in)e(greater)g(detail.)52
b(The)36 b(purp)s(ose)h(of)0 2598 y(this)32 b(b)s(o)s(ok)g(is)g(to)145
2769 y Ft(\017)49 b Fu(presen)m(t)34 b(the)f Fs(fundamental)h(ide)-5
b(as)40 b Fu(b)s(ehind)32 b Fs(al)5 b(l)43 b Fu(of)32
b(these)i(approac)m(hes,)145 2961 y Ft(\017)49 b Fu(to)25
b(stress)i(their)d Fs(r)-5 b(elationship)30 b Fu(b)m(y)d(form)m
(ulating)22 b(and)j(pro)m(ving)g(the)h(relev)-5 b(an)m(t)25
b(theorems,)244 3082 y(and)145 3274 y Ft(\017)49 b Fu(to)i(illustrate)f
(the)i Fs(applic)-5 b(ability)60 b Fu(of)51 b(formal)e(seman)m(tics)j
(as)g(a)f(to)s(ol)f(in)h(computer)244 3395 y(science)q(.)0
3565 y(This)45 b(is)g(an)g(am)m(bitious)e(goal)h(and)h(to)f(ac)m(hiev)m
(e)j(it,)g(the)f(bulk)f(of)f(the)i(dev)m(elopmen)m(t)g(con-)0
3685 y(cen)m(trates)37 b(on)f(a)g(rather)f(small)f(core)i(language)f
(of)g Fr(while)p Fu(-programs)h(for)f(whic)m(h)h(the)h(three)0
3806 y(approac)m(hes)e(are)g(dev)m(elop)s(ed)g(to)f(roughly)f(the)i
(same)f(lev)m(el)g(of)f(sophistication.)47 b(T)-8 b(o)34
b(demon-)0 3926 y(strate)f(the)g Fs(applic)-5 b(ability)40
b Fu(of)32 b(formal)f(seman)m(tics)h(w)m(e)i(sho)m(w)145
4097 y Ft(\017)49 b Fu(ho)m(w)34 b(to)g(use)g(seman)m(tics)g(for)f(v)-5
b(alidating)31 b(protot)m(yp)s(e)j(implemen)m(tations)d(of)i(program-)
244 4217 y(ming)e(languages,)145 4409 y Ft(\017)49 b
Fu(ho)m(w)41 b(to)g(use)g(seman)m(tics)g(for)g(v)m(erifying)f(analyses)
h(used)h(in)e(more)g(adv)-5 b(anced)42 b(imple-)244 4530
y(men)m(tations)32 b(of)g(programming)d(languages,)j(and)145
4722 y Ft(\017)49 b Fu(ho)m(w)29 b(to)g(use)h(seman)m(tics)f(for)f(v)m
(erifying)h(useful)g(program)e(prop)s(erties)i(including)e(infor-)244
4843 y(mation)j(ab)s(out)j(execution)g(time.)0 5013 y(The)k(dev)m
(elopmen)m(t)f(is)f Fs(intr)-5 b(o)g(ductory)45 b Fu(as)36
b(is)f(already)g(re\015ected)i(in)e(the)h(title.)51 b(F)-8
b(or)35 b(this)g(rea-)0 5133 y(son)c(v)m(ery)i(man)m(y)e(adv)-5
b(anced)32 b(concepts)h(within)d(op)s(erational,)f(denotational)g(and)i
(axiomatic)0 5254 y(seman)m(tics)36 b(ha)m(v)m(e)h(had)f(to)f(b)s(e)h
(omitted.)52 b(Also)35 b(w)m(e)i(ha)m(v)m(e)g(had)f(to)f(omit)f
(treatmen)m(t)i(of)f(other)0 5374 y(approac)m(hes)26
b(to)f(seman)m(tics,)h(for)f(example)f(P)m(etri-nets)h(and)g(temp)s
(oral)e(logic.)39 b(Some)24 b(p)s(oin)m(ters)0 5494 y(to)32
b(further)h(reading)f(are)h(giv)m(en)f(in)g(Chapter)h(7.)1697
5849 y(ix)p eop
%%Page: 10 8
10 7 bop 251 130 a Fw(x)3050 b(Preface)p 251 193 3473
4 v 283 419 V 283 3790 4 3371 v 1711 1523 a Fq(\010)1628
1565 y(\010)1545 1606 y(\010)1462 1648 y(\010)1379 1689
y(\010)1296 1731 y(\010)1279 1739 y(\010)1711 2270 y(\010)1628
2312 y(\010)1545 2353 y(\010)1462 2395 y(\010)1379 2437
y(\010)1296 2478 y(\010)1279 2486 y(\010)1711 3018 y(\010)1628
3059 y(\010)1545 3101 y(\010)1462 3142 y(\010)1379 3184
y(\010)1296 3225 y(\010)1279 3234 y(\010)2126 1523 y(H)2209
1565 y(H)2292 1606 y(H)2375 1648 y(H)2458 1689 y(H)2541
1731 y(H)2558 1739 y(H)2126 2270 y(H)2209 2312 y(H)2292
2353 y(H)2375 2395 y(H)2458 2437 y(H)2541 2478 y(H)2558
2486 y(H)2126 3018 y(H)2209 3059 y(H)2292 3101 y(H)2375
3142 y(H)2458 3184 y(H)2541 3225 y(H)2558 3234 y(H)p
1959 1208 4 308 v 1959 1955 4 474 v 1959 2702 V 1959
3408 4 432 v 1711 765 485 4 v 1711 903 4 139 v 1739 859
a Fu(Chapter)34 b(1)p 2192 903 V 1711 906 485 4 v 1587
1234 735 4 v 1587 1465 4 232 v 1740 1328 a(Chapter)f(2)1615
1440 y(Sections)g(2.1{2.3)p 2318 1465 V 1587 1468 735
4 v 798 1762 V 798 1880 4 118 v 826 1855 a(Sections)g(2.4{2.5)p
1529 1880 V 798 1883 735 4 v 2541 1761 485 4 v 2541 1900
4 139 v 1065 w(Chapter)g(3)p 3023 1900 V 2541 1903 485
4 v 1587 1981 735 4 v 1587 2212 4 232 v 1740 2075 a(Chapter)g(4)1615
2187 y(Sections)g(4.1{4.4)p 2318 2212 V 1587 2215 735
4 v 881 2510 523 4 v 881 2627 4 118 v 909 2603 a(Section)g(4.5)p
1400 2627 V 881 2630 523 4 v 2541 2508 485 4 v 2541 2647
4 139 v 1194 w(Chapter)g(5)p 3023 2647 V 2541 2650 485
4 v 1587 2728 735 4 v 1587 2960 4 232 v 1740 2822 a(Chapter)g(6)1615
2935 y(Sections)g(6.1{6.3)p 2318 2960 V 1587 2963 735
4 v 881 3257 523 4 v 881 3375 4 118 v 909 3350 a(Section)g(6.4)p
1400 3375 V 881 3378 523 4 v 2541 3257 V 2541 3375 4
118 v 1194 w(Section)f(6.5)p 3061 3375 V 2541 3378 523
4 v 1711 3422 485 4 v 1711 3560 4 139 v 1739 3516 a(Chapter)i(7)p
2192 3560 V 1711 3563 485 4 v 3753 3790 4 3371 v 283
3793 3473 4 v 283 4078 a Fp(Ov)l(erview)283 4281 y Fu(As)26
b(is)e(illustrated)e(in)i(the)h(dep)s(endency)i(diagram,)d(Chapters)h
(1,)h(2,)g(4,)g(6)e(and)h(7)f(form)g(the)g(core)283 4402
y(of)34 b(the)g(b)s(o)s(ok.)47 b(Chapter)35 b(1)f(in)m(tro)s(duces)g
(the)h(example)e(language)g(of)g Fr(while)p Fu(-programs)h(that)283
4522 y(is)28 b(used)h(throughout)f(the)h(b)s(o)s(ok.)41
b(In)29 b(Chapter)g(2)e(w)m(e)j(co)m(v)m(er)f(t)m(w)m(o)g(approac)m
(hes)g(to)f Fs(op)-5 b(er)g(ational)283 4642 y(semantics)p
Fu(,)43 b(the)f(natural)e(seman)m(tics)h(of)g(G.)g(Kahn)g(and)g(the)h
(structural)f(op)s(erational)e(se-)283 4763 y(man)m(tics)30
b(of)g(G.)h(Plotkin.)41 b(Chapter)32 b(4)e(dev)m(elops)i(the)f
Fs(denotational)h(semantics)38 b Fu(of)30 b(D.)i(Scott)283
4883 y(and)40 b(C.)h(Strac)m(hey)g(including)d(simple)h(\014xed)i(p)s
(oin)m(t)e(theory)-8 b(.)66 b(Chapter)40 b(6)g(in)m(tro)s(duces)g
Fs(pr)-5 b(o-)283 5004 y(gr)g(am)33 b(veri\014c)-5 b(ation)36
b Fu(based)31 b(on)f(op)s(erational)e(and)i(denotational)e(seman)m
(tics)j(and)f(go)s(es)g(on)g(to)283 5124 y(presen)m(t)e(the)e
(axiomatic)d(approac)m(h)j(due)h(to)e(C.)h(A.)g(R.)f(Hoare.)42
b(Finally)-8 b(,)24 b(Chapter)i(7)g(con)m(tains)283 5244
y(suggestions)34 b(for)e(further)g(reading.)430 5374
y(The)i(\014rst)f(three)h(or)f(four)f(sections)i(of)f(eac)m(h)g(of)g
(the)g(Chapters)i(2,)e(4)f(and)i(6)e(are)h(dev)m(oted)283
5494 y(to)i(the)h(language)d(of)i Fr(while)p Fu(-programs)g(and)g(co)m
(v)m(ers)i(sp)s(eci\014cation)d(as)i(w)m(ell)e(as)h(theoretical)p
eop
%%Page: 11 9
11 8 bop 0 130 a Fw(Preface)3019 b(xi)p 0 193 3473 4
v 0 515 a Fu(asp)s(ects.)44 b(In)32 b(eac)m(h)g(of)f(the)g(c)m(hapters)
i(w)m(e)f(extend)h(the)e Fr(while)p Fu(-language)g(with)g(v)-5
b(arious)30 b(other)0 636 y(constructs)c(and)e(the)g(emphasis)g(is)f
(here)i(on)f(sp)s(eci\014cation)g(rather)g(than)g(theory)-8
b(.)41 b(In)24 b(Sections)0 756 y(2.4)39 b(and)h(2.5)g(w)m(e)h
(consider)f(extensions)h(with)e(ab)s(ortion,)i(non-determinism,)e
(parallelism,)0 877 y(blo)s(c)m(k)33 b(constructs,)h(dynamic)f(and)g
(static)f(pro)s(cedures,)j(and)e(non-recursiv)m(e)h(and)f(recursiv)m(e)
0 997 y(pro)s(cedures.)86 b(In)47 b(Section)f(4.5)g(w)m(e)i(consider)e
(extensions)i(of)e(the)h Fr(while)p Fu(-language)f(with)0
1117 y(static)37 b(pro)s(cedures)i(that)e(ma)m(y)h(or)f(ma)m(y)g(not)h
(b)s(e)f(recursiv)m(e)i(and)f(w)m(e)h(sho)m(w)f(ho)m(w)g(to)g(handle)0
1238 y(exceptions,)e(that)d(is,)h(certain)g(kinds)g(of)g(jumps.)47
b(Finally)-8 b(,)32 b(in)h(Section)h(6.4)f(w)m(e)i(consider)f(an)0
1358 y(extension)c(with)e(non-recursiv)m(e)i(and)f(recursiv)m(e)i(pro)s
(cedures)f(and)f(w)m(e)h(also)e(sho)m(w)i(ho)m(w)g(total)0
1478 y(correctness)46 b(prop)s(erties)e(are)f(handled.)77
b(The)45 b(sections)g(on)e(extending)i(the)f(op)s(erational,)0
1599 y(denotational)31 b(and)h(axiomatic)e(seman)m(tics)j(ma)m(y)g(b)s
(e)f(studied)h(in)f(an)m(y)h(order.)146 1728 y(The)d(applicabilit)m(y)c
(of)j(op)s(erational,)e(denotational)g(and)i(axiomatic)e(seman)m(tics)i
(is)g(illus-)0 1848 y(trated)h(in)f(Chapters)j(3,)e(5)g(and)g(6.)42
b(In)31 b(Chapter)f(3)g(w)m(e)h(sho)m(w)g(ho)m(w)g(to)f(pro)m(v)m(e)h
(the)f(correctness)0 1969 y(of)37 b(a)g(simple)f(compiler)f(for)i(the)h
Fr(while)p Fu(-language)f(using)g(the)h(op)s(erational)d(seman)m(tics.)
58 b(In)0 2089 y(Chapter)35 b(5)f(w)m(e)i(pro)m(v)m(e)g(an)e(analysis)g
(for)g(the)g Fr(while)p Fu(-language)h(correct)g(using)f(the)h(denota-)
0 2209 y(tional)f(seman)m(tics.)54 b(Finally)-8 b(,)34
b(in)h(Section)h(6.5)g(w)m(e)h(extend)g(the)g(axiomatic)c(approac)m(h)k
(so)f(as)0 2330 y(to)c(obtain)g(information)d(ab)s(out)j(execution)h
(time)f(of)g Fr(while)p Fu(-programs.)146 2459 y(App)s(endix)27
b(A)g(reviews)h(the)f(mathematical)c(notation)i(on)h(whic)m(h)i(this)e
(b)s(o)s(ok)g(is)g(based.)42 b(It)0 2579 y(is)30 b(mostly)g(standard)g
(notation)g(but)g(some)h(ma)m(y)f(\014nd)h(our)f(use)i(of)e
Fo(,)-17 b Ft(!)30 b Fu(and)h Ft(\005)e Fu(non-standard.)0
2700 y(W)-8 b(e)38 b(use)g Fs(D)47 b Fo(,)-17 b Ft(!)37
b Fs(E)50 b Fu(for)37 b(the)g(set)h(of)f Fs(p)-5 b(artial)48
b Fu(functions)37 b(from)f Fs(D)47 b Fu(to)37 b Fs(E)12
b Fu(;)38 b(this)f(is)g(b)s(ecause)h(w)m(e)0 2820 y(\014nd)j(that)g
(the)g Fs(D)50 b Fo(*)40 b Fs(E)53 b Fu(notation)39 b(is)i(to)s(o)e
(easily)h(o)m(v)m(erlo)s(ok)m(ed.)69 b(Also)41 b(w)m(e)g(use)h
Fs(R)j Ft(\005)39 b Fs(S)53 b Fu(for)0 2940 y(the)32
b(comp)s(osition)d(of)i(binary)h(relations)e Fs(R)36
b Fu(and)31 b Fs(S)12 b Fu(;)32 b(this)f(is)g(b)s(ecause)i(of)e(the)h
(di\013eren)m(t)g(order)0 3061 y(of)44 b(comp)s(osition)e(used)k(for)e
(relations)f(and)h(functions.)79 b(When)46 b(dealing)d(with)h
(axiomatic)0 3181 y(seman)m(tics)c(w)m(e)h(use)f(form)m(ulae)e
Ft(f)i Fs(P)50 b Ft(g)39 b Fs(S)52 b Ft(f)39 b Fs(Q)49
b Ft(g)40 b Fu(for)f(partial)e(correctness)42 b(assertions)e(but)0
3302 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32
b(+)h Fs(Q)41 b Ft(g)28 b Fu(for)g(total)e(correctness)31
b(assertions)d(b)s(ecause)i(the)e(explicit)f(o)s(ccurrence)j(of)0
3422 y Ft(+)i Fu(\(for)g(termination\))e(ma)m(y)j(prev)m(en)m(t)h(the)f
(studen)m(t)h(from)e(confusing)g(the)h(t)m(w)m(o)g(systems.)146
3551 y(App)s(endices)27 b(B,)f(C)g(and)g(D)f(con)m(tain)g(implemen)m
(tations)e(of)i(some)h(of)f(the)h(seman)m(tic)g(sp)s(eci-)0
3671 y(\014cations)e(using)g(the)g(functional)e(language)h
Fw(Miranda)p Fu(.)2073 3635 y Fn(1)2154 3671 y Fu(The)i(in)m(ten)m
(tion)f(is)f(that)h(the)g(abilit)m(y)0 3792 y(to)39 b(exp)s(erimen)m(t)
h(with)g(seman)m(tic)f(de\014nitions)g(enhances)j(the)e(understanding)g
(of)f(material)0 3912 y(that)32 b(is)f(often)h(regarded)h(as)f(b)s
(eing)f(terse)i(and)g(hea)m(vy)g(with)f(formalism.)40
b(It)32 b(should)g(b)s(e)g(p)s(os-)0 4032 y(sible)j(to)g(rew)m(ork)i
(these)g(implemen)m(tations)c(in)i(an)m(y)h(functional)f(language)f
(but)i(if)f(an)g(eager)0 4153 y(language)42 b(\(lik)m(e)g
Fw(Standard)i(ML)p Fu(\))f(is)f(used,)47 b(great)42 b(care)h(m)m(ust)g
(b)s(e)g(tak)m(en)h(in)e(the)h(imple-)0 4273 y(men)m(tation)37
b(of)h(the)h(\014xed)h(p)s(oin)m(t)d(com)m(binator.)60
b(Ho)m(w)m(ev)m(er,)42 b(no)d(con)m(tin)m(uit)m(y)f(is)g(lost)g(if)f
(these)0 4394 y(app)s(endices)c(are)g(ignored.)0 4618
y Fp(Notes)46 b(for)f(the)g(instructor)0 4820 y Fu(The)35
b(reader)g(should)g(preferably)f(b)s(e)h(acquain)m(ted)g(with)f(the)h
(BNF-st)m(yle)g(of)f(sp)s(ecifying)g(the)0 4941 y(syn)m(tax)e(of)e
(programming)d(languages)i(and)i(should)f(b)s(e)g(familiar)c(with)k
(most)g(of)g(the)g(mathe-)0 5061 y(matical)c(concepts)k(surv)m(ey)m(ed)
h(in)d(App)s(endix)h(A.)g(T)-8 b(o)29 b(appreciate)f(the)h(protot)m(yp)
s(e)g(implemen-)0 5181 y(tations)j(of)g(the)h(app)s(endices)h(some)f
(exp)s(erience)h(in)e(functional)f(programming)f(is)i(required.)p
0 5304 1389 4 v 112 5365 a Fm(1)149 5395 y Fl(Miranda)24
b Fk(is)f(a)g(trademark)f(of)h(Researc)n(h)e(Soft)n(w)n(are)h(Limited,)
j(23)d(St)i(Augustines)f(Road,)h(Can)n(terbury)-7 b(,)0
5494 y(Ken)n(t)27 b(CT1)g(1XP)-7 b(,)27 b(UK.)p eop
%%Page: 12 10
12 9 bop 251 130 a Fw(xii)2986 b(Preface)p 251 193 3473
4 v 283 515 a Fu(W)-8 b(e)24 b(ha)m(v)m(e)g(ourselv)m(es)h(used)f(this)
f(b)s(o)s(ok)g(for)f(an)h(undergraduate)h(course)g(at)f(Aarh)m(us)h
(Univ)m(ersit)m(y)283 636 y(in)32 b(whic)m(h)h(the)g(required)g
(functional)e(programming)f(is)i(in)m(tro)s(duced)h(\\on-the-\015y".)
430 756 y(W)-8 b(e)48 b(pro)m(vide)g(t)m(w)m(o)g(kinds)g(of)f
(exercises.)90 b(One)48 b(kind)f(helps)h(the)g(studen)m(t)h(in)e
(his/her)283 877 y(understanding)31 b(of)e(the)h
(de\014nitions/results/tec)m(hniques)h(used)g(in)e(the)h(text.)44
b(In)30 b(particular)283 997 y(there)38 b(are)e(exercises)j(that)d(ask)
h(the)g(studen)m(t)i(to)d(pro)m(v)m(e)i(auxiliary)c(results)j(needed)h
(for)e(the)283 1117 y(main)23 b(results)i(but)f(then)h(the)g(pro)s(of)f
(tec)m(hniques)i(will)c(b)s(e)i(minor)f(v)-5 b(ariations)22
b(of)i(those)h(already)283 1238 y(explained)37 b(in)g(the)h(text.)58
b(W)-8 b(e)38 b(ha)m(v)m(e)g(mark)m(ed)g(those)g(exercises)h(whose)f
(results)g(are)f(needed)283 1358 y(later)d(b)m(y)i(\\)p
Fw(\(Essen)m(tial\))p Fu(".)47 b(The)36 b(other)f(kind)g(of)f
(exercises)i(are)f(more)f(c)m(hallenging)f(in)h(that)283
1478 y(they)g(extend)g(the)g(dev)m(elopmen)m(t,)f(for)g(example)f(b)m
(y)i(relating)d(it)h(to)g(other)h(approac)m(hes.)45 b(W)-8
b(e)283 1599 y(use)36 b(a)e(star)h(to)f(mark)g(the)h(more)f(di\016cult)
f(of)h(these)i(exercises.)52 b(Exercises)36 b(mark)m(ed)f(b)m(y)g(t)m
(w)m(o)283 1719 y(stars)42 b(are)e(rather)h(length)m(y)g(and)f(ma)m(y)h
(require)g(insigh)m(t)e(not)i(otherwise)g(presen)m(ted)i(in)c(the)283
1840 y(b)s(o)s(ok.)70 b(It)42 b(will)d(not)i(b)s(e)h(necessary)h(for)e
(studen)m(ts)j(to)d(attempt)g(all)e(the)j(exercises)h(but)f(w)m(e)283
1960 y(do)33 b(recommend)f(that)g(they)i(read)f(them)f(and)h(try)f(to)h
(understand)h(what)e(the)h(exercises)i(are)283 2080 y(ab)s(out.)283
2369 y Fp(Ac)l(kno)l(wledgemen)l(ts)283 2554 y Fu(In)47
b(writing)d(this)h(b)s(o)s(ok)h(w)m(e)g(ha)m(v)m(e)h(b)s(een)g(greatly)
e(assisted)i(b)m(y)f(the)g(commen)m(ts)g(and)g(sug-)283
2674 y(gestions)h(pro)m(vided)g(b)m(y)g(colleagues)f(and)g(review)m
(ers)i(and)e(b)m(y)i(studen)m(ts)g(and)f(instructors)283
2795 y(at)c(Aarh)m(us)h(Univ)m(ersit)m(y)-8 b(.)75 b(This)43
b(includes)g(Anders)h(Gammelgaard,)f(Chris)g(Hankin,)i(T)-8
b(or-)283 2915 y(b)s(en)40 b(Am)m(toft)e(Hansen,)j(Jens)f(P)m(alsb)s
(erg)f(J\034rgensen,)j(Ernst-R)s(\177)-51 b(udiger)37
b(Olderog,)j(Da)m(vid)e(A.)283 3035 y(Sc)m(hmidt,)29
b(Kirsten)f(L.)g(Solb)s(erg)f(and)h(Bernhard)g(Ste\013en.)43
b(Sp)s(ecial)27 b(thanks)i(are)f(due)g(to)g(Stef-)283
3156 y(fen)g(Grarup,)g(Jacob)g(Seligmann,)f(and)g(Bettina)g(Blaab)s
(erg)f(S\034rensen)j(for)e(their)g(en)m(th)m(usiasm)283
3276 y(and)33 b(great)f(care)h(in)f(reading)g(preliminary)e(v)m
(ersions.)283 3633 y(Aarh)m(us,)k(Octob)s(er)f(1991)1721
b(Hanne)33 b(Riis)e(Nielson)2985 3800 y(Flemming)e(Nielson)283
4089 y Fp(Revised)46 b(Edition)283 4274 y Fu(In)36 b(this)f(revised)i
(edition)d(w)m(e)i(ha)m(v)m(e)h(corrected)g(a)e(n)m(um)m(b)s(er)h(of)f
(t)m(yp)s(ographical)f(errors)i(and)f(a)283 4394 y(few)h(mistak)m(es;)h
(ho)m(w)m(ev)m(er,)i(no)c(ma)5 b(jor)34 b(c)m(hanges)j(ha)m(v)m(e)f(b)s
(een)h(made.)51 b(Since)35 b(the)h(publication)283 4515
y(of)49 b(the)g(\014rst)g(edition)e(w)m(e)j(ha)m(v)m(e)g(obtained)e
(helpful)g(commen)m(ts)g(from)g(Jens)i(Kno)s(op)e(and)283
4635 y(Anders)35 b(Sandholm.)45 b(The)34 b(w)m(ebpage)h(for)e(the)h(b)s
(o)s(ok)f(no)m(w)h(also)e(con)m(tains)i(implemen)m(tations)283
4756 y(of)f(App)s(endices)g(B,)g(C)g(and)g(D)f(in)g(Gofer)f(as)i(w)m
(ell)f(as)h(in)f(Miranda.)283 5112 y(Aarh)m(us,)i(July)e(1999)1883
b(Hanne)33 b(Riis)e(Nielson)2985 5280 y(Flemming)e(Nielson)p
eop
%%Page: 1 11
1 10 bop 0 1183 a Fv(Chapter)78 b(1)0 1602 y(In)-6 b(tro)6
b(duction)0 2058 y Fu(The)34 b(purp)s(ose)f(of)f(this)g(b)s(o)s(ok)g
(is)145 2279 y Ft(\017)49 b Fu(to)32 b(describ)s(e)h(some)g(of)f(the)h
(main)e(ideas)h(and)h(metho)s(ds)f(used)i(in)e(seman)m(tics,)145
2501 y Ft(\017)49 b Fu(to)32 b(illustrate)f(these)i(on)g(in)m
(teresting)f(applications,)f(and)145 2722 y Ft(\017)49
b Fu(to)32 b(in)m(v)m(estigate)h(the)g(relationship)d(b)s(et)m(w)m(een)
35 b(the)e(v)-5 b(arious)32 b(metho)s(ds.)0 2944 y(F)-8
b(ormal)47 b(seman)m(tics)k(is)e(concerned)j(with)d(rigorously)g(sp)s
(ecifying)g(the)i(meaning,)i(or)d(b)s(e-)0 3064 y(ha)m(viour,)32
b(of)g(programs,)g(pieces)i(of)e(hardw)m(are)h(etc.)44
b(The)34 b(need)f(for)f(rigour)g(arises)g(b)s(ecause)145
3286 y Ft(\017)49 b Fu(it)31 b(can)i(rev)m(eal)g(am)m(biguities)d(and)i
(subtle)h(complexities)e(in)h(apparen)m(tly)g(crystal)h(clear)244
3406 y(de\014ning)f(do)s(cumen)m(ts)i(\(for)e(example)g(programming)d
(language)j(man)m(uals\),)f(and)145 3627 y Ft(\017)49
b Fu(it)36 b(can)i(form)f(the)h(basis)f(for)g(implemen)m(tation,)f
(analysis)h(and)g(v)m(eri\014cation)g(\(in)g(par-)244
3748 y(ticular)31 b(pro)s(ofs)h(of)g(correctness\).)0
3969 y(W)-8 b(e)30 b(will)d(use)k(informal)26 b(set)31
b(theoretic)e(notation)g(\(review)m(ed)i(in)d(App)s(endix)j(A\))e(to)g
(represen)m(t)0 4090 y(seman)m(tic)40 b(concepts.)67
b(This)40 b(will)e(su\016ce)j(in)e(this)h(b)s(o)s(ok)f(but)i(for)e
(other)h(purp)s(oses)h(greater)0 4210 y(notational)25
b(precision)i(\(that)g(is,)h(formalit)m(y\))d(ma)m(y)i(b)s(e)g(needed,)
j(for)d(example)g(when)i(pro)s(cess-)0 4330 y(ing)j(seman)m(tic)h
(descriptions)f(b)m(y)i(mac)m(hine)f(as)g(in)f(seman)m(tics)h(directed)
g(compiler-compilers)0 4451 y(or)f(mac)m(hine)g(assisted)i(pro)s(of)d
(c)m(hec)m(k)m(ers.)0 4806 y Fj(1.1)161 b(Seman)l(tic)52
b(description)h(metho)t(ds)0 5032 y Fu(It)45 b(is)f(customary)h(to)f
(distinguish)f(b)s(et)m(w)m(een)k(the)e(syn)m(tax)i(and)d(the)i(seman)m
(tics)e(of)h(a)f(pro-)0 5153 y(gramming)34 b(language.)55
b(The)37 b Fs(syntax)49 b Fu(is)36 b(concerned)j(with)d(the)h
(grammatical)c(structure)38 b(of)0 5273 y(programs.)43
b(So)32 b(a)g(syn)m(tactic)i(analysis)e(of)g(the)h(program)244
5494 y Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p
Fu(;)g Fr(y)p Fu(:=)p Fr(z)1712 5849 y Fu(1)p eop
%%Page: 2 12
2 11 bop 251 130 a Fw(2)2631 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 283 515 a Fu(will)32 b(realize)i(that)g(it)f(consists)
i(of)f(three)h(statemen)m(ts)g(separated)g(b)m(y)h(the)e(sym)m(b)s(ol)g
(`;'.)49 b(Eac)m(h)283 636 y(of)36 b(these)i(statemen)m(ts)f(has)g(the)
g(form)e(of)h(a)g(v)-5 b(ariable)35 b(follo)m(w)m(ed)g(b)m(y)i(the)g
(comp)s(osite)f(sym)m(b)s(ol)283 756 y(`:=')d(and)g(an)f(expression)i
(whic)m(h)f(is)f(just)h(a)g(v)-5 b(ariable.)430 878 y(The)42
b Fs(semantics)48 b Fu(is)40 b(concerned)j(with)d(the)i(meaning)d(of)h
(grammatically)d(correct)k(pro-)283 998 y(grams.)57 b(So)37
b(it)f(will)f(express)k(that)e(the)g(meaning)f(of)h(the)g(ab)s(o)m(v)m
(e)h(program)e(is)g(to)h(exc)m(hange)283 1118 y(the)i(v)-5
b(alues)38 b(of)f(the)h(v)-5 b(ariables)37 b Fr(x)h Fu(and)g
Fr(y)g Fu(\(and)g(setting)g Fr(z)g Fu(to)f(the)i(\014nal)e(v)-5
b(alue)37 b(of)g Fr(y)p Fu(\).)60 b(If)38 b(w)m(e)283
1239 y(w)m(ere)33 b(to)e(explain)g(this)g(in)g(more)f(detail)g(w)m(e)j
(w)m(ould)e(lo)s(ok)f(at)h(the)h(grammatical)c(structure)k(of)283
1359 y(the)h(program)f(and)g(use)i(explanations)e(of)g(the)h(meanings)f
(of)429 1568 y Ft(\017)48 b Fu(sequences)36 b(of)c(statemen)m(ts)i
(separated)f(b)m(y)h(`;',)f(and)429 1777 y Ft(\017)48
b Fu(a)33 b(statemen)m(t)g(consisting)f(of)g(a)g(v)-5
b(ariable)31 b(follo)m(w)m(ed)g(b)m(y)j(`:=')f(and)f(an)h(expression.)
283 1986 y(The)e(actual)d(explanations)h(can)h(b)s(e)f(formalized)e(in)
i(di\013eren)m(t)h(w)m(a)m(ys.)44 b(In)30 b(this)f(b)s(o)s(ok)g(w)m(e)h
(shall)283 2106 y(consider)j(three)h(approac)m(hes.)44
b(V)-8 b(ery)34 b(roughly)-8 b(,)32 b(the)h(ideas)f(are)h(as)f(follo)m
(ws:)283 2315 y Fw(Op)s(erational)37 b(seman)m(tics:)48
b Fu(The)32 b(meaning)d(of)i(a)f(construct)i(is)e(sp)s(eci\014ed)i(b)m
(y)f(the)h(compu-)527 2435 y(tation)40 b(it)f(induces)j(when)g(it)e(is)
g(executed)j(on)d(a)h(mac)m(hine.)67 b(In)41 b(particular,)g(it)f(is)g
(of)527 2555 y(in)m(terest)33 b Fs(how)43 b Fu(the)33
b(e\013ect)g(of)g(a)f(computation)f(is)h(pro)s(duced.)283
2764 y Fw(Denotational)37 b(seman)m(tics:)48 b Fu(Meanings)29
b(are)g(mo)s(delled)e(b)m(y)i(mathematical)d(ob)5 b(jects)30
b(that)527 2885 y(represen)m(t)42 b(the)d(e\013ect)i(of)e(executing)h
(the)f(constructs.)66 b(Th)m(us)41 b Fs(only)47 b Fu(the)40
b(e\013ect)g(is)f(of)527 3005 y(in)m(terest,)34 b(not)e(ho)m(w)h(it)f
(is)g(obtained.)283 3214 y Fw(Axiomatic)j(seman)m(tics:)48
b Fu(Sp)s(eci\014c)i(prop)s(erties)g(of)f(the)h(e\013ect)h(of)e
(executing)h(the)g(con-)527 3334 y(structs)31 b(are)f(expressed)j(as)c
Fs(assertions)p Fu(.)42 b(Th)m(us)31 b(there)g(ma)m(y)e(b)s(e)h(asp)s
(ects)h(of)e(the)i(execu-)527 3455 y(tions)h(that)h(are)f(ignored.)283
3663 y(T)-8 b(o)32 b(get)g(a)g(feeling)f(for)g(their)h(di\013eren)m(t)g
(nature)g(let)f(us)i(see)g(ho)m(w)g(they)g(express)h(the)e(meaning)283
3784 y(of)h(the)g(example)f(program)f(ab)s(o)m(v)m(e.)283
4079 y Fp(Op)t(erational)47 b(seman)l(tics)f(\(Chapter)g(2\))283
4266 y Fu(An)34 b(op)s(erational)c(explanation)i(of)g(the)h(meaning)f
(of)g(a)g(construct)i(will)d(tell)g(ho)m(w)j(to)e Fs(exe)-5
b(cute)283 4387 y Fu(it:)429 4595 y Ft(\017)48 b Fu(T)-8
b(o)30 b(execute)i(a)e(sequence)j(of)c(statemen)m(ts)i(separated)g(b)m
(y)g(`;')g(w)m(e)g(execute)h(the)e(individ-)527 4716
y(ual)i(statemen)m(ts)h(one)g(after)g(the)g(other)f(and)h(from)e(left)h
(to)g(righ)m(t.)429 4925 y Ft(\017)48 b Fu(T)-8 b(o)31
b(execute)h(a)f(statemen)m(t)g(consisting)e(of)h(a)h(v)-5
b(ariable)28 b(follo)m(w)m(ed)i(b)m(y)h(`:=')g(and)g(another)527
5045 y(v)-5 b(ariable)35 b(w)m(e)j(determine)e(the)i(v)-5
b(alue)36 b(of)g(the)h(second)h(v)-5 b(ariable)35 b(and)i(assign)f(it)g
(to)g(the)527 5165 y(\014rst)d(v)-5 b(ariable.)283 5374
y(W)d(e)34 b(shall)e(record)i(the)g(execution)g(of)f(the)h(example)f
(program)f(in)h(a)g(state)h(where)h Fr(x)f Fu(has)f(the)283
5494 y(v)-5 b(alue)32 b Fw(5)p Fu(,)h Fr(y)g Fu(the)g(v)-5
b(alue)32 b Fw(7)g Fu(and)h Fr(z)g Fu(the)g(v)-5 b(alue)32
b Fw(0)g Fu(b)m(y)i(the)f(follo)m(wing)d(\\deriv)-5 b(ation)31
b(sequence":)p eop
%%Page: 3 13
3 12 bop 0 130 a Fw(1.1)112 b(Seman)m(tic)37 b(description)f(metho)s
(ds)1685 b(3)p 0 193 3473 4 v 493 500 a Ft(h)p Fr(z)p
Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(y)p Fu(;)g
Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p Fr(x)p Ft(7!)p Fw(5)p
Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f Fr(z)p Ft(7!)p
Fw(0)p Fu(])p Ft(i)294 668 y(\))364 b(h)p Fr(x)p Fu(:=)p
Fr(y)p Fu(;)33 b Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p
Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p
Fu(,)f Fr(z)p Ft(7!)p Fw(5)p Fu(])p Ft(i)294 835 y(\))629
b(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p Fr(x)p Ft(7!)p
Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f Fr(z)p
Ft(7!)p Fw(5)p Fu(])p Ft(i)294 1003 y(\))1020 b Fu([)p
Fr(x)p Ft(7!)p Fw(7)p Fu(,)32 b Fr(y)p Ft(7!)p Fw(5)p
Fu(,)h Fr(z)p Ft(7!)p Fw(5)p Fu(])0 1193 y(In)45 b(the)f(\014rst)h
(step)g(w)m(e)h(execute)g(the)f(statemen)m(t)g Fr(z)p
Fu(:=)p Fr(x)f Fu(and)h(the)f(v)-5 b(alue)44 b(of)g Fr(z)g
Fu(is)g(c)m(hanged)0 1313 y(to)f Fw(5)g Fu(whereas)i(those)f(of)f
Fr(x)g Fu(and)h Fr(y)f Fu(are)h(unc)m(hanged.)77 b(The)44
b(remaining)d(program)h(is)h(no)m(w)0 1434 y Fr(x)p Fu(:=)p
Fr(y)p Fu(;)33 b Fr(y)p Fu(:=)p Fr(z)q Fu(.)70 b(After)42
b(the)g(second)g(step)h(the)f(v)-5 b(alue)41 b(of)g Fr(x)h
Fu(is)f Fw(7)g Fu(and)h(w)m(e)h(are)e(left)g(with)g(the)0
1554 y(program)32 b Fr(y)p Fu(:=)p Fr(z)p Fu(.)45 b(The)34
b(third)e(and)h(\014nal)g(step)g(of)g(the)g(computation)f(will)f(c)m
(hange)j(the)f(v)-5 b(alue)0 1675 y(of)32 b Fr(y)h Fu(to)f
Fw(5)p Fu(.)44 b(Therefore)34 b(the)f(initial)c(v)-5
b(alues)32 b(of)g Fr(x)h Fu(and)g Fr(y)g Fu(ha)m(v)m(e)h(b)s(een)f(exc)
m(hanged,)i(using)d Fr(z)h Fu(as)0 1795 y(a)f(temp)s(orary)g(v)-5
b(ariable.)146 1915 y(This)45 b(explanation)d(giv)m(es)j(an)f
Fs(abstr)-5 b(action)51 b Fu(of)43 b(ho)m(w)i(the)f(program)f(is)h
(executed)i(on)e(a)0 2036 y(mac)m(hine.)65 b(It)40 b(is)g(imp)s(ortan)m
(t)e(to)h(observ)m(e)j(that)e(it)f(is)g(indeed)i(an)f(abstraction:)57
b(w)m(e)41 b(ignore)0 2156 y(details)21 b(lik)m(e)g(use)j(of)d
(registers)i(and)f(addresses)i(for)e(v)-5 b(ariables.)39
b(So)22 b(the)g(op)s(erational)e(seman)m(tics)0 2277
y(is)32 b(rather)h(indep)s(enden)m(t)h(of)e(mac)m(hine)g(arc)m
(hitectures)h(and)g(implemen)m(tation)c(strategies.)146
2397 y(In)24 b(Chapter)h(2)e(w)m(e)i(shall)d(formalize)f(this)j(kind)f
(of)h(op)s(erational)d(seman)m(tics)j(whic)m(h)g(is)f(often)0
2517 y(called)36 b Fs(structur)-5 b(al)40 b(op)-5 b(er)g(ational)38
b(semantics)44 b Fu(\(or)37 b(small-step)e(seman)m(tics\).)57
b(An)37 b(alternativ)m(e)0 2638 y(op)s(erational)20 b(seman)m(tics)i
(is)g(called)f Fs(natur)-5 b(al)25 b(semantics)k Fu(\(or)22
b(big-step)g(seman)m(tics\))g(and)g(di\013ers)0 2758
y(from)34 b(the)i(structural)f(op)s(erational)e(seman)m(tics)j(b)m(y)g
(hiding)e(ev)m(en)j(more)e(execution)h(details.)0 2878
y(In)e(the)f(natural)g(seman)m(tics)g(the)h(execution)g(of)f(the)h
(example)e(program)g(in)h(the)h(same)f(state)0 2999 y(as)g(b)s(efore)f
(will)f(b)s(e)h(represen)m(ted)k(b)m(y)d(the)g(follo)m(wing)d(\\deriv)
-5 b(ation)31 b(tree":)294 3187 y Ft(h)o Fr(z)p Fu(:=)p
Fr(x)p Fu(,)j Fs(s)646 3202 y Fn(0)685 3187 y Ft(i)e(!)g
Fs(s)936 3202 y Fn(1)1293 3187 y Ft(h)p Fr(x)p Fu(:=)p
Fr(y)p Fu(,)h Fs(s)1645 3202 y Fn(1)1685 3187 y Ft(i)f(!)g
Fs(s)1936 3202 y Fn(2)p 244 3274 1782 4 v 661 3475 a
Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p
Fu(,)g Fs(s)1278 3490 y Fn(0)1317 3475 y Ft(i)g(!)f Fs(s)1569
3490 y Fn(2)2293 3475 y Ft(h)p Fr(y)p Fu(:=)p Fr(z)p
Fu(,)h Fs(s)2645 3490 y Fn(2)2684 3475 y Ft(i)g(!)f Fs(s)2936
3490 y Fn(3)p 244 3562 2782 4 v 1028 3763 a Ft(h)p Fr(z)p
Fu(:=)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p Fu(;)g Fr(y)p
Fu(:=)p Fr(z)p Fu(,)g Fs(s)1910 3778 y Fn(0)1950 3763
y Ft(i)f(!)g Fs(s)2201 3778 y Fn(3)0 3954 y Fu(where)i(w)m(e)f(ha)m(v)m
(e)h(used)g(the)f(abbreviations:)294 4123 y Fs(s)342
4138 y Fn(0)481 4123 y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(5)p
Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o
Fw(0)p Fu(])294 4290 y Fs(s)342 4305 y Fn(1)481 4290
y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p
Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(5)p Fu(])294
4458 y Fs(s)342 4473 y Fn(2)481 4458 y Fu(=)99 b([)p
Fr(x)p Ft(7!)p Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p
Fu(,)g Fr(z)p Ft(7!)o Fw(5)p Fu(])294 4626 y Fs(s)342
4641 y Fn(3)481 4626 y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(7)p
Fu(,)33 b Fr(y)p Ft(7!)p Fw(5)p Fu(,)g Fr(z)p Ft(7!)o
Fw(5)p Fu(])0 4816 y(This)i(is)f(to)h(b)s(e)g(read)g(as)g(follo)m(ws:)
47 b(The)36 b(execution)f(of)g Fr(z)p Fu(:=)p Fr(x)g
Fu(in)f(the)h(state)h Fs(s)2857 4831 y Fn(0)2931 4816
y Fu(will)c(result)j(in)0 4936 y(the)30 b(state)g Fs(s)449
4951 y Fn(1)518 4936 y Fu(and)g(the)g(execution)g(of)f
Fr(x)p Fu(:=)p Fr(y)h Fu(in)f(state)h Fs(s)2041 4951
y Fn(1)2110 4936 y Fu(will)d(result)j(in)e(state)i Fs(s)2954
4951 y Fn(2)2994 4936 y Fu(.)42 b(Therefore)0 5057 y(the)33
b(execution)h(of)e Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p
Fu(:=)p Fr(y)h Fu(in)e(state)h Fs(s)1621 5072 y Fn(0)1693
5057 y Fu(will)e(giv)m(e)h(state)i Fs(s)2366 5072 y Fn(2)2405
5057 y Fu(.)44 b(F)-8 b(urthermore,)33 b(execution)0
5177 y(of)k Fr(y)p Fu(:=)p Fr(z)h Fu(in)f(state)h Fs(s)770
5192 y Fn(2)847 5177 y Fu(will)d(giv)m(e)j(state)g Fs(s)1534
5192 y Fn(3)1611 5177 y Fu(so)g(in)e(total)h(the)h(execution)g(of)f
(the)h(program)e(in)0 5297 y(state)d Fs(s)287 5312 y
Fn(0)359 5297 y Fu(will)d(giv)m(e)j(the)g(resulting)e(state)i
Fs(s)1600 5312 y Fn(3)1640 5297 y Fu(.)43 b(This)33 b(is)f(expressed)k
(b)m(y)244 5494 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)d
Fr(x)p Fu(:=)p Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(,)g
Fs(s)1126 5509 y Fn(0)1165 5494 y Ft(i)g(!)f Fs(s)1417
5509 y Fn(3)p eop
%%Page: 4 14
4 13 bop 251 130 a Fw(4)2631 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 283 515 a Fu(but)33 b(no)m(w)h(w)m(e)f(ha)m(v)m(e)h
(hidden)f(the)g(ab)s(o)m(v)m(e)g(explanation)f(of)g(ho)m(w)h(it)e(w)m
(as)j(actually)d(obtained.)430 637 y(In)39 b(Chapter)g(3)g(w)m(e)h
(shall)d(use)j(the)f(natural)f(seman)m(tics)h(as)g(the)g(basis)g(for)f
(pro)m(ving)g(the)283 758 y(correctness)d(of)d(an)h(implemen)m(tation)c
(of)j(a)h(simple)e(programming)e(language.)283 1057 y
Fp(Denotational)48 b(seman)l(tics)e(\(Chapter)g(4\))283
1246 y Fu(In)38 b(the)f(denotational)e(seman)m(tics)j(w)m(e)g(concen)m
(trate)g(on)f(the)h Fs(e\013e)-5 b(ct)46 b Fu(of)36 b(executing)i(the)f
(pro-)283 1366 y(grams)32 b(and)h(w)m(e)h(shall)d(mo)s(del)g(this)h(b)m
(y)h(mathematical)d(functions:)429 1578 y Ft(\017)48
b Fu(The)h(e\013ect)g(of)e(a)h(sequence)i(of)e(statemen)m(ts)h
(separated)f(b)m(y)h(`;')56 b(is)47 b(the)h(functional)527
1699 y(comp)s(osition)31 b(of)h(the)h(e\013ects)h(of)e(the)h
(individual)d(statemen)m(ts.)429 1911 y Ft(\017)48 b
Fu(The)26 b(e\013ect)g(of)e(a)h(statemen)m(t)g(consisting)f(of)h(a)f(v)
-5 b(ariable)23 b(follo)m(w)m(ed)h(b)m(y)i(`:=')f(and)g(another)527
2031 y(v)-5 b(ariable)33 b(is)h(the)h(function)f(that)g(giv)m(en)h(a)f
(state)h(will)d(pro)s(duce)k(a)e(new)h(state:)48 b(it)34
b(is)g(as)527 2151 y(the)j(original)c(one)j(except)i(that)e(the)g(v)-5
b(alue)36 b(of)g(the)g(\014rst)h(v)-5 b(ariable)34 b(of)i(the)g
(statemen)m(t)527 2272 y(is)c(equal)h(to)f(that)g(of)h(the)g(second)g
(v)-5 b(ariable.)283 2484 y(F)d(or)49 b(the)h(example)e(program)g(w)m
(e)i(obtain)f(functions)g(written)g Ft(S)8 b Fu([)-17
b([)p Fr(z)p Fu(:=)p Fr(x)p Fu(])g(])q(,)54 b Ft(S)8
b Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(,)54
b(and)283 2604 y Ft(S)8 b Fu([)-17 b([)q Fr(y)p Fu(:=)p
Fr(z)p Fu(])g(])44 b(for)f(eac)m(h)i(of)e(the)g(assignmen)m(t)h
(statemen)m(ts)g(and)g(for)e(the)i(o)m(v)m(erall)f(program)f(w)m(e)283
2725 y(get)33 b(the)g(function)527 2937 y Ft(S)8 b Fu([)-17
b([)q Fr(z)p Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p
Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(])-17 b(])34 b(=)e
Ft(S)8 b Fu([)-17 b([)p Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])34
b Ft(\016)e(S)8 b Fu([)-17 b([)q Fr(x)p Fu(:=)p Fr(y)p
Fu(])g(])33 b Ft(\016)g(S)7 b Fu([)-17 b([)q Fr(z)p Fu(:=)p
Fr(x)p Fu(])g(])283 3149 y(Note)45 b(that)g(the)g Fs(or)-5
b(der)55 b Fu(of)44 b(the)h(statemen)m(ts)g(ha)m(v)m(e)h(c)m(hanged)g
(b)s(ecause)g(w)m(e)g(use)f(the)g(usual)283 3269 y(notation)36
b(for)h(function)g(comp)s(osition)e(where)k(\()p Fs(f)58
b Ft(\016)37 b Fs(g)9 b Fu(\))37 b Fs(s)46 b Fu(means)37
b Fs(f)58 b Fu(\()p Fs(g)46 b(s)8 b Fu(\).)58 b(If)37
b(w)m(e)i(w)m(an)m(t)f(to)283 3390 y(determine)g(the)g(e\013ect)h(of)e
(executing)i(the)f(program)f(on)g(a)h(particular)e(state)i(then)h(w)m
(e)g(can)283 3510 y Fs(apply)i Fu(the)33 b(function)f(to)h(that)f
(state)h(and)g Fs(c)-5 b(alculate)39 b Fu(the)33 b(resulting)f(state)h
(as)g(follo)m(ws:)527 3722 y Ft(S)8 b Fu([)-17 b([)q
Fr(z)p Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(y)p
Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(])-17 b(])q(\([)p Fr(x)p
Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f
Fr(z)p Ft(7!)p Fw(0)p Fu(]\))796 3890 y(=)g(\()p Ft(S)8
b Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])33 b
Ft(\016)g(S)8 b Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p
Fu(])g(])34 b Ft(\016)e(S)8 b Fu([)-17 b([)p Fr(z)p Fu(:=)p
Fr(x)p Fu(])g(])r(\)\([)p Fr(x)p Ft(7!)o Fw(5)p Fu(,)33
b Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(0)p
Fu(]\))796 4057 y(=)f Ft(S)8 b Fu([)-17 b([)q Fr(y)p
Fu(:=)p Fr(z)p Fu(])g(])q(\()p Ft(S)8 b Fu([)-17 b([)p
Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(\()p Ft(S)8 b Fu([)-17
b([)q Fr(z)p Fu(:=)p Fr(x)p Fu(])g(])q(\([)p Fr(x)p Ft(7!)p
Fw(5)p Fu(,)32 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)h Fr(z)p
Ft(7!)p Fw(0)p Fu(]\)\)\))796 4225 y(=)f Ft(S)8 b Fu([)-17
b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])q(\()p Ft(S)8 b
Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(\([)p
Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p
Fu(,)f Fr(z)p Ft(7!)p Fw(5)p Fu(]\)\))796 4392 y(=)g
Ft(S)8 b Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])q(\([)p
Fr(x)p Ft(7!)p Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)o Fw(7)p
Fu(,)g Fr(z)p Ft(7!)p Fw(5)p Fu(]\))796 4560 y(=)f([)p
Fr(x)p Ft(7!)p Fw(7)p Fu(,)h Fr(y)p Ft(7!)p Fw(5)p Fu(,)g
Fr(z)p Ft(7!)p Fw(5)p Fu(])283 4772 y(Note)j(that)f(w)m(e)i(are)e(only)
g(manipulating)d(mathematical)h(ob)5 b(jects;)38 b(w)m(e)e(are)g(not)f
(concerned)283 4893 y(with)c(executing)h(programs.)42
b(The)31 b(di\013erence)h(ma)m(y)f(seem)g(small)d(for)j(a)f(program)g
(with)g(only)283 5013 y(assignmen)m(t)35 b(and)g(sequencing)i(statemen)
m(ts)f(but)f(for)f(programs)g(with)h(more)f(sophisticated)283
5133 y(constructs)g(it)e(is)g(substan)m(tial.)43 b(The)33
b(b)s(ene\014ts)h(of)e(the)g(denotational)f(approac)m(h)i(are)f(mainly)
283 5254 y(due)f(to)e(the)h(fact)f(that)g(it)g(abstracts)h(a)m(w)m(a)m
(y)h(from)d(ho)m(w)i(programs)f(are)g(executed.)45 b(Therefore)283
5374 y(it)f(b)s(ecomes)g(easier)h(to)f(reason)g(ab)s(out)g(programs)g
(as)g(it)f(simply)g(amoun)m(ts)h(to)g(reasoning)283 5494
y(ab)s(out)30 b(mathematical)e(ob)5 b(jects.)44 b(Ho)m(w)m(ev)m(er,)33
b(a)d(prerequisite)h(for)f(doing)f(so)i(is)f(to)g(establish)g(a)p
eop
%%Page: 5 15
5 14 bop 0 130 a Fw(1.1)112 b(Seman)m(tic)37 b(description)f(metho)s
(ds)1685 b(5)p 0 193 3473 4 v 0 515 a Fu(\014rm)30 b(mathematical)e
(basis)j(for)g(denotational)e(seman)m(tics)i(and)g(this)g(task)g(turns)
h(out)f(not)g(to)0 636 y(b)s(e)i(en)m(tirely)f(trivial.)146
771 y(The)48 b(denotational)e(approac)m(h)h(can)h(easily)e(b)s(e)i
(adapted)f(to)g(express)j(other)d(sorts)h(of)0 891 y(prop)s(erties)32
b(of)h(programs.)42 b(Some)32 b(examples)h(are:)145 1169
y Ft(\017)49 b Fu(Determine)29 b(whether)i(all)d(v)-5
b(ariables)29 b(are)h(initialized)c(b)s(efore)k(they)h(are)f(used)h(|)f
(if)f(not)244 1290 y(a)j(w)m(arning)g(ma)m(y)h(b)s(e)g(appropriate.)145
1568 y Ft(\017)49 b Fu(Determine)33 b(whether)i(a)e(certain)g
(expression)i(in)e(the)h(program)f(alw)m(a)m(ys)h(ev)-5
b(aluates)34 b(to)244 1688 y(a)e(constan)m(t)i(|)e(if)f(so)i(one)g(can)
g(replace)f(the)h(expression)h(b)m(y)f(the)g(constan)m(t.)145
1966 y Ft(\017)49 b Fu(Determine)23 b(whether)j(all)c(parts)i(of)g(the)
g(program)f(are)h(reac)m(hable)h(|)f(if)f(not)h(they)h(could)244
2087 y(as)33 b(w)m(ell)e(b)s(e)i(remo)m(v)m(ed)h(or)e(a)g(w)m(arning)g
(migh)m(t)g(b)s(e)g(appropriate.)0 2365 y(In)h(Chapter)g(5)g(w)m(e)g
(dev)m(elop)g(an)g(example)f(of)g(this.)146 2500 y(While)c(w)m(e)h
(prefer)g(the)g(denotational)e(approac)m(h)i(when)h(reasoning)e(ab)s
(out)g(programs)f(w)m(e)0 2620 y(ma)m(y)k(prefer)g(an)g(op)s(erational)
e(approac)m(h)j(when)g(implemen)m(ting)c(the)k(language.)41
b(It)32 b(is)e(there-)0 2741 y(fore)39 b(of)g(in)m(terest)h(whether)g
(a)f(denotational)f(de\014nition)g(is)h Fs(e)-5 b(quivalent)48
b Fu(to)39 b(an)g(op)s(erational)0 2861 y(de\014nition)32
b(and)g(this)g(is)h(studied)g(in)e(Section)i(4.3.)0 3242
y Fp(Axiomatic)46 b(seman)l(tics)g(\(Chapter)g(6\))0
3457 y Fu(Often)29 b(one)h(is)e(in)m(terested)j(in)d
Fs(p)-5 b(artial)31 b(c)-5 b(orr)g(e)g(ctness)31 b(pr)-5
b(op)g(erties)37 b Fu(of)29 b(programs:)41 b(A)29 b(program)f(is)0
3578 y(partially)j(correct,)k(with)e(resp)s(ect)i(to)f(a)f
(precondition)g(and)h(a)f(p)s(ostcondition,)g(if)g(whenev)m(er)0
3698 y(the)c(initial)c(state)30 b(ful\014ls)d(the)j(precondition)e(and)
h(the)g(program)e(terminates,)i(then)h(the)f(\014nal)0
3818 y(state)34 b(is)g(guaran)m(teed)g(to)g(ful\014l)e(the)i(p)s
(ostcondition.)46 b(F)-8 b(or)33 b(our)g(example)h(program)e(w)m(e)j
(ha)m(v)m(e)0 3939 y(the)e(partial)d(correctness)35 b(prop)s(ert)m(y:)
244 4217 y Ft(f)d Fr(x)p Fu(=)p Fr(n)h Ft(^)g Fr(y)p
Fu(=)p Fr(m)g Ft(g)f Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p
Fu(:=)p Fr(y)p Fu(;)h Fr(y)p Fu(:=)p Fr(z)f Ft(f)f Fr(y)p
Fu(=)p Fr(n)h Ft(^)g Fr(x)p Fu(=)p Fr(m)g Ft(g)0 4495
y Fu(where)k Fr(x)p Fu(=)p Fr(n)f Ft(^)g Fr(y)p Fu(=)p
Fr(m)f Fu(is)g(the)h(precondition)f(and)h Fr(y)p Fu(=)p
Fr(n)g Ft(^)f Fr(x)p Fu(=)p Fr(m)h Fu(is)f(the)h(p)s(ostcondition.)51
b(The)0 4615 y(names)33 b Fr(n)g Fu(and)g Fr(m)g Fu(are)g(used)h(to)f
(\\remem)m(b)s(er")f(the)h(initial)d(v)-5 b(alues)32
b(of)h Fr(x)g Fu(and)g Fr(y)p Fu(,)g(resp)s(ectiv)m(ely)-8
b(.)0 4736 y(The)26 b(state)f([)p Fr(x)p Ft(7!)p Fw(5)p
Fu(,)h Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)p Fw(0)p
Fu(])f(satis\014es)g(the)h(precondition)d(b)m(y)j(taking)e
Fr(n)p Fu(=)p Fw(5)h Fu(and)f Fr(m)p Fu(=)p Fw(7)h Fu(and)0
4856 y(when)37 b(w)m(e)h(ha)m(v)m(e)f Fs(pr)-5 b(ove)g(d)46
b Fu(the)37 b(partial)d(correctness)k(prop)s(ert)m(y)f(w)m(e)g(can)g
(deduce)h(that)e Fs(if)57 b Fu(the)0 4976 y(program)29
b(terminates)h Fs(then)38 b Fu(it)30 b(will)f(do)h(so)h(in)f(a)h(state)
g(where)h Fr(y)f Fu(is)f Fw(5)h Fu(and)g Fr(x)g Fu(is)f
Fw(7)p Fu(.)43 b(Ho)m(w)m(ev)m(er,)0 5097 y(the)35 b(partial)d
(correctness)37 b(prop)s(ert)m(y)e(do)s(es)g(not)f(ensure)i(that)e(the)
h(program)e Fs(wil)5 b(l)45 b Fu(terminate)0 5217 y(although)31
b(this)i(is)f(clearly)f(the)i(case)h(for)e(the)h(example)f(program.)146
5352 y(The)j(axiomatic)c(seman)m(tics)j(pro)m(vides)g(a)g
Fs(lo)-5 b(gic)g(al)35 b(system)40 b Fu(for)34 b(pro)m(ving)f(partial)e
(correct-)0 5473 y(ness)40 b(prop)s(erties)e(of)g(individual)d
(programs.)60 b(A)38 b(pro)s(of)g(of)f(the)i(ab)s(o)m(v)m(e)g(partial)d
(correctness)0 5593 y(prop)s(ert)m(y)d(ma)m(y)g(b)s(e)f(expressed)k(b)m
(y)d(the)g(follo)m(wing)d(\\pro)s(of)i(tree":)p eop
%%Page: 6 16
6 15 bop 251 130 a Fw(6)2631 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 577 668 a Ft(f)32 b Fs(p)715 683 y Fn(0)787
668 y Ft(g)h Fr(z)p Fu(:=)p Fr(x)g Ft(f)f Fs(p)1246 683
y Fn(1)1318 668 y Ft(g)317 b(f)32 b Fs(p)1823 683 y Fn(1)1895
668 y Ft(g)h Fr(x)p Fu(:=)p Fr(y)g Ft(f)f Fs(p)2354 683
y Fn(2)2426 668 y Ft(g)p 527 754 1999 4 v 999 956 a(f)g
Fs(p)1137 971 y Fn(0)1209 956 y Ft(g)g Fr(z)p Fu(:=)p
Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)g Ft(f)g Fs(p)1933
971 y Fn(2)2004 956 y Ft(g)739 b(f)32 b Fs(p)2931 971
y Fn(2)3003 956 y Ft(g)h Fr(y)p Fu(:=)p Fr(z)g Ft(f)f
Fs(p)3462 971 y Fn(3)3534 956 y Ft(g)p 527 1042 3107
4 v 1420 1244 a(f)g Fs(p)1558 1259 y Fn(0)1630 1244 y
Ft(g)g Fr(z)p Fu(:=)p Fr(x)p Fu(;)i Fr(x)p Fu(:=)p Fr(y)p
Fu(;)f Fr(y)p Fu(:=)p Fr(z)g Ft(f)f Fs(p)2619 1259 y
Fn(3)2691 1244 y Ft(g)283 1436 y Fu(where)i(w)m(e)g(ha)m(v)m(e)g(used)g
(the)f(abbreviations)577 1608 y Fs(p)633 1623 y Fn(0)772
1608 y Fu(=)100 b Fr(x)p Fu(=)p Fr(n)33 b Ft(^)f Fr(y)p
Fu(=)p Fr(m)577 1775 y Fs(p)633 1790 y Fn(1)772 1775
y Fu(=)100 b Fr(z)p Fu(=)p Fr(n)33 b Ft(^)f Fr(y)p Fu(=)p
Fr(m)577 1943 y Fs(p)633 1958 y Fn(2)772 1943 y Fu(=)100
b Fr(z)p Fu(=)p Fr(n)33 b Ft(^)f Fr(x)p Fu(=)p Fr(m)577
2111 y Fs(p)633 2126 y Fn(3)772 2111 y Fu(=)100 b Fr(y)p
Fu(=)p Fr(n)33 b Ft(^)f Fr(x)p Fu(=)p Fr(m)283 2303 y
Fu(W)-8 b(e)39 b(ma)m(y)f(view)h(the)f(logical)e(system)j(as)f(a)g(sp)s
(eci\014cation)g(of)g(only)f(certain)h(asp)s(ects)i(of)d(the)283
2424 y(seman)m(tics.)42 b(It)27 b(usually)f(do)s(es)i(not)e(capture)i
(all)d(asp)s(ects)j(for)e(the)h(simple)f(reason)h(that)g(all)d(the)283
2544 y(partial)32 b(correctness)k(prop)s(erties)e(listed)g(b)s(elo)m(w)
f(can)i(b)s(e)f(pro)m(v)m(ed)i(using)d(the)i(logical)c(system)283
2664 y(but)i(certainly)f(w)m(e)i(w)m(ould)e(not)h(regard)f(the)h
(programs)f(as)h(b)s(eha)m(ving)f(in)g(the)h(same)f(w)m(a)m(y:)552
2832 y Ft(f)h Fr(x)p Fu(=)p Fr(n)f Ft(^)h Fr(y)p Fu(=)p
Fr(m)g Ft(g)g Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)g Ft(f)f Fr(y)p Fu(=)p
Fr(n)h Ft(^)g Fr(x)p Fu(=)p Fr(m)g Ft(g)550 3000 y(f)d
Fr(x)p Fu(=)p Fr(n)h Ft(^)g Fr(y)p Fu(=)p Fr(m)f Ft(g)h
Fr(if)g(x)p Fu(=)p Fr(y)f(then)i(skip)f(else)h Fu(\()p
Fr(z)p Fu(:=)p Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(y)p Fu(;)h
Fr(y)p Fu(:=)p Fr(z)p Fu(\))f Ft(f)f Fr(y)p Fu(=)p Fr(n)h
Ft(^)f Fr(x)p Fu(=)p Fr(m)h Ft(g)552 3167 y(f)i Fr(x)p
Fu(=)p Fr(n)f Ft(^)h Fr(y)p Fu(=)p Fr(m)g Ft(g)g Fr(while)g(true)h(do)f
(skip)h Ft(f)e Fr(y)p Fu(=)p Fr(n)h Ft(^)g Fr(x)p Fu(=)p
Fr(m)g Ft(g)283 3335 y Fu(The)26 b(b)s(ene\014ts)f(of)f(the)h
(axiomatic)d(approac)m(h)j(are)f(that)g(the)h(logical)c(systems)26
b(pro)m(vide)f(an)f(easy)283 3455 y(w)m(a)m(y)29 b(of)e(pro)m(ving)g
(prop)s(erties)g(of)g(programs)f(|)h(and)g(to)g(a)g(large)f(exten)m(t)j
(it)d(has)i(b)s(een)g(p)s(ossible)283 3576 y(to)42 b(automate)e(it.)69
b(Of)41 b(course)i(this)e(is)g(only)g(w)m(orth)m(while)g(if)g(the)h
(axiomatic)d(seman)m(tics)i(is)283 3696 y(faithful)31
b(to)i(the)g(\\more)f(general")g(\(denotational)f(or)h(op)s
(erational\))f(seman)m(tics)i(w)m(e)g(ha)m(v)m(e)i(in)283
3816 y(mind)d(and)g(w)m(e)i(shall)d(discuss)j(this)e(in)g(Section)g
(6.3.)283 4104 y Fp(The)45 b(complemen)l(tary)h(view)283
4289 y Fu(It)30 b(is)g(imp)s(ortan)m(t)e(to)h(note)h(that)g(these)h
(kinds)f(of)g(seman)m(tics)g(are)g Fs(not)39 b Fu(riv)-5
b(al)28 b(approac)m(hes,)k(but)283 4410 y(are)25 b(di\013eren)m(t)g
(tec)m(hniques)h(appropriate)e(for)g(di\013eren)m(t)h(purp)s(oses)h
(and)e(|)h(to)f(some)g(exten)m(t)i(|)283 4530 y(for)32
b(di\013eren)m(t)g(programming)c(languages.)43 b(T)-8
b(o)32 b(stress)h(this,)f(the)g(dev)m(elopmen)m(t)g(will)d(address)283
4650 y(the)k(follo)m(wing)d(issues:)429 4850 y Ft(\017)48
b Fu(It)53 b(will)e(dev)m(elop)j(eac)m(h)g(of)e(the)i(approac)m(hes)g
(for)e(a)h(simple)f(language)g(of)g Fr(while)p Fu(-)527
4970 y(programs.)429 5172 y Ft(\017)c Fu(It)40 b(will)d(illustrate)h
(the)i(p)s(o)m(w)m(er)g(and)g(w)m(eakness)i(of)e(eac)m(h)g(of)f(the)h
(approac)m(hes)h(b)m(y)g(ex-)527 5292 y(tending)33 b(the)g
Fr(while)p Fu(-language)f(with)g(other)h(programming)c(constructs.)429
5494 y Ft(\017)48 b Fu(It)25 b(will)e(pro)m(v)m(e)j(the)f(relationship)
e(b)s(et)m(w)m(een)k(the)e(approac)m(hes)h(for)f(the)g
Fr(while)p Fu(-language.)p eop
%%Page: 7 17
7 16 bop 0 130 a Fw(1.2)112 b(The)38 b(example)f(language)h(While)1734
b(7)p 0 193 3473 4 v 145 515 a Ft(\017)49 b Fu(It)32
b(will)d(giv)m(e)i(examples)h(of)f(applications)e(of)i(the)h(seman)m
(tic)g(descriptions)f(in)g(order)h(to)244 636 y(illustrate)e(their)i
(merits.)0 967 y Fj(1.2)161 b(The)53 b(example)h(language)g(While)0
1186 y Fu(This)37 b(b)s(o)s(ok)f(illustrates)e(the)j(v)-5
b(arious)36 b(forms)f(of)h(seman)m(tics)h(on)f(a)g(v)m(ery)i(simple)d
(imp)s(erativ)m(e)0 1307 y(programming)30 b(language)h(called)g
Fw(While)p Fu(.)42 b(As)33 b(a)g(\014rst)g(step)g(w)m(e)h(m)m(ust)f(sp)
s(ecify)g(its)f(syn)m(tax.)146 1427 y(The)26 b(syn)m(tactic)g(notation)
d(w)m(e)j(use)f(is)g(based)g(on)g(BNF.)g(First)e(w)m(e)j(list)d(the)j
(v)-5 b(arious)24 b Fs(syntac-)0 1548 y(tic)29 b(c)-5
b(ate)g(gories)33 b Fu(and)26 b(giv)m(e)f(a)h(meta-v)-5
b(ariable)23 b(that)i(will)f(b)s(e)i(used)h(to)e(range)h(o)m(v)m(er)h
Fs(c)-5 b(onstructs)34 b Fu(of)0 1668 y(eac)m(h)f(category)-8
b(.)44 b(F)-8 b(or)32 b(our)g(language)g(the)h(meta-v)-5
b(ariables)30 b(and)j(categories)f(are)h(as)f(follo)m(ws:)244
1865 y Fs(n)40 b Fu(will)30 b(range)i(o)m(v)m(er)i(n)m(umerals,)e
Fw(Num)p Fu(,)244 2032 y Fs(x)44 b Fu(will)30 b(range)j(o)m(v)m(er)h(v)
-5 b(ariables,)31 b Fw(V)-9 b(ar)p Fu(,)244 2200 y Fs(a)40
b Fu(will)30 b(range)i(o)m(v)m(er)i(arithmetic)d(expressions,)j
Fw(Aexp)p Fu(,)244 2367 y Fs(b)k Fu(will)31 b(range)h(o)m(v)m(er)i(b)s
(o)s(olean)d(expressions,)j Fw(Bexp)p Fu(,)f(and)244
2535 y Fs(S)44 b Fu(will)30 b(range)j(o)m(v)m(er)h(statemen)m(ts,)f
Fw(Stm)p Fu(.)0 2732 y(The)k(meta-v)-5 b(ariables)34
b(can)i(b)s(e)h(primed)e(or)g(subscripted.)56 b(So,)37
b(for)f(example,)g Fs(n)7 b Fu(,)37 b Fs(n)3117 2696
y Fi(0)3141 2732 y Fu(,)g Fs(n)3267 2747 y Fn(1)3307
2732 y Fu(,)g Fs(n)3433 2747 y Fn(2)0 2852 y Fu(all)30
b(stand)k(for)e(n)m(umerals.)146 2972 y(W)-8 b(e)31 b(assume)g(that)f
(the)h(structure)g(of)f(n)m(umerals)g(and)g(v)-5 b(ariables)29
b(is)h(giv)m(en)g(elsewhere;)j(for)0 3093 y(example)38
b(n)m(umerals)f(migh)m(t)g(b)s(e)h(strings)g(of)g(digits,)g(and)g(v)-5
b(ariables)37 b(strings)h(of)f(letters)h(and)0 3213 y(digits)31
b(starting)h(with)g(a)g(letter.)43 b(The)34 b(structure)g(of)e(the)h
(other)f(constructs)j(is:)294 3401 y Fs(a)116 b Fu(::=)100
b Fs(n)40 b Ft(j)32 b Fs(x)44 b Ft(j)32 b Fs(a)1051 3416
y Fn(1)1124 3401 y Fu(+)g Fs(a)1289 3416 y Fn(2)1361
3401 y Ft(j)g Fs(a)1478 3416 y Fn(1)1551 3401 y Fo(?)g
Fs(a)1689 3416 y Fn(2)1761 3401 y Ft(j)g Fs(a)1878 3416
y Fn(1)1950 3401 y Ft(\000)h Fs(a)2117 3416 y Fn(2)294
3569 y Fs(b)121 b Fu(::=)100 b Fr(true)33 b Ft(j)g Fr(false)g
Ft(j)g Fs(a)1394 3584 y Fn(1)1466 3569 y Fu(=)f Fs(a)1631
3584 y Fn(2)1703 3569 y Ft(j)h Fs(a)1821 3584 y Fn(1)1893
3569 y Ft(\024)g Fs(a)2060 3584 y Fn(2)2132 3569 y Ft(j)f(:)q
Fs(b)38 b Ft(j)32 b Fs(b)2453 3584 y Fn(1)2525 3569 y
Ft(^)h Fs(b)2675 3584 y Fn(2)294 3737 y Fs(S)111 b Fu(::=)100
b Fs(x)44 b Fu(:=)33 b Fs(a)39 b Ft(j)33 b Fr(skip)g
Ft(j)f Fs(S)1429 3752 y Fn(1)1501 3737 y Fu(;)h Fs(S)1628
3752 y Fn(2)1700 3737 y Ft(j)f Fr(if)h Fs(b)38 b Fr(then)c
Fs(S)2283 3752 y Fn(1)2355 3737 y Fr(else)f Fs(S)2659
3752 y Fn(2)511 3904 y Ft(j)151 b Fr(while)34 b Fs(b)k
Fr(do)33 b Fs(S)0 4094 y Fu(Th)m(us,)39 b(a)e(b)s(o)s(olean)e
(expression)j Fs(b)43 b Fu(can)37 b(only)f(ha)m(v)m(e)i(one)f(of)f(six)
h(forms.)55 b(It)37 b(is)f(called)g(a)g Fs(b)-5 b(asis)0
4214 y(element)37 b Fu(if)27 b(it)h(is)g Fr(true)h Fu(or)f
Fr(false)i Fu(or)e(has)h(the)g(form)e Fs(a)2002 4229
y Fn(1)2074 4214 y Fu(=)33 b Fs(a)2240 4229 y Fn(2)2308
4214 y Fu(or)28 b Fs(a)2480 4229 y Fn(1)2552 4214 y Ft(\024)33
b Fs(a)2719 4229 y Fn(2)2787 4214 y Fu(where)d Fs(a)3122
4229 y Fn(1)3190 4214 y Fu(and)f Fs(a)3433 4229 y Fn(2)0
4335 y Fu(are)35 b(arithmetic)f(expressions.)54 b(It)35
b(is)g(called)g(a)g Fs(c)-5 b(omp)g(osite)36 b(element)44
b Fu(if)35 b(it)f(has)i(the)g(form)e Ft(:)q Fs(b)0 4455
y Fu(where)g Fs(b)k Fu(is)31 b(a)h(b)s(o)s(olean)f(expression,)j(or)e
(the)h(form)e Fs(b)1971 4470 y Fn(1)2042 4455 y Ft(^)i
Fs(b)2192 4470 y Fn(2)2263 4455 y Fu(where)h Fs(b)2596
4470 y Fn(1)2668 4455 y Fu(and)e Fs(b)2908 4470 y Fn(2)2980
4455 y Fu(are)g(b)s(o)s(olean)0 4576 y(expressions.)45
b(Similar)29 b(remarks)k(apply)f(to)h(arithmetic)d(expressions)k(and)f
(statemen)m(ts.)146 4696 y(The)g(sp)s(eci\014cation)e(ab)s(o)m(v)m(e)i
(de\014nes)g(the)f Fs(abstr)-5 b(act)34 b(syntax)44 b
Fu(of)31 b Fw(While)f Fu(in)h(that)g(it)g(simply)0 4816
y(sa)m(ys)39 b(ho)m(w)g(to)e(build)f(arithmetic)g(expressions,)41
b(b)s(o)s(olean)36 b(expressions)k(and)d(statemen)m(ts)i(in)0
4937 y(the)d(language.)51 b(One)36 b(w)m(a)m(y)h(to)e(think)g(of)g(the)
h(abstract)g(syn)m(tax)h(is)e(as)h(sp)s(ecifying)f(the)h(parse)0
5057 y(trees)42 b(of)f(the)h(language)e(and)i(it)e(will)f(then)j(b)s(e)
g(the)f(purp)s(ose)h(of)f(the)h Fs(c)-5 b(oncr)g(ete)42
b(syntax)54 b Fu(to)0 5177 y(pro)m(vide)33 b(su\016cien)m(t)h
(information)29 b(that)j(enable)h(unique)g(parse)g(trees)h(to)e(b)s(e)h
(constructed.)146 5298 y(So)g(giv)m(en)g(the)g(string)e(of)i(c)m
(haracters:)244 5494 y Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p
Fu(:=)p Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p eop
%%Page: 8 18
8 17 bop 251 130 a Fw(8)2631 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 283 515 a Fu(the)47 b(concrete)h(syn)m(tax)g(of)d(the)
i(language)e(m)m(ust)i(b)s(e)f(able)g(to)g(resolv)m(e)h(whic)m(h)g(of)e
(the)i(t)m(w)m(o)283 636 y(abstract)33 b(syn)m(tax)i(trees)e(b)s(elo)m
(w)f(it)g(is)g(in)m(tended)h(to)g(represen)m(t:)2799
794 y Fs(S)2467 1209 y(S)285 b Fu(;)297 b Fs(S)2733 918
y Fq(\000)2650 1001 y(\000)2567 1084 y(\000)2525 1126
y(\000)p 2814 1126 4 291 v 2816 918 a(@)2899 1001 y(@)2982
1084 y(@)3023 1126 y(@)2218 1624 y Fs(S)202 b Fu(;)214
b Fs(S)2421 1333 y Fq(\023)2359 1416 y(\023)2297 1499
y(\023)2276 1527 y(\023)p 2482 1541 V 2484 1333 a(S)2546
1416 y(S)2608 1499 y(S)2629 1527 y(S)2027 2039 y Fr(z)115
b Fu(:=)63 b Fs(a)2359 2288 y Fr(x)2193 1748 y Fq(\001)2151
1831 y(\001)2110 1914 y(\001)2093 1948 y(\001)p 2233
1956 V 2234 1748 a(A)2276 1831 y(A)2318 1914 y(A)2334
1948 y(A)p 2382 2205 4 125 v 2525 2039 a Fr(x)115 b Fu(:=)63
b Fs(a)2857 2288 y Fr(y)2691 1748 y Fq(\001)2650 1831
y(\001)2608 1914 y(\001)2591 1948 y(\001)p 2731 1956
4 291 v 2733 1748 a(A)2774 1831 y(A)2816 1914 y(A)2832
1948 y(A)p 2880 2205 4 125 v 2940 1624 a Fr(y)115 b Fu(:=)63
b Fs(a)3272 1873 y Fr(z)3106 1333 y Fq(\001)3065 1416
y(\001)3023 1499 y(\001)3007 1533 y(\001)p 3146 1541
4 291 v 3148 1333 a(A)3189 1416 y(A)3231 1499 y(A)3247
1533 y(A)p 3296 1790 4 125 v 973 794 a Fs(S)906 918 y
Fq(\000)823 1001 y(\000)740 1084 y(\000)699 1126 y(\000)640
1209 y Fs(S)616 1333 y Fq(\001)574 1416 y(\001)533 1499
y(\001)516 1533 y(\001)474 1624 y Fr(z)p 655 1541 4 291
v 91 w Fu(:=)657 1333 y Fq(A)699 1416 y(A)740 1499 y(A)757
1533 y(A)782 1624 y Fs(a)p 805 1790 4 125 v 782 1873
a Fr(x)p 987 1126 4 291 v 981 1209 a Fu(;)989 918 y Fq(@)1072
1001 y(@)1155 1084 y(@)1197 1126 y(@)1305 1209 y Fs(S)1259
1333 y Fq(\023)1197 1416 y(\023)1134 1499 y(\023)1114
1527 y(\023)1554 1624 y Fs(S)890 2039 y Fr(x)90 b Fu(:=)63
b Fs(a)1197 2288 y Fr(y)1031 1748 y Fq(\001)989 1831
y(\001)948 1914 y(\001)931 1948 y(\001)p 1071 1956 V
1072 1748 a(A)1114 1831 y(A)1155 1914 y(A)1172 1948 y(A)p
1220 2205 4 125 v 1320 1541 4 291 v 1313 1624 a Fu(;)1321
1333 y Fq(S)1384 1416 y(S)1446 1499 y(S)1467 1527 y(S)1056
1624 y Fs(S)1388 2039 y Fr(y)90 b Fu(:=)63 b Fs(a)1695
2288 y Fr(z)1529 1748 y Fq(\001)1487 1831 y(\001)1446
1914 y(\001)1429 1948 y(\001)p 1569 1956 V 1570 1748
a(A)1612 1831 y(A)1653 1914 y(A)1670 1948 y(A)p 1718
2205 4 125 v 283 2622 a Fu(In)37 b(this)f(b)s(o)s(ok)g(w)m(e)h(shall)e
Fs(not)46 b Fu(b)s(e)37 b(concerned)h(with)e(concrete)h(syn)m(tax.)57
b(Whenev)m(er)38 b(w)m(e)g(talk)283 2742 y(ab)s(out)47
b(syn)m(tactic)i(en)m(tities)e(suc)m(h)h(as)g(arithmetic)d
(expressions,)53 b(b)s(o)s(olean)46 b(expressions)j(or)283
2863 y(statemen)m(ts)e(w)m(e)g(will)c(alw)m(a)m(ys)k(b)s(e)f(talking)e
(ab)s(out)h(the)h(abstract)g(syn)m(tax)h(so)f(there)h(is)e(no)283
2983 y(am)m(biguit)m(y)g(with)g(resp)s(ect)i(to)e(the)h(form)f(of)g
(the)h(en)m(tit)m(y)-8 b(.)84 b(In)46 b(particular,)h(the)f(t)m(w)m(o)h
(trees)283 3103 y(ab)s(o)m(v)m(e)34 b(are)e(b)s(oth)h(elemen)m(ts)g(of)
f(the)h(syn)m(tactic)g(category)g Fw(Stm)p Fu(.)430 3224
y(It)e(is)g(rather)g(cum)m(b)s(ersome)g(to)g(use)h(the)g(graphical)d
(represen)m(tation)j(of)f(abstract)g(syn)m(tax)283 3344
y(and)i(w)m(e)h(shall)d(therefore)i(use)h(a)e(linear)f(notation.)42
b(So)33 b(w)m(e)g(shall)e(write)527 3528 y Fr(z)p Fu(:=)p
Fr(x)p Fu(;)i(\()p Fr(x)p Fu(:=)p Fr(y)p Fu(;)h Fr(y)p
Fu(:=)p Fr(z)p Fu(\))283 3712 y(for)e(the)i(leftmost)d(syn)m(tax)j
(tree)f(and)527 3897 y(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)g
Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)283
4081 y Fu(for)i(the)h(righ)m(tmost)e(one.)52 b(F)-8 b(or)35
b(statemen)m(ts)h(one)g(often)f(writes)g(the)h(brac)m(k)m(ets)i(as)d
Fr(begin)i Ft(\001)17 b(\001)g(\001)283 4201 y Fr(end)41
b Fu(but)e(w)m(e)h(shall)e(feel)h(free)h(to)f(use)h(\()33
b Ft(\001)17 b(\001)g(\001)30 b Fu(\))39 b(in)g(this)g(b)s(o)s(ok.)63
b(Similarly)-8 b(,)37 b(w)m(e)k(use)f(brac)m(k)m(ets)283
4322 y(\()33 b Ft(\001)17 b(\001)g(\001)31 b Fu(\))e(to)f(resolv)m(e)i
(am)m(biguities)d(for)i(elemen)m(ts)g(in)f(the)i(other)f(syn)m(tactic)h
(categories.)42 b(T)-8 b(o)29 b(cut)283 4442 y(do)m(wn)k(on)e(the)h(n)m
(um)m(b)s(er)g(of)f(brac)m(k)m(ets)i(needed)g(w)m(e)f(shall)e(allo)m(w)
g(to)h(use)i(the)e(familiar)d(relativ)m(e)283 4562 y(binding)j(p)s(o)m
(w)m(ers)j(\(precedences\))h(of)c(+,)i Fo(?)e Fu(and)i
Ft(\000)f Fu(etc.)44 b(and)32 b(so)h(write)f Fr(1)p Fu(+)p
Fr(x)p Fo(?)p Fr(2)g Fu(for)g Fr(1)p Fu(+\()p Fr(x)p
Fo(?)p Fr(2)p Fu(\))283 4683 y(but)h(not)g(for)f(\()p
Fr(1)p Fu(+)p Fr(x)p Fu(\))p Fo(?)p Fr(2)p Fu(.)283 4885
y Fw(Exercise)37 b(1.1)49 b Fu(The)33 b(follo)m(wing)d(statemen)m(t)j
(is)f(in)g Fw(While)p Fu(:)527 5070 y Fr(y)p Fu(:=)p
Fr(1)p Fu(;)h Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\))283 5254 y(It)23 b(computes)h(the)f(factorial)d(of)j(the)g
(initial)c(v)-5 b(alue)22 b(b)s(ound)h(to)g Fr(x)g Fu(\(pro)m(vided)g
(that)f(it)g(is)h(p)s(ositiv)m(e\))283 5374 y(and)34
b(the)f(result)g(will)e(b)s(e)i(the)g(\014nal)f(v)-5
b(alue)33 b(of)f Fr(y)p Fu(.)45 b(Dra)m(w)33 b(a)g(graphical)e
(represen)m(tation)j(of)e(the)283 5494 y(abstract)h(syn)m(tax)i(tree.)
2516 b Fh(2)p eop
%%Page: 9 19
9 18 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1956
b(9)p 0 193 3473 4 v 0 515 a(Exercise)36 b(1.2)49 b Fu(Assume)42
b(that)e(the)h(initial)c(v)-5 b(alue)40 b(of)g(the)h(v)-5
b(ariable)39 b Fr(x)i Fu(is)f Fs(n)48 b Fu(and)41 b(that)f(the)0
636 y(initial)31 b(v)-5 b(alue)34 b(of)g Fr(y)h Fu(is)f
Fs(m)7 b Fu(.)49 b(W)-8 b(rite)34 b(a)g(statemen)m(t)h(in)f
Fw(While)f Fu(that)h(assigns)h Fr(z)g Fu(the)g(v)-5 b(alue)34
b(of)g Fs(n)0 756 y Fu(to)e(the)h(p)s(o)m(w)m(er)h(of)e
Fs(m)7 b Fu(,)33 b(that)f(is)244 984 y Fo(n)22 b(?)g
Ft(\001)17 b(\001)g(\001)k Fo(?)g(n)244 1019 y Fg(|)p
281 1019 135 10 v 135 w({z)p 490 1019 V 135 w(})279 1124
y Fs(m)40 b Fu(times)0 1317 y(Giv)m(e)32 b(a)h(linear)e(as)h(w)m(ell)g
(as)h(a)f(graphical)f(represen)m(tation)i(of)f(the)h(abstract)g(syn)m
(tax.)275 b Fh(2)146 1579 y Fu(The)37 b(seman)m(tics)g(of)e
Fw(While)g Fu(is)g(giv)m(en)h(b)m(y)h(de\014ning)f(so-called)f
Fs(semantic)i(functions)44 b Fu(for)0 1700 y(eac)m(h)i(of)f(the)h(syn)m
(tactic)g(categories.)81 b(The)47 b(idea)d(is)h(that)g(a)g(seman)m(tic)
g(function)g(tak)m(es)i(a)0 1820 y(syn)m(tactic)40 b(en)m(tit)m(y)f(as)
g(argumen)m(t)f(and)h(returns)h(its)e(meaning.)60 b(The)40
b(op)s(erational,)e(denota-)0 1940 y(tional)24 b(and)j(axiomatic)c
(approac)m(hes)28 b(men)m(tioned)e(earlier)f(will)f(b)s(e)i(used)i(to)e
(sp)s(ecify)h(seman)m(tic)0 2061 y(functions)34 b(for)f(the)i(statemen)
m(ts)f(of)g Fw(While)p Fu(.)46 b(F)-8 b(or)33 b(n)m(umerals,)h
(arithmetic)e(expressions)j(and)0 2181 y(b)s(o)s(olean)c(expressions)j
(the)f(seman)m(tic)g(functions)f(are)h(sp)s(eci\014ed)g(once)h(and)e
(for)g(all)f(b)s(elo)m(w.)0 2544 y Fj(1.3)161 b(Seman)l(tics)52
b(of)i(expressions)0 2773 y Fu(Before)38 b(em)m(barking)g(on)g(sp)s
(ecifying)f(the)i(seman)m(tics)f(of)g(the)g(arithmetic)e(and)i(b)s(o)s
(olean)f(ex-)0 2893 y(pressions)f(of)e Fw(While)g Fu(let)g(us)h(ha)m(v)
m(e)i(a)d(brief)h(lo)s(ok)e(at)i(the)g(n)m(umerals;)h(this)f(will)d
(presen)m(t)37 b(the)0 3014 y(main)31 b(ingredien)m(ts)i(of)g(the)h
(approac)m(h)f(in)g(a)g(v)m(ery)h(simple)e(setting.)45
b(So)33 b(assume)h(for)e(the)i(mo-)0 3134 y(men)m(t)42
b(that)g(the)g(n)m(umerals)g(are)g(in)f(the)h Fs(binary)50
b Fu(system.)73 b(Their)42 b(abstract)g(syn)m(tax)i(could)0
3254 y(then)33 b(b)s(e)g(sp)s(eci\014ed)g(b)m(y:)244
3482 y Fs(n)40 b Fu(::=)32 b Fr(0)h Ft(j)f Fr(1)h Ft(j)f
Fs(n)40 b Fr(0)33 b Ft(j)f Fs(n)40 b Fr(1)0 3710 y Fu(In)47
b(order)g(to)f(determine)h(the)g(n)m(um)m(b)s(er)g(represen)m(ted)i(b)m
(y)f(a)f(n)m(umeral)f(w)m(e)h(shall)f(de\014ne)i(a)0
3830 y(function)244 4058 y Ft(N)14 b Fu(:)44 b Fw(Num)32
b Ft(!)g Fw(Z)0 4286 y Fu(This)f(is)g(called)e(a)i Fs(semantic)h
(function)38 b Fu(as)32 b(it)d(de\014nes)k(the)f(seman)m(tics)f(of)f
(the)h(n)m(umerals.)43 b(W)-8 b(e)0 4406 y(w)m(an)m(t)42
b Ft(N)56 b Fu(to)41 b(b)s(e)g(a)g Fs(total)i(function)49
b Fu(b)s(ecause)42 b(w)m(e)g(w)m(an)m(t)h(to)d(determine)h(a)g(unique)h
(n)m(um)m(b)s(er)0 4527 y(for)36 b(eac)m(h)h(n)m(umeral)f(of)g
Fw(Num)p Fu(.)54 b(If)36 b Fs(n)44 b Ft(2)37 b Fw(Num)e
Fu(then)i(w)m(e)h(write)e Ft(N)14 b Fu([)-17 b([)q Fs(n)7
b Fu(])-17 b(])37 b(for)f(the)h(application)0 4647 y(of)i
Ft(N)53 b Fu(to)39 b Fs(n)7 b Fu(,)41 b(that)e(is)g(for)g(the)h
(corresp)s(onding)f(n)m(um)m(b)s(er.)64 b(In)39 b(general,)i(the)e
(application)e(of)0 4767 y(a)k(seman)m(tic)g(function)g(to)g(a)g(syn)m
(tactic)h(en)m(tit)m(y)g(will)d(b)s(e)j(written)f(within)f(the)i(\\syn)
m(tactic")0 4888 y(brac)m(k)m(ets)34 b(`[)-17 b([)q(')32
b(and)g(`])-17 b(])q(')32 b(rather)h(than)f(the)g(more)g(usual)g(`\(')g
(and)g(`\)'.)44 b(These)34 b(brac)m(k)m(ets)g(ha)m(v)m(e)f(no)0
5008 y(sp)s(ecial)c(meaning)f(but)i(throughout)f(this)h(b)s(o)s(ok)f(w)
m(e)i(shall)d(enclose)i(syn)m(tactic)h(argumen)m(ts)f(to)0
5128 y(seman)m(tic)23 b(functions)g(using)g(the)h(\\syn)m(tactic")g
(brac)m(k)m(ets)h(whereas)g(w)m(e)f(use)h(ordinary)d(brac)m(k)m(ets)0
5249 y(\(or)32 b(juxtap)s(ositioning\))e(in)i(all)e(other)j(cases.)146
5374 y(The)28 b(seman)m(tic)f(function)g Ft(N)41 b Fu(is)27
b(de\014ned)h(b)m(y)g(the)f(follo)m(wing)e Fs(semantic)k(clauses)34
b Fu(\(or)27 b Fs(e)-5 b(qua-)0 5494 y(tions)p Fu(\):)p
eop
%%Page: 10 20
10 19 bop 251 130 a Fw(10)2575 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 577 500 a Ft(N)15 b Fu([)-17 b([)p Fr(0)p
Fu(])g(])195 b(=)100 b Fw(0)577 668 y Ft(N)15 b Fu([)-17
b([)p Fr(1)p Fu(])g(])195 b(=)100 b Fw(1)577 835 y Ft(N)15
b Fu([)-17 b([)p Fs(n)40 b Fr(0)p Fu(])-17 b(])100 b(=)g
Fw(2)32 b Ff(?)h Ft(N)15 b Fu([)-17 b([)p Fs(n)7 b Fu(])-17
b(])577 1003 y Ft(N)15 b Fu([)-17 b([)p Fs(n)40 b Fr(1)p
Fu(])-17 b(])100 b(=)g Fw(2)32 b Ff(?)h Ft(N)15 b Fu([)-17
b([)p Fs(n)7 b Fu(])-17 b(])34 b(+)e Fw(1)283 1205 y
Fu(Here)38 b Fw(0)e Fu(and)h Fw(1)g Fu(are)f(n)m(um)m(b)s(ers,)j(that)d
(is)g(elemen)m(ts)h(of)g Fw(Z)p Fu(.)g(F)-8 b(urthermore,)37
b Ff(?)g Fu(and)f(+)h(are)f(the)283 1326 y(usual)e(arithmetic)e(op)s
(erations)h(on)h(n)m(um)m(b)s(ers.)48 b(The)35 b(ab)s(o)m(v)m(e)f
(de\014nition)f(is)h(an)f(example)h(of)f(a)283 1446 y
Fs(c)-5 b(omp)g(ositional)45 b Fu(de\014nition;)37 b(this)f(means)g
(that)g(for)g(eac)m(h)h(p)s(ossible)f(w)m(a)m(y)h(of)f(constructing)g
(a)283 1566 y(n)m(umeral)f(it)f(tells)h(ho)m(w)h(the)g(corresp)s
(onding)f(n)m(um)m(b)s(er)h(is)f(obtained)g(from)f(the)i(meanings)e(of)
283 1687 y(the)f Fs(sub)p Fu(constructs.)283 1924 y Fw(Example)k(1.3)49
b Fu(W)-8 b(e)25 b(can)f(calculate)g(the)g(n)m(um)m(b)s(er)h
Ft(N)14 b Fu([)-17 b([)q Fr(101)p Fu(])g(])26 b(corresp)s(onding)e(to)g
(the)h(n)m(umeral)283 2044 y Fr(101)34 b Fu(as)f(follo)m(ws:)527
2254 y Ft(N)15 b Fu([)-17 b([)p Fr(101)p Fu(])g(])34
b(=)f Fw(2)f Ff(?)h Ft(N)14 b Fu([)-17 b([)q Fr(10)p
Fu(])g(])34 b(+)e Fw(1)885 2421 y Fu(=)h Fw(2)f Ff(?)h
Fu(\()p Fw(2)f Ff(?)h Ft(N)15 b Fu([)-17 b([)p Fr(1)p
Fu(])g(])q(\))33 b(+)f Fw(1)885 2589 y Fu(=)h Fw(2)f
Ff(?)h Fu(\()p Fw(2)f Ff(?)h Fw(1)p Fu(\))g(+)f Fw(1)885
2756 y Fu(=)h Fw(5)283 2966 y Fu(Note)g(that)g(the)g(string)e
Fr(101)j Fu(is)e(decomp)s(osed)h(according)f(to)g(the)h(syn)m(tax)h
(for)e(n)m(umerals.)79 b Fh(2)430 3202 y Fu(So)27 b(far)g(w)m(e)i(ha)m
(v)m(e)g(only)e Fs(claime)-5 b(d)36 b Fu(that)28 b(the)f(de\014nition)g
(of)g Ft(N)42 b Fu(giv)m(es)28 b(rise)f(to)g(a)h(w)m(ell-de\014ned)283
3322 y(total)37 b(function.)58 b(W)-8 b(e)38 b(shall)f(no)m(w)h(presen)
m(t)i(a)d Fs(formal)i(pr)-5 b(o)g(of)58 b Fu(sho)m(wing)38
b(that)g(this)f(is)h(indeed)283 3443 y(the)33 b(case.)p
283 3564 3473 5 v 283 3745 a Fw(F)-9 b(act)38 b(1.4)49
b Fu(The)33 b(ab)s(o)m(v)m(e)h(equations)f(for)f Ft(N)14
b Fu(,)33 b(de\014ne)g(a)g(total)e(function)h Ft(N)14
b Fu(:)44 b Fw(Num)31 b Ft(!)i Fw(Z)p Fu(.)p 283 3866
V 283 4075 a Fw(Pro)s(of:)38 b Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(a)e(total)
f(function)h Ft(N)14 b Fu(,)33 b(if)e(for)i(all)d(argumen)m(ts)j
Fs(n)39 b Ft(2)33 b Fw(Num)552 4242 y Fu(there)g(is)g(exactly)g(one)f
(n)m(um)m(b)s(er)h Fw(n)g Ft(2)g Fw(Z)g Fu(suc)m(h)h(that)f
Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(=)f
Fw(n)699 b Fu(\(*\))283 4410 y(Giv)m(en)38 b(a)f(n)m(umeral)g
Fs(n)44 b Fu(it)37 b(can)h(ha)m(v)m(e)g(one)g(of)f(four)g(forms:)53
b(it)36 b(can)i(b)s(e)g(a)f(basis)g(elemen)m(t)h(and)283
4530 y(then)33 b(it)e(is)g(equal)g(to)h Fr(0)g Fu(or)f
Fr(1)p Fu(,)h(or)g(it)f(can)h(b)s(e)g(a)f(comp)s(osite)g(elemen)m(t)g
(and)h(then)h(it)d(is)i(equal)f(to)283 4651 y Fs(n)345
4615 y Fi(0)369 4651 y Fr(0)d Fu(or)g Fs(n)625 4615 y
Fi(0)649 4651 y Fr(1)g Fu(for)g(some)g(other)g(n)m(umeral)f
Fs(n)1797 4615 y Fi(0)1821 4651 y Fu(.)42 b(So,)29 b(in)e(order)h(to)g
(pro)m(v)m(e)h(\(*\))f(w)m(e)h(ha)m(v)m(e)h(to)e(consider)283
4771 y(all)j(four)h(p)s(ossibilities.)430 4893 y(The)37
b(pro)s(of)f(will)e(b)s(e)i(conducted)i(b)m(y)f Fs(induction)44
b Fu(on)36 b(the)h Fs(structur)-5 b(e)44 b Fu(of)36 b(the)h(n)m(umeral)
f Fs(n)7 b Fu(.)283 5013 y(In)33 b(the)f Fs(b)-5 b(ase)33
b(c)-5 b(ase)39 b Fu(w)m(e)33 b(pro)m(v)m(e)g(\(*\))e(for)g(the)i
(basis)e(elemen)m(ts)h(of)g Fw(Num)p Fu(,)f(that)h(is)f(for)g(the)h
(cases)283 5133 y(where)41 b Fs(n)47 b Fu(is)39 b Fr(0)h
Fu(or)f Fr(1)p Fu(.)64 b(In)40 b(the)g Fs(induction)h(step)k
Fu(w)m(e)40 b(consider)g(the)g(comp)s(osite)f(elemen)m(ts)g(of)283
5254 y Fw(Num)p Fu(,)32 b(that)f(is)g(the)i(cases)g(where)g
Fs(n)39 b Fu(is)31 b Fs(n)1839 5218 y Fi(0)1862 5254
y Fr(0)h Fu(or)g Fs(n)2126 5218 y Fi(0)2149 5254 y Fr(1)p
Fu(.)44 b(The)32 b(induction)f(h)m(yp)s(othesis)i(will)c(then)283
5374 y(allo)m(w)35 b(us)i(to)f(assume)h(that)g(\(*\))f(holds)g(for)g
(the)h(immediate)c(constituen)m(t)k(of)f Fs(n)7 b Fu(,)38
b(that)e(is)g Fs(n)3705 5338 y Fi(0)3729 5374 y Fu(.)283
5494 y(W)-8 b(e)42 b(shall)f(then)h(pro)m(v)m(e)h(that)e(\(*\))g(holds)
g(for)g Fs(n)7 b Fu(.)71 b(It)42 b(then)g(follo)m(ws)e(that)i(\(*\))f
(holds)g(for)g(all)p eop
%%Page: 11 21
11 20 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1900
b(11)p 0 193 3473 4 v 0 515 a Fu(n)m(umerals)32 b Fs(n)40
b Fu(b)s(ecause)34 b(an)m(y)f(n)m(umeral)f Fs(n)39 b
Fu(can)33 b(b)s(e)g(constructed)h(in)e(that)h(w)m(a)m(y)-8
b(.)0 683 y Fw(The)31 b(case)h Fs(n)38 b Fu(=)31 b Fr(0)p
Fu(:)43 b(Only)31 b(one)g(of)g(the)g(seman)m(tic)g(clauses)h
(de\014ning)f Ft(N)45 b Fu(can)32 b(b)s(e)f(used)h(and)f(it)0
803 y(giv)m(es)37 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b
Fu(])-17 b(])37 b(=)f Fw(0)p Fu(.)55 b(So)36 b(clearly)f(there)i(is)f
(exactly)h(one)g(n)m(um)m(b)s(er)f Fw(n)h Fu(in)f Fw(Z)g
Fu(\(namely)g Fw(0)p Fu(\))g(suc)m(h)0 924 y(that)c Ft(N)15
b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 b(])34 b(=)e Fw(n)p
Fu(.)0 1091 y Fw(The)h(case)g Fs(n)40 b Fu(=)32 b Fr(1)h
Fu(is)f(similar)d(and)k(w)m(e)h(omit)c(the)j(details.)0
1259 y Fw(The)k(case)h Fs(n)44 b Fu(=)36 b Fs(n)738 1223
y Fi(0)762 1259 y Fr(0)p Fu(:)52 b(Insp)s(ection)37 b(of)g(the)g
(clauses)g(de\014ning)g Ft(N)51 b Fu(sho)m(ws)39 b(that)d(only)h(one)g
(of)0 1379 y(the)44 b(clauses)h(is)f(applicable)e(and)i(w)m(e)h(ha)m(v)
m(e)g Ft(N)15 b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 b(])45
b(=)f Fw(2)g Ff(?)g Ft(N)15 b Fu([)-17 b([)p Fs(n)2486
1343 y Fi(0)2510 1379 y Fu(])g(].)78 b(W)-8 b(e)45 b(can)f(no)m(w)h
(apply)0 1500 y(the)38 b(induction)e(h)m(yp)s(othesis)j(to)d
Fs(n)1282 1464 y Fi(0)1343 1500 y Fu(and)i(get)f(that)g(there)h(is)f
(exactly)h(one)f(n)m(um)m(b)s(er)h Fw(n)3224 1464 y Fi(0)3285
1500 y Fu(suc)m(h)0 1620 y(that)32 b Ft(N)14 b Fu([)-17
b([)q Fs(n)407 1584 y Fi(0)431 1620 y Fu(])g(])32 b(=)g
Fw(n)670 1584 y Fi(0)694 1620 y Fu(.)43 b(But)33 b(then)g(it)e(is)h
(clear)f(that)h(there)h(is)f(exactly)h(one)f(n)m(um)m(b)s(er)h
Fw(n)f Fu(\(namely)0 1741 y Fw(2)h Ff(?)f Fw(n)240 1704
y Fi(0)264 1741 y Fu(\))g(suc)m(h)i(that)f Ft(N)14 b
Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(=)g Fw(n)p
Fu(.)0 1908 y Fw(The)g(case)g Fs(n)40 b Fu(=)32 b Fs(n)721
1872 y Fi(0)745 1908 y Fr(1)h Fu(is)f(similar)d(and)k(w)m(e)g(omit)e
(the)i(details.)1117 b Fh(2)146 2121 y Fu(The)31 b(general)f(tec)m
(hnique)h(that)f(w)m(e)h(ha)m(v)m(e)g(applied)e(in)g(the)h
(de\014nition)f(of)g(the)i(syn)m(tax)g(and)0 2242 y(seman)m(tics)i(of)f
(n)m(umerals)g(can)h(b)s(e)g(summarized)e(as)i(follo)m(ws:)p
0 2324 3470 4 v 0 2341 V -2 2548 4 208 v 15 2548 V 1101
2469 a Fw(Comp)s(ositional)d(De\014nitions)p 3452 2548
V 3469 2548 V 0 2552 3470 4 v -2 3041 4 490 v 15 3041
V 66 2717 a Fu(1:)143 b(The)34 b(syn)m(tactic)f(category)g(is)f(sp)s
(eci\014ed)i(b)m(y)f(an)g(abstract)g(syn)m(tax)h(giving)d(the)i
Fs(b)-5 b(asis)285 2837 y(elements)52 b Fu(and)44 b(the)g
Fs(c)-5 b(omp)g(osite)51 b(elements)8 b Fu(.)77 b(The)45
b(comp)s(osite)e(elemen)m(ts)h(ha)m(v)m(e)i(a)285 2958
y(unique)33 b(decomp)s(osition)e(in)m(to)h(their)g(immediate)e
(constituen)m(ts.)p 3452 3041 V 3469 3041 V -2 3690 4
650 v 15 3690 V 66 3125 a(2:)143 b(The)29 b(seman)m(tics)f(is)f
(de\014ned)i(b)m(y)g Fs(c)-5 b(omp)g(ositional)36 b Fu(de\014nitions)27
b(of)g(a)h(function:)40 b(There)285 3246 y(is)24 b(a)g
Fs(semantic)29 b(clause)i Fu(for)23 b(eac)m(h)i(of)f(the)g(basis)g
(elemen)m(ts)h(of)f(the)g(syn)m(tactic)h(category)285
3366 y(and)i(one)g(for)f(eac)m(h)h(of)f(the)h(metho)s(ds)f(for)g
(constructing)h(comp)s(osite)f(elemen)m(ts.)41 b(The)285
3487 y(clauses)28 b(for)e(comp)s(osite)g(elemen)m(ts)i(are)f(de\014ned)
h(in)e(terms)h(of)g(the)g(seman)m(tics)g(of)g(the)285
3607 y(immediate)j(constituen)m(ts)k(of)e(the)h(elemen)m(ts.)p
3452 3690 V 3469 3690 V 0 3694 3470 4 v 0 3710 V 0 3859
a(The)42 b(pro)s(of)f(tec)m(hnique)i(w)m(e)f(ha)m(v)m(e)h(applied)d(is)
h(closely)g(connected)i(with)e(the)h(approac)m(h)g(to)0
3979 y(de\014ning)33 b(seman)m(tic)f(functions.)43 b(It)33
b(can)g(b)s(e)g(summarized)e(as)i(follo)m(ws:)p 0 4081
V 0 4097 V -2 4305 4 208 v 15 4305 V 1232 4226 a Fw(Structural)f
(Induction)p 3452 4305 V 3469 4305 V 0 4308 3470 4 v
-2 4678 4 370 v 15 4678 V 66 4474 a Fu(1:)143 b(Pro)m(v)m(e)39
b(that)f(the)g(prop)s(ert)m(y)g(holds)f(for)g(all)f(the)i
Fs(b)-5 b(asis)45 b Fu(elemen)m(ts)37 b(of)g(the)h(syn)m(tactic)285
4594 y(category)-8 b(.)p 3452 4678 V 3469 4678 V -2 5206
4 529 v 15 5206 V 66 4762 a(2:)143 b(Pro)m(v)m(e)39 b(that)d(the)i
(prop)s(ert)m(y)f(holds)g(for)f(all)f(the)i Fs(c)-5 b(omp)g(osite)44
b Fu(elemen)m(ts)37 b(of)f(the)i(syn-)285 4882 y(tactic)44
b(category:)66 b(Assume)45 b(that)f(the)g(prop)s(ert)m(y)h(holds)e(for)
h(all)e(the)i(immediate)285 5003 y(constituen)m(ts)d(of)f(the)g(elemen)
m(t)g(\(this)f(is)h(called)f(the)h Fs(induction)h(hyp)-5
b(othesis)p Fu(\))39 b(and)285 5123 y(pro)m(v)m(e)34
b(that)e(it)g(also)g(holds)g(for)g(the)h(elemen)m(t)f(itself.)p
3452 5206 V 3469 5206 V 0 5210 3470 4 v 0 5226 V 146
5374 a(In)41 b(the)f(remainder)f(of)h(this)f(b)s(o)s(ok)h(w)m(e)h
(shall)d(assume)j(that)f(n)m(umerals)f(are)h(in)f(decimal)0
5494 y(notation)30 b(and)h(ha)m(v)m(e)i(their)e(normal)e(meanings)h
(\(so)i(for)e(example)h Ft(N)14 b Fu([)-17 b([)q Fr(137)p
Fu(])g(])33 b(=)e Fw(137)g Ft(2)h Fw(Z)p Fu(\).)f(It)p
eop
%%Page: 12 22
12 21 bop 251 130 a Fw(12)2575 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 283 515 a Fu(is)30 b(imp)s(ortan)m(t)e(to)i
(understand,)i(ho)m(w)m(ev)m(er,)h(that)d(there)h(is)f(a)g(distinction)
e(b)s(et)m(w)m(een)k(n)m(umerals)283 636 y(\(whic)m(h)27
b(are)f(syn)m(tactic\))i(and)e(n)m(um)m(b)s(ers)h(\(whic)m(h)g(are)f
(seman)m(tic\),)h(ev)m(en)h(in)e(decimal)e(notation.)283
922 y Fp(Seman)l(tic)46 b(functions)283 1107 y Fu(The)36
b(meaning)d(of)h(an)g(expression)h(dep)s(ends)h(on)f(the)f(v)-5
b(alues)35 b(b)s(ound)f(to)g(the)h(v)-5 b(ariables)33
b(that)283 1228 y(o)s(ccur)38 b(in)f(it.)58 b(F)-8 b(or)36
b(example,)j(if)d Fr(x)i Fu(is)f(b)s(ound)h(to)f Fw(3)h
Fu(then)g(the)g(arithmetic)e(expression)j Fr(x)p Fu(+)p
Fr(1)283 1348 y Fu(ev)-5 b(aluates)33 b(to)f Fw(4)g Fu(but)h(if)e
Fr(x)h Fu(is)g(b)s(ound)g(to)g Fw(2)h Fu(then)g(the)f(expression)i(ev)
-5 b(aluates)32 b(to)g Fw(3)p Fu(.)44 b(W)-8 b(e)32 b(shall)283
1468 y(therefore)f(in)m(tro)s(duce)f(the)h(concept)g(of)e(a)h
Fs(state)p Fu(:)43 b(to)29 b(eac)m(h)i(v)-5 b(ariable)28
b(the)j(state)f(will)e(asso)s(ciate)283 1589 y(its)h(curren)m(t)h(v)-5
b(alue.)41 b(W)-8 b(e)29 b(shall)f(represen)m(t)i(a)f(state)g(as)g(a)f
(function)h(from)e(v)-5 b(ariables)27 b(to)i(v)-5 b(alues,)283
1709 y(that)33 b(is)f(an)g(elemen)m(t)h(of)f(the)h(set)527
1900 y Fw(State)g Fu(=)f Fw(V)-9 b(ar)32 b Ft(!)h Fw(Z)283
2090 y Fu(Eac)m(h)42 b(state)f Fs(s)49 b Fu(sp)s(eci\014es)42
b(a)e(v)-5 b(alue,)42 b(written)f Fs(s)48 b(x)12 b Fu(,)43
b(for)d(eac)m(h)h(v)-5 b(ariable)39 b Fs(x)53 b Fu(of)40
b Fw(V)-9 b(ar)p Fu(.)67 b(Th)m(us)42 b(if)283 2211 y
Fs(s)f Fr(x)33 b Fu(=)f Fw(3)h Fu(then)g(the)g(v)-5 b(alue)32
b(of)g Fr(x)p Fu(+)p Fr(1)h Fu(in)f(state)h Fs(s)40 b
Fu(is)33 b Fw(4)p Fu(.)430 2331 y(Actually)-8 b(,)41
b(this)e(is)h(just)g(one)g(of)g(sev)m(eral)h(represen)m(tations)g(of)e
(the)i(state.)66 b(Some)40 b(other)283 2451 y(p)s(ossibilities)30
b(are)j(to)f(use)h(a)g(table:)p 527 2553 877 4 v 525
2801 4 249 v 728 2718 a Fr(x)p 978 2801 V 368 w Fw(5)p
1402 2801 V 525 2969 4 168 v 728 2886 a Fr(y)p 978 2969
V 385 w Fw(7)p 1402 2969 V 525 3137 V 728 3053 a Fr(z)p
978 3137 V 385 w Fw(0)p 1402 3137 V 527 3140 877 4 v
283 3288 a Fu(or)g(a)f(\\list")f(of)h(the)h(form)527
3478 y([)p Fr(x)p Ft(7!)p Fw(5)p Fu(,)g Fr(y)p Ft(7!)p
Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(0)p Fu(])283 3669 y(\(as)28
b(in)f(Section)g(1.1\).)41 b(In)28 b(all)d(cases)k(w)m(e)g(m)m(ust)e
(ensure)i(that)f(exactly)f(one)h(v)-5 b(alue)27 b(is)g(asso)s(ciated)
283 3789 y(with)36 b(eac)m(h)g(v)-5 b(ariable.)51 b(By)37
b(requiring)d(a)i(state)g(to)f(b)s(e)h(a)g(function)f(this)g(is)g
(trivially)e(ful\014lled)283 3909 y(whereas)49 b(for)e(the)g
(alternativ)m(e)f(represen)m(tations)j(ab)s(o)m(v)m(e)e(extra)h
(restrictions)f(ha)m(v)m(e)h(to)f(b)s(e)283 4030 y(enforced.)430
4150 y(Giv)m(en)33 b(an)g(arithmetic)e(expression)k Fs(a)41
b Fu(and)33 b(a)g(state)h Fs(s)41 b Fu(w)m(e)34 b(can)g(determine)f
(the)h(v)-5 b(alue)32 b(of)283 4271 y(the)41 b(expression.)66
b(Therefore)40 b(w)m(e)h(shall)d(de\014ne)j(the)f(meaning)e(of)i
(arithmetic)d(expressions)283 4391 y(as)f(a)g(total)e(function)h
Ft(A)g Fu(that)h(tak)m(es)h(t)m(w)m(o)f(argumen)m(ts:)50
b(the)37 b(syn)m(tactic)f(construct)h Fs(and)45 b Fu(the)283
4511 y(state.)f(The)34 b(functionalit)m(y)d(of)h Ft(A)g
Fu(is)527 4702 y Ft(A)p Fu(:)43 b Fw(Aexp)33 b Ft(!)f
Fu(\()p Fw(State)h Ft(!)f Fw(Z)p Fu(\))283 4893 y(This)h(means)e(that)h
Ft(A)f Fu(tak)m(es)j(its)d(parameters)h Fs(one)h(at)i(a)f(time)p
Fu(.)43 b(So)32 b(w)m(e)h(ma)m(y)e(supply)i Ft(A)e Fu(with)283
5013 y(its)i(\014rst)g(parameter,)g(sa)m(y)h Fr(x)p Fu(+)p
Fr(1)p Fu(,)f(and)g(study)h(the)f(function)g Ft(A)o Fu([)-17
b([)q Fr(x)p Fu(+)p Fr(1)p Fu(])g(])q(.)44 b(It)33 b(has)h
(functionalit)m(y)283 5133 y Fw(State)45 b Ft(!)g Fw(Z)g
Fu(and)g(only)g(when)h(w)m(e)f(supply)h(it)e(with)g(a)h(state)g(\(whic)
m(h)h(happ)s(ens)f(to)g(b)s(e)g(a)283 5254 y(function)32
b(but)g(that)g(do)s(es)g(not)g(matter\))f(do)h(w)m(e)h(obtain)e(the)i
(v)-5 b(alue)31 b(of)h(the)g(expression)h Fr(x)p Fu(+)p
Fr(1)p Fu(.)430 5374 y(Assuming)25 b(the)g(existence)i(of)e(the)h
(function)e Ft(N)40 b Fu(de\014ning)25 b(the)h(meaning)e(of)g(n)m
(umerals,)j(w)m(e)283 5494 y(can)f(de\014ne)g(the)f(function)g
Ft(A)f Fu(b)m(y)i(de\014ning)f(its)f(v)-5 b(alue)25 b
Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)33
b Fu(on)25 b(eac)m(h)h(arithmetic)d(expression)p eop
%%Page: 13 23
13 22 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1900
b(13)p 0 193 3473 4 v 0 419 V 0 1260 4 841 v 432 528
a Ft(A)o Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)381
b Fu(=)100 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17
b(])432 696 y Ft(A)o Fu([)g([)q Fs(x)12 b Fu(])-17 b(])p
Fs(s)387 b Fu(=)100 b Fs(s)40 b(x)432 863 y Ft(A)o Fu([)-17
b([)q Fs(a)606 878 y Fn(1)678 863 y Fu(+)33 b Fs(a)844
878 y Fn(2)883 863 y Fu(])-17 b(])q Fs(s)109 b Fu(=)100
b Ft(A)o Fu([)-17 b([)q Fs(a)1420 878 y Fn(1)1460 863
y Fu(])g(])p Fs(s)41 b Fu(+)32 b Ft(A)p Fu([)-17 b([)p
Fs(a)1860 878 y Fn(2)1900 863 y Fu(])g(])q Fs(s)432 1031
y Ft(A)o Fu([)g([)q Fs(a)606 1046 y Fn(1)678 1031 y Fo(?)33
b Fs(a)817 1046 y Fn(2)856 1031 y Fu(])-17 b(])q Fs(s)136
b Fu(=)100 b Ft(A)o Fu([)-17 b([)q Fs(a)1420 1046 y Fn(1)1460
1031 y Fu(])g(])p Fs(s)41 b Ff(?)33 b Ft(A)o Fu([)-17
b([)q Fs(a)1842 1046 y Fn(2)1881 1031 y Fu(])g(])q Fs(s)432
1199 y Ft(A)o Fu([)g([)q Fs(a)606 1214 y Fn(1)678 1199
y Ft(\000)33 b Fs(a)845 1214 y Fn(2)885 1199 y Fu(])-17
b(])q Fs(s)107 b Fu(=)100 b Ft(A)o Fu([)-17 b([)q Fs(a)1420
1214 y Fn(1)1460 1199 y Fu(])g(])p Fs(s)41 b Fe(\000)32
b Ft(A)p Fu([)-17 b([)q Fs(a)1874 1214 y Fn(2)1913 1199
y Fu(])g(])q Fs(s)p 3469 1260 V 0 1263 3473 4 v 654 1424
a Fu(T)-8 b(able)32 b(1.1:)43 b(The)34 b(seman)m(tics)e(of)g
(arithmetic)f(expressions)0 1708 y Fs(a)41 b Fu(and)33
b(state)h Fs(s)8 b Fu(.)46 b(The)34 b(de\014nition)f(of)g
Ft(A)g Fu(is)g(giv)m(en)g(in)g(T)-8 b(able)33 b(1.1.)45
b(The)35 b(clause)e(for)g Fs(n)41 b Fu(re\015ects)0 1828
y(that)29 b(the)g(v)-5 b(alue)28 b(of)h Fs(n)36 b Fu(in)28
b(an)m(y)h(state)h(is)e Ft(N)15 b Fu([)-17 b([)p Fs(n)7
b Fu(])-17 b(])q(.)42 b(The)30 b(v)-5 b(alue)28 b(of)h(a)f(v)-5
b(ariable)28 b Fs(x)40 b Fu(in)28 b(state)i Fs(s)37 b
Fu(is)28 b(the)0 1949 y(v)-5 b(alue)34 b(b)s(ound)i(to)e
Fs(x)47 b Fu(in)34 b Fs(s)8 b Fu(,)36 b(that)e(is)h Fs(s)43
b(x)12 b Fu(.)50 b(The)36 b(v)-5 b(alue)34 b(of)h(the)g(comp)s(osite)f
(expression)i Fs(a)3260 1964 y Fn(1)3300 1949 y Fu(+)p
Fs(a)3433 1964 y Fn(2)0 2069 y Fu(in)31 b Fs(s)40 b Fu(is)31
b(the)i(sum)e(of)h(the)g(v)-5 b(alues)32 b(of)f Fs(a)1398
2084 y Fn(1)1470 2069 y Fu(and)h Fs(a)1716 2084 y Fn(2)1787
2069 y Fu(in)f Fs(s)8 b Fu(.)44 b(Similarly)-8 b(,)28
b(the)k(v)-5 b(alue)31 b(of)g Fs(a)3037 2084 y Fn(1)3110
2069 y Fo(?)h Fs(a)3248 2084 y Fn(2)3319 2069 y Fu(in)g
Fs(s)0 2189 y Fu(is)f(the)h(pro)s(duct)f(of)g(the)h(v)-5
b(alues)31 b(of)g Fs(a)1361 2204 y Fn(1)1432 2189 y Fu(and)g
Fs(a)1677 2204 y Fn(2)1748 2189 y Fu(in)g Fs(s)8 b Fu(,)32
b(and)f(the)h(v)-5 b(alue)31 b(of)f Fs(a)2740 2204 y
Fn(1)2811 2189 y Ft(\000)i Fs(a)2977 2204 y Fn(2)3048
2189 y Fu(in)f Fs(s)39 b Fu(is)31 b(the)0 2310 y(di\013erence)i(b)s(et)
m(w)m(een)h(the)f(v)-5 b(alues)32 b(of)g Fs(a)1438 2325
y Fn(1)1510 2310 y Fu(and)g Fs(a)1756 2325 y Fn(2)1828
2310 y Fu(in)g Fs(s)8 b Fu(.)43 b(Note)32 b(that)g(+)h(,)f
Ff(?)g Fu(and)h Fe(\000)f Fu(o)s(ccurring)0 2430 y(on)i(the)g(righ)m(t)
f(of)h(these)h(equations)f(are)g(the)g(usual)g(arithmetic)e(op)s
(erations,)h(whilst)g(on)h(the)0 2550 y(left)42 b(they)i(are)f(just)h
(pieces)f(of)g(syn)m(tax;)50 b(this)42 b(is)h(analogous)f(to)h(the)g
(distinction)e(b)s(et)m(w)m(een)0 2671 y(n)m(umerals)32
b(and)h(n)m(um)m(b)s(ers)g(but)g(w)m(e)h(shall)d(not)h(b)s(other)h(to)f
(use)i(di\013eren)m(t)e(sym)m(b)s(ols.)0 2897 y Fw(Example)37
b(1.5)48 b Fu(Supp)s(ose)34 b(that)e Fs(s)41 b Fr(x)33
b Fu(=)f Fw(3)p Fu(.)44 b(Then:)294 3091 y Ft(A)o Fu([)-17
b([)q Fr(x)p Fu(+)p Fr(1)p Fu(])g(])q Fs(s)108 b Fu(=)99
b Ft(A)p Fu([)-17 b([)p Fr(x)p Fu(])g(])q Fs(s)41 b Fu(+)32
b Ft(A)p Fu([)-17 b([)p Fr(1)p Fu(])g(])q Fs(s)775 3259
y Fu(=)99 b(\()p Fs(s)41 b Fr(x)p Fu(\))32 b(+)h Ft(N)14
b Fu([)-17 b([)q Fr(1)p Fu(])g(])775 3426 y(=)99 b Fw(3)33
b Fu(+)f Fw(1)775 3594 y Fu(=)99 b Fw(4)0 3795 y Fu(Note)33
b(that)g(here)g Fr(1)h Fu(is)e(a)h(n)m(umeral)f(\(enclosed)h(in)f(the)i
(brac)m(k)m(ets)h(`[)-17 b([')33 b(and)g(`])-17 b(])q('\))33
b(whereas)h Fw(1)f Fu(is)g(a)0 3915 y(n)m(um)m(b)s(er.)3049
b Fh(2)0 4142 y Fw(Example)37 b(1.6)48 b Fu(Supp)s(ose)28
b(w)m(e)g(add)f(the)g(arithmetic)d(expression)k Ft(\000)16
b Fs(a)35 b Fu(to)26 b(our)h(language.)40 b(An)0 4262
y(acceptable)33 b(seman)m(tic)f(clause)h(for)f(this)g(construct)i(w)m
(ould)e(b)s(e)244 4464 y Ft(A)o Fu([)-17 b([)q Ft(\000)16
b Fs(a)7 b Fu(])-17 b(])r Fs(s)40 b Fu(=)33 b Fw(0)f
Fe(\000)h Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q
Fs(s)0 4666 y Fu(whereas)39 b(the)f(alternativ)m(e)e(clause)i
Ft(A)o Fu([)-17 b([)q Ft(\000)16 b Fs(a)7 b Fu(])-17
b(])q Fs(s)46 b Fu(=)37 b Ft(A)o Fu([)-17 b([)q Fr(0)37
b Ft(\000)h Fs(a)7 b Fu(])-17 b(])q Fs(s)45 b Fu(w)m(ould)38
b(con)m(tradict)f(the)h(com-)0 4786 y(p)s(ositionalit)m(y)29
b(requiremen)m(t.)2301 b Fh(2)0 5013 y Fw(Exercise)36
b(1.7)49 b Fu(Pro)m(v)m(e)f(that)e(the)h(equations)g(of)f(T)-8
b(able)46 b(1.1)g(de\014ne)h(a)f(total)f(function)h Ft(A)0
5133 y Fu(in)51 b Fw(Aexp)g Ft(!)g Fu(\()p Fw(State)h
Ft(!)f Fw(Z)p Fu(\):)h(First)e(argue)i(that)f(it)f(is)h(su\016cien)m(t)
i(to)e(pro)m(v)m(e)i(that)e(for)0 5254 y(eac)m(h)39 b
Fs(a)h Ft(2)33 b Fw(Aexp)39 b Fu(and)f(eac)m(h)h Fs(s)47
b Ft(2)39 b Fw(State)f Fu(there)h(is)f(exactly)h(one)g(v)-5
b(alue)38 b Fw(v)g Ft(2)h Fw(Z)g Fu(suc)m(h)h(that)0
5374 y Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q
Fs(s)41 b Fu(=)32 b Fw(v)p Fu(.)48 b(Next)35 b(use)g(structural)f
(induction)f(on)h(the)h(arithmetic)d(expressions)j(to)f(pro)m(v)m(e)0
5494 y(that)e(this)h(is)f(indeed)h(the)g(case.)2221 b
Fh(2)p eop
%%Page: 14 24
14 23 bop 251 130 a Fw(14)2575 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 283 419 V 283 2160 4 1741 v 715 528
a Ft(B)t Fu([)-17 b([)p Fr(true)p Fu(])g(])r Fs(s)239
b Fu(=)99 b Fw(tt)715 696 y Ft(B)t Fu([)-17 b([)p Fr(false)p
Fu(])g(])r Fs(s)188 b Fu(=)99 b Fw(\013)715 954 y Ft(B)t
Fu([)-17 b([)p Fs(a)878 969 y Fn(1)951 954 y Fu(=)32
b Fs(a)1116 969 y Fn(2)1156 954 y Fu(])-17 b(])p Fs(s)110
b Fu(=)1518 779 y Fg(8)1518 854 y(<)1518 1003 y(:)1633
869 y Fw(tt)83 b Fu(if)31 b Ft(A)p Fu([)-17 b([)p Fs(a)2067
884 y Fn(1)2107 869 y Fu(])g(])p Fs(s)41 b Fu(=)32 b
Ft(A)p Fu([)-17 b([)q Fs(a)2508 884 y Fn(2)2547 869 y
Fu(])g(])q Fs(s)1633 1037 y Fw(\013)106 b Fu(if)31 b
Ft(A)p Fu([)-17 b([)p Fs(a)2067 1052 y Fn(1)2107 1037
y Fu(])g(])p Fs(s)41 b Ft(6)p Fu(=)32 b Ft(A)p Fu([)-17
b([)q Fs(a)2508 1052 y Fn(2)2547 1037 y Fu(])g(])q Fs(s)715
1306 y Ft(B)t Fu([)g([)p Fs(a)878 1321 y Fn(1)951 1306
y Ft(\024)33 b Fs(a)1118 1321 y Fn(2)1157 1306 y Fu(])-17
b(])q Fs(s)108 b Fu(=)1518 1131 y Fg(8)1518 1206 y(<)1518
1356 y(:)1633 1221 y Fw(tt)83 b Fu(if)31 b Ft(A)p Fu([)-17
b([)p Fs(a)2067 1236 y Fn(1)2107 1221 y Fu(])g(])p Fs(s)41
b Fe(\024)33 b Ft(A)o Fu([)-17 b([)q Fs(a)2521 1236 y
Fn(2)2561 1221 y Fu(])g(])p Fs(s)1633 1389 y Fw(\013)106
b Fu(if)31 b Ft(A)p Fu([)-17 b([)p Fs(a)2067 1404 y Fn(1)2107
1389 y Fu(])g(])p Fs(s)41 b Ff(>)33 b Ft(A)o Fu([)-17
b([)q Fs(a)2521 1404 y Fn(2)2561 1389 y Fu(])g(])p Fs(s)715
1658 y Ft(B)t Fu([)g([)p Ft(:)33 b Fs(b)6 b Fu(])-17
b(])q Fs(s)294 b Fu(=)1518 1484 y Fg(8)1518 1558 y(<)1518
1708 y(:)1633 1573 y Fw(tt)83 b Fu(if)31 b Ft(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(\013)1633
1741 y(\013)106 b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(tt)715 2010 y
Ft(B)t Fu([)-17 b([)p Fs(b)872 2025 y Fn(1)944 2010 y
Ft(^)33 b Fs(b)1094 2025 y Fn(2)1134 2010 y Fu(])-17
b(])p Fs(s)132 b Fu(=)1518 1836 y Fg(8)1518 1911 y(<)1518
2060 y(:)1633 1926 y Fw(tt)83 b Fu(if)31 b Ft(B)t Fu([)-17
b([)p Fs(b)2050 1941 y Fn(1)2089 1926 y Fu(])g(])q Fs(s)41
b Fu(=)32 b Fw(tt)g Fu(and)g Ft(B)t Fu([)-17 b([)p Fs(b)2782
1941 y Fn(2)2822 1926 y Fu(])g(])p Fs(s)41 b Fu(=)32
b Fw(tt)1633 2093 y(\013)106 b Fu(if)31 b Ft(B)t Fu([)-17
b([)p Fs(b)2050 2108 y Fn(1)2089 2093 y Fu(])g(])q Fs(s)41
b Fu(=)32 b Fw(\013)h Fu(or)f Ft(B)t Fu([)-17 b([)p Fs(b)2690
2108 y Fn(2)2730 2093 y Fu(])g(])p Fs(s)41 b Fu(=)32
b Fw(\013)p 3753 2160 V 283 2163 3473 4 v 991 2323 a
Fu(T)-8 b(able)33 b(1.2:)43 b(The)33 b(seman)m(tics)g(of)f(b)s(o)s
(olean)f(expressions)430 2588 y(The)g(v)-5 b(alues)31
b(of)f(b)s(o)s(olean)f(expressions)k(are)d(truth)h(v)-5
b(alues)30 b(so)h(in)f(a)g(similar)e(w)m(a)m(y)k(w)m(e)f(shall)283
2709 y(de\014ne)j(their)e(meanings)g(b)m(y)h(a)g(\(total\))e(function)h
(from)f Fw(State)i Fu(to)f Fw(T)p Fu(:)527 2882 y Ft(B)t
Fu(:)43 b Fw(Bexp)33 b Ft(!)f Fu(\()p Fw(State)h Ft(!)f
Fw(T)p Fu(\))283 3055 y(Here)i Fw(T)e Fu(consists)i(of)e(the)h(truth)f
(v)-5 b(alues)33 b Fw(tt)f Fu(\(for)f(true\))i(and)g
Fw(\013)g Fu(\(for)f(false\).)430 3176 y(Using)g Ft(A)h
Fu(w)m(e)h(can)f(de\014ne)h Ft(B)i Fu(b)m(y)e(the)f(seman)m(tic)g
(clauses)h(of)e(T)-8 b(able)33 b(1.2.)44 b(Again)32 b(w)m(e)i(ha)m(v)m
(e)283 3296 y(the)h(distinction)e(b)s(et)m(w)m(een)k(syn)m(tax)f
(\(e.g.)49 b Ft(\024)35 b Fu(on)f(the)h(left-hand)f(side\))g(and)h
(seman)m(tics)g(\(e.g.)283 3416 y Fe(\024)e Fu(on)g(the)g(righ)m
(t-hand)e(side\).)283 3604 y Fw(Exercise)37 b(1.8)49
b Fu(Assume)33 b(that)g Fs(s)40 b Fr(x)33 b Fu(=)f Fw(3)h
Fu(and)g(determine)f Ft(B)s Fu([)-17 b([)q Ft(:)p Fu(\()p
Fr(x)33 b Fu(=)f Fr(1)p Fu(\)])-17 b(])q Fs(s)8 b Fu(.)579
b Fh(2)283 3793 y Fw(Exercise)37 b(1.9)49 b Fu(Pro)m(v)m(e)38
b(that)e(the)h(equations)g(of)f(T)-8 b(able)37 b(1.2)f(de\014ne)i(a)e
(total)f(function)i Ft(B)j Fu(in)283 3913 y Fw(Bexp)33
b Ft(!)f Fu(\()p Fw(State)h Ft(!)f Fw(T)p Fu(\).)2380
b Fh(2)283 4101 y Fw(Exercise)37 b(1.10)49 b Fu(The)26
b(syn)m(tactic)g(category)g Fw(Bexp)2211 4065 y Fi(0)2260
4101 y Fu(is)e(de\014ned)j(as)f(the)f(follo)m(wing)e(extension)283
4221 y(of)33 b Fw(Bexp)p Fu(:)577 4386 y Fs(b)106 b Fu(::=)99
b Fr(true)34 b Ft(j)e Fr(false)i Ft(j)e Fs(a)1661 4401
y Fn(1)1733 4386 y Fu(=)h Fs(a)1899 4401 y Fn(2)1971
4386 y Ft(j)f Fs(a)2088 4401 y Fn(1)2160 4386 y Ft(6)p
Fu(=)h Fs(a)2326 4401 y Fn(2)2398 4386 y Ft(j)f Fs(a)2515
4401 y Fn(1)2587 4386 y Ft(\024)h Fs(a)2754 4401 y Fn(2)2827
4386 y Ft(j)f Fs(a)2944 4401 y Fn(1)3016 4386 y Ft(\025)h
Fs(a)3183 4401 y Fn(2)830 4554 y Ft(j)99 b Fs(a)1014
4569 y Fn(1)1087 4554 y Fo(<)32 b Fs(a)1252 4569 y Fn(2)1324
4554 y Ft(j)g Fs(a)1441 4569 y Fn(1)1514 4554 y Fo(>)g
Fs(a)1679 4569 y Fn(2)1751 4554 y Ft(j)g(:)q Fs(b)38
b Ft(j)32 b Fs(b)2072 4569 y Fn(1)2144 4554 y Ft(^)h
Fs(b)2294 4569 y Fn(2)2366 4554 y Ft(j)f Fs(b)2477 4569
y Fn(1)2549 4554 y Ft(_)h Fs(b)2699 4569 y Fn(2)830 4721
y Ft(j)99 b Fs(b)1008 4736 y Fn(1)1080 4721 y Ft(\))32
b Fs(b)1263 4736 y Fn(2)1335 4721 y Ft(j)h Fs(b)1447
4736 y Fn(1)1518 4721 y Ft(,)g Fs(b)1702 4736 y Fn(2)283
4888 y Fu(Giv)m(e)g(a)f Fs(c)-5 b(omp)g(ositional)41
b Fu(extension)34 b(of)e(the)h(seman)m(tic)f(function)g
Ft(B)k Fu(of)c(T)-8 b(able)32 b(1.2.)430 5008 y(Tw)m(o)h(b)s(o)s(olean)
e(expressions)k Fs(b)1572 5023 y Fn(1)1644 5008 y Fu(and)d
Fs(b)1884 5023 y Fn(2)1956 5008 y Fu(are)h Fs(e)-5 b(quivalent)41
b Fu(if)32 b(for)g(all)e(states)k Fs(s)8 b Fu(,)527 5181
y Ft(B)t Fu([)-17 b([)p Fs(b)684 5196 y Fn(1)724 5181
y Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(B)t Fu([)-17 b([)p
Fs(b)1107 5196 y Fn(2)1147 5181 y Fu(])g(])p Fs(s)283
5355 y Fu(Sho)m(w)35 b(that)e(for)f(eac)m(h)i Fs(b)1174
5319 y Fi(0)1231 5355 y Fu(of)e Fw(Bexp)1594 5319 y Fi(0)1651
5355 y Fu(there)i(exists)g(a)f(b)s(o)s(olean)f(expression)i
Fs(b)39 b Fu(of)33 b Fw(Bexp)g Fu(suc)m(h)283 5475 y(that)g
Fs(b)546 5439 y Fi(0)602 5475 y Fu(and)f Fs(b)39 b Fu(are)32
b(equiv)-5 b(alen)m(t.)2186 b Fh(2)p eop
%%Page: 15 25
15 24 bop 0 130 a Fw(1.4)112 b(Prop)s(erties)36 b(of)i(the)f(seman)m
(tics)1763 b(15)p 0 193 3473 4 v 0 515 a Fj(1.4)161 b(Prop)t(erties)53
b(of)h(the)f(seman)l(tics)0 737 y Fu(Later)29 b(in)g(the)h(b)s(o)s(ok)g
(w)m(e)g(shall)e(b)s(e)i(in)m(terested)h(in)e(t)m(w)m(o)h(kinds)g(of)f
(prop)s(erties)g(for)h(expressions.)0 858 y(One)39 b(is)g(that)f(their)
g(v)-5 b(alues)39 b(do)g(not)g(dep)s(end)h(on)e(v)-5
b(alues)39 b(of)g(v)-5 b(ariables)37 b(that)i(do)f(not)h(o)s(ccur)0
978 y(in)h(them.)67 b(The)41 b(other)g(is)f(that)g(if)g(w)m(e)h
(replace)g(a)f(v)-5 b(ariable)39 b(with)h(an)g(expression)i(then)f(w)m
(e)0 1098 y(could)d(as)h(w)m(ell)e(ha)m(v)m(e)j(made)e(a)g(similar)d(c)
m(hange)40 b(in)d(the)i(state.)61 b(W)-8 b(e)39 b(shall)e(formalize)f
(these)0 1219 y(prop)s(erties)c(b)s(elo)m(w)h(and)g(pro)m(v)m(e)g(that)
g(they)g(do)g(hold.)0 1516 y Fp(F)-11 b(ree)45 b(v)-7
b(ariables)0 1704 y Fu(The)27 b Fs(fr)-5 b(e)g(e)29 b(variables)34
b Fu(of)26 b(an)g(arithmetic)f(expression)i Fs(a)34 b
Fu(is)26 b(de\014ned)i(to)e(b)s(e)h(the)g(set)g(of)f(v)-5
b(ariables)0 1824 y(o)s(ccurring)41 b(in)f(it.)69 b(F)-8
b(ormally)g(,)41 b(w)m(e)h(ma)m(y)f(giv)m(e)h(a)f(comp)s(ositional)d
(de\014nition)i(of)h(the)h(subset)0 1944 y(FV\()p Fs(a)7
b Fu(\))32 b(of)h Fw(V)-9 b(ar)p Fu(:)294 2152 y(FV\()p
Fs(n)7 b Fu(\))373 b(=)99 b Ft(;)294 2319 y Fu(FV\()p
Fs(x)12 b Fu(\))378 b(=)99 b Ft(f)33 b Fs(x)44 b Ft(g)294
2487 y Fu(FV\()p Fs(a)526 2502 y Fn(1)598 2487 y Fu(+)32
b Fs(a)763 2502 y Fn(2)803 2487 y Fu(\))101 b(=)e(FV\()p
Fs(a)1349 2502 y Fn(1)1389 2487 y Fu(\))32 b Ft([)h Fu(FV\()p
Fs(a)1790 2502 y Fn(2)1830 2487 y Fu(\))294 2654 y(FV\()p
Fs(a)526 2669 y Fn(1)598 2654 y Fo(?)f Fs(a)736 2669
y Fn(2)776 2654 y Fu(\))128 b(=)99 b(FV\()p Fs(a)1349
2669 y Fn(1)1389 2654 y Fu(\))32 b Ft([)h Fu(FV\()p Fs(a)1790
2669 y Fn(2)1830 2654 y Fu(\))294 2822 y(FV\()p Fs(a)526
2837 y Fn(1)598 2822 y Ft(\000)g Fs(a)765 2837 y Fn(2)804
2822 y Fu(\))100 b(=)f(FV\()p Fs(a)1349 2837 y Fn(1)1389
2822 y Fu(\))32 b Ft([)h Fu(FV\()p Fs(a)1790 2837 y Fn(2)1830
2822 y Fu(\))0 3031 y(As)d(an)f(example)g(FV\()p Fr(x)p
Fu(+)p Fr(1)p Fu(\))g(=)g Ft(f)g Fr(x)h Ft(g)f Fu(and)g(FV\()p
Fr(x)p Fu(+)p Fr(y)p Fo(?)p Fr(x)p Fu(\))g(=)g Ft(f)g
Fr(x)p Fu(,)i Fr(y)e Ft(g)p Fu(.)42 b(It)30 b(should)f(b)s(e)g(ob)m
(vious)0 3151 y(that)39 b(only)g(the)h(v)-5 b(ariables)38
b(in)h(FV\()p Fs(a)7 b Fu(\))39 b(ma)m(y)g(in\015uence)h(the)g(v)-5
b(alue)39 b(of)g Fs(a)7 b Fu(.)64 b(This)39 b(is)g(formally)0
3272 y(expressed)c(b)m(y:)p 0 3394 3473 5 v 0 3576 a
Fw(Lemma)i(1.11)49 b Fu(Let)39 b Fs(s)48 b Fu(and)39
b Fs(s)1158 3540 y Fi(0)1220 3576 y Fu(b)s(e)h(t)m(w)m(o)f(states)h
(satisfying)f(that)f Fs(s)48 b(x)i Fu(=)39 b Fs(s)2839
3540 y Fi(0)2902 3576 y Fs(x)51 b Fu(for)38 b(all)f Fs(x)51
b Fu(in)0 3697 y(FV\()p Fs(a)7 b Fu(\).)43 b(Then)34
b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)41
b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q
Fs(s)1256 3660 y Fi(0)1279 3697 y Fu(.)p 0 3817 V 0 4027
a Fw(Pro)s(of:)26 b Fu(W)-8 b(e)24 b(shall)e(giv)m(e)h(a)g(fairly)e
(detailed)h(pro)s(of)g(of)h(the)h(lemma)d(using)h(structural)h
(induction)0 4148 y(on)30 b(the)h(arithmetic)d(expressions.)44
b(W)-8 b(e)31 b(shall)d(\014rst)j(consider)f(the)h(basis)f(elemen)m(ts)
g(of)g Fw(Aexp)p Fu(:)0 4315 y Fw(The)35 b(case)g Fs(n)7
b Fu(:)48 b(F)-8 b(rom)33 b(T)-8 b(able)34 b(1.1)g(w)m(e)i(ha)m(v)m(e)g
Ft(A)o Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)42
b Fu(=)35 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17
b(])35 b(as)g(w)m(ell)f(as)g Ft(A)p Fu([)-17 b([)p Fs(n)7
b Fu(])-17 b(])q Fs(s)3043 4279 y Fi(0)3101 4315 y Fu(=)34
b Ft(N)15 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(].)0 4436
y(So)32 b Ft(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])p
Fs(s)41 b Fu(=)32 b Ft(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17
b(])p Fs(s)806 4399 y Fi(0)862 4436 y Fu(and)33 b(clearly)f(the)h
(lemma)d(holds)i(in)g(this)g(case.)0 4603 y Fw(The)e(case)h
Fs(x)12 b Fu(:)42 b(F)-8 b(rom)28 b(T)-8 b(able)30 b(1.1)f(w)m(e)i(ha)m
(v)m(e)g Ft(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p
Fs(s)38 b Fu(=)30 b Fs(s)38 b(x)j Fu(as)30 b(w)m(ell)g(as)g
Ft(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(s)2862
4567 y Fi(0)2916 4603 y Fu(=)29 b Fs(s)3069 4567 y Fi(0)3123
4603 y Fs(x)12 b Fu(.)42 b(F)-8 b(rom)0 4724 y(the)31
b(assumptions)f(of)g(the)h(lemma)d(w)m(e)j(get)g Fs(s)38
b(x)k Fu(=)31 b Fs(s)1927 4687 y Fi(0)1980 4724 y Fs(x)42
b Fu(b)s(ecause)32 b Fs(x)42 b Ft(2)31 b Fu(FV\()p Fs(x)12
b Fu(\))30 b(so)h(clearly)e(the)0 4844 y(lemma)h(holds)j(in)e(this)i
(case.)146 4966 y(Next)h(w)m(e)f(turn)g(to)f(the)h(comp)s(osite)f
(elemen)m(ts)h(of)f Fw(Aexp)p Fu(:)0 5133 y Fw(The)f(case)g
Fs(a)509 5148 y Fn(1)579 5133 y Fu(+)f Fs(a)742 5148
y Fn(2)781 5133 y Fu(:)43 b(F)-8 b(rom)29 b(T)-8 b(able)30
b(1.1)g(w)m(e)h(ha)m(v)m(e)h Ft(A)o Fu([)-17 b([)q Fs(a)2064
5148 y Fn(1)2134 5133 y Fu(+)30 b Fs(a)2297 5148 y Fn(2)2337
5133 y Fu(])-17 b(])p Fs(s)39 b Fu(=)30 b Ft(A)o Fu([)-17
b([)q Fs(a)2733 5148 y Fn(1)2773 5133 y Fu(])g(])p Fs(s)38
b Fu(+)31 b Ft(A)o Fu([)-17 b([)q Fs(s)3160 5148 y Fn(2)3199
5133 y Fu(])g(])q Fs(s)38 b Fu(and)0 5254 y(similarly)24
b Ft(A)p Fu([)-17 b([)p Fs(a)568 5269 y Fn(1)636 5254
y Fu(+)28 b Fs(a)797 5269 y Fn(2)836 5254 y Fu(])-17
b(])q Fs(s)922 5218 y Fi(0)973 5254 y Fu(=)28 b Ft(A)o
Fu([)-17 b([)q Fs(a)1251 5269 y Fn(1)1291 5254 y Fu(])g(])p
Fs(s)1376 5218 y Fi(0)1427 5254 y Fu(+)28 b Ft(A)p Fu([)-17
b([)p Fs(s)1696 5269 y Fn(2)1736 5254 y Fu(])g(])p Fs(s)1821
5218 y Fi(0)1845 5254 y Fu(.)42 b(Since)28 b Fs(a)2221
5269 y Fn(i)2273 5254 y Fu(\(for)f(i)g(=)g(1,2\))h(is)f(an)h(immediate)
0 5374 y(sub)s(expression)35 b(of)e Fs(a)789 5389 y Fn(1)862
5374 y Fu(+)g Fs(a)1028 5389 y Fn(2)1101 5374 y Fu(and)g(FV\()p
Fs(a)1523 5389 y Fn(i)1547 5374 y Fu(\))g Ft(\022)h Fu(FV\()p
Fs(a)1961 5389 y Fn(1)2033 5374 y Fu(+)f Fs(a)2199 5389
y Fn(2)2239 5374 y Fu(\))g(w)m(e)h(can)g(apply)f(the)g(induction)0
5494 y(h)m(yp)s(othesis)i(\(that)f(is)g(the)g(lemma\))e(to)i
Fs(a)1534 5509 y Fn(i)1592 5494 y Fu(and)g(get)h Ft(A)o
Fu([)-17 b([)q Fs(a)2122 5509 y Fn(i)2146 5494 y Fu(])g(])p
Fs(s)43 b Fu(=)34 b Ft(A)o Fu([)-17 b([)q Fs(a)2550 5509
y Fn(i)2574 5494 y Fu(])g(])p Fs(s)2659 5458 y Fi(0)2683
5494 y Fu(.)48 b(It)34 b(is)g(no)m(w)h(easy)g(to)p eop
%%Page: 16 26
16 25 bop 251 130 a Fw(16)2575 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v 283 515 a Fu(see)34 b(that)f(the)g(lemma)d(holds)i
(for)g Fs(a)1596 530 y Fn(1)1668 515 y Fu(+)h Fs(a)1834
530 y Fn(2)1906 515 y Fu(as)g(w)m(ell.)283 683 y Fw(The)38
b(cases)h Fs(a)851 698 y Fn(1)928 683 y Ft(\000)f Fs(a)1100
698 y Fn(2)1177 683 y Fu(and)g Fs(a)1429 698 y Fn(1)1506
683 y Fo(?)f Fs(a)1649 698 y Fn(2)1726 683 y Fu(follo)m(w)f(the)i(same)
g(pattern)f(and)h(are)g(omitted.)57 b(This)283 803 y(completes)33
b(the)g(pro)s(of.)2529 b Fh(2)430 1009 y Fu(In)41 b(a)f(similar)e(w)m
(a)m(y)k(w)m(e)g(ma)m(y)e(de\014ne)j(the)e(set)g(FV\()p
Fs(b)6 b Fu(\))41 b(of)f(free)h(v)-5 b(ariables)40 b(in)g(a)g(b)s(o)s
(olean)283 1130 y(expression)34 b Fs(b)39 b Fu(b)m(y)577
1336 y(FV\()p Fr(true)p Fu(\))231 b(=)100 b Ft(;)577
1504 y Fu(FV\()p Fr(false)p Fu(\))180 b(=)100 b Ft(;)577
1672 y Fu(FV\()p Fs(a)809 1687 y Fn(1)881 1672 y Fu(=)32
b Fs(a)1046 1687 y Fn(2)1086 1672 y Fu(\))101 b(=)f(FV\()p
Fs(a)1633 1687 y Fn(1)1672 1672 y Fu(\))33 b Ft([)g Fu(FV\()p
Fs(a)2074 1687 y Fn(2)2113 1672 y Fu(\))577 1839 y(FV\()p
Fs(a)809 1854 y Fn(1)881 1839 y Ft(\024)g Fs(a)1048 1854
y Fn(2)1088 1839 y Fu(\))99 b(=)h(FV\()p Fs(a)1633 1854
y Fn(1)1672 1839 y Fu(\))33 b Ft([)g Fu(FV\()p Fs(a)2074
1854 y Fn(2)2113 1839 y Fu(\))577 2007 y(FV\()p Ft(:)p
Fs(b)6 b Fu(\))318 b(=)100 b(FV\()p Fs(b)6 b Fu(\))577
2175 y(FV\()p Fs(b)803 2190 y Fn(1)875 2175 y Ft(^)33
b Fs(b)1025 2190 y Fn(2)1064 2175 y Fu(\))123 b(=)100
b(FV\()p Fs(b)1627 2190 y Fn(1)1666 2175 y Fu(\))32 b
Ft([)h Fu(FV\()p Fs(b)2061 2190 y Fn(2)2100 2175 y Fu(\))283
2421 y Fw(Exercise)k(1.12)49 b(\(Essen)m(tial\))31 b
Fu(Let)j Fs(s)41 b Fu(and)34 b Fs(s)2024 2385 y Fi(0)2080
2421 y Fu(b)s(e)g(t)m(w)m(o)g(states)h(satisfying)d(that)h
Fs(s)42 b(x)j Fu(=)33 b Fs(s)3654 2385 y Fi(0)3711 2421
y Fs(x)283 2541 y Fu(for)f(all)f Fs(x)44 b Fu(in)32 b(FV\()p
Fs(b)6 b Fu(\).)43 b(Pro)m(v)m(e)34 b(that)f Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)2218 2505
y Fi(0)2241 2541 y Fu(.)1413 b Fh(2)283 2845 y Fp(Substitutions)283
3034 y Fu(W)-8 b(e)46 b(shall)d(later)g(b)s(e)i(in)m(terested)h(in)e
(replacing)f(eac)m(h)j(o)s(ccurrence)g(of)e(a)h(v)-5
b(ariable)42 b Fs(y)54 b Fu(in)44 b(an)283 3155 y(arithmetic)j
(expression)i Fs(a)56 b Fu(with)48 b(another)g(arithmetic)e(expression)
k Fs(a)3003 3170 y Fn(0)3042 3155 y Fu(.)91 b(This)48
b(is)g(called)283 3275 y Fs(substitution)39 b Fu(and)30
b(w)m(e)i(write)e Fs(a)7 b Fu([)p Fs(y)i Ft(7!)p Fs(a)1685
3290 y Fn(0)1725 3275 y Fu(])30 b(for)g(the)h(arithmetic)d(expression)k
(so)f(obtained.)42 b(The)283 3395 y(formal)31 b(de\014nition)g(is)h(as)
h(follo)m(ws:)577 3583 y Fs(n)7 b Fu([)p Fs(y)i Ft(7!)p
Fs(a)879 3598 y Fn(0)919 3583 y Fu(])449 b(=)100 b Fs(n)577
3840 y(x)12 b Fu([)p Fs(y)d Ft(7!)p Fs(a)874 3855 y Fn(0)913
3840 y Fu(])455 b(=)1571 3666 y Fg(8)1571 3741 y(<)1571
3890 y(:)1686 3756 y Fs(a)1743 3771 y Fn(0)1866 3756
y Fu(if)31 b Fs(x)44 b Fu(=)33 b Fs(y)1686 3923 y(x)135
b Fu(if)31 b Fs(x)44 b Ft(6)p Fu(=)33 b Fs(y)577 4103
y Fu(\()p Fs(a)672 4118 y Fn(1)744 4103 y Fu(+)g Fs(a)910
4118 y Fn(2)949 4103 y Fu(\)[)p Fs(y)9 b Ft(7!)p Fs(a)1227
4118 y Fn(0)1267 4103 y Fu(])101 b(=)f(\()p Fs(a)1666
4118 y Fn(1)1705 4103 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)1945
4118 y Fn(0)1985 4103 y Fu(]\))32 b(+)h(\()p Fs(a)2286
4118 y Fn(2)2325 4103 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2565
4118 y Fn(0)2605 4103 y Fu(]\))577 4270 y(\()p Fs(a)672
4285 y Fn(1)744 4270 y Fo(?)33 b Fs(a)883 4285 y Fn(2)922
4270 y Fu(\)[)p Fs(y)9 b Ft(7!)p Fs(a)1200 4285 y Fn(0)1240
4270 y Fu(])128 b(=)100 b(\()p Fs(a)1666 4285 y Fn(1)1705
4270 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)1945 4285 y Fn(0)1985
4270 y Fu(]\))32 b Fo(?)h Fu(\()p Fs(a)2259 4285 y Fn(2)2298
4270 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2538 4285 y Fn(0)2578
4270 y Fu(]\))577 4438 y(\()p Fs(a)672 4453 y Fn(1)744
4438 y Ft(\000)33 b Fs(a)911 4453 y Fn(2)951 4438 y Fu(\)[)p
Fs(y)9 b Ft(7!)p Fs(a)1229 4453 y Fn(0)1268 4438 y Fu(])100
b(=)g(\()p Fs(a)1666 4453 y Fn(1)1705 4438 y Fu([)p Fs(y)9
b Ft(7!)p Fs(a)1945 4453 y Fn(0)1985 4438 y Fu(]\))32
b Ft(\000)h Fu(\()p Fs(a)2287 4453 y Fn(2)2327 4438 y
Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2567 4453 y Fn(0)2606 4438
y Fu(]\))283 4652 y(As)34 b(an)e(example)g(\()p Fr(x)p
Fu(+)p Fr(1)p Fu(\)[)p Fr(x)p Ft(7!)p Fr(3)p Fu(])h(=)g
Fr(3)p Fu(+)p Fr(1)g Fu(and)f(\()p Fr(x)p Fu(+)p Fr(y)p
Fo(?)p Fr(x)p Fu(\)[)p Fr(x)p Ft(7!)q Fr(y)p Ft(\000)p
Fr(5)p Fu(])h(=)g(\()p Fr(y)p Ft(\000)p Fr(5)p Fu(\)+)p
Fr(y)p Fo(?)p Fu(\()p Fr(y)p Ft(\000)p Fr(5)p Fu(\).)430
4775 y(W)-8 b(e)48 b(also)e(ha)m(v)m(e)j(a)e(notion)f(of)h
(substitution)g(\(or)g(up)s(dating\))f(for)h(states.)89
b(W)-8 b(e)48 b(de\014ne)283 4895 y Fs(s)8 b Fu([)p Fs(y)h
Ft(7!)p Fs(v)i Fu(])33 b(to)f(b)s(e)h(the)g(state)g(that)f(is)g(as)h
Fs(s)40 b Fu(except)35 b(that)d(the)h(v)-5 b(alue)32
b(b)s(ound)h(to)f Fs(y)41 b Fu(is)33 b Fs(v)11 b Fu(,)32
b(that)g(is)527 5198 y(\()p Fs(s)8 b Fu([)p Fs(y)h Ft(7!)p
Fs(v)i Fu(]\))32 b Fs(x)45 b Fu(=)1147 5023 y Fg(8)1147
5098 y(<)1147 5247 y(:)1262 5113 y Fs(v)176 b Fu(if)31
b Fs(x)44 b Fu(=)33 b Fs(y)1262 5281 y(s)41 b(x)95 b
Fu(if)31 b Fs(x)44 b Ft(6)p Fu(=)33 b Fs(y)283 5494 y
Fu(The)h(relationship)d(b)s(et)m(w)m(een)j(the)f(t)m(w)m(o)h(concepts)g
(is)e(sho)m(wn)i(in)e(the)h(follo)m(wing)c(exercise:)p
eop
%%Page: 17 27
17 26 bop 0 130 a Fw(1.4)112 b(Prop)s(erties)36 b(of)i(the)f(seman)m
(tics)1763 b(17)p 0 193 3473 4 v 0 515 a(Exercise)36
b(1.13)49 b(\(Essen)m(tial\))37 b Fu(Pro)m(v)m(e)k(that)e
Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu([)p Fs(y)i Ft(7!)p
Fs(a)2164 530 y Fn(0)2204 515 y Fu(]])-17 b(])q Fs(s)47
b Fu(=)39 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(\()p
Fs(s)8 b Fu([)p Fs(y)h Ft(7!A)p Fu([)-17 b([)p Fs(a)3126
530 y Fn(0)3166 515 y Fu(])g(])q Fs(s)8 b Fu(]\))39 b(for)0
636 y(all)30 b(states)k Fs(s)8 b Fu(.)2910 b Fh(2)0 864
y Fw(Exercise)36 b(1.14)49 b(\(Essen)m(tial\))25 b Fu(De\014ne)i
(substitution)f(for)g(b)s(o)s(olean)g(expressions:)42
b Fs(b)6 b Fu([)p Fs(y)j Ft(7!)p Fs(a)3406 879 y Fn(0)3445
864 y Fu(])0 984 y(is)44 b(to)h(b)s(e)g(the)h(b)s(o)s(olean)d
(expression)j(that)f(is)f(as)i Fs(b)k Fu(except)d(that)e(all)e(o)s
(ccurrences)j(of)f(the)0 1105 y(v)-5 b(ariable)26 b Fs(y)37
b Fu(are)28 b(replaced)h(b)m(y)g(the)f(arithmetic)e(expression)k
Fs(a)2268 1120 y Fn(0)2307 1105 y Fu(.)42 b(Pro)m(v)m(e)30
b(that)e(y)m(our)g(de\014nition)0 1225 y(satis\014es)244
1429 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu([)p Fs(y)j Ft(7!)p
Fs(a)641 1444 y Fn(0)680 1429 y Fu(]])-17 b(])q Fs(s)41
b Fu(=)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q(\()p
Fs(s)8 b Fu([)p Fs(y)h Ft(7!)o(A)p Fu([)-17 b([)q Fs(a)1572
1444 y Fn(0)1611 1429 y Fu(])g(])q Fs(s)8 b Fu(]\))0
1632 y(for)32 b(all)f(states)i Fs(s)8 b Fu(.)2761 b Fh(2)p
eop
%%Page: 18 28
18 27 bop 251 130 a Fw(18)2575 b(1)113 b(In)m(tro)s(duction)p
251 193 3473 4 v eop
%%Page: 19 29
19 28 bop 0 1180 a Fv(Chapter)78 b(2)0 1595 y(Op)6 b(erational)77
b(Seman)-6 b(tics)0 2047 y Fu(The)27 b(role)e(of)g(a)h(statemen)m(t)g
(in)f Fw(While)f Fu(is)h(to)h(c)m(hange)h(the)f(state.)41
b(F)-8 b(or)25 b(example,)i(if)e Fr(x)h Fu(is)f(b)s(ound)0
2168 y(to)i Fw(3)g Fu(in)g Fs(s)35 b Fu(and)27 b(w)m(e)i(execute)g(the)
f(statemen)m(t)f Fr(x)h Fu(:=)f Fr(x)h Fu(+)f Fr(1)g
Fu(then)h(w)m(e)g(get)g(a)f(new)h(state)g(where)g Fr(x)0
2288 y Fu(is)k(b)s(ound)h(to)f Fw(4)p Fu(.)44 b(So)33
b(while)f(the)h(seman)m(tics)g(of)f(arithmetic)e(and)j(b)s(o)s(olean)e
(expressions)k(only)0 2408 y Fs(insp)-5 b(e)g(ct)43 b
Fu(the)34 b(state)h(in)e(order)h(to)g(determine)g(the)g(v)-5
b(alue)34 b(of)f(the)i(expression,)h(the)e(seman)m(tics)0
2529 y(of)e(statemen)m(ts)i(will)c Fs(mo)-5 b(dify)41
b Fu(the)33 b(state)g(as)f(w)m(ell.)146 2649 y(In)38
b(an)g(op)s(erational)e(seman)m(tics)i(w)m(e)g(are)g(concerned)i(with)d
Fs(how)48 b Fu(to)37 b(execute)j(programs)0 2769 y(and)27
b(not)g(merely)f(what)h(the)h(results)f(of)g(execution)g(are.)42
b(More)27 b(precisely)-8 b(,)28 b(w)m(e)g(are)f(in)m(terested)0
2890 y(in)39 b(ho)m(w)h(the)f(states)i(are)e(mo)s(di\014ed)f(during)h
(the)h(execution)g(of)f(the)h(statemen)m(t.)64 b(W)-8
b(e)40 b(shall)0 3010 y(consider)33 b(t)m(w)m(o)g(di\013eren)m(t)g
(approac)m(hes)h(to)e(op)s(erational)e(seman)m(tics:)145
3211 y Ft(\017)49 b Fs(Natur)-5 b(al)36 b(semantics)p
Fu(:)43 b(its)33 b(purp)s(ose)h(is)e(to)h(describ)s(e)h(ho)m(w)g(the)f
Fs(over)-5 b(al)5 b(l)43 b Fu(results)33 b(of)g(exe-)244
3332 y(cutions)f(are)h(obtained.)145 3535 y Ft(\017)49
b Fs(Structur)-5 b(al)26 b(op)-5 b(er)g(ational)24 b(semantics)p
Fu(:)37 b(its)21 b(purp)s(ose)i(is)e(to)h(describ)s(e)h(ho)m(w)f(the)g
Fs(individual)244 3655 y(steps)40 b Fu(of)32 b(the)h(computations)f
(tak)m(e)h(place.)0 3856 y(W)-8 b(e)46 b(shall)e(see)i(that)f(for)g
(the)h(language)e Fw(While)g Fu(w)m(e)i(can)g(easily)e(sp)s(ecify)i(b)s
(oth)f(kinds)h(of)0 3977 y(seman)m(tics)41 b(and)g(that)g(they)h(will)d
(b)s(e)i(\\equiv)-5 b(alen)m(t")40 b(in)h(a)f(sense)j(to)e(b)s(e)g
(made)g(clear)f(later.)0 4097 y(Ho)m(w)m(ev)m(er,)33
b(w)m(e)f(shall)d(also)h(giv)m(e)h(examples)f(of)g(programming)e
(constructs)k(where)g(one)f(of)f(the)0 4217 y(approac)m(hes)k(is)e(sup)
s(erior)g(to)g(the)h(other.)146 4338 y(F)-8 b(or)43 b(b)s(oth)h(kinds)g
(of)f(op)s(erational)e(seman)m(tics,)47 b(the)d(meaning)e(of)h
(statemen)m(ts)i(will)c(b)s(e)0 4458 y(sp)s(eci\014ed)33
b(b)m(y)h(a)e Fs(tr)-5 b(ansition)35 b(system)p Fu(.)43
b(It)33 b(will)d(ha)m(v)m(e)k(t)m(w)m(o)f(t)m(yp)s(es)h(of)e
(con\014gurations:)294 4651 y Ft(h)o Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)99 b Fu(represen)m(ting)39 b(that)f(the)g(statemen)m(t)
g Fs(S)49 b Fu(is)38 b(to)f(b)s(e)h(executed)i(from)645
4771 y(the)33 b(state)g Fs(s)8 b Fu(,)33 b(and)294 4939
y Fs(s)311 b Fu(represen)m(ting)34 b(a)e(terminal)e(\(that)j(is)f
(\014nal\))g(state.)0 5133 y(The)24 b Fs(terminal)i(c)-5
b(on\014gur)g(ations)31 b Fu(will)21 b(b)s(e)i(those)h(of)f(the)h
(latter)e(form.)39 b(The)25 b Fs(tr)-5 b(ansition)26
b(r)-5 b(elation)0 5254 y Fu(will)31 b(then)j(describ)s(e)g(ho)m(w)g
(the)g(execution)g(tak)m(es)h(place.)45 b(The)34 b(di\013erence)g(b)s
(et)m(w)m(een)i(the)e(t)m(w)m(o)0 5374 y(approac)m(hes)40
b(to)f(op)s(erational)d(seman)m(tics)j(amoun)m(ts)g(to)f(di\013eren)m
(t)i(w)m(a)m(ys)g(of)f(sp)s(ecifying)f(the)0 5494 y(transition)31
b(relation.)1687 5849 y(19)p eop
%%Page: 20 30
20 29 bop 251 130 a Fw(20)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 2467
4 2049 v 609 528 a Fu([ass)761 543 y Fn(ns)833 528 y
Fu(])372 b Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])609
743 y([skip)807 758 y Fn(ns)879 743 y Fu(])326 b Ft(h)p
Fr(skip)p Fu(,)34 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)609 1035
y Fu([comp)864 1050 y Fn(ns)935 1035 y Fu(])1242 948
y Ft(h)p Fs(S)1348 963 y Fn(1)1387 948 y Fu(,)h Fs(s)8
b Ft(i)32 b(!)g Fs(s)1746 912 y Fi(0)1770 948 y Fu(,)g
Ft(h)p Fs(S)1935 963 y Fn(2)1974 948 y Fu(,)h Fs(s)2082
912 y Fi(0)2105 948 y Ft(i)f(!)h Fs(s)2357 912 y Fi(00)p
1242 1012 1158 4 v 1481 1116 a Ft(h)o Fs(S)1586 1131
y Fn(1)1626 1116 y Fu(;)p Fs(S)1720 1131 y Fn(2)1759
1116 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)2118 1080 y
Fi(00)609 1397 y Fu([if)706 1361 y Fn(tt)694 1422 y(ns)764
1397 y Fu(])1658 1310 y Ft(h)p Fs(S)1764 1325 y Fn(1)1803
1310 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2162 1274 y
Fi(0)p 1242 1374 1360 4 v 1242 1478 a Ft(h)p Fr(if)h
Fs(b)38 b Fr(then)c Fs(S)1804 1493 y Fn(1)1876 1478 y
Fr(else)f Fs(S)2180 1493 y Fn(2)2220 1478 y Fu(,)f Fs(s)8
b Ft(i)33 b(!)f Fs(s)2579 1442 y Fi(0)2677 1397 y Fu(if)f
Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fw(tt)609 1759 y Fu([if)706 1723 y Fn(\013)694
1784 y(ns)764 1759 y Fu(])1658 1673 y Ft(h)p Fs(S)1764
1688 y Fn(2)1803 1673 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g
Fs(s)2162 1636 y Fi(0)p 1242 1736 V 1242 1841 a Ft(h)p
Fr(if)h Fs(b)38 b Fr(then)c Fs(S)1804 1856 y Fn(1)1876
1841 y Fr(else)f Fs(S)2180 1856 y Fn(2)2220 1841 y Fu(,)f
Fs(s)8 b Ft(i)33 b(!)f Fs(s)2579 1804 y Fi(0)2677 1759
y Fu(if)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
Fs(s)41 b Fu(=)32 b Fw(\013)609 2121 y Fu([while)871
2085 y Fn(tt)859 2146 y(ns)930 2121 y Fu(])1242 2035
y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1707
1998 y Fi(0)1730 2035 y Fu(,)h Ft(h)p Fr(while)g Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2510 1998 y Fi(0)2534
2035 y Ft(i)g(!)g Fs(s)2785 1998 y Fi(00)p 1242 2098
1586 4 v 1528 2203 a Ft(h)o Fr(while)i Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h Fs(s)2500
2166 y Fi(00)2903 2121 y Fu(if)e Ft(B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(tt)609
2406 y Fu([while)871 2370 y Fn(\013)859 2431 y(ns)930
2406 y Fu(])275 b Ft(h)p Fr(while)34 b Fs(b)k Fr(do)33
b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)41
b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q Fs(s)40 b Fu(=)33 b Fw(\013)p 3753 2467 4 2049
v 283 2470 3473 4 v 1166 2631 a Fu(T)-8 b(able)32 b(2.1:)44
b(Natural)31 b(seman)m(tics)i(for)f Fw(While)283 2881
y Fj(2.1)161 b(Natural)55 b(seman)l(tics)283 3100 y Fu(In)34
b(a)f(natural)e(seman)m(tics)j(w)m(e)g(are)f(concerned)i(with)d(the)i
(relationship)d(b)s(et)m(w)m(een)k(the)e Fs(initial)283
3220 y Fu(and)j(the)g Fs(\014nal)45 b Fu(state)36 b(of)f(an)g
(execution.)53 b(Therefore)37 b(the)f(transition)e(relation)f(will)g
(sp)s(ecify)283 3340 y(the)40 b(relationship)d(b)s(et)m(w)m(een)k(the)f
(initial)35 b(state)k(and)h(the)f(\014nal)f(state)i(for)e(eac)m(h)i
(statemen)m(t.)283 3461 y(W)-8 b(e)33 b(shall)f(write)g(a)g(transition)
f(as)527 3640 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(!)g Fs(s)992 3604 y Fi(0)283 3819 y Fu(In)m(tuitiv)m(ely)38
b(this)f(means)h(that)f(the)i(execution)f(of)f Fs(S)50
b Fu(from)36 b Fs(s)46 b Fu(will)36 b(terminate)g(and)i(the)g(re-)283
3940 y(sulting)32 b(state)h(will)d(b)s(e)j Fs(s)1208
3904 y Fi(0)1231 3940 y Fu(.)430 4060 y(The)i(de\014nition)e(of)h
Ft(!)g Fu(is)g(giv)m(en)g(b)m(y)h(the)g(rules)f(of)g(T)-8
b(able)34 b(2.1.)48 b(A)34 b Fs(rule)42 b Fu(has)35 b(the)f(general)283
4181 y(form)537 4323 y Ft(h)p Fs(S)643 4338 y Fn(1)682
4323 y Fu(,)f Fs(s)790 4338 y Fn(1)829 4323 y Ft(i)g(!)f
Fs(s)1081 4286 y Fi(0)1081 4347 y Fn(1)1120 4323 y Fu(,)h
Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Ft(h)p Fs(S)1462
4338 y Fn(n)1505 4323 y Fu(,)f Fs(s)1612 4338 y Fn(n)1656
4323 y Ft(i)g(!)g Fs(s)1907 4286 y Fi(0)1907 4347 y Fn(n)p
537 4386 1414 4 v 1000 4491 a Ft(h)p Fs(S)12 b Fu(,)32
b Fs(s)8 b Ft(i)32 b(!)h Fs(s)1465 4454 y Fi(0)2026 4409
y Fu(if)e Ft(\001)17 b(\001)g(\001)283 4652 y Fu(where)40
b Fs(S)638 4667 y Fn(1)677 4652 y Fu(,)g Ft(\001)17 b(\001)g(\001)n
Fu(,)39 b Fs(S)993 4667 y Fn(n)1074 4652 y Fu(are)g Fs(imme)-5
b(diate)38 b(c)-5 b(onstituents)47 b Fu(of)37 b Fs(S)50
b Fu(or)38 b(are)g(statemen)m(ts)h Fs(c)-5 b(onstructe)g(d)283
4772 y(fr)g(om)43 b Fu(the)35 b(immediate)e(constituen)m(ts)j(of)f
Fs(S)12 b Fu(.)35 b(A)g(rule)g(has)h(a)e(n)m(um)m(b)s(er)i(of)f
Fs(pr)-5 b(emises)42 b Fu(\(written)283 4893 y(ab)s(o)m(v)m(e)29
b(the)f(solid)f(line\))f(and)i(one)g Fs(c)-5 b(onclusion)34
b Fu(\(written)28 b(b)s(elo)m(w)g(the)g(solid)e(line\).)41
b(A)28 b(rule)f(ma)m(y)283 5013 y(also)32 b(ha)m(v)m(e)i(a)e(n)m(um)m
(b)s(er)h(of)e Fs(c)-5 b(onditions)40 b Fu(\(written)32
b(to)g(the)h(righ)m(t)f(of)g(the)g(solid)f(line\))g(that)i(ha)m(v)m(e)
283 5133 y(to)j(b)s(e)g(ful\014lled)e(whenev)m(er)k(the)e(rule)g(is)f
(applied.)52 b(Rules)36 b(with)f(an)h(empt)m(y)g(set)g(of)g(premises)
283 5254 y(are)d(called)e Fs(axioms)40 b Fu(and)33 b(the)g(solid)e
(line)g(is)h(then)h(omitted.)430 5374 y(In)m(tuitiv)m(ely)-8
b(,)32 b(the)g(axiom)e([ass)1531 5389 y Fn(ns)1604 5374
y Fu(])i(sa)m(ys)h(that)f(in)f(a)h(state)h Fs(s)8 b Fu(,)32
b Fs(x)44 b Fu(:=)32 b Fs(a)39 b Fu(is)32 b(executed)i(to)e(yield)283
5494 y(a)38 b(\014nal)f(state)h Fs(s)8 b Fu([)p Fs(x)k
Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8
b Fu(])38 b(whic)m(h)g(is)f(as)h Fs(s)45 b Fu(except)40
b(that)d Fs(x)49 b Fu(has)38 b(the)g(v)-5 b(alue)37 b
Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8
b Fu(.)59 b(This)p eop
%%Page: 21 31
21 30 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
b(21)p 0 193 3473 4 v 0 515 a Fu(is)45 b(really)f(an)i
Fs(axiom)g(schema)52 b Fu(b)s(ecause)47 b Fs(x)12 b Fu(,)49
b Fs(a)j Fu(and)46 b Fs(s)54 b Fu(are)45 b(meta-v)-5
b(ariables)44 b(standing)h(for)0 636 y(arbitrary)33 b(v)-5
b(ariables,)33 b(arithmetic)e(expressions)36 b(and)d(states)i(but)f(w)m
(e)h(shall)d(simply)g(use)j(the)0 756 y(term)h(axiom)f(for)h(this.)56
b(W)-8 b(e)37 b(obtain)e(an)i Fs(instanc)-5 b(e)43 b
Fu(of)36 b(the)h(axiom)e(b)m(y)j(selecting)e(particular)0
877 y(v)-5 b(ariables,)30 b(arithmetic)e(expressions)k(and)f(states.)43
b(As)31 b(an)g(example,)f(if)f Fs(s)2725 892 y Fn(0)2795
877 y Fu(is)h(the)h(state)g(that)0 997 y(assigns)i(the)g(v)-5
b(alue)32 b Fw(0)g Fu(to)h(all)d(v)-5 b(ariables)31 b(then)244
1188 y Ft(h)p Fr(x)h Fu(:=)h Fr(x)p Fu(+)p Fr(1)p Fu(,)g
Fs(s)788 1203 y Fn(0)827 1188 y Ft(i)g(!)f Fs(s)1079
1203 y Fn(0)1118 1188 y Fu([)p Fr(x)p Ft(7!)p Fw(1)p
Fu(])0 1379 y(is)i(an)f(instance)i(of)e([ass)882 1394
y Fn(ns)954 1379 y Fu(])h(b)s(ecause)i Fs(x)45 b Fu(is)34
b(instan)m(tiated)f(to)h Fr(x)p Fu(,)h Fs(a)41 b Fu(to)33
b Fr(x)p Fu(+)p Fr(1)p Fu(,)i Fs(s)42 b Fu(to)34 b Fs(s)3045
1394 y Fn(0)3084 1379 y Fu(,)h(and)f(the)0 1499 y(v)-5
b(alue)32 b Ft(A)p Fu([)-17 b([)p Fr(x)p Fu(+)p Fr(1)p
Fu(])g(])q Fs(s)633 1514 y Fn(0)705 1499 y Fu(is)32 b(determined)h(to)f
(b)s(e)h Fw(1)p Fu(.)146 1619 y(Similarly)23 b([skip)753
1634 y Fn(ns)824 1619 y Fu(])j(is)g(an)g(axiom)f(and,)j(in)m(tuitiv)m
(ely)-8 b(,)26 b(it)f(sa)m(ys)i(that)f Fr(skip)i Fu(do)s(es)e(not)h(c)m
(hange)0 1740 y(the)33 b(state.)44 b(Letting)32 b Fs(s)836
1755 y Fn(0)908 1740 y Fu(b)s(e)h(as)f(ab)s(o)m(v)m(e)i(w)m(e)f(obtain)
244 1931 y Ft(h)p Fr(skip)p Fu(,)g Fs(s)595 1946 y Fn(0)635
1931 y Ft(i)f(!)g Fs(s)886 1946 y Fn(0)0 2122 y Fu(as)h(an)f(instance)h
(of)f(the)h(axiom)e([skip)1402 2137 y Fn(ns)1474 2122
y Fu(].)146 2242 y(In)m(tuitiv)m(ely)-8 b(,)35 b(the)f(rule)g([comp)
1263 2257 y Fn(ns)1334 2242 y Fu(])g(sa)m(ys)i(that)e(to)g(execute)i
Fs(S)2356 2257 y Fn(1)2395 2242 y Fu(;)p Fs(S)2489 2257
y Fn(2)2563 2242 y Fu(from)d(state)i Fs(s)42 b Fu(w)m(e)35
b(m)m(ust)0 2362 y(\014rst)k(execute)i Fs(S)630 2377
y Fn(1)708 2362 y Fu(from)d Fs(s)8 b Fu(.)63 b(Assuming)38
b(that)h(this)f(yields)h(a)g(\014nal)f(state)h Fs(s)2836
2326 y Fi(0)2898 2362 y Fu(w)m(e)h(shall)e(then)0 2483
y(execute)26 b Fs(S)408 2498 y Fn(2)472 2483 y Fu(from)d
Fs(s)742 2447 y Fi(0)765 2483 y Fu(.)41 b(The)25 b(premises)f(of)g(the)
h(rule)f(are)g(concerned)i(with)e(the)g(t)m(w)m(o)h(statemen)m(ts)0
2603 y Fs(S)67 2618 y Fn(1)134 2603 y Fu(and)i Fs(S)385
2618 y Fn(2)451 2603 y Fu(whereas)i(the)f(conclusion)f(expresses)j(a)d
(prop)s(ert)m(y)h(of)f(the)h(comp)s(osite)e(statemen)m(t)0
2723 y(itself.)42 b(The)34 b(follo)m(wing)c(is)i(an)g
Fs(instanc)-5 b(e)39 b Fu(of)32 b(the)h(rule:)254 2896
y Ft(h)p Fr(skip)p Fu(,)g Fs(s)605 2911 y Fn(0)645 2896
y Ft(i)f(!)g Fs(s)896 2911 y Fn(0)936 2896 y Fu(,)g Ft(h)p
Fr(x)h Fu(:=)f Fr(x)p Fu(+)p Fr(1)p Fu(,)h Fs(s)1539
2911 y Fn(0)1579 2896 y Ft(i)f(!)g Fs(s)1830 2911 y Fn(0)1870
2896 y Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])p 254 2960 1878
4 v 492 3064 a Ft(h)p Fr(skip)p Fu(;)i Fr(x)e Fu(:=)h
Fr(x)p Fu(+)p Fr(1)p Fu(,)g Fs(s)1301 3079 y Fn(0)1340
3064 y Ft(i)g(!)f Fs(s)1592 3079 y Fn(0)1631 3064 y Fu([)p
Fr(x)p Ft(7!)p Fw(1)p Fu(])0 3241 y(Here)j Fs(S)299 3256
y Fn(1)372 3241 y Fu(is)f(instan)m(tiated)f(to)g Fr(skip)p
Fu(,)j Fs(S)1467 3256 y Fn(2)1540 3241 y Fu(to)e Fr(x)g
Fu(:=)g Fr(x)g Fu(+)g Fr(1)p Fu(,)h Fs(s)42 b Fu(and)34
b Fs(s)2512 3205 y Fi(0)2569 3241 y Fu(are)g(b)s(oth)g(instan)m(tiated)
0 3361 y(to)e Fs(s)167 3376 y Fn(0)239 3361 y Fu(and)h
Fs(s)477 3325 y Fi(00)552 3361 y Fu(is)f(instan)m(tiated)g(to)g
Fs(s)1357 3376 y Fn(0)1397 3361 y Fu([)p Fr(x)p Ft(7!)p
Fw(1)p Fu(].)43 b(Similarly)254 3540 y Ft(h)p Fr(skip)p
Fu(,)33 b Fs(s)605 3555 y Fn(0)645 3540 y Ft(i)f(!)g
Fs(s)896 3555 y Fn(0)936 3540 y Fu([)p Fr(x)p Ft(7!)p
Fw(5)p Fu(],)g Ft(h)p Fr(x)h Fu(:=)f Fr(x)p Fu(+)p Fr(1)p
Fu(,)h Fs(s)1800 3555 y Fn(0)1840 3540 y Fu([)p Fr(x)p
Ft(7!)p Fw(5)p Fu(])p Ft(i)f(!)h Fs(s)2353 3555 y Fn(0)p
254 3603 2139 4 v 753 3708 a Ft(h)p Fr(skip)p Fu(;)h
Fr(x)f Fu(:=)f Fr(x)p Fu(+)p Fr(1)p Fu(,)h Fs(s)1562
3723 y Fn(0)1602 3708 y Ft(i)f(!)g Fs(s)1853 3723 y Fn(0)0
3886 y Fu(is)37 b(an)g(instance)g(of)g([comp)998 3901
y Fn(ns)1069 3886 y Fu(])g(although)f(it)h(is)f(less)i(in)m(teresting)f
(b)s(ecause)h(its)f(premises)g(can)0 4007 y(nev)m(er)d(b)s(e)f(deriv)m
(ed)g(from)f(the)h(axioms)e(and)i(rules)f(of)g(T)-8 b(able)33
b(2.1.)146 4127 y(F)-8 b(or)24 b(the)g Fr(if)p Fu(-construct)i(w)m(e)f
(ha)m(v)m(e)g(t)m(w)m(o)g(rules.)41 b(The)25 b(\014rst)g(one,)h([if)
2505 4091 y Fn(tt)2493 4152 y(ns)2563 4127 y Fu(],)g(sa)m(ys)g(that)e
(to)f(execute)0 4247 y Fr(if)41 b Fs(b)46 b Fr(then)41
b Fs(S)546 4262 y Fn(1)625 4247 y Fr(else)g Fs(S)937
4262 y Fn(2)1016 4247 y Fu(w)m(e)h(simply)c(execute)k
Fs(S)1911 4262 y Fn(1)1991 4247 y Fu(pro)m(vided)e(that)g
Fs(b)46 b Fu(ev)-5 b(aluates)40 b(to)g Fw(tt)f Fu(in)0
4368 y(the)46 b(state.)81 b(The)47 b(other)e(rule,)j([if)1311
4332 y Fn(\013)1299 4392 y(ns)1369 4368 y Fu(],)h(sa)m(ys)d(that)f(if)f
Fs(b)51 b Fu(ev)-5 b(aluates)45 b(to)g Fw(\013)h Fu(then)g(to)e
(execute)0 4488 y Fr(if)33 b Fs(b)38 b Fr(then)c Fs(S)523
4503 y Fn(1)595 4488 y Fr(else)f Fs(S)899 4503 y Fn(2)980
4488 y Fu(w)m(e)42 b(just)g(execute)h Fs(S)1759 4503
y Fn(2)1799 4488 y Fu(.)69 b(T)-8 b(aking)41 b Fs(s)2277
4503 y Fn(0)2358 4488 y Fr(x)h Fu(=)f Fw(0)g Fu(the)h(follo)m(wing)d
(is)h(an)0 4609 y(instance)33 b(of)f(the)h(rule)f([if)951
4572 y Fn(tt)939 4633 y(ns)1009 4609 y Fu(]:)912 4787
y Ft(h)p Fr(skip)p Fu(,)h Fs(s)1263 4802 y Fn(0)1303
4787 y Ft(i)f(!)g Fs(s)1554 4802 y Fn(0)p 254 4850 1999
4 v 254 4955 a Ft(h)p Fr(if)h(x)f Fu(=)h Fr(0)g(then)g(skip)h(else)f(x)
g Fu(:=)g Fr(x)p Fu(+)p Fr(1)p Fu(,)g Fs(s)1922 4970
y Fn(0)1961 4955 y Ft(i)f(!)h Fs(s)2213 4970 y Fn(0)0
5133 y Fu(b)s(ecause)40 b Ft(B)t Fu([)-17 b([)p Fr(x)39
b Fu(=)g Fr(0)p Fu(])-17 b(])q Fs(s)815 5148 y Fn(0)893
5133 y Fu(=)39 b Fw(tt)p Fu(.)61 b(Ho)m(w)m(ev)m(er,)43
b(had)c(it)f(b)s(een)h(the)h(case)f(that)g Fs(s)2801
5148 y Fn(0)2879 5133 y Fr(x)g Ft(6)p Fu(=)g Fw(0)g Fu(then)g(it)0
5254 y(w)m(ould)31 b(not)g(b)s(e)h(an)f(instance)g(of)g(the)h(rule)f
([if)1667 5218 y Fn(tt)1655 5278 y(ns)1725 5254 y Fu(])g(b)s(ecause)i
(then)f Ft(B)s Fu([)-17 b([)q Fr(x)31 b Fu(=)g Fr(0)p
Fu(])-17 b(])q Fs(s)2796 5269 y Fn(0)2867 5254 y Fu(w)m(ould)31
b(amoun)m(t)0 5374 y(to)26 b Fw(\013)p Fu(.)41 b(F)-8
b(urthermore)26 b(it)f(w)m(ould)g(not)h(b)s(e)g(an)g(instance)h(of)e
(the)h(rule)g([if)2520 5338 y Fn(\013)2508 5399 y(ns)2578
5374 y Fu(])g(b)s(ecause)h(the)g(premise)0 5494 y(has)33
b(the)g(wrong)g(form.)p eop
%%Page: 22 32
22 31 bop 251 130 a Fw(22)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(Finally)-8
b(,)28 b(w)m(e)k(ha)m(v)m(e)g(one)f(rule)f(and)h(one)g(axiom)e
(expressing)j(ho)m(w)f(to)f(execute)j(the)e Fr(while)p
Fu(-)283 636 y(construct.)60 b(In)m(tuitiv)m(ely)-8 b(,)38
b(the)g(meaning)e(of)h(the)h(construct)g Fr(while)h Fs(b)k
Fr(do)38 b Fs(S)50 b Fu(in)36 b(the)i(state)g Fs(s)283
756 y Fu(can)33 b(b)s(e)g(explained)f(as)h(follo)m(ws:)429
955 y Ft(\017)48 b Fu(If)29 b(the)g(test)g Fs(b)35 b
Fu(ev)-5 b(aluates)28 b(to)h(true)g(in)e(the)i(state)g
Fs(s)37 b Fu(then)29 b(w)m(e)h(\014rst)f(execute)i(the)e(b)s(o)s(dy)f
(of)527 1076 y(the)33 b(lo)s(op)e(and)i(then)g(con)m(tin)m(ue)g(with)g
(the)g(lo)s(op)e(itself)g(from)g(the)i(state)g(so)g(obtained.)429
1278 y Ft(\017)48 b Fu(If)35 b(the)h(test)g Fs(b)41 b
Fu(ev)-5 b(aluates)35 b(to)g(false)f(in)h(the)g(state)h
Fs(s)43 b Fu(then)36 b(the)f(execution)h(of)f(the)g(lo)s(op)527
1398 y(terminates.)283 1597 y(The)47 b(rule)d([while)966
1561 y Fn(tt)954 1622 y(ns)1025 1597 y Fu(])h(formalizes)e(the)j
(\014rst)f(case)h(where)h Fs(b)k Fu(ev)-5 b(aluates)45
b(to)g Fw(tt)f Fu(and)h(it)f(sa)m(ys)283 1717 y(that)49
b(then)h(w)m(e)f(ha)m(v)m(e)i(to)d(execute)j Fs(S)60
b Fu(follo)m(w)m(ed)48 b(b)m(y)i Fr(while)34 b Fs(b)k
Fr(do)33 b Fs(S)61 b Fu(again.)91 b(The)49 b(axiom)283
1838 y([while)545 1802 y Fn(\013)533 1862 y(ns)604 1838
y Fu(])33 b(formalizes)e(the)j(second)g(p)s(ossibilit)m(y)d(and)j
(states)g(that)f(if)f Fs(b)39 b Fu(ev)-5 b(aluates)33
b(to)g Fw(\013)g Fu(then)283 1958 y(w)m(e)41 b(terminate)d(the)h
(execution)h(of)f(the)h Fr(while)p Fu(-construct)h(lea)m(ving)d(the)i
(state)f(unc)m(hanged.)283 2079 y(Note)33 b(that)f(the)h(rule)f([while)
1355 2042 y Fn(tt)1343 2103 y(ns)1413 2079 y Fu(])g(sp)s(eci\014es)i
(the)f(meaning)e(of)g(the)i Fr(while)p Fu(-construct)h(in)e(terms)283
2199 y(of)d(the)h(meaning)e(of)h(the)h(v)m(ery)h(same)e(construct)i(so)
f(that)f(w)m(e)h(do)g Fs(not)38 b Fu(ha)m(v)m(e)31 b(a)e(comp)s
(ositional)283 2319 y(de\014nition)j(of)g(the)h(seman)m(tics)g(of)f
(statemen)m(ts.)430 2440 y(When)e(w)m(e)g(use)g(the)f(axioms)f(and)h
(rules)g(to)f(deriv)m(e)i(a)f(transition)e Ft(h)p Fs(S)12
b Fu(,)28 b Fs(s)8 b Ft(i)29 b(!)g Fs(s)3293 2404 y Fi(0)3345
2440 y Fu(w)m(e)h(obtain)283 2560 y(a)41 b Fs(derivation)h(tr)-5
b(e)g(e)p Fu(.)68 b(The)42 b Fs(r)-5 b(o)g(ot)50 b Fu(of)40
b(the)h(deriv)-5 b(ation)40 b(tree)h(is)f Ft(h)p Fs(S)12
b Fu(,)41 b Fs(s)8 b Ft(i)40 b(!)h Fs(s)3074 2524 y Fi(0)3138
2560 y Fu(and)g(the)g Fs(le)-5 b(aves)283 2680 y Fu(are)37
b(instances)g(of)e(axioms.)53 b(The)37 b Fs(internal)h(no)-5
b(des)44 b Fu(are)36 b(conclusions)g(of)f(instan)m(tiated)h(rules)283
2801 y(and)k(they)h(ha)m(v)m(e)g(the)f(corresp)s(onding)g(premises)f
(as)h(their)f(immediate)e(sons.)66 b(W)-8 b(e)40 b(request)283
2921 y(that)c(all)e(the)j(instan)m(tiated)e(conditions)g(of)h(axioms)f
(and)h(rules)g(m)m(ust)g(b)s(e)g(satis\014ed.)55 b(When)283
3042 y(displa)m(ying)37 b(a)h(deriv)-5 b(ation)37 b(tree)i(it)e(is)g
(common)g(to)h(ha)m(v)m(e)i(the)e(ro)s(ot)g(at)f(the)i(b)s(ottom)e
(rather)283 3162 y(than)28 b(at)e(the)i(top;)g(hence)h(the)e(son)h(is)e
Fs(ab)-5 b(ove)34 b Fu(its)26 b(father.)42 b(A)27 b(deriv)-5
b(ation)25 b(tree)j(is)e(called)g Fs(simple)283 3282
y Fu(if)32 b(it)f(is)i(an)f(instance)h(of)f(an)g(axiom,)g(otherwise)h
(it)e(is)h(called)g Fs(c)-5 b(omp)g(osite)7 b Fu(.)283
3505 y Fw(Example)37 b(2.1)49 b Fu(Let)33 b(us)g(\014rst)g(consider)g
(the)g(statemen)m(t)g(of)f(Chapter)h(1:)527 3704 y(\()p
Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g
Fr(y)p Fu(:=)p Fr(z)283 3903 y Fu(Let)i Fs(s)508 3918
y Fn(0)582 3903 y Fu(b)s(e)f(the)h(state)f(that)g(maps)g(all)e(v)-5
b(ariables)33 b(except)j Fr(x)f Fu(and)f Fr(y)h Fu(to)e
Fw(0)i Fu(and)f(has)h Fs(s)3436 3918 y Fn(0)3508 3903
y Fr(x)d Fu(=)h Fw(5)283 4023 y Fu(and)g Fs(s)521 4038
y Fn(0)593 4023 y Fr(y)g Fu(=)f Fw(7)p Fu(.)44 b(Then)34
b(the)f(follo)m(wing)c(is)k(an)f(example)g(of)g(a)g(deriv)-5
b(ation)31 b(tree:)577 4217 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p
Fu(,)i Fs(s)929 4232 y Fn(0)969 4217 y Ft(i)f(!)g Fs(s)1220
4232 y Fn(1)1577 4217 y Ft(h)p Fr(x)p Fu(:=)p Fr(y)p
Fu(,)h Fs(s)1929 4232 y Fn(1)1968 4217 y Ft(i)f(!)h Fs(s)2220
4232 y Fn(2)p 527 4303 1782 4 v 944 4505 a Ft(h)p Fr(z)p
Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)1561
4520 y Fn(0)1601 4505 y Ft(i)f(!)g Fs(s)1852 4520 y Fn(2)2576
4505 y Ft(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)h Fs(s)2928
4520 y Fn(2)2968 4505 y Ft(i)f(!)g Fs(s)3219 4520 y Fn(3)p
527 4591 2782 4 v 1274 4793 a Ft(h)p Fu(\()p Fr(z)p Fu(:=)p
Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p
Fr(z)p Fu(,)g Fs(s)2232 4808 y Fn(0)2271 4793 y Ft(i)g(!)f
Fs(s)2523 4808 y Fn(3)283 4985 y Fu(where)i(w)m(e)g(ha)m(v)m(e)g(used)g
(the)f(abbreviations:)577 5156 y Fs(s)625 5171 y Fn(1)764
5156 y Fu(=)100 b Fs(s)988 5171 y Fn(0)1027 5156 y Fu([)p
Fr(z)p Ft(7!)p Fw(5)p Fu(])577 5324 y Fs(s)625 5339 y
Fn(2)764 5324 y Fu(=)g Fs(s)988 5339 y Fn(1)1027 5324
y Fu([)p Fr(x)p Ft(7!)p Fw(7)p Fu(])577 5492 y Fs(s)625
5507 y Fn(3)764 5492 y Fu(=)g Fs(s)988 5507 y Fn(2)1027
5492 y Fu([)p Fr(y)p Ft(7!)p Fw(5)p Fu(])p eop
%%Page: 23 33
23 32 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
b(23)p 0 193 3473 4 v 0 515 a Fu(The)40 b(deriv)-5 b(ation)37
b(tree)j(has)g(three)f(lea)m(v)m(es)i(denoted)f Ft(h)o
Fr(z)p Fu(:=)p Fr(x)p Fu(,)i Fs(s)2331 530 y Fn(0)2370
515 y Ft(i)d(!)g Fs(s)2635 530 y Fn(1)2674 515 y Fu(,)i
Ft(h)p Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)3102 530 y Fn(1)3141
515 y Ft(i)e(!)g Fs(s)3406 530 y Fn(2)3445 515 y Fu(,)0
636 y(and)28 b Ft(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)h Fs(s)533
651 y Fn(2)573 636 y Ft(i)e(!)h Fs(s)815 651 y Fn(3)854
636 y Fu(,)h(corresp)s(onding)f(to)g(three)g(applications)e(of)i(the)g
(axiom)e([ass)3136 651 y Fn(ns)3208 636 y Fu(].)42 b(The)0
756 y(rule)32 b([comp)450 771 y Fn(ns)521 756 y Fu(])h(has)g(b)s(een)g
(applied)e(t)m(wice.)44 b(One)33 b(instance)g(is)254
916 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(,)g Fs(s)606 931
y Fn(0)645 916 y Ft(i)f(!)h Fs(s)897 931 y Fn(1)936 916
y Fu(,)g Ft(h)o Fr(x)p Fu(:=)p Fr(y)p Fu(,)h Fs(s)1348
931 y Fn(1)1387 916 y Ft(i)e(!)h Fs(s)1639 931 y Fn(2)p
254 980 1425 4 v 492 1084 a Ft(h)p Fr(z)p Fu(:=)p Fr(x)p
Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)1109 1099 y
Fn(0)1149 1084 y Ft(i)f(!)g Fs(s)1400 1099 y Fn(2)0 1245
y Fu(whic)m(h)j(has)g(b)s(een)g(used)h(to)e(com)m(bine)g(the)g(lea)m(v)
m(es)i Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(,)f Fs(s)2224
1260 y Fn(0)2264 1245 y Ft(i)f(!)g Fs(s)2519 1260 y Fn(1)2593
1245 y Fu(and)g Ft(h)p Fr(x)p Fu(:=)p Fr(y)p Fu(,)h Fs(s)3138
1260 y Fn(1)3178 1245 y Ft(i)f(!)g Fs(s)3433 1260 y Fn(2)0
1365 y Fu(with)e(the)h(in)m(ternal)f(no)s(de)g(lab)s(elled)f
Ft(h)o Fr(z)p Fu(:=)p Fr(x)p Fu(;)j Fr(x)p Fu(:=)p Fr(y)p
Fu(,)f Fs(s)1964 1380 y Fn(0)2003 1365 y Ft(i)f(!)h Fs(s)2255
1380 y Fn(2)2294 1365 y Fu(.)44 b(The)33 b(other)g(instance)g(is)254
1525 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
Fr(y)p Fu(,)g Fs(s)871 1540 y Fn(0)910 1525 y Ft(i)g(!)f
Fs(s)1162 1540 y Fn(2)1201 1525 y Fu(,)h Ft(h)p Fr(y)p
Fu(:=)p Fr(z)p Fu(,)g Fs(s)1613 1540 y Fn(2)1652 1525
y Ft(i)g(!)f Fs(s)1904 1540 y Fn(3)p 254 1589 1690 4
v 454 1693 a Ft(h)p Fu(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)h
Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)p
Fu(,)g Fs(s)1412 1708 y Fn(0)1452 1693 y Ft(i)f(!)g Fs(s)1703
1708 y Fn(3)0 1854 y Fu(whic)m(h)h(has)f(b)s(een)i(used)f(to)f(com)m
(bine)g(the)g(in)m(ternal)f(no)s(de)i Ft(h)p Fr(z)p Fu(:=)p
Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)f Fs(s)2785
1869 y Fn(0)2825 1854 y Ft(i)g(!)g Fs(s)3076 1869 y Fn(2)3148
1854 y Fu(and)g(the)0 1974 y(leaf)g Ft(h)o Fr(y)p Fu(:=)p
Fr(z)p Fu(,)h Fs(s)533 1989 y Fn(2)573 1974 y Ft(i)f(!)g
Fs(s)824 1989 y Fn(3)896 1974 y Fu(with)h(the)g(ro)s(ot)e
Ft(h)p Fu(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)i Fr(x)p Fu(:=)p
Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)p Fu(,)g Fs(s)2453
1989 y Fn(0)2493 1974 y Ft(i)f(!)g Fs(s)2744 1989 y Fn(3)2784
1974 y Fu(.)587 b Fh(2)146 2161 y Fu(Consider)37 b(no)m(w)f(the)h
(problem)d(of)i(constructing)g(a)g(deriv)-5 b(ation)34
b(tree)i(for)g(a)f(giv)m(en)h(state-)0 2282 y(men)m(t)43
b Fs(S)54 b Fu(and)43 b(state)g Fs(s)8 b Fu(.)74 b(The)43
b(b)s(est)h(w)m(a)m(y)g(to)e(approac)m(h)h(this)f(is)h(to)f(try)h(to)f
(construct)i(the)0 2402 y(tree)37 b(from)f(the)i(ro)s(ot)e(up)m(w)m
(ards.)58 b(So)37 b(w)m(e)h(will)c(start)j(b)m(y)h(\014nding)f(an)g
(axiom)e(or)i(rule)f(with)h(a)0 2523 y(conclusion)g(where)j(the)e
(left-hand)f(side)h(matc)m(hes)h(the)f(con\014guration)f
Ft(h)p Fs(S)12 b Fu(,)38 b Fs(s)8 b Ft(i)p Fu(.)59 b(There)39
b(are)0 2643 y(t)m(w)m(o)33 b(cases:)145 2816 y Ft(\017)49
b Fu(If)43 b(it)e(is)h(an)h Fs(axiom)49 b Fu(and)43 b(if)f(the)h
(conditions)f(of)g(the)h(axiom)e(are)i(satis\014ed)g(then)g(w)m(e)244
2936 y(can)37 b(determine)g(the)h(\014nal)f(state)g(and)h(the)f
(construction)h(of)f(the)g(deriv)-5 b(ation)36 b(tree)i(is)244
3057 y(completed.)145 3250 y Ft(\017)49 b Fu(If)28 b(it)g(is)g(a)h
Fs(rule)36 b Fu(then)29 b(the)g(next)h(step)f(is)g(to)f(try)h(to)f
(construct)i(deriv)-5 b(ation)27 b(trees)j(for)e(the)244
3370 y(premises)33 b(of)f(the)h(rule.)44 b(When)34 b(this)e(has)i(b)s
(een)f(done,)h(it)d(m)m(ust)i(b)s(e)g(c)m(hec)m(k)m(ed)j(that)d(the)244
3490 y(conditions)e(of)g(the)i(rule)e(are)h(ful\014lled,)f(and)h(only)f
(then)i(can)f(w)m(e)h(determine)f(the)g(\014nal)244 3611
y(state)h(corresp)s(onding)f(to)h Ft(h)o Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)p Fu(.)0 3784 y(Often)25 b(there)h(will)d(b)s(e)i(more)
f(than)i(one)f(axiom)e(or)i(rule)g(that)g(matc)m(hes)g(a)g(giv)m(en)g
(con\014guration)0 3904 y(and)j(then)h(the)f(v)-5 b(arious)28
b(p)s(ossibilities)d(ha)m(v)m(e)k(to)f(b)s(e)g(insp)s(ected)h(in)e
(order)h(to)g(\014nd)g(a)g(deriv)-5 b(ation)0 4024 y(tree.)53
b(W)-8 b(e)36 b(shall)e(see)i(later)f(that)g(for)g Fw(While)f
Fu(there)i(will)d(b)s(e)j(at)f(most)g(one)h(deriv)-5
b(ation)34 b(tree)0 4145 y(for)27 b(eac)m(h)i(transition)e
Ft(h)o Fs(S)12 b Fu(,)28 b Fs(s)8 b Ft(i)28 b(!)g Fs(s)1251
4109 y Fi(0)1302 4145 y Fu(but)g(that)g(this)g(need)h(not)f(hold)f(in)g
(extensions)i(of)f Fw(While)p Fu(.)0 4332 y Fw(Example)37
b(2.2)48 b Fu(Consider)33 b(the)g(factorial)e(statemen)m(t:)244
4505 y Fr(y)p Fu(:=)p Fr(1)p Fu(;)i Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4678 y(and)g(let)f Fs(s)40
b Fu(b)s(e)33 b(a)f(state)h(with)f Fs(s)41 b Fr(x)33
b Fu(=)f Fw(3)p Fu(.)44 b(In)33 b(this)f(example)g(w)m(e)i(shall)d(sho)
m(w)i(that)269 4845 y Ft(h)o Fr(y)p Fu(:=)p Fr(1)p Fu(;)h
Fr(while)f Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h
Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8
b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(6)p
Fu(][)p Fr(x)p Ft(7!)p Fw(1)p Fu(])277 b(\(*\))0 5013
y(T)-8 b(o)42 b(do)f(so)h(w)m(e)g(shall)e(sho)m(w)j(that)e(\(*\))g(can)
h(b)s(e)g(obtained)e(from)h(the)h(transition)d(system)k(of)0
5133 y(T)-8 b(able)37 b(2.1.)56 b(This)37 b(is)g(done)g(b)m(y)h
(constructing)g(a)e(deriv)-5 b(ation)36 b(tree)h(with)g(the)g
(transition)f(\(*\))0 5254 y(as)d(its)f(ro)s(ot.)146
5374 y(Rather)26 b(than)g(presen)m(ting)h(the)f(complete)g(deriv)-5
b(ation)24 b(tree)j Fs(T)39 b Fu(in)25 b(one)h(go,)h(w)m(e)g(shall)e
(build)0 5494 y(it)i(in)h(an)g(up)m(w)m(ards)j(manner.)41
b(Initially)-8 b(,)27 b(w)m(e)i(only)f(kno)m(w)i(that)e(the)h(ro)s(ot)e
(of)h Fs(T)42 b Fu(is)28 b(of)g(the)h(form:)p eop
%%Page: 24 34
24 33 bop 251 130 a Fw(24)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fr(y)p
Fu(:=)p Fr(1)p Fu(;)c Fr(while)h Ft(:)p Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)g Fo(?)g Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)33 b(!)f Fs(s)2808 530
y Fn(61)283 700 y Fu(Ho)m(w)m(ev)m(er,)j(the)e(statemen)m(t)527
885 y Fr(y)p Fu(:=)p Fr(1)p Fu(;)g Fr(while)h Ft(:)q
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\))283 1070 y(is)38 b(of)f(the)h(form)e
Fs(S)978 1085 y Fn(1)1017 1070 y Fu(;)k Fs(S)1151 1085
y Fn(2)1228 1070 y Fu(so)e(the)g(only)f(rule)g(that)h(could)f(ha)m(v)m
(e)i(b)s(een)f(used)h(to)e(pro)s(duce)h(the)283 1190
y(ro)s(ot)32 b(of)g Fs(T)46 b Fu(is)32 b([comp)1072 1205
y Fn(ns)1143 1190 y Fu(].)43 b(Therefore)34 b Fs(T)46
b Fu(m)m(ust)32 b(ha)m(v)m(e)i(the)f(form:)813 1372 y
Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(,)g Fs(s)8 b Ft(i!)p
Fs(s)1352 1387 y Fn(13)2411 1372 y Fs(T)2494 1387 y Fn(1)p
527 1459 2325 4 v 577 1664 a Ft(h)p Fr(y)p Fu(:=)p Fr(1)p
Fu(;)33 b Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h Fs(s)8 b Ft(i!)o Fs(s)2727 1679 y Fn(61)283
1842 y Fu(for)32 b(some)h(state)g Fs(s)964 1857 y Fn(13)1071
1842 y Fu(and)g(some)f(deriv)-5 b(ation)31 b(tree)i Fs(T)2241
1857 y Fn(1)2313 1842 y Fu(whic)m(h)h(has)f(ro)s(ot)552
2009 y Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)h Fs(s)2251 2024 y Fn(13)2326 2009 y Ft(i)o(!)p
Fs(s)2512 2024 y Fn(61)3582 2009 y Fu(\(**\))283 2177
y(Since)d Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(,)g Fs(s)8
b Ft(i)31 b(!)f Fs(s)1134 2192 y Fn(13)1239 2177 y Fu(has)h(to)f(b)s(e)
h(an)g(instance)g(of)f(the)h(axiom)e([ass)2886 2192 y
Fn(ns)2958 2177 y Fu(])h(w)m(e)i(get)e(that)h Fs(s)3575
2192 y Fn(13)3680 2177 y Fu(=)283 2297 y Fs(s)8 b Fu([)p
Fr(y)p Ft(7!)q Fw(1)p Fu(].)430 2418 y(The)34 b(missing)e(part)h
Fs(T)1275 2433 y Fn(1)1348 2418 y Fu(of)g Fs(T)47 b Fu(is)33
b(a)g(deriv)-5 b(ation)32 b(tree)i(with)f(ro)s(ot)g(\(**\).)45
b(Since)34 b(the)g(state-)283 2538 y(men)m(t)39 b(of)e(\(**\))h(has)g
(the)h(form)e Fr(while)i Fs(b)44 b Fr(do)39 b Fs(S)50
b Fu(the)38 b(deriv)-5 b(ation)37 b(tree)i Fs(T)3003
2553 y Fn(1)3080 2538 y Fu(m)m(ust)g(ha)m(v)m(e)g(b)s(een)283
2658 y(constructed)48 b(b)m(y)f(applying)e(either)h(the)g(rule)g
([while)2326 2622 y Fn(tt)2314 2683 y(ns)2384 2658 y
Fu(])h(or)e(the)i(axiom)d([while)3337 2622 y Fn(\013)3325
2683 y(ns)3396 2658 y Fu(].)84 b(Since)283 2779 y Ft(B)t
Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q
Fs(s)796 2794 y Fn(13)904 2779 y Fu(=)33 b Fw(tt)f Fu(w)m(e)j(see)f
(that)f(only)g(the)h(rule)f([while)2490 2743 y Fn(tt)2478
2804 y(ns)2548 2779 y Fu(])h(could)f(ha)m(v)m(e)h(b)s(een)g(applied)f
(so)283 2899 y Fs(T)366 2914 y Fn(1)439 2899 y Fu(will)d(ha)m(v)m(e)k
(the)f(form:)813 3071 y Fs(T)896 3086 y Fn(2)2221 3071
y Fs(T)2304 3086 y Fn(3)p 527 3158 2135 4 v 577 3363
a Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h Fs(s)2276 3378 y Fn(13)2351 3363 y Ft(i)o(!)p
Fs(s)2537 3378 y Fn(61)283 3541 y Fu(where)g Fs(T)648
3556 y Fn(2)720 3541 y Fu(is)e(a)h(deriv)-5 b(ation)31
b(tree)i(with)f(ro)s(ot)527 3726 y Ft(h)p Fr(y)p Fu(:=)p
Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(,)h Fs(s)1373 3741 y Fn(13)1448 3726 y Ft(i!)o
Fs(s)1634 3741 y Fn(32)283 3910 y Fu(and)f Fs(T)556 3925
y Fn(3)628 3910 y Fu(is)f(a)h(deriv)-5 b(ation)31 b(tree)i(with)f(ro)s
(ot)552 4078 y Ft(h)p Fr(while)i Ft(:)p Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)h Fs(s)2251 4093 y Fn(32)2326 4078 y Ft(i)o(!)p
Fs(s)2512 4093 y Fn(61)3534 4078 y Fu(\(***\))283 4246
y(for)e(some)h(state)g Fs(s)964 4261 y Fn(32)1039 4246
y Fu(.)430 4366 y(Using)h(that)g(the)h(form)e(of)h(the)h(statemen)m(t)g
Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)f Fu(is)f Fs(S)2962 4381 y Fn(1)3002
4366 y Fu(;)p Fs(S)3096 4381 y Fn(2)3169 4366 y Fu(it)g(is)g(no)m(w)h
(easy)283 4486 y(to)e(see)g(that)g(the)g(deriv)-5 b(ation)31
b(tree)i Fs(T)1676 4501 y Fn(2)1748 4486 y Fu(is)577
4658 y Ft(h)p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(,)g
Fs(s)1029 4673 y Fn(13)1104 4658 y Ft(i!)o Fs(s)1290
4673 y Fn(33)1682 4658 y Ft(h)p Fr(x)p Fu(:=)p Fr(x)p
Ft(\000)p Fr(1)p Fu(,)h Fs(s)2163 4673 y Fn(33)2238 4658
y Ft(i!)o Fs(s)2424 4673 y Fn(32)p 527 4745 2022 4 v
947 4950 a Ft(h)p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p
Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(,)h
Fs(s)1793 4965 y Fn(13)1868 4950 y Ft(i!)o Fs(s)2054
4965 y Fn(32)283 5133 y Fu(where)40 b Fs(s)619 5148 y
Fn(33)731 5133 y Fu(=)e Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
Fw(3)p Fu(])38 b(and)g Fs(s)1435 5148 y Fn(32)1548 5133
y Fu(=)f Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p Fu(][)p
Fr(x)p Ft(7!)q Fw(2)p Fu(].)59 b(The)39 b(lea)m(v)m(es)g(of)e
Fs(T)3008 5148 y Fn(2)3086 5133 y Fu(are)h(instances)g(of)283
5254 y([ass)435 5269 y Fn(ns)507 5254 y Fu(])33 b(and)g(they)g(are)g
(com)m(bined)f(using)g([comp)2085 5269 y Fn(ns)2156 5254
y Fu(].)44 b(So)32 b(no)m(w)i Fs(T)2676 5269 y Fn(2)2748
5254 y Fu(is)e(fully)f(constructed.)430 5374 y(In)k(a)g(similar)d(w)m
(a)m(y)k(w)m(e)g(can)f(construct)i(the)e(deriv)-5 b(ation)34
b(tree)h Fs(T)2831 5389 y Fn(3)2906 5374 y Fu(with)f(ro)s(ot)h(\(***\))
f(and)283 5494 y(w)m(e)g(get:)p eop
%%Page: 25 35
25 34 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
b(25)p 0 193 3473 4 v 294 500 a Ft(h)o Fr(y)p Fu(:=)p
Fr(y)p Fo(?)q Fr(x)p Fu(,)33 b Fs(s)746 515 y Fn(32)820
500 y Ft(i!)p Fs(s)1007 515 y Fn(62)1399 500 y Ft(h)p
Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(,)h Fs(s)1880
515 y Fn(62)1954 500 y Ft(i!)p Fs(s)2141 515 y Fn(61)p
244 587 2022 4 v 664 788 a Ft(h)o Fr(y)p Fu(:=)p Fr(y)p
Fo(?)q Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(,)g Fs(s)1509 803 y Fn(32)1584 788 y Ft(i!)p
Fs(s)1771 803 y Fn(61)2533 788 y Fs(T)2616 803 y Fn(4)p
244 875 2462 4 v 457 1079 a Ft(h)p Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)2156 1094 y Fn(32)2231
1079 y Ft(i)o(!)p Fs(s)2417 1094 y Fn(61)0 1294 y Fu(where)39
b Fs(s)335 1309 y Fn(62)447 1294 y Fu(=)e Fs(s)8 b Fu([)p
Fr(y)p Ft(7!)p Fw(6)p Fu(][)p Fr(x)p Ft(7!)p Fw(2)p Fu(],)39
b Fs(s)1244 1309 y Fn(61)1356 1294 y Fu(=)e Fs(s)8 b
Fu([)p Fr(y)p Ft(7!)p Fw(6)p Fu(][)p Fr(x)p Ft(7!)p Fw(1)p
Fu(])38 b(and)f Fs(T)2354 1309 y Fn(4)2431 1294 y Fu(is)g(a)g(deriv)-5
b(ation)36 b(tree)i(with)0 1415 y(ro)s(ot)244 1631 y
Ft(h)p Fr(while)33 b Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))g Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h Fs(s)1943 1646 y Fn(61)2017 1631 y Ft(i!)p Fs(s)2204
1646 y Fn(61)146 1847 y Fu(Finally)-8 b(,)28 b(w)m(e)i(see)h(that)e
(the)h(deriv)-5 b(ation)27 b(tree)j Fs(T)1892 1862 y
Fn(4)1961 1847 y Fu(is)f(an)h(instance)f(of)g(the)h(axiom)e([while)3387
1810 y Fn(\013)3375 1871 y(ns)3445 1847 y Fu(])0 1967
y(b)s(ecause)h Ft(B)s Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\)])g(])q Fs(s)868 1982 y Fn(61)971
1967 y Fu(=)27 b Fw(\013)p Fu(.)42 b(This)28 b(completes)f(the)h
(construction)g(of)f(the)h(deriv)-5 b(ation)26 b(tree)0
2087 y Fs(T)46 b Fu(for)32 b(\(*\).)2981 b Fh(2)0 2333
y Fw(Exercise)36 b(2.3)49 b Fu(Consider)33 b(the)g(statemen)m(t)244
2549 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0
2765 y(Construct)39 b(a)e(deriv)-5 b(ation)36 b(tree)i(for)f(this)g
(statemen)m(t)h(when)h(executed)g(in)e(a)g(state)h(where)h
Fr(x)0 2886 y Fu(has)33 b(the)g(v)-5 b(alue)32 b Fw(17)h
Fu(and)f Fr(y)h Fu(has)g(the)g(v)-5 b(alue)32 b Fw(5)p
Fu(.)1709 b Fh(2)146 3132 y Fu(W)-8 b(e)33 b(shall)f(in)m(tro)s(duce)h
(the)g(follo)m(wing)d(terminology:)41 b(The)34 b(execution)g(of)e(a)g
(statemen)m(t)i Fs(S)0 3252 y Fu(on)e(a)h(state)g Fs(s)145
3468 y Ft(\017)49 b Fs(terminates)40 b Fu(if)32 b(and)g(only)g(if)g
(there)h(is)f(a)g(state)h Fs(s)2032 3432 y Fi(0)2088
3468 y Fu(suc)m(h)h(that)f Ft(h)o Fs(S)12 b Fu(,)33 b
Fs(s)8 b Ft(i)32 b(!)g Fs(s)2984 3432 y Fi(0)3008 3468
y Fu(,)g(and)145 3684 y Ft(\017)49 b Fs(lo)-5 b(ops)40
b Fu(if)31 b(and)i(only)f(if)f(there)j(is)e Fs(no)38
b Fu(state)33 b Fs(s)1854 3648 y Fi(0)1910 3684 y Fu(suc)m(h)h(that)e
Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2806
3648 y Fi(0)2829 3684 y Fu(.)0 3900 y(W)-8 b(e)40 b(shall)e(sa)m(y)j
(that)e(a)g(statemen)m(t)h Fs(S)51 b(always)41 b(terminates)47
b Fu(if)39 b(its)g(execution)h(on)f(a)h(state)g Fs(s)0
4021 y Fu(terminates)31 b(for)g(all)f(c)m(hoices)j(of)e
Fs(s)8 b Fu(,)32 b(and)g Fs(always)i(lo)-5 b(ops)39 b
Fu(if)31 b(its)g(execution)i(on)f(a)f(state)i Fs(s)39
b Fu(lo)s(ops)0 4141 y(for)32 b(all)f(c)m(hoices)i(of)f
Fs(s)8 b Fu(.)0 4390 y Fw(Exercise)36 b(2.4)49 b Fu(Consider)33
b(the)g(follo)m(wing)d(statemen)m(ts)145 4606 y Ft(\017)49
b Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g
Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\))145 4822
y Ft(\017)49 b Fr(while)34 b(1)p Ft(\024)p Fr(x)f(do)g
Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)q Fr(x)p Fu(;)f Fr(x)p
Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\))145 5038 y Ft(\017)49
b Fr(while)34 b(true)f(do)g(skip)0 5254 y Fu(F)-8 b(or)28
b(eac)m(h)j(statemen)m(t)e(determine)g(whether)i(or)e(not)g(it)f(alw)m
(a)m(ys)i(terminates)f(and)g(whether)i(or)0 5374 y(not)k(it)f(alw)m(a)m
(ys)i(lo)s(ops.)50 b(T)-8 b(ry)36 b(to)f(argue)g(for)f(y)m(our)i(answ)m
(ers)h(using)e(the)g(axioms)f(and)i(rules)f(of)0 5494
y(T)-8 b(able)32 b(2.1.)2978 b Fh(2)p eop
%%Page: 26 36
26 35 bop 251 130 a Fw(26)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fp(Prop)t(erties)46
b(of)f(the)h(seman)l(tics)283 700 y Fu(The)32 b(transition)d(system)j
(giv)m(es)f(us)g(a)g(w)m(a)m(y)h(of)e(arguing)f(ab)s(out)i(statemen)m
(ts)g(and)g(their)f(prop-)283 820 y(erties.)44 b(As)31
b(an)g(example)f(w)m(e)i(ma)m(y)f(b)s(e)g(in)m(terested)h(in)e(whether)
j(t)m(w)m(o)e(statemen)m(ts)h Fs(S)3391 835 y Fn(1)3462
820 y Fu(and)f Fs(S)3717 835 y Fn(2)283 941 y Fu(are)i
Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 b(quivalent)p Fu(;)32
b(b)m(y)h(this)g(w)m(e)g(mean)f(that)h(for)f(all)e(states)k
Fs(s)40 b Fu(and)33 b Fs(s)3303 905 y Fi(0)527 1140 y
Ft(h)p Fs(S)633 1155 y Fn(1)672 1140 y Fu(,)g Fs(s)8
b Ft(i)32 b(!)g Fs(s)1031 1104 y Fi(0)1087 1140 y Fu(if)g(and)g(only)h
(if)e Ft(h)p Fs(S)1776 1155 y Fn(2)1815 1140 y Fu(,)i
Fs(s)8 b Ft(i)32 b(!)g Fs(s)2174 1104 y Fi(0)p 283 1339
3473 5 v 283 1509 a Fw(Lemma)38 b(2.5)49 b Fu(The)33
b(statemen)m(t)527 1708 y Fr(while)h Fs(b)39 b Fr(do)33
b Fs(S)283 1907 y Fu(is)g(seman)m(tically)d(equiv)-5
b(alen)m(t)33 b(to)520 2098 y Fr(if)g Fs(b)38 b Fr(then)c
Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33
b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p Fu(.)p 283 2219
V 283 2418 a Fw(Pro)s(of:)38 b Fu(The)33 b(pro)s(of)f(is)g(in)g(t)m(w)m
(o)h(stages.)44 b(W)-8 b(e)33 b(shall)f(\014rst)h(pro)m(v)m(e)g(that)g
(if)552 2585 y Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12
b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1524 2549 y Fi(00)3631
2585 y Fu(\(*\))283 2753 y(then)552 2920 y Ft(h)p Fr(if)h
Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p
Fu(,)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)2658 2884 y Fi(00)3582
2920 y Fu(\(**\))283 3088 y(Th)m(us,)j(if)d(the)h(execution)h(of)e(the)
h(lo)s(op)f(terminates)g(then)h(so)g(do)s(es)h(its)e(one-lev)m(el)g
(unfolding.)283 3208 y(Later)26 b(w)m(e)g(shall)f(sho)m(w)h(that)g(if)e
(the)i(unfolded)f(lo)s(op)f(terminates)h(then)h(so)g(will)d(the)j(lo)s
(op)e(itself;)283 3329 y(the)33 b(conjunction)g(of)f(these)i(results)f
(then)g(pro)m(v)m(e)h(the)f(lemma.)430 3449 y(Because)44
b(\(*\))f(holds)f(w)m(e)i(kno)m(w)g(that)f(w)m(e)h(ha)m(v)m(e)g(a)f
(deriv)-5 b(ation)41 b(tree)j Fs(T)56 b Fu(for)42 b(it.)74
b(It)43 b(can)283 3570 y(ha)m(v)m(e)g(one)e(of)f(t)m(w)m(o)i(forms)e
(dep)s(ending)h(on)g(whether)h(it)e(has)h(b)s(een)g(constructed)i
(using)d(the)283 3690 y(rule)30 b([while)738 3654 y Fn(tt)726
3715 y(ns)796 3690 y Fu(])g(or)f(the)h(axiom)e([while)1683
3654 y Fn(\013)1671 3715 y(ns)1742 3690 y Fu(].)42 b(In)30
b(the)h(\014rst)f(case)g(the)g(deriv)-5 b(ation)28 b(tree)j
Fs(T)42 b Fu(has)30 b(the)283 3810 y(form:)813 3982 y
Fs(T)896 3997 y Fn(1)1253 3982 y Fs(T)1336 3997 y Fn(2)p
527 4068 1168 4 v 604 4273 a Ft(h)o Fr(while)k Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h
Fs(s)1576 4237 y Fi(00)283 4471 y Fu(where)e Fs(T)645
4486 y Fn(1)714 4471 y Fu(is)e(a)g(deriv)-5 b(ation)28
b(tree)i(with)f(ro)s(ot)g Ft(h)o Fs(S)12 b Fu(,)30 b
Fs(s)8 b Ft(i)o(!)p Fs(s)2355 4435 y Fi(0)2408 4471 y
Fu(and)29 b Fs(T)2677 4486 y Fn(2)2746 4471 y Fu(is)g(a)g(deriv)-5
b(ation)28 b(tree)i(with)283 4591 y(ro)s(ot)h Ft(h)p
Fr(while)h Fs(b)38 b Fr(do)31 b Fs(S)12 b Fu(,)32 b Fs(s)1207
4555 y Fi(0)1230 4591 y Ft(i!)o Fs(s)1416 4555 y Fi(00)1459
4591 y Fu(.)43 b(F)-8 b(urthermore,)31 b Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)39 b Fu(=)31 b Fw(tt)p
Fu(.)42 b(Using)31 b(the)h(deriv)-5 b(ation)30 b(trees)283
4711 y Fs(T)366 4726 y Fn(1)439 4711 y Fu(and)j Fs(T)712
4726 y Fn(2)785 4711 y Fu(as)g(the)h(premises)f(for)g(the)g(rules)g
([comp)2278 4726 y Fn(ns)2349 4711 y Fu(])g(w)m(e)h(can)g(construct)g
(the)f(deriv)-5 b(ation)283 4832 y(tree:)813 5003 y Fs(T)896
5018 y Fn(1)1327 5003 y Fs(T)1410 5018 y Fn(2)p 527 5090
1241 4 v 577 5294 a Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32
b(!)h Fs(s)1676 5258 y Fi(00)283 5494 y Fu(Using)g(that)f
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)40
b Fu(=)33 b Fw(tt)e Fu(w)m(e)j(can)f(use)g(the)g(rule)f([if)2223
5458 y Fn(tt)2211 5519 y(ns)2282 5494 y Fu(])g(to)g(construct)i(the)f
(deriv)-5 b(ation)31 b(tree)p eop
%%Page: 27 37
27 36 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
b(27)p 0 193 3473 4 v 530 500 a Fs(T)613 515 y Fn(1)2051
500 y Fs(T)2134 515 y Fn(2)p 244 587 2248 4 v 797 791
a Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1896
755 y Fi(00)p 244 878 V 294 1083 a Ft(h)o Fr(if)h Fs(b)39
b Fr(then)34 b Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p
Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2399 1047 y Fi(00)0
1267 y Fu(thereb)m(y)i(sho)m(wing)f(that)f(\(**\))g(holds.)146
1388 y(Alternativ)m(ely)-8 b(,)27 b(the)f(deriv)-5 b(ation)25
b(tree)h Fs(T)39 b Fu(is)26 b(an)g(instance)g(of)f([while)2621
1352 y Fn(\013)2609 1412 y(ns)2680 1388 y Fu(].)41 b(Then)27
b Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fw(\013)0 1508 y Fu(and)h(w)m(e)g(m)m(ust)g(ha)m(v)m(e)h
(that)e Fs(s)1059 1472 y Fi(00)1102 1508 y Fu(=)p Fs(s)8
b Fu(.)43 b(So)33 b Fs(T)45 b Fu(simply)31 b(is)244 1694
y Ft(h)p Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32
b Fs(s)8 b Ft(i)33 b(!)f Fs(s)0 1880 y Fu(Using)g(the)h(axiom)e([skip)
930 1895 y Fn(ns)1002 1880 y Fu(])h(w)m(e)i(get)e(a)h(deriv)-5
b(ation)31 b(tree)244 2066 y Ft(h)p Fr(skip)p Fu(,)i
Fs(s)8 b Ft(i!)p Fs(s)782 2030 y Fi(00)0 2252 y Fu(and)33
b(w)m(e)g(can)g(no)m(w)g(apply)g(the)g(rule)f([if)1444
2216 y Fn(\013)1432 2276 y(ns)1502 2252 y Fu(])h(to)f(construct)h(a)g
(deriv)-5 b(ation)31 b(tree)i(for)f(\(**\):)1045 2435
y Ft(h)p Fr(skip)p Fu(,)h Fs(s)8 b Ft(i)33 b(!)f Fs(s)1648
2399 y Fi(00)p 244 2521 V 294 2726 a Ft(h)o Fr(if)h Fs(b)39
b Fr(then)34 b Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p
Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2399 2690 y Fi(00)0
2905 y Fu(This)h(completes)f(the)h(\014rst)g(part)g(of)f(the)h(pro)s
(of.)146 3026 y(F)-8 b(or)38 b(the)h(second)h(stage)f(of)f(the)h(pro)s
(of)e(w)m(e)j(assume)f(that)f(\(**\))g(holds)g(and)h(shall)e(pro)m(v)m
(e)0 3146 y(that)29 b(\(*\))g(holds.)42 b(So)29 b(w)m(e)h(ha)m(v)m(e)g
(a)f(deriv)-5 b(ation)27 b(tree)j Fs(T)42 b Fu(for)29
b(\(**\))f(and)h(m)m(ust)g(construct)i(one)e(for)0 3266
y(\(*\).)46 b(Only)34 b(t)m(w)m(o)g(rules)g(could)f(giv)m(e)h(rise)f
(to)h(the)g(deriv)-5 b(ation)32 b(tree)i Fs(T)47 b Fu(for)33
b(\(**\),)g(namely)g([if)3387 3230 y Fn(tt)3375 3291
y(ns)3445 3266 y Fu(])0 3387 y(or)f([if)216 3351 y Fn(\013)204
3411 y(ns)274 3387 y Fu(].)44 b(In)33 b(the)g(\014rst)g(case,)h
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fw(tt)g Fu(and)g(w)m(e)i(ha)m(v)m(e)g(a)e(deriv)-5
b(ation)31 b(tree)i Fs(T)2975 3402 y Fn(1)3047 3387 y
Fu(with)g(ro)s(ot)244 3573 y Ft(h)p Fs(S)12 b Fu(;)32
b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8
b Ft(i!)o Fs(s)1277 3536 y Fi(00)0 3759 y Fu(The)34 b(statemen)m(t)g
(has)f(the)h(general)f(form)e Fs(S)1632 3774 y Fn(1)1672
3759 y Fu(;)i Fs(S)1799 3774 y Fn(2)1872 3759 y Fu(and)g(the)h(only)e
(rule)h(that)g(could)g(giv)m(e)g(this)0 3879 y(is)f([comp)353
3894 y Fn(ns)424 3879 y Fu(].)44 b(Therefore)33 b(there)h(are)e(deriv)
-5 b(ation)31 b(trees)j Fs(T)2150 3894 y Fn(2)2222 3879
y Fu(and)e Fs(T)2494 3894 y Fn(3)2566 3879 y Fu(for)244
4065 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i!)p Fs(s)644
4029 y Fi(0)667 4065 y Fu(,)33 b(and)244 4232 y Ft(h)p
Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)964
4196 y Fi(0)988 4232 y Ft(i!)o Fs(s)1174 4196 y Fi(00)0
4418 y Fu(for)d(some)g(state)g Fs(s)670 4382 y Fi(0)693
4418 y Fu(.)43 b(It)29 b(is)g(no)m(w)g(straigh)m(tforw)m(ard)g(to)g
(use)h(the)f(rule)g([while)2741 4382 y Fn(tt)2729 4443
y(ns)2799 4418 y Fu(])h(to)e(com)m(bine)h Fs(T)3433 4433
y Fn(2)0 4539 y Fu(and)k Fs(T)273 4554 y Fn(3)345 4539
y Fu(to)f(a)g(deriv)-5 b(ation)31 b(tree)i(for)f(\(*\).)146
4659 y(In)i(the)g(second)h(case,)f Ft(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])p Fs(s)42 b Fu(=)33 b Fw(\013)h
Fu(and)f Fs(T)47 b Fu(is)33 b(constructed)i(using)e(the)h(rule)f([if)
3124 4623 y Fn(\013)3112 4684 y(ns)3182 4659 y Fu(].)46
b(This)0 4780 y(means)33 b(that)f(w)m(e)i(ha)m(v)m(e)f(a)g(deriv)-5
b(ation)31 b(tree)i(for)244 4965 y Ft(h)p Fr(skip)p Fu(,)g
Fs(s)8 b Ft(i!)p Fs(s)782 4929 y Fi(00)0 5151 y Fu(and)36
b(according)f(to)h(axiom)e([skip)1249 5166 y Fn(ns)1321
5151 y Fu(])i(it)f(m)m(ust)h(b)s(e)g(the)g(case)h(that)f
Fs(s)8 b Fu(=)p Fs(s)2634 5115 y Fi(00)2676 5151 y Fu(.)54
b(But)36 b(then)g(w)m(e)h(can)0 5272 y(use)f(the)f(axiom)e([while)895
5236 y Fn(\013)883 5296 y(ns)953 5272 y Fu(])i(to)f(construct)i(a)e
(deriv)-5 b(ation)33 b(tree)i(for)f(\(*\).)50 b(This)35
b(completes)f(the)0 5392 y(pro)s(of.)3148 b Fh(2)p eop
%%Page: 28 38
28 37 bop 251 130 a Fw(28)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.6)49
b Fu(Pro)m(v)m(e)42 b(that)f(the)h(t)m(w)m(o)g(statemen)m(ts)g
Fs(S)2359 530 y Fn(1)2398 515 y Fu(;\()p Fs(S)2530 530
y Fn(2)2570 515 y Fu(;)p Fs(S)2664 530 y Fn(3)2703 515
y Fu(\))f(and)g(\()p Fs(S)3085 530 y Fn(1)3125 515 y
Fu(;)p Fs(S)3219 530 y Fn(2)3258 515 y Fu(\);)p Fs(S)3390
530 y Fn(3)3470 515 y Fu(are)h(se-)283 636 y(man)m(tically)21
b(equiv)-5 b(alen)m(t.)40 b(Construct)25 b(a)e(statemen)m(t)h(sho)m
(wing)f(that)g Fs(S)2843 651 y Fn(1)2882 636 y Fu(;)p
Fs(S)2976 651 y Fn(2)3039 636 y Fu(is)g(not,)i(in)d(general,)283
756 y(seman)m(tically)31 b(equiv)-5 b(alen)m(t)33 b(to)f
Fs(S)1492 771 y Fn(2)1531 756 y Fu(;)p Fs(S)1625 771
y Fn(1)1664 756 y Fu(.)1990 b Fh(2)283 970 y Fw(Exercise)37
b(2.7)49 b Fu(Extend)34 b(the)f(language)e Fw(While)g
Fu(with)h(the)h(statemen)m(t)527 1163 y Fr(repeat)h Fs(S)45
b Fr(until)34 b Fs(b)283 1355 y Fu(and)39 b(de\014ne)h(the)f(relation)e
Ft(!)h Fu(for)g(it.)61 b(\(The)39 b(seman)m(tics)g(of)f(the)h
Fr(repeat)p Fu(-construct)i(is)d(not)283 1476 y(allo)m(w)m(ed)45
b(to)g(rely)g(on)g(the)h(existence)h(of)e(a)g Fr(while)p
Fu(-construct)i(in)e(the)h(language.\))80 b(Pro)m(v)m(e)283
1596 y(that)44 b Fr(repeat)i Fs(S)56 b Fr(until)45 b
Fs(b)50 b Fu(and)44 b Fs(S)12 b Fu(;)44 b Fr(if)h Fs(b)50
b Fr(then)45 b(skip)g(else)g Fu(\()p Fr(repeat)h Fs(S)56
b Fr(until)45 b Fs(b)6 b Fu(\))44 b(are)283 1717 y(seman)m(tically)31
b(equiv)-5 b(alen)m(t.)2381 b Fh(2)283 1931 y Fw(Exercise)37
b(2.8)49 b Fu(Another)33 b(iterativ)m(e)f(construct)h(is)527
2123 y Fr(for)h Fs(x)44 b Fu(:=)32 b Fs(a)995 2138 y
Fn(1)1068 2123 y Fr(to)h Fs(a)1260 2138 y Fn(2)1332 2123
y Fr(do)g Fs(S)283 2316 y Fu(Extend)h(the)f(language)f
Fw(While)e Fu(with)i(this)g(statemen)m(t)h(and)g(de\014ne)h(the)e
(relation)f Ft(!)h Fu(for)g(it.)283 2436 y(Ev)-5 b(aluate)33
b(the)g(statemen)m(t)527 2629 y Fr(y)p Fu(:=)p Fr(1)p
Fu(;)g Fr(for)h(z)p Fu(:=)p Fr(1)f(to)g(x)g(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\))283 2822 y(from)38 b(a)h(state)h(where)g
Fr(x)f Fu(has)h(the)f(v)-5 b(alue)39 b(5.)63 b(Hin)m(t:)56
b(Y)-8 b(ou)39 b(ma)m(y)g(need)h(to)f(assume)g(that)g(y)m(ou)283
2942 y(ha)m(v)m(e)30 b(an)f(\\in)m(v)m(erse")h(to)e Ft(N)14
b Fu(,)30 b(so)f(that)f(there)h(is)g(a)f(n)m(umeral)g(for)g(eac)m(h)h
(n)m(um)m(b)s(er)g(that)g(ma)m(y)f(arise)283 3062 y(during)41
b(the)g(computation.)67 b(\(The)42 b(seman)m(tics)f(of)f(the)i
Fr(for)p Fu(-construct)g(is)e(not)h(allo)m(w)m(ed)f(to)283
3183 y(rely)33 b(on)f(the)h(existence)h(of)f(a)f Fr(while)p
Fu(-construct)i(in)e(the)h(language.\))855 b Fh(2)430
3397 y Fu(In)31 b(the)f(ab)s(o)m(v)m(e)i(pro)s(of)d(w)m(e)j(used)f(T)-8
b(able)30 b(2.1)g(to)g(insp)s(ect)h(the)g(structure)h(of)e(the)g(deriv)
-5 b(ation)283 3517 y(tree)30 b(for)e(a)g(certain)g(transition)f(kno)m
(wn)j(to)f(hold.)41 b(In)29 b(the)g(pro)s(of)f(of)g(the)h(next)h
(result)f(w)m(e)g(shall)283 3638 y(com)m(bine)34 b(this)g(with)h(an)f
Fs(induction)i(on)g(the)h(shap)-5 b(e)36 b(of)g(the)g(derivation)g(tr)
-5 b(e)g(e)p Fu(.)49 b(The)36 b(idea)e(can)283 3758 y(b)s(e)f
(summarized)f(as)g(follo)m(ws:)p 283 3888 3470 4 v 283
3904 V 281 4112 4 208 v 298 4112 V 967 4033 a Fw(Induction)g(on)h(the)f
(Shap)s(e)i(of)f(Deriv)-6 b(ation)31 b(T)-9 b(rees)p
3735 4112 V 3752 4112 V 283 4115 3470 4 v 281 4484 4
370 v 298 4484 V 350 4281 a Fu(1:)143 b(Pro)m(v)m(e)24
b(that)f(the)h(prop)s(ert)m(y)g(holds)f(for)f(all)f(the)j(simple)e
(deriv)-5 b(ation)21 b(trees)j(b)m(y)h(sho)m(wing)569
4401 y(that)32 b(it)g(holds)g(for)g(the)h Fs(axioms)40
b Fu(of)32 b(the)h(transition)e(system.)p 3735 4484 V
3752 4484 V 281 5013 4 529 v 298 5013 V 350 4569 a(2:)143
b(Pro)m(v)m(e)31 b(that)g(the)f(prop)s(ert)m(y)h(holds)f(for)g(all)e
(comp)s(osite)h(deriv)-5 b(ation)29 b(trees:)43 b(F)-8
b(or)30 b(eac)m(h)569 4689 y Fs(rule)50 b Fu(assume)44
b(that)f(the)g(prop)s(ert)m(y)h(holds)e(for)h(its)f(premises)h(\(this)g
(is)g(called)e(the)569 4809 y Fs(induction)29 b(hyp)-5
b(othesis)p Fu(\))27 b(and)g(pro)m(v)m(e)i(that)e(it)g(also)f(holds)h
(for)g(the)h(conclusion)e(of)h(the)569 4930 y(rule)32
b(pro)m(vided)h(that)f(the)h(conditions)f(of)g(the)h(rule)f(are)h
(satis\014ed.)p 3735 5013 V 3752 5013 V 283 5016 3470
4 v 283 5033 V 283 5181 a(T)-8 b(o)28 b(form)m(ulate)f(the)h(theorem)f
(w)m(e)i(shall)e(sa)m(y)h(that)g(the)g(seman)m(tics)g(of)f(T)-8
b(able)28 b(2.1)f(is)h Fs(determin-)283 5302 y(istic)39
b Fu(if)31 b(for)h(all)f(c)m(hoices)i(of)f Fs(S)12 b
Fu(,)32 b Fs(s)8 b Fu(,)33 b Fs(s)1594 5266 y Fi(0)1650
5302 y Fu(and)g Fs(s)1888 5266 y Fi(00)1963 5302 y Fu(w)m(e)g(ha)m(v)m
(e)h(that)527 5494 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8
b Ft(i)32 b(!)g Fs(s)992 5458 y Fi(0)1048 5494 y Fu(and)h
Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1702
5458 y Fi(00)1777 5494 y Fu(imply)f Fs(s)2099 5458 y
Fi(0)2155 5494 y Fu(=)h Fs(s)2311 5458 y Fi(00)p eop
%%Page: 29 39
29 38 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
b(29)p 0 193 3473 4 v 0 515 a Fu(This)22 b(means)g(that)f(for)h(ev)m
(ery)h(statemen)m(t)g Fs(S)33 b Fu(and)22 b(initial)c(state)k
Fs(s)30 b Fu(w)m(e)23 b(can)f(uniquely)g(determine)0
636 y(a)32 b(\014nal)g(state)h Fs(s)585 600 y Fi(0)641
636 y Fu(if)e(\(and)i(only)f(if)7 b(\))31 b(the)i(execution)h(of)e
Fs(S)44 b Fu(terminates.)p 0 759 3473 5 v 0 949 a Fw(Theorem)37
b(2.9)49 b Fu(The)34 b(natural)d(seman)m(tics)i(of)f(T)-8
b(able)32 b(2.1)g(is)g(deterministic.)p 0 1069 V 0 1286
a Fw(Pro)s(of:)37 b Fu(W)-8 b(e)33 b(assume)g(that)g
Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i!)o Fs(s)1456
1250 y Fi(0)1512 1286 y Fu(and)33 b(shall)e(pro)m(v)m(e)j(that)244
1503 y(if)d Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i!)p
Fs(s)733 1466 y Fi(00)808 1503 y Fu(then)33 b Fs(s)1078
1466 y Fi(0)1134 1503 y Fu(=)f Fs(s)1290 1466 y Fi(00)1333
1503 y Fu(.)0 1719 y(W)-8 b(e)33 b(shall)e(pro)s(ceed)j(b)m(y)f
(induction)f(on)g(the)h(shap)s(e)g(of)f(the)h(deriv)-5
b(ation)31 b(tree)i(for)f Ft(h)p Fs(S)12 b Fu(,)33 b
Fs(s)8 b Ft(i)o(!)p Fs(s)3384 1683 y Fi(0)3407 1719 y
Fu(.)0 1887 y Fw(The)34 b(case)h Fu([ass)611 1902 y Fn(ns)683
1887 y Fu(]:)46 b(Then)36 b Fs(S)45 b Fu(is)34 b Fs(x)12
b Fu(:=)p Fs(a)41 b Fu(and)34 b Fs(s)1730 1851 y Fi(0)1787
1887 y Fu(is)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(].)48 b(The)35
b(only)f(axiom)e(or)i(rule)0 2007 y(that)39 b(could)f(b)s(e)i(used)g
(to)f(giv)m(e)g Ft(h)o Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(,)41
b Fs(s)8 b Ft(i!)o Fs(s)1743 1971 y Fi(00)1825 2007 y
Fu(is)39 b([ass)2082 2022 y Fn(ns)2154 2007 y Fu(])g(so)g(it)f(follo)m
(ws)g(that)h Fs(s)3043 1971 y Fi(00)3124 2007 y Fu(m)m(ust)g(b)s(e)0
2128 y Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q
Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])32 b(and)h(thereb)m(y)h
Fs(s)1141 2091 y Fi(0)1197 2128 y Fu(=)f Fs(s)1354 2091
y Fi(00)1396 2128 y Fu(.)0 2295 y Fw(The)g(case)g Fu([skip)654
2310 y Fn(ns)726 2295 y Fu(]:)43 b(Analogous.)0 2463
y Fw(The)33 b(case)g Fu([comp)711 2478 y Fn(ns)782 2463
y Fu(]:)43 b(Assume)34 b(that)244 2679 y Ft(h)p Fs(S)350
2694 y Fn(1)389 2679 y Fu(;)p Fs(S)483 2694 y Fn(2)522
2679 y Fu(,)f Fs(s)8 b Ft(i!)o Fs(s)816 2643 y Fi(0)0
2896 y Fu(holds)32 b(b)s(ecause)244 3113 y Ft(h)p Fs(S)350
3128 y Fn(1)389 3113 y Fu(,)h Fs(s)8 b Ft(i)o(!)p Fs(s)683
3128 y Fn(0)755 3113 y Fu(and)33 b Ft(h)o Fs(S)1050 3128
y Fn(2)1090 3113 y Fu(,)f Fs(s)1197 3128 y Fn(0)1237
3113 y Ft(i!)o Fs(s)1423 3076 y Fi(0)0 3329 y Fu(for)c(some)h
Fs(s)434 3344 y Fn(0)474 3329 y Fu(.)42 b(The)30 b(only)e(rule)g(that)h
(could)f(b)s(e)h(applied)f(to)h(giv)m(e)f Ft(h)p Fs(S)2490
3344 y Fn(1)2529 3329 y Fu(;)p Fs(S)2623 3344 y Fn(2)2663
3329 y Fu(,)h Fs(s)8 b Ft(i!)p Fs(s)2954 3293 y Fi(00)3025
3329 y Fu(is)28 b([comp)3374 3344 y Fn(ns)3445 3329 y
Fu(])0 3450 y(so)33 b(there)g(is)f(a)g(state)h Fs(s)835
3465 y Fn(1)907 3450 y Fu(suc)m(h)i(that)244 3666 y Ft(h)p
Fs(S)350 3681 y Fn(1)389 3666 y Fu(,)e Fs(s)8 b Ft(i)o(!)p
Fs(s)683 3681 y Fn(1)755 3666 y Fu(and)33 b Ft(h)o Fs(S)1050
3681 y Fn(2)1090 3666 y Fu(,)f Fs(s)1197 3681 y Fn(1)1237
3666 y Ft(i!)o Fs(s)1423 3630 y Fi(00)0 3883 y Fu(The)47
b(induction)d(h)m(yp)s(othesis)j(can)f(b)s(e)g(applied)e(to)i(the)g
(premise)f Ft(h)p Fs(S)2637 3898 y Fn(1)2676 3883 y Fu(,)k
Fs(s)8 b Ft(i!)p Fs(s)2987 3898 y Fn(0)3072 3883 y Fu(and)46
b(from)0 4003 y Ft(h)p Fs(S)106 4018 y Fn(1)145 4003
y Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)439 4018 y Fn(1)512
4003 y Fu(w)m(e)34 b(get)g Fs(s)868 4018 y Fn(0)941 4003
y Fu(=)f Fs(s)1098 4018 y Fn(1)1138 4003 y Fu(.)46 b(Similarly)-8
b(,)29 b(the)34 b(induction)f(h)m(yp)s(othesis)h(can)g(b)s(e)f(applied)
g(to)0 4123 y(the)g(premise)f Ft(h)p Fs(S)632 4138 y
Fn(2)671 4123 y Fu(,)h Fs(s)779 4138 y Fn(0)818 4123
y Ft(i!)p Fs(s)1005 4087 y Fi(0)1061 4123 y Fu(and)f(from)g
Ft(h)o Fs(S)1586 4138 y Fn(2)1626 4123 y Fu(,)g Fs(s)1733
4138 y Fn(0)1773 4123 y Ft(i!)o Fs(s)1959 4087 y Fi(00)2034
4123 y Fu(w)m(e)i(get)e Fs(s)2388 4087 y Fi(0)2444 4123
y Fu(=)h Fs(s)2601 4087 y Fi(00)2676 4123 y Fu(as)f(required.)0
4291 y Fw(The)h(case)g Fu([if)553 4255 y Fn(tt)541 4316
y(ns)611 4291 y Fu(]:)44 b(Assume)33 b(that)244 4508
y Ft(h)p Fr(if)g Fs(b)38 b Fr(then)c Fs(S)806 4523 y
Fn(1)877 4508 y Fr(else)g Fs(S)1182 4523 y Fn(2)1221
4508 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 4472 y
Fi(0)0 4724 y Fu(holds)g(b)s(ecause)244 4941 y Ft(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32
b Fw(tt)g Fu(and)h Ft(h)p Fs(S)1043 4956 y Fn(1)1082
4941 y Fu(,)f Fs(s)8 b Ft(i!)p Fs(s)1376 4905 y Fi(0)0
5158 y Fu(F)-8 b(rom)45 b Ft(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])p Fs(s)54 b Fu(=)46 b Fw(tt)g Fu(w)m(e)h(get)f(that)g
(the)h(only)e(rule)h(that)g(could)g(b)s(e)g(applied)f(to)h(giv)m(e)g
(the)0 5278 y(alternativ)m(e)32 b Ft(h)o Fr(if)i Fs(b)k
Fr(then)c Fs(S)1050 5293 y Fn(1)1121 5278 y Fr(else)g
Fs(S)1426 5293 y Fn(2)1465 5278 y Fu(,)f Fs(s)8 b Ft(i)32
b(!)g Fs(s)1824 5242 y Fi(00)1899 5278 y Fu(is)g([if)2094
5242 y Fn(tt)2082 5303 y(ns)2153 5278 y Fu(].)43 b(So)33
b(it)e(m)m(ust)i(b)s(e)g(the)g(case)g(that)244 5494 y
Ft(h)p Fs(S)350 5509 y Fn(1)389 5494 y Fu(,)g Fs(s)8
b Ft(i)32 b(!)g Fs(s)748 5458 y Fi(00)p eop
%%Page: 30 40
30 39 bop 251 130 a Fw(30)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(But)30
b(then)h(the)f(induction)f(h)m(yp)s(othesis)i(can)f(b)s(e)g(applied)e
(to)i(the)g(premise)f Ft(h)p Fs(S)3155 530 y Fn(1)3194
515 y Fu(,)i Fs(s)8 b Ft(i)29 b(!)h Fs(s)3546 479 y Fi(0)3599
515 y Fu(and)283 636 y(from)i Ft(h)p Fs(S)620 651 y Fn(1)659
636 y Fu(,)g Fs(s)8 b Ft(i)33 b(!)f Fs(s)1018 600 y Fi(00)1093
636 y Fu(w)m(e)i(get)e Fs(s)1447 600 y Fi(0)1503 636
y Fu(=)g Fs(s)1659 600 y Fi(00)1702 636 y Fu(.)283 803
y Fw(The)h(case)g Fu([if)836 767 y Fn(\013)824 828 y(ns)895
803 y Fu(]:)43 b(Analogous.)283 971 y Fw(The)33 b(case)g
Fu([while)1001 935 y Fn(tt)989 996 y(ns)1060 971 y Fu(]:)44
b(Assume)33 b(that)527 1198 y Ft(h)p Fr(while)h Fs(b)k
Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g
Fs(s)1499 1162 y Fi(0)283 1425 y Fu(b)s(ecause)527 1652
y Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)41
b Fu(=)32 b Fw(tt)p Fu(,)g Ft(h)o Fs(S)12 b Fu(,)33 b
Fs(s)8 b Ft(i!)o Fs(s)1457 1667 y Fn(0)1529 1652 y Fu(and)33
b Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
b Fs(s)2440 1667 y Fn(0)2479 1652 y Ft(i!)o Fs(s)2665
1615 y Fi(0)283 1879 y Fu(The)40 b(only)e(rule)h(that)f(could)g(b)s(e)h
(applied)f(to)g(giv)m(e)h Ft(h)p Fr(while)h Fs(b)k Fr(do)c
Fs(S)12 b Fu(,)38 b Fs(s)8 b Ft(i)39 b(!)f Fs(s)3223
1842 y Fi(00)3304 1879 y Fu(is)g([while)3670 1842 y Fn(tt)3658
1903 y(ns)3729 1879 y Fu(])283 1999 y(b)s(ecause)c Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)41 b Fu(=)32
b Fw(tt)g Fu(and)g(this)h(means)f(that)527 2226 y Ft(h)p
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)927 2241
y Fn(1)999 2226 y Fu(and)33 b Ft(h)o Fr(while)h Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1909 2241 y Fn(1)1949
2226 y Ft(i)g(!)g Fs(s)2200 2190 y Fi(00)283 2453 y Fu(m)m(ust)46
b(hold)e(for)h(some)g Fs(s)1234 2468 y Fn(1)1273 2453
y Fu(.)81 b(Again)44 b(the)i(induction)e(h)m(yp)s(othesis)i(can)f(b)s
(e)h(applied)e(to)g(the)283 2573 y(premise)33 b Ft(h)o
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i!)o Fs(s)1041 2588 y
Fn(0)1113 2573 y Fu(and)33 b(from)e Ft(h)p Fs(S)12 b
Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)1933 2588 y Fn(1)2005
2573 y Fu(w)m(e)34 b(get)e Fs(s)2359 2588 y Fn(0)2431
2573 y Fu(=)h Fs(s)2588 2588 y Fn(1)2627 2573 y Fu(.)44
b(Th)m(us)34 b(w)m(e)f(ha)m(v)m(e)527 2800 y Ft(h)p Fr(while)h
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)1248 2815
y Fn(0)1287 2800 y Ft(i!)p Fs(s)1474 2764 y Fi(0)1530
2800 y Fu(and)f Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12
b Fu(,)33 b Fs(s)2440 2815 y Fn(0)2479 2800 y Ft(i!)p
Fs(s)2666 2764 y Fi(00)283 3027 y Fu(Since)44 b Ft(h)o
Fr(while)g Fs(b)49 b Fr(do)44 b Fs(S)12 b Fu(,)42 b Fs(s)1310
3042 y Fn(0)1350 3027 y Ft(i!)o Fs(s)1536 2991 y Fi(0)1602
3027 y Fu(is)h(a)f(premise)h(of)f(\(the)i(instance)f(of)7
b(\))42 b([while)3327 2991 y Fn(tt)3315 3051 y(ns)3386
3027 y Fu(])h(w)m(e)h(can)283 3147 y(apply)37 b(the)h(induction)e(h)m
(yp)s(othesis)j(to)d(it.)57 b(F)-8 b(rom)35 b Ft(h)p
Fr(while)k Fs(b)k Fr(do)37 b Fs(S)12 b Fu(,)37 b Fs(s)2925
3162 y Fn(0)2965 3147 y Ft(i!)o Fs(s)3151 3111 y Fi(00)3231
3147 y Fu(w)m(e)h(therefore)283 3268 y(get)33 b Fs(s)494
3231 y Fi(0)550 3268 y Fu(=)f Fs(s)706 3231 y Fi(00)781
3268 y Fu(as)h(required.)283 3435 y Fw(The)g(case)g Fu([while)1001
3399 y Fn(\013)989 3460 y(ns)1060 3435 y Fu(]:)44 b(Straigh)m(tforw)m
(ard.)1826 b Fh(2)283 3784 y Fw(Exercise)37 b(2.10)49
b Fu(*)83 b(Pro)m(v)m(e)43 b(that)e Fr(repeat)i Fs(S)53
b Fr(until)43 b Fs(b)48 b Fu(\(as)41 b(de\014ned)i(in)e(Exercise)i
(2.7\))e(is)283 3904 y(seman)m(tically)k(equiv)-5 b(alen)m(t)47
b(to)g Fs(S)12 b Fu(;)32 b Fr(while)i Ft(:)p Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(.)86 b(Argue)47 b(that)f(this)h(means)g(that)
f(the)283 4025 y(extended)35 b(seman)m(tics)e(is)f(deterministic.)1860
b Fh(2)430 4286 y Fu(It)42 b(is)f(w)m(orth)i(observing)f(that)g(w)m(e)h
(could)e(not)h(pro)m(v)m(e)i(Theorem)e(2.9)f(using)h(structural)283
4406 y(induction)h(on)g(the)h(statemen)m(t)h Fs(S)12
b Fu(.)43 b(The)h(reason)h(is)e(that)g(the)h(rule)f([while)3160
4370 y Fn(tt)3148 4431 y(ns)3219 4406 y Fu(])g(de\014nes)i(the)283
4527 y(seman)m(tics)30 b(of)f Fr(while)i Fs(b)k Fr(do)30
b Fs(S)41 b Fu(in)29 b(terms)g(of)g(itself.)41 b(Structural)29
b(induction)g(w)m(orks)i(\014ne)f(when)283 4647 y(the)k(seman)m(tics)f
(is)f(de\014ned)i Fs(c)-5 b(omp)g(ositional)5 b(ly)40
b Fu(\(as)33 b(e.g.)45 b Ft(A)32 b Fu(and)h Ft(B)j Fu(in)c(Chapter)i
(1\).)43 b(But)33 b(the)283 4768 y(natural)i(seman)m(tics)h(of)f(T)-8
b(able)35 b(2.1)g(is)g Fs(not)45 b Fu(de\014ned)38 b(comp)s
(ositionally)31 b(b)s(ecause)37 b(of)e(the)h(rule)283
4888 y([while)545 4852 y Fn(tt)533 4913 y(ns)604 4888
y Fu(].)430 5013 y(Basically)-8 b(,)46 b(induction)e(on)h(the)g(shap)s
(e)h(of)e(deriv)-5 b(ation)44 b(trees)i(is)e(a)h(kind)g(of)f
(structural)283 5133 y(induction)g(on)g(the)g(deriv)-5
b(ation)43 b(trees:)68 b(In)44 b(the)h Fs(b)-5 b(ase)45
b(c)-5 b(ase)51 b Fu(w)m(e)45 b(sho)m(w)g(that)f(the)h(prop)s(ert)m(y)
283 5254 y(holds)40 b(for)g(the)g(simple)e(deriv)-5 b(ation)39
b(trees.)66 b(In)41 b(the)f Fs(induction)h(step)46 b
Fu(w)m(e)41 b(assume)g(that)e(the)283 5374 y(prop)s(ert)m(y)d(holds)e
(for)g(the)h(immediate)d(constituen)m(ts)j(of)g(a)f(deriv)-5
b(ation)33 b(tree)i(and)f(sho)m(w)i(that)283 5494 y(it)c(also)g(holds)g
(for)g(the)h(comp)s(osite)e(deriv)-5 b(ation)31 b(tree.)p
eop
%%Page: 31 41
31 40 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
b(31)p 0 193 3473 4 v 0 515 a Fp(The)44 b(seman)l(tic)j(function)d
FC(S)1440 533 y Fk(ns)0 700 y Fu(The)37 b Fs(me)-5 b(aning)44
b Fu(of)36 b(statemen)m(ts)h(can)g(no)m(w)g(b)s(e)g(summarized)e(as)i
(a)f(\(partial\))e(function)i(from)0 820 y Fw(State)d
Fu(to)f Fw(State)p Fu(.)43 b(W)-8 b(e)33 b(de\014ne)244
1017 y Ft(S)312 1032 y Fn(ns)383 1017 y Fu(:)43 b Fw(Stm)32
b Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p
Fu(\))0 1214 y(and)h(this)f(means)h(that)f(for)g(ev)m(ery)i(statemen)m
(t)f Fs(S)45 b Fu(w)m(e)33 b(ha)m(v)m(e)h(a)f(partial)d(function)244
1411 y Ft(S)312 1426 y Fn(ns)383 1411 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])33 b Ft(2)g Fw(State)g Fo(,)-17
b Ft(!)33 b Fw(State)p Fu(.)0 1607 y(It)g(is)f(giv)m(en)g(b)m(y)244
1861 y Ft(S)312 1876 y Fn(ns)383 1861 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])q Fs(s)40 b Fu(=)714 1715 y Fg(\()822
1800 y Fs(s)870 1763 y Fi(0)1148 1800 y Fu(if)31 b Ft(h)p
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1702
1763 y Fi(0)822 1920 y Fu(undef)p 822 1933 243 4 v 91
w(otherwise)0 2114 y(Note)e(that)g Ft(S)510 2129 y Fn(ns)611
2114 y Fu(is)g(a)g(w)m(ell-de\014ned)g(partial)e(function)h(b)s(ecause)
j(of)e(Theorem)g(2.9.)42 b(The)31 b(need)0 2234 y(for)36
b(partialit)m(y)f(is)h(demonstrated)h(b)m(y)h(the)f(statemen)m(t)g
Fr(while)d(true)f(do)g(skip)38 b Fu(that)f(alw)m(a)m(ys)0
2355 y(lo)s(ops)32 b(\(see)h(Exercise)h(2.4\);)e(w)m(e)i(then)f(ha)m(v)
m(e)244 2552 y Ft(S)312 2567 y Fn(ns)383 2552 y Fu([)-17
b([)p Fr(while)34 b(true)g(do)f(skip)p Fu(])-17 b(])34
b Fs(s)41 b Fu(=)32 b(undef)p 1546 2565 236 4 v 0 2748
a(for)g(all)f(states)i Fs(s)8 b Fu(.)0 2968 y Fw(Exercise)36
b(2.11)49 b Fu(The)38 b(seman)m(tics)g(of)e(arithmetic)f(expressions)k
(is)e(giv)m(en)g(b)m(y)h(the)g(function)0 3088 y Ft(A)p
Fu(.)61 b(W)-8 b(e)39 b(can)g(also)f(use)h(an)g(op)s(erational)d
(approac)m(h)j(and)g(de\014ne)g(a)g(natural)e(seman)m(tics)i(for)0
3208 y(the)33 b(arithmetic)d(expressions.)46 b(It)32
b(will)f(ha)m(v)m(e)j(t)m(w)m(o)f(kinds)g(of)f(con\014gurations:)294
3397 y Ft(h)o Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)100 b
Fu(denoting)32 b(that)g Fs(a)40 b Fu(has)33 b(to)f(b)s(e)h(ev)-5
b(aluated)32 b(in)g(state)h Fs(s)8 b Fu(,)33 b(and)294
3564 y Fs(z)302 b Fu(denoting)32 b(the)h(\014nal)f(v)-5
b(alue)32 b(\(an)g(elemen)m(t)g(of)g Fw(Z)p Fu(\).)0
3754 y(The)i(transition)c(relation)h Ft(!)1103 3769 y
Fn(Aexp)1300 3754 y Fu(has)i(the)g(form)244 3951 y Ft(h)p
Fs(a)7 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)618 3966 y Fn(Aexp)816
3951 y Fs(z)0 4147 y Fu(where)e(the)g(idea)e(is)h(that)f
Fs(a)38 b Fu(ev)-5 b(aluates)29 b(to)h Fs(z)42 b Fu(in)29
b(state)i Fs(s)8 b Fu(.)42 b(Some)30 b(example)f(axioms)g(and)h(rules)0
4268 y(are)244 4465 y Ft(h)p Fs(n)7 b Fu(,)32 b Fs(s)8
b Ft(i)33 b(!)623 4480 y Fn(Aexp)821 4465 y Ft(N)14 b
Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])244 4679 y Ft(h)p
Fs(x)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)618 4694 y Fn(Aexp)815
4679 y Fs(s)41 b(x)254 4885 y Ft(h)p Fs(a)350 4900 y
Fn(1)389 4885 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)668 4900
y Fn(Aexp)865 4885 y Fs(z)917 4900 y Fn(1)957 4885 y
Fu(,)g Ft(h)p Fs(a)1112 4900 y Fn(2)1152 4885 y Fu(,)g
Fs(s)8 b Ft(i)33 b(!)1430 4900 y Fn(Aexp)1628 4885 y
Fs(z)1680 4900 y Fn(2)p 254 4948 1466 4 v 536 5053 a
Ft(h)p Fs(a)632 5068 y Fn(1)704 5053 y Fu(+)f Fs(a)869
5068 y Fn(2)909 5053 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)1188
5068 y Fn(Aexp)1385 5053 y Fs(z)1826 4971 y Fu(where)i
Fs(z)45 b Fu(=)32 b Fs(z)2353 4986 y Fn(1)2425 4971 y
Fu(+)g Fs(z)2585 4986 y Fn(2)0 5234 y Fu(Complete)k(the)h(sp)s
(eci\014cation)f(of)h(the)g(transition)e(system.)57 b(Use)37
b(structural)g(induction)e(on)0 5355 y Fw(Aexp)e Fu(to)f(pro)m(v)m(e)i
(that)f(the)g(meaning)e(of)h Fs(a)40 b Fu(de\014ned)34
b(b)m(y)g(this)e(relation)f(is)h(the)h(same)g(as)g(that)0
5475 y(de\014ned)h(b)m(y)f Ft(A)p Fu(.)2820 b Fh(2)p
eop
%%Page: 32 42
32 41 bop 251 130 a Fw(32)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.12)49
b Fu(In)24 b(a)h(similar)c(w)m(a)m(y)k(w)m(e)h(can)e(sp)s(ecify)h(a)f
(natural)f(seman)m(tics)i(for)f(the)g(b)s(o)s(olean)283
636 y(expressions.)46 b(The)33 b(transitions)f(will)e(ha)m(v)m(e)k(the)
f(form)527 865 y Ft(h)p Fs(b)6 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(!)896 880 y Fn(Bexp)1090 865 y Fs(t)283 1094 y Fu(where)27
b Fs(t)34 b Ft(2)25 b Fw(T)p Fu(.)g(Sp)s(ecify)g(the)h(transition)d
(system)j(and)f(pro)m(v)m(e)h(that)e(the)i(meaning)d(of)i
Fs(b)30 b Fu(de\014ned)283 1215 y(in)i(this)g(w)m(a)m(y)i(is)e(the)h
(same)g(as)g(that)f(de\014ned)i(b)m(y)f Ft(B)t Fu(.)1487
b Fh(2)283 1479 y Fw(Exercise)37 b(2.13)49 b Fu(Determine)i(whether)i
(or)e(not)h(seman)m(tic)g(equiv)-5 b(alence)52 b(of)f
Fs(S)3349 1494 y Fn(1)3441 1479 y Fu(and)h Fs(S)3717
1494 y Fn(2)283 1600 y Fu(amoun)m(ts)33 b(to)f Ft(S)864
1615 y Fn(ns)935 1600 y Fu([)-17 b([)q Fs(S)1040 1615
y Fn(1)1079 1600 y Fu(])g(])33 b(=)f Ft(S)1325 1615 y
Fn(ns)1396 1600 y Fu([)-17 b([)q Fs(S)1501 1615 y Fn(2)1540
1600 y Fu(])g(])q(.)2076 b Fh(2)283 1964 y Fj(2.2)161
b(Structural)53 b(op)t(erational)i(seman)l(tics)283 2194
y Fu(In)34 b(structural)g(op)s(erational)d(seman)m(tics)j(the)g
(emphasis)f(is)g(on)h(the)g Fs(individual)h(steps)41
b Fu(of)33 b(the)283 2314 y(execution,)i(that)f(is)f(the)i(execution)f
(of)f(assignmen)m(ts)i(and)e(tests.)49 b(The)35 b(transition)d
(relation)283 2435 y(has)h(the)g(form)527 2664 y Ft(h)p
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g Fo(\015)283
2893 y Fu(where)39 b Fo(\015)j Fu(either)37 b(is)f(of)h(the)g(form)f
Ft(h)p Fs(S)1675 2857 y Fi(0)1698 2893 y Fu(,)i Fs(s)1811
2857 y Fi(0)1835 2893 y Ft(i)e Fu(or)h(of)g(the)g(form)f
Fs(s)2605 2857 y Fi(0)2628 2893 y Fu(.)57 b(The)38 b(transition)e
(expresses)283 3014 y(the)30 b Fs(\014rst)39 b Fu(step)31
b(of)e(the)h(execution)g(of)f Fs(S)41 b Fu(from)28 b(state)i
Fs(s)8 b Fu(.)43 b(There)30 b(are)g(t)m(w)m(o)g(p)s(ossible)f
(outcomes:)429 3243 y Ft(\017)48 b Fu(If)25 b Fo(\015)k
Fu(is)24 b(of)g(the)h(form)e Ft(h)p Fs(S)1378 3207 y
Fi(0)1401 3243 y Fu(,)j Fs(s)1502 3207 y Fi(0)1526 3243
y Ft(i)e Fu(then)h(the)g(execution)g(of)f Fs(S)36 b Fu(from)23
b Fs(s)33 b Fu(is)24 b Fs(not)34 b Fu(completed)24 b(and)527
3363 y(the)42 b(remaining)e(computation)g(is)h(expressed)k(b)m(y)d(the)
g(in)m(termediate)f(con\014guration)527 3484 y Ft(h)p
Fs(S)633 3447 y Fi(0)656 3484 y Fu(,)33 b Fs(s)764 3447
y Fi(0)787 3484 y Ft(i)p Fu(.)429 3713 y Ft(\017)48 b
Fu(If)32 b Fo(\015)k Fu(is)31 b(of)g(the)g(form)g Fs(s)1362
3677 y Fi(0)1416 3713 y Fu(then)h(the)g(execution)g(of)f
Fs(S)43 b Fu(from)30 b Fs(s)40 b(has)f Fu(terminated)30
b(and)h(the)527 3833 y(\014nal)h(state)h(is)f Fs(s)1129
3797 y Fi(0)1153 3833 y Fu(.)283 4063 y(W)-8 b(e)33 b(shall)f(sa)m(y)h
(that)f Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b
Fu(is)g Fs(stuck)44 b Fu(if)31 b(there)i(is)f(no)h Fo(\015)k
Fu(suc)m(h)d(that)f Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8
b Ft(i)32 b(\))g Fo(\015)5 b Fu(.)430 4188 y(The)45 b(de\014nition)f
(of)g Ft(\))g Fu(is)g(giv)m(en)h(b)m(y)g(the)g(axioms)e(and)i(rules)f
(of)g(T)-8 b(able)45 b(2.2)f(and)g(the)283 4308 y(general)36
b(form)g(of)g(these)h(are)g(as)g(in)e(the)i(previous)g(section.)56
b(Axioms)35 b([ass)3082 4323 y Fn(sos)3178 4308 y Fu(])i(and)f([skip)
3633 4323 y Fn(sos)3729 4308 y Fu(])283 4429 y(ha)m(v)m(e)46
b(not)e(c)m(hanged)i(at)d(all)g(b)s(ecause)i(the)g(assignmen)m(t)f(and)
g Fr(skip)i Fu(statemen)m(ts)f(are)f(fully)283 4549 y(executed)35
b(in)d(one)h(step.)430 4675 y(The)k(rules)f([comp)1138
4639 y Fn(1)1126 4699 y(sos)1221 4675 y Fu(])g(and)g([comp)1744
4639 y Fn(2)1732 4699 y(sos)1827 4675 y Fu(])g(express)j(that)d(to)g
(execute)i Fs(S)2992 4690 y Fn(1)3031 4675 y Fu(;)p Fs(S)3125
4690 y Fn(2)3201 4675 y Fu(in)d(state)i Fs(s)44 b Fu(w)m(e)283
4795 y(\014rst)34 b(execute)g Fs(S)901 4810 y Fn(1)973
4795 y Fu(one)f(step)g(from)f Fs(s)8 b Fu(.)43 b(Then)34
b(there)f(are)g(t)m(w)m(o)g(p)s(ossible)f(outcomes:)429
5024 y Ft(\017)48 b Fu(If)31 b(the)g(execution)h(of)e
Fs(S)1400 5039 y Fn(1)1470 5024 y Fu(has)i(not)e(b)s(een)i(completed)e
(w)m(e)i(ha)m(v)m(e)g(to)f(complete)f(it)g(b)s(efore)527
5145 y(em)m(barking)i(on)h(the)g(execution)g(of)f Fs(S)1922
5160 y Fn(2)1961 5145 y Fu(.)429 5374 y Ft(\017)48 b
Fu(If)35 b(the)g(execution)h(of)e Fs(S)1416 5389 y Fn(1)1490
5374 y Fu(has)i(b)s(een)f(completed)g(w)m(e)h(can)f(start)g(on)f(the)i
(execution)f(of)527 5494 y Fs(S)594 5509 y Fn(2)634 5494
y Fu(.)p eop
%%Page: 33 43
33 42 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
(tics)1506 b(33)p 0 193 3473 4 v 0 419 V 0 2340 4 1922
v 331 528 a Fu([ass)483 543 y Fn(sos)579 528 y Fu(])348
b Ft(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
b Ft(i)33 b(\))f Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])331 743 y([skip)529
758 y Fn(sos)624 743 y Fu(])303 b Ft(h)o Fr(skip)p Fu(,)34
b Fs(s)8 b Ft(i)33 b(\))f Fs(s)331 1035 y Fu([comp)598
999 y Fn(1)586 1059 y(sos)681 1035 y Fu(])1097 948 y
Ft(h)p Fs(S)1203 963 y Fn(1)1242 948 y Fu(,)h Fs(s)8
b Ft(i)32 b(\))g(h)p Fs(S)1659 912 y Fi(0)1659 973 y
Fn(1)1698 948 y Fu(,)h Fs(s)1806 912 y Fi(0)1829 948
y Ft(i)p 964 1012 1038 4 v 964 1116 a(h)o Fs(S)1069 1131
y Fn(1)1109 1116 y Fu(;)p Fs(S)1203 1131 y Fn(2)1242
1116 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1659 1080
y Fi(0)1659 1141 y Fn(1)1698 1116 y Fu(;)p Fs(S)1792
1131 y Fn(2)1832 1116 y Fu(,)g Fs(s)1939 1080 y Fi(0)1963
1116 y Ft(i)331 1397 y Fu([comp)598 1361 y Fn(2)586 1422
y(sos)681 1397 y Fu(])1152 1310 y Ft(h)p Fs(S)1258 1325
y Fn(1)1297 1310 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))g Fs(s)1656
1274 y Fi(0)p 964 1374 905 4 v 964 1478 a Ft(h)o Fs(S)1069
1493 y Fn(1)1109 1478 y Fu(;)p Fs(S)1203 1493 y Fn(2)1242
1478 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1659 1493
y Fn(2)1698 1478 y Fu(,)h Fs(s)1806 1442 y Fi(0)1829
1478 y Ft(i)331 1682 y Fu([if)428 1646 y Fn(tt)416 1707
y(sos)510 1682 y Fu(])417 b Ft(h)o Fr(if)34 b Fs(b)k
Fr(then)c Fs(S)1516 1697 y Fn(1)1587 1682 y Fr(else)g
Fs(S)1892 1697 y Fn(2)1931 1682 y Fu(,)f Fs(s)8 b Ft(i)32
b(\))g(h)p Fs(S)2348 1697 y Fn(1)2387 1682 y Fu(,)h Fs(s)8
b Ft(i)32 b Fu(if)g Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fw(tt)331 1897 y Fu([if)428
1861 y Fn(\013)416 1922 y(sos)510 1897 y Fu(])417 b Ft(h)o
Fr(if)34 b Fs(b)k Fr(then)c Fs(S)1516 1912 y Fn(1)1587
1897 y Fr(else)g Fs(S)1892 1912 y Fn(2)1931 1897 y Fu(,)f
Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)2348 1912 y Fn(2)2387
1897 y Fu(,)h Fs(s)8 b Ft(i)32 b Fu(if)g Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)331
2112 y Fu([while)581 2127 y Fn(sos)675 2112 y Fu(])252
b Ft(h)o Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b
Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))1281 2279 y(h)p Fr(if)g
Fs(b)39 b Fr(then)33 b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)g
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p
Fu(,)f Fs(s)8 b Ft(i)p 3469 2340 4 1922 v 0 2343 3473
4 v 574 2504 a Fu(T)-8 b(able)32 b(2.2:)43 b(Structural)32
b(op)s(erational)e(seman)m(tics)j(for)f Fw(While)0 2798
y Fu(The)h(\014rst)g(case)g(is)e(captured)i(b)m(y)g(the)g(rule)e([comp)
1874 2762 y Fn(1)1862 2822 y(sos)1957 2798 y Fu(]:)43
b(If)32 b(the)h(result)f(of)g(executing)g(the)h(\014rst)0
2918 y(step)e(of)e Ft(h)p Fs(S)12 b Fu(,)29 b Fs(s)8
b Ft(i)30 b Fu(is)f(an)h(in)m(termediate)f(con\014guration)g
Ft(h)o Fs(S)2076 2882 y Fi(0)2076 2943 y Fn(1)2116 2918
y Fu(,)h Fs(s)2221 2882 y Fi(0)2244 2918 y Ft(i)g Fu(then)g(the)h(next)
f(con\014guration)0 3039 y(is)g Ft(h)p Fs(S)202 3002
y Fi(0)202 3063 y Fn(1)241 3039 y Fu(;)p Fs(S)335 3054
y Fn(2)375 3039 y Fu(,)h Fs(s)481 3002 y Fi(0)504 3039
y Ft(i)g Fu(sho)m(wing)g(that)f(w)m(e)i(ha)m(v)m(e)h(to)d(complete)g
(the)h(execution)h(of)e Fs(S)2823 3054 y Fn(1)2893 3039
y Fu(b)s(efore)h(w)m(e)h(can)0 3159 y(start)f(on)f Fs(S)432
3174 y Fn(2)471 3159 y Fu(.)43 b(The)32 b(second)g(case)f(ab)s(o)m(v)m
(e)h(is)e(captured)i(b)m(y)f(the)g(rule)f([comp)2792
3123 y Fn(2)2780 3184 y(sos)2875 3159 y Fu(]:)43 b(If)30
b(the)h(result)0 3279 y(of)g(executing)g Fs(S)611 3294
y Fn(1)682 3279 y Fu(from)e Fs(s)40 b Fu(is)30 b(a)h(\014nal)f(state)i
Fs(s)1667 3243 y Fi(0)1721 3279 y Fu(then)g(the)f(next)h
(con\014guration)e(is)h Ft(h)p Fs(S)3118 3294 y Fn(2)3157
3279 y Fu(,)i Fs(s)3265 3243 y Fi(0)3288 3279 y Ft(i)p
Fu(,)e(so)0 3400 y(that)h(w)m(e)i(can)f(no)m(w)g(start)g(on)f
Fs(S)1173 3415 y Fn(2)1212 3400 y Fu(.)146 3524 y(F)-8
b(rom)47 b(the)i(axioms)e([if)1043 3488 y Fn(tt)1031
3549 y(sos)1125 3524 y Fu(])h(and)h([if)1503 3488 y Fn(\013)1491
3549 y(sos)1585 3524 y Fu(])f(w)m(e)h(see)h(that)e(the)g(\014rst)h
(step)g(in)f(executing)h(a)0 3645 y(conditional)22 b(is)j(to)g(p)s
(erform)f(the)h(test)h(and)f(to)g(select)h(the)f(appropriate)f(branc)m
(h.)42 b(Finally)-8 b(,)24 b(the)0 3765 y(axiom)i([while)535
3780 y Fn(sos)629 3765 y Fu(])h(sho)m(ws)i(that)e(the)h(\014rst)g(step)
g(in)e(the)i(execution)g(of)f(the)h Fr(while)p Fu(-construct)h(is)0
3886 y(to)i(unfold)f(it)g(one)h(lev)m(el,)g(that)g(is)f(to)h(rewrite)g
(it)e(as)j(a)e(conditional.)41 b(The)32 b(test)f(will)e(therefore)0
4006 y(b)s(e)h(p)s(erformed)g(in)g(the)g(second)i(step)f(of)f(the)g
(execution)h(\(where)g(one)g(of)f(the)g(axioms)f(for)h(the)0
4126 y Fr(if)p Fu(-construct)k(is)e(applied\).)42 b(W)-8
b(e)33 b(shall)e(see)j(an)e(example)h(of)f(this)g(shortly)-8
b(.)146 4251 y(A)33 b Fs(derivation)h(se)-5 b(quenc)g(e)39
b Fu(of)32 b(a)g(statemen)m(t)i Fs(S)44 b Fu(starting)32
b(in)f(state)i Fs(s)41 b Fu(is)32 b(either)145 4476 y
Ft(\017)49 b Fu(a)32 b Fs(\014nite)40 b Fu(sequence)458
4700 y Fo(\015)515 4715 y Fn(0)554 4700 y Fu(,)33 b Fo(\015)670
4715 y Fn(1)709 4700 y Fu(,)g Fo(\015)825 4715 y Fn(2)864
4700 y Fu(,)g Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Fo(\015)1156
4715 y Fn(k)244 4925 y Fu(of)24 b(con\014gurations)g(satisfying)g
Fo(\015)1451 4940 y Fn(0)1515 4925 y Fu(=)g Ft(h)p Fs(S)12
b Fu(,)24 b Fs(s)8 b Ft(i)p Fu(,)27 b Fo(\015)1969 4940
y Fn(i)2017 4925 y Ft(\))d Fo(\015)2197 4940 y Fn(i+1)2335
4925 y Fu(for)h(0)p Ft(\024)p Fu(i)p Fo(<)p Fu(k,)g(k)p
Ft(\025)q Fu(0,)h(and)f(where)244 5045 y Fo(\015)300
5060 y Fn(k)374 5045 y Fu(is)32 b(either)g(a)h(terminal)d
(con\014guration)h(or)i(a)f(stuc)m(k)i(con\014guration,)e(or)g(it)g(is)
145 5270 y Ft(\017)49 b Fu(an)32 b Fs(in\014nite)40 b
Fu(sequence)458 5494 y Fo(\015)515 5509 y Fn(0)554 5494
y Fu(,)33 b Fo(\015)670 5509 y Fn(1)709 5494 y Fu(,)g
Fo(\015)825 5509 y Fn(2)864 5494 y Fu(,)g Ft(\001)17
b(\001)g(\001)p eop
%%Page: 34 44
34 43 bop 251 130 a Fw(34)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fu(of)32
b(con\014gurations)h(satisfying)e Fo(\015)1758 530 y
Fn(0)1830 515 y Fu(=)i Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8
b Ft(i)32 b Fu(and)h Fo(\015)2469 530 y Fn(i)2525 515
y Ft(\))f Fo(\015)2713 530 y Fn(i+1)2860 515 y Fu(for)g(0)p
Ft(\024)p Fu(i)283 715 y(W)-8 b(e)40 b(shall)d(write)i
Fo(\015)1004 730 y Fn(0)1082 715 y Ft(\))1181 678 y Fn(i)1244
715 y Fo(\015)1300 730 y Fn(i)1362 715 y Fu(to)g(indicate)f(that)g
(there)i(are)e(i)g(steps)i(in)e(the)i(execution)f(from)283
835 y Fo(\015)339 850 y Fn(0)413 835 y Fu(to)c Fo(\015)591
850 y Fn(i)649 835 y Fu(and)g(w)m(e)g(write)f Fo(\015)1294
850 y Fn(0)1367 835 y Ft(\))1467 799 y Fi(\003)1541 835
y Fo(\015)1597 850 y Fn(i)1655 835 y Fu(to)h(indicate)e(that)h(there)i
(is)e(a)g(\014nite)g(n)m(um)m(b)s(er)h(of)f(steps.)283
955 y(Note)i(that)f Fo(\015)792 970 y Fn(0)867 955 y
Ft(\))966 919 y Fn(i)1025 955 y Fo(\015)1081 970 y Fn(i)1140
955 y Fu(and)g Fo(\015)1389 970 y Fn(0)1463 955 y Ft(\))1563
919 y Fi(\003)1637 955 y Fo(\015)1693 970 y Fn(i)1752
955 y Fu(need)i Fs(not)44 b Fu(b)s(e)36 b(deriv)-5 b(ation)33
b(sequences:)53 b(they)36 b(will)d(b)s(e)283 1076 y(so)g(if)f(and)g
(only)g(if)g Fo(\015)1042 1091 y Fn(i)1098 1076 y Fu(is)g(either)h(a)f
(terminal)e(con\014guration)i(or)g(a)g(stuc)m(k)j(con\014guration.)283
1298 y Fw(Example)i(2.14)49 b Fu(Consider)33 b(the)g(statemen)m(t)527
1497 y(\()p Fr(z)g Fu(:=)g Fr(x)p Fu(;)f Fr(x)h Fu(:=)g
Fr(y)p Fu(\);)g Fr(y)f Fu(:=)h Fr(z)283 1697 y Fu(of)j(Chapter)h(1)f
(and)g(let)g Fs(s)1252 1712 y Fn(0)1328 1697 y Fu(b)s(e)g(the)h(state)f
(that)g(maps)g(all)e(v)-5 b(ariables)35 b(except)j Fr(x)e
Fu(and)h Fr(y)f Fu(to)g Fw(0)283 1817 y Fu(and)d(that)g(has)f
Fs(s)906 1832 y Fn(0)979 1817 y Fr(x)g Fu(=)h Fw(5)f
Fu(and)h Fs(s)1497 1832 y Fn(0)1569 1817 y Fr(y)g Fu(=)f
Fw(7)p Fu(.)44 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)h(the)f(deriv)-5
b(ation)31 b(sequence:)527 2016 y Ft(h)p Fu(\()p Fr(z)i
Fu(:=)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(y)p Fu(\);)h
Fr(y)g Fu(:=)g Fr(z)p Fu(,)f Fs(s)1680 2031 y Fn(0)1720
2016 y Ft(i)934 2184 y(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p
Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)1813 2199 y
Fn(0)1853 2184 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p
Ft(i)934 2351 y(\))f(h)p Fr(y)h Fu(:=)f Fr(z)p Fu(,)h(\()p
Fs(s)1521 2366 y Fn(0)1561 2351 y Fu([)p Fr(z)p Ft(7!)p
Fw(5)p Fu(]\)[)p Fr(x)p Ft(7!)p Fw(7)p Fu(])p Ft(i)934
2519 y(\))f Fu(\(\()p Fs(s)1190 2534 y Fn(0)1230 2519
y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(]\)[)p Fr(x)p Ft(7!)p
Fw(7)p Fu(]\)[)p Fr(y)p Ft(7!)p Fw(5)p Fu(])283 2718
y(Corresp)s(onding)c(to)g Fs(e)-5 b(ach)34 b Fu(of)28
b(these)h(steps)g(w)m(e)g(ha)m(v)m(e)g Fs(derivation)h(tr)-5
b(e)g(es)36 b Fu(explaining)26 b(wh)m(y)j(they)283 2839
y(tak)m(e)34 b(place.)43 b(F)-8 b(or)32 b(the)h(\014rst)g(step)527
3038 y Ft(h)p Fu(\()p Fr(z)g Fu(:=)f Fr(x)p Fu(;)h Fr(x)g
Fu(:=)f Fr(y)p Fu(\);)h Fr(y)g Fu(:=)g Fr(z)p Fu(,)f
Fs(s)1680 3053 y Fn(0)1720 3038 y Ft(i)g(\))g(h)p Fr(x)h
Fu(:=)f Fr(y)p Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)2670
3053 y Fn(0)2710 3038 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p
Fu(])p Ft(i)283 3237 y Fu(the)g(deriv)-5 b(ation)31 b(tree)j(is)1314
3408 y Ft(h)p Fr(z)f Fu(:=)f Fr(x)p Fu(,)h Fs(s)1731
3423 y Fn(0)1771 3408 y Ft(i)f(\))g Fs(s)2022 3423 y
Fn(0)2061 3408 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p
527 3495 2583 4 v 945 3699 a Ft(h)p Fr(z)h Fu(:=)f Fr(x)p
Fu(;)h Fr(x)g Fu(:=)f Fr(y)p Fu(,)h Fs(s)1692 3714 y
Fn(0)1732 3699 y Ft(i)f(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p
Fu(,)h Fs(s)2352 3714 y Fn(0)2392 3699 y Fu([)p Fr(z)p
Ft(7!)p Fw(5)p Fu(])p Ft(i)p 527 3786 V 577 3991 a(h)p
Fu(\()p Fr(z)g Fu(:=)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(y)p
Fu(\);)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)1730 4006
y Fn(0)1770 3991 y Ft(i)f(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p
Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)2720 4006 y
Fn(0)2760 3991 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p
Ft(i)283 4193 y Fu(and)41 b(it)e(has)i(b)s(een)g(constructed)h(from)d
(the)i(axiom)e([ass)2404 4208 y Fn(sos)2500 4193 y Fu(])h(and)g(the)h
(rules)g([comp)3449 4157 y Fn(1)3437 4218 y(sos)3531
4193 y Fu(])g(and)283 4313 y([comp)550 4277 y Fn(2)538
4338 y(sos)633 4313 y Fu(].)49 b(The)36 b(deriv)-5 b(ation)33
b(tree)i(for)f(the)g(second)i(step)g(is)d(constructed)k(in)c(a)h
(similar)e(w)m(a)m(y)283 4434 y(using)j(only)g([ass)910
4449 y Fn(sos)1006 4434 y Fu(])g(and)g([comp)1527 4398
y Fn(2)1515 4458 y(sos)1610 4434 y Fu(])g(and)g(for)g(the)g(third)g
(step)h(it)e(simply)f(is)i(an)g(instance)g(of)283 4554
y([ass)435 4569 y Fn(sos)531 4554 y Fu(].)3096 b Fh(2)283
4777 y Fw(Example)37 b(2.15)49 b Fu(Assume)37 b(that)f
Fs(s)45 b Fr(x)36 b Fu(=)h Fw(3)p Fu(.)55 b(The)37 b(\014rst)g(step)g
(of)f(execution)h(from)e(the)i(con-)283 4897 y(\014guration)527
5096 y Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(;)c Fr(while)h
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)g Fo(?)g Fr(x)p Fu(;)f Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)283 5295
y Fu(will)31 b(giv)m(e)h(the)h(con\014guration)527 5494
y Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f
Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p
Ft(i)p eop
%%Page: 35 45
35 44 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
(tics)1506 b(35)p 0 193 3473 4 v 0 515 a Fu(This)39 b(is)g(ac)m(hiev)m
(ed)h(using)e(the)i(axiom)d([ass)1617 530 y Fn(sos)1713
515 y Fu(])i(and)g(the)g(rule)g([comp)2618 479 y Fn(2)2606
540 y(sos)2701 515 y Fu(])g(as)g(sho)m(wn)h(b)m(y)g(the)0
636 y(deriv)-5 b(ation)31 b(tree:)929 798 y Ft(h)p Fr(y)p
Fu(:=)p Fr(1)p Fu(,)i Fs(s)8 b Ft(i)32 b(\))g Fs(s)8
b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p 244 885 2235 4
v 294 1089 a Ft(h)o Fr(y)p Fu(:=)p Fr(1)p Fu(;)34 b Fr(while)f
Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8 b Ft(i)32 b(\))362
1257 y(h)o Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p
Ft(i)0 1440 y Fu(The)43 b(next)h(step)f(of)f(the)h(execution)g(will)d
(rewrite)i(the)h(lo)s(op)e(as)i(a)f(conditional)e(using)i(the)0
1561 y(axiom)31 b([while)540 1576 y Fn(sos)634 1561 y
Fu(])i(so)g(w)m(e)g(get)g(the)g(con\014guration)244 1751
y Ft(h)p Fr(if)g Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))g Fr(then)g Fu(\(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)q
Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\);)1046 1919 y Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))e Fr(do)i Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
Fo(?)p Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\)\))771 2086 y Fr(else)g(skip)p Fu(,)h Fs(s)8
b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p Ft(i)0 2276 y Fu(The)38
b(follo)m(wing)c(step)k(will)d(p)s(erform)h(the)i(test)g(and)f(yields)g
(\(according)f(to)h([if)2937 2240 y Fn(tt)2925 2301 y(sos)3019
2276 y Fu(]\))g(the)h(con-)0 2397 y(\014guration)244
2587 y Ft(h)p Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p
Fu(;)33 b Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\);)h
Fr(while)f Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h
Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8
b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p Ft(i)0 2777 y Fu(W)-8
b(e)33 b(can)g(then)g(use)h([ass)890 2792 y Fn(sos)985
2777 y Fu(],)f([comp)1339 2741 y Fn(2)1327 2802 y(sos)1422
2777 y Fu(])g(and)f([comp)1938 2741 y Fn(1)1926 2802
y(sos)2021 2777 y Fu(])h(to)f(obtain)f(the)i(con\014guration)244
2967 y Ft(h)p Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(;)g Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f
Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p Fu(])p
Ft(i)0 3157 y Fu(as)33 b(is)f(v)m(eri\014ed)h(b)m(y)h(the)f(deriv)-5
b(ation)31 b(tree:)1156 3339 y Ft(h)p Fr(y)p Fu(:=)p
Fr(y)p Fo(?)p Fr(x)p Fu(,)i Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
Fw(1)p Fu(])p Ft(i\))o Fs(s)g Fu([)p Fr(y)p Ft(7!)p Fw(3)p
Fu(])p 204 3426 3066 4 v 723 3630 a Ft(h)p Fr(y)p Fu(:=)p
Fr(y)p Fo(?)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(x)p
Ft(\000)p Fr(1)p Fu(,)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
Fw(1)p Fu(])p Ft(i\)h)o Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(,)34 b Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p
Fu(])p Ft(i)p 204 3717 V 253 3922 a(h)p Fu(\()p Fr(y)p
Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\);)h Fr(while)g Ft(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p
Fu(])p Ft(i)32 b(\))507 4089 y(h)p Fr(x)p Fu(:=)p Fr(x)p
Ft(\000)p Fr(1)p Fu(;)i Fr(while)g Ft(:)p Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p
Fu(])p Ft(i)0 4282 y Fu(Using)32 b([ass)426 4297 y Fn(sos)522
4282 y Fu(])h(and)f([comp)1038 4246 y Fn(2)1026 4307
y(sos)1121 4282 y Fu(])h(the)g(next)g(con\014guration)f(will)e(then)k
(b)s(e)244 4473 y Ft(h)p Fr(while)f Ft(:)q Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p
Fu(][)p Fr(x)p Ft(7!)p Fw(2)p Fu(])p Ft(i)0 4663 y Fu(Con)m(tin)m(uing)
32 b(in)g(this)g(w)m(a)m(y)i(w)m(e)f(ev)m(en)m(tually)h(reac)m(h)f(the)
g(\014nal)f(state)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(6)p
Fu(][)p Fr(x)p Ft(7!)p Fw(1)p Fu(].)304 b Fh(2)0 4873
y Fw(Exercise)36 b(2.16)49 b Fu(Construct)34 b(a)e(deriv)-5
b(ation)31 b(sequence)36 b(for)c(the)h(statemen)m(t)244
5064 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0
5254 y(when)24 b(executed)h(in)d(a)g(state)h(where)h
Fr(x)f Fu(has)g(the)g(v)-5 b(alue)22 b Fw(17)h Fu(and)g
Fr(y)g Fu(has)g(the)g(v)-5 b(alue)22 b Fw(5)p Fu(.)40
b(Determine)0 5374 y(a)33 b(state)g Fs(s)41 b Fu(suc)m(h)35
b(that)d(the)i(deriv)-5 b(ation)31 b(sequence)36 b(obtained)c(for)h
(the)g(ab)s(o)m(v)m(e)h(statemen)m(t)f(and)0 5494 y Fs(s)41
b Fu(is)32 b(in\014nite.)2893 b Fh(2)p eop
%%Page: 36 46
36 45 bop 251 130 a Fw(36)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(Giv)m(en)30
b(a)g(statemen)m(t)h Fs(S)42 b Fu(in)29 b(the)i(language)e
Fw(While)g Fu(and)h(a)g(state)g Fs(s)39 b Fu(it)29 b(is)h(alw)m(a)m(ys)
h(p)s(ossible)283 636 y(to)43 b(\014nd)g Fs(at)i(le)-5
b(ast)44 b(one)50 b Fu(deriv)-5 b(ation)41 b(sequence)46
b(that)d(starts)g(in)f(the)h(con\014guration)f Ft(h)p
Fs(S)12 b Fu(,)43 b Fs(s)8 b Ft(i)p Fu(:)283 756 y(simply)29
b(apply)h(axioms)e(and)j(rules)f(forev)m(er)g(or)g(un)m(til)f(a)g
(terminal)f(or)i(stuc)m(k)h(con\014guration)e(is)283
877 y(reac)m(hed.)60 b(Insp)s(ection)37 b(of)g(T)-8 b(able)37
b(2.2)g(sho)m(ws)i(that)e(there)h(are)f(no)h(stuc)m(k)h
(con\014gurations)e(in)283 997 y Fw(While)30 b Fu(and)i(Exercise)g
(2.22)f(b)s(elo)m(w)g(will)e(sho)m(w)k(that)e(there)h(is)f(in)g(fact)g
(only)g(one)g(deriv)-5 b(ation)283 1117 y(sequence)41
b(that)c(starts)h(with)f Ft(h)p Fs(S)12 b Fu(,)37 b Fs(s)8
b Ft(i)p Fu(.)59 b(Ho)m(w)m(ev)m(er,)41 b(some)c(of)g(the)h(constructs)
h(considered)g(in)283 1238 y(Section)k(2.4)g(that)f(extend)j
Fw(While)c Fu(will)f(ha)m(v)m(e)45 b(con\014gurations)d(that)h(are)g
(stuc)m(k)h(or)f(more)283 1358 y(than)33 b(one)g(deriv)-5
b(ation)31 b(sequence)k(that)e(starts)g(in)e(a)i(giv)m(en)f
(con\014guration.)430 1496 y(In)j(analogy)f(with)h(the)h(terminology)d
(of)h(the)i(previous)g(section)f(w)m(e)h(shall)e(sa)m(y)i(that)f(the)
283 1616 y(execution)f(of)e(a)g(statemen)m(t)h Fs(S)45
b Fu(on)32 b(a)g(state)h Fs(s)429 1905 y Ft(\017)48 b
Fs(terminates)e Fu(if)36 b(and)i(only)g(if)e(there)j(is)e(a)g(\014nite)
h(deriv)-5 b(ation)36 b(sequence)k(starting)d(with)527
2025 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o Fu(,)33
b(and)429 2314 y Ft(\017)48 b Fs(lo)-5 b(ops)54 b Fu(if)46
b(and)g(only)g(if)f(there)j(is)e(an)g(in\014nite)g(deriv)-5
b(ation)44 b(sequence)50 b(starting)45 b(with)527 2434
y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o Fu(.)283
2723 y(W)-8 b(e)37 b(shall)d(sa)m(y)j(that)f(the)g(execution)g(of)g
Fs(S)47 b Fu(on)36 b Fs(s)44 b(terminates)37 b(suc)-5
b(c)g(essful)5 b(ly)45 b Fu(if)34 b Ft(h)p Fs(S)12 b
Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))3613 2687 y Fi(\003)3685
2723 y Fs(s)3733 2687 y Fi(0)283 2844 y Fu(for)k(some)f(state)i
Fs(s)974 2807 y Fi(0)997 2844 y Fu(;)h(in)d Fw(While)f
Fu(an)i(execution)g(terminates)f(successfully)i(if)e(and)h(only)f(if)g
(it)283 2964 y(terminates)e(b)s(ecause)h(there)g(are)f(no)g(stuc)m(k)i
(con\014gurations.)45 b(Finally)-8 b(,)30 b(w)m(e)k(shall)e(sa)m(y)i
(that)f(a)283 3084 y(statemen)m(t)e Fs(S)42 b(always)32
b(terminates)38 b Fu(if)29 b(it)g(terminates)h(on)g(all)e(states,)k
(and)e Fs(always)i(lo)-5 b(ops)38 b Fu(if)29 b(it)283
3205 y(lo)s(ops)j(on)g(all)f(states.)283 3570 y Fw(Exercise)37
b(2.17)49 b Fu(Extend)42 b Fw(While)d Fu(with)i(the)g(construct)h
Fr(repeat)g Fs(S)53 b Fr(until)42 b Fs(b)k Fu(and)41
b(sp)s(ec-)283 3690 y(ify)i(the)g(structural)g(op)s(erational)e(seman)m
(tics)i(for)f(it.)74 b(\(The)44 b(seman)m(tics)f(for)f(the)i
Fr(repeat)p Fu(-)283 3811 y(construct)34 b(is)e(not)h(allo)m(w)m(ed)e
(to)i(rely)f(on)h(the)g(existence)h(of)e(a)g Fr(while)p
Fu(-construct.\))380 b Fh(2)283 4158 y Fw(Exercise)37
b(2.18)49 b Fu(Extend)42 b Fw(While)c Fu(with)j(the)f(construct)i
Fr(for)f Fs(x)52 b Fu(:=)41 b Fs(a)2989 4173 y Fn(1)3069
4158 y Fr(to)g Fs(a)3269 4173 y Fn(2)3349 4158 y Fr(do)g
Fs(S)52 b Fu(and)283 4279 y(sp)s(ecify)31 b(the)f(structural)f(op)s
(erational)e(seman)m(tics)j(for)f(it.)42 b(Hin)m(t:)f(Y)-8
b(ou)30 b(ma)m(y)f(need)i(to)e(assume)283 4399 y(that)j(y)m(ou)g(ha)m
(v)m(e)h(an)e(\\in)m(v)m(erse")h(to)f Ft(N)15 b Fu(,)31
b(so)h(that)f(there)h(is)f(a)h(n)m(umeral)e(for)h(eac)m(h)h(n)m(um)m(b)
s(er)g(that)283 4520 y(ma)m(y)40 b(arise)g(during)f(the)i(computation.)
64 b(\(The)41 b(seman)m(tics)f(for)g(the)g Fr(for)p Fu(-construct)h(is)
f(not)283 4640 y(allo)m(w)m(ed)32 b(to)h(rely)f(on)g(the)h(existence)i
(of)d(a)g Fr(while)p Fu(-construct.\))1080 b Fh(2)283
5034 y Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283
5254 y Fu(F)-8 b(or)44 b(structural)g(op)s(erational)e(seman)m(tics)i
(it)f(is)h(often)h(useful)f(to)g(conduct)h(pro)s(ofs)f(b)m(y)h(in-)283
5374 y(duction)40 b(on)g(the)g Fs(length)47 b Fu(of)39
b(the)h(deriv)-5 b(ation)39 b(sequences.)68 b(The)41
b(pro)s(of)e(tec)m(hnique)i(ma)m(y)f(b)s(e)283 5494 y(summarized)32
b(as)h(follo)m(ws:)p eop
%%Page: 37 47
37 46 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
(tics)1506 b(37)p 0 193 3473 4 v 0 419 3470 4 v 0 436
V -2 643 4 208 v 15 643 V 544 564 a(Induction)32 b(on)g(the)h(Length)g
(of)g(Deriv)-6 b(ation)31 b(Sequences)p 3452 643 V 3469
643 V 0 647 3470 4 v -2 895 4 249 v 15 895 V 66 812 a
Fu(1:)143 b(Pro)m(v)m(e)34 b(that)f(the)g(prop)s(ert)m(y)g(holds)f(for)
g(all)f(deriv)-5 b(ation)31 b(sequences)k(of)e(length)f(0.)p
3452 895 V 3469 895 V -2 1424 4 529 v 15 1424 V 66 980
a(2:)143 b(Pro)m(v)m(e)35 b(that)d(the)i(prop)s(ert)m(y)f(holds)g(for)f
(all)f(other)i(deriv)-5 b(ation)31 b(sequences:)47 b(Assume)285
1100 y(that)39 b(the)h(prop)s(ert)m(y)g(holds)f(for)g(all)e(deriv)-5
b(ation)38 b(sequences)k(of)d(length)g(at)g(most)g(k)285
1220 y(\(this)31 b(is)f(called)g(the)h Fs(induction)i(hyp)-5
b(othesis)p Fu(\))31 b(and)g(sho)m(w)h(that)e(it)g(holds)h(for)f(deriv)
-5 b(a-)285 1341 y(tion)32 b(sequences)k(of)c(length)g(k+1.)p
3452 1424 V 3469 1424 V 0 1427 3470 4 v 0 1444 V 0 1640
a(The)27 b(induction)f(step)h(of)g(a)f(pro)s(of)g(follo)m(wing)d(this)k
(principle)e(will)f(often)i(b)s(e)h(done)g(b)m(y)h(insp)s(ect-)0
1760 y(ing)k(either)145 1960 y Ft(\017)49 b Fu(the)33
b(structure)h(of)e(the)h(syn)m(tactic)g(elemen)m(t,)g(or)145
2162 y Ft(\017)49 b Fu(the)33 b(deriv)-5 b(ation)31 b(tree)i(v)-5
b(alidating)29 b(the)k(\014rst)h(transition)c(of)j(the)g(deriv)-5
b(ation)30 b(sequence.)0 2361 y(Note)j(that)f(the)h(pro)s(of)f(tec)m
(hnique)i(is)e(a)g(simple)f(application)f(of)i(mathematical)e
(induction.)146 2482 y(T)-8 b(o)30 b(illustrate)e(the)i(use)h(of)e(the)
i(pro)s(of)e(tec)m(hnique)i(w)m(e)g(shall)d(pro)m(v)m(e)j(the)f(follo)m
(wing)e(lemma)0 2602 y(\(to)22 b(b)s(e)h(used)g(in)f(the)h(next)g
(section\).)40 b(In)m(tuitiv)m(ely)-8 b(,)24 b(the)f(lemma)d(expresses)
26 b(that)c(the)h(execution)0 2723 y(of)35 b(a)h(comp)s(osite)e
(construct)j Fs(S)1159 2738 y Fn(1)1198 2723 y Fu(;)p
Fs(S)1292 2738 y Fn(2)1367 2723 y Fu(can)f(b)s(e)g(split)e(in)m(to)h(t)
m(w)m(o)h(parts,)h(one)f(corresp)s(onding)g(to)0 2843
y Fs(S)67 2858 y Fn(1)139 2843 y Fu(and)c(the)h(other)g(corresp)s
(onding)g(to)f Fs(S)1564 2858 y Fn(2)1603 2843 y Fu(.)p
0 2963 3473 5 v 0 3134 a Fw(Lemma)37 b(2.19)49 b Fu(If)26
b Ft(h)p Fs(S)842 3149 y Fn(1)881 3134 y Fu(;)p Fs(S)975
3149 y Fn(2)1015 3134 y Fu(,)h Fs(s)8 b Ft(i)26 b(\))1282
3098 y Fn(k)1349 3134 y Fs(s)1397 3098 y Fi(00)1466 3134
y Fu(then)h(there)g(exists)g(a)f(state)h Fs(s)2544 3098
y Fi(0)2593 3134 y Fu(and)f(natural)g(n)m(um)m(b)s(ers)0
3254 y(k)51 3269 y Fn(1)123 3254 y Fu(and)33 b(k)364
3269 y Fn(2)437 3254 y Fu(suc)m(h)h(that)e Ft(h)p Fs(S)974
3269 y Fn(1)1013 3254 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1292
3218 y Fn(k)1329 3227 y Fd(1)1400 3254 y Fs(s)1448 3218
y Fi(0)1504 3254 y Fu(and)h Ft(h)o Fs(S)1799 3269 y Fn(2)1839
3254 y Fu(,)f Fs(s)1946 3218 y Fi(0)1970 3254 y Ft(i)g(\))2141
3218 y Fn(k)2178 3227 y Fd(2)2249 3254 y Fs(s)2297 3218
y Fi(00)2372 3254 y Fu(where)i(k)f(=)f(k)2897 3269 y
Fn(1)2937 3254 y Fu(+k)3064 3269 y Fn(2)3104 3254 y Fu(.)p
0 3375 V 0 3574 a Fw(Pro)s(of:)44 b Fu(The)39 b(pro)s(of)f(is)g(b)m(y)h
(induction)f(on)g(the)h(n)m(um)m(b)s(er)g(k,)i(that)d(is)g(b)m(y)h
(induction)f(on)g(the)0 3695 y(length)32 b(of)g(the)h(deriv)-5
b(ation)31 b(sequence)k Ft(h)p Fs(S)1545 3710 y Fn(1)1584
3695 y Fu(;)p Fs(S)1678 3710 y Fn(2)1718 3695 y Fu(,)d
Fs(s)8 b Ft(i)33 b(\))1996 3659 y Fn(k)2070 3695 y Fs(s)2118
3659 y Fi(00)2161 3695 y Fu(.)146 3815 y(If)g(k)g(=)f(0)h(then)g(the)g
(result)f(holds)g(v)-5 b(acuously)d(.)146 3936 y(F)g(or)26
b(the)h(induction)f(step)i(w)m(e)g(assume)f(that)f(the)h(lemma)e(holds)
h(for)h(k)33 b Ft(\024)g Fu(k)2889 3951 y Fn(0)2955 3936
y Fu(and)27 b(w)m(e)h(shall)0 4056 y(pro)m(v)m(e)34 b(it)d(for)h(k)560
4071 y Fn(0)600 4056 y Fu(+1.)43 b(So)33 b(assume)g(that)244
4256 y Ft(h)p Fs(S)350 4271 y Fn(1)389 4256 y Fu(;)p
Fs(S)483 4271 y Fn(2)522 4256 y Fu(,)g Fs(s)8 b Ft(i)32
b(\))801 4219 y Fn(k)838 4228 y Fd(0)873 4219 y Fn(+1)1000
4256 y Fs(s)1048 4219 y Fi(00)0 4455 y Fu(This)h(means)f(that)h(the)g
(deriv)-5 b(ation)31 b(sequence)k(can)e(b)s(e)g(written)f(as)244
4655 y Ft(h)p Fs(S)350 4670 y Fn(1)389 4655 y Fu(;)p
Fs(S)483 4670 y Fn(2)522 4655 y Fu(,)h Fs(s)8 b Ft(i)32
b(\))g Fo(\015)38 b Ft(\))1022 4619 y Fn(k)1059 4628
y Fd(0)1130 4655 y Fs(s)1178 4619 y Fi(00)0 4854 y Fu(for)29
b(some)h(con\014guration)f Fo(\015)5 b Fu(.)43 b(No)m(w)30
b(one)h(of)e(t)m(w)m(o)i(cases)g(applies)e(dep)s(ending)h(on)g(whic)m
(h)g(of)g(the)0 4975 y(t)m(w)m(o)j(rules)g([comp)685
4939 y Fn(1)673 4999 y(sos)768 4975 y Fu(])f(and)h([comp)1284
4939 y Fn(2)1272 4999 y(sos)1367 4975 y Fu(])f(w)m(as)i(used)g(to)e
(obtain)f Ft(h)p Fs(S)2365 4990 y Fn(1)2404 4975 y Fu(;)p
Fs(S)2498 4990 y Fn(2)2538 4975 y Fu(,)h Fs(s)8 b Ft(i)33
b(\))f Fo(\015)5 b Fu(.)146 5095 y(In)33 b(the)g(\014rst)g(case)h
(where)g([comp)1393 5059 y Fn(1)1381 5120 y(sos)1475
5095 y Fu(])f(is)f(used)i(w)m(e)f(ha)m(v)m(e)244 5295
y Ft(h)p Fs(S)350 5310 y Fn(1)389 5295 y Fu(;)p Fs(S)483
5310 y Fn(2)522 5295 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))g(h)p
Fs(S)939 5259 y Fi(0)939 5319 y Fn(1)978 5295 y Fu(;)p
Fs(S)1072 5310 y Fn(2)1112 5295 y Fu(,)g Fs(s)1219 5259
y Fi(0)1243 5295 y Ft(i)0 5494 y Fu(b)s(ecause)p eop
%%Page: 38 48
38 47 bop 251 130 a Fw(38)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fs(S)633
530 y Fn(1)672 515 y Fu(,)c Fs(s)8 b Ft(i)32 b(\))g(h)p
Fs(S)1089 479 y Fi(0)1089 540 y Fn(1)1128 515 y Fu(,)h
Fs(s)1236 479 y Fi(0)1259 515 y Ft(i)283 732 y Fu(W)-8
b(e)33 b(therefore)h(ha)m(v)m(e)527 950 y Ft(h)p Fs(S)633
913 y Fi(0)633 974 y Fn(1)672 950 y Fu(;)p Fs(S)766 965
y Fn(2)806 950 y Fu(,)e Fs(s)913 913 y Fi(0)937 950 y
Ft(i)g(\))1108 913 y Fn(k)1145 922 y Fd(0)1216 950 y
Fs(s)1264 913 y Fi(00)283 1167 y Fu(and)37 b(the)h(induction)e(h)m(yp)s
(othesis)i(can)f(b)s(e)g(applied)f(to)g(this)h(deriv)-5
b(ation)35 b(sequence)k(b)s(ecause)283 1287 y(it)29 b(is)h(shorter)h
(than)f(the)g(one)h(w)m(e)g(started)f(with.)43 b(This)30
b(means)g(that)g(there)g(is)g(a)g(state)g Fs(s)3529 1302
y Fn(0)3599 1287 y Fu(and)283 1408 y(natural)i(n)m(um)m(b)s(ers)h(k)
1069 1423 y Fn(1)1142 1408 y Fu(and)f(k)1382 1423 y Fn(2)1455
1408 y Fu(suc)m(h)i(that)527 1625 y Ft(h)p Fs(S)633 1588
y Fi(0)633 1649 y Fn(1)672 1625 y Fu(,)f Fs(s)780 1588
y Fi(0)803 1625 y Ft(i)g(\))974 1588 y Fn(k)1011 1597
y Fd(1)1083 1625 y Fs(s)1131 1640 y Fn(0)1203 1625 y
Fu(and)f Ft(h)p Fs(S)1498 1640 y Fn(2)1537 1625 y Fu(,)h
Fs(s)1645 1640 y Fn(0)1685 1625 y Ft(i)f(\))1855 1588
y Fn(k)1892 1597 y Fd(2)1964 1625 y Fs(s)2012 1588 y
Fi(00)283 1842 y Fu(where)i(k)616 1857 y Fn(1)656 1842
y Fu(+k)783 1857 y Fn(2)823 1842 y Fu(=k)950 1857 y Fn(0)990
1842 y Fu(.)43 b(Using)32 b(that)h Ft(h)p Fs(S)1652 1857
y Fn(1)1691 1842 y Fu(,)f Fs(s)8 b Ft(i)33 b(\))f(h)p
Fs(S)2108 1806 y Fi(0)2107 1866 y Fn(1)2147 1842 y Fu(,)h
Fs(s)2255 1806 y Fi(0)2278 1842 y Ft(i)f Fu(and)h Ft(h)p
Fs(S)2645 1806 y Fi(0)2644 1866 y Fn(1)2684 1842 y Fu(,)f
Fs(s)2791 1806 y Fi(0)2815 1842 y Ft(i)g(\))2986 1806
y Fn(k)3023 1815 y Fd(1)3094 1842 y Fs(s)3142 1857 y
Fn(0)3214 1842 y Fu(w)m(e)i(get)527 2059 y Ft(h)p Fs(S)633
2074 y Fn(1)672 2059 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))951
2023 y Fn(k)988 2032 y Fd(1)1023 2023 y Fn(+1)1150 2059
y Fs(s)1198 2074 y Fn(0)283 2276 y Fu(W)-8 b(e)34 b(ha)m(v)m(e)g
(already)f(seen)h(that)f Ft(h)o Fs(S)1551 2291 y Fn(2)1591
2276 y Fu(,)g Fs(s)1699 2291 y Fn(0)1738 2276 y Ft(i)g(\))1909
2240 y Fn(k)1946 2249 y Fd(2)2018 2276 y Fs(s)2066 2240
y Fi(00)2142 2276 y Fu(and)g(since)g(\(k)2660 2291 y
Fn(1)2700 2276 y Fu(+1\)+k)2990 2291 y Fn(2)3062 2276
y Fu(=)g(k)3222 2291 y Fn(0)3262 2276 y Fu(+1)g(w)m(e)h(ha)m(v)m(e)283
2396 y(pro)m(v)m(ed)h(the)e(required)g(result.)430 2520
y(The)f(second)h(p)s(ossibilit)m(y)c(is)h(that)i([comp)1980
2483 y Fn(2)1968 2544 y(sos)2062 2520 y Fu(])g(has)f(b)s(een)h(used)h
(to)e(obtain)f(the)h(deriv)-5 b(ation)283 2640 y Ft(h)p
Fs(S)389 2655 y Fn(1)428 2640 y Fu(;)p Fs(S)522 2655
y Fn(2)562 2640 y Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f Fo(\015)5
b Fu(.)43 b(Then)34 b(w)m(e)g(ha)m(v)m(e)527 2857 y Ft(h)p
Fs(S)633 2872 y Fn(1)672 2857 y Fu(,)f Fs(s)8 b Ft(i)32
b(\))g Fs(s)1031 2821 y Fi(0)283 3074 y Fu(and)h Fo(\015)38
b Fu(is)32 b Ft(h)p Fs(S)766 3089 y Fn(2)805 3074 y Fu(,)g
Fs(s)912 3038 y Fi(0)936 3074 y Ft(i)g Fu(so)h(that)527
3291 y Ft(h)p Fs(S)633 3306 y Fn(2)672 3291 y Fu(,)g
Fs(s)780 3255 y Fi(0)803 3291 y Ft(i)g(\))974 3255 y
Fn(k)1011 3264 y Fd(0)1083 3291 y Fs(s)1131 3255 y Fi(00)283
3508 y Fu(The)h(result)e(no)m(w)i(follo)m(ws)d(b)m(y)j(c)m(ho)s(osing)e
(k)1862 3523 y Fn(1)1902 3508 y Fu(=1)g(and)g(k)2299
3523 y Fn(2)2339 3508 y Fu(=k)2466 3523 y Fn(0)2506 3508
y Fu(.)1148 b Fh(2)283 3842 y Fw(Exercise)37 b(2.20)49
b Fu(Supp)s(ose)27 b(that)f Ft(h)o Fs(S)1661 3857 y Fn(1)1701
3842 y Fu(;)p Fs(S)1795 3857 y Fn(2)1834 3842 y Fu(,)h
Fs(s)8 b Ft(i\))2075 3806 y Fi(\003)2114 3842 y Ft(h)p
Fs(S)2220 3857 y Fn(2)2259 3842 y Fu(,)28 b Fs(s)2362
3806 y Fi(0)2385 3842 y Ft(i)p Fu(.)41 b(Sho)m(w)27 b(that)e(it)g(is)h
Fs(not)35 b Fu(necessarily)283 3962 y(the)e(case)h(that)e
Ft(h)p Fs(S)975 3977 y Fn(1)1014 3962 y Fu(,)h Fs(s)8
b Ft(i\))1260 3926 y Fi(\003)1300 3962 y Fs(s)1348 3926
y Fi(0)1371 3962 y Fu(.)2283 b Fh(2)283 4210 y Fw(Exercise)37
b(2.21)49 b(\(Essen)m(tial\))30 b Fu(Pro)m(v)m(e)k(that)527
4427 y(if)e Ft(h)p Fs(S)723 4442 y Fn(1)762 4427 y Fu(,)g
Fs(s)8 b Ft(i)33 b(\))1040 4391 y Fn(k)1114 4427 y Fs(s)1162
4391 y Fi(0)1218 4427 y Fu(then)g Ft(h)p Fs(S)1546 4442
y Fn(1)1585 4427 y Fu(;)p Fs(S)1679 4442 y Fn(2)1719
4427 y Fu(,)f Fs(s)8 b Ft(i)33 b(\))1997 4391 y Fn(k)2071
4427 y Ft(h)p Fs(S)2177 4442 y Fn(2)2216 4427 y Fu(,)g
Fs(s)2324 4391 y Fi(0)2347 4427 y Ft(i)283 4644 y Fu(that)g(is)f(the)h
(execution)g(of)f Fs(S)1375 4659 y Fn(1)1447 4644 y Fu(is)g(not)h
(in\015uenced)g(b)m(y)h(the)f(statemen)m(t)g(follo)m(wing)d(it.)240
b Fh(2)430 4891 y Fu(In)25 b(the)h(previous)g(section)f(w)m(e)h
(de\014ned)h(a)e(notion)f(of)h(determinism)e(based)j(on)f(the)h
(natural)283 5012 y(seman)m(tics.)59 b(F)-8 b(or)37 b(the)h(structural)
f(op)s(erational)e(seman)m(tics)j(w)m(e)g(de\014ne)h(the)f(similar)c
(notion)283 5132 y(as)g(follo)m(ws.)46 b(The)35 b(seman)m(tics)e(of)h
(T)-8 b(able)33 b(2.2)g(is)h Fs(deterministic)k Fu(if)33
b(for)g(all)e(c)m(hoices)k(of)e Fs(S)12 b Fu(,)34 b Fs(s)8
b Fu(,)34 b Fo(\015)283 5252 y Fu(and)f Fo(\015)529 5216
y Fi(0)585 5252 y Fu(w)m(e)h(ha)m(v)m(e)f(that)527 5470
y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g
Fo(\015)38 b Fu(and)32 b Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8
b Ft(i)33 b(\))f Fo(\015)1695 5433 y Fi(0)1751 5470 y
Fu(imply)e Fo(\015)38 b Fu(=)32 b Fo(\015)2277 5433 y
Fi(0)p eop
%%Page: 39 49
39 48 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
(tics)1506 b(39)p 0 193 3473 4 v 0 515 a(Exercise)36
b(2.22)49 b(\(Essen)m(tial\))d Fu(Sho)m(w)j(that)f(the)g(structural)g
(op)s(erational)e(seman)m(tics)i(of)0 636 y(T)-8 b(able)38
b(2.2)g(is)g(deterministic.)60 b(Deduce)39 b(that)f(there)h(is)f
(exactly)h(one)g(deriv)-5 b(ation)37 b(sequence)0 756
y(starting)25 b(in)g(a)h(con\014guration)f Ft(h)p Fs(S)12
b Fu(,)26 b Fs(s)8 b Ft(i)p Fu(.)41 b(Argue)26 b(that)g(a)g(statemen)m
(t)h Fs(S)37 b Fu(of)26 b Fw(While)e Fu(cannot)j(b)s(oth)0
877 y(terminate)34 b(and)h(lo)s(op)f(on)h(a)g(state)g
Fs(s)44 b Fu(and)35 b(hence)h(it)f(cannot)g(b)s(oth)g(b)s(e)g(alw)m(a)m
(ys)h(terminating)0 997 y(and)d(alw)m(a)m(ys)g(lo)s(oping.)2555
b Fh(2)146 1166 y Fu(In)31 b(the)g(previous)h(section)e(w)m(e)i
(de\014ned)g(a)f(notion)e(of)h(t)m(w)m(o)i(statemen)m(ts)g
Fs(S)2848 1181 y Fn(1)2917 1166 y Fu(and)f Fs(S)3172
1181 y Fn(2)3242 1166 y Fu(b)s(eing)0 1287 y(seman)m(tically)26
b(equiv)-5 b(alen)m(t.)41 b(The)29 b(similar)24 b(notion)i(can)i(b)s(e)
g(de\014ned)h(based)f(on)g(the)g(structural)0 1407 y(op)s(erational)i
(seman)m(tics:)44 b Fs(S)1060 1422 y Fn(1)1132 1407 y
Fu(and)32 b Fs(S)1388 1422 y Fn(2)1460 1407 y Fu(are)h
Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 b(quivalent)41 b
Fu(if)31 b(for)h(all)f(states)i Fs(s)145 1567 y Ft(\017)49
b(h)p Fs(S)350 1582 y Fn(1)389 1567 y Fu(,)32 b Fs(s)8
b Ft(i)31 b(\))666 1530 y Fi(\003)737 1567 y Fo(\015)37
b Fu(if)30 b(and)i(only)f(if)f Ft(h)p Fs(S)1509 1582
y Fn(2)1548 1567 y Fu(,)i Fs(s)8 b Ft(i)32 b(\))1825
1530 y Fi(\003)1896 1567 y Fo(\015)5 b Fu(,)32 b(whenev)m(er)j
Fo(\015)h Fu(is)31 b(a)h(con\014guration)f(that)244 1687
y(is)h(either)g(stuc)m(k)j(or)d(terminal,)e(and)145 1876
y Ft(\017)49 b Fu(there)30 b(is)e(an)h(in\014nite)f(deriv)-5
b(ation)28 b(sequence)k(starting)c(in)g Ft(h)p Fs(S)2475
1891 y Fn(1)2514 1876 y Fu(,)i Fs(s)8 b Ft(i)29 b Fu(if)f(and)h(only)g
(if)f(there)244 1996 y(is)k(one)h(starting)e(in)h Ft(h)p
Fs(S)1104 2011 y Fn(2)1143 1996 y Fu(,)h Fs(s)8 b Ft(i)p
Fu(.)0 2155 y(Note)47 b(that)f(in)g(the)g(\014rst)h(case)h(the)f
(length)e(of)h(the)h(t)m(w)m(o)g(deriv)-5 b(ation)45
b(sequences)50 b(ma)m(y)c(b)s(e)0 2276 y(di\013eren)m(t.)0
2445 y Fw(Exercise)36 b(2.23)49 b Fu(Sho)m(w)f(that)f(the)h(follo)m
(wing)d(statemen)m(ts)j(of)e Fw(While)g Fu(are)h(seman)m(tically)0
2566 y(equiv)-5 b(alen)m(t)32 b(in)g(the)h(ab)s(o)m(v)m(e)h(sense:)145
2725 y Ft(\017)49 b Fs(S)12 b Fu(;)p Fr(skip)33 b Fu(and)g
Fs(S)145 2914 y Ft(\017)49 b Fr(while)34 b Fs(b)k Fr(do)33
b Fs(S)45 b Fu(and)32 b Fr(if)h Fs(b)39 b Fr(then)33
b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33
b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)145 3103 y Ft(\017)49
b Fs(S)311 3118 y Fn(1)350 3103 y Fu(;\()p Fs(S)482 3118
y Fn(2)521 3103 y Fu(;)p Fs(S)615 3118 y Fn(3)655 3103
y Fu(\))32 b(and)h(\()p Fs(S)1020 3118 y Fn(1)1059 3103
y Fu(;)p Fs(S)1153 3118 y Fn(2)1193 3103 y Fu(\);)p Fs(S)1325
3118 y Fn(3)0 3262 y Fu(Y)-8 b(ou)42 b(ma)m(y)g(use)i(the)e(result)g
(of)g(Exercise)i(2.22.)72 b(Discuss)43 b(to)f(what)g(exten)m(t)i(the)f
(notion)e(of)0 3382 y(seman)m(tic)24 b(equiv)-5 b(alence)25
b(in)m(tro)s(duced)g(ab)s(o)m(v)m(e)g(is)f(the)i(same)e(as)h(that)f
(de\014ned)i(from)e(the)h(natural)0 3503 y(seman)m(tics.)2961
b Fh(2)0 3672 y Fw(Exercise)36 b(2.24)49 b Fu(Pro)m(v)m(e)37
b(that)f Fr(repeat)h Fs(S)47 b Fr(until)37 b Fs(b)k Fu(\(as)36
b(de\014ned)h(in)d(Exercise)j(2.17\))e(is)g(se-)0 3793
y(man)m(tically)30 b(equiv)-5 b(alen)m(t)32 b(to)g Fs(S)12
b Fu(;)33 b Fr(while)h Ft(:)f Fs(b)38 b Fr(do)33 b Fs(S)12
b Fu(.)1512 b Fh(2)0 4074 y Fp(The)44 b(seman)l(tic)j(function)d
FC(S)1440 4092 y Fk(sos)0 4259 y Fu(As)f(in)f(the)h(previous)g(section)
f(the)h Fs(me)-5 b(aning)50 b Fu(of)42 b(statemen)m(ts)h(can)g(b)s(e)g
(summarized)e(b)m(y)j(a)0 4379 y(\(partial\))30 b(function)i(from)g
Fw(State)g Fu(to)g Fw(State)p Fu(:)244 4538 y Ft(S)312
4553 y Fn(sos)407 4538 y Fu(:)43 b Fw(Stm)32 b Ft(!)g
Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(\))0
4698 y(It)h(is)f(giv)m(en)g(b)m(y)244 4939 y Ft(S)312
4954 y Fn(sos)407 4939 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])q Fs(s)40 b Fu(=)738 4764 y Fg(8)738 4839 y(<)738
4988 y(:)853 4854 y Fs(s)901 4818 y Fi(0)1179 4854 y
Fu(if)31 b Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
b(\))1652 4818 y Fi(\003)1724 4854 y Fs(s)1772 4818 y
Fi(0)853 5022 y Fu(undef)p 853 5035 243 4 v 91 w(otherwise)0
5180 y(The)h(w)m(ell-de\014nedness)g(of)e(the)h(de\014nition)e(follo)m
(ws)h(from)f(Exercise)j(2.22.)0 5349 y Fw(Exercise)i(2.25)49
b Fu(Determine)i(whether)i(or)f(not)g(seman)m(tic)f(equiv)-5
b(alence)53 b(of)e Fs(S)3066 5364 y Fn(1)3157 5349 y
Fu(and)h Fs(S)3433 5364 y Fn(2)0 5470 y Fu(amoun)m(ts)32
b(to)h Ft(S)580 5485 y Fn(sos)676 5470 y Fu([)-17 b([)p
Fs(S)780 5485 y Fn(1)819 5470 y Fu(])g(])34 b(=)e Ft(S)1066
5485 y Fn(sos)1161 5470 y Fu([)-17 b([)p Fs(S)1265 5485
y Fn(2)1305 5470 y Fu(])g(].)2029 b Fh(2)p eop
%%Page: 40 50
40 49 bop 251 130 a Fw(40)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fj(2.3)161
b(An)53 b(equiv)-9 b(alence)55 b(result)283 734 y Fu(W)-8
b(e)29 b(ha)m(v)m(e)g(giv)m(en)e(t)m(w)m(o)i(de\014nitions)e(of)g(the)h
(seman)m(tics)g(of)f Fw(While)f Fu(and)i(w)m(e)h(shall)d(no)m(w)i
(address)283 855 y(the)33 b(question)g(of)g(their)f(equiv)-5
b(alence.)p 283 975 3473 5 v 283 1142 a Fw(Theorem)38
b(2.26)49 b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e
Fs(S)44 b Fu(of)32 b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g
Ft(S)2863 1157 y Fn(ns)2934 1142 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])33 b(=)g Ft(S)3284 1157 y Fn(sos)3380
1142 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 283
1263 V 283 1459 a(This)33 b(result)g(expresses)i(t)m(w)m(o)f(prop)s
(erties:)429 1655 y Ft(\017)48 b Fu(If)27 b(the)g(execution)g(of)f
Fs(S)38 b Fu(from)26 b(some)g(state)h(terminates)f(in)g(one)g(of)h(the)
f(seman)m(tics)h(then)527 1776 y(it)32 b(also)g(terminates)f(in)h(the)h
(other)g(and)g(the)g(resulting)e(states)j(will)c(b)s(e)j(equal.)429
1977 y Ft(\017)48 b Fu(If)36 b(the)g(execution)h(of)e
Fs(S)48 b Fu(from)34 b(some)i(state)g(lo)s(ops)f(in)g(one)h(of)f(the)h
(seman)m(tics)g(then)h(it)527 2097 y(will)31 b(also)g(lo)s(op)g(in)h
(the)h(other.)283 2294 y(It)26 b(should)g(b)s(e)g(fairly)e(ob)m(vious)i
(that)g(the)g(\014rst)g(prop)s(ert)m(y)h(follo)m(ws)d(from)h(the)h
(theorem)f(b)s(ecause)283 2414 y(there)i(are)f(no)f(stuc)m(k)i
(con\014gurations)f(in)f(the)h(structural)f(op)s(erational)e(seman)m
(tics)j(of)f Fw(While)p Fu(.)283 2534 y(F)-8 b(or)40
b(the)h(other)f(prop)s(ert)m(y)h(supp)s(ose)h(that)e(the)h(execution)g
(of)e Fs(S)53 b Fu(on)40 b(state)g Fs(s)49 b Fu(lo)s(ops)39
b(in)h(one)283 2655 y(of)c(the)g(seman)m(tics.)52 b(If)36
b(it)e(terminates)h(in)g(the)h(other)f(seman)m(tics)h(w)m(e)h(ha)m(v)m
(e)g(a)e(con)m(tradiction)283 2775 y(with)27 b(the)g(\014rst)g(prop)s
(ert)m(y)h(b)s(ecause)g(b)s(oth)f(seman)m(tics)g(are)f(deterministic)f
(\(Theorem)i(2.9)g(and)283 2895 y(Exercise)34 b(2.22\).)43
b(Hence)34 b Fs(S)44 b Fu(will)31 b(ha)m(v)m(e)j(to)e(lo)s(op)f(on)h
(state)h Fs(s)41 b Fu(also)32 b(in)f(the)i(other)g(seman)m(tics.)430
3016 y(The)g(theorem)f(is)f(pro)m(v)m(ed)j(in)d(t)m(w)m(o)h(stages)h
(as)f(expressed)j(b)m(y)e(Lemma)e(2.27)g(and)h(Lemma)283
3136 y(2.28)g(b)s(elo)m(w.)44 b(W)-8 b(e)33 b(shall)e(\014rst)i(pro)m
(v)m(e:)p 283 3257 V 283 3424 a Fw(Lemma)38 b(2.27)49
b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44
b Fu(of)32 b Fw(While)f Fu(and)i(states)g Fs(s)41 b Fu(and)33
b Fs(s)3134 3388 y Fi(0)3190 3424 y Fu(w)m(e)g(ha)m(v)m(e)527
3620 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g
Fs(s)992 3584 y Fi(0)1048 3620 y Fu(implies)e Ft(h)p
Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))1763 3584 y
Fi(\003)1835 3620 y Fs(s)1883 3584 y Fi(0)1907 3620 y
Fu(.)283 3817 y(So)40 b(if)e(the)i(execution)g(of)f Fs(S)51
b Fu(from)38 b Fs(s)47 b Fu(terminates)39 b(in)f(the)i(natural)e(seman)
m(tics)i(then)g(it)e(will)283 3937 y(terminate)32 b(in)g(the)h(same)f
(state)h(in)f(the)h(structural)f(op)s(erational)e(seman)m(tics.)p
283 4057 V 283 4254 a Fw(Pro)s(of:)45 b Fu(The)40 b(pro)s(of)e(pro)s
(ceeds)i(b)m(y)g(induction)e(on)g(the)i(shap)s(e)f(of)f(the)i(deriv)-5
b(ation)37 b(tree)i(for)283 4374 y Ft(h)p Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 4338 y Fi(0)772 4374
y Fu(.)283 4542 y Fw(The)h(case)g Fu([ass)891 4557 y
Fn(ns)964 4542 y Fu(]:)43 b(W)-8 b(e)33 b(assume)g(that)527
4738 y Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b
Fs(s)8 b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283
4934 y(F)-8 b(rom)32 b([ass)692 4949 y Fn(sos)787 4934
y Fu(])h(w)m(e)h(get)e(the)h(required)527 5131 y Ft(h)p
Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(\))g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q
Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283 5327 y Fw(The)33
b(case)g Fu([skip)937 5342 y Fn(ns)1009 5327 y Fu(]:)44
b(Analogous.)283 5494 y Fw(The)33 b(case)g Fu([comp)994
5509 y Fn(ns)1065 5494 y Fu(]:)44 b(Assume)33 b(that)p
eop
%%Page: 41 51
41 50 bop 0 130 a Fw(2.3)112 b(An)38 b(equiv)-6 b(alence)37
b(result)2047 b(41)p 0 193 3473 4 v 244 515 a Ft(h)p
Fs(S)350 530 y Fn(1)389 515 y Fu(;)p Fs(S)483 530 y Fn(2)522
515 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)881 479 y
Fi(00)0 711 y Fu(b)s(ecause)244 907 y Ft(h)p Fs(S)350
922 y Fn(1)389 907 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)748
871 y Fi(0)804 907 y Fu(and)h Ft(h)o Fs(S)1099 922 y
Fn(2)1139 907 y Fu(,)f Fs(s)1246 871 y Fi(0)1270 907
y Ft(i)g(!)g Fs(s)1521 871 y Fi(00)0 1103 y Fu(The)f(induction)e(h)m
(yp)s(othesis)i(can)f(b)s(e)h(applied)d(to)i(b)s(oth)g(of)f(the)i
(premises)f Ft(h)p Fs(S)2871 1118 y Fn(1)2910 1103 y
Fu(,)h Fs(s)8 b Ft(i)29 b(!)h Fs(s)3262 1067 y Fi(0)3315
1103 y Fu(and)0 1224 y Ft(h)p Fs(S)106 1239 y Fn(2)145
1224 y Fu(,)j Fs(s)253 1187 y Fi(0)276 1224 y Ft(i)f(!)g
Fs(s)527 1187 y Fi(00)602 1224 y Fu(and)h(giv)m(es)244
1420 y Ft(h)p Fs(S)350 1435 y Fn(1)389 1420 y Fu(,)g
Fs(s)8 b Ft(i)32 b(\))667 1383 y Fi(\003)739 1420 y Fs(s)787
1383 y Fi(0)843 1420 y Fu(and)h Ft(h)p Fs(S)1139 1435
y Fn(2)1178 1420 y Fu(,)g Fs(s)1286 1383 y Fi(0)1309
1420 y Ft(i)f(\))1480 1383 y Fi(\003)1552 1420 y Fs(s)1600
1383 y Fi(00)0 1616 y Fu(F)-8 b(rom)31 b(Exercise)j(2.21)e(w)m(e)i(get)
244 1811 y Ft(h)p Fs(S)350 1826 y Fn(1)389 1811 y Fu(;)p
Fs(S)483 1826 y Fn(2)522 1811 y Fu(,)f Fs(s)8 b Ft(i)32
b(\))801 1775 y Fi(\003)873 1811 y Ft(h)p Fs(S)979 1826
y Fn(2)1018 1811 y Fu(,)g Fs(s)1125 1775 y Fi(0)1149
1811 y Ft(i)0 2007 y Fu(and)h(thereb)m(y)h Ft(h)p Fs(S)648
2022 y Fn(1)687 2007 y Fu(;)p Fs(S)781 2022 y Fn(2)820
2007 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))1099 1971 y Fi(\003)1171
2007 y Fs(s)1219 1971 y Fi(00)1261 2007 y Fu(.)0 2175
y Fw(The)h(case)g Fu([if)553 2139 y Fn(tt)541 2200 y(ns)611
2175 y Fu(]:)44 b(Assume)33 b(that)244 2371 y Ft(h)p
Fr(if)g Fs(b)38 b Fr(then)c Fs(S)806 2386 y Fn(1)877
2371 y Fr(else)g Fs(S)1182 2386 y Fn(2)1221 2371 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 2335 y Fi(0)0 2567 y
Fu(b)s(ecause)244 2763 y Ft(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h
Ft(h)p Fs(S)1043 2778 y Fn(1)1082 2763 y Fu(,)f Fs(s)8
b Ft(i)33 b(!)f Fs(s)1441 2727 y Fi(0)0 2959 y Fu(Since)h
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fw(tt)g Fu(w)m(e)i(get)244 3155 y Ft(h)p
Fr(if)f Fs(b)38 b Fr(then)c Fs(S)806 3170 y Fn(1)877
3155 y Fr(else)g Fs(S)1182 3170 y Fn(2)1221 3155 y Fu(,)f
Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1638 3170 y Fn(1)1677
3155 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1956 3119 y Fi(\003)2028
3155 y Fs(s)2076 3119 y Fi(0)0 3351 y Fu(where)39 b(the)f(\014rst)g
(relationship)e(comes)i(from)e([if)1828 3315 y Fn(tt)1816
3375 y(sos)1910 3351 y Fu(])i(and)g(the)g(second)h(from)d(the)i
(induction)0 3471 y(h)m(yp)s(othesis)c(applied)d(to)h(the)h(premise)g
Ft(h)o Fs(S)1573 3486 y Fn(1)1613 3471 y Fu(,)f Fs(s)8
b Ft(i)33 b(!)f Fs(s)1972 3435 y Fi(0)1995 3471 y Fu(.)0
3639 y Fw(The)h(case)g Fu([if)553 3603 y Fn(\013)541
3663 y(ns)611 3639 y Fu(]:)44 b(Analogous.)0 3806 y Fw(The)33
b(case)g Fu([while)718 3770 y Fn(tt)706 3831 y(ns)777
3806 y Fu(]:)43 b(Assume)34 b(that)244 4002 y Ft(h)p
Fr(while)f Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8
b Ft(i)33 b(!)f Fs(s)1216 3966 y Fi(00)0 4198 y Fu(b)s(ecause)244
4394 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(,)g Ft(h)p Fs(S)12 b Fu(,)32
b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1239 4358 y Fi(0)1295 4394
y Fu(and)g Ft(h)p Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12
b Fu(,)32 b Fs(s)2205 4358 y Fi(0)2228 4394 y Ft(i)h(!)f
Fs(s)2480 4358 y Fi(00)0 4590 y Fu(The)i(induction)d(h)m(yp)s(othesis)j
(can)f(b)s(e)g(applied)e(to)i(b)s(oth)f(of)g(the)h(premises)g
Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)3259
4554 y Fi(0)3315 4590 y Fu(and)0 4711 y Ft(h)p Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)721 4675 y
Fi(0)744 4711 y Ft(i)f(!)g Fs(s)995 4675 y Fi(00)1070
4711 y Fu(and)h(giv)m(es)244 4907 y Ft(h)p Fs(S)12 b
Fu(,)32 b Fs(s)8 b Ft(i)32 b(\))628 4870 y Fi(\003)700
4907 y Fs(s)748 4870 y Fi(0)804 4907 y Fu(and)h Ft(h)o
Fr(while)h Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1714
4870 y Fi(0)1737 4907 y Ft(i)h(\))1908 4870 y Fi(\003)1980
4907 y Fs(s)2028 4870 y Fi(00)0 5103 y Fu(Using)f(Exercise)i(2.21)e(w)m
(e)i(get)244 5299 y Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(\))1262 5262 y Fi(\003)1334 5299 y Fs(s)1382 5262 y
Fi(00)0 5494 y Fu(Using)g([while)524 5509 y Fn(sos)619
5494 y Fu(])g(and)h([if)965 5458 y Fn(tt)953 5519 y(sos)1047
5494 y Fu(])g(\(with)f Ft(B)s Fu([)-17 b([)q Fs(b)6 b
Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(\))g(w)m(e)i(get)e(the)h
(\014rst)g(t)m(w)m(o)g(steps)h(of)p eop
%%Page: 42 52
42 51 bop 251 130 a Fw(42)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fr(while)d
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)855
683 y(\))32 b(h)p Fr(if)h Fs(b)38 b Fr(then)c Fu(\()p
Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12
b Fu(\))32 b Fr(else)h(skip)p Fu(,)h Fs(s)8 b Ft(i)855
851 y(\))32 b(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)855 1018
y(\))955 982 y Fi(\003)1027 1018 y Fs(s)1075 982 y Fi(00)283
1225 y Fu(and)33 b(w)m(e)h(ha)m(v)m(e)g(already)e(argued)h(for)f(the)h
(last)e(part.)283 1392 y Fw(The)i(case)g Fu([while)1001
1356 y Fn(\013)989 1417 y(ns)1060 1392 y Fu(]:)44 b(Straigh)m(tforw)m
(ard.)1826 b Fh(2)430 1596 y Fu(This)45 b(completes)g(the)g(pro)s(of)f
(of)h(Lemma)f(2.27.)80 b(The)46 b(second)g(part)f(of)g(the)g(theorem)
283 1717 y(follo)m(ws)32 b(from:)p 283 1838 3473 5 v
283 2015 a Fw(Lemma)38 b(2.28)49 b Fu(F)-8 b(or)21 b(ev)m(ery)j
(statemen)m(t)e Fs(S)34 b Fu(of)21 b Fw(While)p Fu(,)i(states)g
Fs(s)30 b Fu(and)22 b Fs(s)2878 1979 y Fi(0)2923 2015
y Fu(and)h(natural)d(n)m(um)m(b)s(er)283 2136 y(k)33
b(w)m(e)h(ha)m(v)m(e)g(that)527 2342 y Ft(h)p Fs(S)12
b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))912 2306 y Fn(k)985
2342 y Fs(s)1033 2306 y Fi(0)1089 2342 y Fu(implies)e
Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1885
2306 y Fi(0)1908 2342 y Fu(.)283 2549 y(So)g(if)e(the)i(execution)g(of)
f Fs(S)43 b Fu(from)30 b Fs(s)39 b Fu(terminates)31 b(in)g(the)h
(structural)f(op)s(erational)e(seman)m(tics)283 2669
y(then)34 b(it)d(will)f(terminate)i(in)g(the)h(same)f(state)h(in)f(the)
h(natural)e(seman)m(tics.)p 283 2789 V 283 2996 a Fw(Pro)s(of:)38
b Fu(The)33 b(pro)s(of)f(pro)s(ceeds)h(b)m(y)h(induction)d(on)i(the)f
(length)g(of)g(the)h(deriv)-5 b(ation)31 b(sequence)283
3116 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))668
3080 y Fn(k)742 3116 y Fs(s)790 3080 y Fi(0)813 3116
y Fu(,)h(that)f(is)g(b)m(y)h(induction)f(on)h(k.)430
3237 y(If)f(k=0)h(then)g(the)g(result)g(holds)f(v)-5
b(acuously)d(.)430 3358 y(T)g(o)37 b(pro)m(v)m(e)h(the)g(induction)e
(step)i(w)m(e)g(assume)f(that)g(the)h(lemma)d(holds)h(for)h(k)c
Ft(\024)g Fu(k)3522 3373 y Fn(0)3599 3358 y Fu(and)283
3478 y(w)m(e)j(shall)d(then)i(pro)m(v)m(e)g(that)g(it)e(holds)h(for)g
(k)1919 3493 y Fn(0)1959 3478 y Fu(+1.)48 b(W)-8 b(e)35
b(pro)s(ceed)g(b)m(y)g(cases)h(on)f(ho)m(w)g(the)f(\014rst)283
3599 y(step)40 b(of)f Ft(h)o Fs(S)12 b Fu(,)39 b Fs(s)8
b Ft(i)39 b(\))1010 3563 y Fn(k)1047 3572 y Fd(0)1082
3563 y Fn(+1)1215 3599 y Fs(s)1263 3563 y Fi(0)1325 3599
y Fu(is)g(obtained,)h(that)e(is)h(b)m(y)g(insp)s(ecting)g(the)g(deriv)
-5 b(ation)37 b(tree)i(for)283 3719 y(the)33 b(\014rst)h(step)f(of)f
(computation)f(in)h(the)h(structural)f(op)s(erational)e(seman)m(tics.)
283 3887 y Fw(The)j(case)g Fu([ass)891 3902 y Fn(sos)987
3887 y Fu(]:)44 b(Straigh)m(tforw)m(ard)32 b(\(and)g(k)2065
3902 y Fn(0)2138 3887 y Fu(=)g(0\).)283 4054 y Fw(The)h(case)g
Fu([skip)937 4069 y Fn(sos)1033 4054 y Fu(]:)44 b(Straigh)m(tforw)m
(ard)31 b(\(and)i(k)2111 4069 y Fn(0)2183 4054 y Fu(=)g(0\).)283
4222 y Fw(The)g(cases)h Fu([comp)1051 4186 y Fn(1)1039
4247 y(sos)1134 4222 y Fu(])e(and)h([comp)1650 4186 y
Fn(2)1638 4247 y(sos)1733 4222 y Fu(]:)43 b(In)33 b(b)s(oth)f(cases)i
(w)m(e)g(assume)f(that)527 4428 y Ft(h)p Fs(S)633 4443
y Fn(1)672 4428 y Fu(;)p Fs(S)766 4443 y Fn(2)806 4428
y Fu(,)f Fs(s)8 b Ft(i)33 b(\))1084 4392 y Fn(k)1121
4401 y Fd(0)1156 4392 y Fn(+1)1283 4428 y Fs(s)1331 4392
y Fi(00)283 4635 y Fu(W)-8 b(e)40 b(can)f(no)m(w)h(apply)e(Lemma)g
(2.19)g(and)h(get)g(that)g(there)g(exists)h(a)e(state)i
Fs(s)3189 4599 y Fi(0)3251 4635 y Fu(and)f(natural)283
4755 y(n)m(um)m(b)s(ers)34 b(k)728 4770 y Fn(1)800 4755
y Fu(and)f(k)1041 4770 y Fn(2)1113 4755 y Fu(suc)m(h)h(that)527
4961 y Ft(h)p Fs(S)633 4976 y Fn(1)672 4961 y Fu(,)f
Fs(s)8 b Ft(i)32 b(\))951 4925 y Fn(k)988 4934 y Fd(1)1059
4961 y Fs(s)1107 4925 y Fi(0)1163 4961 y Fu(and)h Ft(h)p
Fs(S)1459 4976 y Fn(2)1498 4961 y Fu(,)g Fs(s)1606 4925
y Fi(0)1629 4961 y Ft(i)f(\))1800 4925 y Fn(k)1837 4934
y Fd(2)1908 4961 y Fs(s)1956 4925 y Fi(00)283 5168 y
Fu(where)c(k)610 5183 y Fn(1)650 5168 y Fu(+k)777 5183
y Fn(2)817 5168 y Fu(=k)944 5183 y Fn(0)984 5168 y Fu(+1.)41
b(The)28 b(induction)d(h)m(yp)s(othesis)j(can)f(no)m(w)g(b)s(e)g
(applied)f(to)g(eac)m(h)h(of)g(these)283 5288 y(deriv)-5
b(ation)31 b(sequences)36 b(b)s(ecause)e(k)1596 5303
y Fn(1)1669 5288 y Ft(\024)f Fu(k)1830 5303 y Fn(0)1902
5288 y Fu(and)g(k)2143 5303 y Fn(2)2215 5288 y Ft(\024)g
Fu(k)2376 5303 y Fn(0)2416 5288 y Fu(.)43 b(So)33 b(w)m(e)h(get)527
5494 y Ft(h)p Fs(S)633 5509 y Fn(1)672 5494 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 5458 y Fi(0)1087 5494
y Fu(and)h Ft(h)p Fs(S)1383 5509 y Fn(2)1422 5494 y Fu(,)g
Fs(s)1530 5458 y Fi(0)1553 5494 y Ft(i)f(!)g Fs(s)1804
5458 y Fi(00)p eop
%%Page: 43 53
43 52 bop 0 130 a Fw(2.3)112 b(An)38 b(equiv)-6 b(alence)37
b(result)2047 b(43)p 0 193 3473 4 v 0 515 a Fu(Using)32
b([comp)529 530 y Fn(ns)600 515 y Fu(])h(w)m(e)g(no)m(w)h(get)e(the)h
(required)g Ft(h)p Fs(S)1825 530 y Fn(1)1864 515 y Fu(;)p
Fs(S)1958 530 y Fn(2)1998 515 y Fu(,)f Fs(s)8 b Ft(i)33
b(!)f Fs(s)2357 479 y Fi(00)2399 515 y Fu(.)0 683 y Fw(The)h(case)g
Fu([if)553 647 y Fn(tt)541 708 y(sos)635 683 y Fu(]:)44
b(Assume)33 b(that)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)g(that)244 902
y Ft(h)p Fr(if)h Fs(b)38 b Fr(then)c Fs(S)806 917 y Fn(1)877
902 y Fr(else)g Fs(S)1182 917 y Fn(2)1221 902 y Fu(,)f
Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1638 917 y Fn(1)1677
902 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1956 865 y Fn(k)1993
874 y Fd(0)2065 902 y Fs(s)2113 865 y Fi(0)0 1120 y Fu(The)d(induction)
d(h)m(yp)s(othesis)j(can)f(b)s(e)g(applied)f(to)g(the)h(deriv)-5
b(ation)27 b(sequence)j Ft(h)p Fs(S)2975 1135 y Fn(1)3014
1120 y Fu(,)j Fs(s)8 b Ft(i)32 b(\))3293 1084 y Fn(k)3330
1093 y Fd(0)3401 1120 y Fs(s)3449 1084 y Fi(0)0 1240
y Fu(and)h(giv)m(es)244 1459 y Ft(h)p Fs(S)350 1474 y
Fn(1)389 1459 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)748
1423 y Fi(0)0 1678 y Fu(The)i(result)e(no)m(w)h(follo)m(ws)f(using)g
([if)1348 1641 y Fn(tt)1336 1702 y(ns)1406 1678 y Fu(].)0
1845 y Fw(The)h(case)g Fu([if)553 1809 y Fn(\013)541
1870 y(sos)635 1845 y Fu(]:)44 b(Analogous.)0 2013 y
Fw(The)33 b(case)g Fu([while)706 2028 y Fn(sos)800 2013
y Fu(]:)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 2231 y Ft(h)p
Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8
b Ft(i)571 2399 y(\))33 b(h)o Fr(if)g Fs(b)39 b Fr(then)33
b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33
b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p Fu(,)g Fs(s)8
b Ft(i)571 2567 y(\))671 2530 y Fn(k)708 2539 y Fd(0)780
2567 y Fs(s)828 2530 y Fi(00)0 2785 y Fu(The)46 b(induction)e(h)m(yp)s
(othesis)i(can)f(b)s(e)g(applied)f(to)g(the)h(k)2204
2800 y Fn(0)2289 2785 y Fu(last)f(steps)i(of)f(the)g(deriv)-5
b(ation)0 2905 y(sequence)35 b(and)e(giv)m(es)244 3124
y Ft(h)p Fr(if)g Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12
b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33
b Fr(else)g(skip)p Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2349
3088 y Fi(00)0 3343 y Fu(and)h(from)e(Lemma)g(2.5)h(w)m(e)i(get)f(the)g
(required)269 3510 y Ft(h)o Fr(while)h Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1241
3474 y Fi(00)3398 3510 y Fh(2)0 3789 y Fw(Pro)s(of)43
b(of)g(Theorem)g(2.26:)98 b Fu(F)-8 b(or)36 b(an)i(arbitrary)e
(statemen)m(t)i Fs(S)49 b Fu(and)38 b(state)g Fs(s)45
b Fu(it)37 b(follo)m(ws)0 3909 y(from)27 b(Lemmas)g(2.27)g(and)h(2.28)g
(that)g(if)f Ft(S)1555 3924 y Fn(ns)1627 3909 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q Fs(s)36 b Fu(=)27 b Fs(s)1996
3873 y Fi(0)2048 3909 y Fu(then)h Ft(S)2333 3924 y Fn(sos)2428
3909 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(s)36
b Fu(=)28 b Fs(s)2798 3873 y Fi(0)2850 3909 y Fu(and)g(vice)g(v)m
(ersa.)0 4029 y(This)35 b(su\016ces)i(for)d(sho)m(wing)h(that)f(the)h
(functions)g Ft(S)1958 4044 y Fn(ns)2029 4029 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])35 b(and)g Ft(S)2465 4044
y Fn(sos)2560 4029 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])35 b(m)m(ust)g(b)s(e)g(equal:)48 b(if)0 4150 y(one)31
b(is)f(de\014ned)i(on)e(a)h(state)f Fs(s)39 b Fu(then)31
b(so)g(is)f(the)h(other,)g(and)g(therefore,)g(if)f(one)h(is)f(not)g
(de\014ned)0 4270 y(on)i(a)h(state)g Fs(s)40 b Fu(then)34
b(neither)e(is)g(the)h(other.)1794 b Fh(2)0 4523 y Fw(Exercise)36
b(2.29)49 b Fu(Consider)28 b(the)g(extension)h(of)e(the)h(language)e
Fw(While)g Fu(with)h(the)h(statemen)m(t)0 4643 y Fr(repeat)47
b Fs(S)58 b Fr(until)47 b Fs(b)6 b Fu(.)83 b(The)46 b(natural)f(seman)m
(tics)h(of)f(the)h(construct)h(w)m(as)g(considered)f(in)0
4763 y(Exercise)30 b(2.7)d(and)i(the)f(structural)h(op)s(erational)c
(seman)m(tics)k(in)e(Exercise)j(2.17.)41 b(Mo)s(dify)28
b(the)0 4884 y(pro)s(of)k(of)g(Theorem)h(2.26)f(so)g(that)h(the)g
(theorem)f(applies)g(to)g(the)h(extended)i(language.)106
b Fh(2)0 5133 y Fw(Exercise)36 b(2.30)49 b Fu(Consider)28
b(the)g(extension)h(of)e(the)h(language)e Fw(While)g
Fu(with)h(the)h(statemen)m(t)0 5254 y Fr(for)j Fs(x)43
b Fu(:=)30 b Fs(a)462 5269 y Fn(1)532 5254 y Fr(to)h
Fs(a)722 5269 y Fn(2)792 5254 y Fr(do)g Fs(S)12 b Fu(.)31
b(The)g(natural)f(seman)m(tics)h(of)f(the)h(construct)g(w)m(as)h
(considered)f(in)0 5374 y(Exercise)f(2.8)d(and)i(the)f(structural)h(op)
s(erational)c(seman)m(tics)k(in)e(Exercise)j(2.18.)41
b(Mo)s(dify)28 b(the)0 5494 y(pro)s(of)k(of)g(Theorem)h(2.26)f(so)g
(that)h(the)g(theorem)f(applies)g(to)g(the)h(extended)i(language.)106
b Fh(2)p eop
%%Page: 44 54
44 53 bop 251 130 a Fw(44)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(The)h(pro)s(of)e(tec)m
(hnique)j(emplo)m(y)m(ed)e(in)g(the)g(pro)s(of)f(of)h(Theorem)h(2.26)e
(ma)m(y)h(b)s(e)g(summa-)283 636 y(rized)c(as)g(follo)m(ws:)p
283 765 3470 4 v 283 782 V 281 990 4 208 v 298 990 V
1371 911 a Fw(Pro)s(of)f(Summary)h(for)f(While)p Fu(:)p
3735 990 V 3752 990 V 281 1197 V 298 1197 V 997 1118
a Fw(Equiv)-6 b(alence)32 b(of)g(t)m(w)m(o)g(Op)s(erational)g(Seman)m
(tics)p 3735 1197 V 3752 1197 V 283 1201 3470 4 v 281
1690 4 490 v 298 1690 V 350 1366 a Fu(1:)143 b(Pro)m(v)m(e)24
b(b)m(y)h Fs(induction)h(on)f(the)i(shap)-5 b(e)25 b(of)h(derivation)g
(tr)-5 b(e)g(es)31 b Fu(that)23 b(for)g(eac)m(h)h(deriv)-5
b(ation)569 1487 y(tree)46 b(in)e(the)i(natural)e(seman)m(tics)h(there)
h(is)f(a)g(corresp)s(onding)g(\014nite)g(deriv)-5 b(ation)569
1607 y(sequence)35 b(in)d(the)h(structural)f(op)s(erational)e(seman)m
(tics.)p 3735 1690 V 3752 1690 V 281 2099 4 409 v 298
2099 V 350 1775 a(2:)143 b(Pro)m(v)m(e)45 b(b)m(y)g Fs(induction)g(on)g
(the)h(length)f(of)g(derivation)f(se)-5 b(quenc)g(es)52
b Fu(that)43 b(for)h(eac)m(h)569 1895 y(\014nite)33 b(deriv)-5
b(ation)31 b(sequence)36 b(in)c(the)i(structural)f(op)s(erational)d
(seman)m(tics)j(there)h(is)569 2015 y(a)e(corresp)s(onding)h(deriv)-5
b(ation)30 b(tree)k(in)d(the)i(natural)f(seman)m(tics.)p
3735 2099 V 3752 2099 V 283 2102 3470 4 v 283 2119 V
283 2314 a(When)41 b(pro)m(ving)e(the)h(equiv)-5 b(alence)40
b(of)f(t)m(w)m(o)h(op)s(erational)d(seman)m(tics)j(for)f(a)g(language)f
(with)283 2435 y(additional)29 b(programming)f(constructs)k(one)g(ma)m
(y)f(need)h(to)f(amend)g(the)g(ab)s(o)m(v)m(e)h(pro)s(of)e(tec)m(h-)283
2555 y(nique.)70 b(One)41 b(reason)h(is)f(that)g(the)g(equiv)-5
b(alence)42 b(result)f(ma)m(y)g(ha)m(v)m(e)h(to)f(b)s(e)g(expressed)j
(dif-)283 2675 y(feren)m(tly)37 b(from)e(that)h(of)g(Theorem)h(2.26)e
(\(as)i(will)d(b)s(e)i(the)h(case)g(if)e(the)i(extended)h(language)283
2796 y(is)43 b(non-deterministic\).)75 b(Also)43 b(one)g(migh)m(t)f(w)m
(an)m(t)j(to)e(consider)h(only)f(some)g(of)g(the)h(\014nite)283
2916 y(deriv)-5 b(ation)31 b(sequences,)36 b(for)c(example)g(those)i
(ending)e(in)g(a)g(terminal)e(con\014guration.)283 3242
y Fj(2.4)161 b(Extensions)53 b(of)g(While)283 3461 y
Fu(In)29 b(order)f(to)f(illustrate)f(the)i(p)s(o)m(w)m(er)h(and)f(w)m
(eakness)j(of)d(the)g(t)m(w)m(o)h(approac)m(hes)g(to)e(op)s(erational)
283 3582 y(seman)m(tics)38 b(w)m(e)h(shall)d(consider)i(v)-5
b(arious)37 b(extensions)i(of)e(the)h(language)e Fw(While)p
Fu(.)57 b(F)-8 b(or)37 b(eac)m(h)283 3702 y(extension)d(w)m(e)f(shall)f
(sho)m(w)h(ho)m(w)h(to)e(mo)s(dify)f(the)i(op)s(erational)d(seman)m
(tics.)283 3984 y Fp(Ab)t(ortion)283 4169 y Fu(W)-8 b(e)35
b(\014rst)f(extend)h Fw(While)d Fu(with)h(the)h(simple)e(statemen)m(t)i
Fr(abort)p Fu(.)48 b(The)35 b(idea)e(is)g(that)h Fr(abort)283
4289 y Fs(stops)52 b Fu(the)44 b(execution)g(of)g(the)g(complete)f
(program.)75 b(This)44 b(means)f(that)h Fr(abort)h Fu(b)s(eha)m(v)m(es)
283 4410 y(di\013eren)m(tly)30 b(from)f Fr(while)i(true)g(do)f(skip)h
Fu(in)e(that)h(it)f(causes)i(the)f(execution)h(to)f(stop)g(rather)283
4530 y(than)25 b(lo)s(op.)39 b(Also)24 b Fr(abort)h Fu(b)s(eha)m(v)m
(es)i(di\013eren)m(tly)d(from)f Fr(skip)i Fu(b)s(ecause)h(a)e(statemen)
m(t)h(follo)m(wing)283 4651 y Fr(abort)34 b Fu(will)d(nev)m(er)j(b)s(e)
e(executed)j(whereas)f(one)f(follo)m(wing)d Fr(skip)k
Fu(certainly)d(will.)430 4771 y(F)-8 b(ormally)g(,)29
b(the)k(new)h(syn)m(tax)g(of)e(statemen)m(ts)i(is)e(giv)m(en)g(b)m(y:)
577 4928 y Fs(S)112 b Fu(::=)99 b Fs(x)45 b Fu(:=)32
b Fs(a)40 b Ft(j)32 b Fr(skip)i Ft(j)e Fs(S)1713 4943
y Fn(1)1785 4928 y Fu(;)g Fs(S)1911 4943 y Fn(2)1983
4928 y Ft(j)g Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)2566
4943 y Fn(1)2638 4928 y Fr(else)h Fs(S)2943 4943 y Fn(2)795
5095 y Ft(j)150 b Fr(while)34 b Fs(b)39 b Fr(do)33 b
Fs(S)44 b Ft(j)32 b Fr(abort)283 5254 y Fu(W)-8 b(e)31
b(shall)d(not)h(rep)s(eat)h(the)g(de\014nitions)f(of)h(the)g(sets)h(of)
e(con\014gurations)g(but)h(tacitly)e(assume)283 5374
y(that)k(they)g(are)g(mo)s(di\014ed)e(so)h(as)h(to)f(corresp)s(ond)h
(to)g(the)f(extended)j(syn)m(tax.)45 b(The)32 b(task)g(that)283
5494 y(remains,)g(therefore,)h(is)g(to)f(de\014ne)i(the)f(new)g
(transition)e(relations)g Ft(!)h Fu(and)h Ft(\))p Fu(.)p
eop
%%Page: 45 55
45 54 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119
b(45)p 0 193 3473 4 v 146 515 a Fu(The)26 b(fact)f(that)g
Fr(abort)h Fu(stops)g(the)g(execution)g(of)e(the)i(program)e(is)g(mo)s
(delled)f(b)m(y)j(ensuring)0 636 y(that)40 b(the)h(con\014gurations)f
(of)g(the)h(form)e Ft(h)p Fr(abort)p Fu(,)44 b Fs(s)8
b Ft(i)40 b Fu(are)h Fs(stuck)11 b Fu(.)67 b(Therefore)41
b(the)g Fs(natur)-5 b(al)0 756 y(semantics)47 b Fu(of)39
b(the)h(extended)i(language)c(is)i(still)d(de\014ned)k(b)m(y)g(the)f
(transition)e(relation)g Ft(!)0 877 y Fu(of)31 b(T)-8
b(able)31 b(2.1.)43 b(So)31 b(although)g(the)h(language)e(and)i(thereb)
m(y)h(the)f(set)g(of)f(con\014gurations)g(ha)m(v)m(e)0
997 y(b)s(een)c(extended)h(w)m(e)f(do)f(not)f(mo)s(dify)g(the)h
(de\014nition)f(of)g(the)i(transition)d(relation.)39
b(Similarly)-8 b(,)0 1117 y(the)40 b Fs(structur)-5 b(al)43
b(op)-5 b(er)g(ational)40 b(semantics)47 b Fu(of)39 b(the)h(extended)i
(language)d(is)g(still)e(de\014ned)k(b)m(y)0 1238 y(T)-8
b(able)32 b(2.2.)146 1358 y(F)-8 b(rom)39 b(the)i(structural)g(op)s
(erational)d(seman)m(tics)i(p)s(oin)m(t)g(of)g(view)h(it)e(is)h(clear)g
(no)m(w)i(that)0 1478 y Fr(abort)34 b Fu(and)f Fr(skip)g
Fu(cannot)g(b)s(e)g(seman)m(tically)d(equiv)-5 b(alen)m(t.)44
b(This)32 b(is)h(b)s(ecause)244 1648 y Ft(h)p Fr(skip)p
Fu(,)g Fs(s)8 b Ft(i)33 b(\))f Fs(s)0 1818 y Fu(is)g(the)h(only)f
(deriv)-5 b(ation)31 b(sequence)k(for)d Fr(skip)i Fu(starting)e(in)f
Fs(s)41 b Fu(and)244 1989 y Ft(h)p Fr(abort)p Fu(,)34
b Fs(s)8 b Ft(i)0 2159 y Fu(is)28 b(the)h(only)g(deriv)-5
b(ation)27 b(sequence)k(for)e Fr(abort)h Fu(starting)d(in)h
Fs(s)8 b Fu(.)43 b(Similarly)-8 b(,)25 b Fr(abort)30
b Fu(cannot)f(b)s(e)0 2279 y(seman)m(tically)i(equiv)-5
b(alen)m(t)32 b(to)g Fr(while)i(true)g(do)f(skip)g Fu(b)s(ecause)244
2449 y Ft(h)p Fr(while)g(true)h(do)f(skip)p Fu(,)h Fs(s)8
b Ft(i)571 2617 y(\))33 b(h)o Fr(if)g(true)h(then)g Fu(\()p
Fr(skip)p Fu(;)f Fr(while)h(true)g(do)f(skip)p Fu(\))g
Fr(else)h(skip)p Fu(,)f Fs(s)8 b Ft(i)571 2784 y(\))33
b(h)o Fr(skip)p Fu(;)h Fr(while)g(true)f(do)h(skip)p
Fu(,)f Fs(s)8 b Ft(i)571 2952 y(\))33 b(h)o Fr(while)h(true)g(do)f
(skip)p Fu(,)h Fs(s)8 b Ft(i)571 3119 y(\))33 b(\001)17
b(\001)g(\001)0 3289 y Fu(is)27 b(an)h(in\014nite)f(deriv)-5
b(ation)26 b(sequence)31 b(for)c Fr(while)i(true)g(do)f(skip)h
Fu(whereas)g Fr(abort)h Fu(has)e(none.)0 3410 y(Th)m(us)d(w)m(e)f
(shall)d(claim)g(that)i(the)g(structural)g(op)s(erational)e(seman)m
(tics)i(captures)h(the)f(informal)0 3530 y(explanation)31
b(giv)m(en)i(earlier.)146 3651 y(F)-8 b(rom)32 b(the)i(natural)d(seman)
m(tics)j(p)s(oin)m(t)e(of)h(view)g(it)f(is)h(also)f(clear)h(that)g
Fr(skip)h Fu(and)f Fr(abort)0 3771 y Fu(cannot)25 b(b)s(e)g(seman)m
(tically)e(equiv)-5 b(alen)m(t.)40 b(Ho)m(w)m(ev)m(er,)29
b(it)24 b(turns)h(out)f(that)h Fr(while)34 b(true)f(do)g(skip)0
3891 y Fu(and)25 b Fr(abort)i Fs(ar)-5 b(e)32 b Fu(seman)m(tically)23
b(equiv)-5 b(alen)m(t!)41 b(The)26 b(reason)g(is)e(that)h(in)g(the)g
(natural)f(seman)m(tics)0 4012 y(w)m(e)39 b(are)f(only)f(concerned)j
(with)d(executions)i(that)f(terminate)f(prop)s(erly)-8
b(.)58 b(So)38 b(if)f(w)m(e)i(do)f(not)0 4132 y(ha)m(v)m(e)31
b(a)e(deriv)-5 b(ation)28 b(tree)i(for)f Ft(h)p Fs(S)12
b Fu(,)29 b Fs(s)8 b Ft(i)30 b(!)f Fs(s)1549 4096 y Fi(0)1602
4132 y Fu(then)h(w)m(e)g(cannot)g(tell)e(whether)j(it)d(is)h(b)s
(ecause)i(w)m(e)0 4253 y(en)m(tered)39 b(a)e(stuc)m(k)j
(con\014guration)c(or)h(a)h(lo)s(oping)d(execution.)59
b(W)-8 b(e)38 b(can)g(summarize)e(this)h(as)0 4373 y(follo)m(ws:)p
0 4503 3472 4 v 0 4519 V -2 4727 4 208 v 15 4727 V 283
4648 a Fw(Natural)32 b(Seman)m(tics)g(v)m(ersus)h(Structural)f(Op)s
(erational)g(Seman)m(tics)p 3453 4727 V 3470 4727 V 0
4730 3472 4 v -2 5099 4 370 v 15 5099 V 66 4896 a Ft(\017)100
b Fu(In)27 b(a)g(natural)e(seman)m(tics)i(w)m(e)h(cannot)f(distinguish)
f(b)s(et)m(w)m(een)j Fs(lo)-5 b(oping)34 b Fu(and)27
b Fs(abnormal)216 5016 y(termination)p Fu(.)p 3453 5099
V 3470 5099 V -2 5508 4 409 v 15 5508 V 66 5184 a Ft(\017)100
b Fu(In)32 b(a)g(structural)g(op)s(erational)e(seman)m(tics)i
Fs(lo)-5 b(oping)40 b Fu(is)32 b(re\015ected)i(b)m(y)f(in\014nite)e
(deriv)-5 b(a-)216 5304 y(tion)22 b(sequences)27 b(and)c
Fs(abnormal)i(termination)30 b Fu(b)m(y)24 b(\014nite)f(deriv)-5
b(ation)22 b(sequences)27 b(end-)216 5424 y(ing)k(in)h(a)h(stuc)m(k)h
(con\014guration.)p 3453 5508 V 3470 5508 V 0 5511 3472
4 v 0 5528 V eop
%%Page: 46 56
46 55 bop 251 130 a Fw(46)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(W)-8 b(e)41
b(should)f(note,)j(ho)m(w)m(ev)m(er,)i(that)40 b(if)f(abnormal)g
(termination)f(is)h(mo)s(delled)g(b)m(y)i(\\normal)283
636 y(termination")22 b(in)i(a)h(sp)s(ecial)e(error)i(con\014guration)f
(\(included)g(in)g(the)h(set)h(of)e(terminal)e(con\014g-)283
756 y(urations\))34 b(then)g(w)m(e)h(can)f(distinguish)f(b)s(et)m(w)m
(een)j(the)e(three)h(statemen)m(ts)f(in)g(b)s(oth)f(seman)m(tic)283
877 y(st)m(yles.)283 1092 y Fw(Exercise)k(2.31)49 b Fu(Theorem)30
b(2.26)f(expresses)k(that)d(the)g(natural)f(seman)m(tics)h(and)g(the)g
(struc-)283 1213 y(tural)41 b(op)s(erational)e(seman)m(tics)j(of)f
Fw(While)f Fu(are)i(equiv)-5 b(alen)m(t.)70 b(Discuss)42
b(whether)h(or)f(not)f(a)283 1333 y(similar)30 b(result)i(holds)h(for)f
Fw(While)f Fu(extended)j(with)e Fr(abort)p Fu(.)1159
b Fh(2)283 1549 y Fw(Exercise)37 b(2.32)49 b Fu(Extend)34
b Fw(While)d Fu(with)h(the)h(statemen)m(t)527 1743 y
Fr(assert)h Fs(b)39 b Fr(before)34 b Fs(S)283 1937 y
Fu(The)23 b(idea)e(is)h(that)f(if)g Fs(b)28 b Fu(ev)-5
b(aluates)21 b(to)h(true)g(then)g(w)m(e)h(execute)h Fs(S)34
b Fu(and)22 b(otherwise)g(the)g(execution)283 2057 y(of)48
b(the)h(complete)e(program)g(ab)s(orts.)90 b(Extend)49
b(the)g(structural)f(op)s(erational)e(seman)m(tics)283
2178 y(of)40 b(T)-8 b(able)39 b(2.2)h(to)f(express)j(this)e(\(without)f
(assuming)g(that)h Fw(While)e Fu(con)m(tains)i(the)g
Fr(abort)p Fu(-)283 2298 y(statemen)m(t\).)k(Sho)m(w)31
b(that)f Fr(assert)h(true)g(before)h Fs(S)42 b Fu(is)30
b(seman)m(tically)e(equiv)-5 b(alen)m(t)30 b(to)g Fs(S)42
b Fu(but)283 2419 y(that)i Fr(assert)h(false)f(before)h
Fs(S)56 b Fu(neither)43 b(is)g(equiv)-5 b(alen)m(t)43
b(to)g Fr(while)i(true)g(do)f(skip)g Fu(nor)283 2539
y Fr(skip)p Fu(.)3167 b Fh(2)283 2826 y Fp(Non-determinism)283
3011 y Fu(The)34 b(second)g(extension)f(of)f Fw(While)f
Fu(has)i(statemen)m(ts)h(giv)m(en)f(b)m(y)577 3197 y
Fs(S)112 b Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b
Ft(j)32 b Fr(skip)i Ft(j)e Fs(S)1713 3212 y Fn(1)1785
3197 y Fu(;)g Fs(S)1911 3212 y Fn(2)1983 3197 y Ft(j)g
Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)2566 3212 y Fn(1)2638
3197 y Fr(else)h Fs(S)2943 3212 y Fn(2)795 3364 y Ft(j)150
b Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32
b Fs(S)1707 3379 y Fn(1)1779 3364 y Fr(or)h Fs(S)1981
3379 y Fn(2)283 3551 y Fu(The)i(idea)f(is)f(here)i(that)f(in)f
Fs(S)1400 3566 y Fn(1)1474 3551 y Fr(or)h Fs(S)1677 3566
y Fn(2)1750 3551 y Fu(w)m(e)h(can)g(non-deterministically)30
b(c)m(ho)s(ose)35 b(to)f(execute)283 3672 y(either)f
Fs(S)627 3687 y Fn(1)699 3672 y Fu(or)f Fs(S)885 3687
y Fn(2)924 3672 y Fu(.)44 b(So)32 b(w)m(e)i(shall)d(exp)s(ect)j(that)e
(execution)h(of)f(the)h(statemen)m(t)527 3866 y Fr(x)g
Fu(:=)g Fr(1)f(or)h Fu(\()p Fr(x)g Fu(:=)g Fr(2)p Fu(;)g
Fr(x)f Fu(:=)h Fr(x)g Fu(+)f Fr(2)p Fu(\))283 4060 y(could)c(result)f
(in)g(a)g(state)h(where)g Fr(x)g Fu(has)g(the)g(v)-5
b(alue)27 b Fw(1)p Fu(,)h(but)g(it)f(could)g(as)g(w)m(ell)g(result)h
(in)e(a)h(state)283 4180 y(where)34 b Fr(x)f Fu(has)g(the)g(v)-5
b(alue)32 b Fw(4)p Fu(.)430 4301 y(When)c(sp)s(ecifying)f(the)h
Fs(natur)-5 b(al)31 b(semantics)j Fu(w)m(e)29 b(extend)g(T)-8
b(able)27 b(2.1)g(with)h(the)g(t)m(w)m(o)g(rules:)527
4555 y([or)653 4519 y Fn(1)641 4579 y(ns)712 4555 y Fu(])1297
4468 y Ft(h)p Fs(S)1403 4483 y Fn(1)1442 4468 y Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1801 4432 y Fi(0)p 1160
4532 802 4 v 1160 4636 a Ft(h)p Fs(S)1266 4651 y Fn(1)1338
4636 y Fr(or)h Fs(S)1540 4651 y Fn(2)1579 4636 y Fu(,)g
Fs(s)8 b Ft(i)32 b(!)g Fs(s)1938 4600 y Fi(0)527 4917
y Fu([or)653 4881 y Fn(2)641 4942 y(ns)712 4917 y Fu(])1297
4831 y Ft(h)p Fs(S)1403 4846 y Fn(2)1442 4831 y Fu(,)h
Fs(s)8 b Ft(i)32 b(!)g Fs(s)1801 4794 y Fi(0)p 1160 4894
V 1160 4998 a Ft(h)p Fs(S)1266 5013 y Fn(1)1338 4998
y Fr(or)h Fs(S)1540 5013 y Fn(2)1579 4998 y Fu(,)g Fs(s)8
b Ft(i)32 b(!)g Fs(s)1938 4962 y Fi(0)283 5180 y Fu(Corresp)s(onding)42
b(to)f(the)g(con\014guration)g Ft(h)o Fr(x)h Fu(:=)f
Fr(1)h(or)f Fu(\()p Fr(x)h Fu(:=)f Fr(2)p Fu(;)46 b Fr(x)41
b Fu(:=)g Fr(x)p Fu(+)p Fr(2)p Fu(\),)j Fs(s)8 b Ft(i)41
b Fu(w)m(e)i(ha)m(v)m(e)283 5300 y(deriv)-5 b(ation)31
b(trees)j(for)527 5494 y Ft(h)p Fr(x)f Fu(:=)f Fr(1)h(or)g
Fu(\()p Fr(x)g Fu(:=)f Fr(2)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p
Fu(+)p Fr(2)p Fu(\),)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)8
b Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])p eop
%%Page: 47 57
47 56 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119
b(47)p 0 193 3473 4 v 0 515 a Fu(as)33 b(w)m(ell)f(as)244
712 y Ft(h)p Fr(x)g Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f
Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p
Fu(\),)h Fs(s)8 b Ft(i)32 b(!)h Fs(s)8 b Fu([)p Fr(x)p
Ft(7!)p Fw(4)p Fu(])0 910 y(It)39 b(is)f(imp)s(ortan)m(t)f(to)h(note)h
(that)f(if)g(w)m(e)i(replace)e Fr(x)h Fu(:=)g Fr(1)g
Fu(b)m(y)g Fr(while)h(true)g(do)f(skip)h Fu(in)e(the)0
1030 y(ab)s(o)m(v)m(e)33 b(statemen)m(t)g(then)h(w)m(e)f(will)e(only)h
(ha)m(v)m(e)i(one)e(deriv)-5 b(ation)31 b(tree,)i(namely)f(that)h(for)
244 1227 y Ft(h)p Fu(\()p Fr(while)g(true)h(do)f(skip)p
Fu(\))h Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g
Fr(x)f Fu(:=)h Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b
Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])146
1424 y(T)-8 b(urning)29 b(to)g(the)h Fs(structur)-5 b(al)33
b(op)-5 b(er)g(ational)31 b(semantics)36 b Fu(w)m(e)30
b(shall)e(extend)j(T)-8 b(able)29 b(2.2)g(with)0 1545
y(the)k(t)m(w)m(o)g(axioms:)244 1742 y([or)370 1705 y
Fn(1)358 1766 y(sos)453 1742 y Fu(])387 b Ft(h)p Fs(S)973
1757 y Fn(1)1044 1742 y Fr(or)34 b Fs(S)1247 1757 y Fn(2)1286
1742 y Fu(,)e Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)1703 1757
y Fn(1)1742 1742 y Fu(,)h Fs(s)8 b Ft(i)244 1956 y Fu([or)370
1920 y Fn(2)358 1981 y(sos)453 1956 y Fu(])387 b Ft(h)p
Fs(S)973 1971 y Fn(1)1044 1956 y Fr(or)34 b Fs(S)1247
1971 y Fn(2)1286 1956 y Fu(,)e Fs(s)8 b Ft(i)33 b(\))f(h)p
Fs(S)1703 1971 y Fn(2)1742 1956 y Fu(,)h Fs(s)8 b Ft(i)0
2154 y Fu(F)-8 b(or)29 b(the)h(statemen)m(t)h Fr(x)f
Fu(:=)f Fr(1)h(or)h Fu(\()p Fr(x)f Fu(:=)f Fr(2)p Fu(;)i
Fr(x)g Fu(:=)e Fr(x)p Fu(+)p Fr(2)p Fu(\))h(w)m(e)h(ha)m(v)m(e)g(t)m(w)
m(o)g(deriv)-5 b(ation)28 b(sequences:)244 2351 y Ft(h)p
Fr(x)k Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f Fu(:=)h Fr(2)p
Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8
b Ft(i)32 b(\))1803 2315 y Fi(\003)1875 2351 y Fs(s)8
b Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])0 2548 y(and)244
2745 y Ft(h)p Fr(x)32 b Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f
Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p
Fu(\),)h Fs(s)8 b Ft(i)32 b(\))1803 2709 y Fi(\003)1875
2745 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])0 2942
y(If)34 b(w)m(e)h(replace)g Fr(x)f Fu(:=)g Fr(1)h Fu(b)m(y)g
Fr(while)g(true)h(do)e(skip)i Fu(in)d(the)i(ab)s(o)m(v)m(e)g(statemen)m
(t)g(then)f(w)m(e)i(still)0 3062 y(ha)m(v)m(e)e(t)m(w)m(o)f(deriv)-5
b(ation)31 b(sequences.)47 b(One)33 b(is)f(in\014nite)244
3259 y Ft(h)p Fu(\()p Fr(while)h(true)h(do)f(skip)p Fu(\))h
Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h
Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b Ft(i)609 3427
y(\))65 b(h)p Fr(while)34 b(true)f(do)g(skip)p Fu(,)h
Fs(s)8 b Ft(i)609 3595 y(\))709 3559 y Fn(3)774 3595
y Ft(h)p Fr(while)34 b(true)f(do)g(skip)p Fu(,)h Fs(s)8
b Ft(i)609 3762 y(\))65 b(\001)17 b(\001)g(\001)0 3959
y Fu(and)33 b(the)g(other)f(is)g(\014nite)244 4156 y
Ft(h)p Fu(\()p Fr(while)h(true)h(do)f(skip)p Fu(\))h
Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h
Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b Ft(i)32 b(\))2475
4120 y Fi(\003)2547 4156 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
Fw(4)p Fu(])146 4354 y(Comparing)31 b(the)h(natural)f(seman)m(tics)i
(and)f(the)g(structural)g(op)s(erational)e(seman)m(tics)i(w)m(e)0
4474 y(see)42 b(that)e(the)h(latter)f(can)h(c)m(ho)s(ose)g(the)h
(\\wrong")e(branc)m(h)h(of)g(the)g Fr(or)p Fu(-statemen)m(t)g(whereas)0
4594 y(the)33 b(\014rst)g(alw)m(a)m(ys)g(c)m(ho)s(oses)h(the)f(\\righ)m
(t")e(branc)m(h.)45 b(This)33 b(is)f(summarized)f(as)i(follo)m(ws:)p
0 4743 3472 4 v 0 4760 V -2 4968 4 208 v 15 4968 V 283
4889 a Fw(Natural)f(Seman)m(tics)g(v)m(ersus)h(Structural)f(Op)s
(erational)g(Seman)m(tics)p 3453 4968 V 3470 4968 V 0
4971 3472 4 v -2 5220 4 249 v 15 5220 V 66 5136 a Ft(\017)100
b Fu(In)33 b(a)f(natural)f(seman)m(tics)i Fs(non-determinism)g(wil)5
b(l)34 b(suppr)-5 b(ess)35 b(lo)-5 b(oping)p Fu(,)31
b(if)h(p)s(ossible.)p 3453 5220 V 3470 5220 V -2 5508
4 289 v 15 5508 V 66 5304 a Ft(\017)100 b Fu(In)44 b(a)f(structural)h
(op)s(erational)d(seman)m(tics)j Fs(non-determinism)f(do)-5
b(es)44 b(not)h(suppr)-5 b(ess)216 5424 y(lo)g(oping)p
Fu(.)p 3453 5508 V 3470 5508 V 0 5511 3472 4 v 0 5528
V eop
%%Page: 48 58
48 57 bop 251 130 a Fw(48)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.33)49
b Fu(Consider)33 b(the)g(statemen)m(t)527 718 y Fr(x)g
Fu(:=)g Ft(\000)p Fr(1)p Fu(;)g Fr(while)h(x)p Ft(\024)q
Fr(0)e(do)h Fu(\()p Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p Fr(1)g(or)g(x)g
Fu(:=)f(\()p Ft(\000)p Fr(1)p Fu(\))p Fo(?)q Fr(x)p Fu(\))283
921 y(Giv)m(en)39 b(a)g(state)h Fs(s)47 b Fu(describ)s(e)40
b(the)f(set)h(of)f(\014nal)f(states)i(that)f(ma)m(y)g(result)g
(according)g(to)f(the)283 1041 y(natural)32 b(seman)m(tics.)43
b(F)-8 b(urther)33 b(describ)s(e)g(the)g(set)g(of)f(deriv)-5
b(ation)31 b(sequences)36 b(that)c(are)g(sp)s(ec-)283
1162 y(i\014ed)42 b(b)m(y)g(the)g(structural)f(op)s(erational)e(seman)m
(tics.)70 b(Based)42 b(on)g(this)f(discuss)h(whether)h(or)283
1282 y(not)35 b(y)m(ou)g(w)m(ould)g(regard)f(the)h(natural)e(seman)m
(tics)i(as)g(b)s(eing)f(equiv)-5 b(alen)m(t)34 b(to)g(the)h(structural)
283 1402 y(op)s(erational)c(seman)m(tics)h(for)g(this)h(particular)d
(statemen)m(t.)1207 b Fh(2)283 1630 y Fw(Exercise)37
b(2.34)49 b Fu(W)-8 b(e)33 b(shall)e(no)m(w)i(extend)h
Fw(While)d Fu(with)h(the)h(statemen)m(t)527 1833 y Fr(random)p
Fu(\()p Fs(x)12 b Fu(\))283 2035 y(and)42 b(the)f(idea)f(is)h(that)g
(its)f(execution)i(will)d(c)m(hange)j(the)f(v)-5 b(alue)41
b(of)f Fs(x)53 b Fu(to)41 b(b)s(e)g(an)m(y)g(p)s(ositiv)m(e)283
2156 y(natural)23 b(n)m(um)m(b)s(er.)41 b(Extend)26 b(the)e(natural)f
(seman)m(tics)h(as)g(w)m(ell)f(as)h(the)h(structural)e(op)s(erational)
283 2276 y(seman)m(tics)38 b(to)f(express)j(this.)58
b(Discuss)38 b(whether)h Fr(random)p Fu(\()p Fs(x)12
b Fu(\))39 b(is)e(a)h(sup)s(er\015uous)h(construct)283
2396 y(in)32 b(the)h(case)h(where)g Fw(While)d Fu(is)h(also)f(extended)
k(with)d(the)h Fr(or)g Fu(construct.)648 b Fh(2)283 2685
y Fp(P)l(arallelism)283 2870 y Fu(W)-8 b(e)38 b(shall)e(no)m(w)h
(consider)h(an)f(extension)h(of)e Fw(While)g Fu(with)h(a)g(parallel)d
(construct.)58 b(So)37 b(no)m(w)283 2990 y(the)c(syn)m(tax)i(of)d
(expressions)i(is)e(giv)m(en)h(b)m(y)577 3185 y Fs(S)112
b Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32
b Fr(skip)i Ft(j)e Fs(S)1713 3200 y Fn(1)1785 3185 y
Fu(;)g Fs(S)1911 3200 y Fn(2)1983 3185 y Ft(j)g Fr(if)h
Fs(b)39 b Fr(then)33 b Fs(S)2566 3200 y Fn(1)2638 3185
y Fr(else)h Fs(S)2943 3200 y Fn(2)795 3352 y Ft(j)150
b Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32
b Fs(S)1707 3367 y Fn(1)1779 3352 y Fr(par)h Fs(S)2032
3367 y Fn(2)283 3548 y Fu(The)k(idea)f(is)f(that)h(b)s(oth)f(statemen)m
(ts)i(of)f Fs(S)1923 3563 y Fn(1)1998 3548 y Fr(par)g
Fs(S)2254 3563 y Fn(2)2330 3548 y Fu(ha)m(v)m(e)h(to)e(b)s(e)h
(executed)j(but)d(that)f(the)283 3669 y(execution)f(can)f(b)s(e)f
Fs(interle)-5 b(ave)g(d)p Fu(.)43 b(This)33 b(means)f(that)h(a)f
(statemen)m(t)h(lik)m(e)527 3871 y Fr(x)g Fu(:=)g Fr(1)f(par)i
Fu(\()p Fr(x)e Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p
Fu(+)p Fr(2)p Fu(\))283 4074 y(can)f(giv)m(e)g(three)g(di\013eren)m(t)f
(results)h(for)f Fr(x)p Fu(,)h(namely)f Fw(4)p Fu(,)h
Fw(1)f Fu(and)h Fw(3)p Fu(:)42 b(If)31 b(w)m(e)g(\014rst)g(execute)h
Fr(x)h Fu(:=)g Fr(1)283 4194 y Fu(and)44 b(then)h Fr(x)e
Fu(:=)h Fr(2)p Fu(;)50 b Fr(x)44 b Fu(:=)f Fr(x)p Fu(+)p
Fr(2)h Fu(w)m(e)h(get)f(the)g(\014nal)f(v)-5 b(alue)43
b Fw(4)p Fu(.)77 b(Alternativ)m(ely)-8 b(,)45 b(if)e(w)m(e)h(\014rst)
283 4315 y(execute)c Fr(x)e Fu(:=)g Fr(2)p Fu(;)j Fr(x)d
Fu(:=)g Fr(x)p Fu(+)p Fr(2)g Fu(and)g(then)h Fr(x)f Fu(:=)g
Fr(1)g Fu(w)m(e)h(get)f(the)g(\014nal)f(v)-5 b(alue)38
b Fw(1)p Fu(.)59 b(Finally)-8 b(,)37 b(w)m(e)283 4435
y(ha)m(v)m(e)c(the)e(p)s(ossibilit)m(y)d(of)j(\014rst)g(executing)g
Fr(x)g Fu(:=)g Fr(2)p Fu(,)g(then)h Fr(x)e Fu(:=)h Fr(1)g
Fu(and)g(lastly)e Fr(x)k Fu(:=)g Fr(x)p Fu(+)p Fr(2)e
Fu(and)283 4556 y(w)m(e)j(then)f(get)g(the)g(\014nal)f(v)-5
b(alue)32 b Fw(3)p Fu(.)430 4676 y(T)-8 b(o)43 b(express)j(this)d(in)g
(the)h Fs(structur)-5 b(al)45 b(op)-5 b(er)g(ational)44
b(semantics)51 b Fu(w)m(e)44 b(extend)h(T)-8 b(able)43
b(2.2)283 4796 y(with)33 b(the)g(follo)m(wing)d(rules:)527
5059 y([par)707 5023 y Fn(1)695 5084 y(sos)790 5059 y
Fu(])1485 4973 y Ft(h)p Fs(S)1591 4988 y Fn(1)1630 4973
y Fu(,)j Fs(s)8 b Ft(i)32 b(\))h(h)o Fs(S)2047 4937 y
Fi(0)2047 4997 y Fn(1)2087 4973 y Fu(,)f Fs(s)2194 4937
y Fi(0)2218 4973 y Ft(i)p 1160 5036 1422 4 v 1160 5141
a(h)p Fs(S)1266 5156 y Fn(1)1338 5141 y Fr(par)h Fs(S)1591
5156 y Fn(2)1630 5141 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))h(h)o
Fs(S)2047 5105 y Fi(0)2047 5165 y Fn(1)2119 5141 y Fr(par)g
Fs(S)2372 5156 y Fn(2)2412 5141 y Fu(,)f Fs(s)2519 5105
y Fi(0)2543 5141 y Ft(i)527 5421 y Fu([par)707 5385 y
Fn(2)695 5446 y(sos)790 5421 y Fu(])1445 5335 y Ft(h)o
Fs(S)1550 5350 y Fn(1)1590 5335 y Fu(,)g Fs(s)8 b Ft(i)33
b(\))f Fs(s)1949 5299 y Fi(0)p 1160 5398 1096 4 v 1160
5503 a Ft(h)p Fs(S)1266 5518 y Fn(1)1338 5503 y Fr(par)h
Fs(S)1591 5518 y Fn(2)1630 5503 y Fu(,)g Fs(s)8 b Ft(i)32
b(\))h(h)o Fs(S)2047 5518 y Fn(2)2087 5503 y Fu(,)f Fs(s)2194
5467 y Fi(0)2218 5503 y Ft(i)p eop
%%Page: 49 59
49 58 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119
b(49)p 0 193 3473 4 v 244 577 a Fu([par)424 541 y Fn(3)412
602 y(sos)507 577 y Fu(])1202 490 y Ft(h)p Fs(S)1308
505 y Fn(2)1347 490 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g(h)p
Fs(S)1764 454 y Fi(0)1764 515 y Fn(2)1803 490 y Fu(,)h
Fs(s)1911 454 y Fi(0)1934 490 y Ft(i)p 877 554 1422 4
v 877 658 a(h)p Fs(S)983 673 y Fn(1)1054 658 y Fr(par)h
Fs(S)1308 673 y Fn(2)1347 658 y Fu(,)f Fs(s)8 b Ft(i)32
b(\))g(h)p Fs(S)1764 673 y Fn(1)1836 658 y Fr(par)h Fs(S)2089
622 y Fi(0)2089 683 y Fn(2)2128 658 y Fu(,)g Fs(s)2236
622 y Fi(0)2259 658 y Ft(i)244 939 y Fu([par)424 903
y Fn(4)412 964 y(sos)507 939 y Fu(])1161 853 y Ft(h)p
Fs(S)1267 868 y Fn(2)1306 853 y Fu(,)g Fs(s)8 b Ft(i)32
b(\))g Fs(s)1665 816 y Fi(0)p 877 916 1096 4 v 877 1020
a Ft(h)p Fs(S)983 1035 y Fn(1)1054 1020 y Fr(par)i Fs(S)1308
1035 y Fn(2)1347 1020 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))g(h)p
Fs(S)1764 1035 y Fn(1)1803 1020 y Fu(,)h Fs(s)1911 984
y Fi(0)1934 1020 y Ft(i)0 1212 y Fu(The)g(\014rst)g(t)m(w)m(o)h(rules)e
(tak)m(e)h(accoun)m(t)h(of)e(the)h(case)g(where)h(w)m(e)g(b)s(egin)d(b)
m(y)j(executing)f(the)g(\014rst)0 1332 y(step)h(of)e(statemen)m(t)i
Fs(S)839 1347 y Fn(1)878 1332 y Fu(.)45 b(If)33 b(the)g(execution)h(of)
e Fs(S)1831 1347 y Fn(1)1903 1332 y Fu(is)h(not)g(fully)e(completed)i
(w)m(e)h(mo)s(dify)d(the)0 1452 y(con\014guration)h(so)g(as)h(to)f
(remem)m(b)s(er)g(ho)m(w)h(far)f(w)m(e)i(ha)m(v)m(e)f(reac)m(hed.)45
b(Otherwise)33 b(only)f Fs(S)3259 1467 y Fn(2)3331 1452
y Fu(has)0 1573 y(to)38 b(b)s(e)g(executed)j(and)d(w)m(e)h(up)s(date)g
(the)f(con\014guration)g(accordingly)-8 b(.)59 b(The)39
b(last)e(t)m(w)m(o)i(rules)0 1693 y(are)33 b(similar)c(but)k(for)f(the)
h(case)g(where)h(w)m(e)g(b)s(egin)d(b)m(y)j(executing)f(the)g(\014rst)g
(step)h(of)e Fs(S)3199 1708 y Fn(2)3238 1693 y Fu(.)146
1815 y(Using)43 b(these)h(rules)f(w)m(e)h(get)f(the)h(follo)m(wing)c
(deriv)-5 b(ation)42 b(sequences)k(for)c(the)i(example)0
1935 y(statemen)m(t:)244 2144 y Ft(h)p Fr(x)32 b Fu(:=)h
Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f Fr(2)p Fu(;)h Fr(x)g
Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8 b Ft(i)33
b(\))f(h)p Fr(x)g Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h
Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
Fw(1)p Fu(])p Ft(i)1755 2312 y(\))32 b(h)p Fr(x)g Fu(:=)h
Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
Fw(2)p Fu(])p Ft(i)1755 2479 y(\))32 b Fs(s)8 b Fu([)p
Fr(x)p Ft(7!)p Fw(4)p Fu(])244 2694 y Ft(h)p Fr(x)32
b Fu(:=)h Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f Fr(2)p
Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8
b Ft(i)33 b(\))f(h)p Fr(x)g Fu(:=)h Fr(1)g(par)g(x)g
Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(,)h Fs(s)8 b Fu([)p Fr(x)p
Ft(7!)p Fw(2)p Fu(])p Ft(i)1755 2862 y(\))32 b(h)p Fr(x)g
Fu(:=)h Fr(1)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
Fw(4)p Fu(])p Ft(i)1755 3029 y(\))32 b Fs(s)8 b Fu([)p
Fr(x)p Ft(7!)p Fw(1)p Fu(])0 3238 y(and)244 3447 y Ft(h)p
Fr(x)32 b Fu(:=)h Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f
Fr(2)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h
Fs(s)8 b Ft(i)33 b(\))f(h)p Fr(x)g Fu(:=)h Fr(1)g(par)g(x)g
Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(,)h Fs(s)8 b Fu([)p Fr(x)p
Ft(7!)p Fw(2)p Fu(])p Ft(i)1755 3615 y(\))32 b(h)p Fr(x)g
Fu(:=)h Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p
Ft(7!)p Fw(1)p Fu(])p Ft(i)1755 3783 y(\))32 b Fs(s)8
b Fu([)p Fr(x)p Ft(7!)p Fw(3)p Fu(])146 3992 y(T)-8 b(urning)34
b(to)g(the)h Fs(natur)-5 b(al)37 b(semantics)42 b Fu(w)m(e)35
b(migh)m(t)e(start)h(b)m(y)i(extending)f(T)-8 b(able)34
b(2.1)g(with)0 4112 y(the)f(t)m(w)m(o)g(rules:)254 4284
y Ft(h)p Fs(S)360 4299 y Fn(1)399 4284 y Fu(,)f Fs(s)8
b Ft(i)33 b(!)f Fs(s)758 4247 y Fi(0)781 4284 y Fu(,)h
Ft(h)p Fs(S)947 4299 y Fn(2)986 4284 y Fu(,)g Fs(s)1094
4247 y Fi(0)1117 4284 y Ft(i)f(!)g Fs(s)1368 4247 y Fi(00)p
254 4347 1158 4 v 396 4452 a Ft(h)p Fs(S)502 4467 y Fn(1)574
4452 y Fr(par)h Fs(S)827 4467 y Fn(2)867 4452 y Fu(,)f
Fs(s)8 b Ft(i)33 b(!)f Fs(s)1226 4415 y Fi(00)254 4654
y Ft(h)p Fs(S)360 4669 y Fn(2)399 4654 y Fu(,)g Fs(s)8
b Ft(i)33 b(!)f Fs(s)758 4618 y Fi(0)781 4654 y Fu(,)h
Ft(h)p Fs(S)947 4669 y Fn(1)986 4654 y Fu(,)g Fs(s)1094
4618 y Fi(0)1117 4654 y Ft(i)f(!)g Fs(s)1368 4618 y Fi(00)p
254 4717 V 396 4822 a Ft(h)p Fs(S)502 4837 y Fn(1)574
4822 y Fr(par)h Fs(S)827 4837 y Fn(2)867 4822 y Fu(,)f
Fs(s)8 b Ft(i)33 b(!)f Fs(s)1226 4786 y Fi(00)0 5013
y Fu(Ho)m(w)m(ev)m(er,)50 b(it)44 b(is)g(easy)i(to)f(see)h(that)e(this)
h(will)d(not)j(do)g(b)s(ecause)h(the)f(rules)g(only)f(express)0
5133 y(that)36 b(either)f Fs(S)561 5148 y Fn(1)636 5133
y Fu(is)g(executed)j(b)s(efore)e Fs(S)1507 5148 y Fn(2)1582
5133 y Fu(or)g(vice)g(v)m(ersa.)54 b(This)36 b(means)g(that)f(w)m(e)i
(ha)m(v)m(e)g(lost)0 5254 y(the)h(abilit)m(y)e(to)i Fs(interle)-5
b(ave)44 b Fu(the)39 b(execution)f(of)g(t)m(w)m(o)g(statemen)m(ts.)61
b(F)-8 b(urthermore,)39 b(it)d(seems)0 5374 y(imp)s(ossible)28
b(to)i(b)s(e)h(able)f(to)g(express)i(this)e(in)g(the)h(natural)e(seman)
m(tics)i(b)s(ecause)h(w)m(e)f(consider)0 5494 y(the)h(execution)g(of)f
(a)h(statemen)m(t)g(as)f(an)h(atomic)d(en)m(tit)m(y)k(that)e(cannot)h
(b)s(e)f(split)g(in)m(to)f(smaller)p eop
%%Page: 50 60
50 59 bop 251 130 a Fw(50)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(pieces.)45
b(This)32 b(ma)m(y)h(b)s(e)g(summarized)e(as)i(follo)m(ws:)p
283 664 3472 4 v 283 681 V 281 889 4 208 v 298 889 V
567 810 a Fw(Natural)f(Seman)m(tics)f(v)m(ersus)j(Structural)d(Op)s
(erational)h(Seman)m(tics)p 3736 889 V 3753 889 V 283
892 3472 4 v 281 1261 4 370 v 298 1261 V 350 1057 a Ft(\017)99
b Fu(In)42 b(a)f(natural)f(seman)m(tics)h(the)h(execution)g(of)e(the)i
(immediate)c(constituen)m(ts)43 b(is)d(an)499 1178 y
Fs(atomic)35 b(entity)41 b Fu(so)33 b(w)m(e)h(cannot)f(express)h(in)m
(terlea)m(ving)e(of)g(computations.)p 3736 1261 V 3753
1261 V 281 1549 4 289 v 298 1549 V 350 1345 a Ft(\017)99
b Fu(In)36 b(a)e(structural)h(op)s(erational)d(seman)m(tics)j(w)m(e)h
(concen)m(trate)h(on)d(the)i Fs(smal)5 b(l)36 b(steps)43
b Fu(of)499 1466 y(the)33 b(computation)e(so)i(w)m(e)h(can)f(easily)e
(express)k(in)m(terlea)m(ving.)p 3736 1549 V 3753 1549
V 283 1553 3472 4 v 283 1569 V 283 1833 a Fw(Exercise)i(2.35)49
b Fu(Consider)j(an)f(extension)h(of)f Fw(While)f Fu(that)h(in)g
(addition)f(to)h(the)h Fr(par)p Fu(-)283 1954 y(construct)34
b(also)e(con)m(tains)g(the)h(construct)527 2206 y Fr(protect)i
Fs(S)44 b Fr(end)283 2459 y Fu(The)37 b(idea)f(is)f(that)h(the)g
(statemen)m(t)h Fs(S)47 b Fu(has)37 b(to)e(b)s(e)h(executed)i(as)f(an)e
(atomic)f(en)m(tit)m(y)j(so)f(that)283 2579 y(for)c(example)527
2832 y Fr(x)h Fu(:=)g Fr(1)f(par)i(protect)g Fu(\()p
Fr(x)f Fu(:=)f Fr(2)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p
Fr(2)p Fu(\))h Fr(end)283 3085 y Fu(only)26 b(has)g(t)m(w)m(o)g(p)s
(ossible)g(outcomes)f(namely)g Fw(1)h Fu(and)g Fw(4)p
Fu(.)41 b(Extend)27 b(the)g(structural)e(op)s(erational)283
3205 y(seman)m(tics)38 b(to)f(express)i(this.)57 b(Can)38
b(y)m(ou)g(sp)s(ecify)f(a)g(natural)f(seman)m(tics)i(for)e(the)i
(extended)283 3325 y(language?)2977 b Fh(2)283 3623 y
Fw(Exercise)37 b(2.36)49 b Fu(Sp)s(ecify)37 b(a)h(structural)f(op)s
(erational)e(seman)m(tics)i(for)g(arithmetic)f(expres-)283
3743 y(sions)42 b(where)h(the)f(individual)d(parts)j(of)g(an)f
(expression)i(ma)m(y)f(b)s(e)g(computed)g(in)e(parallel.)283
3863 y(T)-8 b(ry)34 b(to)e(pro)m(v)m(e)i(that)e(y)m(ou)h(still)e
(obtain)g(the)i(result)g(that)f(w)m(as)i(sp)s(eci\014ed)f(b)m(y)g
Ft(A)p Fu(.)468 b Fh(2)283 4257 y Fj(2.5)161 b(Blo)t(c)l(ks)54
b(and)f(pro)t(cedures)283 4496 y Fu(W)-8 b(e)38 b(no)m(w)f(extend)i
(the)e(language)f Fw(While)f Fu(with)i(blo)s(c)m(ks)g(con)m(taining)e
(declarations)h(of)h(v)-5 b(ari-)283 4616 y(ables)33
b(and)g(pro)s(cedures.)44 b(In)33 b(doing)f(so)h(w)m(e)g(in)m(tro)s
(duce)g(a)f(couple)h(of)f(imp)s(ortan)m(t)e(concepts:)429
4869 y Ft(\017)48 b Fu(v)-5 b(ariable)31 b(and)i(pro)s(cedure)g(en)m
(vironmen)m(ts,)h(and)429 5121 y Ft(\017)48 b Fu(lo)s(cations)31
b(and)i(stores.)283 5374 y(W)-8 b(e)36 b(shall)e(concen)m(trate)j(on)e
(the)h(natural)e(seman)m(tics)i(and)f(will)f(consider)h(dynamic)g(as)h
(w)m(ell)283 5494 y(as)d(static)f(scop)s(e)i(and)e(non-recursiv)m(e)i
(as)f(w)m(ell)f(as)g(recursiv)m(e)i(pro)s(cedures.)p
eop
%%Page: 51 61
51 60 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
1998 b(51)p 0 193 3473 4 v 0 515 a Fp(Blo)t(c)l(ks)45
b(and)g(simple)g(declarations)0 700 y Fu(W)-8 b(e)37
b(\014rst)g(extend)h(the)f(language)f Fw(While)f Fu(with)h(blo)s(c)m
(ks)h(con)m(taining)e(declarations)h(of)g(lo)s(cal)0
820 y(v)-5 b(ariables.)42 b(The)34 b(new)f(language)f(is)g(called)f
Fw(Blo)s(c)m(k)h Fu(and)g(its)g(syn)m(tax)i(is)294 1001
y Fs(S)111 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 b Fs(a)39
b Ft(j)33 b Fr(skip)g Ft(j)f Fs(S)1429 1016 y Fn(1)1501
1001 y Fu(;)h Fs(S)1628 1016 y Fn(2)1700 1001 y Ft(j)f
Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2283 1016 y Fn(1)2355
1001 y Fr(else)f Fs(S)2659 1016 y Fn(2)511 1168 y Ft(j)151
b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 b Ft(j)32 b
Fr(begin)i Fs(D)1729 1183 y Fc(V)1822 1168 y Fs(S)44
b Fr(end)0 1350 y Fu(where)32 b Fs(D)363 1365 y Fc(V)454
1350 y Fu(is)d(a)h(meta-v)-5 b(ariable)28 b(ranging)h(o)m(v)m(er)i(the)
g(syn)m(tactic)g(category)g Fw(Dec)2946 1365 y Fn(V)3034
1350 y Fu(of)e Fs(variable)0 1471 y(de)-5 b(clar)g(ations)p
Fu(.)42 b(The)34 b(syn)m(tax)g(of)e(v)-5 b(ariable)31
b(declarations)g(is)h(giv)m(en)h(b)m(y:)294 1658 y Fs(D)377
1673 y Fc(V)537 1658 y Fu(::=)100 b Fr(var)33 b Fs(x)45
b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)1378 1673 y Fc(V)1471
1658 y Ft(j)g Fo(")0 1848 y Fu(where)h Fo(")f Fu(is)g(the)g(empt)m(y)h
(declaration.)43 b(The)34 b(idea)e(is)h(that)g(the)g(v)-5
b(ariables)32 b(declared)h(inside)g(a)0 1969 y(blo)s(c)m(k)f
Fr(begin)i Fs(D)629 1984 y Fc(V)723 1969 y Fs(S)44 b
Fr(end)33 b Fu(are)g Fs(lo)-5 b(c)g(al)42 b Fu(to)32
b(it.)43 b(So)32 b(in)g(a)g(statemen)m(t)h(lik)m(e)244
2157 y Fr(begin)h(var)f(y)g Fu(:=)f Fr(1)p Fu(;)533 2325
y(\()p Fr(x)g Fu(:=)h Fr(1)p Fu(;)533 2493 y Fr(begin)h(var)f(x)g
Fu(:=)f Fr(2)p Fu(;)h Fr(y)g Fu(:=)f Fr(x)p Fu(+)p Fr(1)h(end)p
Fu(;)533 2660 y Fr(x)g Fu(:=)f Fr(y)p Fu(+)p Fr(x)p Fu(\))244
2828 y Fr(end)0 3017 y Fu(the)d Fr(x)f Fu(in)g Fr(y)g
Fu(:=)g Fr(x)p Fu(+)p Fr(1)h Fu(relates)f(to)g(the)h(lo)s(cal)d(v)-5
b(ariable)27 b Fr(x)h Fu(in)m(tro)s(duced)g(b)m(y)i Fr(var)f(x)f
Fu(:=)g Fr(2)p Fu(,)i(whereas)0 3137 y(the)e Fr(x)g Fu(in)f
Fr(x)h Fu(:=)g Fr(y)p Fu(+)p Fr(x)g Fu(relates)f(to)h(the)g(global)d(v)
-5 b(ariable)26 b Fr(x)i Fu(that)g(is)f(also)g(used)i(in)e(the)h
(statemen)m(t)0 3257 y Fr(x)k Fu(:=)h Fr(1)p Fu(.)43
b(In)33 b(b)s(oth)f(cases)i(the)e Fr(y)h Fu(refers)g(to)f(the)g
Fr(y)h Fu(declared)f(in)g(the)h(outer)f(blo)s(c)m(k.)43
b(Therefore,)0 3378 y(the)37 b(statemen)m(t)g Fr(y)g
Fu(:=)f Fr(x)p Fu(+)p Fr(1)h Fu(assigns)g Fr(y)f Fu(the)h(v)-5
b(alue)36 b Fw(3)p Fu(,)i(rather)e(than)h Fw(2)p Fu(,)g(and)g(the)g
(statemen)m(t)0 3498 y Fr(x)c Fu(:=)f Fr(y)p Fu(+)p Fr(x)h
Fu(assigns)g Fr(x)g Fu(the)g(v)-5 b(alue)32 b Fw(4)p
Fu(,)g(rather)h(than)g Fw(5)p Fu(.)146 3619 y(Before)28
b(going)e(in)m(to)h(the)h(details)e(of)h(ho)m(w)i(to)e(sp)s(ecify)h
(the)g(seman)m(tics)f(w)m(e)i(shall)d(de\014ne)j(the)0
3739 y(set)k(D)m(V\()p Fs(D)418 3754 y Fc(V)479 3739
y Fu(\))g(of)f(v)-5 b(ariables)31 b(declared)i(in)e Fs(D)1646
3754 y Fc(V)1707 3739 y Fu(:)294 3925 y(D)m(V\()p Fr(var)i
Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)33 b Fs(D)1088 3940
y Fc(V)1148 3925 y Fu(\))100 b(=)g Ft(f)p Fs(x)12 b Ft(g)31
b([)i Fu(D)m(V\()p Fs(D)2015 3940 y Fc(V)2076 3925 y
Fu(\))294 4092 y(D)m(V\()p Fo(")o Fu(\))726 b(=)100 b
Ft(;)146 4274 y Fu(W)-8 b(e)43 b(next)g(de\014ne)h(the)e
Fs(natur)-5 b(al)44 b(semantics)p Fu(.)71 b(The)44 b(idea)d(will)f(b)s
(e)j(to)e(ha)m(v)m(e)j(one)f(transi-)0 4395 y(tion)36
b(system)i(for)f Fs(e)-5 b(ach)43 b Fu(of)37 b(the)g(syn)m(tactic)h
(categories)f Fw(Stm)f Fu(and)h Fw(Dec)2692 4410 y Fn(V)2750
4395 y Fu(.)57 b(F)-8 b(or)36 b(statemen)m(ts)0 4515
y(the)i(transition)d(system)j(is)f(as)g(in)g(T)-8 b(able)37
b(2.1)f(but)i(extended)h(with)e(the)g(rule)g(of)g(T)-8
b(able)37 b(2.3.)0 4635 y(The)28 b(transition)e(system)j(for)d(v)-5
b(ariable)26 b(declarations)g(has)i(con\014gurations)f(of)g(the)h(t)m
(w)m(o)g(forms)0 4756 y Ft(h)p Fs(D)122 4771 y Fc(V)183
4756 y Fu(,)k Fs(s)8 b Ft(i)37 b Fu(and)h Fs(s)45 b Fu(and)37
b(the)h(idea)f(is)f(that)h(the)h(transition)e(relation)f
Ft(!)2627 4771 y Fc(D)2728 4756 y Fu(sp)s(eci\014es)j(the)g(rela-)0
4876 y(tionship)31 b(b)s(et)m(w)m(een)k(initial)29 b(and)k(\014nal)e
(states)j(as)f(b)s(efore:)244 5065 y Ft(h)p Fs(D)366
5080 y Fc(V)427 5065 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)705
5080 y Fc(D)802 5065 y Fs(s)850 5029 y Fi(0)0 5254 y
Fu(The)g(relation)d Ft(!)654 5269 y Fc(D)749 5254 y Fu(for)h(v)-5
b(ariable)29 b(declarations)h(is)g(giv)m(en)h(in)f(T)-8
b(able)30 b(2.4.)43 b(W)-8 b(e)31 b(generalize)f(the)0
5374 y(substitution)42 b(op)s(eration)f(on)i(states)g(and)g(write)f
Fs(s)1939 5338 y Fi(0)1962 5374 y Fu([)p Fs(X)16 b Ft(7\000)-15
b(!)o Fs(s)8 b Fu(])43 b(for)f(the)h(state)g(that)f(is)g(as)h
Fs(s)3449 5338 y Fi(0)0 5494 y Fu(except)34 b(for)e(v)-5
b(ariables)32 b(in)f(the)i(set)h Fs(X)48 b Fu(where)34
b(it)e(is)g(as)h(sp)s(eci\014ed)g(b)m(y)g Fs(s)8 b Fu(.)44
b(F)-8 b(ormally)g(,)p eop
%%Page: 52 62
52 61 bop 251 130 a Fw(52)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 736 4
318 v 773 605 a Fu([blo)s(c)m(k)1025 620 y Fn(ns)1096
605 y Fu(])1689 519 y Ft(h)p Fs(D)1811 534 y Fc(V)1872
519 y Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)2150 534 y Fc(D)2247
519 y Fs(s)2295 483 y Fi(0)2318 519 y Fu(,)g Ft(h)p Fs(S)12
b Fu(,)32 b Fs(s)2591 483 y Fi(0)2614 519 y Ft(i)h(!)f
Fs(s)2866 483 y Fi(00)p 1406 582 1787 4 v 1406 687 a
Ft(h)o Fr(begin)i Fs(D)1816 702 y Fc(V)1910 687 y Fs(S)44
b Fr(end)p Fu(,)33 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)2522
650 y Fi(00)2564 687 y Fu([D)m(V\()p Fs(D)2857 702 y
Fc(V)2918 687 y Fu(\))p Ft(7\000)-16 b(!)p Fs(s)8 b Fu(])p
3753 736 4 318 v 283 739 3473 4 v 873 900 a(T)-8 b(able)32
b(2.3:)43 b(Natural)31 b(seman)m(tics)i(for)f(statemen)m(ts)i(of)e
Fw(Blo)s(c)m(k)p 283 976 V 283 1508 4 533 v 720 1162
a Fu([v)-5 b(ar)880 1177 y Fn(ns)951 1162 y Fu(])1382
1076 y Ft(h)p Fs(D)1504 1091 y Fc(V)1565 1076 y Fu(,)32
b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7
b Fu(])-17 b(])q Fs(s)8 b Fu(])p Ft(i)32 b(!)2314 1091
y Fc(D)2410 1076 y Fs(s)2458 1040 y Fi(0)p 1353 1139
1158 4 v 1353 1244 a Ft(h)p Fr(var)h Fs(x)45 b Fu(:=)32
b Fs(a)7 b Fu(;)33 b Fs(D)2003 1259 y Fc(V)2064 1244
y Fu(,)g Fs(s)8 b Ft(i)32 b(!)2343 1259 y Fc(D)2439 1244
y Fs(s)2487 1208 y Fi(0)720 1447 y Fu([none)947 1462
y Fn(ns)1019 1447 y Fu(])297 b Ft(h)p Fo(")p Fu(,)32
b Fs(s)8 b Ft(i)33 b(!)1706 1462 y Fc(D)1803 1447 y Fs(s)p
3753 1508 4 533 v 283 1511 3473 4 v 874 1672 a Fu(T)-8
b(able)32 b(2.4:)43 b(Natural)32 b(seman)m(tics)h(for)f(v)-5
b(ariable)30 b(declarations)527 1961 y(\()p Fs(s)613
1925 y Fi(0)637 1961 y Fu([)p Fs(X)16 b Ft(7\000)-16
b(!)o Fs(s)8 b Fu(]\))33 b Fs(x)44 b Fu(=)1256 1815 y
Fg(\()1364 1900 y Fs(s)d(x)118 b Fu(if)31 b Fs(x)45 b
Ft(2)33 b Fs(X)1364 2020 y(s)1412 1984 y Fi(0)1468 2020
y Fs(x)95 b Fu(if)31 b Fs(x)45 b Ft(62)33 b Fs(X)283
2180 y Fu(This)c(op)s(eration)d(will)g(ensure)j(that)f(lo)s(cal)d(v)-5
b(ariables)27 b(are)h(restored)h(to)e(their)h(previous)g(v)-5
b(alues)283 2301 y(when)34 b(the)f(blo)s(c)m(k)g(is)f(left.)283
2475 y Fw(Exercise)37 b(2.37)49 b Fu(Use)35 b(the)f(natural)g(seman)m
(tics)g(of)g(T)-8 b(able)34 b(2.3)f(to)h(sho)m(w)h(that)f(execution)h
(of)283 2595 y(the)e(statemen)m(t)527 2758 y Fr(begin)h(var)g(y)e
Fu(:=)h Fr(1)p Fu(;)816 2926 y(\()p Fr(x)g Fu(:=)f Fr(1)p
Fu(;)816 3093 y Fr(begin)i(var)f(x)g Fu(:=)g Fr(2)p Fu(;)f
Fr(y)h Fu(:=)g Fr(x)p Fu(+)p Fr(1)g(end)p Fu(;)816 3261
y Fr(x)g Fu(:=)f Fr(y)p Fu(+)p Fr(x)p Fu(\))527 3429
y Fr(end)283 3592 y Fu(will)f(lead)h(to)g(a)g(state)h(where)h
Fr(x)f Fu(has)g(the)g(v)-5 b(alue)32 b Fw(4)p Fu(.)1525
b Fh(2)430 3766 y Fu(It)32 b(is)f(somewhat)h(harder)g(to)f(sp)s(ecify)i
(a)e Fs(structur)-5 b(al)35 b(op)-5 b(er)g(ational)33
b(semantics)39 b Fu(for)31 b(the)i(ex-)283 3886 y(tended)c(language.)41
b(One)28 b(approac)m(h)g(is)f(to)g(replace)h(states)g(with)g(a)f
(structure)i(that)e(is)g(similar)283 4007 y(to)34 b(the)g(run-time)f
(stac)m(ks)i(used)h(in)d(the)h(implemen)m(tation)d(of)i(blo)s(c)m(k)h
(structured)h(languages.)283 4127 y(Another)43 b(is)f(to)g(extend)h
(the)g(statemen)m(ts)g(with)f(fragmen)m(ts)g(of)f(the)i(state.)73
b(Ho)m(w)m(ev)m(er,)47 b(w)m(e)283 4247 y(shall)32 b(not)g(go)g
(further)h(in)m(to)f(this.)283 4529 y Fp(Pro)t(cedures)283
4714 y Fu(W)-8 b(e)27 b(shall)f(no)m(w)h(extend)h(the)f(language)e
Fw(Blo)s(c)m(k)h Fu(with)g(pro)s(cedure)h(declarations.)41
b(The)27 b(syn)m(tax)283 4834 y(of)33 b(the)g(language)e
Fw(Pro)s(c)h Fu(is:)577 4989 y Fs(S)189 b Fu(::=)99 b
Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 b Fr(skip)i Ft(j)e
Fs(S)1790 5004 y Fn(1)1862 4989 y Fu(;)g Fs(S)1988 5004
y Fn(2)2060 4989 y Ft(j)g Fr(if)h Fs(b)39 b Fr(then)33
b Fs(S)2643 5004 y Fn(1)2715 4989 y Fr(else)h Fs(S)3020
5004 y Fn(2)872 5156 y Ft(j)150 b Fr(while)34 b Fs(b)39
b Fr(do)33 b Fs(S)44 b Ft(j)32 b Fr(begin)i Fs(D)2089
5171 y Fc(V)2183 5156 y Fs(D)2266 5171 y Fc(P)2357 5156
y Fs(S)44 b Fr(end)33 b Ft(j)g Fr(call)g Fs(p)577 5324
y(D)660 5339 y Fc(V)821 5324 y Fu(::=)99 b Fr(var)34
b Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)32 b Fs(D)1661 5339
y Fc(V)1755 5324 y Ft(j)g Fo(")577 5492 y Fs(D)660 5507
y Fc(P)821 5492 y Fu(::=)99 b Fr(proc)34 b Fs(p)k Fr(is)33
b Fs(S)12 b Fu(;)33 b Fs(D)1721 5507 y Fc(P)1812 5492
y Ft(j)f Fo(")p eop
%%Page: 53 63
53 62 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
1998 b(53)p 0 193 3473 4 v 0 515 a Fu(Here)27 b Fs(p)33
b Fu(is)26 b(a)g(meta-v)-5 b(ariable)24 b(ranging)i(o)m(v)m(er)h(the)g
(syn)m(tactic)h(category)f Fw(Pname)f Fu(of)g(pro)s(cedure)0
636 y(names;)31 b(in)e(the)h(concrete)h(syn)m(tax)h(there)e(need)h(not)
f(b)s(e)g(an)m(y)g(di\013erence)h(b)s(et)m(w)m(een)g(pro)s(cedure)0
756 y(names)37 b(and)g(v)-5 b(ariable)36 b(names)h(but)g(in)g(the)g
(abstract)h(syn)m(tax)g(it)e(is)h(con)m(v)m(enien)m(t)i(to)e(b)s(e)g
(able)0 877 y(to)c(distinguish)f(b)s(et)m(w)m(een)j(the)f(t)m(w)m(o.)46
b(F)-8 b(urthermore,)33 b Fs(D)2061 892 y Fc(P)2152 877
y Fu(is)g(a)g(meta-v)-5 b(ariable)30 b(ranging)i(o)m(v)m(er)0
997 y(the)h(syn)m(tactic)g(category)g Fw(Dec)1160 1012
y Fn(P)1245 997 y Fu(of)f Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)34
b(de)-5 b(clar)g(ations)p Fu(.)146 1117 y(W)d(e)40 b(shall)d(giv)m(e)i
(three)h(di\013eren)m(t)f(seman)m(tics)g(of)f(this)h(language.)61
b(They)40 b(di\013er)f(in)f(their)0 1238 y(c)m(hoice)33
b(of)f(scop)s(e)h(rules)g(for)f(v)-5 b(ariables)31 b(and)i(pro)s
(cedures:)145 1436 y Ft(\017)49 b Fu(dynamic)32 b(scop)s(e)h(for)f(v)-5
b(ariables)31 b(as)i(w)m(ell)f(as)h(pro)s(cedures,)145
1637 y Ft(\017)49 b Fu(dynamic)32 b(scop)s(e)h(for)f(v)-5
b(ariables)31 b(but)i(static)f(scop)s(e)i(for)e(pro)s(cedures,)i(and)
145 1839 y Ft(\017)49 b Fu(static)32 b(scop)s(e)h(for)f(v)-5
b(ariables)32 b(as)g(w)m(ell)g(as)h(pro)s(cedures.)0
2037 y(T)-8 b(o)33 b(illustrate)d(the)j(di\013erence)g(consider)g(the)g
(statemen)m(t)244 2235 y Fr(begin)h(var)f(x)g Fu(:=)f
Fr(0)p Fu(;)533 2403 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f
Fr(x)h Fo(?)f Fr(2)p Fu(;)533 2570 y Fr(proc)h(q)g(is)g(call)h(p)p
Fu(;)533 2738 y Fr(begin)g(var)f(x)g Fu(:=)f Fr(5)p Fu(;)822
2905 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f Fr(x)h Fu(+)f(1;)822
3073 y Fr(call)h(q)p Fu(;)g Fr(y)g Fu(:=)f Fr(x)533 3241
y(end)244 3408 y(end)0 3606 y Fu(If)39 b Fs(dynamic)i(sc)-5
b(op)g(e)46 b Fu(is)39 b(used)h(for)f(v)-5 b(ariables)38
b(as)i(w)m(ell)f(as)g(pro)s(cedures)i(then)f(the)g(\014nal)f(v)-5
b(alue)0 3727 y(of)42 b Fr(y)h Fu(is)f Fw(6)p Fu(.)74
b(The)44 b(reason)f(is)f(that)h Fr(call)g(q)g Fu(will)e(call)g(the)i
Fs(lo)-5 b(c)g(al)52 b Fu(pro)s(cedure)44 b Fr(p)e Fu(whic)m(h)i(will)0
3847 y(up)s(date)31 b(the)g Fs(lo)-5 b(c)g(al)40 b Fu(v)-5
b(ariable)29 b Fr(x)p Fu(.)43 b(If)30 b(w)m(e)i(use)f(dynamic)f(scop)s
(e)i(for)e(v)-5 b(ariables)29 b(but)i Fs(static)i(sc)-5
b(op)g(e)0 3967 y Fu(for)35 b(pro)s(cedures)i(then)f
Fr(y)g Fu(gets)g(the)g(v)-5 b(alue)35 b Fw(10)p Fu(.)52
b(The)37 b(reason)f(is)f(that)g(no)m(w)i Fr(call)f(q)g
Fu(will)d(call)0 4088 y(the)38 b Fs(glob)-5 b(al)47 b
Fu(pro)s(cedure)39 b Fr(p)f Fu(and)g(it)f(will)e(up)s(date)j(the)g
Fs(lo)-5 b(c)g(al)47 b Fu(v)-5 b(ariable)36 b Fr(x)p
Fu(.)60 b(Finally)-8 b(,)36 b(if)h(w)m(e)h(use)0 4208
y(static)28 b(scop)s(e)h(for)e(v)-5 b(ariables)27 b(as)h(w)m(ell)f(as)i
(pro)s(cedures)g(then)g Fr(y)f Fu(gets)h(the)f(v)-5 b(alue)28
b Fw(5)p Fu(.)42 b(The)29 b(reason)0 4329 y(is)39 b(that)g
Fr(call)h(q)g Fu(no)m(w)g(will)d(call)g(the)j Fs(glob)-5
b(al)49 b Fu(pro)s(cedure)40 b Fr(p)f Fu(whic)m(h)h(will)d(up)s(date)j
(the)f Fs(glob)-5 b(al)0 4449 y Fu(v)g(ariable)31 b Fr(x)i
Fu(so)f(the)h(lo)s(cal)e(v)-5 b(ariable)31 b Fr(x)h Fu(is)g(unc)m
(hanged.)0 4708 y Fw(Dynamic)37 b(scop)s(e)g(rules)g(for)h(v)-6
b(ariables)37 b(and)h(pro)s(cedures)0 4893 y Fu(The)44
b(general)f(idea)f(is)h(that)g(to)g(execute)i(the)e(statemen)m(t)h
Fr(call)g Fs(p)49 b Fu(w)m(e)44 b(shall)e(execute)j(the)0
5013 y(b)s(o)s(dy)34 b(of)f(the)i(pro)s(cedure.)48 b(This)34
b(means)g(that)g(w)m(e)g(ha)m(v)m(e)i(to)d(k)m(eep)j(trac)m(k)e(of)g
(the)g(asso)s(ciation)0 5133 y(of)k(pro)s(cedure)i(names)f(with)g(pro)s
(cedure)h(b)s(o)s(dies.)62 b(T)-8 b(o)39 b(facilitate)d(this)j(w)m(e)h
(shall)d(in)m(tro)s(duce)0 5254 y(the)42 b(notion)f(of)g(a)h
Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)42 b(envir)-5 b(onment)p
Fu(.)70 b(Giv)m(en)42 b(a)f(pro)s(cedure)i(name)e(the)h(pro)s(cedure)0
5374 y(en)m(vironmen)m(t)25 b Fs(env)709 5389 y Fc(P)792
5374 y Fu(will)d(return)k(the)f(statemen)m(t)g(that)g(is)f(its)g(b)s(o)
s(dy)-8 b(.)41 b(So)25 b Fs(env)2844 5389 y Fc(P)2927
5374 y Fu(is)f(an)h(elemen)m(t)0 5494 y(of)p eop
%%Page: 54 64
54 63 bop 251 130 a Fw(54)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 3862
4 3443 v 654 528 a Fu([ass)806 543 y Fn(ns)878 528 y
Fu(])372 b Fs(env)1433 543 y Fc(P)1523 528 y Ft(`)33
b(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)p Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])654 743 y([skip)852
758 y Fn(ns)923 743 y Fu(])327 b Fs(env)1433 758 y Fc(P)1523
743 y Ft(`)33 b(h)o Fr(skip)p Fu(,)h Fs(s)8 b Ft(i)32
b(!)g Fs(s)654 1035 y Fu([comp)909 1050 y Fn(ns)980 1035
y Fu(])1287 948 y Fs(env)1443 963 y Fc(P)1533 948 y Ft(`)h(h)o
Fs(S)1732 963 y Fn(1)1772 948 y Fu(,)f Fs(s)8 b Ft(i)33
b(!)f Fs(s)2131 912 y Fi(0)2154 948 y Fu(,)h Fs(env)2370
963 y Fc(P)2460 948 y Ft(`)f(h)p Fs(S)2659 963 y Fn(2)2698
948 y Fu(,)h Fs(s)2806 912 y Fi(0)2829 948 y Ft(i)g(!)f
Fs(s)3081 912 y Fi(00)p 1287 1012 1837 4 v 1695 1116
a Fs(env)1851 1131 y Fc(P)1942 1116 y Ft(`)g(h)p Fs(S)2141
1131 y Fn(1)2180 1116 y Fu(;)p Fs(S)2274 1131 y Fn(2)2313
1116 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2672 1080 y
Fi(00)654 1397 y Fu([if)739 1361 y Fn(tt)739 1422 y(ns)809
1397 y Fu(])1703 1310 y Fs(env)1859 1325 y Fc(P)1949
1310 y Ft(`)h(h)p Fs(S)2149 1325 y Fn(1)2188 1310 y Fu(,)f
Fs(s)8 b Ft(i)33 b(!)f Fs(s)2547 1274 y Fi(0)p 1287 1374
1700 4 v 1287 1478 a Fs(env)1443 1493 y Fc(P)1533 1478
y Ft(`)h(h)o Fr(if)g Fs(b)39 b Fr(then)33 b Fs(S)2188
1493 y Fn(1)2260 1478 y Fr(else)h Fs(S)2565 1493 y Fn(2)2604
1478 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)2963 1442 y
Fi(0)1513 1635 y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(tt)654 1927 y
Fu([if)739 1890 y Fn(\013)739 1951 y(ns)809 1927 y Fu(])1703
1840 y Fs(env)1859 1855 y Fc(P)1949 1840 y Ft(`)h(h)p
Fs(S)2149 1855 y Fn(2)2188 1840 y Fu(,)f Fs(s)8 b Ft(i)33
b(!)f Fs(s)2547 1804 y Fi(0)p 1287 1903 V 1287 2008 a
Fs(env)1443 2023 y Fc(P)1533 2008 y Ft(`)h(h)o Fr(if)g
Fs(b)39 b Fr(then)33 b Fs(S)2188 2023 y Fn(1)2260 2008
y Fr(else)h Fs(S)2565 2023 y Fn(2)2604 2008 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)g Fs(s)2963 1972 y Fi(0)1513 2165
y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
Fs(s)41 b Fu(=)32 b Fw(\013)654 2456 y Fu([while)904
2420 y Fn(tt)904 2481 y(ns)974 2456 y Fu(])1287 2370
y Fs(env)1443 2385 y Fc(P)1533 2370 y Ft(`)h(h)o Fs(S)12
b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2091 2334 y Fi(0)2115
2370 y Fu(,)g Fs(env)2330 2385 y Fc(P)2421 2370 y Ft(`)g(h)p
Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)3235
2334 y Fi(0)3258 2370 y Ft(i)f(!)g Fs(s)3509 2334 y Fi(00)p
1287 2433 2266 4 v 1742 2538 a Fs(env)1898 2553 y Fc(P)1989
2538 y Ft(`)g(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12
b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)3054 2502 y Fi(00)1513
2694 y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q Fs(s)41 b Fu(=)32 b Fw(tt)654 2909 y Fu([while)904
2873 y Fn(\013)904 2934 y(ns)974 2909 y Fu(])276 b Fs(env)1433
2924 y Fc(P)1523 2909 y Ft(`)33 b(h)o Fr(while)h Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h
Fs(s)1513 3077 y Fu(if)e Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(\013)654 3368
y Fu([blo)s(c)m(k)906 3383 y Fn(ns)977 3368 y Fu(])1410
3282 y Ft(h)p Fs(D)1532 3297 y Fc(V)1593 3282 y Fu(,)g
Fs(s)8 b Ft(i)33 b(!)1871 3297 y Fc(D)1968 3282 y Fs(s)2016
3246 y Fi(0)2039 3282 y Fu(,)g(up)s(d)2264 3297 y Fn(P)2316
3282 y Fu(\()p Fs(D)2437 3297 y Fc(P)2496 3282 y Fu(,)g
Fs(env)2712 3297 y Fc(P)2769 3282 y Fu(\))g Ft(`)f(h)p
Fs(S)12 b Fu(,)32 b Fs(s)3146 3246 y Fi(0)3170 3282 y
Ft(i)g(!)g Fs(s)3421 3246 y Fi(00)p 1287 3345 2301 4
v 1287 3450 a Fs(env)1443 3465 y Fc(P)1533 3450 y Ft(`)h(h)o
Fr(begin)h Fs(D)2037 3465 y Fc(V)2131 3450 y Fs(D)2214
3465 y Fc(P)2305 3450 y Fs(S)44 b Fr(end)p Fu(,)34 b
Fs(s)8 b Ft(i)32 b(!)g Fs(s)2917 3414 y Fi(00)2960 3450
y Fu([D)m(V\()p Fs(D)3253 3465 y Fc(V)3313 3450 y Fu(\))p
Ft(7\000)-16 b(!)p Fs(s)8 b Fu(])654 3731 y([call)829
3694 y Fn(rec)829 3755 y(ns)922 3731 y Fu(])1400 3644
y Fs(env)1556 3659 y Fc(P)1646 3644 y Ft(`)33 b(h)p Fs(S)12
b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h Fs(s)2205 3608 y Fi(0)p
1287 3707 1055 4 v 1287 3812 a Fs(env)1443 3827 y Fc(P)1533
3812 y Ft(`)g(h)o Fr(call)h Fs(p)6 b Fu(,)32 b Fs(s)8
b Ft(i)33 b(!)f Fs(s)2318 3776 y Fi(0)2449 3731 y Fu(where)i
Fs(env)2887 3746 y Fc(P)2977 3731 y Fs(p)k Fu(=)33 b
Fs(S)p 3753 3862 4 3443 v 283 3865 3473 4 v 640 4026
a Fu(T)-8 b(able)32 b(2.5:)44 b(Natural)31 b(seman)m(tics)i(for)f
Fw(Pro)s(c)g Fu(with)g(dynamic)g(scop)s(e)h(rules)527
4322 y Fw(En)m(v)719 4337 y Fn(P)804 4322 y Fu(=)f Fw(Pname)h
Fo(,)-17 b Ft(!)32 b Fw(Stm)430 4552 y Fu(The)45 b(next)g(step)g(will)c
(b)s(e)k(to)e(extend)j(the)e(natural)f(seman)m(tics)h(to)g(tak)m(e)h
(the)f(en)m(viron-)283 4672 y(men)m(t)35 b(in)m(to)f(accoun)m(t.)50
b(W)-8 b(e)35 b(shall)e(extend)j(the)f(transition)e(system)j(for)e
(statemen)m(ts)h(to)g(ha)m(v)m(e)283 4793 y(transitions)d(of)g(the)h
(form)527 5023 y Fs(env)683 5038 y Fc(P)774 5023 y Ft(`)f(h)p
Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1332
4987 y Fi(0)283 5254 y Fu(The)e(presence)g(of)e(the)h(en)m(vironmen)m
(t)f(means)h(that)f(w)m(e)h(can)g(alw)m(a)m(ys)g(access)h(it)d(and)h
(therefore)283 5374 y(get)36 b(hold)g(of)f(the)i(b)s(o)s(dies)e(of)h
(declared)g(pro)s(cedures.)55 b(The)37 b(result)f(of)f(mo)s(difying)f
(T)-8 b(able)35 b(2.1)283 5494 y(to)e(incorp)s(orate)e(this)h(extra)h
(information)d(is)i(sho)m(wn)i(in)e(T)-8 b(able)32 b(2.5.)p
eop
%%Page: 55 65
55 64 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
1998 b(55)p 0 193 3473 4 v 146 515 a Fu(Concerning)39
b(the)f(rule)g(for)g Fr(begin)h Fs(D)1573 530 y Fc(V)1672
515 y Fs(D)1755 530 y Fc(P)1852 515 y Fs(S)50 b Fr(end)39
b Fu(the)f(idea)g(is)f(that)h(w)m(e)i(up)s(date)e(the)0
636 y(pro)s(cedure)44 b(en)m(vironmen)m(t)f(so)f(that)h(the)g(pro)s
(cedures)h(declared)f(in)f Fs(D)2666 651 y Fc(P)2767
636 y Fu(will)e(b)s(e)j(a)m(v)-5 b(ailable)0 756 y(when)41
b(executing)f Fs(S)12 b Fu(.)39 b(Giv)m(en)h(a)f(global)e(en)m
(vironmen)m(t)j Fs(env)2234 771 y Fc(P)2331 756 y Fu(and)g(a)f
(declaration)f Fs(D)3210 771 y Fc(P)3269 756 y Fu(,)j(the)0
877 y(up)s(dated)33 b(pro)s(cedure)h(en)m(vironmen)m(t,)f(up)s(d)1588
892 y Fn(P)1640 877 y Fu(\()p Fs(D)1761 892 y Fc(P)1820
877 y Fu(,)f Fs(env)2035 892 y Fc(P)2093 877 y Fu(\),)h(is)f(sp)s
(eci\014ed)h(b)m(y:)244 1072 y(up)s(d)409 1087 y Fn(P)461
1072 y Fu(\()p Fr(proc)h Fs(p)k Fr(is)33 b Fs(S)12 b
Fu(;)33 b Fs(D)1170 1087 y Fc(P)1228 1072 y Fu(,)g Fs(env)1444
1087 y Fc(P)1502 1072 y Fu(\))f(=)h(up)s(d)1846 1087
y Fn(P)1898 1072 y Fu(\()p Fs(D)2019 1087 y Fc(P)2078
1072 y Fu(,)f Fs(env)2293 1087 y Fc(P)2351 1072 y Fu([)p
Fs(p)6 b Ft(7!)p Fs(S)12 b Fu(]\))244 1240 y(up)s(d)409
1255 y Fn(P)461 1240 y Fu(\()p Fo(")p Fu(,)33 b Fs(env)761
1255 y Fc(P)818 1240 y Fu(\))g(=)f Fs(env)1153 1255 y
Fc(P)146 1436 y Fu(As)j(the)f(v)-5 b(ariable)32 b(declarations)g(do)i
(not)g(need)g(to)g(access)h(the)f(pro)s(cedure)h(en)m(vironmen)m(t)0
1556 y(it)c(is)h(not)g(necessary)j(to)d(extend)i(the)f(transition)e
(system)i(for)f(declarations)f(with)h(the)h(extra)0 1677
y(comp)s(onen)m(t.)44 b(So)32 b(for)g(v)-5 b(ariable)31
b(declarations)g(w)m(e)j(still)c(ha)m(v)m(e)k(transitions)d(of)i(the)g
(form)244 1873 y Ft(h)p Fs(D)9 b Fu(,)32 b Fs(s)8 b Ft(i)33
b(!)644 1888 y Fc(D)741 1873 y Fs(s)789 1837 y Fi(0)0
2069 y Fu(The)h(relation)c(is)i(de\014ned)i(as)f(for)f(the)h(language)f
Fw(Blo)s(c)m(k)p Fu(,)f(that)h(is)g(b)m(y)i(T)-8 b(able)32
b(2.4.)146 2189 y(W)-8 b(e)25 b(can)g(no)m(w)g(complete)e(the)i(sp)s
(eci\014cation)f(of)g(the)h(seman)m(tics)f(of)g(blo)s(c)m(ks)h(and)f
(pro)s(cedure)0 2309 y(calls.)42 b(Note)31 b(that)g(in)g(the)h(rule)f
([blo)s(c)m(k)1425 2324 y Fn(ns)1496 2309 y Fu(])g(of)g(T)-8
b(able)31 b(2.5)g(w)m(e)h(use)g(the)g(up)s(dated)g(en)m(vironmen)m(t)0
2430 y(when)47 b(executing)f(the)g(b)s(o)s(dy)f(of)g(the)h(blo)s(c)m
(k.)82 b(In)46 b(the)g(rule)f([call)2495 2394 y Fn(rec)2495
2454 y(ns)2588 2430 y Fu(])g(for)g(pro)s(cedure)i(calls)0
2550 y(w)m(e)g(mak)m(e)f(use)i(of)d(the)i(information)c(pro)m(vided)j
(b)m(y)h(the)g(en)m(vironmen)m(t.)85 b(It)46 b(follo)m(ws)f(that)0
2671 y(pro)s(cedures)34 b(will)c Fs(always)40 b Fu(b)s(e)33
b(recursiv)m(e.)0 2889 y Fw(Exercise)j(2.38)49 b Fu(Consider)33
b(the)g(follo)m(wing)d(statemen)m(t)j(of)f Fw(Pro)s(c)p
Fu(:)244 3085 y Fr(begin)i(proc)f(fac)h(is)f(begin)h(var)f(z)g
Fu(:=)f Fr(x)p Fu(;)1381 3252 y Fr(if)h(x)f Fu(=)h Fr(1)g(then)g(skip)
1381 3420 y(else)g Fu(\()p Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(;)i Fr(call)g(fac)p Fu(;)f Fr(y)g Fu(:=)f Fr(z)p
Fo(?)p Fr(y)p Fu(\))1092 3588 y Fr(end)p Fu(;)533 3755
y(\()p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(call)g(fac)p Fu(\))244
3923 y Fr(end)0 4119 y Fu(Construct)26 b(a)f(deriv)-5
b(ation)23 b(tree)j(for)e(the)i(execution)f(of)g(this)g(statemen)m(t)g
(from)f(a)h(state)g Fs(s)33 b Fu(where)0 4239 y Fs(s)41
b Fr(x)32 b Fu(=)h Fw(3)p Fu(.)3042 b Fh(2)0 4458 y Fw(Exercise)36
b(2.39)49 b Fu(Use)34 b(the)f(seman)m(tics)g(to)f(v)m(erify)h(that)f
(the)h(statemen)m(t)244 4653 y Fr(begin)h(var)f(x)g Fu(:=)f
Fr(0)p Fu(;)533 4821 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f
Fr(x)h Fo(?)f Fr(2)p Fu(;)533 4989 y Fr(proc)h(q)g(is)g(call)h(p)p
Fu(;)533 5156 y Fr(begin)g(var)f(x)g Fu(:=)f Fr(5)p Fu(;)822
5324 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f Fr(x)h Fu(+)f(1;)822
5492 y Fr(call)h(q)p Fu(;)g Fr(y)g Fu(:=)f Fr(x)p eop
%%Page: 56 66
56 65 bop 251 130 a Fw(56)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1434
4 1015 v 955 605 a Fu([call)1130 620 y Fn(ns)1200 605
y Fu(])1701 519 y Fs(env)1857 483 y Fi(0)1857 543 y Fc(P)1948
519 y Ft(`)32 b(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
b(!)f Fs(s)2506 483 y Fi(0)p 1588 582 1055 4 v 1588 687
a Fs(env)1744 702 y Fc(P)1834 687 y Ft(`)h(h)p Fr(call)g
Fs(p)6 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2619 650
y Fi(0)1814 843 y Fu(where)i Fs(env)2252 858 y Fc(P)2343
843 y Fs(p)k Fu(=)32 b(\()p Fs(S)12 b Fu(,)33 b Fs(env)2860
807 y Fi(0)2860 868 y Fc(P)2918 843 y Fu(\))955 1135
y([call)1130 1099 y Fn(rec)1130 1159 y(ns)1223 1135 y
Fu(])1588 1048 y Fs(env)1744 1012 y Fi(0)1744 1073 y
Fc(P)1802 1048 y Fu([)p Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12
b Fu(,)32 b Fs(env)2305 1012 y Fi(0)2305 1073 y Fc(P)2363
1048 y Fu(\)])g Ft(`)h(h)p Fs(S)12 b Fu(,)32 b Fs(s)8
b Ft(i)32 b(!)g Fs(s)3018 1012 y Fi(0)p 1588 1112 1454
4 v 1788 1216 a Fs(env)1944 1231 y Fc(P)2034 1216 y Ft(`)g(h)p
Fr(call)i Fs(p)6 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)2819
1180 y Fi(0)1814 1373 y Fu(where)i Fs(env)2252 1388 y
Fc(P)2343 1373 y Fs(p)k Fu(=)32 b(\()p Fs(S)12 b Fu(,)33
b Fs(env)2860 1337 y Fi(0)2860 1397 y Fc(P)2918 1373
y Fu(\))p 3753 1434 4 1015 v 283 1437 3473 4 v 572 1603
a(T)-8 b(able)32 b(2.6:)43 b(Pro)s(cedure)34 b(calls)d(in)h(case)i(of)e
(mixed)g(scop)s(e)h(rules)g(\(c)m(ho)s(ose)g(one\))816
1894 y Fr(end)527 2061 y(end)283 2264 y Fu(considered)h(earlier)d(do)s
(es)i(indeed)g(assign)f(the)h(exp)s(ected)i(v)-5 b(alue)32
b(to)g Fr(y)p Fu(.)781 b Fh(2)283 2524 y Fw(Static)37
b(scop)s(e)h(rules)f(for)g(pro)s(cedures)283 2709 y Fu(W)-8
b(e)36 b(shall)d(no)m(w)j(mo)s(dify)d(the)i(seman)m(tics)g(of)f
Fw(Pro)s(c)h Fu(to)f(sp)s(ecify)h(static)g(scop)s(e)g(rules)g(for)f
(pro-)283 2829 y(cedures.)46 b(The)33 b(\014rst)g(step)h(will)c(b)s(e)j
(to)f(extend)i(the)f(pro)s(cedure)g(en)m(vironmen)m(t)g
Fs(env)3367 2844 y Fc(P)3457 2829 y Fu(so)g(that)283
2949 y(pro)s(cedure)g(names)f(are)f(asso)s(ciated)h(with)f(their)g(b)s
(o)s(dy)g(as)h(w)m(ell)f(as)h(the)g(pro)s(cedure)g(en)m(viron-)283
3070 y(men)m(t)h(at)f(the)h(p)s(oin)m(t)f(of)g(declaration.)42
b(T)-8 b(o)33 b(this)f(end)h(w)m(e)h(de\014ne)527 3273
y Fw(En)m(v)719 3288 y Fn(P)804 3273 y Fu(=)e Fw(Pname)h
Fo(,)-17 b Ft(!)32 b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959
3288 y Fn(P)283 3476 y Fu(This)j(de\014nition)e(ma)m(y)h(seem)g
(problematic)e(b)s(ecause)k Fw(En)m(v)2495 3491 y Fn(P)2582
3476 y Fu(is)d(de\014ned)j(in)d(terms)h(of)g(itself.)283
3596 y(Ho)m(w)m(ev)m(er,)41 b(this)c(is)g(not)h(really)e(a)h(problem)f
(b)s(ecause)j(a)e(concrete)h(pro)s(cedure)h(en)m(vironmen)m(t)283
3717 y(alw)m(a)m(ys)31 b(will)d(b)s(e)i(built)f(from)f(smaller)g(en)m
(vironmen)m(ts)j(starting)e(with)h(the)g(empt)m(y)h(pro)s(cedure)283
3837 y(en)m(vironmen)m(t.)65 b(The)41 b(function)e(up)s(d)1665
3852 y Fn(P)1757 3837 y Fu(up)s(dating)f(the)i(pro)s(cedure)h(en)m
(vironmen)m(t)e(can)h(then)283 3958 y(b)s(e)33 b(rede\014ned)i(as:)527
4161 y(up)s(d)692 4176 y Fn(P)745 4161 y Fu(\()p Fr(proc)e
Fs(p)39 b Fr(is)33 b Fs(S)12 b Fu(;)32 b Fs(D)1453 4176
y Fc(P)1512 4161 y Fu(,)h Fs(env)1728 4176 y Fc(P)1785
4161 y Fu(\))g(=)f(up)s(d)2129 4176 y Fn(P)2182 4161
y Fu(\()p Fs(D)2303 4176 y Fc(P)2361 4161 y Fu(,)h Fs(env)2577
4176 y Fc(P)2635 4161 y Fu([)p Fs(p)6 b Ft(7!)o Fu(\()p
Fs(S)12 b Fu(,)33 b Fs(env)3138 4176 y Fc(P)3196 4161
y Fu(\)]\))527 4328 y(up)s(d)692 4343 y Fn(P)745 4328
y Fu(\()p Fo(")o Fu(,)g Fs(env)1044 4343 y Fc(P)1102
4328 y Fu(\))f(=)h Fs(env)1437 4343 y Fc(P)430 4531 y
Fu(The)28 b(seman)m(tics)f(of)g(v)-5 b(ariable)25 b(declarations)h(are)
i(una\013ected)g(and)f(so)h(is)e(the)i(seman)m(tics)f(of)283
4652 y(most)f(of)f(the)h(statemen)m(ts.)42 b(Compared)26
b(with)g(T)-8 b(able)25 b(2.5)g(w)m(e)i(shall)e(only)g(need)i(to)e(mo)s
(dify)f(the)283 4772 y(rules)36 b(for)g(pro)s(cedure)g(calls.)52
b(In)36 b(the)h(case)f(where)h(the)g(pro)s(cedures)g(of)e
Fw(Pro)s(c)g Fu(are)h(assumed)283 4893 y(to)42 b(b)s(e)h
Fs(non-r)-5 b(e)g(cursive)48 b Fu(w)m(e)c(simply)d(consult)h(the)g(pro)
s(cedure)i(en)m(vironmen)m(t)e(to)g(determine)283 5013
y(the)35 b(b)s(o)s(dy)f(of)g(the)g(pro)s(cedure)h(and)f(the)h(en)m
(vironmen)m(t)f(at)g(the)g(p)s(oin)m(t)g(of)f(declaration.)47
b(This)283 5133 y(is)35 b(expressed)j(b)m(y)e(the)g(rule)e([call)1505
5148 y Fn(ns)1575 5133 y Fu(])h(of)g(T)-8 b(able)35 b(2.6.)51
b(In)35 b(the)h(case)g(where)g(the)g(pro)s(cedures)g(of)283
5254 y Fw(Pro)s(c)25 b Fu(are)h(assumed)g(to)f(b)s(e)h
Fs(r)-5 b(e)g(cursive)32 b Fu(w)m(e)27 b(ha)m(v)m(e)g(to)e(mak)m(e)g
(sure)i(that)e(o)s(ccurrences)i(of)e Fr(call)34 b Fs(p)283
5374 y Fu(inside)j(the)h(b)s(o)s(dy)f(of)g Fs(p)43 b
Fu(refer)37 b(to)g(the)h(pro)s(cedure)g(itself.)56 b(W)-8
b(e)37 b(shall)f(therefore)i(up)s(date)f(the)283 5494
y(pro)s(cedure)c(en)m(vironmen)m(t)g(to)e(con)m(tain)h(that)g
(information.)40 b(This)32 b(is)f(expressed)k(b)m(y)e(the)f(rule)p
eop
%%Page: 57 67
57 66 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
1998 b(57)p 0 193 3473 4 v 0 515 a Fu([call)175 479 y
Fn(rec)175 540 y(ns)268 515 y Fu(])28 b(of)f(T)-8 b(able)27
b(2.6.)42 b(The)28 b(remaining)d(axioms)i(and)h(rules)f(are)h(as)g(in)f
(T)-8 b(ables)28 b(2.5)f(\(without)0 636 y([call)175
600 y Fn(rec)175 660 y(ns)268 636 y Fu(]\))32 b(and)h(2.4.)43
b(\(Clearly)32 b(a)g(c)m(hoice)h(should)f(b)s(e)h(made)f(b)s(et)m(w)m
(een)j([call)2752 651 y Fn(ns)2822 636 y Fu(])d(or)g([call)3175
600 y Fn(rec)3175 660 y(ns)3268 636 y Fu(].\))0 880 y
Fw(Exercise)k(2.40)49 b Fu(Construct)36 b(a)d(statemen)m(t)i(that)f
(illustrates)e(the)j(di\013erence)g(b)s(et)m(w)m(een)h(the)0
1000 y(t)m(w)m(o)26 b(rules)g(for)f(pro)s(cedure)h(call)e(giv)m(en)i
(in)f(T)-8 b(able)25 b(2.6.)41 b(V)-8 b(alidate)23 b(y)m(our)k(claim)c
(b)m(y)j(constructing)0 1121 y(deriv)-5 b(ation)31 b(trees)j(for)e(the)
h(executions)g(of)f(the)h(statemen)m(t)g(from)f(a)g(suitable)g(state.)
274 b Fh(2)0 1363 y Fw(Exercise)36 b(2.41)49 b Fu(Use)43
b(the)f(seman)m(tics)g(to)g(v)m(erify)g(that)f(the)h(statemen)m(t)h(of)
e(Exercise)i(2.39)0 1483 y(assigns)33 b(the)g(exp)s(ected)h(v)-5
b(alue)32 b(to)g Fr(y)p Fu(.)2048 b Fh(2)0 1755 y Fw(Static)36
b(scop)s(e)i(rules)f(for)g(v)-6 b(ariables)0 1943 y Fu(W)e(e)34
b(shall)e(no)m(w)i(mo)s(dify)e(the)i(seman)m(tics)f(of)h
Fw(Pro)s(c)e Fu(to)h(sp)s(ecify)h(static)f(scop)s(e)i(rules)e(for)g(v)
-5 b(ari-)0 2064 y(ables)37 b(as)g(w)m(ell)f(as)h(pro)s(cedures.)57
b(T)-8 b(o)37 b(ac)m(hiev)m(e)h(this)e(w)m(e)i(shall)e(replace)g(the)i
(states)f(with)g(t)m(w)m(o)0 2184 y(mappings:)h(a)23
b Fs(variable)j(envir)-5 b(onment)32 b Fu(that)24 b(asso)s(ciates)g(a)f
Fs(lo)-5 b(c)g(ation)30 b Fu(with)24 b(eac)m(h)g(v)-5
b(ariable)22 b(and)0 2305 y(a)35 b Fs(stor)-5 b(e)42
b Fu(that)34 b(asso)s(ciates)h(a)g(v)-5 b(alue)34 b(with)h(eac)m(h)g
(lo)s(cation.)48 b(F)-8 b(ormally)g(,)33 b(w)m(e)j(de\014ne)g(a)e(v)-5
b(ariable)0 2425 y(en)m(vironmen)m(t)33 b Fs(env)717
2440 y Fc(V)810 2425 y Fu(as)f(an)h(elemen)m(t)f(of)244
2638 y Fw(En)m(v)436 2653 y Fn(V)526 2638 y Fu(=)h Fw(V)-9
b(ar)32 b Ft(!)g Fw(Lo)s(c)0 2851 y Fu(where)h Fw(Lo)s(c)f
Fu(is)f(a)g(set)i(of)e(lo)s(cations.)41 b(F)-8 b(or)31
b(the)h(sak)m(e)h(of)e(simplicit)m(y)e(w)m(e)k(shall)d(tak)m(e)j
Fw(Lo)s(c)e Fu(=)h Fw(Z)p Fu(.)0 2972 y(A)h(store)g Fs(sto)38
b Fu(is)32 b(an)h(elemen)m(t)f(of)244 3185 y Fw(Store)g
Fu(=)h Fw(Lo)s(c)f Ft([)h(f)g Fu(next)g Ft(g)f(!)h Fw(Z)0
3398 y Fu(where)i(`next')g(is)e(a)h(sp)s(ecial)f(tok)m(en)h(used)h(to)f
(hold)f(the)h(next)h(free)f(lo)s(cation.)45 b(W)-8 b(e)34
b(shall)e(need)0 3519 y(a)g(function)244 3732 y(new:)44
b Fw(Lo)s(c)33 b Ft(!)f Fw(Lo)s(c)0 3945 y Fu(that)37
b(giv)m(en)h(a)g(lo)s(cation)d(will)g(pro)s(duce)k(the)f(next)g(one.)59
b(In)38 b(our)g(case)g(where)h Fw(Lo)s(c)f Fu(is)f Fw(Z)h
Fu(w)m(e)0 4065 y(tak)m(e)33 b(`new')h(to)e(b)s(e)h(the)g(successor)i
(function)d(on)h(the)g(in)m(tegers.)146 4188 y(So)44
b(rather)f(than)h(ha)m(ving)f(a)g(single)f(mapping)g
Fs(s)52 b Fu(from)42 b(v)-5 b(ariables)42 b(to)h(v)-5
b(alues)44 b(w)m(e)g(ha)m(v)m(e)0 4308 y(split)33 b(it)g(in)m(to)h(t)m
(w)m(o)h(mappings)e Fs(env)1301 4323 y Fc(V)1395 4308
y Fu(and)i Fs(sto)40 b Fu(and)35 b(the)f(idea)g(is)g(that)g
Fs(s)42 b Fu(=)34 b Fs(sto)41 b Ft(\016)34 b Fs(env)3226
4323 y Fc(V)3286 4308 y Fu(.)48 b(T)-8 b(o)0 4428 y(determine)32
b(the)h(v)-5 b(alue)32 b(of)g(a)h(v)-5 b(ariable)30 b
Fs(x)45 b Fu(w)m(e)33 b(shall)f(\014rst)145 4642 y Ft(\017)49
b Fu(determine)32 b(the)h(lo)s(cation)d Fs(l)43 b Fu(=)32
b Fs(env)1570 4657 y Fc(V)1663 4642 y Fs(x)44 b Fu(asso)s(ciated)33
b(with)f Fs(x)44 b Fu(and)33 b(then)145 4855 y Ft(\017)49
b Fu(determine)32 b(the)h(v)-5 b(alue)32 b Fs(sto)39
b(l)k Fu(asso)s(ciated)32 b(with)g(the)h(lo)s(cation)d
Fs(l)10 b Fu(.)0 5068 y(Similarly)-8 b(,)29 b(to)j(assign)g(a)g(v)-5
b(alue)32 b Fs(v)43 b Fu(to)33 b(a)f(v)-5 b(ariable)31
b Fs(x)44 b Fu(w)m(e)34 b(shall)d(\014rst)145 5281 y
Ft(\017)49 b Fu(determine)32 b(the)h(lo)s(cation)d Fs(l)43
b Fu(=)32 b Fs(env)1570 5296 y Fc(V)1663 5281 y Fs(x)44
b Fu(asso)s(ciated)33 b(with)f Fs(x)44 b Fu(and)33 b(then)145
5494 y Ft(\017)49 b Fu(up)s(date)33 b(the)g(store)g(to)f(ha)m(v)m(e)i
Fs(sto)39 b(l)j Fu(=)33 b Fs(v)11 b Fu(.)p eop
%%Page: 58 68
58 67 bop 251 130 a Fw(58)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1119
4 700 v 562 605 a Fu([v)-5 b(ar)722 620 y Fn(ns)793 605
y Fu(])1195 519 y Ft(h)p Fs(D)1317 534 y Fc(V)1378 519
y Fu(,)32 b Fs(env)1593 534 y Fc(V)1653 519 y Fu([)p
Fs(x)12 b Ft(7!)p Fs(l)e Fu(],)33 b Fs(sto)6 b Fu([)p
Fs(l)k Ft(7!)p Fs(v)h Fu(][next)p Ft(7!)p Fu(new)34 b
Fs(l)10 b Fu(])p Ft(i)33 b(!)3079 534 y Fc(D)3176 519
y Fu(\()p Fs(env)3370 483 y Fi(0)3370 543 y Fc(V)3430
519 y Fu(,)f Fs(sto)3617 483 y Fi(0)3641 519 y Fu(\))p
1195 582 2484 4 v 1465 687 a Ft(h)o Fr(var)i Fs(x)44
b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)2114 702 y Fc(V)2175
687 y Fu(,)g Fs(env)2391 702 y Fc(V)2451 687 y Fu(,)g
Fs(sto)6 b Ft(i)32 b(!)2810 702 y Fc(D)2906 687 y Fu(\()p
Fs(env)3100 650 y Fi(0)3100 711 y Fc(V)3160 687 y Fu(,)h
Fs(sto)3348 650 y Fi(0)3371 687 y Fu(\))1454 843 y(where)h
Fs(v)43 b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)2516 858 y Fc(V)2576
843 y Fu(\))33 b(and)f Fs(l)43 b Fu(=)32 b Fs(sto)39
b Fu(next)562 1058 y([none)789 1073 y Fn(ns)861 1058
y Fu(])297 b Ft(h)p Fo(")p Fu(,)32 b Fs(env)1485 1073
y Fc(V)1545 1058 y Fu(,)h Fs(sto)6 b Ft(i)32 b(!)1904
1073 y Fc(D)2000 1058 y Fu(\()p Fs(env)2194 1073 y Fc(V)2254
1058 y Fu(,)h Fs(sto)6 b Fu(\))p 3753 1119 4 700 v 283
1122 3473 4 v 542 1283 a(T)-8 b(able)32 b(2.7:)43 b(Natural)31
b(seman)m(tics)i(for)f(v)-5 b(ariable)31 b(declarations)g(using)i(lo)s
(cations)430 1570 y(The)44 b(initial)39 b(v)-5 b(ariable)41
b(en)m(vironmen)m(t)j(could)e(for)g(example)h(map)f(all)f(v)-5
b(ariables)42 b(to)g(the)283 1690 y(lo)s(cation)35 b
Fw(0)i Fu(and)h(the)f(initial)d(store)j(could)g(for)f(example)h(map)f
(`next')j(to)d Fw(1)p Fu(.)58 b(The)38 b(v)-5 b(ariable)283
1810 y(en)m(vironmen)m(t)23 b(\(and)g(the)g(store\))g(is)f(up)s(dated)h
(b)m(y)g(the)g(v)-5 b(ariable)21 b(declarations.)39 b(The)23
b(transition)283 1931 y(system)34 b(for)e(v)-5 b(ariable)31
b(declarations)g(is)h(therefore)i(mo)s(di\014ed)d(to)h(ha)m(v)m(e)i
(the)f(form)527 2139 y Ft(h)p Fs(D)649 2154 y Fc(V)710
2139 y Fu(,)g Fs(env)926 2154 y Fc(V)986 2139 y Fu(,)f
Fs(sto)6 b Ft(i)33 b(!)1344 2154 y Fc(D)1441 2139 y Fu(\()p
Fs(env)1635 2102 y Fi(0)1635 2163 y Fc(V)1695 2139 y
Fu(,)g Fs(sto)1883 2102 y Fi(0)1906 2139 y Fu(\))283
2346 y(b)s(ecause)g(a)d(v)-5 b(ariable)30 b(declaration)f(will)g(mo)s
(dify)g(the)i(v)-5 b(ariable)30 b(en)m(vironmen)m(t)h(as)g(w)m(ell)f
(as)h(the)283 2467 y(store.)42 b(The)25 b(relation)e(is)h(de\014ned)i
(in)e(T)-8 b(able)24 b(2.7.)40 b(Note)25 b(that)g(w)m(e)g(use)h(`)p
Fs(sto)k Fu(next')c(to)e(determine)283 2587 y(the)33
b(lo)s(cation)d Fs(l)43 b Fu(to)32 b(b)s(e)g(asso)s(ciated)g(with)g
Fs(x)44 b Fu(in)32 b(the)h(v)-5 b(ariable)30 b(en)m(vironmen)m(t.)44
b(Also)32 b(the)g(store)283 2708 y(is)j(up)s(dated)h(to)f(hold)g(the)g
(correct)h(v)-5 b(alue)35 b(for)g Fs(l)45 b Fu(as)36
b(w)m(ell)f(as)g(`next'.)53 b(Finally)33 b(note)i(that)g(the)283
2828 y(declared)e(v)-5 b(ariables)32 b(will)e(get)i(p)s(ositiv)m(e)g
(lo)s(cations.)430 2949 y(T)-8 b(o)37 b(obtain)g(static)g(scoping)h
(for)f(v)-5 b(ariables)36 b(w)m(e)j(shall)d(extend)j(the)f(pro)s
(cedure)h(en)m(viron-)283 3070 y(men)m(t)28 b(to)f(hold)g(the)h(v)-5
b(ariable)26 b(en)m(vironmen)m(t)i(at)g(the)g(p)s(oin)m(t)f(of)g
(declaration.)40 b(Therefore)29 b Fs(env)3698 3085 y
Fc(P)283 3190 y Fu(will)i(no)m(w)i(b)s(e)g(an)f(elemen)m(t)h(of)527
3398 y Fw(En)m(v)719 3413 y Fn(P)804 3398 y Fu(=)f Fw(Pname)h
Fo(,)-17 b Ft(!)32 b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959
3413 y Fn(V)2049 3398 y Ft(\002)g Fw(En)m(v)2351 3413
y Fn(P)283 3606 y Fu(The)41 b(pro)s(cedure)g(en)m(vironmen)m(t)f(is)g
(up)s(dated)g(b)m(y)h(the)f(pro)s(cedure)h(declarations)e(as)h(b)s
(efore,)283 3726 y(the)d(only)e(di\013erence)i(b)s(eing)e(that)h(the)g
(curren)m(t)h(v)-5 b(ariable)34 b(en)m(vironmen)m(t)j(is)e(supplied)h
(as)g(an)283 3846 y(additional)30 b(parameter.)43 b(The)34
b(function)e(up)s(d)1996 3861 y Fn(P)2081 3846 y Fu(is)g(no)m(w)h
(de\014ned)h(b)m(y:)527 4054 y(up)s(d)692 4069 y Fn(P)745
4054 y Fu(\()p Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)12
b Fu(;)32 b Fs(D)1453 4069 y Fc(P)1512 4054 y Fu(,)h
Fs(env)1728 4069 y Fc(V)1788 4054 y Fu(,)f Fs(env)2003
4069 y Fc(P)2061 4054 y Fu(\))h(=)764 4222 y(up)s(d)929
4237 y Fn(P)981 4222 y Fu(\()p Fs(D)1102 4237 y Fc(P)1161
4222 y Fu(,)f Fs(env)1376 4237 y Fc(V)1436 4222 y Fu(,)h
Fs(env)1652 4237 y Fc(P)1710 4222 y Fu([)p Fs(p)6 b Ft(7!)o
Fu(\()p Fs(S)12 b Fu(,)33 b Fs(env)2213 4237 y Fc(V)2273
4222 y Fu(,)g Fs(env)2489 4237 y Fc(P)2546 4222 y Fu(\)]\))527
4389 y(up)s(d)692 4404 y Fn(P)745 4389 y Fu(\()p Fo(")o
Fu(,)g Fs(env)1044 4404 y Fc(V)1104 4389 y Fu(,)g Fs(env)1320
4404 y Fc(P)1378 4389 y Fu(\))f(=)g Fs(env)1712 4404
y Fc(P)430 4597 y Fu(Finally)-8 b(,)30 b(the)j(transition)e(system)i
(for)f(statemen)m(ts)i(will)c(ha)m(v)m(e)k(the)f(form:)527
4805 y Fs(env)683 4820 y Fc(V)743 4805 y Fu(,)g Fs(env)959
4820 y Fc(P)1049 4805 y Ft(`)g(h)p Fs(S)12 b Fu(,)32
b Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)1768 4769 y Fi(0)283
5013 y Fu(so)26 b(giv)m(en)g(a)g(v)-5 b(ariable)24 b(en)m(vironmen)m(t)
i(and)g(a)g(pro)s(cedure)g(en)m(vironmen)m(t)h(w)m(e)f(get)g(a)g
(relationship)283 5133 y(b)s(et)m(w)m(een)37 b(an)d(initial)c(store)k
(and)h(a)e(\014nal)h(store.)48 b(The)35 b(mo)s(di\014cation)d(of)h(T)-8
b(ables)34 b(2.5)g(and)g(2.6)283 5254 y(is)h(rather)f(straigh)m(tforw)m
(ard)g(and)h(is)f(giv)m(en)h(in)f(T)-8 b(able)34 b(2.8.)50
b(Note)34 b(that)h(in)f(the)h(new)g(rule)f(for)283 5374
y(blo)s(c)m(ks)d(there)g(is)f(no)g(analogue)g(of)g Fs(s)1615
5338 y Fi(00)1657 5374 y Fu([D)m(V\()p Fs(D)1950 5389
y Fc(V)2011 5374 y Fu(\))p Ft(7\000)-16 b(!)o Fs(s)8
b Fu(])31 b(as)g(the)f(v)-5 b(alues)31 b(of)f(v)-5 b(ariables)29
b(only)h(can)283 5494 y(b)s(e)j(obtained)f(b)m(y)i(accessing)f(the)g
(en)m(vironmen)m(t.)p eop
%%Page: 59 69
59 68 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
1998 b(59)p 0 193 3473 4 v 0 510 V 0 5220 4 4710 v 193
620 a Fu([ass)345 635 y Fn(ns)417 620 y Fu(])254 b Fs(env)854
635 y Fc(V)914 620 y Fu(,)32 b Fs(env)1129 635 y Fc(P)1220
620 y Ft(`)g(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33
b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)6 b Fu([)p Fs(l)k Ft(7!)p
Fs(v)h Fu(])934 787 y(where)34 b Fs(l)43 b Fu(=)32 b
Fs(env)1548 802 y Fc(V)1641 787 y Fs(x)44 b Fu(and)33
b Fs(v)43 b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b
Fu(])-17 b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)2700
802 y Fc(V)2760 787 y Fu(\))193 1002 y([skip)391 1017
y Fn(ns)462 1002 y Fu(])209 b Fs(env)854 1017 y Fc(V)914
1002 y Fu(,)32 b Fs(env)1129 1017 y Fc(P)1220 1002 y
Ft(`)g(h)p Fr(skip)p Fu(,)i Fs(sto)6 b Ft(i)32 b(!)g
Fs(sto)193 1294 y Fu([comp)448 1309 y Fn(ns)519 1294
y Fu(])708 1207 y Fs(env)864 1222 y Fc(V)924 1207 y Fu(,)g
Fs(env)1139 1222 y Fc(P)1230 1207 y Ft(`)g(h)p Fs(S)1429
1222 y Fn(1)1468 1207 y Fu(,)h Fs(sto)6 b Ft(i)32 b(!)g
Fs(sto)1987 1171 y Fi(0)2011 1207 y Fu(,)65 b Fs(env)2259
1222 y Fc(V)2319 1207 y Fu(,)33 b Fs(env)2535 1222 y
Fc(P)2625 1207 y Ft(`)f(h)p Fs(S)2824 1222 y Fn(2)2864
1207 y Fu(,)g Fs(sto)3051 1171 y Fi(0)3075 1207 y Ft(i)g(!)g
Fs(sto)3406 1171 y Fi(00)p 708 1270 2741 4 v 1350 1375
a Fs(env)1506 1390 y Fc(V)1566 1375 y Fu(,)h Fs(env)1782
1390 y Fc(P)1872 1375 y Ft(`)g(h)p Fs(S)2072 1390 y Fn(1)2111
1375 y Fu(;)p Fs(S)2205 1390 y Fn(2)2244 1375 y Fu(,)g
Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)2763 1339 y Fi(00)193
1656 y Fu([if)278 1620 y Fn(tt)278 1680 y(ns)348 1656
y Fu(])1124 1569 y Fs(env)1280 1584 y Fc(V)1340 1569
y Fu(,)h Fs(env)1556 1584 y Fc(P)1646 1569 y Ft(`)f(h)p
Fs(S)1845 1584 y Fn(1)1884 1569 y Fu(,)h Fs(sto)6 b Ft(i)32
b(!)h Fs(sto)2404 1533 y Fi(0)p 708 1633 2136 4 v 708
1737 a Fs(env)864 1752 y Fc(V)924 1737 y Fu(,)f Fs(env)1139
1752 y Fc(P)1230 1737 y Ft(`)g(h)p Fr(if)h Fs(b)38 b
Fr(then)c Fs(S)1885 1752 y Fn(1)1957 1737 y Fr(else)f
Fs(S)2261 1752 y Fn(2)2301 1737 y Fu(,)f Fs(sto)6 b Ft(i)33
b(!)f Fs(sto)2820 1701 y Fi(0)934 1894 y Fu(if)f Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
b Ft(\016)p Fs(env)1590 1909 y Fc(V)1650 1894 y Fu(\))32
b(=)h Fw(tt)193 2185 y Fu([if)278 2149 y Fn(\013)278
2210 y(ns)348 2185 y Fu(])1124 2099 y Fs(env)1280 2114
y Fc(V)1340 2099 y Fu(,)g Fs(env)1556 2114 y Fc(P)1646
2099 y Ft(`)f(h)p Fs(S)1845 2114 y Fn(2)1884 2099 y Fu(,)h
Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)2404 2063 y Fi(0)p 708
2162 V 708 2267 a Fs(env)864 2282 y Fc(V)924 2267 y Fu(,)f
Fs(env)1139 2282 y Fc(P)1230 2267 y Ft(`)g(h)p Fr(if)h
Fs(b)38 b Fr(then)c Fs(S)1885 2282 y Fn(1)1957 2267 y
Fr(else)f Fs(S)2261 2282 y Fn(2)2301 2267 y Fu(,)f Fs(sto)6
b Ft(i)33 b(!)f Fs(sto)2820 2231 y Fi(0)934 2423 y Fu(if)f
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
b Ft(\016)p Fs(env)1590 2438 y Fc(V)1650 2423 y Fu(\))32
b(=)h Fw(\013)193 2832 y Fu([while)443 2796 y Fn(tt)443
2857 y(ns)513 2832 y Fu(])969 2637 y Fs(env)1125 2652
y Fc(V)1185 2637 y Fu(,)g Fs(env)1401 2652 y Fc(P)1491
2637 y Ft(`)g(h)o Fs(S)12 b Fu(,)33 b Fs(sto)6 b Ft(i)32
b(!)g Fs(sto)2209 2601 y Fi(0)2233 2637 y Fu(,)708 2746
y Fs(env)864 2761 y Fc(V)924 2746 y Fu(,)g Fs(env)1139
2761 y Fc(P)1230 2746 y Ft(`)g(h)p Fr(while)i Fs(b)k
Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(sto)2124 2710 y Fi(0)2147
2746 y Ft(i)f(!)h Fs(sto)2479 2710 y Fi(00)p 708 2809
1814 4 v 719 2914 a Fs(env)875 2929 y Fc(V)935 2914 y
Fu(,)g Fs(env)1151 2929 y Fc(P)1241 2914 y Ft(`)g(h)p
Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(sto)6
b Ft(i)33 b(!)f Fs(sto)2467 2878 y Fi(00)934 3070 y Fu(if)f
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
b Ft(\016)p Fs(env)1590 3085 y Fc(V)1650 3070 y Fu(\))32
b(=)h Fw(tt)193 3285 y Fu([while)443 3249 y Fn(\013)443
3310 y(ns)513 3285 y Fu(])158 b Fs(env)854 3300 y Fc(V)914
3285 y Fu(,)32 b Fs(env)1129 3300 y Fc(P)1220 3285 y
Ft(`)g(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)934 3453 y Fu(if)f
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
b Ft(\016)p Fs(env)1590 3468 y Fc(V)1650 3453 y Fu(\))32
b(=)h Fw(\013)193 3862 y Fu([blo)s(c)m(k)445 3877 y Fn(ns)516
3862 y Fu(])1040 3666 y Ft(h)p Fs(D)1162 3681 y Fc(V)1223
3666 y Fu(,)f Fs(env)1438 3681 y Fc(V)1499 3666 y Fu(,)g
Fs(sto)6 b Ft(i)33 b(!)1857 3681 y Fc(D)1954 3666 y Fu(\()p
Fs(env)2148 3630 y Fi(0)2148 3691 y Fc(V)2208 3666 y
Fu(,)f Fs(sto)2395 3630 y Fi(0)2419 3666 y Fu(\),)1109
3775 y Fs(env)1265 3739 y Fi(0)1265 3800 y Fc(V)1325
3775 y Fu(,)h Fs(env)1541 3739 y Fi(0)1541 3800 y Fc(P)1631
3775 y Ft(`)f(h)p Fs(S)12 b Fu(,)33 b Fs(sto)2018 3739
y Fi(0)2041 3775 y Ft(i)f(!)h Fs(sto)2373 3739 y Fi(00)p
708 3838 2109 4 v 708 3943 a Fs(env)864 3958 y Fc(V)924
3943 y Fu(,)f Fs(env)1139 3958 y Fc(P)1230 3943 y Ft(`)g(h)p
Fr(begin)i Fs(D)1734 3958 y Fc(V)1827 3943 y Fs(D)1910
3958 y Fc(P)2001 3943 y Fs(S)45 b Fr(end)p Fu(,)33 b
Fs(sto)6 b Ft(i)33 b(!)f Fs(sto)2774 3907 y Fi(00)934
4100 y Fu(where)i Fs(env)1372 4063 y Fi(0)1372 4124 y
Fc(P)1462 4100 y Fu(=)f(up)s(d)1736 4115 y Fn(P)1788
4100 y Fu(\()p Fs(D)1909 4115 y Fc(P)1968 4100 y Fu(,)f
Fs(env)2183 4063 y Fi(0)2183 4124 y Fc(V)2243 4100 y
Fu(,)h Fs(env)2459 4115 y Fc(P)2517 4100 y Fu(\))193
4391 y([call)368 4406 y Fn(ns)437 4391 y Fu(])821 4305
y Fs(env)977 4269 y Fi(0)977 4330 y Fc(V)1037 4305 y
Fu(,)g Fs(env)1253 4269 y Fi(0)1253 4330 y Fc(P)1343
4305 y Ft(`)g(h)o Fs(S)12 b Fu(,)33 b Fs(sto)6 b Ft(i)32
b(!)g Fs(sto)2061 4269 y Fi(0)p 708 4368 1491 4 v 708
4473 a Fs(env)864 4488 y Fc(V)924 4473 y Fu(,)g Fs(env)1139
4488 y Fc(P)1230 4473 y Ft(`)g(h)p Fr(call)i Fs(p)6 b
Fu(,)32 b Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)2175 4437 y
Fi(0)934 4629 y Fu(where)h Fs(env)1372 4644 y Fc(P)1462
4629 y Fs(p)39 b Fu(=)32 b(\()p Fs(S)12 b Fu(,)32 b Fs(env)1979
4593 y Fi(0)1979 4654 y Fc(V)2039 4629 y Fu(,)h Fs(env)2255
4593 y Fi(0)2255 4654 y Fc(P)2313 4629 y Fu(\))193 4921
y([call)368 4885 y Fn(rec)368 4946 y(ns)461 4921 y Fu(])708
4835 y Fs(env)864 4798 y Fi(0)864 4859 y Fc(V)924 4835
y Fu(,)f Fs(env)1139 4798 y Fi(0)1139 4859 y Fc(P)1197
4835 y Fu([)p Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 b Fu(,)32
b Fs(env)1700 4798 y Fi(0)1700 4859 y Fc(V)1760 4835
y Fu(,)h Fs(env)1976 4798 y Fi(0)1976 4859 y Fc(P)2034
4835 y Fu(\)])f Ft(`)h(h)p Fs(S)12 b Fu(,)32 b Fs(sto)6
b Ft(i)32 b(!)h Fs(sto)2850 4798 y Fi(0)p 708 4898 2166
4 v 1045 5003 a Fs(env)1201 5018 y Fc(V)1261 5003 y Fu(,)g
Fs(env)1477 5018 y Fc(P)1567 5003 y Ft(`)g(h)o Fr(call)h
Fs(p)6 b Fu(,)33 b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)2512
4966 y Fi(0)934 5159 y Fu(where)i Fs(env)1372 5174 y
Fc(P)1462 5159 y Fs(p)39 b Fu(=)32 b(\()p Fs(S)12 b Fu(,)32
b Fs(env)1979 5123 y Fi(0)1979 5184 y Fc(V)2039 5159
y Fu(,)h Fs(env)2255 5123 y Fi(0)2255 5184 y Fc(P)2313
5159 y Fu(\))p 3469 5220 4 4710 v 0 5223 3473 4 v 420
5384 a(T)-8 b(able)32 b(2.8:)44 b(Natural)31 b(seman)m(tics)i(for)f
Fw(Pro)s(c)g Fu(with)g(static)g(scop)s(e)h(rules)p eop
%%Page: 60 70
60 69 bop 251 130 a Fw(60)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.42)49
b Fu(Apply)23 b(the)h(natural)f(seman)m(tics)h(of)f(T)-8
b(able)23 b(2.8)g(to)g(the)h(factorial)d(statemen)m(t)283
636 y(of)33 b(Exercise)h(2.38)d(and)i(a)f(store)h(where)h(the)f(lo)s
(cation)d(for)i Fr(x)h Fu(has)g(the)g(v)-5 b(alue)32
b Fw(3)p Fu(.)456 b Fh(2)283 830 y Fw(Exercise)37 b(2.43)49
b Fu(V)-8 b(erify)24 b(that)h(the)g(seman)m(tics)g(applied)e(to)i(the)g
(statemen)m(t)g(of)f(Exercise)i(2.39)283 950 y(giv)m(es)33
b(the)g(exp)s(ected)i(result.)2318 b Fh(2)283 1144 y
Fw(Exercise)37 b(2.44)49 b Fu(*)38 b(An)h(alternativ)m(e)g(seman)m
(tics)g(of)f(the)h(language)f Fw(While)f Fu(is)i(de\014ned)h(b)m(y)283
1264 y(the)30 b(axioms)e(and)h(rules)g([ass)1341 1279
y Fn(ns)1413 1264 y Fu(],)h([skip)1695 1279 y Fn(ns)1766
1264 y Fu(],)g([comp)2105 1279 y Fn(ns)2176 1264 y Fu(],)g([if)2345
1228 y Fn(tt)2345 1289 y(ns)2415 1264 y Fu(],)g([if)2584
1228 y Fn(\013)2584 1289 y(ns)2654 1264 y Fu(],)g([while)2988
1228 y Fn(tt)2988 1289 y(ns)3059 1264 y Fu(])f(and)g([while)3551
1228 y Fn(\013)3551 1289 y(ns)3621 1264 y Fu(])g(of)283
1384 y(T)-8 b(able)35 b(2.8.)50 b(F)-8 b(orm)m(ulate)33
b(and)i(pro)m(v)m(e)i(the)e(equiv)-5 b(alence)35 b(b)s(et)m(w)m(een)i
(this)e(seman)m(tics)g(and)g(that)283 1505 y(of)e(T)-8
b(able)32 b(2.1.)2866 b Fh(2)283 1699 y Fw(Exercise)37
b(2.45)49 b Fu(Mo)s(dify)40 b(the)i(syn)m(tax)h(of)e(pro)s(cedure)h
(declarations)e(so)h(that)g(pro)s(cedures)283 1819 y(tak)m(e)34
b(t)m(w)m(o)f Fs(c)-5 b(al)5 b(l-by-value)39 b Fu(parameters:)527
1996 y Fs(D)610 2011 y Fc(P)702 1996 y Fu(::=)32 b Fr(proc)i
Fs(p)6 b Fu(\()p Fs(x)1253 2011 y Fn(1)1292 1996 y Fu(,)p
Fs(x)1376 2011 y Fn(2)1415 1996 y Fu(\))33 b Fr(is)g
Fs(S)12 b Fu(;)32 b Fs(D)1830 2011 y Fc(P)1921 1996 y
Ft(j)g Fo(")527 2164 y Fs(S)45 b Fu(::=)32 b Ft(\001)17
b(\001)g(\001)31 b(j)h Fr(call)i Fs(p)6 b Fu(\()p Fs(a)1387
2179 y Fn(1)1426 2164 y Fu(,)p Fs(a)1510 2179 y Fn(2)1550
2164 y Fu(\))283 2342 y(Pro)s(cedure)34 b(en)m(vironmen)m(ts)g(will)c
(no)m(w)j(b)s(e)g(elemen)m(ts)g(of)527 2519 y Fw(En)m(v)719
2534 y Fn(P)804 2519 y Fu(=)f Fw(Pname)h Fo(,)-17 b Ft(!)32
b Fw(V)-9 b(ar)32 b Ft(\002)h Fw(V)-9 b(ar)32 b Ft(\002)h
Fw(Stm)f Ft(\002)h Fw(En)m(v)2595 2534 y Fn(V)2686 2519
y Ft(\002)g Fw(En)m(v)2988 2534 y Fn(P)283 2697 y Fu(Mo)s(dify)g(the)h
(seman)m(tics)g(giv)m(en)g(ab)s(o)m(v)m(e)g(to)g(handle)f(this)g
(language.)46 b(In)33 b(particular,)g(pro)m(vide)283
2817 y(new)42 b(rules)g(for)e(pro)s(cedure)i(calls:)59
b(one)42 b(for)e(non-recursiv)m(e)j(pro)s(cedures)f(and)f(another)g
(for)283 2937 y(recursiv)m(e)c(pro)s(cedures.)52 b(Construct)37
b(statemen)m(ts)f(that)f(illustrate)e(ho)m(w)i(the)h(new)g(rules)f(are)
283 3058 y(used.)3182 b Fh(2)283 3252 y Fw(Exercise)37
b(2.46)49 b Fu(No)m(w)27 b(consider)g(the)h(language)e
Fw(Pro)s(c)g Fu(and)h(the)g(task)h(of)e(ac)m(hieving)g
Fs(mutual)283 3372 y(r)-5 b(e)g(cursion)p Fu(.)43 b(The)34
b(pro)s(cedure)g(en)m(vironmen)m(t)e(is)h(no)m(w)g(de\014ned)h(to)e(b)s
(e)h(an)f(elemen)m(t)h(of)527 3549 y Fw(En)m(v)719 3564
y Fn(P)804 3549 y Fu(=)f Fw(Pname)h Fo(,)-17 b Ft(!)32
b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959 3564 y Fn(V)2049
3549 y Ft(\002)g Fw(En)m(v)2351 3564 y Fn(P)2436 3549
y Ft(\002)g Fw(Dec)2733 3564 y Fn(P)283 3727 y Fu(The)49
b(idea)e(is)h(that)g(if)e Fs(env)1321 3742 y Fc(P)1427
3727 y Fs(p)54 b Fu(=)47 b(\()p Fs(S)12 b Fu(,)48 b Fs(env)1990
3691 y Fi(0)1990 3752 y Fc(V)2050 3727 y Fu(,)k Fs(env)2285
3691 y Fi(0)2285 3752 y Fc(P)2343 3727 y Fu(,)f Fo(D)2505
3691 y Fc(?)2502 3752 y(P)2561 3727 y Fu(\))d(then)g
Fo(D)2968 3691 y Fc(?)2965 3752 y(P)3072 3727 y Fu(con)m(tains)g(all)d
(the)283 3847 y(pro)s(cedure)34 b(declarations)d(that)i(are)f(made)h
(in)e(the)i(same)g(blo)s(c)m(k)f(as)h Fs(p)6 b Fu(.)43
b(De\014ne)33 b(up)s(d)3409 3811 y Fi(0)3409 3872 y Fc(P)3501
3847 y Fu(b)m(y)527 4025 y(up)s(d)692 3989 y Fi(0)692
4049 y Fc(P)751 4025 y Fu(\()p Fr(proc)h Fs(p)k Fr(is)33
b Fs(S)12 b Fu(;)33 b Fs(D)1460 4040 y Fc(P)1518 4025
y Fu(,)g Fs(env)1734 4040 y Fc(V)1794 4025 y Fu(,)g Fs(env)2010
4040 y Fc(P)2068 4025 y Fu(,)f Fo(D)2211 3989 y Fc(?)2208
4049 y(P)2267 4025 y Fu(\))g(=)796 4192 y(up)s(d)961
4156 y Fi(0)961 4217 y Fc(P)1020 4192 y Fu(\()p Fs(D)1141
4207 y Fc(P)1200 4192 y Fu(,)g Fs(env)1415 4207 y Fc(V)1475
4192 y Fu(,)h Fs(env)1691 4207 y Fc(P)1749 4192 y Fu([)p
Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 b Fu(,)32 b Fs(env)2252
4207 y Fc(V)2312 4192 y Fu(,)h Fs(env)2528 4207 y Fc(P)2586
4192 y Fu(,)p Fo(D)2697 4156 y Fc(?)2694 4217 y(P)2752
4192 y Fu(\)],)g Fo(D)2961 4156 y Fc(?)2958 4217 y(P)3017
4192 y Fu(\))527 4360 y(up)s(d)692 4324 y Fi(0)692 4385
y Fc(P)751 4360 y Fu(\()p Fo(")p Fu(,)g Fs(env)1051 4375
y Fc(V)1111 4360 y Fu(,)f Fs(env)1326 4375 y Fc(P)1384
4360 y Fu(,)p Fo(D)1495 4324 y Fc(?)1492 4385 y(P)1551
4360 y Fu(\))g(=)h Fs(env)1886 4375 y Fc(P)283 4538 y
Fu(Next)h(rede\014ne)g(up)s(d)1050 4553 y Fc(P)1141 4538
y Fu(b)m(y)527 4715 y(up)s(d)692 4730 y Fc(P)751 4715
y Fu(\()p Fs(D)872 4730 y Fc(P)931 4715 y Fu(,)f Fs(env)1147
4730 y Fc(V)1207 4715 y Fu(,)f Fs(env)1422 4730 y Fc(P)1480
4715 y Fu(\))h(=)f(up)s(d)1824 4679 y Fi(0)1824 4740
y Fc(P)1883 4715 y Fu(\()p Fs(D)2004 4730 y Fc(P)2063
4715 y Fu(,)g Fs(env)2278 4730 y Fc(V)2338 4715 y Fu(,)h
Fs(env)2554 4730 y Fc(P)2612 4715 y Fu(,)f Fs(D)2754
4730 y Fc(P)2813 4715 y Fu(\))283 4893 y(Mo)s(dify)d(the)i(seman)m
(tics)e(of)g Fw(Pro)s(c)g Fu(so)h(as)g(to)f(obtain)g(m)m(utual)f
(recursion)i(among)e(pro)s(cedures)283 5013 y(de\014ned)33
b(in)e(the)h(same)f(blo)s(c)m(k.)43 b(Illustrate)31 b(ho)m(w)h(the)g
(new)g(rules)f(are)h(used)h(on)e(an)g(in)m(teresting)283
5133 y(statemen)m(t)j(of)e(y)m(our)h(c)m(hoice.)430 5254
y(\(Hin)m(t:)39 b(Con)m(vince)26 b(y)m(ourself,)g(that)f([call)1899
5218 y Fn(rec)1899 5278 y(ns)1992 5254 y Fu(])f(is)g(the)i(only)e(rule)
g(that)g(needs)j(to)d(b)s(e)h(c)m(hanged;)283 5374 y(then)36
b(consider)g(whether)h(or)e(not)g(the)h(function)f(up)s(d)2287
5389 y Fc(P)2381 5374 y Fu(migh)m(t)f(b)s(e)i(useful)f(in)g(the)g(new)i
(de\014-)283 5494 y(nition)31 b(of)h([call)851 5458 y
Fn(rec)851 5519 y(ns)944 5494 y Fu(].\))2645 b Fh(2)p
eop
%%Page: 61 71
61 70 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
1998 b(61)p 0 193 3473 4 v 0 515 a(Exercise)36 b(2.47)49
b Fu(W)-8 b(e)46 b(shall)e(consider)i(a)f(v)-5 b(arian)m(t)45
b(of)g(the)h(seman)m(tics)f(where)i(w)m(e)g(use)f(the)0
636 y(v)-5 b(ariable)45 b(en)m(vironmen)m(t)i(rather)f(than)h(the)g
(store)g(to)f(hold)g(the)h(next)g(free)g(lo)s(cation.)83
b(So)0 756 y(assume)33 b(that)244 960 y Fw(En)m(v)436
975 y Fn(V)526 960 y Fu(=)g Fw(V)-9 b(ar)32 b Ft([)h(f)f
Fu(next)h Ft(g)g(!)f Fw(Lo)s(c)0 1163 y Fu(and)244 1366
y Fw(Store)g Fu(=)h Fw(Lo)s(c)f Ft(!)h Fw(Z)0 1570 y
Fu(As)j(b)s(efore)f(w)m(e)h(shall)d(write)i Fs(sto)41
b Ft(\016)35 b Fs(env)1474 1585 y Fc(V)1569 1570 y Fu(for)f(the)i
(state)f(obtained)g(b)m(y)h(\014rst)f(using)g Fs(env)3291
1585 y Fc(V)3386 1570 y Fu(to)0 1690 y(\014nd)29 b(the)f(lo)s(cation)e
(of)h(the)i(v)-5 b(ariable)26 b(and)i(then)h Fs(sto)34
b Fu(to)27 b(\014nd)i(the)f(v)-5 b(alue)28 b(of)f(the)i(lo)s(cation.)39
b(The)0 1811 y(clauses)33 b(of)f(T)-8 b(able)33 b(2.7)f(are)g(no)m(w)i
(replaced)e(b)m(y)254 1996 y Ft(h)p Fs(D)376 2011 y Fc(V)437
1996 y Fu(,)g Fs(env)652 2011 y Fc(V)712 1996 y Fu([)p
Fs(x)12 b Ft(7!)p Fs(l)e Fu(][next)p Ft(7!)q Fu(new)33
b Fs(l)10 b Fu(],)33 b Fs(sto)6 b Fu([)p Fs(l)k Ft(7!)p
Fs(v)h Fu(])p Ft(i)32 b(!)2138 2011 y Fc(D)2234 1996
y Fu(\()p Fs(env)2428 1960 y Fi(0)2428 2021 y Fc(V)2488
1996 y Fu(,)h Fs(sto)2676 1960 y Fi(0)2700 1996 y Fu(\))p
254 2059 2484 4 v 523 2164 a Ft(h)p Fr(var)g Fs(x)45
b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)1173 2179 y Fc(V)1234
2164 y Fu(,)g Fs(env)1450 2179 y Fc(V)1510 2164 y Fu(,)f
Fs(sto)6 b Ft(i)33 b(!)1868 2179 y Fc(D)1965 2164 y Fu(\()p
Fs(env)2159 2128 y Fi(0)2159 2189 y Fc(V)2219 2164 y
Fu(,)g Fs(sto)2407 2128 y Fi(0)2430 2164 y Fu(\))513
2319 y(where)g Fs(v)43 b Fu(=)33 b Ft(A)o Fu([)-17 b([)q
Fs(a)7 b Fu(])-17 b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)1575
2334 y Fc(V)1635 2319 y Fu(\))32 b(and)h Fs(l)43 b Fu(=)32
b Fs(env)2227 2334 y Fc(V)2320 2319 y Fu(next)244 2534
y Ft(h)p Fo(")o Fu(,)h Fs(env)544 2549 y Fc(V)604 2534
y Fu(,)g Fs(sto)6 b Ft(i)32 b(!)963 2549 y Fc(D)1059
2534 y Fu(\()p Fs(env)1253 2549 y Fc(V)1313 2534 y Fu(,)h
Fs(sto)6 b Fu(\))0 2737 y(Construct)25 b(a)f(statemen)m(t)h(that)e
(computes)i(di\013eren)m(t)f(results)h(under)g(the)f(t)m(w)m(o)h(v)-5
b(arian)m(ts)23 b(of)h(the)0 2858 y(seman)m(tics.)43
b(V)-8 b(alidate)29 b(y)m(our)i(claim)d(b)m(y)j(constructing)f(deriv)-5
b(ation)29 b(trees)j(for)d(the)i(executions)0 2978 y(of)h(the)h
(statemen)m(t)g(from)e(a)i(suitable)e(state.)1758 b Fh(2)p
eop
%%Page: 62 72
62 71 bop 251 130 a Fw(62)2086 b(2)112 b(Op)s(erational)37
b(Seman)m(tics)p 251 193 3473 4 v eop
%%Page: 63 73
63 72 bop 0 1180 a Fv(Chapter)78 b(3)0 1596 y(Pro)-6
b(v)-13 b(ably)76 b(Correct)i(Implemen)-6 b(tation)0
2049 y Fu(A)31 b(formal)e(sp)s(eci\014cation)h(of)h(the)h(seman)m(tics)
f(of)g(a)f(programming)e(language)i(is)h(useful)g(when)0
2169 y(implemen)m(ting)c(it.)42 b(In)31 b(particular,)e(it)g(b)s
(ecomes)i(p)s(ossible)f(to)f(argue)i(ab)s(out)f(the)g(correctness)0
2290 y(of)38 b(the)i(implemen)m(tation.)59 b(W)-8 b(e)39
b(shall)f(illustrate)e(this)j(b)m(y)h(sho)m(wing)f(ho)m(w)g(to)g
(translate)f(the)0 2410 y(language)29 b Fw(While)f Fu(in)m(to)h(a)h
(structured)h(form)e(of)g(assem)m(bler)h(co)s(de)h(for)e(an)h(abstract)
g(mac)m(hine)0 2530 y(and)c(w)m(e)h(shall)e(then)i(pro)m(v)m(e)g(that)f
(the)h(translation)d(is)i(correct.)42 b(The)27 b(idea)e(is)h(that)g(w)m
(e)h(\014rst)f(de-)0 2651 y(\014ne)h(the)g Fs(me)-5 b(aning)34
b Fu(of)25 b(the)i(abstract)g(mac)m(hine)f(instructions)g(b)m(y)h(an)f
(op)s(erational)e(seman)m(tics.)0 2771 y(Then)33 b(w)m(e)g(de\014ne)f
Fs(tr)-5 b(anslation)34 b(functions)39 b Fu(that)32 b(will)d(map)i
(expressions)j(and)d(statemen)m(ts)i(in)0 2892 y(the)41
b Fw(While)d Fu(language)i(in)m(to)f(sequences)44 b(of)c(suc)m(h)h
(instructions.)67 b(The)41 b(correctness)h(result)0 3012
y(will)30 b(then)j(state)g(that)g(if)e(w)m(e)145 3218
y Ft(\017)49 b Fu(translate)32 b(a)g(program)f(in)m(to)h(co)s(de,)h
(and)145 3424 y Ft(\017)49 b Fu(execute)34 b(the)f(co)s(de)g(on)g(the)g
(abstract)g(mac)m(hine,)0 3631 y(then)41 b(w)m(e)f(get)g(the)h(same)e
(result)h(as)g(w)m(as)h(sp)s(eci\014ed)g(b)m(y)g(the)f(seman)m(tic)g
(functions)f Ft(S)3204 3646 y Fn(ns)3315 3631 y Fu(and)0
3751 y Ft(S)68 3766 y Fn(sos)195 3751 y Fu(of)33 b(the)g(previous)g(c)m
(hapter.)0 4087 y Fj(3.1)161 b(The)53 b(abstract)g(mac)l(hine)0
4308 y Fu(When)33 b(sp)s(ecifying)f(the)g(abstract)h(mac)m(hine)f(it)f
(is)g(con)m(v)m(enien)m(t)j(\014rst)f(to)f(presen)m(t)i(its)d
(con\014gu-)0 4428 y(rations)h(and)g(next)i(its)e(instructions)g(and)h
(their)f(meanings.)146 4549 y(The)i(abstract)f(mac)m(hine)f
Fw(AM)g Fu(has)h(con\014gurations)f(of)h(the)g(form)e
Ft(h)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b
Ft(i)32 b Fu(where)145 4755 y Ft(\017)49 b Fs(c)38 b
Fu(is)32 b(the)h(sequence)i(of)d(instructions)h(\(or)f(co)s(de\))h(to)f
(b)s(e)h(executed,)145 4962 y Ft(\017)49 b Fs(e)40 b
Fu(is)32 b(the)h(ev)-5 b(aluation)31 b(stac)m(k,)i(and)145
5168 y Ft(\017)49 b Fs(s)40 b Fu(is)33 b(the)g(storage.)0
5374 y(W)-8 b(e)33 b(use)g(the)g Fs(evaluation)h(stack)43
b Fu(to)32 b(ev)-5 b(aluate)32 b(arithmetic)e(and)j(b)s(o)s(olean)d
(expressions.)46 b(F)-8 b(or-)0 5494 y(mally)g(,)30 b(it)i(is)g(a)g
(list)f(of)h(v)-5 b(alues,)33 b(so)g(writing)1687 5849
y(63)p eop
%%Page: 64 74
64 73 bop 251 130 a Fw(64)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
515 a(Stac)m(k)c Fu(=)f(\()p Fw(Z)h Ft([)g Fw(T)p Fu(\))1288
479 y Fc(?)283 703 y Fu(w)m(e)39 b(ha)m(v)m(e)g Fs(e)45
b Ft(2)38 b Fw(Stac)m(k)p Fu(.)59 b(F)-8 b(or)37 b(the)h(sak)m(e)h(of)e
(simplicit)m(y)e(w)m(e)k(shall)d(assume)j(that)e(the)h
Fs(stor)-5 b(age)283 824 y Fu(is)44 b(similar)d(to)j(the)h(state,)i
(that)d(is)g Fs(s)53 b Ft(2)44 b Fw(State)p Fu(,)j(and)e(it)e(is)h
(used)h(to)f(hold)f(the)i(v)-5 b(alues)44 b(of)283 944
y(v)-5 b(ariables.)430 1064 y(The)33 b Fs(instructions)41
b Fu(of)32 b Fw(AM)g Fu(are)h(giv)m(en)g(b)m(y)g(the)g(abstract)g(syn)m
(tax)577 1244 y Fs(inst)109 b Fu(::=)100 b Fb(push)p
Fu(-)p Fs(n)39 b Ft(j)32 b Fb(add)h Ft(j)f Fb(mul)-7
b(t)33 b Ft(j)g Fb(sub)894 1411 y Ft(j)151 b Fb(tr)n(ue)32
b Ft(j)g Fb(f)-9 b(alse)32 b Ft(j)h Fb(eq)f Ft(j)g Fb(le)g
Ft(j)h Fb(and)f Ft(j)h Fb(neg)894 1579 y Ft(j)151 b Fb(fetch)p
Fu(-)p Fs(x)44 b Ft(j)32 b Fb(store)p Fu(-)p Fs(x)894
1746 y Ft(j)151 b Fb(noop)33 b Ft(j)f Fb(branch)p Fu(\()p
Fs(c)6 b Fu(,)32 b Fs(c)6 b Fu(\))32 b Ft(j)g Fb(loop)p
Fu(\()p Fs(c)6 b Fu(,)33 b Fs(c)6 b Fu(\))577 1914 y
Fs(c)221 b Fu(::=)100 b Fo(")32 b Ft(j)g Fs(inst)9 b
Fu(:)p Fs(c)283 2095 y Fu(where)32 b Fo(")e Fu(is)h(the)g(empt)m(y)g
(sequence.)45 b(W)-8 b(e)31 b(shall)e(write)i Fw(Co)s(de)g
Fu(for)f(the)h(syn)m(tactic)g(category)g(of)283 2215
y Fs(se)-5 b(quenc)g(es)40 b(of)f(instructions)p Fu(,)h(so)e
Fs(c)44 b Fu(is)38 b(a)g(meta-v)-5 b(ariable)35 b(ranging)i(o)m(v)m(er)
j Fw(Co)s(de)p Fu(.)61 b(Therefore)283 2336 y(w)m(e)34
b(ha)m(v)m(e)527 2524 y Ft(h)p Fs(c)6 b Fu(,)32 b Fs(e)7
b Fu(,)33 b Fs(s)8 b Ft(i)33 b(2)f Fw(Co)s(de)h Ft(\002)g
Fw(Stac)m(k)g Ft(\002)g Fw(State)283 2711 y Fu(A)h(con\014guration)f
(is)g(a)g Fs(terminal)43 b Fu(\(or)33 b(\014nal\))f(con\014guration)h
(if)f(its)h(co)s(de)h(comp)s(onen)m(t)f(is)g(the)283
2832 y(empt)m(y)h(sequence,)h(that)d(is)g(if)g(it)f(has)i(the)g(form)f
Ft(h)o Fo(")p Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)o
Fu(.)430 2952 y(The)33 b(seman)m(tics)f(of)f(the)h(instructions)g(of)f
(the)i(abstract)f(mac)m(hine)f(is)h(giv)m(en)g(b)m(y)h(an)e
Fs(op)-5 b(er-)283 3072 y(ational)38 b(semantics)p Fu(.)55
b(As)37 b(in)e(the)i(previous)g(c)m(hapter)h(it)d(will)g(b)s(e)h(sp)s
(eci\014ed)i(b)m(y)f(a)f(transition)283 3193 y(system.)69
b(The)42 b(con\014gurations)e(ha)m(v)m(e)i(the)f(form)e
Ft(h)p Fs(c)6 b Fu(,)42 b Fs(e)7 b Fu(,)43 b Fs(s)8 b
Ft(i)41 b Fu(as)g(describ)s(ed)g(ab)s(o)m(v)m(e)h(and)e(the)283
3313 y(transition)31 b(relation)g Fh(\003)i Fu(sp)s(eci\014es)h(ho)m(w)
f(to)f(execute)j(the)e(instructions:)527 3501 y Ft(h)p
Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)33
b Fh(\003)g Ft(h)o Fs(c)1107 3465 y Fi(0)1130 3501 y
Fu(,)g Fs(e)1242 3465 y Fi(0)1265 3501 y Fu(,)g Fs(s)1373
3465 y Fi(0)1396 3501 y Ft(i)283 3689 y Fu(The)40 b(idea)e(is)g(that)g
Fs(one)i(step)g(of)g(exe)-5 b(cution)45 b Fu(will)36
b(transform)i(the)h(con\014guration)e Ft(h)p Fs(c)6 b
Fu(,)40 b Fs(e)7 b Fu(,)40 b Fs(s)8 b Ft(i)283 3809 y
Fu(in)m(to)46 b Ft(h)o Fs(c)584 3773 y Fi(0)607 3809
y Fu(,)j Fs(e)735 3773 y Fi(0)759 3809 y Fu(,)g Fs(s)883
3773 y Fi(0)907 3809 y Ft(i)o Fu(.)84 b(The)47 b(relation)d(is)h
(de\014ned)i(b)m(y)g(the)f(axioms)f(of)h(T)-8 b(able)45
b(3.1)h(where)h(w)m(e)283 3930 y(\(am)m(biguously\))35
b(use)i(the)g(notation)e(`:')50 b(b)s(oth)36 b(for)g(app)s(ending)g(t)m
(w)m(o)g(instruction)g(sequences)283 4050 y(and)c(for)f(prep)s(ending)g
(an)g(elemen)m(t)g(to)g(a)g(sequence.)46 b(The)32 b(ev)-5
b(aluation)30 b(stac)m(k)j(is)d(represen)m(ted)283 4170
y(as)f(a)g(sequence)i(of)d(elemen)m(ts.)43 b(It)29 b(has)g(the)g(top)g
(of)f(the)h(stac)m(k)h(to)e(the)h(left)f(and)h(w)m(e)h(shall)d(write)
283 4291 y Fo(")33 b Fu(for)f(the)h(empt)m(y)g(sequence.)430
4411 y(In)27 b(addition)e(to)i(the)h(usual)f(arithmetic)e(and)i(b)s(o)s
(olean)e(op)s(erations)i(w)m(e)h(ha)m(v)m(e)g(six)f(instruc-)283
4531 y(tions)35 b(that)f(mo)s(dify)f(the)i(ev)-5 b(aluation)33
b(stac)m(k:)49 b(The)35 b(op)s(eration)e Fb(push)p Fu(-)p
Fs(n)41 b Fu(pushes)c(a)d(constan)m(t)283 4652 y(v)-5
b(alue)32 b Fs(n)39 b Fu(on)m(to)31 b(the)i(stac)m(k)g(and)f
Fb(tr)n(ue)f Fu(and)h Fb(f)-9 b(alse)31 b Fu(push)i(the)g(constan)m(ts)
g Fw(tt)e Fu(and)h Fw(\013)p Fu(,)g(resp)s(ec-)283 4772
y(tiv)m(ely)-8 b(,)35 b(on)m(to)g(the)g(stac)m(k.)51
b(The)36 b(op)s(eration)d Fb(fetch)p Fu(-)p Fs(x)46 b
Fu(pushes)36 b(the)f(v)-5 b(alue)34 b(b)s(ound)h(to)g
Fs(x)46 b Fu(on)m(to)283 4893 y(the)25 b(stac)m(k)h(whereas)g
Fb(store)p Fu(-)p Fs(x)35 b Fu(p)s(ops)25 b(the)f(topmost)g(elemen)m(t)
g(o\013)g(the)h(stac)m(k)h(and)e(up)s(dates)h(the)283
5013 y(storage)35 b(so)f(that)g(the)h(p)s(opp)s(ed)f(v)-5
b(alue)34 b(is)g(b)s(ound)g(to)g Fs(x)12 b Fu(.)48 b(The)35
b(instruction)e Fb(branch)p Fu(\()p Fs(c)3529 5028 y
Fn(1)3568 5013 y Fu(,)g Fs(c)3679 5028 y Fn(2)3718 5013
y Fu(\))283 5133 y(will)e(also)h(c)m(hange)h(the)g(\015o)m(w)g(of)g
(con)m(trol:)43 b(If)32 b(the)h(top)g(of)f(the)h(stac)m(k)h(is)e(the)h
(v)-5 b(alue)32 b Fw(tt)g Fu(\(that)g(is)283 5254 y(some)d(b)s(o)s
(olean)e(expression)j(has)f(b)s(een)h(ev)-5 b(aluated)28
b(to)g(true\))h(then)h(the)f(stac)m(k)h(is)e(p)s(opp)s(ed)h(and)283
5374 y Fs(c)334 5389 y Fn(1)408 5374 y Fu(is)35 b(to)g(b)s(e)g
(executed)i(next.)52 b(Otherwise,)36 b(if)e(the)h(top)g(elemen)m(t)g
(of)g(the)g(stac)m(k)h(is)f Fw(\013)g Fu(then)h(it)283
5494 y(will)31 b(b)s(e)i(p)s(opp)s(ed)f(and)h Fs(c)1188
5509 y Fn(2)1260 5494 y Fu(will)d(b)s(e)j(executed)h(next.)p
eop
%%Page: 65 75
65 74 bop 0 130 a Fw(3.1)112 b(The)38 b(abstract)g(mac)m(hine)2038
b(65)p 0 193 3473 4 v 0 419 V 0 3830 4 3411 v 416 528
a Ft(h)o Fb(push)p Fu(-)p Fs(n)7 b Fu(:)p Fs(c)f Fu(,)32
b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)525 b Fh(\003)101
b Ft(h)o Fs(c)6 b Fu(,)32 b Ft(N)15 b Fu([)-17 b([)q
Fs(n)7 b Fu(])-17 b(]:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b
Ft(i)416 697 y(h)o Fb(add)p Fu(:)p Fs(c)e Fu(,)33 b Fs(z)829
712 y Fn(1)869 697 y Fu(:)p Fs(z)948 712 y Fn(2)987 697
y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)421 b Fh(\003)101
b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 712 y Fn(1)2090
697 y Fu(+)p Fs(z)2218 712 y Fn(2)2257 697 y Fu(\):)p
Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)2664 696 y Fu(if)31
b Fs(z)2805 711 y Fn(1)2844 696 y Fu(,)i Fs(z)2956 711
y Fn(2)2995 696 y Ft(2)q Fw(Z)416 865 y Ft(h)o Fb(mul)-7
b(t)p Fu(:)p Fs(c)6 b Fu(,)34 b Fs(z)883 880 y Fn(1)922
865 y Fu(:)p Fs(z)1001 880 y Fn(2)1040 865 y Fu(:)p Fs(e)7
b Fu(,)33 b Fs(s)8 b Ft(i)368 b Fh(\003)101 b Ft(h)o
Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 880 y Fn(1)2090 865
y Fo(?)p Fs(z)2191 880 y Fn(2)2230 865 y Fu(\):)p Fs(e)7
b Fu(,)33 b Fs(s)8 b Ft(i)2664 864 y Fu(if)31 b Fs(z)2805
879 y Fn(1)2844 864 y Fu(,)i Fs(z)2956 879 y Fn(2)2995
864 y Ft(2)q Fw(Z)416 1034 y Ft(h)o Fb(sub)p Fu(:)p Fs(c)6
b Fu(,)32 b Fs(z)808 1049 y Fn(1)848 1034 y Fu(:)p Fs(z)927
1049 y Fn(2)966 1034 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8
b Ft(i)442 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p
Fs(z)2050 1049 y Fn(1)2090 1034 y Ft(\000)p Fs(z)2219
1049 y Fn(2)2259 1034 y Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8
b Ft(i)2664 1033 y Fu(if)31 b Fs(z)2805 1048 y Fn(1)2844
1033 y Fu(,)i Fs(z)2956 1048 y Fn(2)2995 1033 y Ft(2)q
Fw(Z)416 1201 y Ft(h)o Fb(tr)n(ue)p Fu(:)p Fs(c)6 b Fu(,)32
b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)610 b Fh(\003)101
b Ft(h)o Fs(c)6 b Fu(,)32 b Fw(tt)p Fu(:)p Fs(e)7 b Fu(,)33
b Fs(s)8 b Ft(i)416 1369 y(h)o Fb(f)-9 b(alse)p Fu(:)p
Fs(c)6 b Fu(,)33 b Fs(e)7 b Fu(,)32 b Fs(s)8 b Ft(i)586
b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b Fw(\013)p Fu(:)p
Fs(e)7 b Fu(,)34 b Fs(s)8 b Ft(i)416 1537 y(h)o Fb(eq)p
Fu(:)p Fs(c)e Fu(,)33 b Fs(z)763 1552 y Fn(1)802 1537
y Fu(:)p Fs(z)881 1552 y Fn(2)920 1537 y Fu(:)p Fs(e)7
b Fu(,)33 b Fs(s)8 b Ft(i)488 b Fh(\003)101 b Ft(h)o
Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 1552 y Fn(1)2090 1537
y Fu(=)p Fs(z)2218 1552 y Fn(2)2257 1537 y Fu(\):)p Fs(e)7
b Fu(,)33 b Fs(s)8 b Ft(i)2664 1536 y Fu(if)31 b Fs(z)2805
1551 y Fn(1)2844 1536 y Fu(,)i Fs(z)2956 1551 y Fn(2)2995
1536 y Ft(2)q Fw(Z)416 1706 y Ft(h)o Fb(le)p Fu(:)p Fs(c)6
b Fu(,)32 b Fs(z)750 1721 y Fn(1)790 1706 y Fu(:)p Fs(z)869
1721 y Fn(2)908 1706 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8
b Ft(i)500 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p
Fs(z)2050 1721 y Fn(1)2090 1706 y Ft(\024)p Fs(z)2219
1721 y Fn(2)2259 1706 y Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8
b Ft(i)2664 1705 y Fu(if)31 b Fs(z)2805 1720 y Fn(1)2844
1705 y Fu(,)i Fs(z)2956 1720 y Fn(2)2995 1705 y Ft(2)q
Fw(Z)416 1873 y Ft(h)o Fb(and)p Fu(:)p Fs(c)6 b Fu(,)33
b Fs(t)817 1888 y Fn(1)857 1873 y Fu(:)p Fs(t)925 1888
y Fn(2)966 1873 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b
Ft(i)442 b Fh(\003)921 1957 y Fg(8)921 2031 y(<)921 2181
y(:)1036 2046 y Ft(h)p Fs(c)5 b Fo(;)17 b Fw(tt)27 b
Fu(:)h Fs(e)7 b Fo(;)17 b Fs(s)8 b Ft(i)1036 2214 y(h)p
Fs(c)d Fo(;)17 b Fw(\013)38 b Fu(:)28 b Fs(e)7 b Fo(;)17
b Fs(s)8 b Ft(i)1647 2046 y Fu(if)31 b Fs(t)1777 2061
y Fn(1)1818 2046 y Fu(=)p Fw(tt)g Fu(and)i Fs(t)2244
2061 y Fn(2)2284 2046 y Fu(=)p Fw(tt)1647 2214 y Fu(if)e
Fs(t)1777 2229 y Fn(1)1818 2214 y Fu(=)p Fw(\013)h Fu(or)h
Fs(t)2152 2229 y Fn(2)2192 2214 y Fu(=)p Fw(\013)p Fu(,)g
Fs(t)2434 2229 y Fn(1)2474 2214 y Fu(,)g Fs(t)2575 2229
y Fn(2)2615 2214 y Ft(2)p Fw(T)416 2483 y Ft(h)o Fb(neg)p
Fu(:)p Fs(c)6 b Fu(,)32 b Fs(t)9 b Fu(:)p Fs(e)e Fu(,)34
b Fs(s)8 b Ft(i)594 b Fh(\003)1812 2309 y Fg(8)1812 2384
y(<)1812 2533 y(:)1927 2399 y Ft(h)p Fs(c)5 b Fo(;)17
b Fw(\013)38 b Fu(:)28 b Fs(e)7 b Fo(;)17 b Fs(s)8 b
Ft(i)1927 2566 y(h)p Fs(c)d Fo(;)17 b Fw(tt)27 b Fu(:)h
Fs(e)7 b Fo(;)17 b Fs(s)8 b Ft(i)2664 2399 y Fu(if)31
b Fs(t)9 b Fu(=)p Fw(tt)2664 2566 y Fu(if)31 b Fs(t)9
b Fu(=)p Fw(\013)416 2745 y Ft(h)o Fb(fetch)p Fu(-)p
Fs(x)j Fu(:)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8
b Ft(i)466 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p
Fs(s)41 b(x)12 b Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8 b
Ft(i)416 2914 y(h)o Fb(store)p Fu(-)p Fs(x)k Fu(:)p Fs(c)6
b Fu(,)31 b Fs(z)12 b Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8
b Ft(i)392 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b
Fs(e)7 b Fu(,)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)p Fs(z)g
Fu(])p Ft(i)2664 2913 y Fu(if)31 b Fs(z)12 b Ft(2)p Fw(Z)416
3081 y Ft(h)o Fb(noop)p Fu(:)p Fs(c)6 b Fu(,)33 b Fs(e)7
b Fu(,)33 b Fs(s)8 b Ft(i)600 b Fh(\003)101 b Ft(h)o
Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)416
3339 y(h)o Fb(branch)p Fu(\()p Fs(c)903 3354 y Fn(1)942
3339 y Fu(,)33 b Fs(c)1053 3354 y Fn(2)1092 3339 y Fu(\):)p
Fs(c)6 b Fu(,)32 b Fs(t)9 b Fu(:)p Fs(e)e Fu(,)34 b Fs(s)8
b Ft(i)99 b Fh(\003)1812 3165 y Fg(8)1812 3240 y(<)1812
3389 y(:)1927 3255 y Ft(h)p Fs(c)2016 3270 y Fn(1)2083
3255 y Fu(:)28 b Fs(c)6 b Fo(;)17 b Fs(e)7 b Fo(;)17
b Fs(s)7 b Ft(i)1927 3422 y(h)p Fs(c)2016 3437 y Fn(2)2083
3422 y Fu(:)28 b Fs(c)6 b Fo(;)17 b Fs(e)7 b Fo(;)17
b Fs(s)7 b Ft(i)2664 3255 y Fu(if)31 b Fs(t)9 b Fu(=)p
Fw(tt)2664 3422 y Fu(if)31 b Fs(t)9 b Fu(=)p Fw(\013)416
3601 y Ft(h)o Fb(loop)p Fu(\()p Fs(c)776 3616 y Fn(1)816
3601 y Fu(,)32 b Fs(c)926 3616 y Fn(2)965 3601 y Fu(\):)p
Fs(c)6 b Fu(,)33 b Fs(e)7 b Fu(,)32 b Fs(s)8 b Ft(i)295
b Fh(\003)921 3769 y Ft(h)o Fs(c)1010 3784 y Fn(1)1049
3769 y Fu(:)p Fb(branch)p Fu(\()p Fs(c)1525 3784 y Fn(2)1564
3769 y Fu(:)p Fb(loop)p Fu(\()p Fs(c)1913 3784 y Fn(1)1953
3769 y Fu(,)32 b Fs(c)2063 3784 y Fn(2)2102 3769 y Fu(\),)h
Fb(noop)p Fu(\):)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33
b Fs(s)8 b Ft(i)p 3469 3830 V 0 3833 3473 4 v 844 3994
a Fu(T)-8 b(able)32 b(3.1:)43 b(Op)s(erational)30 b(seman)m(tics)j(for)
f Fw(AM)146 4287 y Fu(There)43 b(are)f(t)m(w)m(o)h(instructions)f(that)
f(c)m(hange)i(the)f(\015o)m(w)h(of)e(con)m(trol.)71 b(The)43
b(instruction)0 4407 y Fb(branch)p Fu(\()p Fs(c)449 4422
y Fn(1)488 4407 y Fu(,)i Fs(c)611 4422 y Fn(2)650 4407
y Fu(\))d(will)e(b)s(e)j(used)h(to)e(implemen)m(t)e(the)j(conditional:)
61 b(as)42 b(describ)s(ed)i(ab)s(o)m(v)m(e)0 4527 y(it)f(will)f(c)m(ho)
s(ose)i(the)h(co)s(de)f(comp)s(onen)m(t)g Fs(c)1602 4542
y Fn(1)1685 4527 y Fu(or)g Fs(c)1867 4542 y Fn(2)1950
4527 y Fu(dep)s(ending)g(on)g(the)g(curren)m(t)h(v)-5
b(alue)43 b(on)0 4648 y(top)g(of)g(the)h(stac)m(k.)76
b(If)44 b(the)f(top)g(of)g(the)h(stac)m(k)g(is)f(not)g(a)g(truth)h(v)-5
b(alue)42 b(the)i(mac)m(hine)f(will)0 4768 y(halt)e(as)i(there)g(is)f
(no)h(next)g(con\014guration)f(\(since)h(the)g(meaning)e(of)h
Fb(branch)p Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p
Ft(\001)g(\001)g(\001)n Fu(\))43 b(is)0 4889 y(not)i(de\014ned)h(in)e
(that)h(case\).)82 b(A)45 b(lo)s(oping)d(construct)k(suc)m(h)g(as)g
(the)f Fr(while)p Fu(-construct)i(of)0 5009 y Fw(While)40
b Fu(can)i(b)s(e)g(implemen)m(ted)f(using)g(the)h(instruction)f
Fb(loop)p Fu(\()p Fs(c)2516 5024 y Fn(1)2555 5009 y Fu(,)j
Fs(c)2677 5024 y Fn(2)2716 5009 y Fu(\).)71 b(The)43
b(seman)m(tics)0 5129 y(of)35 b(this)g(instruction)f(is)h(de\014ned)i
(b)m(y)f(rewriting)f(it)f(to)h(a)g(com)m(bination)e(of)i(other)h
(constructs)0 5250 y(including)29 b(the)i Fb(branch)p
Fu(-instruction)e(and)h(itself.)42 b(W)-8 b(e)31 b(shall)e(see)j
(shortly)e(ho)m(w)h(this)f(can)h(b)s(e)0 5370 y(used.)146
5494 y(The)40 b(op)s(erational)d(seman)m(tics)i(of)f(T)-8
b(able)38 b(3.1)h(is)f(indeed)h(a)g(structural)g(op)s(erational)d(se-)p
eop
%%Page: 66 76
66 75 bop 251 130 a Fw(66)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
515 a Fu(man)m(tics)29 b(for)g Fw(AM)p Fu(.)g(Corresp)s(onding)g(to)g
(the)g(deriv)-5 b(ation)28 b(sequences)k(of)d(Chapter)h(2)f(w)m(e)h
(shall)283 636 y(de\014ne)36 b(a)e Fs(c)-5 b(omputation)36
b(se)-5 b(quenc)g(e)40 b Fu(for)34 b Fw(AM)p Fu(.)g(Giv)m(en)g(a)g
(sequence)j Fs(c)i Fu(of)34 b(instructions)g(and)g(a)283
756 y(storage)f Fs(s)8 b Fu(,)33 b(a)f(computation)f(sequence)k(for)d
Fs(c)38 b Fu(and)33 b Fs(s)41 b Fu(is)32 b(either)429
956 y Ft(\017)48 b Fu(a)33 b Fs(\014nite)39 b Fu(sequence)742
1159 y Fo(\015)798 1174 y Fn(0)837 1159 y Fu(,)33 b Fo(\015)953
1174 y Fn(1)992 1159 y Fu(,)g Fo(\015)1108 1174 y Fn(2)1148
1159 y Fu(,)f Ft(\001)17 b(\001)g(\001)31 b Fu(,)i Fo(\015)1472
1174 y Fn(k)527 1361 y Fu(of)c(con\014gurations)f(satisfying)g
Fo(\015)1747 1376 y Fn(0)1815 1361 y Fu(=)g Ft(h)p Fs(c)6
b Fu(,)29 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)29 b Fu(and)g
Fo(\015)2525 1376 y Fn(i)2577 1361 y Fh(\003)g Fo(\015)2739
1376 y Fn(i+1)2882 1361 y Fu(for)f(0)p Ft(\024)p Fu(i)p
Fo(<)p Fu(k,)h(k)p Ft(\025)q Fu(0,)h(and)527 1482 y(where)k(there)f(is)
g(no)f Fo(\015)38 b Fu(suc)m(h)c(that)e Fo(\015)1868
1497 y Fn(k)1942 1482 y Fh(\003)h Fo(\015)5 b Fu(,)33
b(or)f(it)f(is)429 1684 y Ft(\017)48 b Fu(an)33 b Fs(in\014nite)39
b Fu(sequence)742 1886 y Fo(\015)798 1901 y Fn(0)837
1886 y Fu(,)33 b Fo(\015)953 1901 y Fn(1)992 1886 y Fu(,)g
Fo(\015)1108 1901 y Fn(2)1148 1886 y Fu(,)f Ft(\001)17
b(\001)g(\001)527 2089 y Fu(of)32 b(con\014gurations)h(satisfying)e
Fo(\015)1758 2104 y Fn(0)1830 2089 y Fu(=)i Ft(h)o Fs(c)6
b Fu(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fu(and)h
Fo(\015)2558 2104 y Fn(i)2614 2089 y Fh(\003)g Fo(\015)2780
2104 y Fn(i+1)2927 2089 y Fu(for)f(0)p Ft(\024)p Fu(i.)283
2289 y(Note)e(that)g(initial)c(con\014gurations)j(alw)m(a)m(ys)h(ha)m
(v)m(e)h(an)f Fs(empty)38 b Fu(ev)-5 b(aluation)28 b(stac)m(k.)44
b(A)30 b(compu-)283 2410 y(tation)i(sequence)j(is)429
2610 y Ft(\017)48 b Fs(terminating)41 b Fu(if)31 b(and)i(only)f(if)g
(it)f(is)h(\014nite,)h(and)429 2812 y Ft(\017)48 b Fs(lo)-5
b(oping)40 b Fu(if)32 b(and)h(only)f(if)f(it)h(is)g(in\014nite.)283
3013 y(A)f(terminating)d(computation)h(sequence)k(ma)m(y)d(end)h(in)f
(a)g(terminal)e(con\014guration)h(\(that)h(is)283 3133
y(a)38 b(con\014guration)g(with)g(an)g(empt)m(y)h(co)s(de)f(comp)s
(onen)m(t\))h(or)f(in)f(a)h(stuc)m(k)i(con\014guration)d(\(for)283
3253 y(example)c Ft(h)o Fb(add)p Fu(,)g Fo(")p Fu(,)g
Fs(s)8 b Ft(i)p Fu(\).)283 3478 y Fw(Example)37 b(3.1)49
b Fu(Consider)33 b(the)g(instruction)f(sequence)527 3678
y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p Fr(x)p
Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p Fr(x)283 3878
y Fu(Assuming)h(that)f(the)h(initial)c(storage)j Fs(s)41
b Fu(has)33 b Fs(s)41 b Fr(x)32 b Fu(=)h Fw(3)f Fu(w)m(e)i(get)527
4079 y Ft(h)p Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p
Fu(-)p Fr(x)p Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p
Fr(x)p Fu(,)d Fo(")p Fu(,)i Fs(s)8 b Ft(i)873 4246 y
Fh(\003)33 b Ft(h)p Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(add)p
Fu(:)p Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(1)p Fu(,)h
Fs(s)8 b Ft(i)873 4414 y Fh(\003)33 b Ft(h)p Fb(add)p
Fu(:)p Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(3)p Fu(:)p
Fw(1)p Fu(,)h Fs(s)8 b Ft(i)873 4582 y Fh(\003)33 b Ft(h)p
Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(4)p Fu(,)g Fs(s)8
b Ft(i)873 4749 y Fh(\003)33 b Ft(h)p Fo(")p Fu(,)f Fo(")p
Fu(,)h Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])p Ft(i)283
4950 y Fu(The)36 b(computation)c(no)m(w)j(stops)g(b)s(ecause)g(there)g
(is)f(no)g(next)h(step.)49 b(This)34 b(is)g(an)g(example)f(of)283
5070 y(a)g(terminating)d(computation)h(sequence.)1820
b Fh(2)283 5294 y Fw(Example)37 b(3.2)49 b Fu(Consider)33
b(the)g(co)s(de)527 5494 y Fb(loop)p Fu(\()p Fb(tr)n(ue)p
Fu(,)g Fb(noop)p Fu(\))p eop
%%Page: 67 77
67 76 bop 0 130 a Fw(3.1)112 b(The)38 b(abstract)g(mac)m(hine)2038
b(67)p 0 193 3473 4 v 0 515 a Fu(W)-8 b(e)33 b(ha)m(v)m(e)244
681 y Ft(h)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p
Fu(\),)h Fo(")o Fu(,)g Fs(s)8 b Ft(i)554 848 y Fh(\003)33
b Ft(h)p Fb(tr)n(ue)p Fu(:)p Fb(branch)p Fu(\()p Fb(noop)p
Fu(:)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p
Fu(\),)h Fb(noop)p Fu(\),)f Fo(")p Fu(,)h Fs(s)8 b Ft(i)554
1016 y Fh(\003)33 b Ft(h)p Fb(branch)p Fu(\()p Fb(noop)p
Fu(:)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p
Fu(\),)h Fb(noop)p Fu(\),)g Fw(tt)p Fu(,)f Fs(s)8 b Ft(i)554
1183 y Fh(\003)33 b Ft(h)p Fb(noop)p Fu(:)p Fb(loop)p
Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p Fu(\),)h Fo(")p
Fu(,)f Fs(s)8 b Ft(i)554 1351 y Fh(\003)33 b Ft(h)p Fb(loop)p
Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p Fu(\),)h Fo(")o
Fu(,)g Fs(s)8 b Ft(i)554 1519 y Fh(\003)33 b Ft(\001)17
b(\001)g(\001)0 1684 y Fu(and)40 b(the)h(unfolding)d(of)i(the)g
Fb(loop)p Fu(-instruction)f(is)h(rep)s(eated.)67 b(This)40
b(is)f(an)h(example)g(of)g(a)0 1804 y(lo)s(oping)30 b(computation)h
(sequence.)2089 b Fh(2)0 1982 y Fw(Exercise)36 b(3.3)49
b Fu(Consider)33 b(the)g(co)s(de)244 2147 y Fb(push)p
Fu(-)p Fr(0)p Fu(:)p Fb(store)p Fu(-)p Fr(z)p Fu(:)p
Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(store)p Fu(-)p Fr(r)p
Fu(:)244 2315 y Fb(loop)p Fu(\()p Fb(fetch)p Fu(-)p Fr(r)p
Fu(:)p Fb(fetch)p Fu(-)p Fr(y)p Fu(:)p Fb(le)p Fu(,)515
2482 y Fb(fetch)p Fu(-)p Fr(y)p Fu(:)p Fb(fetch)p Fu(-)p
Fr(r)p Fu(:)p Fb(sub)p Fu(:)p Fb(store)p Fu(-)p Fr(r)p
Fu(:)515 2650 y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p
Fu(-)p Fr(z)p Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p
Fr(z)p Fu(\))0 2815 y(Determine)f(the)h(function)f(computed)g(b)m(y)i
(this)e(co)s(de.)1378 b Fh(2)0 3097 y Fp(Prop)t(erties)46
b(of)f(AM)0 3282 y Fu(The)40 b(seman)m(tics)f(w)m(e)h(ha)m(v)m(e)h(sp)s
(eci\014ed)e(for)g(the)g(abstract)h(mac)m(hine)e(is)h(concerned)h(with)
f(the)0 3402 y(execution)27 b(of)g(individual)d(instructions)i(and)h
(is)f(therefore)i(close)f(in)f(spirit)f(to)h(the)i(structural)0
3523 y(op)s(erational)j(seman)m(tics)j(studied)g(in)e(Chapter)j(2.)46
b(When)34 b(pro)m(ving)f(the)h(correctness)i(of)d(the)0
3643 y(co)s(de)44 b(generation)g(w)m(e)g(shall)f(need)i(a)f(few)g
(results)g(analogous)f(to)h(those)g(holding)f(for)g(the)0
3764 y(structural)d(op)s(erational)e(seman)m(tics.)66
b(As)41 b(their)f(pro)s(ofs)g(follo)m(w)e(the)j(same)f(lines)f(as)i
(those)0 3884 y(for)32 b(the)h(structural)f(op)s(erational)e(seman)m
(tics)i(w)m(e)i(shall)d(lea)m(v)m(e)i(them)f(as)g(exercises)i(and)f
(only)0 4004 y Fs(r)-5 b(eformulate)40 b Fu(the)33 b(pro)s(of)e(tec)m
(hnique)j(from)e(Section)g(2.2:)p 0 4153 3470 4 v 0 4170
V -2 4378 4 208 v 15 4378 V 478 4299 a Fw(Induction)g(on)h(the)f
(Length)h(of)g(Computation)f(Sequences)p 3452 4378 V
3469 4378 V 0 4381 3470 4 v -2 4630 4 249 v 15 4630 V
66 4546 a Fu(1:)143 b(Pro)m(v)m(e)34 b(that)f(the)g(prop)s(ert)m(y)g
(holds)f(for)g(all)f(computation)g(sequences)36 b(of)c(length)g(0.)p
3452 4630 V 3469 4630 V -2 5159 4 529 v 15 5159 V 66
4714 a(2:)143 b(Pro)m(v)m(e)41 b(that)f(the)g(prop)s(ert)m(y)g(holds)f
(for)g(all)f(other)i(computation)e(sequences:)60 b(As-)285
4834 y(sume)37 b(that)f(the)h(prop)s(ert)m(y)g(holds)g(for)f(all)e
(computation)h(sequences)40 b(of)c(length)g(at)285 4955
y(most)31 b(k)g(\(this)g(is)f(called)g(the)i Fs(induction)h(hyp)-5
b(othesis)p Fu(\))30 b(and)h(sho)m(w)h(that)f(it)f(holds)h(for)285
5075 y(computation)g(sequences)36 b(of)c(length)g(k+1.)p
3452 5159 V 3469 5159 V 0 5162 3470 4 v 0 5179 V 0 5374
a(The)f(induction)d(step)j(of)e(a)g(pro)s(of)g(follo)m(wing)e(this)i
(tec)m(hnique)j(will)27 b(often)j(b)s(e)f(done)i(b)m(y)f(a)f(case)0
5494 y(analysis)j(on)g(the)h(\014rst)g(instruction)f(of)g(the)h(co)s
(de)g(comp)s(onen)m(t)g(of)f(the)h(con\014guration.)p
eop
%%Page: 68 78
68 77 bop 251 130 a Fw(68)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
515 a(Exercise)g(3.4)49 b(\(Essen)m(tial\))30 b Fu(By)j(analogy)f(with)
g(Exercise)i(2.21)e(pro)m(v)m(e)h(that)527 717 y(if)f
Ft(h)p Fs(c)707 732 y Fn(1)746 717 y Fu(,)g Fs(e)857
732 y Fn(1)897 717 y Fu(,)g Fs(s)8 b Ft(i)33 b Fh(\003)1153
681 y Fn(k)1227 717 y Ft(h)p Fs(c)1317 681 y Fi(0)1340
717 y Fu(,)f Fs(e)1451 681 y Fi(0)1475 717 y Fu(,)h Fs(s)1583
681 y Fi(0)1606 717 y Ft(i)f Fu(then)h Ft(h)p Fs(c)1989
732 y Fn(1)2028 717 y Fu(:)p Fs(c)2106 732 y Fn(2)2145
717 y Fu(,)g Fs(e)2257 732 y Fn(1)2297 717 y Fu(:)p Fs(e)2376
732 y Fn(2)2415 717 y Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)2672
681 y Fn(k)2746 717 y Ft(h)p Fs(c)2836 681 y Fi(0)2858
717 y Fu(:)p Fs(c)2936 732 y Fn(2)2976 717 y Fu(,)g Fs(e)3087
681 y Fi(0)3111 717 y Fu(:)p Fs(e)3190 732 y Fn(2)3230
717 y Fu(,)g Fs(s)3337 681 y Fi(0)3361 717 y Ft(i)283
919 y Fu(This)25 b(means)g(that)f(w)m(e)i(can)e(extend)i(the)f(co)s(de)
g(comp)s(onen)m(t)g(as)g(w)m(ell)e(as)i(the)g(stac)m(k)h(comp)s(onen)m
(t)283 1039 y(without)33 b(c)m(hanging)f(the)h(b)s(eha)m(viour)f(of)g
(the)h(mac)m(hine.)1349 b Fh(2)283 1265 y Fw(Exercise)37
b(3.5)49 b(\(Essen)m(tial\))30 b Fu(By)j(analogy)f(with)g(Lemma)f(2.19)
h(pro)m(v)m(e)i(that)e(if)527 1467 y Ft(h)p Fs(c)617
1482 y Fn(1)656 1467 y Fu(:)p Fs(c)734 1482 y Fn(2)773
1467 y Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1142
1431 y Fn(k)1215 1467 y Ft(h)p Fo(")p Fu(,)g Fs(e)1411
1431 y Fi(00)1454 1467 y Fu(,)h Fs(s)1562 1431 y Fi(00)1604
1467 y Ft(i)283 1669 y Fu(then)40 b(there)f(exists)g(a)g
(con\014guration)e Ft(h)p Fo(")p Fu(,)j Fs(e)1930 1633
y Fi(0)1953 1669 y Fu(,)g Fs(s)2068 1633 y Fi(0)2092
1669 y Ft(i)e Fu(and)h(natural)e(n)m(um)m(b)s(ers)j(k)3163
1684 y Fn(1)3241 1669 y Fu(and)f(k)3488 1684 y Fn(2)3566
1669 y Fu(with)283 1789 y(k)334 1804 y Fn(1)374 1789
y Fu(+k)501 1804 y Fn(2)541 1789 y Fu(=k)33 b(suc)m(h)h(that)527
1991 y Ft(h)p Fs(c)617 2006 y Fn(1)656 1991 y Fu(,)f
Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1024 1955
y Fn(k)1061 1964 y Fd(1)1133 1991 y Ft(h)p Fo(")o Fu(,)h
Fs(e)1329 1955 y Fi(0)1353 1991 y Fu(,)f Fs(s)1460 1955
y Fi(0)1484 1991 y Ft(i)g Fu(and)g Ft(h)p Fs(c)1834 2006
y Fn(2)1873 1991 y Fu(,)h Fs(e)1985 1955 y Fi(0)2008
1991 y Fu(,)g Fs(s)2116 1955 y Fi(0)2139 1991 y Ft(i)g
Fh(\003)2288 1955 y Fn(k)2325 1964 y Fd(2)2397 1991 y
Ft(h)o Fo(")p Fu(,)g Fs(e)2593 1955 y Fi(00)2635 1991
y Fu(,)g Fs(s)2743 1955 y Fi(00)2785 1991 y Ft(i)283
2193 y Fu(This)c(means)f(that)f(the)i(execution)g(of)e(a)h(comp)s
(osite)f(sequence)j(of)e(instructions)g(can)g(b)s(e)g(split)283
2313 y(in)m(to)k(t)m(w)m(o)i(pieces.)2739 b Fh(2)430
2539 y Fu(The)23 b(notion)d(of)i(determinism)e(is)h(de\014ned)i(as)f
(for)f(the)i(structural)e(op)s(erational)f(seman)m(tics.)283
2660 y(So)34 b(the)g(seman)m(tics)g(of)g(an)f(abstract)i(mac)m(hine)e
(is)g Fs(deterministic)39 b Fu(if)32 b(for)i(all)d(c)m(hoices)k(of)e
Fo(\015)5 b Fu(,)35 b Fo(\015)3733 2624 y Fi(0)283 2780
y Fu(and)e Fo(\015)529 2744 y Fi(00)572 2780 y Fu(:)527
2982 y Fo(\015)38 b Fh(\003)33 b Fo(\015)782 2946 y Fi(0)838
2982 y Fu(and)f Fo(\015)38 b Fh(\003)33 b Fo(\015)1282
2946 y Fi(00)1357 2982 y Fu(imply)e Fo(\015)1687 2946
y Fi(0)1742 2982 y Fu(=)i Fo(\015)1907 2946 y Fi(00)283
3208 y Fw(Exercise)k(3.6)49 b(\(Essen)m(tial\))36 b Fu(Sho)m(w)j(that)f
(the)h(mac)m(hine)f(seman)m(tics)h(of)f(T)-8 b(able)38
b(3.1)g(is)g(de-)283 3329 y(terministic.)48 b(Deduce)36
b(that)e(there)i(is)e(exactly)h(one)g(computation)e(sequence)k
(starting)d(in)g(a)283 3449 y(con\014guration)e Ft(h)p
Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)p
Fu(.)2432 b Fh(2)283 3737 y Fp(The)45 b(execution)h(function)e
FC(M)283 3922 y Fu(W)-8 b(e)37 b(shall)e(de\014ne)j(the)f
Fs(me)-5 b(aning)44 b Fu(of)36 b(a)g(sequence)j(of)d(instructions)g(as)
h(a)f(\(partial\))e(function)283 4043 y(from)e Fw(State)g
Fu(to)h Fw(State)p Fu(:)527 4244 y Ft(M)p Fu(:)43 b Fw(Co)s(de)33
b Ft(!)g Fu(\()p Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(\))283 4446 y(It)g(is)f(giv)m(en)h(b)m(y)527 4730
y Ft(M)p Fu([)-17 b([)q Fs(c)6 b Fu(])-17 b(])32 b Fs(s)41
b Fu(=)994 4555 y Fg(8)994 4630 y(<)994 4779 y(:)1110
4645 y Fs(s)1158 4609 y Fi(0)1428 4645 y Fu(if)32 b Ft(h)o
Fs(c)6 b Fu(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1969
4609 y Fi(\003)2041 4645 y Ft(h)o Fo(")p Fu(,)h Fs(e)7
b Fu(,)33 b Fs(s)2345 4609 y Fi(0)2368 4645 y Ft(i)1110
4813 y Fu(undef)p 1110 4826 236 4 v 83 w(otherwise)283
5013 y(The)e(function)f(is)f(w)m(ell-de\014ned)i(b)s(ecause)g(of)e
(Exercise)j(3.6.)42 b(Note)30 b(that)g(the)g(de\014nition)f(do)s(es)283
5133 y(not)k(require)g(the)g(stac)m(k)h(comp)s(onen)m(t)e(of)h(the)g
(terminal)d(con\014guration)i(to)g(b)s(e)h(empt)m(y)g(but)g(it)283
5254 y(do)s(es)g(require)g(the)g(co)s(de)g(comp)s(onen)m(t)g(to)f(b)s
(e)h(so.)430 5374 y(The)j(abstract)g(mac)m(hine)g Fw(AM)f
Fu(ma)m(y)h(seem)g(far)f(remo)m(v)m(ed)h(from)f(more)g(traditional)d
(ma-)283 5494 y(c)m(hine)h(arc)m(hitectures.)45 b(In)33
b(the)g(next)h(few)f(exercises)h(w)m(e)g(shall)d(gradually)g(bridge)h
(this)g(gap.)p eop
%%Page: 69 79
69 78 bop 0 130 a Fw(3.2)112 b(Sp)s(eci\014cation)37
b(of)h(the)f(translation)1596 b(69)p 0 193 3473 4 v 0
515 a(Exercise)36 b(3.7)49 b(AM)29 b Fu(refers)h(to)f(v)-5
b(ariables)28 b(b)m(y)i(their)f Fs(name)36 b Fu(rather)29
b(than)g(b)m(y)i(their)d Fs(addr)-5 b(ess)p Fu(.)0 636
y(The)34 b(abstract)e(mac)m(hine)g Fw(AM)1153 651 y Fn(1)1225
636 y Fu(di\013ers)h(from)e Fw(AM)i Fu(in)e(that)145
805 y Ft(\017)49 b Fu(the)31 b(con\014gurations)g(ha)m(v)m(e)h(the)f
(form)f Ft(h)o Fs(c)6 b Fu(,)31 b Fs(e)7 b Fu(,)32 b
Fs(m)7 b Ft(i)30 b Fu(where)i Fs(c)37 b Fu(and)31 b Fs(e)38
b Fu(are)30 b(as)i(in)e Fw(AM)g Fu(and)244 925 y Fs(m)7
b Fu(,)33 b(the)g Fs(memory)9 b Fu(,)31 b(is)i(a)f(\(\014nite\))g(list)
f(of)h(v)-5 b(alues,)33 b(that)f(is)g Fs(m)40 b Ft(2)33
b Fw(Z)2662 889 y Fc(?)2702 925 y Fu(,)f(and)145 1117
y Ft(\017)49 b Fu(the)38 b(instructions)f Fb(fetch)p
Fu(-)p Fs(x)48 b Fu(and)38 b Fb(store)p Fu(-)p Fs(x)48
b Fu(are)37 b(replaced)h(b)m(y)g(instructions)f Fb(get)p
Fu(-)p Fs(n)244 1237 y Fu(and)c Fb(put)p Fu(-)p Fs(n)38
b Fu(where)c Fs(n)40 b Fu(is)32 b(a)g(natural)g(n)m(um)m(b)s(er)h(\(an)
f(address\).)0 1406 y(Sp)s(ecify)37 b(the)h(op)s(erational)c(seman)m
(tics)j(of)g(the)g(mac)m(hine.)56 b(Y)-8 b(ou)37 b(ma)m(y)g(write)g
Fs(m)7 b Fu([)p Fs(n)g Fu(])37 b(to)g(select)0 1527 y(the)30
b Fo(n)p Fu(th)g(v)-5 b(alue)28 b(in)h(the)h(list)e Fs(m)36
b Fu(\(when)31 b Fs(n)36 b Fu(is)29 b(p)s(ositiv)m(e)g(but)h(less)f
(than)h(or)f(equal)g(to)g(the)h(length)0 1647 y(of)i
Fs(m)7 b Fu(\).)44 b(What)32 b(happ)s(ens)i(if)d(w)m(e)j(reference)g
(an)f(address)h(that)e(is)g(outside)h(the)g(memory?)104
b Fh(2)0 1829 y Fw(Exercise)36 b(3.8)49 b Fu(The)37 b(next)h(step)f(is)
e(to)h(get)h(rid)e(of)h(the)g(op)s(erations)g Fb(branch)p
Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p Ft(\001)g(\001)g(\001)n
Fu(\))36 b(and)0 1950 y Fb(loop)p Fu(\()p Ft(\001)17
b(\001)g(\001)o Fu(,)p Ft(\001)g(\001)g(\001)n Fu(\).)79
b(The)46 b(idea)e(is)g(to)g(in)m(tro)s(duce)g(instructions)h(for)f
Fs(de\014ning)g(lab)-5 b(els)52 b Fu(and)45 b(for)0 2070
y Fs(jumping)32 b(to)i(lab)-5 b(els)p Fu(.)42 b(The)32
b(abstract)f(mac)m(hine)f Fw(AM)1932 2085 y Fn(2)2002
2070 y Fu(di\013ers)h(from)e Fw(AM)2710 2085 y Fn(1)2780
2070 y Fu(\(of)i(Exercise)h(3.7\))0 2190 y(in)g(that)145
2359 y Ft(\017)49 b Fu(the)27 b(con\014gurations)f(ha)m(v)m(e)h(the)g
(form)e Ft(h)p Fs(p)-5 b(c)6 b Fu(,)27 b Fs(c)6 b Fu(,)27
b Fs(e)7 b Fu(,)28 b Fs(m)7 b Ft(i)26 b Fu(where)i Fs(c)6
b Fu(,)27 b Fs(e)34 b Fu(and)26 b Fs(m)33 b Fu(are)27
b(as)f(b)s(efore)244 2480 y(and)i Fs(p)-5 b(c)34 b Fu(is)28
b(the)h(program)e(coun)m(ter)j(\(a)e(natural)f(n)m(um)m(b)s(er\))i(p)s
(oin)m(ting)e(to)h(an)g(instruction)244 2600 y(in)k Fs(c)6
b Fu(,)32 b(and)145 2792 y Ft(\017)49 b Fu(the)38 b(instructions)f
Fb(branch)p Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p
Ft(\001)g(\001)g(\001)o Fu(\))37 b(and)h Fb(loop)p Fu(\()p
Ft(\001)17 b(\001)g(\001)n Fu(,)p Ft(\001)g(\001)g(\001)n
Fu(\))38 b(are)f(replaced)h(b)m(y)h(the)f(in-)244 2912
y(structions)h Fb(label)p Fu(-)p Fs(l)10 b Fu(,)39 b
Fb(jump)p Fu(-)p Fs(l)49 b Fu(and)38 b Fb(jumpf)-9 b(alse)p
Fu(-)p Fs(l)48 b Fu(where)40 b Fs(l)49 b Fu(is)38 b(a)g(lab)s(el)e(\(a)
j(natural)244 3033 y(n)m(um)m(b)s(er\).)0 3201 y(The)31
b(idea)f(is)f(that)h(w)m(e)h(will)d(execute)k(the)f(instruction)e(in)h
Fs(c)35 b Fu(that)30 b Fs(p)-5 b(c)36 b Fu(p)s(oin)m(ts)30
b(to)f(and)i(in)e(most)0 3322 y(cases)41 b(this)e(will)e(cause)j(the)g
(program)e(coun)m(ter)i(to)f(b)s(e)h(incremen)m(ted)g(b)m(y)g(1.)63
b(The)41 b(instruc-)0 3442 y(tion)32 b Fb(label)p Fu(-)p
Fs(l)42 b Fu(has)32 b(no)h(e\013ect)g(except)i(up)s(dating)c(the)i
(program)e(coun)m(ter.)45 b(The)33 b(instruction)0 3563
y Fb(jump)p Fu(-)p Fs(l)53 b Fu(will)41 b(mo)m(v)m(e)j(the)f(program)f
(coun)m(ter)i(to)f(the)h(unique)f(instruction)g Fb(label)p
Fu(-)p Fs(l)52 b Fu(\(if)42 b(it)0 3683 y(exists\).)51
b(The)36 b(instruction)d Fb(jumpf)-9 b(alse)p Fu(-)p
Fs(l)45 b Fu(will)33 b(only)h(mo)m(v)m(e)h(the)g(program)f(coun)m(ter)i
(to)e(the)0 3803 y(instruction)j Fb(label)p Fu(-)p Fs(l)48
b Fu(if)37 b(the)i(v)-5 b(alue)38 b(on)g(top)g(of)g(the)h(stac)m(k)h
(is)e Fw(\013)p Fu(;)j(if)c(it)h(is)g Fw(tt)f Fu(the)i(program)0
3924 y(coun)m(ter)34 b(will)c(b)s(e)j(incremen)m(ted)g(b)m(y)g(1.)146
4044 y(Sp)s(ecify)42 b(an)f(op)s(erational)e(seman)m(tics)i(for)g
Fw(AM)1959 4059 y Fn(2)1999 4044 y Fu(.)69 b(Y)-8 b(ou)42
b(ma)m(y)f(write)g Fs(c)6 b Fu([)p Fs(p)-5 b(c)6 b Fu(])40
b(for)h(the)h(in-)0 4164 y(struction)h(in)g Fs(c)49 b
Fu(p)s(oin)m(ted)43 b(to)g(b)m(y)i Fs(p)-5 b(c)49 b Fu(\(if)42
b Fs(p)-5 b(c)49 b Fu(is)43 b(p)s(ositiv)m(e)f(and)i(less)g(than)f(or)h
(equal)f(to)g(the)0 4285 y(length)32 b(of)g Fs(c)6 b
Fu(\).)43 b(What)33 b(happ)s(ens)g(if)f(the)h(same)f(lab)s(el)f(is)h
(de\014ned)i(more)e(than)h(once?)295 b Fh(2)0 4467 y
Fw(Exercise)36 b(3.9)49 b Fu(Finally)-8 b(,)32 b(w)m(e)j(shall)e
(consider)h(an)h(abstract)f(mac)m(hine)g Fw(AM)2838 4482
y Fn(3)2911 4467 y Fu(where)h(the)g(la-)0 4587 y(b)s(els)f(of)h(the)g
(instructions)f Fb(jump)p Fu(-)p Fs(l)45 b Fu(and)35
b Fb(jumpf)-9 b(alse)p Fu(-)p Fs(l)44 b Fu(of)34 b(Exercise)i(3.8)f
(are)f Fs(absolute)j(ad-)0 4708 y(dr)-5 b(esses)p Fu(;)32
b(so)g Fb(jump)p Fu(-7)g(means)g(jump)g(to)g(the)h(7th)f(instruction)g
(of)g(the)g(co)s(de)h(\(rather)f(than)h(to)0 4828 y(the)26
b(instruction)f Fb(label)p Fu(-7\).)41 b(Sp)s(ecify)26
b(the)g(op)s(erational)e(seman)m(tics)i(of)f(the)i(mac)m(hine.)40
b(What)0 4949 y(happ)s(ens)34 b(if)d(w)m(e)j(jump)e(to)g(an)g
(instruction)g(that)g(is)h(not)f(in)g(the)h(co)s(de?)779
b Fh(2)0 5275 y Fj(3.2)161 b(Sp)t(eci\014cation)53 b(of)h(the)f
(translation)0 5494 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)i(study)h(ho)m(w)
f(to)g(generate)g(co)s(de)g(for)f(the)h(abstract)g(mac)m(hine.)p
eop
%%Page: 70 80
70 79 bop 251 130 a Fw(70)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
515 a Fp(Expressions)283 700 y Fu(Arithmetic)g(and)h(b)s(o)s(olean)f
(expressions)j(will)c(b)s(e)i(ev)-5 b(aluated)38 b(on)g(the)h(ev)-5
b(aluation)36 b(stac)m(k)j(of)283 820 y(the)d(mac)m(hine)e(and)g(the)i
(co)s(de)e(to)h(b)s(e)g(generated)g(m)m(ust)g(e\013ect)g(this.)50
b(This)35 b(is)f(accomplished)283 941 y(b)m(y)g(the)f(\(total\))e
(functions)527 1124 y Ft(C)6 b(A)p Fu(:)44 b Fw(Aexp)32
b Ft(!)g Fw(Co)s(de)283 1308 y Fu(and)527 1491 y Ft(C)6
b(B)t Fu(:)44 b Fw(Bexp)32 b Ft(!)g Fw(Co)s(de)283 1674
y Fu(sp)s(eci\014ed)27 b(in)f(T)-8 b(able)26 b(3.2.)41
b(Note)26 b(that)g(the)g(co)s(de)h(generated)g(for)e(binary)h
(expressions)i(consists)p 283 1800 V 283 3694 4 1894
v 715 1909 a Ft(C)6 b(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17
b(])361 b(=)100 b Fb(push)p Fu(-)p Fs(n)715 2077 y Ft(C)6
b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])366 b(=)100
b Fb(fetch)p Fu(-)p Fs(x)715 2245 y Ft(C)6 b(A)p Fu([)-17
b([)q Fs(a)948 2260 y Fn(1)987 2245 y Fu(+)p Fs(a)1120
2260 y Fn(2)1160 2245 y Fu(])g(])154 b(=)100 b Ft(C)6
b(A)p Fu([)-17 b([)p Fs(a)1759 2260 y Fn(2)1799 2245
y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)2096 2260
y Fn(1)2136 2245 y Fu(])g(]:)p Fb(add)715 2412 y Ft(C)6
b(A)p Fu([)-17 b([)q Fs(a)948 2427 y Fn(1)1020 2412 y
Fo(?)32 b Fs(a)1158 2427 y Fn(2)1198 2412 y Fu(])-17
b(])116 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)1759
2427 y Fn(2)1799 2412 y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17
b([)q Fs(a)2096 2427 y Fn(1)2136 2412 y Fu(])g(]:)p Fb(mul)-7
b(t)715 2580 y Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)948 2595
y Fn(1)987 2580 y Ft(\000)p Fs(a)1121 2595 y Fn(2)1162
2580 y Fu(])g(])152 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p
Fs(a)1759 2595 y Fn(2)1799 2580 y Fu(])g(]:)p Ft(C)6
b(A)p Fu([)-17 b([)q Fs(a)2096 2595 y Fn(1)2136 2580
y Fu(])g(]:)p Fb(sub)715 2795 y Ft(C)6 b(B)t Fu([)-17
b([)q Fr(true)p Fu(])g(])230 b(=)100 b Fb(tr)n(ue)715
2962 y Ft(C)6 b(B)t Fu([)-17 b([)q Fr(false)p Fu(])g(])179
b(=)100 b Fb(f)-9 b(alse)715 3130 y Ft(C)6 b(B)t Fu([)-17
b([)q Fs(a)937 3145 y Fn(1)1009 3130 y Fu(=)32 b Fs(a)1174
3145 y Fn(2)1214 3130 y Fu(])-17 b(])100 b(=)g Ft(C)6
b(A)p Fu([)-17 b([)p Fs(a)1759 3145 y Fn(2)1799 3130
y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)2096 3145
y Fn(1)2136 3130 y Fu(])g(]:)p Fb(eq)715 3298 y Ft(C)6
b(B)t Fu([)-17 b([)q Fs(a)937 3313 y Fn(1)976 3298 y
Ft(\024)q Fs(a)1111 3313 y Fn(2)1151 3298 y Fu(])g(])163
b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)1759 3313
y Fn(2)1799 3298 y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17
b([)q Fs(a)2096 3313 y Fn(1)2136 3298 y Fu(])g(]:)p Fb(le)715
3465 y Ft(C)6 b(B)t Fu([)-17 b([)q Ft(:)p Fs(b)6 b Fu(])-17
b(])317 b(=)100 b Ft(C)6 b(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])q(:)p Fb(neg)715 3633 y Ft(C)6 b(B)t Fu([)-17
b([)q Fs(b)931 3648 y Fn(1)970 3633 y Ft(^)p Fs(b)1087
3648 y Fn(2)1127 3633 y Fu(])g(])187 b(=)100 b Ft(C)6
b(B)s Fu([)-17 b([)q Fs(b)1742 3648 y Fn(2)1781 3633
y Fu(])g(])q(:)p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)2061
3648 y Fn(1)2101 3633 y Fu(])g(]:)p Fb(and)p 3753 3694
V 283 3697 3473 4 v 1235 3858 a Fu(T)-8 b(able)33 b(3.2:)43
b(T)-8 b(ranslation)31 b(of)h(expressions)283 4081 y(of)45
b(the)f(co)s(de)h(for)f(the)h Fs(right)54 b Fu(argumen)m(t)44
b(follo)m(w)m(ed)g(b)m(y)h(that)g(for)f(the)h Fs(left)54
b Fu(argumen)m(t)44 b(and)283 4201 y(\014nally)j(the)h(appropriate)f
(instruction)f(for)h(the)h(op)s(erator.)88 b(In)48 b(this)g(w)m(a)m(y)g
(it)f(is)g(ensured)283 4322 y(that)39 b(the)h(argumen)m(ts)f(app)s(ear)
g(on)g(the)g(ev)-5 b(aluation)38 b(stac)m(k)i(in)e(the)i(order)f
(required)g(b)m(y)h(the)283 4442 y(instructions)33 b(\(in)e(T)-8
b(able)33 b(3.1\).)43 b(Note)32 b(that)h Ft(C)6 b(A)32
b Fu(and)h Ft(C)6 b(B)36 b Fu(are)d(de\014ned)h(comp)s(ositionally)-8
b(.)283 4644 y Fw(Example)37 b(3.10)49 b Fu(F)-8 b(or)38
b(the)i(arithmetic)d(expression)j Fr(x)p Fu(+)p Fr(1)g
Fu(w)m(e)g(calculate)e(the)i(co)s(de)f(as)h(fol-)283
4764 y(lo)m(ws:)552 4932 y Ft(C)6 b(A)p Fu([)-17 b([)q
Fr(x)p Fu(+)p Fr(1)p Fu(])g(])33 b(=)g Ft(C)6 b(A)o Fu([)-17
b([)q Fr(1)p Fu(])g(])q(:)p Ft(C)6 b(A)p Fu([)-17 b([)p
Fr(x)p Fu(])g(])q(:)p Fb(add)33 b Fu(=)g Fb(push)p Fu(-)p
Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p Fs(x)12 b Fu(:)p Fb(add)762
b Fh(2)283 5133 y Fw(Exercise)37 b(3.11)49 b Fu(It)26
b(is)g(clear)f(that)h Ft(A)p Fu([)-17 b([\()p Fs(a)1809
5148 y Fn(1)1849 5133 y Fu(+)p Fs(a)1982 5148 y Fn(2)2022
5133 y Fu(\)+)p Fs(a)2193 5148 y Fn(3)2232 5133 y Fu(])g(])27
b(equals)f Ft(A)p Fu([)-17 b([)p Fs(a)2759 5148 y Fn(1)2799
5133 y Fu(+\()p Fs(a)2970 5148 y Fn(2)3010 5133 y Fu(+)p
Fs(a)3143 5148 y Fn(3)3182 5133 y Fu(\)])g(])q(.)41 b(Sho)m(w)27
b(that)283 5254 y(it)43 b(is)g Fs(not)53 b Fu(the)45
b(case)f(that)g Ft(C)6 b(A)o Fu([)-17 b([)q(\()p Fs(a)1581
5269 y Fn(1)1621 5254 y Fu(+)p Fs(a)1754 5269 y Fn(2)1793
5254 y Fu(\)+)p Fs(a)1964 5269 y Fn(3)2004 5254 y Fu(])g(])44
b(equals)g Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)2624 5269
y Fn(1)2664 5254 y Fu(+\()p Fs(a)2835 5269 y Fn(2)2875
5254 y Fu(+)p Fs(a)3008 5269 y Fn(3)3047 5254 y Fu(\)])g(])q(.)76
b(Nonetheless,)283 5374 y(sho)m(w)31 b(that)e Ft(C)6
b(A)o Fu([)-17 b([)q(\()p Fs(a)1000 5389 y Fn(1)1040
5374 y Fu(+)p Fs(a)1173 5389 y Fn(2)1212 5374 y Fu(\)+)p
Fs(a)1383 5389 y Fn(3)1423 5374 y Fu(])g(])29 b(and)h
Ft(C)6 b(A)o Fu([)-17 b([)q Fs(a)1908 5389 y Fn(1)1948
5374 y Fu(+\()p Fs(a)2119 5389 y Fn(2)2158 5374 y Fu(+)p
Fs(a)2291 5389 y Fn(3)2331 5374 y Fu(\)])g(])29 b(do)g(in)g(fact)g
Fs(b)-5 b(ehave)35 b Fu(similar)26 b(to)j(one)283 5494
y(another.)3046 b Fh(2)p eop
%%Page: 71 81
71 80 bop 0 130 a Fw(3.2)112 b(Sp)s(eci\014cation)37
b(of)h(the)f(translation)1596 b(71)p 0 193 3473 4 v 0
515 a Fp(Statemen)l(ts)0 700 y Fu(The)38 b(translation)e(of)h(statemen)
m(ts)h(in)m(to)f(abstract)h(mac)m(hine)f(co)s(de)g(is)g(giv)m(en)h(b)m
(y)g(the)g(\(total\))0 820 y(function)244 1012 y Ft(C)6
b(S)i Fu(:)43 b Fw(Stm)32 b Ft(!)g Fw(Co)s(de)0 1204
y Fu(sp)s(eci\014ed)i(in)e(T)-8 b(able)33 b(3.3.)44 b(The)34
b(co)s(de)g(generated)g(for)e(an)h(arithmetic)e(expression)j
Fs(a)40 b Fu(ensures)p 0 1336 V 0 2176 4 841 v 432 1445
a Ft(C)6 b(S)i Fu([)-17 b([)q Fs(x)44 b Fu(:=)32 b Fs(a)7
b Fu(])-17 b(])757 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p
Fs(a)7 b Fu(])-17 b(])q(:)p Fb(store)p Fu(-)p Fs(x)432
1612 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(skip)p Fu(])g(])834
b(=)100 b Fb(noop)432 1780 y Ft(C)6 b(S)i Fu([)-17 b([)q
Fs(S)663 1795 y Fn(1)702 1780 y Fu(;)p Fs(S)796 1795
y Fn(2)835 1780 y Fu(])g(])799 b(=)100 b Ft(C)6 b(S)i
Fu([)-17 b([)q Fs(S)2078 1795 y Fn(1)2117 1780 y Fu(])g(]:)p
Ft(C)6 b(S)j Fu([)-17 b([)p Fs(S)2412 1795 y Fn(2)2452
1780 y Fu(])g(])432 1948 y Ft(C)6 b(S)i Fu([)-17 b([)q
Fr(if)33 b Fs(b)38 b Fr(then)c Fs(S)1119 1963 y Fn(1)1190
1948 y Fr(else)g Fs(S)1495 1963 y Fn(2)1534 1948 y Fu(])-17
b(])100 b(=)g Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)p
Fs(S)2755 1963 y Fn(1)2795 1948 y Fu(])g(],)p Ft(C)6
b(S)j Fu([)-17 b([)p Fs(S)3090 1963 y Fn(2)3129 1948
y Fu(])g(])q(\))432 2115 y Ft(C)6 b(S)i Fu([)-17 b([)q
Fr(while)33 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
b(])464 b(=)100 b Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)p Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]\))p 3469 2176 V 0 2179 3473
4 v 742 2340 a(T)-8 b(able)32 b(3.3:)43 b(T)-8 b(ranslation)31
b(of)h(statemen)m(ts)i(in)d Fw(While)0 2550 y Fu(that)45
b(the)h(v)-5 b(alue)45 b(of)g(the)h(expression)h(is)e(on)g(top)h(of)f
(the)g(ev)-5 b(aluation)44 b(stac)m(k)j(when)g(it)d(has)0
2670 y(b)s(een)e(computed.)70 b(So)41 b(in)f(the)i(co)s(de)f(for)g
Fs(x)53 b Fu(:=)41 b Fs(a)49 b Fu(it)40 b(su\016ces)j(to)e(app)s(end)h
(the)f(co)s(de)h(for)f Fs(a)0 2790 y Fu(with)g(the)g(instruction)f
Fb(store)p Fu(-)p Fs(x)12 b Fu(.)67 b(This)41 b(instruction)f(assigns)h
Fs(x)53 b Fu(the)41 b(appropriate)f(v)-5 b(alue)0 2911
y(and)36 b(additionally)d(p)s(ops)j(the)h(stac)m(k.)55
b(F)-8 b(or)36 b(the)g Fr(skip)p Fu(-statemen)m(t)h(w)m(e)g(generate)g
(the)g Fb(noop)p Fu(-)0 3031 y(instruction.)42 b(F)-8
b(or)30 b(sequencing)j(of)d(statemen)m(ts)i(w)m(e)h(just)e(concatenate)
h(the)g(t)m(w)m(o)f(instruction)0 3152 y(sequences.)73
b(When)42 b(generating)f(co)s(de)h(for)f(the)h(conditional,)f(the)g(co)
s(de)h(for)f(the)h(b)s(o)s(olean)0 3272 y(expression)d(will)c(ensure)k
(that)f(a)f(truth)h(v)-5 b(alue)37 b(will)e(b)s(e)j(placed)f(on)h(top)f
(of)g(the)h(ev)-5 b(aluation)0 3392 y(stac)m(k)48 b(and)g(the)f
Fb(branch)p Fu(-instruction)f(will)f(then)i(insp)s(ect)h(\(and)f(p)s
(op\))g(that)g(v)-5 b(alue)46 b(and)0 3513 y(select)28
b(the)g(appropriate)e(piece)i(of)f(co)s(de.)42 b(Finally)-8
b(,)26 b(the)h(co)s(de)h(for)f(the)h Fr(while)p Fu(-construct)h(uses)0
3633 y(the)38 b Fb(loop)p Fu(-instruction.)56 b(Again)35
b(w)m(e)k(ma)m(y)d(note)i(that)f Ft(C)6 b(S)45 b Fu(is)36
b(de\014ned)j(in)d(a)h(comp)s(ositional)0 3754 y(manner.)0
3966 y Fw(Example)g(3.12)49 b Fu(The)33 b(co)s(de)f(generated)h(for)f
(the)g(factorial)e(statemen)m(t)j(considered)g(earlier)0
4087 y(is)f(as)h(follo)m(ws:)244 4279 y Ft(C)6 b(S)i
Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(1)p Fu(;)33 b Fr(while)g
Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])370 4446 y(=)32
b Ft(C)6 b(S)i Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(1)p Fu(])g(])q(:)p
Ft(C)6 b(S)i Fu([)-17 b([)q Fr(while)34 b Ft(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])370 4614 y(=)32 b Ft(C)6 b(A)p
Fu([)-17 b([)q(1])g(]:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p
Fb(loop)p Fu(\()p Ft(C)6 b(B)s Fu([)-17 b([)q Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)p Ft(C)6
b(S)j Fu([)-17 b([)p Fr(y)p Fu(:=)p Fr(y)33 b Fo(?)f
Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
Fu(])-17 b(])r(\))370 4782 y(=)32 b Fb(push)p Fu(-)p
Fr(1)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p Fb(loop)p
Fu(\()p Ft(C)6 b(B)s Fu([)-17 b([)p Fr(x)p Fu(=)p Fr(1)p
Fu(])g(])q(:)p Fb(neg)p Fu(,)p Ft(C)6 b(S)i Fu([)-17
b([)q Fr(y)p Fu(:=)p Fr(y)33 b Fo(?)f Fr(x)p Fu(])-17
b(])q(:)p Ft(C)6 b(S)i Fu([)-17 b([)q Fr(x)p Fu(:=)p
Fr(x)p Ft(\000)p Fr(1)p Fu(])g(])r(\))370 4925 y(.)370
4958 y(.)370 4991 y(.)370 5159 y(=)32 b Fb(push)p Fu(-)p
Fr(1)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p Fb(loop)p
Fu(\()p Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p
Fr(x)p Fu(:)p Fb(eq)p Fu(:)p Fb(neg)p Fu(,)1478 5326
y Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(fetch)p Fu(-)p Fr(y)p
Fu(:)p Fb(mul)-7 b(t)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p
Fu(:)1654 5494 y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p
Fu(-)p Fr(x)p Fu(:)p Fb(sub)p Fu(:)p Fb(store)p Fu(-)p
Fr(x)p Fu(\))412 b Fh(2)p eop
%%Page: 72 82
72 81 bop 251 130 a Fw(72)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
515 a(Exercise)g(3.13)49 b Fu(Use)33 b Ft(C)6 b(S)41
b Fu(to)32 b(generate)h(co)s(de)g(for)f(the)h(statemen)m(t)527
727 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
Fr(x)f(do)g Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))283
939 y(T)-8 b(race)41 b(the)e(computation)f(of)h(the)h(co)s(de)g
(starting)e(from)g(a)h(storage)h(where)g Fr(x)g Fu(is)f
Fw(17)g Fu(and)h Fr(y)283 1059 y Fu(is)33 b Fw(5)p Fu(.)3216
b Fh(2)283 1300 y Fw(Exercise)37 b(3.14)49 b Fu(Extend)34
b Fw(While)e Fu(with)h(the)h(construct)g Fr(repeat)h
Fs(S)45 b Fr(until)34 b Fs(b)39 b Fu(and)33 b(sp)s(ecify)283
1420 y(ho)m(w)h(to)e(generate)h(co)s(de)f(for)g(it.)43
b(Note)32 b(that)g(the)h(de\014nition)e(has)i(to)f(b)s(e)h(comp)s
(ositional)c(and)283 1540 y(that)k(it)e(is)h Fs(not)42
b Fu(necessary)35 b(to)e(extend)h(the)f(instruction)e(set)j(of)e(the)h
(abstract)g(mac)m(hine.)93 b Fh(2)283 1780 y Fw(Exercise)37
b(3.15)49 b Fu(Extend)42 b Fw(While)c Fu(with)j(the)f(construct)i
Fr(for)f Fs(x)52 b Fu(:=)41 b Fs(a)2989 1795 y Fn(1)3069
1780 y Fr(to)g Fs(a)3269 1795 y Fn(2)3349 1780 y Fr(do)g
Fs(S)52 b Fu(and)283 1901 y(sp)s(ecify)38 b(ho)m(w)h(to)e(generate)h
(co)s(de)g(for)f(it.)57 b(As)38 b(in)f(Exercise)i(3.14)e(the)h
(de\014nition)f(has)g(to)h(b)s(e)283 2021 y(comp)s(ositional)26
b(but)j(y)m(ou)g(ma)m(y)g(ha)m(v)m(e)h(to)f(in)m(tro)s(duce)f(an)h
(instruction)f Fb(copy)h Fu(that)f(duplicates)283 2142
y(the)33 b(elemen)m(t)g(on)f(top)h(of)f(the)h(ev)-5 b(aluation)31
b(stac)m(k.)1569 b Fh(2)283 2441 y Fp(The)45 b(seman)l(tic)h(function)f
FC(S)1723 2459 y Fk(am)283 2629 y Fu(The)e(meaning)d(of)i(a)f(statemen)
m(t)h Fs(S)54 b Fu(can)42 b(no)m(w)g(b)s(e)g(obtained)f(b)m(y)i
(\014rst)f(translating)e(it)h(in)m(to)283 2749 y(co)s(de)33
b(for)f Fw(AM)g Fu(and)h(next)g(executing)g(the)g(co)s(de)f(on)h(the)f
(abstract)h(mac)m(hine.)43 b(The)33 b(e\013ect)g(of)283
2870 y(this)g(is)f(expressed)j(b)m(y)f(the)f(function)527
3082 y Ft(S)595 3097 y Fn(am)693 3082 y Fu(:)44 b Fw(Stm)32
b Ft(!)g Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(\))283 3294 y(de\014ned)h(b)m(y)527 3505 y Ft(S)595
3520 y Fn(am)693 3505 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])33 b(=)f(\()p Ft(M)g(\016)h(C)6 b(S)i Fu(\)[)-17
b([)p Fs(S)12 b Fu(])-17 b(])283 3747 y Fw(Exercise)37
b(3.16)49 b Fu(Mo)s(dify)27 b(the)h(co)s(de)g(generation)f(so)h(as)g
(to)f(translate)g Fw(While)f Fu(in)m(to)h(co)s(de)h(for)283
3868 y(the)40 b(abstract)f(mac)m(hine)g Fw(AM)1424 3883
y Fn(1)1502 3868 y Fu(of)g(Exercise)h(3.7.)63 b(Y)-8
b(ou)39 b(ma)m(y)g(assume)g(the)h(existence)h(of)d(a)283
3988 y(function)527 4200 y Fs(env)11 b Fu(:)43 b Fw(V)-9
b(ar)32 b Ft(!)g Fw(N)283 4412 y Fu(that)f(maps)g(v)-5
b(ariables)30 b(to)g(their)h(addresses.)45 b(Apply)31
b(the)h(co)s(de)f(generation)f(function)h(to)f(the)283
4532 y(factorial)e(statemen)m(t)j(of)e(Exercise)j(1.1)e(and)g(execute)i
(the)f(co)s(de)f(so)g(obtained)g(starting)f(from)283
4652 y(a)k(memory)e(where)j Fr(x)f Fu(is)f Fw(3)p Fu(.)2393
b Fh(2)283 4893 y Fw(Exercise)37 b(3.17)49 b Fu(Mo)s(dify)27
b(the)h(co)s(de)g(generation)f(so)h(as)g(to)f(translate)g
Fw(While)f Fu(in)m(to)h(co)s(de)h(for)283 5013 y(the)36
b(abstract)f(mac)m(hine)f Fw(AM)1411 5028 y Fn(2)1486
5013 y Fu(of)g(Exercise)i(3.8.)50 b(Be)35 b(careful)g(to)f(generate)i
(unique)f(lab)s(els,)283 5133 y(for)e(example)f(b)m(y)i(ha)m(ving)f
(\\the)g(next)h(un)m(used)h(lab)s(el")c(as)i(an)g(additional)d
(parameter)j(to)f(the)283 5254 y(co)s(de)44 b(generation)f(functions.)
76 b(Apply)44 b(the)g(co)s(de)g(generation)e(function)h(to)g(the)h
(factorial)283 5374 y(statemen)m(t)34 b(and)f(execute)i(the)f(co)s(de)g
(so)f(obtained)g(starting)f(from)g(a)g(memory)h(where)h
Fr(x)f Fu(has)283 5494 y(the)g(v)-5 b(alue)32 b Fw(3)p
Fu(.)2895 b Fh(2)p eop
%%Page: 73 83
73 82 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(73)p
0 193 3473 4 v 0 515 a Fj(3.3)161 b(Correctness)0 734
y Fu(The)33 b(correctness)g(of)f(the)g(implemen)m(tation)c(amoun)m(ts)k
(to)f(sho)m(wing)h(that,)g(if)f(w)m(e)h(\014rst)h(trans-)0
855 y(late)42 b(a)i(statemen)m(t)f(in)m(to)g(co)s(de)h(for)e
Fw(AM)i Fu(and)f(then)h(execute)h(that)e(co)s(de,)k(then)d(w)m(e)g(m)m
(ust)0 975 y(obtain)31 b(the)i(same)g(result)f(as)h(sp)s(eci\014ed)h(b)
m(y)f(the)g(op)s(erational)d(seman)m(tics)j(of)f Fw(While)p
Fu(.)0 1263 y Fp(Expressions)0 1447 y Fu(The)40 b(correctness)i(of)d
(the)g(implemen)m(tation)d(of)j(arithmetic)e(expressions)42
b(is)c(expressed)k(b)m(y)0 1568 y(the)33 b(follo)m(wing)d(lemma:)p
0 1688 3473 5 v 0 1854 a Fw(Lemma)37 b(3.18)49 b Fu(F)-8
b(or)32 b(all)e(arithmetic)h(expressions)j Fs(a)40 b
Fu(w)m(e)34 b(ha)m(v)m(e)244 2049 y Ft(hC)6 b(A)o Fu([)-17
b([)q Fs(a)7 b Fu(])-17 b(])q(,)32 b Fo(")p Fu(,)h Fs(s)8
b Ft(i)32 b Fh(\003)915 2013 y Fi(\003)987 2049 y Ft(h)o
Fo(")p Fu(,)h Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q Fs(s)8 b Fu(,)32 b Fs(s)8 b Ft(i)0 2244 y Fu(F)-8
b(urthermore,)51 b(all)45 b(in)m(termediate)h(con\014gurations)h(of)g
(this)h(computation)e(sequence)k(will)0 2365 y(ha)m(v)m(e)34
b(a)e(non-empt)m(y)h(ev)-5 b(aluation)31 b(stac)m(k.)p
0 2485 V 0 2680 a Fw(Pro)s(of:)40 b Fu(The)d(pro)s(of)d(is)h(b)m(y)h
(structural)g(induction)e(on)h Fs(a)7 b Fu(.)52 b(Belo)m(w)36
b(w)m(e)g(shall)e(giv)m(e)h(the)h(pro)s(of)0 2800 y(for)c(three)h
(illustrativ)m(e)e(cases,)j(lea)m(ving)d(the)i(remaining)d(ones)k(as)f
(an)f(exercise.)0 2968 y Fw(The)h(case)g Fs(n)7 b Fu(:)44
b(W)-8 b(e)33 b(ha)m(v)m(e)h Ft(C)6 b(A)o Fu([)-17 b([)q
Fs(n)7 b Fu(])-17 b(])33 b(=)g Fb(push)p Fu(-)p Fs(n)38
b Fu(and)33 b(from)e(T)-8 b(able)33 b(3.1)f(w)m(e)h(get)244
3163 y Ft(h)p Fb(push)p Fu(-)p Fs(n)7 b Fu(,)31 b Fo(")p
Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)h Ft(h)p Fo(")o Fu(,)g
Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q(,)32
b Fs(s)8 b Ft(i)0 3358 y Fu(Since)33 b Ft(A)o Fu([)-17
b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Ft(N)14
b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(\(see)h(T)-8
b(able)32 b(1.1\))g(w)m(e)i(ha)m(v)m(e)g(completed)e(the)h(pro)s(of)e
(in)h(this)g(case.)0 3526 y Fw(The)h(case)g Fs(x)12 b
Fu(:)43 b(W)-8 b(e)33 b(ha)m(v)m(e)h Ft(C)6 b(A)p Fu([)-17
b([)q Fs(x)12 b Fu(])-17 b(])32 b(=)h Fb(fetch)p Fu(-)p
Fs(x)44 b Fu(and)32 b(from)g(T)-8 b(able)32 b(3.1)g(w)m(e)i(get)244
3721 y Ft(h)p Fb(fetch)p Fu(-)p Fs(x)12 b Fu(,)31 b Fo(")p
Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)h Ft(h)p Fo(")o Fu(,)g(\()p
Fs(s)41 b(x)12 b Fu(\),)32 b Fs(s)8 b Ft(i)0 3916 y Fu(Since)33
b Ft(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fs(s)41 b(x)j Fu(this)32 b(is)g(the)h(required)h(result.)0
4083 y Fw(The)44 b(case)g Fs(a)535 4098 y Fn(1)574 4083
y Fu(+)p Fs(a)707 4098 y Fn(2)747 4083 y Fu(:)65 b(W)-8
b(e)44 b(ha)m(v)m(e)g Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)1486
4098 y Fn(1)1525 4083 y Fu(+)p Fs(a)1658 4098 y Fn(2)1698
4083 y Fu(])g(])44 b(=)f Ft(C)6 b(A)p Fu([)-17 b([)q
Fs(a)2131 4098 y Fn(2)2170 4083 y Fu(])g(])q(:)p Ft(C)6
b(A)p Fu([)-17 b([)p Fs(a)2467 4098 y Fn(1)2507 4083
y Fu(])g(])q(:)p Fb(add)p Fu(.)76 b(The)44 b(induction)0
4204 y(h)m(yp)s(othesis)34 b(applied)d(to)h Fs(a)998
4219 y Fn(1)1071 4204 y Fu(and)g Fs(a)1317 4219 y Fn(2)1389
4204 y Fu(giv)m(es)h(that)244 4399 y Ft(hC)6 b(A)o Fu([)-17
b([)q Fs(a)515 4414 y Fn(1)555 4399 y Fu(])g(],)33 b
Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)954 4363 y Fi(\003)1026
4399 y Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 b([)p Fs(a)1344
4414 y Fn(1)1384 4399 y Fu(])g(])p Fs(s)8 b Fu(,)33 b
Fs(s)8 b Ft(i)0 4594 y Fu(and)244 4789 y Ft(hC)e(A)o
Fu([)-17 b([)q Fs(a)515 4804 y Fn(2)555 4789 y Fu(])g(],)33
b Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)954 4753 y
Fi(\003)1026 4789 y Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17
b([)p Fs(a)1344 4804 y Fn(2)1384 4789 y Fu(])g(])p Fs(s)8
b Fu(,)33 b Fs(s)8 b Ft(i)0 4984 y Fu(In)46 b(b)s(oth)f(cases)i(all)d
(in)m(termediate)g(con\014gurations)h(will)e(ha)m(v)m(e)k(a)e(non-empt)
m(y)h(ev)-5 b(aluation)0 5104 y(stac)m(k.)45 b(Using)32
b(Exercise)i(3.4)e(w)m(e)i(get)e(that)244 5299 y Ft(hC)6
b(A)o Fu([)-17 b([)q Fs(a)515 5314 y Fn(2)555 5299 y
Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)852 5314
y Fn(1)892 5299 y Fu(])g(]:)p Fb(add)p Fu(,)33 b Fo(")p
Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1503 5263 y Fi(\003)1575
5299 y Ft(hC)6 b(A)p Fu([)-17 b([)q Fs(a)1847 5314 y
Fn(1)1886 5299 y Fu(])g(])q(:)p Fb(add)p Fu(,)33 b Ft(A)p
Fu([)-17 b([)p Fs(a)2370 5314 y Fn(2)2410 5299 y Fu(])g(])p
Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)0 5494 y Fu(Applying)32
b(the)h(exercise)h(once)f(more)f(w)m(e)h(get)g(that)p
eop
%%Page: 74 84
74 83 bop 251 130 a Fw(74)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
515 a Ft(hC)6 b(A)p Fu([)-17 b([)p Fs(a)798 530 y Fn(1)838
515 y Fu(])g(])q(:)p Fb(add)p Fu(,)33 b Ft(A)p Fu([)-17
b([)p Fs(a)1322 530 y Fn(2)1362 515 y Fu(])g(])p Fs(s)8
b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1704 479 y Fi(\003)1776
515 y Ft(h)p Fb(add)p Fu(,)h(\()p Ft(A)o Fu([)-17 b([)q
Fs(a)2272 530 y Fn(1)2312 515 y Fu(])g(])p Fs(s)8 b Fu(\):\()p
Ft(A)p Fu([)-17 b([)p Fs(a)2674 530 y Fn(2)2714 515 y
Fu(])g(])q Fs(s)8 b Fu(\),)32 b Fs(s)8 b Ft(i)283 709
y Fu(Using)33 b(the)g(transition)e(relation)f(for)i Fb(add)h
Fu(giv)m(en)g(in)f(T)-8 b(able)32 b(3.1)g(w)m(e)i(get)527
903 y Ft(h)p Fb(add)p Fu(,)f(\()p Ft(A)p Fu([)-17 b([)p
Fs(a)1023 918 y Fn(1)1063 903 y Fu(])g(])q Fs(s)8 b Fu(\):\()p
Ft(A)o Fu([)-17 b([)q Fs(a)1426 918 y Fn(2)1465 903 y
Fu(])g(])q Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)32 b Fh(\003)h
Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 b([)p Fs(a)2196
918 y Fn(1)2236 903 y Fu(])g(])p Fs(s)8 b Fu(+)p Ft(A)p
Fu([)-17 b([)q Fs(a)2572 918 y Fn(2)2611 903 y Fu(])g(])q
Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)283 1097 y Fu(It)25
b(is)e(easy)j(to)e(c)m(hec)m(k)i(that)e(all)e(in)m(termediate)h
(con\014gurations)h(ha)m(v)m(e)h(a)f(non-empt)m(y)h(ev)-5
b(aluation)283 1217 y(stac)m(k.)45 b(Since)33 b Ft(A)o
Fu([)-17 b([)q Fs(a)1000 1232 y Fn(1)1040 1217 y Fu(+)p
Fs(a)1173 1232 y Fn(2)1212 1217 y Fu(])g(])q Fs(s)41
b Fu(=)32 b Ft(A)o Fu([)-17 b([)q Fs(a)1613 1232 y Fn(1)1653
1217 y Fu(])g(])p Fs(s)41 b Fu(+)32 b Ft(A)p Fu([)-17
b([)p Fs(a)2053 1232 y Fn(2)2093 1217 y Fu(])g(])q Fs(s)40
b Fu(w)m(e)34 b(ha)m(v)m(e)g(the)f(desired)g(result.)336
b Fh(2)430 1421 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(a)e(similar)d(result)k
(for)f(b)s(o)s(olean)f(expressions:)283 1636 y Fw(Exercise)37
b(3.19)49 b(\(Essen)m(tial\))30 b Fu(Sho)m(w)k(that)e(for)g(all)e(b)s
(o)s(olean)h(expressions)k Fs(b)j Fu(w)m(e)c(ha)m(v)m(e)527
1830 y Ft(hC)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1181
1794 y Fi(\003)1253 1830 y Ft(h)o Fo(")p Fu(,)h Ft(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)8 b Fu(,)33
b Fs(s)8 b Ft(i)283 2024 y Fu(F)-8 b(urthermore,)48 b(sho)m(w)d(that)g
(all)d(in)m(termediate)i(con\014gurations)g(of)g(this)g(computation)g
(se-)283 2144 y(quence)35 b(will)30 b(ha)m(v)m(e)k(a)e(non-empt)m(y)h
(ev)-5 b(aluation)31 b(stac)m(k.)1385 b Fh(2)283 2432
y Fp(Statemen)l(ts)283 2616 y Fu(When)42 b(form)m(ulating)c(the)j
(correctness)h(of)e(the)h(result)g(for)f(statemen)m(ts)i(w)m(e)f(ha)m
(v)m(e)h(a)e(c)m(hoice)283 2737 y(b)s(et)m(w)m(een)35
b(using)429 2931 y Ft(\017)48 b Fu(the)33 b(natural)f(seman)m(tics,)h
(or)429 3131 y Ft(\017)48 b Fu(the)33 b(structural)g(op)s(erational)d
(seman)m(tics.)283 3325 y(Here)e(w)m(e)g(shall)d(use)j(the)f(natural)f
(seman)m(tics)h(but)g(in)f(the)i(next)f(section)g(w)m(e)h(sk)m(etc)m(h)
h(the)f(pro)s(of)283 3445 y(in)k(the)h(case)h(where)g(the)f(structural)
f(op)s(erational)e(seman)m(tics)j(is)f(used.)430 3565
y(The)k(correctness)i(of)d(the)h(translation)d(of)i(statemen)m(ts)i(is)
e(expressed)j(b)m(y)f(the)f(follo)m(wing)283 3686 y(theorem:)p
283 3806 3473 5 v 283 3971 a Fw(Theorem)i(3.20)49 b Fu(F)-8
b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44 b Fu(of)32
b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2863 3986 y
Fn(ns)2934 3971 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33
b(=)g Ft(S)3284 3986 y Fn(am)3383 3971 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])q(.)p 283 4091 V 430 4285 a(This)28
b(theorem)g(relates)g(the)h(b)s(eha)m(viour)f(of)g(a)g(statemen)m(t)h
(under)g(the)g(natural)e(seman)m(tics)283 4406 y(with)47
b(the)g(b)s(eha)m(viour)f(of)g(the)h(co)s(de)g(on)g(the)g(abstract)g
(mac)m(hine)f(under)h(its)f(op)s(erational)283 4526 y(seman)m(tics.)e
(In)33 b(analogy)e(with)i(Theorem)g(2.26)e(it)h(expresses)k(t)m(w)m(o)d
(prop)s(erties:)429 4720 y Ft(\017)48 b Fu(If)27 b(the)g(execution)g
(of)f Fs(S)38 b Fu(from)26 b(some)g(state)h(terminates)f(in)g(one)g(of)
h(the)f(seman)m(tics)h(then)527 4840 y(it)32 b(also)g(terminates)f(in)h
(the)h(other)g(and)g(the)g(resulting)e(states)j(will)c(b)s(e)j(equal.)
429 5040 y Ft(\017)48 b Fu(F)-8 b(urthermore,)39 b(if)e(the)i
(execution)g(of)f Fs(S)50 b Fu(from)37 b(some)h(state)g(lo)s(ops)f(in)h
(one)g(of)g(the)h(se-)527 5161 y(man)m(tics)32 b(then)h(it)f(will)e
(also)i(lo)s(op)f(in)h(the)h(other.)283 5355 y(The)d(theorem)e(is)f
(pro)m(v)m(ed)j(in)e(t)m(w)m(o)h(stages)f(as)h(expressed)i(b)m(y)e
(Lemmas)e(3.21)h(and)g(3.22)g(b)s(elo)m(w.)283 5475 y(W)-8
b(e)33 b(shall)f(\014rst)h(pro)m(v)m(e:)p eop
%%Page: 75 85
75 84 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(75)p
0 193 3473 4 v 0 515 3473 5 v 0 683 a(Lemma)37 b(3.21)49
b Fu(F)-8 b(or)31 b(ev)m(ery)j(statemen)m(t)e Fs(S)44
b Fu(of)32 b Fw(While)e Fu(and)i(states)h Fs(s)40 b Fu(and)32
b Fs(s)2844 647 y Fi(0)2867 683 y Fu(,)g(w)m(e)h(ha)m(v)m(e)h(that)244
880 y(if)d Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
b(!)f Fs(s)798 843 y Fi(0)886 880 y Fu(then)i Ft(h)o(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p
Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)1777 843 y Fi(\003)1849
880 y Ft(h)p Fo(")o Fu(,)g Fo(")p Fu(,)f Fs(s)2146 843
y Fi(0)2170 880 y Ft(i)0 1076 y Fu(So)48 b(if)f(the)h(execution)h(of)e
Fs(S)60 b Fu(from)47 b Fs(s)56 b Fu(terminates)47 b(in)g(the)h(natural)
f(seman)m(tics)h(then)h(the)0 1197 y(execution)34 b(of)e(the)h(co)s(de)
g(for)g Fs(S)44 b Fu(from)32 b(storage)g Fs(s)41 b Fu(will)31
b(terminate)g(and)i(the)h(resulting)d(states)0 1317 y(and)i(storages)g
(will)d(b)s(e)j(equal.)p 0 1437 V 0 1634 a Fw(Pro)s(of:)e
Fu(W)-8 b(e)27 b(pro)s(ceed)h(b)m(y)g(induction)e(on)g(the)i(shap)s(e)f
(of)g(the)g(deriv)-5 b(ation)25 b(tree)j(for)e Ft(h)p
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)3422 1598
y Fi(0)3445 1634 y Fu(.)0 1802 y Fw(The)33 b(case)g Fu([ass)608
1817 y Fn(ns)680 1802 y Fu(]:)44 b(W)-8 b(e)33 b(assume)g(that)244
1998 y Ft(h)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(,)32 b Fs(s)8
b Ft(i!)p Fs(s)794 1962 y Fi(0)0 2195 y Fu(where)34 b
Fs(s)330 2159 y Fi(0)353 2195 y Fu(=)p Fs(s)8 b Fu([)p
Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q
Fs(s)8 b Fu(].)43 b(F)-8 b(rom)31 b(T)-8 b(able)33 b(3.3)f(w)m(e)h(ha)m
(v)m(e)244 2391 y Ft(C)6 b(S)i Fu([)-17 b([)q Fs(x)12
b Fu(:=)p Fs(a)7 b Fu(])-17 b(])33 b(=)f Ft(C)6 b(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(:)p Fb(store)p
Fu(-)p Fs(x)0 2588 y Fu(F)-8 b(rom)31 b(Lemma)g(3.18)h(applied)g(to)g
Fs(a)40 b Fu(w)m(e)33 b(get)244 2785 y Ft(hC)6 b(A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(,)32 b Fo(")p
Fu(,)h Fs(s)8 b Ft(i)32 b Fh(\003)915 2749 y Fi(\003)987
2785 y Ft(h)o Fo(")p Fu(,)h Ft(A)o Fu([)-17 b([)q Fs(a)7
b Fu(])-17 b(])q Fs(s)8 b Fu(,)32 b Fs(s)8 b Ft(i)0 2981
y Fu(and)33 b(then)g(Exercise)h(3.4)e(giv)m(es)h(the)g(\014rst)g(part)f
(of)244 3178 y Ft(hC)6 b(A)o Fu([)-17 b([)q Fs(a)7 b
Fu(])-17 b(])q(:)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)31
b Fo(")p Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)1314 3142
y Fi(\003)1386 3178 y Ft(h)p Fb(store)p Fu(-)p Fs(x)12
b Fu(,)31 b(\()p Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)1237 3346 y
Fh(\003)72 b Ft(h)p Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)8
b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q Fs(s)8 b Fu(])p Ft(i)0 3542 y Fu(and)35 b(the)g(second)h(part)e
(follo)m(ws)g(from)f(the)i(op)s(erational)d(seman)m(tics)j(for)f
Fb(store)p Fu(-)p Fs(x)45 b Fu(giv)m(en)35 b(in)0 3663
y(T)-8 b(able)32 b(3.1.)43 b(Since)33 b Fs(s)766 3626
y Fi(0)822 3663 y Fu(=)f Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])33
b(this)f(completes)g(the)h(pro)s(of.)0 3830 y Fw(The)g(case)g
Fu([skip)654 3845 y Fn(ns)726 3830 y Fu(]:)43 b(Straigh)m(tforw)m(ard.)
0 3998 y Fw(The)33 b(case)g Fu([comp)711 4013 y Fn(ns)782
3998 y Fu(]:)43 b(Assume)34 b(that)244 4194 y Ft(h)p
Fs(S)350 4209 y Fn(1)389 4194 y Fu(;)p Fs(S)483 4209
y Fn(2)522 4194 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)881
4158 y Fi(00)0 4391 y Fu(holds)g(b)s(ecause)244 4588
y Ft(h)p Fs(S)350 4603 y Fn(1)389 4588 y Fu(,)h Fs(s)8
b Ft(i)32 b(!)g Fs(s)748 4551 y Fi(0)804 4588 y Fu(and)h
Ft(h)o Fs(S)1099 4603 y Fn(2)1139 4588 y Fu(,)f Fs(s)1246
4551 y Fi(0)1270 4588 y Ft(i)g(!)g Fs(s)1521 4551 y Fi(00)0
4784 y Fu(F)-8 b(rom)31 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(ha)m(v)m(e)244
4981 y Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)475 4996 y Fn(1)514
4981 y Fu(;)p Fs(S)608 4996 y Fn(2)647 4981 y Fu(])g(])33
b(=)g Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1056 4996 y Fn(1)1096
4981 y Fu(])g(]:)p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1391
4996 y Fn(2)1430 4981 y Fu(])g(])0 5177 y(W)-8 b(e)44
b(shall)e(no)m(w)i(apply)g(the)g(induction)e(h)m(yp)s(othesis)j(to)e
(the)h(premises)g Ft(h)p Fs(S)2850 5192 y Fn(1)2889 5177
y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)3248 5141 y Fi(0)3315
5177 y Fu(and)0 5298 y Ft(h)p Fs(S)106 5313 y Fn(2)145
5298 y Fu(,)h Fs(s)253 5262 y Fi(0)276 5298 y Ft(i)f(!)g
Fs(s)527 5262 y Fi(00)602 5298 y Fu(and)h(w)m(e)h(get)244
5494 y Ft(hC)6 b(S)i Fu([)-17 b([)p Fs(S)513 5509 y Fn(1)553
5494 y Fu(])g(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32
b Fh(\003)952 5458 y Fi(\003)1024 5494 y Ft(h)p Fo(")o
Fu(,)h Fo(")o Fu(,)g Fs(s)1321 5458 y Fi(0)1344 5494
y Ft(i)p eop
%%Page: 76 86
76 85 bop 251 130 a Fw(76)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
515 a Fu(and)527 716 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797
731 y Fn(2)836 716 y Fu(])g(])q(,)32 b Fo(")p Fu(,)g
Fs(s)1086 680 y Fi(0)1110 716 y Ft(i)g Fh(\003)1259 680
y Fi(\003)1331 716 y Ft(h)o Fo(")p Fu(,)h Fo(")o Fu(,)g
Fs(s)1628 680 y Fi(00)1670 716 y Ft(i)283 917 y Fu(Using)g(Exercise)h
(3.4)e(w)m(e)h(then)h(ha)m(v)m(e)527 1117 y Ft(hC)6 b(S)i
Fu([)-17 b([)q Fs(S)797 1132 y Fn(1)836 1117 y Fu(])g(])q(:)p
Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1131 1132 y Fn(2)1171
1117 y Fu(])g(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32
b Fh(\003)1570 1081 y Fi(\003)1642 1117 y Ft(hC)6 b(S)i
Fu([)-17 b([)p Fs(S)1911 1132 y Fn(2)1951 1117 y Fu(])g(],)33
b Fo(")o Fu(,)g Fs(s)2201 1081 y Fi(0)2224 1117 y Ft(i)g
Fh(\003)2373 1081 y Fi(\003)2445 1117 y Ft(h)p Fo(")o
Fu(,)g Fo(")p Fu(,)f Fs(s)2742 1081 y Fi(00)2785 1117
y Ft(i)283 1318 y Fu(and)h(the)g(result)g(follo)m(ws.)283
1486 y Fw(The)g(case)g Fu([if)836 1450 y Fn(tt)824 1510
y(ns)895 1486 y Fu(]:)43 b(Assume)34 b(that)527 1686
y Ft(h)p Fr(if)f Fs(b)39 b Fr(then)33 b Fs(S)1089 1701
y Fn(1)1161 1686 y Fr(else)h Fs(S)1466 1701 y Fn(2)1505
1686 y Fu(,)e Fs(s)8 b Ft(i)33 b(!)f Fs(s)1864 1650 y
Fi(0)283 1887 y Fu(b)s(ecause)i Ft(B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)527
2088 y Ft(h)p Fs(S)633 2103 y Fn(1)672 2088 y Fu(,)h
Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 2052 y Fi(0)283 2288
y Fu(F)-8 b(rom)32 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(get)e(that)527
2489 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(if)33 b Fs(b)38
b Fr(then)c Fs(S)1214 2504 y Fn(1)1286 2489 y Fr(else)f
Fs(S)1590 2504 y Fn(2)1630 2489 y Fu(])-17 b(])33 b(=)f
Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(]:)p
Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)2717
2504 y Fn(1)2756 2489 y Fu(])g(])q(,)32 b Ft(C)6 b(S)i
Fu([)-17 b([)q Fs(S)3084 2504 y Fn(2)3123 2489 y Fu(])g(])q(\))283
2690 y(Using)33 b(Exercises)h(3.19)e(and)h(3.4)f(w)m(e)h(get)g(the)g
(\014rst)g(part)f(of)527 2890 y Ft(hC)6 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(:)p Fb(branch)p Fu(\()p
Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1475 2905 y Fn(1)1514
2890 y Fu(])g(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1842
2905 y Fn(2)1881 2890 y Fu(])g(])q(\),)32 b Fo(")p Fu(,)g
Fs(s)8 b Ft(i)819 3058 y Fh(\003)896 3022 y Fi(\003)968
3058 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)e(S)i Fu([)-17
b([)q Fs(S)1636 3073 y Fn(1)1675 3058 y Fu(])g(])q(,)32
b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)2003 3073 y Fn(2)2042
3058 y Fu(])g(])q(\),)32 b(\()p Ft(B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])q Fs(s)8 b Fu(\),)32 b Fs(s)8 b
Ft(i)819 3226 y Fh(\003)72 b Ft(hC)6 b(S)i Fu([)-17 b([)q
Fs(S)1238 3241 y Fn(1)1277 3226 y Fu(])g(])q(,)32 b Fo(")p
Fu(,)h Fs(s)8 b Ft(i)819 3393 y Fh(\003)896 3357 y Fi(\003)968
3393 y Ft(h)p Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)1266
3357 y Fi(0)1289 3393 y Ft(i)283 3594 y Fu(The)49 b(second)h(part)d
(follo)m(ws)g(from)f(the)j(de\014nition)e(of)g(the)h(meaning)f(of)g
(the)i(instruction)283 3714 y Fb(branch)31 b Fu(in)f(the)h(case)h
(where)g(the)f(elemen)m(t)g(on)f(top)h(of)f(the)h(ev)-5
b(aluation)29 b(stac)m(k)j(is)f Fw(tt)e Fu(\(whic)m(h)283
3835 y(is)39 b(the)h(v)-5 b(alue)38 b(of)h Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)8 b Fu(\).)64 b(The)40
b(third)e(part)h(of)g(the)g(computation)f(sequence)k(comes)d(from)283
3955 y(applying)32 b(the)h(induction)e(h)m(yp)s(othesis)j(to)e(the)h
(premise)g Ft(h)o Fs(S)2515 3970 y Fn(1)2555 3955 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)h Fs(s)2914 3919 y Fi(0)2937 3955
y Fu(.)283 4123 y Fw(The)g(case)g Fu([if)836 4087 y Fn(\013)824
4147 y(ns)895 4123 y Fu(]:)43 b(Analogous.)283 4290 y
Fw(The)33 b(case)g Fu([while)1001 4254 y Fn(tt)989 4315
y(ns)1060 4290 y Fu(]:)44 b(Assume)33 b(that)527 4491
y Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1499 4455 y Fi(00)283 4692
y Fu(b)s(ecause)i Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(,)527 4892 y Ft(h)p
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 4856
y Fi(0)1048 4892 y Fu(and)h Ft(h)o Fr(while)h Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1958 4856 y Fi(0)1982
4892 y Ft(i)g(!)g Fs(s)2233 4856 y Fi(00)283 5093 y Fu(F)-8
b(rom)32 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(ha)m(v)m(e)527
5294 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(while)34 b Fs(b)k
Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g Fb(loop)p
Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(]\))283 5494 y(and)33 b(get)p eop
%%Page: 77 87
77 86 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(77)p
0 193 3473 4 v 244 515 a Ft(h)p Fb(loop)p Fu(\()p Ft(C)6
b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p
Fu(,)f Fs(s)8 b Ft(i)516 683 y Fh(\003)48 b Ft(h)o(C)6
b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p
Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(]:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p Fu(\),)g
Fo(")o Fu(,)g Fs(s)8 b Ft(i)516 851 y Fh(\003)593 814
y Fi(\003)641 851 y Ft(h)o Fb(branch)p Fu(\()p Ft(C)e(S)i
Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p
Ft(C)6 b(B)f Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32
b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33
b Fb(noop)p Fu(\),)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])p Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)516
1018 y Fh(\003)48 b Ft(h)o(C)6 b(S)j Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q(:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)0 1211 y Fu(Here)25 b(the)f(\014rst)g(part)g(follo)m(ws)f(from)g
(the)h(meaning)e(of)i(the)g Fb(loop)p Fu(-instruction)f(\(see)i(T)-8
b(able)24 b(3.1\))0 1331 y(and)32 b(the)h(second)h(part)e(from)f
(Exercises)j(3.19)e(and)g(3.4.)43 b(Since)33 b Ft(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32
b Fw(tt)f Fu(the)i(third)f(part)0 1451 y(follo)m(ws)38
b(from)h(the)h(meaning)e(of)h(the)i Fb(branch)p Fu(-instruction.)63
b(The)41 b(induction)d(h)m(yp)s(othesis)0 1572 y(can)33
b(no)m(w)f(b)s(e)h(applied)e(to)h(the)h(premises)f Ft(h)p
Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2002
1536 y Fi(0)2058 1572 y Fu(and)g Ft(h)p Fr(while)h Fs(b)38
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2966 1536 y Fi(0)2990
1572 y Ft(i)g(!)g Fs(s)3241 1536 y Fi(00)3315 1572 y
Fu(and)0 1692 y(giv)m(es)244 1885 y Ft(hC)6 b(S)i Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b Fo(")p Fu(,)h Fs(s)8
b Ft(i)32 b Fh(\003)912 1849 y Fi(\003)984 1885 y Ft(h)p
Fo(")p Fu(,)g Fo(")p Fu(,)h Fs(s)1282 1849 y Fi(0)1305
1885 y Ft(i)244 2052 y(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p
Fu(,)f Fs(s)1385 2016 y Fi(0)1409 2052 y Ft(i)g Fh(\003)1557
2016 y Fi(\003)1629 2052 y Ft(h)p Fo(")p Fu(,)g Fo(")p
Fu(,)h Fs(s)1927 2016 y Fi(00)1969 2052 y Ft(i)0 2245
y Fu(so)g(using)f(Exercise)i(3.4)e(w)m(e)i(get)244 2437
y Ft(hC)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(:)p
Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q(,)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q(\),)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)578
2605 y Fh(\003)655 2569 y Fi(\003)727 2605 y Ft(h)p Fb(loop)p
Fu(\()p Ft(C)e(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(\),)32
b Fo(")p Fu(,)h Fs(s)1869 2569 y Fi(0)1892 2605 y Ft(i)578
2773 y Fh(\003)655 2736 y Fi(\003)727 2773 y Ft(h)p Fo(")p
Fu(,)f Fo(")p Fu(,)h Fs(s)1025 2736 y Fi(00)1067 2773
y Ft(i)0 2965 y Fw(The)28 b(case)g Fu([while)708 2929
y Fn(\013)696 2990 y(ns)767 2965 y Fu(]:)41 b(Assume)28
b(that)f Ft(h)p Fr(while)i Fs(b)k Fr(do)28 b Fs(S)12
b Fu(,)28 b Fs(s)8 b Ft(i)27 b(!)g Fs(s)2366 2929 y Fi(0)2417
2965 y Fu(holds)h(b)s(ecause)g Ft(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0
3085 y Fu(and)h(then)g Fs(s)40 b Fu(=)33 b Fs(s)649 3049
y Fi(0)672 3085 y Fu(.)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244
3278 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)516 3445 y Fh(\003)48 b Ft(h)o(C)6 b(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p Fu(\()p Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p
Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(]\),)33 b Fb(noop)p Fu(\),)g Fo(")o Fu(,)g Fs(s)8 b
Ft(i)516 3613 y Fh(\003)593 3577 y Fi(\003)641 3613 y
Ft(h)o Fb(branch)p Fu(\()p Ft(C)e(S)i Fu([)-17 b([)q
Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)f
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p
Fu(\),)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)516 3781 y Fh(\003)48
b Ft(h)o Fb(noop)p Fu(,)33 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)516
3948 y Fh(\003)48 b Ft(h)o Fo(")p Fu(,)33 b Fo(")o Fu(,)g
Fs(s)8 b Ft(i)0 4141 y Fu(using)36 b(the)h(de\014nitions)f(of)g(the)h
Fb(loop)p Fu(-,)g Fb(branch)p Fu(-)f(and)g Fb(noop)p
Fu(-instructions)g(in)g(T)-8 b(able)36 b(3.1)0 4261 y(together)d(with)f
(Exercises)i(3.19)e(and)h(3.4.)1821 b Fh(2)146 4465 y
Fu(This)33 b(pro)m(v)m(es)h(Lemma)e(3.21.)42 b(The)34
b(second)g(part)e(of)g(the)h(theorem)g(follo)m(ws)e(from:)p
0 4585 3473 5 v 0 4748 a Fw(Lemma)37 b(3.22)49 b Fu(F)-8
b(or)31 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 b Fu(of)32
b Fw(While)e Fu(and)i(states)h Fs(s)40 b Fu(and)32 b
Fs(s)2844 4712 y Fi(0)2867 4748 y Fu(,)g(w)m(e)h(ha)m(v)m(e)h(that)244
4941 y(if)d Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1002
4905 y Fn(k)1076 4941 y Ft(h)o Fo(")p Fu(,)h Fs(e)7 b
Fu(,)33 b Fs(s)1380 4905 y Fi(0)1403 4941 y Ft(i)f Fu(then)h
Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2161
4905 y Fi(0)2217 4941 y Fu(and)h Fs(e)40 b Fu(=)32 b
Fo(")0 5133 y Fu(So)f(if)f(the)i(execution)g(of)f(the)h(co)s(de)f(for)g
Fs(S)43 b Fu(from)30 b(a)i(storage)f Fs(s)39 b Fu(terminates)31
b(then)h(the)g(natural)0 5254 y(seman)m(tics)k(of)g Fs(S)48
b Fu(from)34 b Fs(s)44 b Fu(will)34 b(terminate)h(in)g(a)h(state)g(b)s
(eing)f(equal)h(to)g(the)g(storage)g(of)g(the)0 5374
y(terminal)30 b(con\014guration.)p 0 5494 V eop
%%Page: 78 88
78 87 bop 251 130 a Fw(78)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
515 a(Pro)s(of:)29 b Fu(W)-8 b(e)26 b(shall)d(pro)s(ceed)j(b)m(y)g
(induction)e(on)h(the)h(length)e(k)i(of)e(the)i(computation)d(sequence)
283 636 y(of)37 b(the)f(abstract)h(mac)m(hine.)55 b(If)37
b(k)f(=)h(0)f(the)h(result)f(holds)h(v)-5 b(acuously)37
b(b)s(ecause)g Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b
Fu(])-17 b(])37 b(=)f Fo(")283 756 y Fu(cannot)d(o)s(ccur.)43
b(So)32 b(assume)h(that)f(it)f(holds)h(for)g(k)g Ft(\024)h
Fu(k)2331 771 y Fn(0)2403 756 y Fu(and)f(w)m(e)h(shall)e(pro)m(v)m(e)i
(that)f(it)f(holds)283 877 y(for)h(k)i(=)e(k)676 892
y Fn(0)716 877 y Fu(+1.)43 b(W)-8 b(e)33 b(pro)s(ceed)g(b)m(y)h(cases)g
(on)e(the)h(statemen)m(t)g Fs(S)12 b Fu(.)283 1044 y
Fw(The)33 b(case)g Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(:)44
b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)h Ft(C)6 b(S)i Fu([)-17
b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b(=)f
Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(:)p
Fb(store)p Fu(-)p Fs(x)43 b Fu(so)33 b(assume)g(that)527
1245 y Ft(hC)6 b(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q(:)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)32 b Fo(")o
Fu(,)h Fs(s)8 b Ft(i)32 b Fh(\003)1598 1209 y Fn(k)1635
1218 y Fd(0)1670 1209 y Fn(+1)1797 1245 y Ft(h)o Fo(")p
Fu(,)h Fs(e)7 b Fu(,)32 b Fs(s)2100 1209 y Fi(0)2124
1245 y Ft(i)283 1446 y Fu(Then)41 b(b)m(y)f(Exercise)h(3.5)e(there)h(m)
m(ust)g(b)s(e)f(a)g(con\014guration)g(of)g(the)g(form)f
Ft(h)p Fo(")p Fu(,)32 b Fs(e)3297 1409 y Fi(00)3340 1446
y Fu(,)h Fs(s)3448 1409 y Fi(00)3490 1446 y Ft(i)39 b
Fu(suc)m(h)283 1566 y(that)527 1767 y Ft(hC)6 b(A)p Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])q(,)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)33 b Fh(\003)1198 1730 y Fn(k)1235 1739 y Fd(1)1307
1767 y Ft(h)o Fo(")p Fu(,)g Fs(e)1503 1730 y Fi(00)1545
1767 y Fu(,)g Fs(s)1653 1730 y Fi(00)1695 1767 y Ft(i)527
1934 y(h)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)31 b Fs(e)1050
1898 y Fi(00)1093 1934 y Fu(,)i Fs(s)1201 1898 y Fi(00)1243
1934 y Ft(i)g Fh(\003)1392 1898 y Fn(k)1429 1907 y Fd(2)1500
1934 y Ft(h)p Fo(")p Fu(,)g Fs(e)7 b Fu(,)32 b Fs(s)1804
1898 y Fi(0)1828 1934 y Ft(i)283 2135 y Fu(where)h(k)615
2150 y Fn(1)687 2135 y Fu(+)e(k)845 2150 y Fn(2)916 2135
y Fu(=)g(k)1074 2150 y Fn(0)1146 2135 y Fu(+)g(1.)43
b(F)-8 b(rom)30 b(Lemma)g(3.18)h(and)g(Exercise)i(3.6)e(w)m(e)i(get)e
(that)h Fs(e)3473 2099 y Fi(00)3547 2135 y Fu(m)m(ust)283
2255 y(b)s(e)39 b(\()p Ft(A)o Fu([)-17 b([)q Fs(a)7 b
Fu(])-17 b(])q Fs(s)8 b Fu(\))37 b(and)i Fs(s)1039 2219
y Fi(00)1119 2255 y Fu(m)m(ust)f(b)s(e)g Fs(s)8 b Fu(.)60
b(Using)38 b(the)g(seman)m(tics)g(of)g Fb(store)p Fu(-)p
Fs(x)48 b Fu(w)m(e)39 b(therefore)g(see)283 2376 y(that)33
b Fs(s)543 2340 y Fi(0)599 2376 y Fu(is)f Fs(s)8 b Fu([)p
Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])p
Fs(s)8 b Fu(])33 b(and)g Fs(e)40 b Fu(is)32 b Fo(")o
Fu(.)44 b(It)32 b(no)m(w)i(follo)m(ws)d(from)g([ass)2748
2391 y Fn(ns)2820 2376 y Fu(])i(that)f Ft(h)p Fs(x)12
b Fu(:=)p Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)3641
2340 y Fi(0)3664 2376 y Fu(.)283 2543 y Fw(The)33 b(case)g
Fr(skip)p Fu(:)45 b(Straigh)m(tforw)m(ard.)283 2711 y
Fw(The)33 b(case)g Fs(S)806 2726 y Fn(1)846 2711 y Fu(;)p
Fs(S)940 2726 y Fn(2)979 2711 y Fu(:)44 b(Assume)33 b(that)527
2912 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 2927 y Fn(1)836
2912 y Fu(])g(])q(:)p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1131
2927 y Fn(2)1171 2912 y Fu(])g(],)33 b Fo(")o Fu(,)g
Fs(s)8 b Ft(i)32 b Fh(\003)1570 2875 y Fn(k)1607 2884
y Fd(0)1642 2875 y Fn(+1)1769 2912 y Ft(h)o Fo(")p Fu(,)h
Fs(e)7 b Fu(,)33 b Fs(s)2073 2875 y Fi(00)2115 2912 y
Ft(i)283 3112 y Fu(Then)c(b)m(y)f(Exercise)g(3.5)f(there)h(m)m(ust)f(b)
s(e)h(a)e(con\014guration)h(of)f(the)i(form)e Ft(h)p
Fo(")o Fu(,)i Fs(e)3146 3076 y Fi(0)3170 3112 y Fu(,)g
Fs(s)3273 3076 y Fi(0)3297 3112 y Ft(i)e Fu(suc)m(h)j(that)527
3313 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 3328 y Fn(1)836
3313 y Fu(])g(])q(,)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)33
b Fh(\003)1235 3277 y Fn(k)1272 3286 y Fd(1)1344 3313
y Ft(h)p Fo(")o Fu(,)g Fs(e)1540 3277 y Fi(0)1563 3313
y Fu(,)g Fs(s)1671 3277 y Fi(0)1694 3313 y Ft(i)527 3481
y(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 3496 y Fn(2)836
3481 y Fu(])g(])q(,)32 b Fs(e)985 3444 y Fi(0)1009 3481
y Fu(,)g Fs(s)1116 3444 y Fi(0)1140 3481 y Ft(i)g Fh(\003)1289
3444 y Fn(k)1326 3453 y Fd(2)1397 3481 y Ft(h)p Fo(")o
Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)1701 3444 y Fi(00)1743
3481 y Ft(i)283 3681 y Fu(where)e(k)613 3696 y Fn(1)682
3681 y Fu(+)f(k)839 3696 y Fn(2)908 3681 y Fu(=)f(k)1064
3696 y Fn(0)1134 3681 y Fu(+)g(1.)42 b(The)31 b(induction)d(h)m(yp)s
(othesis)j(can)e(no)m(w)h(b)s(e)g(applied)e(to)h(the)h(\014rst)283
3802 y(of)j(these)g(computation)e(sequences)36 b(b)s(ecause)e(k)2068
3817 y Fn(1)2141 3802 y Ft(\024)f Fu(k)2302 3817 y Fn(0)2374
3802 y Fu(and)g(giv)m(es)527 4002 y Ft(h)p Fs(S)633 4017
y Fn(1)672 4002 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031
3966 y Fi(0)1087 4002 y Fu(and)h Fs(e)1329 3966 y Fi(0)1385
4002 y Fu(=)g Fo(")283 4203 y Fu(Th)m(us)49 b(w)m(e)f(ha)m(v)m(e)g
Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)1212 4218 y Fn(2)1251
4203 y Fu(])g(])q(,)50 b Fo(")p Fu(,)g Fs(s)1537 4167
y Fi(0)1561 4203 y Ft(i)c Fh(\003)1724 4167 y Fn(k)1761
4176 y Fd(2)1847 4203 y Ft(h)p Fo(")o Fu(,)51 b Fs(e)7
b Fu(,)51 b Fs(s)2187 4167 y Fi(00)2229 4203 y Ft(i)c
Fu(and)g(since)g(k)2823 4218 y Fn(2)2910 4203 y Ft(\024)h
Fu(k)3086 4218 y Fn(0)3172 4203 y Fu(the)g(induction)283
4323 y(h)m(yp)s(othesis)34 b(can)f(b)s(e)g(applied)e(to)h(this)h
(computation)e(sequence)k(and)e(giv)m(es)527 4524 y Ft(h)p
Fs(S)633 4539 y Fn(2)672 4524 y Fu(,)g Fs(s)780 4488
y Fi(0)803 4524 y Ft(i)g(!)f Fs(s)1055 4488 y Fi(00)1130
4524 y Fu(and)g Fs(e)40 b Fu(=)33 b Fo(")283 4725 y Fu(The)h(rule)e
([comp)934 4740 y Fn(ns)1005 4725 y Fu(])h(no)m(w)g(giv)m(es)g
Ft(h)p Fs(S)1613 4740 y Fn(1)1652 4725 y Fu(;)p Fs(S)1746
4740 y Fn(2)1785 4725 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g
Fs(s)2144 4689 y Fi(00)2219 4725 y Fu(as)h(required.)283
4892 y Fw(The)g(case)g Fr(if)h Fs(b)k Fr(then)c Fs(S)1263
4907 y Fn(1)1334 4892 y Fr(else)g Fs(S)1639 4907 y Fn(2)1678
4892 y Fu(:)44 b(The)33 b(co)s(de)g(generated)g(for)g(the)g
(conditional)d(is)527 5093 y Ft(C)6 b(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i
Fu([)-17 b([)q Fs(S)1436 5108 y Fn(1)1475 5093 y Fu(])g(])q(,)32
b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1803 5108 y Fn(2)1842
5093 y Fu(])g(])q(\))283 5294 y(so)33 b(w)m(e)h(assume)f(that)527
5494 y Ft(hC)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q
Fs(S)1475 5509 y Fn(1)1514 5494 y Fu(])g(],)33 b Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)1842 5509 y Fn(2)1881 5494
y Fu(])g(])q(\),)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)33
b Fh(\003)2318 5458 y Fn(k)2355 5467 y Fd(0)2390 5458
y Fn(+1)2517 5494 y Ft(h)p Fo(")o Fu(,)g Fs(e)7 b Fu(,)33
b Fs(s)2821 5458 y Fi(0)2844 5494 y Ft(i)p eop
%%Page: 79 89
79 88 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(79)p
0 193 3473 4 v 0 515 a Fu(Then)39 b(b)m(y)h(Exercise)f(3.5)f(there)h(m)
m(ust)f(b)s(e)h(a)f(con\014guration)f(of)h(the)h(form)e
Ft(h)p Fo(")o Fu(,)j Fs(e)3008 479 y Fi(00)3051 515 y
Fu(,)f Fs(s)3165 479 y Fi(00)3208 515 y Ft(i)f Fu(suc)m(h)0
636 y(that)244 848 y Ft(hC)6 b(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(],)33 b Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b
Fh(\003)897 812 y Fn(k)934 821 y Fd(1)1006 848 y Ft(h)o
Fo(")p Fu(,)g Fs(e)1202 812 y Fi(00)1244 848 y Fu(,)g
Fs(s)1352 812 y Fi(00)1395 848 y Ft(i)0 1060 y Fu(and)244
1272 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17
b([)p Fs(S)911 1287 y Fn(1)950 1272 y Fu(])g(])q(,)33
b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1278 1287 y Fn(2)1318
1272 y Fu(])g(]\),)33 b Fs(e)1505 1235 y Fi(00)1547 1272
y Fu(,)g Fs(s)1655 1235 y Fi(00)1698 1272 y Ft(i)f Fh(\003)1846
1235 y Fn(k)1883 1244 y Fd(2)1955 1272 y Ft(h)p Fo(")o
Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)2259 1235 y Fi(0)2282
1272 y Ft(i)0 1484 y Fu(where)42 b(k)341 1499 y Fn(1)421
1484 y Fu(+)e(k)588 1499 y Fn(2)669 1484 y Fu(=)g(k)836
1499 y Fn(0)916 1484 y Fu(+)h(1.)66 b(F)-8 b(rom)39 b(Exercises)k(3.19)
d(and)g(3.6)g(w)m(e)i(get)e(that)g Fs(e)3039 1447 y Fi(00)3123
1484 y Fu(m)m(ust)g(b)s(e)0 1604 y Ft(B)s Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])q Fs(s)39 b Fu(and)32 b Fs(s)511
1568 y Fi(00)586 1604 y Fu(m)m(ust)g(b)s(e)g Fs(s)8 b
Fu(.)43 b(W)-8 b(e)32 b(shall)f(no)m(w)h(assume)h(that)e
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40
b Fu(=)31 b Fw(tt)p Fu(.)43 b(Then)33 b(there)f(m)m(ust)0
1724 y(b)s(e)h(a)f(con\014guration)g Ft(hC)6 b(S)i Fu([)-17
b([)p Fs(S)1074 1739 y Fn(1)1113 1724 y Fu(])g(])q(,)33
b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fu(suc)m(h)i(that)244
1936 y(\()p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)512 1951
y Fn(1)552 1936 y Fu(])g(],)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)33 b Fh(\003)951 1900 y Fn(k)988 1909 y Fd(2)1023
1900 y Fi(\000)p Fn(1)1150 1936 y Ft(h)o Fo(")p Fu(,)g
Fs(e)7 b Fu(,)33 b Fs(s)1454 1900 y Fi(0)1477 1936 y
Ft(i)0 2148 y Fu(The)24 b(induction)d(h)m(yp)s(othesis)j(can)f(no)m(w)g
(b)s(e)g(applied)e(to)h(this)h(computation)e(sequence)k(b)s(ecause)0
2269 y(k)51 2284 y Fn(2)123 2269 y Ft(\000)33 b Fu(1)g
Ft(\024)g Fu(k)476 2284 y Fn(0)548 2269 y Fu(and)g(w)m(e)g(get)244
2481 y Ft(h)p Fs(S)350 2496 y Fn(1)389 2481 y Fu(,)g
Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2444 y Fi(0)804 2481
y Fu(and)h Fs(e)39 b Fu(=)33 b Fo(")0 2692 y Fu(The)g(rule)e([if)491
2656 y Fn(tt)479 2717 y(ns)549 2692 y Fu(])h(giv)m(es)g(the)g(required)
g Ft(h)p Fr(if)g Fs(b)38 b Fr(then)33 b Fs(S)1954 2707
y Fn(1)2025 2692 y Fr(else)f Fs(S)2328 2707 y Fn(2)2368
2692 y Fu(,)g Fs(s)8 b Ft(i)31 b(!)g Fs(s)2724 2656 y
Fi(0)2748 2692 y Fu(.)43 b(The)33 b(case)f(where)0 2813
y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)40
b Fu(=)33 b Fw(\013)f Fu(is)h(similar.)0 2980 y Fw(The)d(case)g
Fr(while)h Fs(b)36 b Fr(do)30 b Fs(S)12 b Fu(:)29 b(The)i(co)s(de)f
(for)f(the)h Fr(while)p Fu(-lo)s(op)f(is)g Fb(loop)p
Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)31 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])q(\))29 b(and)0 3101 y(w)m(e)34 b(therefore)f(assume)g(that)244
3313 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)33 b Fh(\003)1534 3277 y Fn(k)1571 3286 y Fd(0)1606
3277 y Fn(+1)1733 3313 y Ft(h)p Fo(")o Fu(,)g Fs(e)7
b Fu(,)33 b Fs(s)2037 3277 y Fi(00)2079 3313 y Ft(i)0
3525 y Fu(Using)48 b(the)g(de\014nition)f(of)g(the)h
Fb(loop)p Fu(-instruction)f(this)h(means)g(that)g(the)g(computation)0
3645 y(sequence)35 b(can)e(b)s(e)g(rewritten)g(as)244
3857 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)516 4025 y Fh(\003)98 b Ft(hC)6 b(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])q(:)p Fb(branch)p Fu(\()p
Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(:)p
Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q(,)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q(\),)32 b Fb(noop)p Fu(\),)h Fo(")p Fu(,)f
Fs(s)8 b Ft(i)516 4192 y Fh(\003)593 4156 y Fn(k)630
4165 y Fd(0)691 4192 y Ft(h)p Fo(")o Fu(,)33 b Fs(e)7
b Fu(,)33 b Fs(s)995 4156 y Fi(00)1037 4192 y Ft(i)0
4404 y Fu(According)f(to)h(Exercise)h(3.5)e(there)h(will)d(then)j(b)s
(e)g(a)f(con\014guration)g Ft(h)p Fo(")p Fu(,)g Fs(e)2780
4368 y Fi(0)2804 4404 y Fu(,)g Fs(s)2911 4368 y Fi(0)2935
4404 y Ft(i)g Fu(suc)m(h)i(that)244 4616 y Ft(hC)6 b(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f
Fs(s)8 b Ft(i)33 b Fh(\003)897 4580 y Fn(k)934 4589 y
Fd(1)1006 4616 y Ft(h)o Fo(")p Fu(,)g Fs(e)1202 4580
y Fi(0)1225 4616 y Fu(,)g Fs(s)1333 4580 y Fi(0)1356
4616 y Ft(i)0 4828 y Fu(and)244 5040 y Ft(h)p Fb(branch)p
Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])q(:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)j Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(\),)32 b Fb(noop)p Fu(\),)h
Fs(e)2318 5004 y Fi(0)2342 5040 y Fu(,)f Fs(s)2449 5004
y Fi(0)2473 5040 y Ft(i)g Fh(\003)2621 5004 y Fn(k)2658
5013 y Fd(2)2730 5040 y Ft(h)p Fo(")o Fu(,)h Fs(e)7 b
Fu(,)33 b Fs(s)3034 5004 y Fi(00)3076 5040 y Ft(i)0 5252
y Fu(where)k(k)336 5267 y Fn(1)411 5252 y Fu(+)e(k)573
5267 y Fn(2)648 5252 y Fu(=)h(k)811 5267 y Fn(0)851 5252
y Fu(.)51 b(F)-8 b(rom)34 b(Exercises)k(3.19)c(and)i(3.6)f(w)m(e)h(get)
g Fs(e)2539 5216 y Fi(0)2598 5252 y Fu(=)f Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)44 b Fu(and)35 b Fs(s)3227
5216 y Fi(0)3286 5252 y Fu(=)g Fs(s)8 b Fu(.)0 5372 y(W)-8
b(e)33 b(no)m(w)g(ha)m(v)m(e)h(t)m(w)m(o)f(cases.)146
5494 y(In)g(the)g(\014rst)g(case)h(assume)f(that)f Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33
b Fw(\013)p Fu(.)44 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)p
eop
%%Page: 80 90
80 89 bop 251 130 a Fw(80)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
515 a Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6
b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p
Fu(\),)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)926 683 y Fh(\003)33
b Ft(h)p Fb(noop)p Fu(,)g Fo(")o Fu(,)g Fs(s)8 b Ft(i)926
851 y Fh(\003)33 b Ft(h)p Fo(")o Fu(,)g Fo(")p Fu(,)f
Fs(s)8 b Ft(i)283 1033 y Fu(so)25 b Fs(e)33 b Fu(=)24
b Fo(")h Fu(and)g Fs(s)32 b Fu(=)25 b Fs(s)1047 997 y
Fi(00)1090 1033 y Fu(.)40 b(Using)25 b(rule)f([while)1873
997 y Fn(\013)1861 1058 y(ns)1932 1033 y Fu(])h(w)m(e)h(get)e
Ft(h)p Fr(while)i Fs(b)31 b Fr(do)25 b Fs(S)12 b Fu(,)25
b Fs(s)8 b Ft(i)25 b(!)f Fs(s)3200 997 y Fi(00)3267 1033
y Fu(as)h(required.)430 1154 y(In)33 b(the)g(second)h(case)f(assume)g
(that)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(.)43 b(Then)33 b(w)m(e)h(ha)m(v)m(e)527
1337 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6
b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(C)6
b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p
Fu(\),)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)926 1504 y Fh(\003)163
b Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p
Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q(\),)32 b Fo(")p Fu(,)h Fs(s)8 b Ft(i)926
1672 y Fh(\003)1004 1636 y Fn(k)1041 1645 y Fd(2)1075
1636 y Fi(\000)p Fn(1)1166 1672 y Ft(h)p Fo(")p Fu(,)32
b Fs(e)7 b Fu(,)33 b Fs(s)1470 1636 y Fi(00)1513 1672
y Ft(i)283 1855 y Fu(W)-8 b(e)31 b(then)f(pro)s(ceed)h(v)m(ery)h(m)m
(uc)m(h)e(as)g(in)g(the)g(case)h(of)f(the)g(comp)s(osition)e(statemen)m
(t)i(and)g(get)g(a)283 1975 y(con\014guration)i Ft(h)p
Fo(")p Fu(,)g Fs(e)1070 1939 y Fi(0)1094 1975 y Fu(,)g
Fs(s)1201 1939 y Fi(0)1225 1975 y Ft(i)g Fu(suc)m(h)i(that)527
2158 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1196
2122 y Fn(k)1233 2131 y Fd(3)1304 2158 y Ft(h)p Fo(")p
Fu(,)g Fs(e)1500 2122 y Fi(0)1524 2158 y Fu(,)h Fs(s)1632
2122 y Fi(0)1655 2158 y Ft(i)527 2326 y(h)p Fb(loop)p
Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])q(\),)32 b Fs(e)1567 2289 y Fi(0)1591 2326 y Fu(,)h
Fs(s)1699 2289 y Fi(0)1722 2326 y Ft(i)f Fh(\003)1871
2289 y Fn(k)1908 2298 y Fd(4)1979 2326 y Ft(h)p Fo(")p
Fu(,)g Fs(e)7 b Fu(,)33 b Fs(s)2283 2289 y Fi(00)2326
2326 y Ft(i)283 2508 y Fu(where)h(k)616 2523 y Fn(3)689
2508 y Fu(+)f(k)849 2523 y Fn(4)921 2508 y Fu(=)g(k)1081
2523 y Fn(2)1153 2508 y Ft(\000)g Fu(1.)44 b(Since)33
b(k)1689 2523 y Fn(3)1762 2508 y Ft(\024)g Fu(k)1923
2523 y Fn(0)1995 2508 y Fu(w)m(e)h(can)f(apply)f(the)i(induction)d(h)m
(yp)s(othesis)j(to)283 2629 y(the)f(\014rst)h(of)e(these)h(computation)
f(sequences)j(and)e(get)527 2812 y Ft(h)p Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 2775 y Fi(0)1048 2812
y Fu(and)h Fs(e)1290 2775 y Fi(0)1346 2812 y Fu(=)f Fo(")283
2994 y Fu(W)-8 b(e)35 b(can)g(then)f(use)i(that)e(k)1292
3009 y Fn(4)1366 2994 y Ft(\024)g Fu(k)1528 3009 y Fn(0)1603
2994 y Fu(and)g(apply)g(the)g(induction)g(h)m(yp)s(othesis)h(to)f(the)h
(compu-)283 3115 y(tation)d(sequence)j Ft(h)p Fb(loop)p
Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(,)32 b Ft(C)6 b(S)j Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])q(\),)32 b Fo(")p Fu(,)g Fs(s)2116 3079 y Fi(0)2140
3115 y Ft(i)g Fh(\003)2288 3079 y Fn(k)2325 3088 y Fd(4)2397
3115 y Ft(h)p Fo(")o Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)2701
3079 y Fi(00)2743 3115 y Ft(i)g Fu(and)f(get)527 3298
y Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
b Fs(s)1248 3261 y Fi(0)1271 3298 y Ft(i)g(!)f Fs(s)1523
3261 y Fi(00)1598 3298 y Fu(and)g Fs(e)40 b Fu(=)33 b
Fo(")283 3480 y Fu(Using)24 b(rule)f([while)997 3444
y Fn(tt)985 3505 y(ns)1056 3480 y Fu(])h(w)m(e)h(then)f(get)g
Ft(h)p Fr(while)h Fs(b)30 b Fr(do)24 b Fs(S)12 b Fu(,)24
b Fs(s)8 b Ft(i)24 b(!)f Fs(s)2529 3444 y Fi(00)2596
3480 y Fu(as)h(required.)41 b(This)24 b(completes)283
3601 y(the)33 b(pro)s(of)f(of)g(the)h(lemma.)2385 b Fh(2)430
3804 y Fu(The)37 b(pro)s(of)e(tec)m(hnique)j(emplo)m(y)m(ed)e(in)g(the)
g(ab)s(o)m(v)m(e)h(pro)s(of)f(ma)m(y)g(b)s(e)g(summarized)f(as)i(fol-)
283 3924 y(lo)m(ws:)p 283 4054 3470 4 v 283 4071 V 281
4279 4 208 v 298 4279 V 1371 4200 a Fw(Pro)s(of)32 b(Summary)h(for)f
(While)p Fu(:)p 3735 4279 V 3752 4279 V 281 4486 V 298
4486 V 1266 4407 a Fw(Correctness)g(of)h(Implemen)m(tation)p
3735 4486 V 3752 4486 V 283 4490 3470 4 v 281 4979 4
490 v 298 4979 V 350 4655 a Fu(1:)143 b(Pro)m(v)m(e)24
b(b)m(y)h Fs(induction)h(on)f(the)i(shap)-5 b(e)25 b(of)h(derivation)g
(tr)-5 b(e)g(es)31 b Fu(that)23 b(for)g(eac)m(h)h(deriv)-5
b(ation)569 4775 y(tree)34 b(in)g(the)g(natural)f(seman)m(tics)i(there)
g(is)e(a)h(corresp)s(onding)g(\014nite)g(computation)569
4896 y(sequence)h(on)e(the)g(abstract)f(mac)m(hine.)p
3735 4979 V 3752 4979 V 281 5508 4 529 v 298 5508 V 350
5063 a(2:)143 b(Pro)m(v)m(e)26 b(b)m(y)f Fs(induction)i(on)g(the)h
(length)f(of)g(c)-5 b(omputation)27 b(se)-5 b(quenc)g(es)32
b Fu(that)25 b(for)f(eac)m(h)h(\014-)569 5184 y(nite)h(computation)f
(sequence)k(obtained)d(from)f(executing)i(a)f(statemen)m(t)h(of)f
Fw(While)569 5304 y Fu(on)41 b(the)h(abstract)f(mac)m(hine)g(there)h
(is)e(a)h(corresp)s(onding)h(deriv)-5 b(ation)39 b(tree)j(in)e(the)569
5424 y(natural)31 b(seman)m(tics.)p 3735 5508 V 3752
5508 V 283 5511 3470 4 v 283 5528 V eop
%%Page: 81 91
81 90 bop 0 130 a Fw(3.4)112 b(An)38 b(alternativ)m(e)e(pro)s(of)i(tec)
m(hnique)1593 b(81)p 0 193 3473 4 v 0 515 a Fu(Note)28
b(the)h Fs(similarities)35 b Fu(b)s(et)m(w)m(een)30 b(this)e(pro)s(of)f
(tec)m(hnique)i(and)f(that)g(for)g(sho)m(wing)g(the)g(equiv-)0
636 y(alence)j(of)g(t)m(w)m(o)i(op)s(erational)28 b(seman)m(tics)k
(\(see)h(Section)e(2.3\).)42 b(Again)31 b(one)g(has)h(to)f(b)s(e)h
(careful)0 756 y(when)47 b(adapting)d(this)i(approac)m(h)g(to)f(a)g
(language)g(with)g(additional)e(programming)g(con-)0
877 y(structs)34 b(or)e(a)g(di\013eren)m(t)h(mac)m(hine)f(language.)0
1091 y Fw(Exercise)k(3.23)49 b Fu(Consider)33 b(the)f(\\optimized")e
(co)s(de)j(generation)e(function)h Ft(C)6 b(S)3021 1055
y Fi(0)3077 1091 y Fu(that)32 b(is)f(as)0 1211 y Ft(C)6
b(S)46 b Fu(of)37 b(T)-8 b(able)38 b(3.3)f(except)j(that)e
Ft(C)6 b(S)1371 1175 y Fi(0)1394 1211 y Fu([)-17 b([)p
Fr(skip)p Fu(])g(])40 b(=)e Fo(")o Fu(.)60 b(W)-8 b(ould)37
b(this)g(complicate)g(the)h(pro)s(of)f(of)0 1332 y(Theorem)c(3.20?)2766
b Fh(2)0 1546 y Fw(Exercise)36 b(3.24)49 b Fu(Extend)29
b(the)e(pro)s(of)f(of)h(Theorem)g(3.20)f(to)h(hold)f(for)h(the)g
Fw(While)e Fu(language)0 1666 y(extended)48 b(with)e
Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85
b(The)47 b(co)s(de)g(generated)g(for)f(this)g(construct)h(w)m(as)0
1787 y(studied)33 b(in)f(Exercise)i(3.14)e(and)g(its)g(natural)g(seman)
m(tics)h(in)e(Exercise)j(2.7.)593 b Fh(2)0 2001 y Fw(Exercise)36
b(3.25)49 b Fu(Pro)m(v)m(e)27 b(that)f(the)g(co)s(de)g(generated)g(for)
g Fw(AM)2314 2016 y Fn(1)2379 2001 y Fu(in)e(Exercise)j(3.16)f(is)f
(correct.)0 2121 y(What)33 b(assumptions)f(do)h(y)m(ou)g(need)g(to)g
(mak)m(e)f(ab)s(out)g Fs(env)11 b Fu(?)1168 b Fh(2)0
2452 y Fj(3.4)161 b(An)53 b(alternativ)l(e)h(pro)t(of)g(tec)l(hnique)0
2671 y Fu(In)32 b(Theorem)f(3.20)g(w)m(e)i(pro)m(v)m(ed)g(the)e
(correctness)j(of)d(the)h(implemen)m(tation)c(with)j(resp)s(ect)i(to)0
2792 y(the)j(natural)f(seman)m(tics.)53 b(It)36 b(is)f(ob)m(vious)h
(that)g(the)g(implemen)m(tation)d(will)g(also)i(b)s(e)h(correct)0
2912 y(with)c(resp)s(ect)i(to)e(the)h(structural)g(op)s(erational)d
(seman)m(tics,)j(that)f(is)244 3105 y Ft(S)312 3120 y
Fn(sos)407 3105 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33
b(=)g Ft(S)758 3120 y Fn(am)856 3105 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])33 b(for)f(all)f(statemen)m(ts)i
Fs(S)45 b Fu(of)32 b Fw(While)0 3298 y Fu(b)s(ecause)41
b(w)m(e)g(sho)m(w)m(ed)h(in)d(Theorem)h(2.26)g(that)f(the)i(natural)e
(seman)m(tics)h(is)f(equiv)-5 b(alen)m(t)40 b(to)0 3418
y(the)35 b(structural)f(op)s(erational)e(seman)m(tics.)49
b(Ho)m(w)m(ev)m(er,)37 b(one)e(migh)m(t)e(argue)h(that)g(it)g(w)m(ould)
g(b)s(e)0 3538 y(easier)e(to)f(giv)m(e)h(a)g(direct)f(pro)s(of)h(of)f
(the)h(correctness)i(of)e(the)g(implemen)m(tation)d(with)i(resp)s(ect)0
3659 y(to)d(the)h(structural)f(op)s(erational)e(seman)m(tics,)j(b)s
(ecause)h(b)s(oth)e(approac)m(hes)i(are)e(based)i(on)e(the)0
3779 y(idea)c(of)h(sp)s(ecifying)g(the)g(individual)e(steps)j(of)f(the)
g(computation.)40 b(W)-8 b(e)25 b(shall)f(commen)m(t)g(up)s(on)0
3899 y(this)32 b(shortly)-8 b(.)146 4020 y(A)39 b(direct)g(pro)s(of)f
(of)h(the)g(correctness)i(result)e(with)g(resp)s(ect)h(to)f(the)g
(structural)g(op)s(era-)0 4140 y(tional)31 b(seman)m(tics)j(could)f
(pro)s(ceed)h(as)g(follo)m(ws.)45 b(W)-8 b(e)34 b(shall)e(de\014ne)j(a)
e Fs(bisimulation)40 b Fu(relation)0 4261 y Ft(\031)31
b Fu(b)s(et)m(w)m(een)i(the)e(con\014gurations)g(of)f(the)h(structural)
g(op)s(erational)d(seman)m(tics)j(and)g(those)h(of)0
4381 y(the)h(op)s(erational)d(seman)m(tics)j(for)f Fw(AM)p
Fu(.)h(It)f(is)g(de\014ned)i(b)m(y)294 4565 y Ft(h)o
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)99 b(\031)h(hC)6 b(S)i
Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f
Fs(s)8 b Ft(i)498 4733 y Fs(s)107 b Ft(\031)100 b(h)p
Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)8 b Ft(i)0 4919 y
Fu(for)30 b(all)f(statemen)m(ts)j Fs(S)42 b Fu(and)31
b(states)h Fs(s)8 b Fu(.)43 b(The)31 b(\014rst)h(stage)f(will)d(then)k
(b)s(e)f(to)f(pro)m(v)m(e)i(that)f(when-)0 5039 y(ev)m(er)43
b Fs(one)48 b Fu(step)43 b(of)e(the)h(structural)g(op)s(erational)d
(seman)m(tics)j Fs(changes)48 b Fu(the)42 b(con\014guration)0
5160 y(then)32 b(there)g(is)f(a)f Fs(se)-5 b(quenc)g(e)38
b Fu(of)31 b(steps)i(in)d(the)i(seman)m(tics)f(of)g Fw(AM)g
Fu(that)g(will)e(mak)m(e)i(a)g Fs(similar)0 5280 y(change)39
b Fu(in)32 b(the)h(con\014guration)e(of)i(the)g(abstract)f(mac)m(hine:)
0 5494 y Fw(Exercise)k(3.26)49 b Fu(*)33 b(Sho)m(w)g(that)f(if)p
eop
%%Page: 82 92
82 91 bop 251 130 a Fw(82)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
515 a Fo(\015)583 530 y Fn(sos)711 515 y Ft(\031)c Fo(\015)877
530 y Fn(am)1008 515 y Fu(and)f Fo(\015)1253 530 y Fn(sos)1381
515 y Ft(\))g Fo(\015)1569 479 y Fi(0)1569 540 y Fn(sos)283
774 y Fu(then)i(there)f(exists)g(a)g(con\014guration)e
Fo(\015)1752 738 y Fi(0)1752 798 y Fn(am)1883 774 y Fu(suc)m(h)j(that)
527 1032 y Fo(\015)583 1047 y Fn(am)714 1032 y Fh(\003)792
996 y Fn(+)883 1032 y Fo(\015)939 996 y Fi(0)939 1057
y Fn(am)1070 1032 y Fu(and)f Fo(\015)1316 996 y Fi(0)1316
1057 y Fn(sos)1443 1032 y Ft(\031)g Fo(\015)1609 996
y Fi(0)1609 1057 y Fn(am)283 1291 y Fu(Argue)g(that)g(this)f(means)h
(that)f(if)f Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(\))1959 1255 y Fi(\003)2030 1291 y Fs(s)2078 1255 y
Fi(0)2134 1291 y Fu(then)i Ft(h)o(C)7 b(S)g Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f Fs(s)8
b Ft(i)33 b Fh(\003)3025 1255 y Fi(\003)3097 1291 y Ft(h)p
Fo(")o Fu(,)g Fo(")p Fu(,)f Fs(s)3394 1255 y Fi(0)3418
1291 y Ft(i)o Fu(.)198 b Fh(2)430 1596 y Fu(The)33 b(second)h(part)e
(of)g(the)h(pro)s(of)e(is)h(to)g(sho)m(w)i(that)e(whenev)m(er)j
Fw(AM)d Fu(mak)m(es)h(a)f(sequence)283 1717 y(of)f(mo)m(v)m(es)h(from)e
(a)h(con\014guration)g(with)g(an)g Fs(empty)40 b Fu(ev)-5
b(aluation)29 b(stac)m(k)k(to)e(another)g(con\014gu-)283
1837 y(ration)j(with)g(an)h Fs(empty)44 b Fu(ev)-5 b(aluation)33
b(stac)m(k,)k(then)e(the)h(structural)e(op)s(erational)f(seman)m(tics)
283 1957 y(can)39 b(mak)m(e)g(a)f(similar)d(c)m(hange)40
b(of)e(con\014gurations.)60 b(Note)39 b(that)f Fw(AM)h
Fu(ma)m(y)f(ha)m(v)m(e)i(to)e(mak)m(e)283 2078 y(more)e(than)g(one)h
(step)g(to)f(arriv)m(e)g(at)g(a)g(con\014guration)g(with)g(an)g(empt)m
(y)h(stac)m(k,)h(due)f(to)f(the)283 2198 y(w)m(a)m(y)48
b(it)e(ev)-5 b(aluates)47 b(expressions;)56 b(in)46 b(the)h(structural)
f(op)s(erational)f(seman)m(tics,)50 b(ho)m(w)m(ev)m(er,)283
2319 y(expressions)35 b(are)d(ev)-5 b(aluated)33 b(as)f(part)h(of)f(a)g
(single)g(step.)283 2635 y Fw(Exercise)37 b(3.27)49 b
Fu(**)32 b(Assume)h(that)g Fo(\015)1734 2650 y Fn(sos)1861
2635 y Ft(\031)g Fo(\015)2039 2599 y Fn(1)2027 2660 y(am)2158
2635 y Fu(and)527 2893 y Fo(\015)595 2857 y Fn(1)583
2918 y(am)714 2893 y Fh(\003)g Fo(\015)892 2857 y Fn(2)880
2918 y(am)1011 2893 y Fh(\003)g Ft(\001)17 b(\001)g(\001)31
b Fh(\003)i Fo(\015)1447 2857 y Fn(k)1436 2918 y(am)283
3152 y Fu(where)e(k)p Fo(>)p Fu(1)e(and)h(only)f Fo(\015)1232
3116 y Fn(1)1221 3177 y(am)1348 3152 y Fu(and)g Fo(\015)1602
3116 y Fn(k)1590 3177 y(am)1718 3152 y Fu(ha)m(v)m(e)h(empt)m(y)g(ev)-5
b(aluation)28 b(stac)m(ks)j(\(that)e(is,)g(are)h(of)e(the)283
3272 y(form)k Ft(h)p Fs(c)6 b Fu(,)32 b Fo(")o Fu(,)h
Fs(s)8 b Ft(i)p Fu(\).)43 b(Sho)m(w)34 b(that)e(there)h(exists)h(a)e
(con\014guration)g Fo(\015)2679 3236 y Fi(0)2679 3297
y Fn(sos)2806 3272 y Fu(suc)m(h)i(that)527 3531 y Fo(\015)583
3546 y Fn(sos)711 3531 y Ft(\))e Fo(\015)899 3495 y Fi(0)899
3555 y Fn(sos)1027 3531 y Fu(and)g Fo(\015)1272 3495
y Fi(0)1272 3555 y Fn(sos)1400 3531 y Ft(\031)h Fo(\015)1578
3495 y Fn(k)1566 3555 y(am)283 3789 y Fu(Argue)g(that)g(this)f(means)h
(that)f(if)f Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)2243
3753 y Fi(\003)2315 3789 y Ft(h)p Fo(")o Fu(,)h Fo(")o
Fu(,)g Fs(s)2612 3753 y Fi(0)2635 3789 y Ft(i)g Fu(then)g
Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(\))3313
3753 y Fi(\003)3385 3789 y Fs(s)3433 3753 y Fi(0)3456
3789 y Fu(.)198 b Fh(2)283 4095 y Fw(Exercise)37 b(3.28)49
b Fu(Sho)m(w)e(that)f(Exercises)i(3.26)d(and)i(3.27)e(together)i
(constitute)f(a)g(direct)283 4215 y(pro)s(of)32 b(of)g
Ft(S)717 4230 y Fn(sos)812 4215 y Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])33 b(=)f Ft(S)1163 4230 y Fn(am)1261 4215
y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(for)f(all)e(statemen)m
(ts)k Fs(S)44 b Fu(of)32 b Fw(While)p Fu(.)912 b Fh(2)430
4520 y Fu(The)41 b(success)i(of)d(this)g(approac)m(h)h(relies)e(on)i
(the)f(t)m(w)m(o)h(seman)m(tics)g(pro)s(ceeding)f(in)g
Fs(lo)-5 b(ck-)283 4641 y(step)p Fu(:)51 b(that)36 b(one)h(is)f(able)f
(to)h(\014nd)h(con\014gurations)f(in)f(the)i(t)m(w)m(o)g(deriv)-5
b(ation)35 b(sequences)k(that)283 4761 y(corresp)s(ond)e(to)f(one)g
(another)g(\(as)h(sp)s(eci\014ed)f(b)m(y)h(the)g(bisim)m(ulation)32
b(relation\).)52 b(Often)36 b(this)283 4882 y(is)41 b(not)g(p)s
(ossible)f(and)i(then)f(one)h(has)f(to)g(raise)g(the)g(lev)m(el)g(of)f
(abstraction)h(for)f(one)i(of)e(the)283 5002 y(seman)m(tics.)h(This)23
b(is)g(exactly)h(what)f(happ)s(ens)i(when)f(the)g(structural)f(op)s
(erational)e(seman)m(tics)283 5122 y(is)31 b(replaced)g(b)m(y)h(the)f
(natural)f(seman)m(tics:)43 b(w)m(e)31 b(do)g(not)g(care)g(ab)s(out)g
(the)g(individual)d(steps)k(of)283 5243 y(the)h(execution)h(but)f(only)
f(on)g(the)h(result.)430 5374 y(The)27 b(pro)s(of)f(tec)m(hnique)i
(emplo)m(y)m(ed)f(in)e(the)i(ab)s(o)m(v)m(e)g(sk)m(etc)m(h)i(of)d(pro)s
(of)g(ma)m(y)g(b)s(e)h(summarized)283 5494 y(as)33 b(follo)m(ws:)p
eop
%%Page: 83 93
83 92 bop 0 130 a Fw(3.4)112 b(An)38 b(alternativ)m(e)e(pro)s(of)i(tec)
m(hnique)1593 b(83)p 0 193 3473 4 v 0 419 3470 4 v 0
436 V -2 643 4 208 v 15 643 V 1088 564 a(Pro)s(of)32
b(Summary)g(for)h(While)p Fu(:)p 3452 643 V 3469 643
V -2 851 V 15 851 V 513 772 a Fw(Correctness)g(of)g(Implemen)m(tation)d
(using)i(Bisim)m(ulation)p 3452 851 V 3469 851 V 0 854
3470 4 v -2 1464 4 610 v 15 1464 V 66 1020 a Fu(1:)143
b(Pro)m(v)m(e)36 b(that)e(one)g(step)h(in)e(the)i(structural)f(op)s
(erational)e(seman)m(tics)i(can)g(b)s(e)h(sim)m(u-)285
1140 y(lated)j(b)m(y)i(a)f(non-empt)m(y)g(sequence)i(of)d(steps)j(on)d
(the)i(abstract)f(mac)m(hine.)61 b(Sho)m(w)285 1260 y(that)56
b(this)f(extends)j(to)d(sequences)k(of)c(steps)i(in)e(the)h(structural)
g(op)s(erational)285 1381 y(seman)m(tics.)p 3452 1464
V 3469 1464 V -2 1993 4 529 v 15 1993 V 66 1549 a(2:)143
b(Pro)m(v)m(e)44 b(that)e(a)f(carefully)g(selected)j(non-empt)m(y)e
(sequence)i(of)e(steps)h(on)f(the)h(ab-)285 1669 y(stract)d(mac)m(hine)
e(can)h(b)s(e)g(sim)m(ulated)f(b)m(y)i(a)f(step)g(in)g(the)g
(structural)g(op)s(erational)285 1789 y(seman)m(tics.)49
b(Sho)m(w)35 b(that)f(this)g(extends)i(to)e(more)g(general)g(sequences)
j(of)d(steps)h(on)285 1910 y(the)e(abstract)g(mac)m(hine.)p
3452 1993 V 3469 1993 V 0 1996 3470 4 v 0 2013 V 0 2209
a(Again,)41 b(this)g(metho)s(d)f(needs)i(to)e(b)s(e)g(mo)s(di\014ed)g
(when)h(considering)f(a)g(programming)e(lan-)0 2329 y(guage)32
b(with)h(additional)c(constructs)34 b(or)f(a)f(di\013eren)m(t)h
(abstract)g(mac)m(hine.)0 2557 y Fw(Exercise)j(3.29)49
b Fu(*)34 b(Consider)f(the)h(follo)m(wing,)e(seemingly)g(inno)s(cen)m
(t,)i(mo)s(di\014cation)d(of)i(the)0 2678 y(structural)e(op)s
(erational)d(seman)m(tics)j(of)g(T)-8 b(able)30 b(2.2)h(in)f(whic)m(h)h
([while)2571 2693 y Fn(sos)2666 2678 y Fu(])g(is)f(replaced)h(b)m(y)h
(the)0 2798 y(t)m(w)m(o)h(axioms:)244 3001 y Ft(h)p Fr(while)g
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
b(\))f(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33
b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fu(if)g Ft(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32
b Fw(tt)244 3169 y Ft(h)p Fr(while)h Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f Fs(s)878
b Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0 3372 y Fu(Sho)m(w)h(that)g(the)g
(mo)s(di\014ed)e(seman)m(tic)h(function,)h Ft(S)1916
3336 y Fi(0)1916 3397 y Fn(sos)2011 3372 y Fu(,)g(satis\014es)244
3576 y Ft(S)312 3591 y Fn(sos)407 3576 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])33 b(=)g Ft(S)758 3540 y Fi(0)758
3600 y Fn(sos)853 3576 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])33 b(for)f(all)f(statemen)m(ts)i Fs(S)45 b Fu(of)32
b Fw(While)0 3779 y Fu(In)m(v)m(estigate)h(whether)h(or)d(not)h(this)g
(complicates)f(the)h(pro)s(ofs)g(of)g(\(analogues)f(of)7
b(\))32 b(Exercises)0 3900 y(3.26)g(and)h(3.27.)2801
b Fh(2)p eop
%%Page: 84 94
84 93 bop 251 130 a Fw(84)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v eop
%%Page: 85 95
85 94 bop 0 1184 a Fv(Chapter)78 b(4)0 1604 y(Denotational)g(Seman)-6
b(tics)0 2062 y Fu(In)45 b(the)g(op)s(erational)d(approac)m(h)j(w)m(e)h
(w)m(ere)g(in)m(terested)g(in)e Fs(how)54 b Fu(a)45 b(program)e(is)h
(executed.)0 2182 y(This)37 b(is)g(con)m(trary)h(to)f(the)h
(denotational)d(approac)m(h)j(where)g(w)m(e)h(are)e(merely)g(in)m
(terested)h(in)0 2302 y(the)32 b Fs(e\013e)-5 b(ct)40
b Fu(of)30 b(executing)i(a)f(program.)42 b(By)31 b(e\013ect)h(w)m(e)g
(here)g(mean)f(an)g(asso)s(ciation)e(b)s(et)m(w)m(een)0
2423 y(initial)k(states)38 b(and)e(\014nal)g(states.)57
b(The)38 b(idea)e(then)h(is)g(to)f(de\014ne)i(a)e Fs(semantic)i
(function)44 b Fu(for)0 2543 y(eac)m(h)27 b Fs(syntactic)j(c)-5
b(ate)g(gory)p Fu(.)41 b(It)27 b(maps)f(eac)m(h)h Fs(syntactic)j(c)-5
b(onstruct)36 b Fu(to)26 b(a)h Fs(mathematic)-5 b(al)28
b(obje)-5 b(ct)p Fu(,)0 2664 y(often)33 b(a)f(function,)g(that)g
(describ)s(es)i(the)f(e\013ect)g(of)g(executing)g(that)f(construct.)146
2789 y(The)i(hallmark)c(of)i(denotational)e(seman)m(tics)j(is)f(that)g
(seman)m(tic)g(functions)h(are)f(de\014ned)0 2909 y Fs(c)-5
b(omp)g(ositional)5 b(ly)p Fu(,)31 b(that)i(is)145 3137
y Ft(\017)49 b Fu(there)d(is)e(a)h(seman)m(tic)g(clause)g(for)g(eac)m
(h)h(of)e(the)i(basis)f(elemen)m(ts)g(of)g(the)h(syn)m(tactic)244
3257 y(category)-8 b(,)33 b(and)145 3485 y Ft(\017)49
b Fu(for)32 b(eac)m(h)h(metho)s(d)f(of)f(constructing)i(a)f(comp)s
(osite)f(elemen)m(t)h(\(in)g(the)g(syn)m(tactic)i(cate-)244
3605 y(gory\))40 b(there)i(is)e(a)g(seman)m(tic)g(clause)h(de\014ned)h
(in)e(terms)g(of)h(the)g(seman)m(tic)f(function)244 3726
y(applied)31 b(to)i(the)g(immediate)c(constituen)m(ts)34
b(of)e(the)h(comp)s(osite)f(elemen)m(t.)0 3953 y(The)j(functions)e
Ft(A)h Fu(and)f Ft(B)k Fu(de\014ned)f(in)d(Chapter)h(1)f(are)h
(examples)g(of)f(denotational)f(de\014ni-)0 4073 y(tions:)51
b(the)36 b(mathematical)e(ob)5 b(jects)37 b(asso)s(ciated)g(with)f
(arithmetic)e(expressions)k(are)e(func-)0 4194 y(tions)26
b(in)f Fw(State)33 b Ft(!)f Fw(Z)27 b Fu(and)f(those)h(asso)s(ciated)g
(with)e(b)s(o)s(olean)g(expressions)j(are)f(functions)f(in)0
4314 y Fw(State)33 b Ft(!)f Fw(T)p Fu(.)42 b(The)29 b(functions)f
Ft(S)1247 4329 y Fn(ns)1347 4314 y Fu(and)g Ft(S)1600
4329 y Fn(sos)1724 4314 y Fu(asso)s(ciate)g(mathematical)d(ob)5
b(jects)29 b(with)f(eac)m(h)0 4435 y(statemen)m(t,)43
b(namely)d(partial)f(functions)h(in)g Fw(State)h Fo(,)-17
b Ft(!)41 b Fw(State)p Fu(.)68 b(Ho)m(w)m(ev)m(er,)45
b(they)d(are)e Fs(not)0 4555 y Fu(examples)28 b(of)g(denotational)e
(de\014nitions)i(b)s(ecause)i(they)f(are)f Fs(not)38
b Fu(de\014ned)29 b(comp)s(ositionally)-8 b(.)0 4918
y Fj(4.1)161 b(Direct)53 b(st)l(yle)g(seman)l(tics:)70
b(sp)t(eci\014cation)0 5147 y Fu(The)32 b(e\013ect)g(of)f(executing)h
(a)f(statemen)m(t)g Fs(S)43 b Fu(is)31 b(to)g(c)m(hange)h(the)g(state)f
(so)h(w)m(e)g(shall)e(de\014ne)i(the)0 5267 y(meaning)f(of)h
Fs(S)45 b Fu(to)32 b(b)s(e)h(a)f(partial)e(function)i(on)h(states:)244
5494 y Ft(S)312 5509 y Fn(ds)383 5494 y Fu(:)43 b Fw(Stm)32
b Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p
Fu(\))1687 5849 y(85)p eop
%%Page: 86 96
86 95 bop 251 130 a Fw(86)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1501
4 1083 v 666 519 a Ft(S)733 534 y Fn(ds)805 519 y Fu([)-17
b([)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(s)40
b Fu(=)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(])666 710 y
Ft(S)733 725 y Fn(ds)805 710 y Fu([)-17 b([)p Fr(skip)p
Fu(])g(])34 b(=)f(id)666 901 y Ft(S)733 916 y Fn(ds)805
901 y Fu([)-17 b([)p Fs(S)909 916 y Fn(1)981 901 y Fu(;)33
b Fs(S)1108 916 y Fn(2)1147 901 y Fu(])-17 b(])33 b(=)f
Ft(S)1393 916 y Fn(ds)1464 901 y Fu([)-17 b([)q Fs(S)1569
916 y Fn(2)1608 901 y Fu(])g(])33 b Ft(\016)g(S)1828
916 y Fn(ds)1900 901 y Fu([)-17 b([)p Fs(S)2004 916 y
Fn(1)2043 901 y Fu(])g(])666 1092 y Ft(S)733 1107 y Fn(ds)805
1092 y Fu([)g([)p Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)1365
1107 y Fn(1)1437 1092 y Fr(else)h Fs(S)1742 1107 y Fn(2)1781
1092 y Fu(])-17 b(])33 b(=)f(cond\()p Ft(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)2520 1107 y Fn(ds)2591
1092 y Fu([)-17 b([)q Fs(S)2696 1107 y Fn(1)2735 1092
y Fu(])g(],)33 b Ft(S)2900 1107 y Fn(ds)2971 1092 y Fu([)-17
b([)q Fs(S)3076 1107 y Fn(2)3115 1092 y Fu(])g(]\))666
1284 y Ft(S)733 1299 y Fn(ds)805 1284 y Fu([)g([)p Fr(while)34
b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g(FIX)f
Fs(F)1138 1451 y Fu(where)i Fs(F)45 b(g)c Fu(=)33 b(cond\()p
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b
Fs(g)41 b Ft(\016)33 b(S)2453 1466 y Fn(ds)2524 1451
y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))p
3753 1501 V 283 1504 3473 4 v 1054 1665 a(T)-8 b(able)33
b(4.1:)43 b(Denotational)30 b(seman)m(tics)i(for)h Fw(While)283
1920 y Fu(This)k(is)f(also)g(the)h(functionalit)m(y)e(of)h
Ft(S)1743 1935 y Fn(ns)1850 1920 y Fu(and)h Ft(S)2112
1935 y Fn(sos)2244 1920 y Fu(and)f(the)h(need)h(for)e(partialit)m(y)e
(is)i(again)283 2041 y(demonstrated)26 b(b)m(y)g(the)g(statemen)m(t)f
Fr(while)i(true)f(do)g(skip)p Fu(.)42 b(The)26 b(de\014nition)e(is)h
(summarized)283 2161 y(in)38 b(T)-8 b(able)39 b(4.1)f(and)h(w)m(e)g
(explain)f(it)g(in)g(detail)f(b)s(elo)m(w;)k(in)d(particular,)h(w)m(e)g
(shall)f(de\014ne)h(the)283 2281 y Fs(auxiliary)c(functions)40
b Fu(`cond')34 b(and)e(FIX.)430 2402 y(F)-8 b(or)32 b(assignmen)m(t)g
(the)h(clause)527 2590 y Ft(S)595 2605 y Fn(ds)666 2590
y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17
b(])q Fs(s)40 b Fu(=)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283
2778 y(ensures)34 b(that)e(if)f Ft(S)993 2793 y Fn(ds)1064
2778 y Fu([)-17 b([)q Fs(x)43 b Fu(:=)32 b Fs(a)7 b Fu(])-17
b(])q Fs(s)40 b Fu(=)32 b Fs(s)1656 2741 y Fi(0)1711
2778 y Fu(then)h Fs(s)1981 2741 y Fi(0)2036 2778 y Fs(x)44
b Fu(=)31 b Ft(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])p
Fs(s)40 b Fu(and)32 b Fs(s)2761 2741 y Fi(0)2817 2778
y Fs(y)41 b Fu(=)32 b Fs(s)40 b(y)g Fu(for)32 b Fs(y)9
b Ft(6)p Fu(=)p Fs(x)j Fu(.)43 b(The)283 2898 y(clause)35
b(for)g Fr(skip)h Fu(expresses)h(that)e(no)g(state)g(c)m(hange)h(tak)m
(es)g(place:)47 b(the)36 b(function)e(id)g(is)g(the)283
3018 y(iden)m(tit)m(y)f(function)f(on)g Fw(State)h Fu(so)g
Ft(S)1637 3033 y Fn(ds)1708 3018 y Fu([)-17 b([)p Fr(skip)p
Fu(])g(])r Fs(s)41 b Fu(=)32 b Fs(s)8 b Fu(.)430 3139
y(F)-8 b(or)32 b(sequencing)i(the)f(clause)f(is)527 3327
y Ft(S)595 3342 y Fn(ds)666 3327 y Fu([)-17 b([)q Fs(S)771
3342 y Fn(1)843 3327 y Fu(;)32 b Fs(S)969 3342 y Fn(2)1009
3327 y Fu(])-17 b(])33 b(=)f Ft(S)1255 3342 y Fn(ds)1326
3327 y Fu([)-17 b([)q Fs(S)1431 3342 y Fn(2)1470 3327
y Fu(])g(])33 b Ft(\016)f(S)1690 3342 y Fn(ds)1761 3327
y Fu([)-17 b([)q Fs(S)1866 3342 y Fn(1)1905 3327 y Fu(])g(])283
3515 y(So)42 b(the)g(e\013ect)h(of)e(executing)i Fs(S)1505
3530 y Fn(1)1586 3515 y Fu(;)j Fs(S)1726 3530 y Fn(2)1807
3515 y Fu(is)41 b(the)i(functional)d(comp)s(osition)f(of)i(the)i
(e\013ect)f(of)283 3635 y(executing)26 b Fs(S)779 3650
y Fn(1)843 3635 y Fu(and)e(that)h(of)f(executing)i Fs(S)1827
3650 y Fn(2)1866 3635 y Fu(.)41 b(F)-8 b(unctional)22
b(comp)s(osition)h(is)h(de\014ned)i(suc)m(h)g(that)283
3755 y(if)31 b(one)h(of)f(the)h(functions)g(is)f(unde\014ned)j(on)e(a)f
(giv)m(en)h(argumen)m(t)f(then)i(their)e(comp)s(osition)e(is)283
3876 y(unde\014ned)35 b(as)e(w)m(ell.)42 b(Giv)m(en)33
b(a)f(state)h Fs(s)8 b Fu(,)33 b(w)m(e)g(therefore)h(ha)m(v)m(e)527
4064 y Ft(S)595 4079 y Fn(ds)666 4064 y Fu([)-17 b([)q
Fs(S)771 4079 y Fn(1)843 4064 y Fu(;)32 b Fs(S)969 4079
y Fn(2)1009 4064 y Fu(])-17 b(])p Fs(s)846 4228 y Fu(=)99
b(\()p Ft(S)1127 4243 y Fn(ds)1198 4228 y Fu([)-17 b([)q
Fs(S)1303 4243 y Fn(2)1342 4228 y Fu(])g(])33 b Ft(\016)g(S)1562
4243 y Fn(ds)1634 4228 y Fu([)-17 b([)p Fs(S)1738 4243
y Fn(1)1777 4228 y Fu(])g(])q(\))p Fs(s)846 4735 y Fu(=)1021
4312 y Fg(8)1021 4386 y(>)1021 4411 y(>)1021 4436 y(>)1021
4461 y(>)1021 4486 y(>)1021 4511 y(>)1021 4536 y(>)1021
4561 y(>)1021 4586 y(>)1021 4611 y(>)1021 4635 y(<)1021
4785 y(>)1021 4810 y(>)1021 4835 y(>)1021 4860 y(>)1021
4885 y(>)1021 4909 y(>)1021 4934 y(>)1021 4959 y(>)1021
4984 y(>)1021 5009 y(>)1021 5034 y(:)1137 4399 y Fs(s)1185
4363 y Fi(00)1455 4399 y Fu(if)32 b(there)h(exists)h
Fs(s)2112 4363 y Fi(0)2167 4399 y Fu(suc)m(h)g(that)f
Ft(S)2667 4414 y Fn(ds)2738 4399 y Fu([)-17 b([)p Fs(S)2842
4414 y Fn(1)2882 4399 y Fu(])g(])p Fs(s)41 b Fu(=)32
b Fs(s)3156 4363 y Fi(0)1455 4567 y Fu(and)h Ft(S)1713
4582 y Fn(ds)1784 4567 y Fu([)-17 b([)q Fs(S)1889 4582
y Fn(2)1928 4567 y Fu(])g(])q Fs(s)2014 4531 y Fi(0)2069
4567 y Fu(=)33 b Fs(s)2226 4531 y Fi(00)1137 4734 y Fu(undef)p
1137 4747 236 4 v 83 w(if)f Ft(S)1613 4749 y Fn(ds)1684
4734 y Fu([)-17 b([)p Fs(S)1788 4749 y Fn(1)1828 4734
y Fu(])g(])p Fs(s)41 b Fu(=)32 b(undef)p 2054 4747 V
1455 4902 a(or)h(if)e(there)i(exists)h Fs(s)2231 4866
y Fi(0)2287 4902 y Fu(suc)m(h)g(that)e Ft(S)2786 4917
y Fn(ds)2857 4902 y Fu([)-17 b([)q Fs(S)2962 4917 y Fn(1)3001
4902 y Fu(])g(])p Fs(s)41 b Fu(=)32 b Fs(s)3275 4866
y Fi(0)1455 5070 y Fu(but)h Ft(S)1702 5085 y Fn(ds)1773
5070 y Fu([)-17 b([)q Fs(S)1878 5085 y Fn(2)1917 5070
y Fu(])g(])q Fs(s)2003 5033 y Fi(0)2059 5070 y Fu(=)32
b(undef)p 2167 5083 V 283 5254 a(It)46 b(follo)m(ws)f(that)h(the)g
(sequencing)h(construct)g(will)d(only)h(giv)m(e)h(a)f(de\014ned)j
(result)d(if)g(b)s(oth)283 5374 y(comp)s(onen)m(ts)34
b(do.)430 5494 y(F)-8 b(or)32 b(conditional)e(the)j(clause)f(is)p
eop
%%Page: 87 97
87 96 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50
b(sp)s(eci\014cation)1342 b(87)p 0 193 3473 4 v 244 515
a Ft(S)312 530 y Fn(ds)383 515 y Fu([)-17 b([)p Fr(if)34
b Fs(b)k Fr(then)c Fs(S)944 530 y Fn(1)1015 515 y Fr(else)g
Fs(S)1320 530 y Fn(2)1359 515 y Fu(])-17 b(])33 b(=)g(cond\()p
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b
Ft(S)2098 530 y Fn(ds)2169 515 y Fu([)-17 b([)q Fs(S)2274
530 y Fn(1)2313 515 y Fu(])g(])q(,)32 b Ft(S)2478 530
y Fn(ds)2549 515 y Fu([)-17 b([)q Fs(S)2654 530 y Fn(2)2693
515 y Fu(])g(])q(\))0 715 y(and)33 b(the)g(auxiliary)d(function)i
(`cond')h(has)g(functionalit)m(y)244 915 y(cond:)44 b(\()p
Fw(State)32 b Ft(!)h Fw(T)p Fu(\))f Ft(\002)h Fu(\()p
Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))g Ft(\002)g
Fu(\()p Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))515
1082 y Ft(!)f Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b
Fw(State)p Fu(\))0 1282 y(and)h(is)f(de\014ned)i(b)m(y)244
1563 y(cond\()p Fs(p)6 b Fu(,)33 b Fs(g)652 1578 y Fn(1)691
1563 y Fu(,)f Fs(g)804 1578 y Fn(2)843 1563 y Fu(\))h
Fs(s)41 b Fu(=)1103 1389 y Fg(8)1103 1464 y(<)1103 1613
y(:)1218 1479 y Fs(g)1272 1494 y Fn(1)1344 1479 y Fs(s)91
b Fu(if)31 b Fs(p)39 b(s)h Fu(=)33 b Fw(tt)1218 1646
y Fs(g)1272 1661 y Fn(2)1344 1646 y Fs(s)91 b Fu(if)31
b Fs(p)39 b(s)h Fu(=)33 b Fw(\013)0 1845 y Fu(The)e(\014rst)g
(parameter)f(to)f(`cond')i(is)f(a)g(function)g(that,)g(when)i(supplied)
e(with)f(an)i(argumen)m(t,)0 1965 y(will)d(select)i(either)g(the)h
(second)g(or)f(the)g(third)f(parameter)h(of)f(`cond')i(and)f(then)h
(supply)g(that)0 2085 y(parameter)h(with)g(the)h(same)g(argumen)m(t.)43
b(Th)m(us)34 b(w)m(e)g(ha)m(v)m(e)244 2285 y Ft(S)312
2300 y Fn(ds)383 2285 y Fu([)-17 b([)p Fr(if)34 b Fs(b)k
Fr(then)c Fs(S)944 2300 y Fn(1)1015 2285 y Fr(else)g
Fs(S)1320 2300 y Fn(2)1359 2285 y Fu(])-17 b(])33 b Fs(s)530
2450 y Fu(=)99 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(],)33 b Ft(S)1266 2465 y Fn(ds)1337 2450
y Fu([)-17 b([)q Fs(S)1442 2465 y Fn(1)1481 2450 y Fu(])g(],)33
b Ft(S)1646 2465 y Fn(ds)1717 2450 y Fu([)-17 b([)q Fs(S)1822
2465 y Fn(2)1861 2450 y Fu(])g(])q(\))32 b Fs(s)530 2870
y Fu(=)705 2546 y Fg(8)705 2621 y(>)705 2646 y(>)705
2670 y(>)705 2695 y(>)705 2720 y(>)705 2745 y(>)705 2770
y(<)705 2920 y(>)705 2944 y(>)705 2969 y(>)705 2994 y(>)705
3019 y(>)705 3044 y(>)705 3069 y(:)821 2617 y Fs(s)869
2581 y Fi(0)1139 2617 y Fu(if)g Ft(B)s Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h
Ft(S)1990 2632 y Fn(ds)2061 2617 y Fu([)-17 b([)p Fs(S)2165
2632 y Fn(1)2205 2617 y Fu(])g(])p Fs(s)41 b Fu(=)32
b Fs(s)2479 2581 y Fi(0)1139 2785 y Fu(or)h(if)e Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33
b Fw(\013)g Fu(and)f Ft(S)2087 2800 y Fn(ds)2158 2785
y Fu([)-17 b([)q Fs(S)2263 2800 y Fn(2)2302 2785 y Fu(])g(])q
Fs(s)40 b Fu(=)33 b Fs(s)2577 2749 y Fi(0)821 2953 y
Fu(undef)p 821 2966 236 4 v 83 w(if)f Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g
Fu(and)h Ft(S)1990 2968 y Fn(ds)2061 2953 y Fu([)-17
b([)p Fs(S)2165 2968 y Fn(1)2205 2953 y Fu(])g(])p Fs(s)41
b Fu(=)32 b(undef)p 2431 2966 V 1139 3120 a(or)h(if)e
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40
b Fu(=)33 b Fw(\013)g Fu(and)f Ft(S)2087 3135 y Fn(ds)2158
3120 y Fu([)-17 b([)q Fs(S)2263 3135 y Fn(2)2302 3120
y Fu(])g(])q Fs(s)40 b Fu(=)33 b(undef)p 2529 3133 V
0 3313 a(So)f(if)e(the)j(selected)g(branc)m(h)f(giv)m(es)h(a)e
(de\014ned)j(result)d(then)i(so)f(do)s(es)g(the)h(conditional.)40
b(Note)0 3434 y(that)32 b(since)h Ft(B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])33 b(is)g(a)f(total)f(function,)h
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40
b Fu(cannot)33 b(b)s(e)g(undef)p 2227 3447 V(.)146 3554
y(De\014ning)38 b(the)i(e\013ect)g(of)e Fr(while)i Fs(b)45
b Fr(do)39 b Fs(S)51 b Fu(is)38 b(a)h(ma)5 b(jor)38 b(task.)63
b(T)-8 b(o)39 b(motiv)-5 b(ate)37 b(the)i(actual)0 3674
y(de\014nition)32 b(w)m(e)h(\014rst)g(observ)m(e)i(that)d(the)h
(e\013ect)g(of)f Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)44
b Fu(m)m(ust)33 b(equal)f(that)h(of)244 3874 y Fr(if)g
Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)0
4074 y Fu(Using)e(the)h(parts)g(of)f Ft(S)871 4089 y
Fn(ds)975 4074 y Fu(that)g(ha)m(v)m(e)i(already)e(b)s(een)h(de\014ned,)
h(this)f(giv)m(es)269 4241 y Ft(S)337 4256 y Fn(ds)408
4241 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(])-17 b(])33 b(=)f(cond\()p Ft(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)1758 4256 y Fn(ds)1830
4241 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(])-17 b(])33 b Ft(\016)f(S)2662 4256 y
Fn(ds)2733 4241 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32
b(id\))294 b(\(*\))0 4409 y(Note)35 b(that)f(w)m(e)i(cannot)f(use)h
(\(*\))e(as)h(the)g(de\014nition)f(of)g Ft(S)2158 4424
y Fn(ds)2229 4409 y Fu([)-17 b([)q Fr(while)36 b Fs(b)k
Fr(do)c Fs(S)12 b Fu(])-17 b(])35 b(b)s(ecause)h(then)0
4529 y Ft(S)68 4544 y Fn(ds)172 4529 y Fu(w)m(ould)c
Fs(not)42 b Fu(b)s(e)33 b(a)f(comp)s(ositional)d(de\014nition.)43
b(Ho)m(w)m(ev)m(er,)35 b(\(*\))d(expresses)j(that)244
4729 y Ft(S)312 4744 y Fn(ds)383 4729 y Fu([)-17 b([)p
Fr(while)31 b Fs(b)k Fr(do)30 b Fs(S)12 b Fu(])-17 b(])30
b(m)m(ust)f(b)s(e)g(a)g Fs(\014xe)-5 b(d)32 b(p)-5 b(oint)29
b Fu(of)f(the)i(functional)e Fs(F)42 b Fu(de\014ned)31
b(b)m(y)458 4931 y Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p
Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)41
b Ft(\016)33 b(S)1491 4946 y Fn(ds)1563 4931 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))0 5133 y(that)39
b(is)g Ft(S)391 5148 y Fn(ds)462 5133 y Fu([)-17 b([)q
Fr(while)41 b Fs(b)k Fr(do)40 b Fs(S)12 b Fu(])-17 b(])40
b(=)g Fs(F)52 b Fu(\()p Ft(S)1510 5148 y Fn(ds)1581 5133
y Fu([)-17 b([)q Fr(while)41 b Fs(b)k Fr(do)40 b Fs(S)12
b Fu(])-17 b(])q(\).)64 b(In)40 b(this)f(w)m(a)m(y)i(w)m(e)g(will)c
(get)j(a)0 5254 y(comp)s(ositional)28 b(de\014nition)j(of)g
Ft(S)1231 5269 y Fn(ds)1334 5254 y Fu(b)s(ecause)i(when)g(de\014ning)f
Fs(F)44 b Fu(w)m(e)33 b(only)e(apply)h Ft(S)3116 5269
y Fn(ds)3219 5254 y Fu(to)f(the)0 5374 y(immediate)g(constituen)m(ts)k
(of)f Fr(while)h Fs(b)k Fr(do)c Fs(S)45 b Fu(and)34 b(not)g(to)g(the)g
(construct)h(itself.)46 b(Th)m(us)35 b(w)m(e)0 5494 y(write)p
eop
%%Page: 88 98
88 97 bop 251 130 a Fw(88)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(S)595
530 y Fn(ds)666 515 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k
Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g(FIX)f Fs(F)704
683 y Fu(where)i Fs(F)45 b(g)c Fu(=)33 b(cond\()p Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Fs(g)41
b Ft(\016)33 b(S)2019 698 y Fn(ds)2090 683 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 897 y(to)i(indicate)e
(that)i Ft(S)1053 912 y Fn(ds)1125 897 y Fu([)-17 b([)p
Fr(while)35 b Fs(b)k Fr(do)c Fs(S)12 b Fu(])-17 b(])33
b(is)h(a)f(\014xed)i(p)s(oin)m(t)d(of)h Fs(F)13 b Fu(.)34
b(The)h(functionalit)m(y)c(of)i(the)283 1017 y(auxiliary)e(function)h
(FIX)g(is)527 1231 y(FIX:)h(\(\()p Fw(State)f Fo(,)-17
b Ft(!)33 b Fw(State)p Fu(\))g Ft(!)f Fu(\()p Fw(State)g
Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\)\))f Ft(!)g Fu(\()p
Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))283
1477 y Fw(Example)k(4.1)49 b Fu(Consider)33 b(the)g(statemen)m(t)527
1691 y Fr(while)h Ft(:)q Fu(\()p Fr(x)e Fu(=)h Fr(0)p
Fu(\))f Fr(do)h(skip)283 1905 y Fu(It)g(is)f(easy)i(to)e(v)m(erify)h
(that)f(the)h(corresp)s(onding)g(functional)e Fs(F)2633
1868 y Fi(0)2689 1905 y Fu(is)h(de\014ned)i(b)m(y)527
2200 y(\()p Fs(F)642 2164 y Fi(0)698 2200 y Fs(g)9 b
Fu(\))32 b Fs(s)41 b Fu(=)1011 2026 y Fg(8)1011 2101
y(<)1011 2250 y(:)1126 2116 y Fs(g)g(s)92 b Fu(if)31
b Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h Fw(0)1126 2283 y
Fs(s)178 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h Fw(0)283
2496 y Fu(The)h(function)e Fs(g)920 2511 y Fn(1)992 2496
y Fu(de\014ned)i(b)m(y)527 2791 y Fs(g)581 2806 y Fn(1)653
2791 y Fs(s)40 b Fu(=)842 2617 y Fg(8)842 2692 y(<)842
2841 y(:)957 2707 y Fu(undef)p 957 2720 236 4 v 84 w(if)31
b Fs(s)41 b Fr(x)33 b Ft(6)p Fu(=)f Fw(0)957 2874 y Fs(s)279
b Fu(if)31 b Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)283 3091
y Fu(is)h(a)f(\014xed)i(p)s(oin)m(t)d(of)h Fs(F)1141
3055 y Fi(0)1197 3091 y Fu(b)s(ecause)577 3386 y(\()p
Fs(F)692 3350 y Fi(0)748 3386 y Fs(g)802 3401 y Fn(1)841
3386 y Fu(\))g Fs(s)108 b Fu(=)1235 3212 y Fg(8)1235
3287 y(<)1235 3436 y(:)1350 3302 y Fs(g)1404 3317 y Fn(1)1475
3302 y Fs(s)91 b Fu(if)32 b Fs(s)41 b Fr(x)32 b Ft(6)p
Fu(=)h Fw(0)1350 3469 y Fs(s)216 b Fu(if)32 b Fs(s)41
b Fr(x)32 b Fu(=)h Fw(0)1059 3739 y Fu(=)1235 3564 y
Fg(8)1235 3639 y(<)1235 3789 y(:)1350 3654 y Fu(undef)p
1350 3667 V 84 w(if)e Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h
Fw(0)1350 3822 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)32
b Fu(=)h Fw(0)1059 3947 y Fu(=)100 b Fs(g)1289 3962 y
Fn(1)1360 3947 y Fs(s)283 4155 y Fu(Next)34 b(w)m(e)g(claim)c(that)i
(the)h(function)f Fs(g)1741 4170 y Fn(2)1813 4155 y Fu(de\014ned)i(b)m
(y)527 4369 y Fs(g)581 4384 y Fn(2)653 4369 y Fs(s)40
b Fu(=)33 b(undef)p 842 4382 V 33 w(for)f(all)f Fs(s)283
4583 y Fu(cannot)39 b(b)s(e)g(a)f(\014xed)h(p)s(oin)m(t)f(for)g
Fs(F)1569 4546 y Fi(0)1592 4583 y Fu(.)61 b(The)39 b(reason)g(is)f
(that)g(if)g Fs(s)2661 4546 y Fi(0)2722 4583 y Fu(is)g(a)g(state)h
(with)f Fs(s)3434 4546 y Fi(0)3496 4583 y Fr(x)h Fu(=)f
Fw(0)283 4703 y Fu(then)c(\()p Fs(F)621 4667 y Fi(0)676
4703 y Fs(g)730 4718 y Fn(2)769 4703 y Fu(\))f Fs(s)888
4667 y Fi(0)944 4703 y Fu(=)f Fs(s)1100 4667 y Fi(0)1156
4703 y Fu(whereas)i Fs(g)1579 4718 y Fn(2)1651 4703 y
Fs(s)1699 4667 y Fi(0)1755 4703 y Fu(=)e(undef)p 1863
4716 V 1 w(.)1555 b Fh(2)430 4946 y Fu(Unfortunately)-8
b(,)39 b(this)g(do)s(es)f Fs(not)48 b Fu(su\016ce)40
b(for)e(de\014ning)h Ft(S)2590 4961 y Fn(ds)2662 4946
y Fu([)-17 b([)p Fr(while)40 b Fs(b)k Fr(do)39 b Fs(S)12
b Fu(])-17 b(])q(.)61 b(W)-8 b(e)39 b(face)283 5067 y(t)m(w)m(o)34
b(problems:)429 5281 y Ft(\017)48 b Fu(there)34 b(are)e(functionals)g
(that)g(ha)m(v)m(e)i Fs(mor)-5 b(e)34 b(than)h(one)f(\014xe)-5
b(d)34 b(p)-5 b(oint)p Fu(,)33 b(and)429 5494 y Ft(\017)48
b Fu(there)34 b(are)e(functionals)g(that)g(ha)m(v)m(e)i
Fs(no)g(\014xe)-5 b(d)35 b(p)-5 b(oint)41 b Fu(at)32
b(all.)p eop
%%Page: 89 99
89 98 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50
b(sp)s(eci\014cation)1342 b(89)p 0 193 3473 4 v 0 515
a Fu(The)39 b(functional)e Fs(F)747 479 y Fi(0)808 515
y Fu(of)h(Example)f(4.1)h(has)h(more)e(than)h(one)h(\014xed)g(p)s(oin)m
(t.)60 b(In)38 b(fact,)i Fs(every)0 636 y Fu(function)34
b Fs(g)438 600 y Fi(0)495 636 y Fu(of)f Fw(State)h Fo(,)-17
b Ft(!)35 b Fw(State)f Fu(satisfying)f Fs(g)1820 600
y Fi(0)1877 636 y Fs(s)42 b Fu(=)34 b Fs(s)42 b Fu(if)33
b Fs(s)42 b Fr(x)35 b Fu(=)f Fw(0)g Fu(will)e(b)s(e)i(a)g(\014xed)h(p)s
(oin)m(t)0 756 y(of)d Fs(F)188 720 y Fi(0)211 756 y Fu(.)146
877 y(T)-8 b(o)28 b(giv)m(e)g(an)f(example)h(of)f(a)g(functional)f
(that)i(has)g(no)g(\014xed)g(p)s(oin)m(ts)g(consider)g
Fs(F)3102 892 y Fn(1)3169 877 y Fu(de\014ned)0 997 y(b)m(y)244
1277 y Fs(F)321 1292 y Fn(1)393 1277 y Fs(g)41 b Fu(=)587
1103 y Fg(8)587 1178 y(<)587 1327 y(:)703 1193 y Fs(g)757
1208 y Fn(1)879 1193 y Fu(if)31 b Fs(g)41 b Fu(=)33 b
Fs(g)1217 1208 y Fn(2)703 1360 y Fs(g)757 1375 y Fn(2)879
1360 y Fu(otherwise)0 1558 y(If)f Fs(g)151 1573 y Fn(1)190
1558 y Ft(6)p Fu(=)p Fs(g)320 1573 y Fn(2)391 1558 y
Fu(then)h(clearly)f(there)h(will)d(b)s(e)i(no)h(function)e
Fs(g)2061 1573 y Fn(0)2133 1558 y Fu(suc)m(h)j(that)e
Fs(F)2641 1573 y Fn(1)2712 1558 y Fs(g)2766 1573 y Fn(0)2838
1558 y Fu(=)g Fs(g)3000 1573 y Fn(0)3039 1558 y Fu(.)43
b(Th)m(us)34 b Fs(F)3433 1573 y Fn(1)0 1678 y Fu(has)f(no)f(\014xed)i
(p)s(oin)m(ts)e(at)h(all.)0 1900 y Fw(Exercise)j(4.2)49
b Fu(Determine)32 b(the)h(functional)e Fs(F)45 b Fu(asso)s(ciated)33
b(with)f(the)h(statemen)m(t)244 2099 y Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))f Fr(do)g(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)0 2298 y Fu(using)27 b(the)g(seman)m(tic)g
(equations)h(of)f(T)-8 b(able)26 b(4.1.)42 b(Consider)27
b(the)h(follo)m(wing)c(partial)h(functions)0 2418 y(of)32
b Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(:)244
2617 y Fs(g)298 2632 y Fn(1)369 2617 y Fs(s)41 b Fu(=)32
b(undef)p 558 2630 236 4 v 34 w(for)g(all)e Fs(s)244
2866 y(g)298 2881 y Fn(2)369 2866 y Fs(s)41 b Fu(=)558
2692 y Fg(8)558 2767 y(<)558 2916 y(:)674 2782 y Fs(s)8
b Fu([)p Fr(x)p Ft(7!)p Fw(0)p Fu(])83 b(if)31 b Fs(s)41
b Fr(x)33 b Ft(\025)g Fw(0)674 2949 y Fu(undef)p 674
2962 V 157 w(if)e Fs(s)41 b Fr(x)33 b Fo(<)f Fw(0)244
3221 y Fs(g)298 3236 y Fn(3)369 3221 y Fs(s)41 b Fu(=)558
3046 y Fg(8)558 3121 y(<)558 3271 y(:)674 3136 y Fs(s)8
b Fu([)p Fr(x)p Ft(7!)p Fw(0)p Fu(])83 b(if)31 b Fs(s)41
b Fr(x)33 b Ft(\025)g Fw(0)674 3304 y Fs(s)352 b Fu(if)31
b Fs(s)41 b Fr(x)33 b Fo(<)f Fw(0)244 3476 y Fs(g)298
3491 y Fn(4)369 3476 y Fs(s)41 b Fu(=)32 b Fs(s)8 b Fu([)p
Fr(x)p Ft(7!)p Fw(0)p Fu(])33 b(for)f(all)f Fs(s)244
3643 y(g)298 3658 y Fn(5)369 3643 y Fs(s)41 b Fu(=)32
b Fs(s)41 b Fu(for)32 b(all)f Fs(s)0 3842 y Fu(Determine)h(whic)m(h)h
(of)f(these)i(functions)e(are)h(\014xed)g(p)s(oin)m(ts)g(of)f
Fs(F)13 b Fu(.)955 b Fh(2)0 4064 y Fw(Exercise)36 b(4.3)49
b Fu(Consider)33 b(the)g(follo)m(wing)d(fragmen)m(t)i(of)g(the)h
(factorial)d(statemen)m(t)244 4263 y Fr(while)k Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4462 y(Determine)40 b(the)i(functional)
d Fs(F)54 b Fu(asso)s(ciated)41 b(with)g(this)g(statemen)m(t.)70
b(Determine)40 b(at)h(least)0 4582 y(t)m(w)m(o)33 b(di\013eren)m(t)g
(\014xed)h(p)s(oin)m(ts)e(for)g Fs(F)13 b Fu(.)2047 b
Fh(2)0 4870 y Fp(Requiremen)l(ts)47 b(on)d(the)i(\014xed)e(p)t(oin)l(t)
0 5055 y Fu(Our)h(solution)e(to)i(the)g(t)m(w)m(o)g(problems)g(listed)e
(ab)s(o)m(v)m(e)j(will)d(b)s(e)i(to)f(dev)m(elop)i(a)e(framew)m(ork)0
5175 y(where)145 5374 y Ft(\017)49 b Fu(w)m(e)36 b(imp)s(ose)d
(requiremen)m(ts)j(on)e(the)i(\014xed)f(p)s(oin)m(ts)g(and)g(sho)m(w)g
(that)g(there)g(is)g(at)f(most)244 5494 y(one)f(\014xed)g(p)s(oin)m(t)f
(ful\014lling)d(these)34 b(requiremen)m(ts,)g(and)p eop
%%Page: 90 100
90 99 bop 251 130 a Fw(90)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 429 515 a Ft(\017)48
b Fu(all)35 b(functionals)g(originating)e(from)j(statemen)m(ts)h(in)f
Fw(While)f Fu(do)i(ha)m(v)m(e)h(a)e(\014xed)i(p)s(oin)m(t)527
636 y(that)33 b(satis\014es)g(these)h(requiremen)m(ts.)430
833 y(T)-8 b(o)28 b(motiv)-5 b(ate)26 b(our)i(c)m(hoice)h(of)e
(requiremen)m(ts)i(let)f(us)h(consider)f(the)h(execution)f(of)g(a)g
(state-)283 953 y(men)m(t)33 b Fr(while)h Fs(b)k Fr(do)33
b Fs(S)45 b Fu(from)31 b(a)h(state)h Fs(s)1735 968 y
Fn(0)1775 953 y Fu(.)43 b(There)34 b(are)f(three)g(p)s(ossible)f
(outcomes:)367 1151 y Fw(A)p Fu(:)48 b(it)32 b Fs(terminates)8
b Fu(,)372 1352 y Fw(B)p Fu(:)48 b(it)32 b Fs(lo)-5 b(ops)40
b(lo)-5 b(c)g(al)5 b(ly)k Fu(,)32 b(that)g(is)g(there)h(is)g(a)f
(construct)i(in)d Fs(S)45 b Fu(that)32 b(lo)s(ops,)g(or)371
1553 y Fw(C)p Fu(:)48 b(it)32 b Fs(lo)-5 b(ops)40 b(glob)-5
b(al)5 b(ly)k Fu(,)32 b(that)g(is)g(the)h(outer)g Fr(while)p
Fu(-construct)h(lo)s(ops.)283 1751 y(W)-8 b(e)40 b(shall)d(no)m(w)j(in)
m(v)m(estigate)e(what)i(can)f(b)s(e)g(said)f(ab)s(out)g(the)i
(functional)d Fs(F)51 b Fu(and)39 b(its)g(\014xed)283
1871 y(p)s(oin)m(ts)33 b(in)e(eac)m(h)j(of)e(the)h(three)g(cases.)283
2039 y Fw(The)e(case)h(A)p Fu(:)e(In)h(this)f(case)i(the)f(execution)g
(of)f Fr(while)i Fs(b)37 b Fr(do)31 b Fs(S)42 b Fu(from)29
b Fs(s)2975 2054 y Fn(0)3046 2039 y Fu(terminates.)42
b(This)283 2159 y(means)33 b(that)f(there)i(are)e(states)i
Fs(s)1531 2174 y Fn(1)1570 2159 y Fu(,)f Ft(\001)17 b(\001)g(\001)n
Fu(,)33 b Fs(s)1854 2174 y Fn(n)1930 2159 y Fu(suc)m(h)h(that)527
2438 y Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
b Fs(s)802 2453 y Fn(i)859 2438 y Fu(=)967 2264 y Fg(8)967
2338 y(<)967 2488 y(:)1082 2353 y Fw(tt)83 b Fu(if)31
b(i)p Fo(<)p Fu(n)1082 2521 y Fw(\013)106 b Fu(if)31
b(i=n)283 2717 y(and)527 2914 y Ft(S)595 2929 y Fn(ds)666
2914 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])33 b Fs(s)889
2929 y Fn(i)945 2914 y Fu(=)g Fs(s)1102 2929 y Fn(i+1)1313
2914 y Fu(for)f(i)p Fo(<)p Fu(n)283 3111 y(An)c(example)g(of)f(a)g
(statemen)m(t)i(and)f(a)f(state)h(satisfying)f(these)i(conditions)e(is)
g(the)h(statemen)m(t)527 3309 y Fr(while)34 b(0)p Ft(\024)q
Fr(x)f(do)g(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)283 3506
y Fu(and)h(an)m(y)g(state)g(where)h Fr(x)f Fu(has)g(a)f(non-negativ)m
(e)h(v)-5 b(alue.)430 3626 y(Let)40 b Fs(g)666 3641 y
Fn(0)744 3626 y Fu(b)s(e)g(an)m(y)h(\014xed)f(p)s(oin)m(t)f(of)g
Fs(F)13 b Fu(,)40 b(that)g(is)f(assume)h(that)f Fs(F)53
b(g)2899 3641 y Fn(0)2978 3626 y Fu(=)39 b Fs(g)3147
3641 y Fn(0)3186 3626 y Fu(.)65 b(In)40 b(the)g(case)283
3747 y(where)34 b(i)p Fo(<)p Fu(n)e(w)m(e)i(calculate)577
3919 y Fs(g)631 3934 y Fn(0)703 3919 y Fs(s)751 3934
y Fn(i)874 3919 y Fu(=)100 b(\()p Fs(F)45 b(g)1251 3934
y Fn(0)1290 3919 y Fu(\))33 b Fs(s)1409 3934 y Fn(i)874
4087 y Fu(=)100 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q(,)32 b Fs(g)1596 4102 y Fn(0)1668 4087
y Ft(\016)g(S)1818 4102 y Fn(ds)1889 4087 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f Fs(s)2291 4102
y Fn(i)874 4254 y Fu(=)100 b Fs(g)1104 4269 y Fn(0)1175
4254 y Fu(\()p Ft(S)1281 4269 y Fn(ds)1352 4254 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])33 b Fs(s)1575 4269 y Fn(i)1598
4254 y Fu(\))874 4422 y(=)100 b Fs(g)1104 4437 y Fn(0)1175
4422 y Fs(s)1223 4437 y Fn(i+1)283 4612 y Fu(In)33 b(the)g(case)h
(where)g(i=n)d(w)m(e)j(get)577 4801 y Fs(g)631 4816 y
Fn(0)703 4801 y Fs(s)751 4816 y Fn(n)894 4801 y Fu(=)99
b(\()p Fs(F)46 b(g)1271 4816 y Fn(0)1310 4801 y Fu(\))32
b Fs(s)1428 4816 y Fn(n)894 4969 y Fu(=)99 b(cond\()p
Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)1616
4984 y Fn(0)1687 4969 y Ft(\016)g(S)1838 4984 y Fn(ds)1909
4969 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))g
Fs(s)2310 4984 y Fn(n)894 5136 y Fu(=)99 b(id)32 b Fs(s)1231
5151 y Fn(n)894 5304 y Fu(=)99 b Fs(s)1117 5319 y Fn(n)283
5494 y Fu(Th)m(us)35 b Fs(every)41 b Fu(\014xed)34 b(p)s(oin)m(t)d
Fs(g)1339 5509 y Fn(0)1411 5494 y Fu(of)h Fs(F)45 b Fu(will)31
b(satisfy)p eop
%%Page: 91 101
91 100 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50
b(sp)s(eci\014cation)1342 b(91)p 0 193 3473 4 v 244 515
a Fs(g)298 530 y Fn(0)369 515 y Fs(s)417 530 y Fn(0)489
515 y Fu(=)33 b Fs(s)646 530 y Fn(n)0 716 y Fu(so)j(in)e(this)h(case)h
(w)m(e)h(do)e(not)g(obtain)g(an)m(y)h(additional)c(requiremen)m(ts)k
(that)g(will)d(help)i(us)h(to)0 836 y(c)m(ho)s(ose)d(one)g(of)f(the)h
(\014xed)h(p)s(oin)m(ts)e(as)h(the)g(preferred)h(one.)0
1004 y Fw(The)41 b(case)h(B)p Fu(:)f(In)g(this)g(case)h(the)g
(execution)f(of)g Fr(while)h Fs(b)47 b Fr(do)42 b Fs(S)53
b Fu(from)39 b Fs(s)2833 1019 y Fn(0)2914 1004 y Fu(lo)s(ops)h
Fs(lo)-5 b(c)g(al)5 b(ly)k Fu(.)0 1124 y(This)33 b(means)f(that)h
(there)g(are)g(states)g Fs(s)1470 1139 y Fn(1)1510 1124
y Fu(,)f Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Fs(s)1793
1139 y Fn(n)1869 1124 y Fu(suc)m(h)h(that)244 1324 y
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)486
1339 y Fn(i)543 1324 y Fu(=)32 b Fw(tt)g Fu(for)g(i)p
Ft(\024)p Fu(n)0 1524 y(and)244 1787 y Ft(S)312 1802
y Fn(ds)383 1787 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])q Fs(s)573 1802 y Fn(i)629 1787 y Fu(=)738 1612 y
Fg(8)738 1687 y(<)738 1836 y(:)853 1702 y Fs(s)901 1717
y Fn(i+1)1172 1702 y Fu(for)32 b(i)p Fo(<)p Fu(n)853
1870 y(undef)p 853 1883 236 4 v 84 w(for)g(i=n)0 2068
y(An)c(example)f(of)h(a)f(statemen)m(t)h(and)g(a)g(state)g(satisfying)f
(these)i(conditions)d(is)i(the)g(statemen)m(t)244 2268
y Fr(while)34 b(0)p Ft(\024)p Fr(x)f(do)g Fu(\()p Fr(if)g(x)p
Fu(=)p Fr(0)g(then)h Fu(\()p Fr(while)g(true)f(do)g(skip)p
Fu(\))1264 2436 y Fr(else)h(x)f Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\))0 2636 y(and)h(an)m(y)g(state)g(where)h
Fr(x)f Fu(has)f(a)h(non-negativ)m(e)f(v)-5 b(alue.)146
2757 y(Let)37 b Fs(g)379 2772 y Fn(0)454 2757 y Fu(b)s(e)f(an)m(y)h
(\014xed)g(p)s(oin)m(t)f(of)f Fs(F)13 b Fu(,)37 b(that)e(is)h
Fs(F)49 b(g)2014 2772 y Fn(0)2089 2757 y Fu(=)36 b Fs(g)2255
2772 y Fn(0)2294 2757 y Fu(.)55 b(In)36 b(the)h(case)g(where)g(i)p
Fo(<)p Fu(n)e(w)m(e)0 2877 y(obtain)244 3077 y Fs(g)298
3092 y Fn(0)369 3077 y Fs(s)417 3092 y Fn(i)474 3077
y Fu(=)d Fs(g)636 3092 y Fn(0)708 3077 y Fs(s)756 3092
y Fn(i+1)0 3277 y Fu(just)h(as)g(in)f(the)h(previous)g(case.)44
b(Ho)m(w)m(ev)m(er,)35 b(in)d(the)h(case)g(where)h(i=n)e(w)m(e)h(get)
294 3469 y Fs(g)348 3484 y Fn(0)419 3469 y Fs(s)467 3484
y Fn(n)610 3469 y Fu(=)100 b(\()p Fs(F)45 b(g)987 3484
y Fn(0)1026 3469 y Fu(\))33 b Fs(s)1145 3484 y Fn(n)610
3637 y Fu(=)100 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q(,)32 b Fs(g)1332 3652 y Fn(0)1404 3637
y Ft(\016)g(S)1554 3652 y Fn(ds)1625 3637 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f Fs(s)2027 3652
y Fn(n)610 3804 y Fu(=)100 b(\()p Fs(g)878 3819 y Fn(0)949
3804 y Ft(\016)33 b(S)1099 3819 y Fn(ds)1171 3804 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(\))32 b Fs(s)1431 3819
y Fn(n)610 3972 y Fu(=)100 b(undef)p 786 3985 V 0 4165
a(Th)m(us)34 b Fs(any)41 b Fu(\014xed)34 b(p)s(oin)m(t)e
Fs(g)985 4180 y Fn(0)1056 4165 y Fu(of)g Fs(F)46 b Fu(will)30
b(satisfy)244 4365 y Fs(g)298 4380 y Fn(0)369 4365 y
Fs(s)417 4380 y Fn(0)489 4365 y Fu(=)j(undef)p 598 4378
V 0 4565 a(so,)e(again,)f(in)g(this)g(case)h(w)m(e)h(do)e(not)g(obtain)
g(an)m(y)h(additional)d(requiremen)m(ts)j(that)f(will)f(help)0
4686 y(us)k(to)f(c)m(ho)s(ose)i(one)f(of)f(the)h(\014xed)h(p)s(oin)m
(ts)e(as)h(the)g(preferred)g(one.)0 4853 y Fw(The)27
b(case)g(C)p Fu(:)g(The)h(p)s(oten)m(tial)d(di\013erence)i(b)s(et)m(w)m
(een)i(\014xed)f(p)s(oin)m(ts)e(comes)h(to)f(ligh)m(t)f(when)j(w)m(e)0
4974 y(consider)j(the)h(p)s(ossibilit)m(y)c(that)j(the)g(execution)h
(of)e Fr(while)j Fs(b)j Fr(do)c Fs(S)42 b Fu(from)30
b Fs(s)2804 4989 y Fn(0)2874 4974 y Fu(lo)s(ops)g Fs(glob)-5
b(al)5 b(ly)k Fu(.)0 5094 y(This)33 b(means)f(that)h(there)g(are)g
(in\014nitely)e(man)m(y)h(states)i Fs(s)2145 5109 y Fn(1)2184
5094 y Fu(,)f Ft(\001)17 b(\001)g(\001)31 b Fu(suc)m(h)j(that)244
5294 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
Fs(s)486 5309 y Fn(i)543 5294 y Fu(=)32 b Fw(tt)g Fu(for)g(all)e(i)0
5494 y(and)p eop
%%Page: 92 102
92 101 bop 251 130 a Fw(92)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(S)595
530 y Fn(ds)666 515 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])p Fs(s)856 530 y Fn(i)913 515 y Fu(=)32 b Fs(s)1069
530 y Fn(i+1)1216 515 y Fu(for)g(all)e(i.)283 713 y(An)e(example)g(of)f
(a)g(statemen)m(t)i(and)f(a)f(state)h(satisfying)f(these)i(conditions)e
(is)g(the)h(statemen)m(t)527 912 y Fr(while)34 b Ft(:)q
Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))e Fr(do)h(skip)283
1110 y Fu(and)g(an)m(y)g(state)g(where)h Fr(x)f Fu(is)f(not)h(equal)f
(to)g Fw(0)p Fu(.)430 1230 y(Let)g Fs(g)658 1245 y Fn(0)728
1230 y Fu(b)s(e)g(an)m(y)h(\014xed)g(p)s(oin)m(t)d(of)i
Fs(F)13 b Fu(,)31 b(that)h(is)f Fs(F)45 b(g)2249 1245
y Fn(0)2319 1230 y Fu(=)32 b Fs(g)2481 1245 y Fn(0)2520
1230 y Fu(.)43 b(As)32 b(in)f(the)i(previous)f(cases)h(w)m(e)283
1350 y(get)527 1549 y Fs(g)581 1564 y Fn(0)653 1549 y
Fs(s)701 1564 y Fn(i)757 1549 y Fu(=)g Fs(g)920 1564
y Fn(0)991 1549 y Fs(s)1039 1564 y Fn(i+1)283 1747 y
Fu(for)f(all)f(i)p Ft(\025)p Fu(0.)43 b(Th)m(us)34 b(w)m(e)g(ha)m(v)m
(e)527 1945 y Fs(g)581 1960 y Fn(0)653 1945 y Fs(s)701
1960 y Fn(0)773 1945 y Fu(=)e Fs(g)935 1960 y Fn(0)1007
1945 y Fs(s)1055 1960 y Fn(i)1111 1945 y Fu(for)g(all)f(i)283
2143 y(and)38 b(w)m(e)g(cannot)f(determine)f(the)i(v)-5
b(alue)36 b(of)g Fs(g)2007 2158 y Fn(0)2083 2143 y Fs(s)2131
2158 y Fn(0)2208 2143 y Fu(in)g(this)h(w)m(a)m(y)-8 b(.)57
b(This)37 b(is)g(the)g(situation)f(in)283 2263 y(whic)m(h)e(the)f(v)-5
b(arious)31 b(\014xed)j(p)s(oin)m(ts)e(of)g Fs(F)46 b
Fu(ma)m(y)32 b(di\013er.)430 2384 y(This)24 b(is)g(not)g(surprising)g
(b)s(ecause)h(the)g(statemen)m(t)g Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))e Fr(do)h(skip)h Fu(of)d(Example)283
2504 y(4.1)33 b(has)g(the)g(functional)e Fs(F)1318 2468
y Fi(0)1373 2504 y Fu(giv)m(en)i(b)m(y)527 2784 y(\()p
Fs(F)642 2748 y Fi(0)698 2784 y Fs(g)9 b Fu(\))32 b Fs(s)41
b Fu(=)1011 2609 y Fg(8)1011 2684 y(<)1011 2834 y(:)1126
2699 y Fs(g)g(s)92 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(6)p
Fu(=)h Fw(0)1126 2867 y Fs(s)178 b Fu(if)31 b Fs(s)41
b Fr(x)32 b Fu(=)h Fw(0)283 3063 y Fu(and)38 b Fs(any)45
b Fu(partial)35 b(function)i Fs(g)45 b Fu(of)37 b Fw(State)g
Fo(,)-17 b Ft(!)37 b Fw(State)g Fu(satisfying)f Fs(g)46
b(s)f Fu(=)37 b Fs(s)45 b Fu(if)36 b Fs(s)45 b Fr(x)37
b Fu(=)g Fw(0)g Fu(will)283 3184 y(indeed)29 b(b)s(e)g(a)f(\014xed)i(p)
s(oin)m(t)e(of)g Fs(F)1461 3148 y Fi(0)1484 3184 y Fu(.)42
b(Ho)m(w)m(ev)m(er,)32 b(our)d(computational)c(exp)s(erience)30
b(tells)e(us)h(that)283 3304 y(w)m(e)34 b(w)m(an)m(t)527
3565 y Ft(S)595 3580 y Fn(ds)666 3565 y Fu([)-17 b([)q
Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))f
Fr(do)g(skip)p Fu(])-17 b(])r Fs(s)1772 3580 y Fn(0)1844
3565 y Fu(=)1952 3390 y Fg(8)1952 3465 y(<)1952 3614
y(:)2067 3480 y Fu(undef)p 2067 3493 236 4 v 84 w(if)32
b Fs(s)2524 3495 y Fn(0)2596 3480 y Fr(x)g Ft(6)p Fu(=)h
Fw(0)2067 3648 y Fs(s)2115 3663 y Fn(0)2386 3648 y Fu(if)f
Fs(s)2524 3663 y Fn(0)2596 3648 y Fr(x)g Fu(=)h Fw(0)283
3848 y Fu(in)c(order)g(to)g(record)h(the)f(lo)s(oping.)40
b(Th)m(us)31 b(our)e(preferred)h(\014xed)h(p)s(oin)m(t)d(of)h
Fs(F)3095 3812 y Fi(0)3147 3848 y Fu(is)g(the)g(function)283
3969 y Fs(g)337 3984 y Fn(0)409 3969 y Fu(de\014ned)34
b(b)m(y)527 4248 y Fs(g)581 4263 y Fn(0)653 4248 y Fs(s)40
b Fu(=)842 4074 y Fg(8)842 4149 y(<)842 4298 y(:)957
4164 y Fu(undef)p 957 4177 V 84 w(if)31 b Fs(s)41 b Fr(x)33
b Ft(6)p Fu(=)f Fw(0)957 4331 y Fs(s)279 b Fu(if)31 b
Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)283 4532 y Fu(The)42
b(prop)s(ert)m(y)f(that)f(distinguishes)g Fs(g)1755 4547
y Fn(0)1835 4532 y Fu(from)f(some)h(other)h(\014xed)h(p)s(oin)m(t)d
Fs(g)3148 4496 y Fi(0)3211 4532 y Fu(of)h Fs(F)3407 4496
y Fi(0)3471 4532 y Fu(is)g(that)283 4652 y(whenev)m(er)c
Fs(g)766 4667 y Fn(0)837 4652 y Fs(s)41 b Fu(=)32 b Fs(s)1074
4616 y Fi(0)1130 4652 y Fu(then)h(w)m(e)h(also)d(ha)m(v)m(e)j
Fs(g)1970 4616 y Fi(0)2026 4652 y Fs(s)40 b Fu(=)33 b
Fs(s)2263 4616 y Fi(0)2319 4652 y Fu(but)f(not)h(vice)g(v)m(ersa.)430
4773 y(Generalizing)41 b(this)h(exp)s(erience)j(leads)d(to)h(the)h
(follo)m(wing)c(requiremen)m(t:)65 b(the)43 b(desired)283
4893 y(\014xed)34 b(p)s(oin)m(t)e(FIX)g Fs(F)46 b Fu(should)32
b(b)s(e)h(some)g(partial)d(function)i Fs(g)2525 4908
y Fn(0)2564 4893 y Fu(:)43 b Fw(State)33 b Fo(,)-17 b
Ft(!)33 b Fw(State)f Fu(suc)m(h)i(that)429 5091 y Ft(\017)48
b Fs(g)581 5106 y Fn(0)653 5091 y Fu(is)32 b(a)g(\014xed)i(p)s(oin)m(t)
e(of)g Fs(F)13 b Fu(,)32 b(that)h(is)f Fs(F)45 b(g)2043
5106 y Fn(0)2115 5091 y Fu(=)32 b Fs(g)2277 5106 y Fn(0)2316
5091 y Fu(,)h(and)429 5293 y Ft(\017)48 b Fu(if)32 b
Fs(g)41 b Fu(is)32 b(another)h(\014xed)g(p)s(oin)m(t)f(of)g
Fs(F)13 b Fu(,)33 b(that)f(is)g Fs(F)46 b(g)41 b Fu(=)32
b Fs(g)9 b Fu(,)32 b(then)742 5494 y Fs(g)796 5509 y
Fn(0)867 5494 y Fs(s)41 b Fu(=)32 b Fs(s)1104 5458 y
Fi(0)1160 5494 y Fu(implies)e Fs(g)42 b(s)e Fu(=)33 b
Fs(s)1815 5458 y Fi(0)p eop
%%Page: 93 103
93 102 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
b(93)p 0 193 3473 4 v 244 515 a Fu(for)32 b(all)e(c)m(hoices)k(of)e
Fs(s)41 b Fu(and)32 b Fs(s)1286 479 y Fi(0)1310 515 y
Fu(.)0 743 y(Note)h(that)f(if)f Fs(g)590 758 y Fn(0)662
743 y Fs(s)41 b Fu(=)32 b(undef)p 851 756 236 4 v 33
w(then)h(there)h(are)e(no)h(requiremen)m(ts)g(on)g Fs(g)41
b(s)8 b Fu(.)0 1009 y Fw(Exercise)36 b(4.4)49 b Fu(Determine)39
b(whic)m(h)i(of)f(the)h(\014xed)g(p)s(oin)m(ts)f(considered)h(in)e
(Exercise)j(4.2)e(is)0 1129 y(the)33 b(desired)g(\014xed)h(p)s(oin)m
(t,)e(if)f(an)m(y)-8 b(.)2122 b Fh(2)0 1391 y Fw(Exercise)36
b(4.5)49 b Fu(Determine)35 b(the)h(desired)g(\014xed)h(p)s(oin)m(t)e
(of)g(the)h(functional)e(constructed)j(in)0 1512 y(Exercise)d(4.3.)2862
b Fh(2)0 1874 y Fj(4.2)161 b(Fixed)54 b(p)t(oin)l(t)g(theory)0
2102 y Fu(T)-8 b(o)26 b(prepare)h(for)f(a)g(framew)m(ork)g(that)h
(guaran)m(tees)g(the)g(existence)g(of)f(the)h(desired)g(\014xed)g(p)s
(oin)m(t)0 2223 y(FIX)35 b Fs(F)47 b Fu(w)m(e)36 b(shall)d(reform)m
(ulate)h(the)h(requiremen)m(ts)h(to)e(FIX)h Fs(F)47 b
Fu(in)34 b(a)h(sligh)m(tly)e(more)h(formal)0 2343 y(w)m(a)m(y)-8
b(.)72 b(The)43 b(\014rst)f(step)h(will)d(b)s(e)i(to)f(formalize)e(the)
k(requiremen)m(t)f(that)f(FIX)h Fs(F)55 b Fu(shares)43
b(its)0 2464 y(results)c(with)f(all)f(other)i(\014xed)h(p)s(oin)m(ts.)
61 b(T)-8 b(o)39 b(do)f(so)h(w)m(e)h(de\014ne)g(an)e
Fs(or)-5 b(dering)47 b Ft(v)39 b Fu(on)g(partial)0 2584
y(functions)33 b(of)f Fw(State)g Fo(,)-17 b Ft(!)33 b
Fw(State)p Fu(.)43 b(W)-8 b(e)33 b(set)244 2811 y Fs(g)298
2826 y Fn(1)369 2811 y Ft(v)g Fs(g)533 2826 y Fn(2)0
3039 y Fu(when)38 b(the)f(partial)d(function)j Fs(g)1190
3054 y Fn(1)1229 3039 y Fu(:)51 b Fw(State)37 b Fo(,)-17
b Ft(!)37 b Fw(State)f Fs(shar)-5 b(es)38 b(its)h(r)-5
b(esults)45 b Fu(with)37 b(the)g(partial)0 3159 y(function)32
b Fs(g)436 3174 y Fn(2)475 3159 y Fu(:)44 b Fw(State)32
b Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(in)g(the)h(sense)i(that)244
3386 y(if)c Fs(g)387 3401 y Fn(1)459 3386 y Fs(s)40 b
Fu(=)33 b Fs(s)696 3350 y Fi(0)752 3386 y Fu(then)g Fs(g)1028
3401 y Fn(2)1099 3386 y Fs(s)41 b Fu(=)32 b Fs(s)1336
3350 y Fi(0)0 3613 y Fu(for)g(all)f(c)m(hoices)i(of)f
Fs(s)41 b Fu(and)32 b Fs(s)1042 3577 y Fi(0)1066 3613
y Fu(.)0 3880 y Fw(Example)37 b(4.6)48 b Fu(Let)25 b
Fs(g)875 3895 y Fn(1)914 3880 y Fu(,)h Fs(g)1021 3895
y Fn(2)1060 3880 y Fu(,)g Fs(g)1167 3895 y Fn(3)1230
3880 y Fu(and)e Fs(g)1465 3895 y Fn(4)1528 3880 y Fu(b)s(e)h(partial)d
(functions)i(in)f Fw(State)h Fo(,)-17 b Ft(!)25 b Fw(State)f
Fu(de\014ned)0 4000 y(as)33 b(follo)m(ws:)244 4227 y
Fs(g)298 4242 y Fn(1)369 4227 y Fs(s)41 b Fu(=)32 b Fs(s)41
b Fu(for)32 b(all)f Fs(s)244 4477 y(g)298 4492 y Fn(2)369
4477 y Fs(s)41 b Fu(=)558 4302 y Fg(8)558 4377 y(<)558
4527 y(:)674 4392 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33
b Ft(\025)g Fw(0)674 4560 y Fu(undef)p 674 4573 V 83
w(otherwise)244 4831 y Fs(g)298 4846 y Fn(3)369 4831
y Fs(s)41 b Fu(=)558 4657 y Fg(8)558 4732 y(<)558 4881
y(:)674 4747 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33
b Fu(=)g Fw(0)674 4914 y Fu(undef)p 674 4927 V 83 w(otherwise)244
5186 y Fs(g)298 5201 y Fn(4)369 5186 y Fs(s)41 b Fu(=)558
5011 y Fg(8)558 5086 y(<)558 5235 y(:)674 5101 y Fs(s)278
b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(\024)g Fw(0)674 5269
y Fu(undef)p 674 5282 V 83 w(otherwise)0 5494 y(Then)h(w)m(e)f(ha)m(v)m
(e)p eop
%%Page: 94 104
94 103 bop 251 130 a Fw(94)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(g)581
530 y Fn(1)653 515 y Ft(v)d Fs(g)817 530 y Fn(1)856 515
y Fu(,)527 683 y Fs(g)581 698 y Fn(2)653 683 y Ft(v)g
Fs(g)817 698 y Fn(1)856 683 y Fu(,)f Fs(g)969 698 y Fn(2)1041
683 y Ft(v)h Fs(g)1205 698 y Fn(2)1244 683 y Fu(,)527
851 y Fs(g)581 866 y Fn(3)653 851 y Ft(v)g Fs(g)817 866
y Fn(1)856 851 y Fu(,)f Fs(g)969 866 y Fn(3)1041 851
y Ft(v)h Fs(g)1205 866 y Fn(2)1244 851 y Fu(,)g Fs(g)1358
866 y Fn(3)1429 851 y Ft(v)g Fs(g)1593 866 y Fn(3)1632
851 y Fu(,)g Fs(g)1746 866 y Fn(3)1817 851 y Ft(v)g Fs(g)1981
866 y Fn(4)2020 851 y Fu(,)g(and)527 1018 y Fs(g)581
1033 y Fn(4)653 1018 y Ft(v)g Fs(g)817 1033 y Fn(1)856
1018 y Fu(,)f Fs(g)969 1033 y Fn(4)1041 1018 y Ft(v)h
Fs(g)1205 1033 y Fn(4)1244 1018 y Fu(.)283 1228 y(It)f(is)f(neither)g
(the)h(case)g(that)g Fs(g)1451 1243 y Fn(2)1521 1228
y Ft(v)g Fs(g)1684 1243 y Fn(4)1754 1228 y Fu(nor)g(that)f
Fs(g)2191 1243 y Fn(4)2261 1228 y Ft(v)h Fs(g)2424 1243
y Fn(2)2463 1228 y Fu(.)43 b(Pictorially)-8 b(,)29 b(the)i(ordering)g
(ma)m(y)283 1348 y(b)s(e)i(expressed)j(as)c(follo)m(ws)1262
1312 y Fn(1)1301 1348 y Fu(:)1366 1666 y Ft(\017)65 b
Fs(g)1535 1681 y Fn(1)976 1915 y Ft(\017)g Fs(g)1145
1930 y Fn(2)1756 1915 y Ft(\017)g Fs(g)1925 1930 y Fn(4)1366
2164 y Ft(\017)g Fs(g)1535 2179 y Fn(3)1275 2139 y Fq(Q)1192
2084 y(Q)1108 2028 y(Q)1025 1973 y(Q)1416 2139 y(\021)1499
2084 y(\021)1582 2028 y(\021)1665 1973 y(\021)1275 1713
y(\021)1192 1768 y(\021)1108 1823 y(\021)1025 1879 y(\021)1416
1713 y(Q)1499 1768 y(Q)1582 1823 y(Q)1665 1879 y(Q)283
2456 y Fu(The)29 b(idea)d(is)h(that)g(the)g(smaller)e(elemen)m(ts)j
(are)f(at)g(the)g(b)s(ottom)f(of)h(the)g(picture)g(and)h(that)e(the)283
2577 y(lines)38 b(indicate)f(the)i(order)f(b)s(et)m(w)m(een)i(the)f
(elemen)m(ts.)61 b(Ho)m(w)m(ev)m(er,)42 b(w)m(e)d(shall)e(not)h(dra)m
(w)h(lines)283 2697 y(when)e(there)g(already)e(is)h(a)f(\\brok)m(en)i
(line",)e(so)h(the)g(fact)g(that)g Fs(g)2722 2712 y Fn(3)2796
2697 y Ft(v)h Fs(g)2964 2712 y Fn(1)3038 2697 y Fu(is)f(left)f
(implicit)d(in)283 2817 y(the)h(picture.)2905 b Fh(2)283
3054 y Fw(Exercise)37 b(4.7)49 b Fu(Let)33 b Fs(g)1148
3069 y Fn(1)1187 3054 y Fu(,)f Fs(g)1300 3069 y Fn(2)1372
3054 y Fu(and)g Fs(g)1615 3069 y Fn(3)1687 3054 y Fu(b)s(e)h(de\014ned)
h(as)e(follo)m(ws:)527 3345 y Fs(g)581 3360 y Fn(1)653
3345 y Fs(s)40 b Fu(=)842 3171 y Fg(8)842 3245 y(<)842
3395 y(:)957 3260 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33
b Fu(is)f(ev)m(en)957 3428 y(undef)p 957 3441 236 4 v
84 w(otherwise)527 3699 y Fs(g)581 3714 y Fn(2)653 3699
y Fs(s)40 b Fu(=)842 3525 y Fg(8)842 3600 y(<)842 3749
y(:)957 3615 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33
b Fu(is)f(a)g(prime)957 3782 y(undef)p 957 3795 V 84
w(otherwise)527 3922 y Fs(g)581 3937 y Fn(3)653 3922
y Fs(s)40 b Fu(=)33 b Fs(s)283 4132 y Fu(First,)42 b(determine)d(the)i
(ordering)e(among)g(these)i(partial)d(functions.)66 b(Next,)42
b(determine)e(a)283 4252 y(partial)32 b(function)i Fs(g)1037
4267 y Fn(4)1109 4252 y Fu(suc)m(h)i(that)e Fs(g)1598
4267 y Fn(4)1670 4252 y Ft(v)h Fs(g)1836 4267 y Fn(1)1875
4252 y Fu(,)f Fs(g)1990 4267 y Fn(4)2063 4252 y Ft(v)g
Fs(g)2228 4267 y Fn(2)2301 4252 y Fu(and)g Fs(g)2546
4267 y Fn(4)2619 4252 y Ft(v)g Fs(g)2784 4267 y Fn(3)2823
4252 y Fu(.)48 b(Finally)-8 b(,)32 b(determine)h(a)283
4372 y(partial)c(function)h Fs(g)1030 4387 y Fn(5)1099
4372 y Fu(suc)m(h)i(that)e Fs(g)1580 4387 y Fn(1)1650
4372 y Ft(v)h Fs(g)1812 4387 y Fn(5)1851 4372 y Fu(,)g
Fs(g)1963 4387 y Fn(2)2032 4372 y Ft(v)g Fs(g)2194 4387
y Fn(5)2264 4372 y Fu(and)f Fs(g)2505 4387 y Fn(5)2575
4372 y Ft(v)h Fs(g)2737 4387 y Fn(3)2806 4372 y Fu(but)g
Fs(g)3037 4387 y Fn(5)3106 4372 y Fu(is)f(neither)h(equal)283
4493 y(to)i Fs(g)457 4508 y Fn(1)496 4493 y Fu(,)f Fs(g)609
4508 y Fn(2)681 4493 y Fu(nor)g Fs(g)908 4508 y Fn(3)947
4493 y Fu(.)2707 b Fh(2)283 4729 y Fw(Exercise)37 b(4.8)49
b(\(Essen)m(tial\))36 b Fu(An)j(alternativ)m(e)f(c)m(haracterization)f
(of)h(the)h(ordering)f Ft(v)h Fu(on)283 4850 y Fw(State)33
b Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(is)552 5017 y Fs(g)606
5032 y Fn(1)678 5017 y Ft(v)h Fs(g)842 5032 y Fn(2)913
5017 y Fu(if)f(and)g(only)g(if)g(graph\()p Fs(g)1832
5032 y Fn(1)1871 5017 y Fu(\))g Ft(\022)h Fu(graph\()p
Fs(g)2387 5032 y Fn(2)2426 5017 y Fu(\))1167 b(\(*\))283
5185 y(where)39 b(graph\()p Fs(g)9 b Fu(\))36 b(is)h(the)g(graph)g(of)g
(the)h(partial)d(function)h Fs(g)46 b Fu(as)37 b(de\014ned)i(in)d(App)s
(endix)i(A.)283 5305 y(Pro)m(v)m(e)c(that)f(\(*\))f(is)g(indeed)h
(correct.)2028 b Fh(2)p 283 5403 1389 4 v 396 5464 a
Fm(1)433 5494 y Fk(Suc)n(h)28 b(a)f(diagram)f(is)h(sometimes)h(called)f
(a)g(Hasse)g(diagram.)p eop
%%Page: 95 105
95 104 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
b(95)p 0 193 3473 4 v 146 515 a Fu(The)47 b(set)f Fw(State)f
Fo(,)-17 b Ft(!)45 b Fw(State)g Fu(equipp)s(ed)h(with)f(the)h(ordering)
e Ft(v)i Fu(is)f(an)g(example)g(of)g(a)0 636 y(partially)32
b(ordered)j(set)f(as)h(w)m(e)g(shall)e(see)i(in)f(Lemma)f(4.13)g(b)s
(elo)m(w.)49 b(In)34 b(general,)h(a)e Fs(p)-5 b(artial)5
b(ly)0 756 y(or)-5 b(der)g(e)g(d)29 b(set)f Fu(is)e(a)h(pair)g(\()p
Fs(D)9 b Fu(,)27 b Ft(v)1097 771 y Fc(D)1161 756 y Fu(\))g(where)i
Fs(D)63 b Fu(is)27 b(a)g(set)h(and)f Ft(v)2218 771 y
Fc(D)2309 756 y Fu(is)g(a)g(relation)e(on)i Fs(D)36 b
Fu(satisfying)294 999 y Fs(d)42 b Ft(v)464 1014 y Fc(D)560
999 y Fs(d)1529 b Fu(\(re\015exivit)m(y\))294 1167 y
Fs(d)354 1182 y Fn(1)426 1167 y Ft(v)503 1182 y Fc(D)600
1167 y Fs(d)660 1182 y Fn(2)732 1167 y Fu(and)33 b Fs(d)982
1182 y Fn(2)1054 1167 y Ft(v)1131 1182 y Fc(D)1228 1167
y Fs(d)1288 1182 y Fn(3)1360 1167 y Fu(imply)d Fs(d)1693
1182 y Fn(1)1766 1167 y Ft(v)1843 1182 y Fc(D)1940 1167
y Fs(d)2000 1182 y Fn(3)2139 1167 y Fu(\(transitivit)m(y\))294
1335 y Fs(d)354 1350 y Fn(1)426 1335 y Ft(v)503 1350
y Fc(D)600 1335 y Fs(d)660 1350 y Fn(2)732 1335 y Fu(and)j
Fs(d)982 1350 y Fn(2)1054 1335 y Ft(v)1131 1350 y Fc(D)1228
1335 y Fs(d)1288 1350 y Fn(1)1360 1335 y Fu(imply)d Fs(d)1693
1350 y Fn(1)1766 1335 y Fu(=)i Fs(d)1934 1350 y Fn(2)2139
1335 y Fu(\(an)m(ti-symmetry\))0 1574 y(The)41 b(relation)d
Ft(v)650 1589 y Fc(D)754 1574 y Fu(is)i(said)f(to)h(b)s(e)g(a)f
Fs(p)-5 b(artial)42 b(or)-5 b(der)39 b Fu(on)h Fs(D)49
b Fu(and)40 b(w)m(e)h(shall)d(often)i(omit)e(the)0 1694
y(subscript)f Fs(D)45 b Fu(of)35 b Ft(v)733 1709 y Fc(D)832
1694 y Fu(and)h(write)g Ft(v)q Fu(.)53 b(Occasionally)-8
b(,)35 b(w)m(e)i(ma)m(y)f(write)g Fs(d)2701 1709 y Fn(1)2773
1694 y Ft(w)d Fs(d)2943 1709 y Fn(2)3018 1694 y Fu(instead)72
b(of)0 1815 y Fs(d)60 1830 y Fn(2)132 1815 y Ft(v)33
b Fs(d)302 1830 y Fn(1)373 1815 y Fu(and)e(w)m(e)h(shall)d(sa)m(y)j
(that)f Fs(d)1366 1830 y Fn(2)1437 1815 y Fs(shar)-5
b(es)32 b(its)i(information)e(with)38 b(d)2676 1830 y
Fn(1)2716 1815 y Fu(.)43 b(An)31 b(elemen)m(t)g Fs(d)41
b Fu(of)0 1935 y Fs(D)h Fu(satisfying)244 2181 y Fs(d)h
Ft(v)33 b Fs(d)507 2145 y Fi(0)562 2181 y Fu(for)g(all)d
Fs(d)907 2145 y Fi(0)963 2181 y Fu(of)i Fs(D)0 2427 y
Fu(is)g(called)f Fs(a)k(le)-5 b(ast)35 b(element)41 b
Fu(of)32 b Fs(D)42 b Fu(and)32 b(w)m(e)i(shall)d(sa)m(y)j(that)e(it)g
(con)m(tains)g Fs(no)j(information)p Fu(.)p 0 2556 3473
5 v 0 2782 a Fw(F)-9 b(act)37 b(4.9)49 b Fu(If)31 b(a)f(partially)e
(ordered)j(set)g(\()p Fs(D)9 b Fu(,)30 b Ft(v)q Fu(\))g(has)h(a)f
(least)g(elemen)m(t)h Fs(d)40 b Fu(then)31 b Fs(d)41
b Fu(is)30 b(unique.)p 0 2902 V 0 3148 a Fw(Pro)s(of:)51
b Fu(Assume)45 b(that)g Fs(D)53 b Fu(has)45 b(t)m(w)m(o)g(least)f
(elemen)m(ts)h Fs(d)2171 3163 y Fn(1)2255 3148 y Fu(and)g
Fs(d)2517 3163 y Fn(2)2556 3148 y Fu(.)80 b(Since)44
b Fs(d)2989 3163 y Fn(1)3074 3148 y Fu(is)g(a)g(least)0
3269 y(elemen)m(t)34 b(w)m(e)h(ha)m(v)m(e)g Fs(d)793
3284 y Fn(1)867 3269 y Ft(v)f Fs(d)1038 3284 y Fn(2)1078
3269 y Fu(.)48 b(Since)34 b Fs(d)1469 3284 y Fn(2)1543
3269 y Fu(is)f(a)h(least)g(elemen)m(t)f(w)m(e)i(also)f(ha)m(v)m(e)h
Fs(d)2945 3284 y Fn(2)3019 3269 y Ft(v)f Fs(d)3190 3284
y Fn(1)3230 3269 y Fu(.)47 b(The)0 3389 y(an)m(ti-symmetry)32
b(of)g(the)h(ordering)e Ft(v)i Fu(then)h(giv)m(es)f(that)f
Fs(d)2160 3404 y Fn(1)2232 3389 y Fu(=)h Fs(d)2401 3404
y Fn(2)2440 3389 y Fu(.)931 b Fh(2)146 3601 y Fu(This)30
b(fact)g(p)s(ermits)f(us)i(to)f(talk)f(ab)s(out)g Fs(the)38
b Fu(least)29 b(elemen)m(t)h(of)g Fs(D)9 b Fu(,)30 b(if)f(one)h
(exists,)h(and)f(w)m(e)0 3721 y(shall)h(denote)i(it)f(b)m(y)i
Ft(?)853 3736 y Fc(D)950 3721 y Fu(or)e(simply)f Ft(?)i
Fu(\(pronounced)h(\\b)s(ottom"\).)0 4018 y Fw(Example)j(4.10)49
b Fu(Let)32 b Fs(S)45 b Fu(b)s(e)32 b(a)h(non-empt)m(y)f(set)i(and)e
(de\014ne)244 4264 y Ft(P)8 b Fu(\()p Fs(S)k Fu(\))33
b(=)f Ft(f)g Fs(K)47 b Ft(j)32 b Fs(K)47 b Ft(\022)33
b Fs(S)45 b Ft(g)0 4510 y Fu(Then)34 b(\()p Ft(P)8 b
Fu(\()p Fs(S)k Fu(\),)32 b Ft(\022)q Fu(\))g(is)g(a)h(partially)d
(ordered)j(set)g(b)s(ecause)145 4756 y Ft(\017)49 b(\022)33
b Fu(is)f(re\015exiv)m(e:)45 b Fs(K)i Ft(\022)33 b Fs(K)145
5002 y Ft(\017)49 b(\022)33 b Fu(is)f(transitiv)m(e:)43
b(if)31 b Fs(K)1103 5017 y Fn(1)1175 5002 y Ft(\022)i
Fs(K)1375 5017 y Fn(2)1446 5002 y Fu(and)g Fs(K)1726
5017 y Fn(2)1797 5002 y Ft(\022)g Fs(K)1997 5017 y Fn(3)2069
5002 y Fu(then)g Fs(K)2381 5017 y Fn(1)2452 5002 y Ft(\022)g
Fs(K)2652 5017 y Fn(3)145 5248 y Ft(\017)49 b(\022)33
b Fu(is)f(an)m(ti-symmetric:)41 b(if)32 b Fs(K)1342 5263
y Fn(1)1413 5248 y Ft(\022)h Fs(K)1613 5263 y Fn(2)1685
5248 y Fu(and)f Fs(K)1964 5263 y Fn(2)2036 5248 y Ft(\022)h
Fs(K)2236 5263 y Fn(1)2307 5248 y Fu(then)g Fs(K)2619
5263 y Fn(1)2691 5248 y Fu(=)f Fs(K)2889 5263 y Fn(2)0
5494 y Fu(In)h(the)g(case)g(where)h Fs(S)45 b Fu(=)32
b Ft(f)p Fu(a,b,c)p Ft(g)h Fu(the)g(ordering)e(can)i(b)s(e)g(depicted)g
(as)g(follo)m(ws:)p eop
%%Page: 96 106
96 105 bop 251 130 a Fw(96)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 1696 540 a Ft(\017)130
b(f)p Fu(a,b,c)p Ft(g)1032 872 y(\017)g(f)p Fu(a,b)p
Ft(g)254 b(\017)130 b(f)p Fu(a,c)p Ft(g)266 b(\017)130
b(f)p Fu(b,c)p Ft(g)1032 1204 y(\017)g(f)p Fu(a)p Ft(g)335
b(\017)130 b(f)p Fu(b)p Ft(g)331 b(\017)130 b(f)p Fu(c)p
Ft(g)1696 1537 y(\017)g(;)1605 1503 y Fq(H)1522 1462
y(H)1439 1420 y(H)1356 1379 y(H)1273 1337 y(H)1190 1296
y(H)1107 1254 y(H)1082 1242 y(H)p 1720 1478 4 266 v 1746
1503 a(\010)1829 1462 y(\010)1912 1420 y(\010)1995 1379
y(\010)2078 1337 y(\010)2161 1296 y(\010)2244 1254 y(\010)2269
1242 y(\010)p 1056 1146 V 1082 1171 a(\010)1165 1130
y(\010)1248 1088 y(\010)1331 1047 y(\010)1414 1005 y(\010)1497
964 y(\010)1580 922 y(\010)1605 910 y(\010)1605 1171
y(H)1522 1130 y(H)1439 1088 y(H)1356 1047 y(H)1273 1005
y(H)1190 964 y(H)1107 922 y(H)1082 910 y(H)1746 1171
y(\010)1829 1130 y(\010)1912 1088 y(\010)1995 1047 y(\010)2078
1005 y(\010)2161 964 y(\010)2244 922 y(\010)2269 910
y(\010)2269 1171 y(H)2186 1130 y(H)2103 1088 y(H)2020
1047 y(H)1937 1005 y(H)1854 964 y(H)1771 922 y(H)1746
910 y(H)p 2384 1146 V 1082 839 a(\010)1165 798 y(\010)1248
756 y(\010)1331 715 y(\010)1414 673 y(\010)1497 632 y(\010)1580
590 y(\010)1605 578 y(\010)p 1720 814 V 2269 839 a(H)2186
798 y(H)2103 756 y(H)2020 715 y(H)1937 673 y(H)1854 632
y(H)1771 590 y(H)1746 578 y(H)283 1816 y Fu(Also,)33
b(\()p Ft(P)8 b Fu(\()p Fs(S)k Fu(\),)32 b Ft(\022)q
Fu(\))g(has)h(a)f(least)h(elemen)m(t,)f(namely)g Ft(;)p
Fu(.)1398 b Fh(2)283 2059 y Fw(Exercise)37 b(4.11)49
b Fu(Sho)m(w)32 b(that)g(\()p Ft(P)8 b Fu(\()p Fs(S)k
Fu(\),)31 b Ft(\023)q Fu(\))g(is)h(a)f(partially)e(ordered)j(set)g(and)
g(determine)f(the)283 2180 y(least)i(elemen)m(t.)43 b(Dra)m(w)32
b(a)h(picture)f(of)g(the)h(ordering)f(when)i Fs(S)44
b Fu(=)33 b Ft(f)p Fu(a,b,c)p Ft(g)p Fu(.)644 b Fh(2)283
2423 y Fw(Exercise)37 b(4.12)49 b Fu(Let)33 b Fs(S)44
b Fu(b)s(e)33 b(a)f(non-empt)m(y)h(set)g(and)g(de\014ne)527
2637 y Ft(P)605 2652 y Fn(\014n)687 2637 y Fu(\()p Fs(S)12
b Fu(\))33 b(=)f Ft(f)g Fs(K)47 b Ft(j)32 b Fs(K)47 b
Fu(is)33 b(\014nite)f(and)g Fs(K)47 b Ft(\022)33 b Fs(S)45
b Ft(g)283 2852 y Fu(V)-8 b(erify)47 b(that)f(\()p Ft(P)926
2867 y Fn(\014n)1008 2852 y Fu(\()p Fs(S)12 b Fu(\),)47
b Ft(\022)p Fu(\))g(and)g(\()p Ft(P)1706 2867 y Fn(\014n)1789
2852 y Fu(\()p Fs(S)12 b Fu(\),)46 b Ft(\023)p Fu(\))h(are)g(partially)
d(ordered)j(sets.)87 b(Do)46 b(b)s(oth)283 2972 y(partially)30
b(ordered)k(sets)f(ha)m(v)m(e)h(a)f(least)f(elemen)m(t)g(for)g(all)f(c)
m(hoices)i(of)f Fs(S)12 b Fu(?)730 b Fh(2)p 283 3216
3473 5 v 283 3403 a Fw(Lemma)38 b(4.13)49 b Fu(\()p Fw(State)22
b Fo(,)-17 b Ft(!)22 b Fw(State)p Fu(,)45 b Ft(v)q Fu(\))22
b(is)g(a)g(partially)e(ordered)j(set.)41 b(The)23 b(partial)d(function)
283 3523 y Ft(?)q Fu(:)43 b Fw(State)33 b Fo(,)-17 b
Ft(!)33 b Fw(State)f Fu(de\014ned)i(b)m(y)527 3737 y
Ft(?)f Fs(s)41 b Fu(=)32 b(undef)p 826 3750 236 4 v 34
w(for)g(all)e Fs(s)283 3952 y Fu(is)j(the)g(least)f(elemen)m(t)g(of)g
Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(.)p 283
4072 3473 5 v 283 4286 a Fw(Pro)s(of:)g Fu(W)-8 b(e)27
b(shall)f(\014rst)i(pro)m(v)m(e)h(that)e Ft(v)h Fu(ful\014ls)e(the)h
(three)h(requiremen)m(ts)h(to)e(a)g(partial)e(order:)283
4407 y(Clearly)-8 b(,)43 b Fs(g)49 b Ft(v)42 b Fs(g)49
b Fu(holds)41 b(b)s(ecause)h Fs(g)50 b(s)f Fu(=)41 b
Fs(s)1941 4371 y Fi(0)2005 4407 y Fu(trivially)d(implies)g(that)j
Fs(g)50 b(s)f Fu(=)41 b Fs(s)3290 4371 y Fi(0)3354 4407
y Fu(so)g Ft(v)h Fu(is)e(a)283 4527 y Fs(r)-5 b(e\015exive)40
b Fu(ordering.)430 4650 y(T)-8 b(o)30 b(see)h(that)f(it)f(is)h(a)g
Fs(tr)-5 b(ansitive)37 b Fu(ordering)29 b(assume)i(that)f
Fs(g)2617 4665 y Fn(1)2686 4650 y Ft(v)h Fs(g)2848 4665
y Fn(2)2917 4650 y Fu(and)f Fs(g)3158 4665 y Fn(2)3227
4650 y Ft(v)g Fs(g)3388 4665 y Fn(3)3458 4650 y Fu(and)g(w)m(e)283
4770 y(shall)j(pro)m(v)m(e)i(that)f Fs(g)1044 4785 y
Fn(1)1117 4770 y Ft(v)h Fs(g)1283 4785 y Fn(3)1322 4770
y Fu(.)48 b(Assume)35 b(that)f Fs(g)2027 4785 y Fn(1)2100
4770 y Fs(s)42 b Fu(=)33 b Fs(s)2339 4734 y Fi(0)2363
4770 y Fu(.)48 b(F)-8 b(rom)32 b Fs(g)2749 4785 y Fn(1)2822
4770 y Ft(v)j Fs(g)2988 4785 y Fn(2)3061 4770 y Fu(w)m(e)g(get)f
Fs(g)3424 4785 y Fn(2)3496 4770 y Fs(s)40 b Fu(=)33 b
Fs(s)3733 4734 y Fi(0)283 4890 y Fu(and)g(then)g Fs(g)749
4905 y Fn(2)821 4890 y Ft(v)g Fs(g)985 4905 y Fn(3)1056
4890 y Fu(giv)m(es)g(that)g Fs(g)1561 4905 y Fn(3)1632
4890 y Fs(s)41 b Fu(=)32 b Fs(s)1869 4854 y Fi(0)1893
4890 y Fu(.)430 5013 y(T)-8 b(o)32 b(see)h(that)f(it)f(is)g(an)h
Fs(anti-symmetric)37 b Fu(ordering)31 b(assume)i(that)e
Fs(g)2934 5028 y Fn(1)3005 5013 y Ft(v)i Fs(g)3169 5028
y Fn(2)3240 5013 y Fu(and)f Fs(g)3483 5028 y Fn(2)3554
5013 y Ft(v)g Fs(g)3717 5028 y Fn(1)283 5133 y Fu(and)40
b(w)m(e)g(shall)d(then)j(pro)m(v)m(e)g(that)f Fs(g)1634
5148 y Fn(1)1712 5133 y Fu(=)g Fs(g)1881 5148 y Fn(2)1920
5133 y Fu(.)62 b(Assume)40 b(that)f Fs(g)2649 5148 y
Fn(1)2727 5133 y Fs(s)47 b Fu(=)39 b Fs(s)2977 5097 y
Fi(0)3000 5133 y Fu(.)63 b(Then)40 b Fs(g)3405 5148 y
Fn(2)3483 5133 y Fs(s)47 b Fu(=)39 b Fs(s)3733 5097 y
Fi(0)283 5254 y Fu(follo)m(ws)31 b(from)g Fs(g)887 5269
y Fn(1)957 5254 y Ft(v)i Fs(g)1121 5269 y Fn(2)1191 5254
y Fu(so)f Fs(g)1364 5269 y Fn(1)1435 5254 y Fu(and)g
Fs(g)1678 5269 y Fn(2)1749 5254 y Fu(are)f(equal)h(on)g
Fs(s)8 b Fu(.)43 b(If)32 b Fs(g)2571 5269 y Fn(1)2642
5254 y Fs(s)39 b Fu(=)32 b(undef)p 2829 5267 236 4 v
33 w(then)g(it)f(m)m(ust)h(b)s(e)283 5374 y(the)i(case)g(that)f
Fs(g)925 5389 y Fn(2)997 5374 y Fs(s)41 b Fu(=)33 b(undef)p
1187 5387 V 34 w(since)h(otherwise)f Fs(g)2184 5389 y
Fn(2)2256 5374 y Fs(s)42 b Fu(=)32 b Fs(s)2494 5338 y
Fi(0)2551 5374 y Fu(and)h(the)h(assumption)e Fs(g)3480
5389 y Fn(2)3552 5374 y Ft(v)i Fs(g)3717 5389 y Fn(1)283
5494 y Fu(then)g(giv)m(es)f Fs(g)799 5509 y Fn(1)870
5494 y Fs(s)41 b Fu(=)32 b Fs(s)1107 5458 y Fi(0)1163
5494 y Fu(whic)m(h)h(is)f(a)h(con)m(tradiction.)42 b(Th)m(us)34
b Fs(g)2554 5509 y Fn(1)2626 5494 y Fu(and)e Fs(g)2869
5509 y Fn(2)2941 5494 y Fu(will)e(b)s(e)j(equal)f(on)h
Fs(s)8 b Fu(.)p eop
%%Page: 97 107
97 106 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
b(97)p 0 193 3473 4 v 146 515 a Fu(Finally)-8 b(,)39
b(w)m(e)i(shall)e(pro)m(v)m(e)i(that)e Ft(?)i Fu(is)e(the)h
Fs(le)-5 b(ast)42 b(element)48 b Fu(of)40 b Fw(State)g
Fo(,)-17 b Ft(!)40 b Fw(State)p Fu(.)65 b(It)40 b(is)0
636 y(easy)35 b(to)f(see)h(that)f Ft(?)h Fu(is)e(indeed)i(an)f(elemen)m
(t)g(of)f Fw(State)i Fo(,)-17 b Ft(!)34 b Fw(State)g
Fu(and)g(it)f(is)h(also)f(ob)m(vious)0 756 y(that)f Ft(?)h(v)g
Fs(g)41 b Fu(holds)33 b(for)f(all)e Fs(g)41 b Fu(since)33
b Ft(?)g Fs(s)41 b Fu(=)32 b Fs(s)1729 720 y Fi(0)1785
756 y Fu(v)-5 b(acuously)33 b(implies)d(that)j Fs(g)41
b(s)f Fu(=)33 b Fs(s)3096 720 y Fi(0)3119 756 y Fu(.)252
b Fh(2)146 960 y Fu(Ha)m(ving)27 b(in)m(tro)s(duced)g(an)g(ordering)f
(on)h(the)h(partial)c(functions)j(w)m(e)h(can)g(no)m(w)f(giv)m(e)g(a)g
(more)0 1080 y(precise)33 b(statemen)m(t)g(of)f(the)h(requiremen)m(ts)h
(to)e(FIX)h Fs(F)13 b Fu(:)145 1265 y Ft(\017)49 b Fu(FIX)32
b Fs(F)46 b Fu(is)32 b(a)g Fs(\014xe)-5 b(d)34 b(p)-5
b(oint)42 b Fu(of)32 b Fs(F)13 b Fu(,)33 b(that)f(is)g
Fs(F)13 b Fu(\(FIX)33 b Fs(F)13 b Fu(\))32 b(=)g(FIX)h
Fs(F)13 b Fu(,)33 b(and)145 1462 y Ft(\017)49 b Fu(FIX)32
b Fs(F)46 b Fu(is)32 b(a)g Fs(le)-5 b(ast)42 b Fu(\014xed)34
b(p)s(oin)m(t)e(of)g Fs(F)13 b Fu(,)32 b(that)h(is)458
1660 y(if)f Fs(F)45 b(g)c Fu(=)33 b Fs(g)41 b Fu(then)33
b(FIX)g Fs(F)45 b Ft(v)33 b Fs(g)9 b Fu(.)0 1902 y Fw(Exercise)36
b(4.14)49 b Fu(By)30 b(analogy)e(with)h(F)-8 b(act)28
b(4.9)h(sho)m(w)h(that)f(if)f Fs(F)42 b Fu(has)29 b(a)g(least)g
(\014xed)h(p)s(oin)m(t)e Fs(g)3433 1917 y Fn(0)0 2023
y Fu(then)33 b Fs(g)276 2038 y Fn(0)348 2023 y Fu(is)f(unique.)2641
b Fh(2)146 2227 y Fu(The)30 b(next)f(task)h(will)c(b)s(e)j(to)f(ensure)
i(that)f(all)d(functionals)i Fs(F)41 b Fu(that)29 b(ma)m(y)f(arise)g
(do)h(indeed)0 2347 y(ha)m(v)m(e)37 b(least)d(\014xed)j(p)s(oin)m(ts.)
51 b(W)-8 b(e)35 b(shall)f(do)h(so)h(b)m(y)g(dev)m(eloping)f(a)g
(general)f(theory)i(that)f(giv)m(es)0 2467 y(more)h(structure)h(to)f
(the)g(partially)e(ordered)j(sets)g(and)g(that)f(imp)s(oses)f
(restrictions)h(on)g(the)0 2588 y(functionals)31 b(so)i(that)g(they)g
(ha)m(v)m(e)h(least)e(\014xed)i(p)s(oin)m(ts.)0 2792
y Fw(Exercise)i(4.15)49 b Fu(Determine)37 b(the)h(least)f(\014xed)i(p)s
(oin)m(ts)f(of)f(the)h(functionals)f(considered)h(in)0
2912 y(Exercises)c(4.2)f(and)f(4.3.)43 b(Compare)33 b(with)f(Exercises)
i(4.4)e(and)h(4.5.)873 b Fh(2)0 3198 y Fp(Complete)46
b(partially)h(ordered)e(sets)0 3383 y Fu(Consider)38
b(a)e(partially)f(ordered)j(set)g(\()p Fs(D)9 b Fu(,)37
b Ft(v)p Fu(\))g(and)g(assume)h(that)f(w)m(e)h(ha)m(v)m(e)h(a)d(subset)
j Fs(Y)57 b Fu(of)0 3503 y Fs(D)9 b Fu(.)31 b(W)-8 b(e)32
b(shall)d(b)s(e)j(in)m(terested)g(in)e(an)h(elemen)m(t)g(of)g
Fs(D)40 b Fu(that)31 b(summarizes)f(all)f(the)j(information)0
3623 y(of)c Fs(Y)48 b Fu(and)29 b(this)f(is)g(called)g(an)g
Fs(upp)-5 b(er)31 b(b)-5 b(ound)39 b Fu(of)28 b Fs(Y)20
b Fu(;)28 b(formally)-8 b(,)27 b(it)h(is)g(an)g(elemen)m(t)h
Fs(d)38 b Fu(of)28 b Fs(D)38 b Fu(suc)m(h)0 3744 y(that)244
3929 y Ft(8)p Fs(d)359 3893 y Fi(0)415 3929 y Ft(2)33
b Fs(Y)20 b Fu(.)32 b Fs(d)725 3893 y Fi(0)781 3929 y
Ft(v)h Fs(d)0 4114 y Fu(An)g(upp)s(er)g(b)s(ound)g Fs(d)42
b Fu(of)32 b Fs(Y)53 b Fu(is)32 b(a)g Fs(le)-5 b(ast)35
b(upp)-5 b(er)34 b(b)-5 b(ound)33 b Fu(if)e(and)i(only)f(if)244
4299 y Fs(d)304 4263 y Fi(0)360 4299 y Fu(is)g(an)g(upp)s(er)i(b)s
(ound)e(of)g Fs(Y)53 b Fu(implies)30 b(that)i Fs(d)43
b Ft(v)33 b Fs(d)2214 4263 y Fi(0)0 4485 y Fu(Th)m(us)i(a)f(least)g
(upp)s(er)g(b)s(ound)g(of)g Fs(Y)53 b Fu(will)32 b(add)i(as)g(little)d
(extra)k(information)30 b(as)k(p)s(ossible)g(to)0 4605
y(that)e(already)g(presen)m(t)j(in)d(the)h(elemen)m(ts)f(of)h
Fs(Y)19 b Fu(.)0 4809 y Fw(Exercise)36 b(4.16)49 b Fu(By)31
b(analogy)f(with)g(F)-8 b(act)30 b(4.9)g(sho)m(w)h(that)g(if)e
Fs(Y)50 b Fu(has)31 b(a)f(least)g(upp)s(er)h(b)s(ound)0
4929 y Fs(d)43 b Fu(then)33 b Fs(d)43 b Fu(is)32 b(unique.)2581
b Fh(2)146 5133 y Fu(If)37 b Fs(Y)56 b Fu(has)37 b(a)f(\(necessarily)h
(unique\))g(least)f(upp)s(er)h(b)s(ound)g(w)m(e)g(shall)e(denote)j(it)d
(b)m(y)3284 5067 y Fg(F)3354 5133 y Fs(Y)19 b Fu(.)0
5254 y(Finally)-8 b(,)30 b(a)i(subset)i Fs(Y)52 b Fu(is)32
b(called)f(a)i Fs(chain)39 b Fu(if)31 b(it)g(is)h(consisten)m(t)i(in)d
(the)i(sense)i(that)d(if)f(w)m(e)j(tak)m(e)0 5374 y(an)m(y)28
b(t)m(w)m(o)f(elemen)m(ts)g(of)g Fs(Y)46 b Fu(then)27
b(one)h(will)c(share)k(its)e(information)e(with)i(the)h(other;)i
(formally)-8 b(,)0 5494 y(this)32 b(is)g(expressed)k(b)m(y)p
eop
%%Page: 98 108
98 107 bop 251 130 a Fw(98)2034 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(8)q Fs(d)643
530 y Fn(1)682 515 y Fu(,)d Fs(d)802 530 y Fn(2)874 515
y Ft(2)g Fs(Y)20 b Fu(.)32 b Fs(d)1184 530 y Fn(1)1256
515 y Ft(v)h Fs(d)1426 530 y Fn(2)1498 515 y Fu(or)g
Fs(d)1678 530 y Fn(2)1750 515 y Ft(v)g Fs(d)1920 530
y Fn(1)283 758 y Fw(Example)k(4.17)49 b Fu(Consider)d(the)g(partially)d
(ordered)j(set)g(\()p Ft(P)9 b Fu(\()p Ft(f)p Fu(a,b,c)p
Ft(g)p Fu(\),)48 b Ft(\022)q Fu(\))d(of)g(Example)283
879 y(4.10.)e(Then)34 b(the)f(subset)527 1091 y Fs(Y)619
1106 y Fn(0)691 1091 y Fu(=)f Ft(f)h(;)o Fu(,)g Ft(f)p
Fu(a)p Ft(g)p Fu(,)f Ft(f)p Fu(a,c)p Ft(g)g(g)283 1304
y Fu(is)i(a)f(c)m(hain.)48 b(Both)33 b Ft(f)p Fu(a,b,c)p
Ft(g)h Fu(and)g Ft(f)p Fu(a,c)p Ft(g)g Fu(are)g(upp)s(er)g(b)s(ounds)h
(of)e Fs(Y)2775 1319 y Fn(0)2848 1304 y Fu(and)h Ft(f)p
Fu(a,c)p Ft(g)g Fu(is)f(the)h(least)283 1424 y(upp)s(er)k(b)s(ound.)55
b(The)38 b(elemen)m(t)e Ft(f)p Fu(a,b)p Ft(g)g Fu(is)g
Fs(not)46 b Fu(an)37 b(upp)s(er)g(b)s(ound)g(b)s(ecause)h
Ft(f)p Fu(a,c)p Ft(g)e(6\022)h(f)p Fu(a,b)p Ft(g)p Fu(.)283
1545 y(In)e(general,)f(the)g(least)g(upp)s(er)h(b)s(ound)f(of)g(a)f
(non-empt)m(y)i(c)m(hain)f(in)f Ft(P)8 b Fu(\()p Ft(f)p
Fu(a,b,c)p Ft(g)p Fu(\))34 b(will)e(b)s(e)i(the)283 1665
y(largest)e(elemen)m(t)h(of)f(the)h(c)m(hain.)430 1787
y(The)47 b(subset)i Ft(f)d(;)p Fu(,)k Ft(f)p Fu(a)p Ft(g)p
Fu(,)g Ft(f)p Fu(c)p Ft(g)p Fu(,)h Ft(f)p Fu(a,c)p Ft(g)46
b(g)h Fu(is)f Fs(not)56 b Fu(a)46 b(c)m(hain)h(b)s(ecause)h
Ft(f)p Fu(a)p Ft(g)e Fu(and)h Ft(f)p Fu(c)p Ft(g)g Fu(are)283
1908 y(unrelated)42 b(b)m(y)g(the)g(ordering.)69 b(Ho)m(w)m(ev)m(er,)46
b(it)40 b(do)s(es)i(ha)m(v)m(e)h(a)e(least)g(upp)s(er)h(b)s(ound,)i
(namely)283 2028 y Ft(f)p Fu(a,c)p Ft(g)p Fu(.)430 2150
y(The)35 b Fs(subset)43 b Ft(;)34 b Fu(of)g Ft(P)8 b
Fu(\()p Ft(f)p Fu(a,b,c)p Ft(g)p Fu(\))34 b(is)g(a)g(c)m(hain)g(and)g
(it)f(has)i(an)m(y)g(elemen)m(t)e(of)h Ft(P)9 b Fu(\()p
Ft(f)p Fu(a,b,c)p Ft(g)p Fu(\))34 b(as)283 2271 y(an)f(upp)s(er)g(b)s
(ound.)44 b(Its)33 b(least)f(upp)s(er)h(b)s(ound)g(is)f(the)h
Fs(element)41 b Ft(;)p Fu(.)981 b Fh(2)283 2512 y Fw(Exercise)37
b(4.18)49 b Fu(Let)37 b Fs(S)49 b Fu(b)s(e)37 b(a)g(non-empt)m(y)h(set)
f(and)h(consider)f(the)h(partially)c(ordered)k(set)283
2632 y(\()p Ft(P)9 b Fu(\()p Fs(S)j Fu(\),)33 b Ft(\022)p
Fu(\).)45 b(Sho)m(w)34 b(that)f(ev)m(ery)i(subset)f(of)f
Ft(P)8 b Fu(\()p Fs(S)k Fu(\))33 b(has)g(a)g(least)g(upp)s(er)g(b)s
(ound.)45 b(Rep)s(eat)33 b(the)283 2753 y(exercise)h(for)e(the)h
(partially)d(ordered)k(set)f(\()p Ft(P)8 b Fu(\()p Fs(S)k
Fu(\),)33 b Ft(\023)p Fu(\).)1362 b Fh(2)283 2994 y Fw(Exercise)37
b(4.19)49 b Fu(Let)37 b Fs(S)49 b Fu(b)s(e)37 b(a)g(non-empt)m(y)h(set)
f(and)h(consider)f(the)h(partially)c(ordered)k(set)283
3114 y(\()p Ft(P)399 3129 y Fn(\014n)481 3114 y Fu(\()p
Fs(S)12 b Fu(\),)31 b Ft(\022)q Fu(\))f(as)i(de\014ned)g(in)e(Exercise)
j(4.12.)42 b(Sho)m(w)32 b(b)m(y)g(means)f(of)f(an)h(example)f(that)h
(there)283 3234 y(are)45 b(c)m(hoices)h(of)e Fs(S)57
b Fu(suc)m(h)46 b(that)f(\()p Ft(P)1605 3249 y Fn(\014n)1688
3234 y Fu(\()p Fs(S)12 b Fu(\),)44 b Ft(\022)q Fu(\))h(has)g(a)f(c)m
(hain)h(with)g(no)f(upp)s(er)i(b)s(ound)f(and)283 3355
y(therefore)34 b(no)e(least)g(upp)s(er)h(b)s(ound.)2051
b Fh(2)283 3596 y Fw(Example)37 b(4.20)49 b Fu(Let)33
b Fs(g)1223 3611 y Fn(n)1266 3596 y Fu(:)43 b Fw(State)33
b Fo(,)-17 b Ft(!)32 b Fw(State)h Fu(b)s(e)g(de\014ned)h(b)m(y)527
3969 y Fs(g)581 3984 y Fn(n)657 3969 y Fs(s)40 b Fu(=)846
3719 y Fg(8)846 3794 y(>)846 3819 y(>)846 3844 y(>)846
3869 y(<)846 4018 y(>)846 4043 y(>)846 4068 y(>)846 4093
y(:)961 3800 y Fu(undef)p 961 3813 236 4 v 235 w(if)31
b Fs(s)41 b Fr(x)33 b Fo(>)f Fu(n)961 3968 y Fs(s)8 b
Fu([)p Fr(x)p Ft(7!\000)p Fw(1)p Fu(])84 b(if)31 b Fw(0)i
Ft(\024)g Fs(s)40 b Fr(x)33 b Fu(and)g Fs(s)40 b Fr(x)33
b Ft(\024)g Fu(n)961 4135 y Fs(s)430 b Fu(if)31 b Fs(s)41
b Fr(x)33 b Fo(<)f Fw(0)283 4341 y Fu(It)38 b(is)f(straigh)m(tforw)m
(ard)g(to)g(v)m(erify)h(that)f Fs(g)1858 4356 y Fn(n)1939
4341 y Ft(v)h Fs(g)2108 4356 y Fn(m)2208 4341 y Fu(whenev)m(er)i(n)e
Ft(\024)f Fu(m)g(b)s(ecause)i Fs(g)3386 4356 y Fn(n)3466
4341 y Fu(will)d(b)s(e)283 4462 y(unde\014ned)f(for)d(more)g(states)h
(than)g Fs(g)1680 4477 y Fn(m)1742 4462 y Fu(.)44 b(No)m(w)33
b(de\014ne)h Fs(Y)2408 4477 y Fn(0)2480 4462 y Fu(to)f(b)s(e)527
4674 y Fs(Y)619 4689 y Fn(0)691 4674 y Fu(=)f Ft(f)h
Fs(g)936 4689 y Fn(n)1011 4674 y Ft(j)f Fu(n)h Ft(\025)g
Fu(0)f Ft(g)283 4887 y Fu(Then)i Fs(Y)630 4902 y Fn(0)702
4887 y Fu(is)e(a)g(c)m(hain)h(b)s(ecause)h Fs(g)1554
4902 y Fn(n)1629 4887 y Ft(v)f Fs(g)1793 4902 y Fn(m)1888
4887 y Fu(whenev)m(er)i(n)e Ft(\024)g Fu(m.)43 b(The)33
b(partial)d(function)527 5181 y Fs(g)41 b(s)g Fu(=)802
5007 y Fg(8)802 5081 y(<)802 5231 y(:)918 5096 y Fs(s)8
b Fu([)p Fr(x)p Ft(7!\000)p Fw(1)p Fu(])83 b(if)32 b
Fw(0)g Ft(\024)h Fs(s)41 b Fr(x)918 5264 y Fs(s)429 b
Fu(if)32 b Fs(s)40 b Fr(x)33 b Fo(<)g Fw(0)283 5475 y
Fu(is)g(the)g(least)f(upp)s(er)h(b)s(ound)g(of)f Fs(Y)19
b Fu(.)2094 b Fh(2)p eop
%%Page: 99 109
99 108 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
b(99)p 0 193 3473 4 v 0 515 a(Exercise)36 b(4.21)49 b
Fu(Construct)e(a)f(subset)h Fs(Y)66 b Fu(of)45 b Fw(State)h
Fo(,)-17 b Ft(!)46 b Fw(State)g Fu(suc)m(h)h(that)f Fs(Y)65
b Fu(has)46 b(no)0 636 y(upp)s(er)33 b(b)s(ound)g(and)g(hence)h(no)e
(least)g(upp)s(er)h(b)s(ound.)1420 b Fh(2)0 826 y Fw(Exercise)36
b(4.22)49 b Fu(Let)33 b Fs(g)920 841 y Fn(n)996 826 y
Fu(b)s(e)f(the)h(partial)e(function)h(de\014ned)i(b)m(y)244
1083 y Fs(g)298 1098 y Fn(n)373 1083 y Fs(s)41 b Fu(=)562
909 y Fg(8)562 983 y(<)562 1133 y(:)678 998 y Fs(s)8
b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!][)p
Fr(x)p Ft(7!)q Fw(1)p Fu(])83 b(if)31 b Fw(0)i Fo(<)f
Fs(s)41 b Fr(x)33 b Fu(and)f Fs(s)41 b Fr(x)33 b Ft(\024)g
Fu(n)678 1166 y(undef)p 678 1179 236 4 v 597 w(if)e Fs(s)41
b Fr(x)33 b Ft(\024)g Fw(0)f Fu(or)g Fs(s)41 b Fr(x)33
b Fo(>)f Fu(n)0 1345 y(\(where)h Fo(m)p Fu(!)f(denotes)h(the)f
(factorial)d(of)i Fo(m)p Fu(.\))44 b(De\014ne)32 b Fs(Y)2060
1360 y Fn(0)2131 1345 y Fu(=)f Ft(f)g Fs(g)2373 1360
y Fn(n)2448 1345 y Ft(j)g Fu(n)h Ft(\025)g Fu(0)g Ft(g)f
Fu(and)h(sho)m(w)h(that)0 1466 y(it)d(is)h(a)g(c)m(hain.)43
b(Characterize)32 b(the)f(upp)s(er)h(b)s(ounds)g(of)f
Fs(Y)2119 1481 y Fn(0)2190 1466 y Fu(and)g(determine)g(the)h(least)f
(upp)s(er)0 1586 y(b)s(ound.)3103 b Fh(2)146 1777 y Fu(A)33
b(partially)d(ordered)k(set)g(\()p Fs(D)9 b Fu(,)32 b
Ft(v)q Fu(\))h(is)f(called)g(a)g Fs(chain)j(c)-5 b(omplete)39
b Fu(partially)30 b(ordered)k(set)0 1897 y(\(abbreviated)j
Fs(c)-5 b(cp)g(o)p Fu(\))36 b(whenev)m(er)1262 1831 y
Fg(F)1331 1897 y Fs(Y)56 b Fu(exists)74 b(for)36 b(all)e(c)m(hains)j
Fs(Y)20 b Fu(.)37 b(It)f(is)g(a)h Fs(c)-5 b(omplete)37
b(lattic)-5 b(e)0 2017 y Fu(if)89 1951 y Fg(F)159 2017
y Fs(Y)52 b Fu(exists)33 b(for)f(all)f(subsets)j Fs(Y)52
b Fu(of)33 b Fs(D)9 b Fu(.)0 2208 y Fw(Example)37 b(4.23)49
b Fu(Exercise)35 b(4.18)f(sho)m(ws)i(that)e(\()p Ft(P)8
b Fu(\()p Fs(S)k Fu(\),)34 b Ft(\022)q Fu(\))g(and)h(\()p
Ft(P)8 b Fu(\()p Fs(S)k Fu(\),)34 b Ft(\023)q Fu(\))g(are)g(complete)0
2328 y(lattices,)51 b(and)d(hence)h(ccp)s(o's,)k(for)47
b(all)f(non-empt)m(y)i(sets)i Fs(S)12 b Fu(.)47 b(Exercise)j(4.19)d
(sho)m(ws)j(that)0 2449 y(\()p Ft(P)115 2464 y Fn(\014n)198
2449 y Fu(\()p Fs(S)12 b Fu(\),)32 b Ft(\022)q Fu(\))g(need)i(not)e(b)s
(e)h(a)f(complete)g(lattice)f(nor)i(a)f(ccp)s(o.)1051
b Fh(2)p 0 2639 3473 5 v 0 2785 a Fw(F)-9 b(act)37 b(4.24)49
b Fu(If)33 b(\()p Fs(D)9 b Fu(,)32 b Ft(v)q Fu(\))g(is)g(a)h(ccp)s(o)g
(then)g(it)e(has)i(a)g(least)f(elemen)m(t)g Ft(?)h Fu(giv)m(en)g(b)m(y)
g Ft(?)q Fu(=)3174 2719 y Fg(F)3243 2785 y Ft(;)p Fu(.)p
0 2906 V 0 3081 a Fw(Pro)s(of:)k Fu(It)c(is)f(straigh)m(tforw)m(ard)g
(to)h(c)m(hec)m(k)h(that)f Ft(;)f Fu(is)g(a)h(c)m(hain)f(and)h(since)g
(\()p Fs(D)9 b Fu(,)33 b Ft(v)p Fu(\))g(is)f(a)g(ccp)s(o)0
3201 y(w)m(e)g(get)g(that)514 3135 y Fg(F)583 3201 y
Ft(;)f Fu(exists.)44 b(Using)31 b(the)h(de\014nition)e(of)1953
3135 y Fg(F)2022 3201 y Ft(;)h Fu(w)m(e)i(see)f(that)f(for)g(an)m(y)h
(elemen)m(t)f Fs(d)42 b Fu(of)0 3321 y Fs(D)g Fu(w)m(e)33
b(ha)m(v)m(e)484 3255 y Fg(F)553 3321 y Ft(;)g(v)g Fs(d)10
b Fu(.)43 b(This)33 b(means)f(that)1609 3255 y Fg(F)1678
3321 y Ft(;)g Fu(is)g(the)h(least)g(elemen)m(t)f(of)g
Fs(D)9 b Fu(.)562 b Fh(2)146 3525 y Fu(Exercise)26 b(4.21)e(sho)m(ws)j
(that)d Fw(State)h Fo(,)-17 b Ft(!)24 b Fw(State)h Fu(is)f(not)h(a)f
(complete)g(lattice.)39 b(F)-8 b(ortunately)g(,)0 3645
y(w)m(e)34 b(ha)m(v)m(e)p 0 3766 V 0 3912 a Fw(Lemma)j(4.25)49
b Fu(\()p Fw(State)39 b Fo(,)-17 b Ft(!)39 b Fw(State)p
Fu(,)f Ft(v)q Fu(\))h(is)f(a)g(ccp)s(o.)63 b(The)39 b(least)g(upp)s(er)
g(b)s(ound)3107 3845 y Fg(F)3176 3912 y Fs(Y)58 b Fu(of)39
b(a)0 4032 y(c)m(hain)32 b Fs(Y)53 b Fu(is)32 b(giv)m(en)g(b)m(y)244
4207 y(graph\()526 4141 y Fg(F)595 4207 y Fs(Y)20 b Fu(\))32
b(=)865 4141 y Fg(S)935 4207 y Ft(f)g Fu(graph\()p Fs(g)9
b Fu(\))32 b Ft(j)g Fs(g)41 b Ft(2)p Fs(Y)53 b Ft(g)0
4382 y Fu(that)32 b(is)g(\()347 4316 y Fg(F)417 4382
y Fs(Y)19 b Fu(\))p Fs(s)41 b Fu(=)32 b Fs(s)783 4346
y Fi(0)839 4382 y Fu(if)f(and)i(only)f(if)g Fs(g)41 b(s)f
Fu(=)33 b Fs(s)1745 4346 y Fi(0)1801 4382 y Fu(for)f(some)g
Fs(g)41 b Ft(2)33 b Fs(Y)20 b Fu(.)p 0 4503 V 0 4678
a Fw(Pro)s(of:)37 b Fu(The)d(pro)s(of)e(is)g(in)f(three)j(stages:)44
b(First)32 b(w)m(e)h(pro)m(v)m(e)h(that)269 4779 y Fg(S)338
4845 y Ft(f)e Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g
Fs(g)41 b Ft(2)33 b Fs(Y)52 b Ft(g)2103 b Fu(\(*\))0
5013 y(is)41 b(indeed)h(a)f(graph)h(of)f(a)g(partial)f(function)h(in)g
Fw(State)h Fo(,)-17 b Ft(!)41 b Fw(State)p Fu(.)71 b(Secondly)-8
b(,)44 b(w)m(e)f(pro)m(v)m(e)0 5133 y(that)29 b(this)g(function)g(will)
d(b)s(e)k(an)f(upp)s(er)h(b)s(ound)f(of)g Fs(Y)49 b Fu(and)29
b(thirdly)f(that)h(it)f(is)h(less)g(than)h(an)m(y)0 5254
y(other)j(upp)s(er)g(b)s(ound)g(of)f Fs(Y)19 b Fu(,)33
b(that)f(is)g(it)g(is)g(the)h(least)f(upp)s(er)h(b)s(ound)g(of)f
Fs(Y)20 b Fu(.)146 5374 y(T)-8 b(o)25 b(v)m(erify)g(that)g(\(*\))f(sp)s
(eci\014es)i(a)f Fs(p)-5 b(artial)27 b(function)32 b
Fu(w)m(e)26 b(only)e(need)i(to)f(sho)m(w)h(that)e(if)g
Ft(h)p Fs(s)8 b Fu(,)32 b Fs(s)3410 5338 y Fi(0)3434
5374 y Ft(i)0 5494 y Fu(and)h Ft(h)o Fs(s)8 b Fu(,)33
b Fs(s)384 5458 y Fi(00)427 5494 y Ft(i)f Fu(are)g(elemen)m(ts)h(of)p
eop
%%Page: 100 110
100 109 bop 251 130 a Fw(100)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(X)49 b
Fu(=)756 449 y Fg(S)826 515 y Ft(f)32 b Fu(graph\()p
Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)52 b
Ft(g)283 710 y Fu(then)35 b Fs(s)555 673 y Fi(0)613 710
y Fu(=)f Fs(s)771 673 y Fi(00)813 710 y Fu(.)49 b(When)35
b Ft(h)p Fs(s)8 b Fu(,)34 b Fs(s)1371 673 y Fi(0)1395
710 y Ft(i)g(2)g Fs(X)51 b Fu(there)35 b(will)c(b)s(e)k(a)f(partial)e
(function)i Fs(g)41 b Ft(2)33 b Fs(Y)53 b Fu(suc)m(h)36
b(that)283 830 y Fs(g)k(s)f Fu(=)30 b Fs(s)601 794 y
Fi(0)625 830 y Fu(.)43 b(Similarly)-8 b(,)27 b(when)32
b Ft(h)p Fs(s)8 b Fu(,)31 b Fs(s)1573 794 y Fi(00)1616
830 y Ft(i)f(2)h Fs(X)47 b Fu(then)32 b(there)g(will)c(b)s(e)j(a)g
(partial)e(function)h Fs(g)3510 794 y Fi(0)3565 830 y
Ft(2)j Fs(Y)283 950 y Fu(suc)m(h)i(that)d Fs(g)769 914
y Fi(0)824 950 y Fs(s)41 b Fu(=)32 b Fs(s)1061 914 y
Fi(00)1104 950 y Fu(.)43 b(Since)33 b Fs(Y)52 b Fu(is)33
b(a)f(c)m(hain)g(w)m(e)i(will)c(ha)m(v)m(e)k(that)f(either)f
Fs(g)41 b Ft(v)33 b Fs(g)3281 914 y Fi(0)3337 950 y Fu(or)f
Fs(g)3510 914 y Fi(0)3565 950 y Ft(v)h Fs(g)9 b Fu(.)283
1071 y(In)44 b(an)m(y)h(case)f(w)m(e)h(get)f Fs(g)52
b(s)g Fu(=)43 b Fs(g)1520 1034 y Fi(0)1587 1071 y Fs(s)51
b Fu(and)44 b(this)g(means)f(that)h Fs(s)2661 1034 y
Fi(0)2728 1071 y Fu(=)f Fs(s)2895 1034 y Fi(00)2981 1071
y Fu(as)h(required.)78 b(This)283 1191 y(completes)33
b(the)g(\014rst)g(part)f(of)g(the)h(pro)s(of.)430 1311
y(In)g(the)g(second)h(part)e(of)g(the)h(pro)s(of)f(w)m(e)h(de\014ne)h
(the)f(partial)d(function)j Fs(g)3124 1326 y Fn(0)3195
1311 y Fu(b)m(y)527 1506 y(graph\()p Fs(g)863 1521 y
Fn(0)902 1506 y Fu(\))g(=)1081 1439 y Fg(S)1150 1506
y Ft(f)g Fu(graph\()p Fs(g)9 b Fu(\))31 b Ft(j)i Fs(g)41
b Ft(2)33 b Fs(Y)52 b Ft(g)283 1700 y Fu(T)-8 b(o)33
b(sho)m(w)g(that)f Fs(g)933 1715 y Fn(0)1004 1700 y Fu(is)g(an)g(upp)s
(er)h(b)s(ound)f(of)g Fs(Y)52 b Fu(let)31 b Fs(g)41 b
Fu(b)s(e)32 b(an)g(elemen)m(t)g(of)g Fs(Y)20 b Fu(.)32
b(Then)h(w)m(e)h(ha)m(v)m(e)283 1820 y(graph\()p Fs(g)9
b Fu(\))36 b Ft(\022)g Fu(graph\()p Fs(g)1142 1835 y
Fn(0)1181 1820 y Fu(\))g(and)g(using)f(the)h(result)g(of)g(Exercise)h
(4.8)e(w)m(e)i(see)g(that)f Fs(g)44 b Ft(v)37 b Fs(g)3594
1835 y Fn(0)3669 1820 y Fu(as)283 1940 y(required)d(and)e(w)m(e)i(ha)m
(v)m(e)g(completed)e(the)h(second)h(part)e(of)g(the)h(pro)s(of.)430
2061 y(In)26 b(the)h(third)e(part)h(of)g(the)h(pro)s(of)e(w)m(e)i(sho)m
(w)h(that)e Fs(g)2296 2076 y Fn(0)2361 2061 y Fu(is)g(the)g(least)g
(upp)s(er)h(b)s(ound)f(of)g Fs(Y)20 b Fu(.)26 b(So)283
2181 y(let)33 b Fs(g)479 2196 y Fn(1)551 2181 y Fu(b)s(e)h(some)f(upp)s
(er)h(b)s(ound)f(of)g Fs(Y)19 b Fu(.)34 b(Using)f(the)g(de\014nition)f
(of)h(an)g(upp)s(er)h(b)s(ound)g(w)m(e)g(get)283 2302
y(that)29 b Fs(g)38 b Ft(v)30 b Fs(g)735 2317 y Fn(1)803
2302 y Fu(m)m(ust)f(hold)f(for)h(all)e Fs(g)38 b Ft(2)p
Fs(Y)20 b Fu(.)29 b(Exercise)i(4.8)d(giv)m(es)i(that)f(graph\()p
Fs(g)9 b Fu(\))28 b Ft(\022)i Fu(graph\()p Fs(g)3652
2317 y Fn(1)3691 2302 y Fu(\).)283 2422 y(Hence)k(it)e(m)m(ust)h(b)s(e)
f(the)h(case)h(that)527 2550 y Fg(S)597 2616 y Ft(f)e
Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)41 b Ft(2)33
b Fs(Y)52 b Ft(g)32 b(\022)h Fu(graph\()p Fs(g)1982 2631
y Fn(1)2021 2616 y Fu(\))283 2810 y(But)28 b(this)g(is)f(the)h(same)f
(as)h(graph\()p Fs(g)1604 2825 y Fn(0)1643 2810 y Fu(\))f
Ft(\022)h Fu(graph\()p Fs(g)2149 2825 y Fn(1)2188 2810
y Fu(\))g(and)f(Exercise)i(4.8)f(giv)m(es)g(that)f Fs(g)3464
2825 y Fn(0)3531 2810 y Ft(v)h Fs(g)3690 2825 y Fn(1)3729
2810 y Fu(.)283 2931 y(This)k(sho)m(ws)h(that)e Fs(g)1048
2946 y Fn(0)1118 2931 y Fu(is)f(the)i(least)f(upp)s(er)h(b)s(ound)f(of)
g Fs(Y)50 b Fu(and)32 b(thereb)m(y)h(w)m(e)f(ha)m(v)m(e)g(completed)283
3051 y(the)h(pro)s(of.)2980 b Fh(2)283 3421 y Fp(Con)l(tin)l(uous)46
b(functions)283 3606 y Fu(Let)35 b(\()p Fs(D)9 b Fu(,)34
b Ft(v)p Fu(\))g(and)g(\()p Fs(D)1103 3570 y Fi(0)1126
3606 y Fu(,)h Ft(v)1265 3570 y Fi(0)1288 3606 y Fu(\))f(b)s(e)g(ccp)s
(o's)h(and)f(consider)h(a)e(\(total\))g(function)g Fs(f)21
b Fu(:)46 b Fs(D)d Ft(!)34 b Fs(D)3593 3570 y Fi(0)3616
3606 y Fu(.)48 b(If)283 3726 y Fs(d)343 3741 y Fn(1)416
3726 y Ft(v)33 b Fs(d)586 3741 y Fn(2)657 3726 y Fu(then)g(the)f(in)m
(tuition)e(is)h(that)h Fs(d)1812 3741 y Fn(1)1884 3726
y Fu(shares)h(its)e(information)e(with)j Fs(d)3122 3741
y Fn(2)3161 3726 y Fu(.)43 b(So)32 b(when)h(the)283 3847
y(function)k Fs(f)58 b Fu(has)37 b(b)s(een)h(applied)e(to)h(the)g(t)m
(w)m(o)h(elemen)m(ts)f Fs(d)2465 3862 y Fn(1)2542 3847
y Fu(and)g Fs(d)2796 3862 y Fn(2)2872 3847 y Fu(then)h(w)m(e)g(shall)e
(exp)s(ect)283 3967 y(that)31 b(a)g(similar)c(relationship)i(holds)i(b)
s(et)m(w)m(een)i(the)e(results.)43 b(That)31 b(is)g(w)m(e)g(shall)f
(exp)s(ect)i(that)283 4088 y Fs(f)55 b(d)428 4103 y Fn(1)502
4088 y Ft(v)579 4051 y Fi(0)637 4088 y Fs(f)g(d)782 4103
y Fn(2)855 4088 y Fu(and)34 b(when)h(this)f(is)g(the)g(case)h(w)m(e)g
(sa)m(y)g(that)f Fs(f)55 b Fu(is)33 b Fs(monotone)p Fu(.)47
b(F)-8 b(ormally)g(,)31 b Fs(f)55 b Fu(is)283 4208 y(monotone)32
b(if)g(and)g(only)g(if)527 4402 y Fs(d)587 4417 y Fn(1)659
4402 y Ft(v)h Fs(d)829 4417 y Fn(2)902 4402 y Fu(implies)d
Fs(f)53 b(d)1376 4417 y Fn(1)1448 4402 y Ft(v)1526 4366
y Fi(0)1581 4402 y Fs(f)h(d)1725 4417 y Fn(2)283 4596
y Fu(for)32 b(all)f(c)m(hoices)i(of)g Fs(d)1068 4611
y Fn(1)1140 4596 y Fu(and)f Fs(d)1389 4611 y Fn(2)1429
4596 y Fu(.)283 4812 y Fw(Example)37 b(4.26)49 b Fu(Consider)24
b(the)h(ccp)s(o's)g(\()p Ft(P)8 b Fu(\()p Ft(f)p Fu(a,b,c)p
Ft(g)p Fu(\),)26 b Ft(\022)p Fu(\))e(and)h(\()p Ft(P)8
b Fu(\()p Ft(f)p Fu(d,e)p Ft(g)p Fu(\),)26 b Ft(\022)p
Fu(\).)41 b(The)25 b(func-)283 4932 y(tion)32 b Fs(f)535
4947 y Fn(1)574 4932 y Fu(:)44 b Ft(P)8 b Fu(\()p Ft(f)p
Fu(a,b,c)p Ft(g)p Fu(\))33 b Ft(!)f(P)8 b Fu(\()p Ft(f)p
Fu(d,e)p Ft(g)p Fu(\))33 b(de\014ned)h(b)m(y)g(the)f(table)639
5205 y Fs(X)p 869 5288 4 249 v 209 w Ft(f)p Fu(a,b,c)p
Ft(g)100 b(f)p Fu(a,b)p Ft(g)i(f)p Fu(a,c)p Ft(g)g(f)p
Fu(b,c)p Ft(g)h(f)p Fu(a)p Ft(g)f(f)p Fu(b)p Ft(g)d(f)p
Fu(c)p Ft(g)h(;)p 527 5291 2620 4 v 577 5457 a Fs(f)628
5472 y Fn(1)700 5457 y Fs(X)p 869 5528 4 237 v 186 w
Ft(f)p Fu(d,e)p Ft(g)176 b(f)p Fu(d)p Ft(g)137 b(f)p
Fu(d,e)p Ft(g)100 b(f)p Fu(d,e)p Ft(g)g(f)p Fu(d)p Ft(g)g(f)p
Fu(d)p Ft(g)f(f)p Fu(e)p Ft(g)h(;)p eop
%%Page: 101 111
101 110 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127
b(101)p 0 193 3473 4 v 0 515 a Fu(is)32 b(monotone:)43
b(it)31 b(simply)h(c)m(hanges)h(a's)g(and)g(b's)g(to)g(d's)g(and)g(c's)
g(to)f(e's.)146 636 y(The)i(function)e Fs(f)780 651 y
Fn(2)819 636 y Fu(:)44 b Ft(P)8 b Fu(\()p Ft(f)p Fu(a,b,c)p
Ft(g)p Fu(\))33 b Ft(!)f(P)8 b Fu(\()p Ft(f)p Fu(d,e)p
Ft(g)p Fu(\))33 b(de\014ned)h(b)m(y)g(the)f(table)355
917 y Fs(X)p 585 1001 4 249 v 210 w Ft(f)p Fu(a,b,c)p
Ft(g)100 b(f)p Fu(a,b)p Ft(g)f(f)p Fu(a,c)p Ft(g)g(f)p
Fu(b,c)p Ft(g)k(f)p Fu(a)p Ft(g)f(f)p Fu(b)p Ft(g)d(f)p
Fu(c)p Ft(g)146 b(;)p 244 1004 2707 4 v 294 1169 a Fs(f)345
1184 y Fn(2)417 1169 y Fs(X)p 585 1240 4 237 v 221 w
Ft(f)p Fu(d)p Ft(g)211 b(f)p Fu(d)p Ft(g)170 b(f)p Fu(d)p
Ft(g)i(f)p Fu(e)p Ft(g)140 b(f)p Fu(d)p Ft(g)105 b(f)p
Fu(e)p Ft(g)g(f)p Fu(e)p Ft(g)100 b(f)p Fu(e)p Ft(g)0
1406 y Fu(is)36 b Fs(not)46 b Fu(monotone)36 b(b)s(ecause)j
Ft(f)p Fu(b,c)p Ft(g)d(\022)i(f)p Fu(a,b,c)p Ft(g)e Fu(but)h
Fs(f)2050 1421 y Fn(2)2127 1406 y Ft(f)p Fu(b,c)p Ft(g)f(6\022)i
Fs(f)2553 1421 y Fn(2)2629 1406 y Ft(f)p Fu(a,b,c)p Ft(g)p
Fu(.)56 b(In)m(tuitiv)m(ely)-8 b(,)0 1527 y(all)36 b(sets)j(that)f(con)
m(tain)g(an)g(a)g(are)g(mapp)s(ed)g(to)g Ft(f)p Fu(d)p
Ft(g)g Fu(whereas)h(the)g(others)g(are)f(mapp)s(ed)g(to)0
1647 y Ft(f)p Fu(e)p Ft(g)43 b Fu(and)h(since)g(the)g(elemen)m(ts)g
Ft(f)p Fu(d)p Ft(g)f Fu(and)g Ft(f)p Fu(e)p Ft(g)h Fu(are)f
(incomparable)f(this)h(do)s(es)h(not)f(giv)m(e)h(a)0
1767 y(monotone)32 b(function.)42 b(Ho)m(w)m(ev)m(er,)35
b(if)c(w)m(e)j(c)m(hange)f(the)g(de\014nition)e(suc)m(h)j(that)e(sets)h
(with)f(an)h(a)0 1888 y(are)e(mapp)s(ed)g(to)g Ft(f)p
Fu(d)p Ft(g)f Fu(and)i(all)c(other)k(sets)g(to)f Ft(;)f
Fu(then)i(the)g(function)e(will)f(b)s(e)i(monotone.)75
b Fh(2)0 2116 y Fw(Exercise)36 b(4.27)49 b Fu(Consider)37
b(the)g(ccp)s(o)g(\()p Ft(P)9 b Fu(\()p Fw(N)p Fu(\),)36
b Ft(\022)p Fu(\).)55 b(Determine)36 b(whic)m(h)h(of)f(the)h(follo)m
(wing)0 2237 y(functions)c(in)e Ft(P)9 b Fu(\()p Fw(N)p
Fu(\))32 b Ft(!)g(P)8 b Fu(\()p Fw(N)p Fu(\))33 b(are)f(monotone:)145
2440 y Ft(\017)49 b Fs(f)295 2455 y Fn(1)367 2440 y Fs(X)f
Fu(=)33 b Fw(N)f Ft(n)g Fs(X)145 2643 y Ft(\017)49 b
Fs(f)295 2658 y Fn(2)367 2643 y Fs(X)f Fu(=)33 b Fs(X)49
b Ft([)32 b(f)p Fw(27)p Ft(g)145 2847 y(\017)49 b Fs(f)295
2862 y Fn(3)367 2847 y Fs(X)f Fu(=)33 b Fs(X)49 b Ft(\\)32
b(f)p Fw(7)p Fu(,)h Fw(9)p Fu(,)g Fw(13)p Ft(g)145 3050
y(\017)49 b Fs(f)295 3065 y Fn(4)367 3050 y Fs(X)f Fu(=)33
b Ft(f)f Fs(n)40 b Ft(2)33 b Fs(X)49 b Ft(j)32 b Fs(n)40
b Fu(is)32 b(a)g(prime)f Ft(g)145 3254 y(\017)49 b Fs(f)295
3269 y Fn(5)367 3254 y Fs(X)f Fu(=)33 b Ft(f)f Fw(2)h
Fo(?)f Fs(n)40 b Ft(j)32 b Fs(n)40 b Ft(2)33 b Fs(X)48
b Ft(g)2031 b Fh(2)0 3482 y Fw(Exercise)36 b(4.28)49
b Fu(Determine)32 b(whic)m(h)h(of)f(the)h(follo)m(wing)d(functionals)h
(of)244 3685 y(\()p Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(\))g Ft(!)f Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)33
b Fw(State)p Fu(\))0 3889 y(are)g(monotone:)145 4092
y Ft(\017)49 b Fs(F)321 4107 y Fn(0)393 4092 y Fs(g)41
b Fu(=)32 b Fs(g)145 4377 y Ft(\017)49 b Fs(F)321 4392
y Fn(1)393 4377 y Fs(g)41 b Fu(=)587 4203 y Fg(8)587
4277 y(<)587 4427 y(:)703 4292 y Fs(g)757 4307 y Fn(1)879
4292 y Fu(if)31 b Fs(g)41 b Fu(=)33 b Fs(g)1217 4307
y Fn(2)703 4460 y Fs(g)757 4475 y Fn(2)879 4460 y Fu(otherwise)1494
4377 y(where)h Fs(g)1830 4392 y Fn(1)1902 4377 y Ft(6)p
Fu(=)e Fs(g)2064 4392 y Fn(2)145 4767 y Ft(\017)49 b
Fu(\()p Fs(F)359 4731 y Fi(0)415 4767 y Fs(g)9 b Fu(\))32
b Fs(s)40 b Fu(=)728 4593 y Fg(8)728 4668 y(<)728 4817
y(:)843 4683 y Fs(g)h(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33
b Ft(6)p Fu(=)f Fw(0)843 4850 y Fs(s)177 b Fu(if)32 b
Fs(s)40 b Fr(x)33 b Fu(=)f Fw(0)3398 4767 y Fh(2)146
5077 y Fu(The)d(monotone)d(functions)i(ha)m(v)m(e)g(a)f(couple)h(of)f
(in)m(teresting)g(prop)s(erties.)41 b(First)27 b(w)m(e)h(pro)m(v)m(e)0
5198 y(that)k(the)h(comp)s(osition)e(of)h(t)m(w)m(o)h(monotone)f
(functions)g(is)g(a)h(monotone)e(function.)p eop
%%Page: 102 112
102 111 bop 251 130 a Fw(102)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 515 3473 5 v 283
689 a(F)-9 b(act)38 b(4.29)49 b Fu(Let)e(\()p Fs(D)9
b Fu(,)47 b Ft(v)p Fu(\),)k(\()p Fs(D)1476 653 y Fi(0)1499
689 y Fu(,)g Ft(v)1654 653 y Fi(0)1677 689 y Fu(\))c(and)g(\()p
Fs(D)2087 653 y Fi(00)2130 689 y Fu(,)j Ft(v)2285 653
y Fi(00)2327 689 y Fu(\))d(b)s(e)g(ccp)s(o's)h(and)f(let)f
Fs(f)21 b Fu(:)72 b Fs(D)56 b Ft(!)47 b Fs(D)3733 653
y Fi(0)283 809 y Fu(and)42 b Fs(f)533 773 y Fi(0)557
809 y Fu(:)h Fs(D)710 773 y Fi(0)766 809 y Ft(!)32 b
Fs(D)981 773 y Fi(00)1065 809 y Fu(b)s(e)42 b(monotone)f(functions.)71
b(Then)43 b Fs(f)2467 773 y Fi(0)2522 809 y Ft(\016)33
b Fs(f)21 b Fu(:)43 b Fs(D)f Ft(!)32 b Fs(D)3057 773
y Fi(00)3141 809 y Fu(is)41 b(a)h(monotone)283 930 y(function.)p
283 1050 V 283 1253 a Fw(Pro)s(of:)33 b Fu(Assume)d(that)f
Fs(d)1245 1268 y Fn(1)1313 1253 y Ft(v)g Fs(d)1479 1268
y Fn(2)1519 1253 y Fu(.)42 b(The)30 b(monotonicit)m(y)d(of)h
Fs(f)50 b Fu(giv)m(es)29 b(that)g Fs(f)50 b(d)3142 1268
y Fn(1)3210 1253 y Ft(v)3287 1217 y Fi(0)3339 1253 y
Fs(f)g(d)3479 1268 y Fn(2)3519 1253 y Fu(.)42 b(The)283
1373 y(monotonicit)m(y)31 b(of)h Fs(f)1036 1337 y Fi(0)1092
1373 y Fu(then)h(giv)m(es)g Fs(f)1604 1337 y Fi(0)1660
1373 y Fu(\()p Fs(f)53 b(d)1841 1388 y Fn(1)1881 1373
y Fu(\))32 b Ft(v)2029 1337 y Fi(00)2104 1373 y Fs(f)2155
1337 y Fi(0)2211 1373 y Fu(\()p Fs(f)53 b(d)2392 1388
y Fn(2)2431 1373 y Fu(\))33 b(as)g(required.)683 b Fh(2)430
1576 y Fu(Next)33 b(w)m(e)g(pro)m(v)m(e)h(that)e(the)h(image)e(of)h(a)g
(c)m(hain)g(under)h(a)g(monotone)e(function)h(is)g(itself)f(a)283
1697 y(c)m(hain.)p 283 1817 V 283 1991 a Fw(Lemma)38
b(4.30)49 b Fu(Let)24 b(\()p Fs(D)9 b Fu(,)23 b Ft(v)q
Fu(\))h(and)g(\()p Fs(D)1708 1955 y Fi(0)1731 1991 y
Fu(,)h Ft(v)1861 1955 y Fi(0)1884 1991 y Fu(\))f(b)s(e)g(ccp)s(o's)h
(and)f(let)f Fs(f)e Fu(:)39 b Fs(D)33 b Ft(!)23 b Fs(D)3095
1955 y Fi(0)3142 1991 y Fu(b)s(e)h(a)g(monotone)283 2111
y(function.)42 b(If)30 b Fs(Y)49 b Fu(is)29 b(a)h(c)m(hain)f(in)g
Fs(D)39 b Fu(then)30 b Ft(f)f Fs(f)51 b(d)39 b Ft(j)30
b Fs(d)39 b Ft(2)30 b Fs(Y)49 b Ft(g)30 b Fu(is)f(a)g(c)m(hain)h(in)f
Fs(D)3104 2075 y Fi(0)3127 2111 y Fu(.)42 b(F)-8 b(urthermore,)552
2212 y Fg(F)621 2243 y Fi(0)645 2279 y Ft(f)32 b Fs(f)53
b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)33 b Fs(Y)52 b Ft(g)32
b(v)1439 2243 y Fi(0)1495 2279 y Fs(f)21 b Fu(\()1584
2212 y Fg(F)1653 2279 y Fs(Y)e Fu(\))p 283 2399 V 283
2602 a Fw(Pro)s(of:)42 b Fu(If)37 b Fs(Y)56 b Fu(=)36
b Ft(;)g Fu(then)h(the)g(result)f(holds)h(immediately)c(since)k
Ft(?)2868 2566 y Fi(0)2928 2602 y Ft(v)3005 2566 y Fi(0)3065
2602 y Fs(f)57 b Ft(?)q Fu(.)e(So)36 b(assume)283 2722
y(that)d Fs(Y)53 b Ft(6)p Fu(=)33 b Ft(;)p Fu(.)45 b(W)-8
b(e)34 b(shall)e(\014rst)h(pro)m(v)m(e)i(that)e Ft(f)g
Fs(f)54 b(d)43 b Ft(j)33 b Fs(d)43 b Ft(2)33 b Fs(Y)53
b Ft(g)33 b Fu(is)g(a)g(c)m(hain)g(in)f Fs(D)3283 2686
y Fi(0)3306 2722 y Fu(.)46 b(So)33 b(let)f Fs(d)3716
2686 y Fi(0)3716 2747 y Fn(1)283 2843 y Fu(and)37 b Fs(d)537
2806 y Fi(0)537 2867 y Fn(2)613 2843 y Fu(b)s(e)f(t)m(w)m(o)h(elemen)m
(ts)g(of)f Ft(f)g Fs(f)57 b(d)46 b Ft(j)36 b Fs(d)47
b Ft(2)36 b Fs(Y)56 b Ft(g)p Fu(.)f(Then)37 b(there)g(are)f(elemen)m
(ts)h Fs(d)3387 2858 y Fn(1)3463 2843 y Fu(and)f Fs(d)3716
2858 y Fn(2)283 2963 y Fu(in)d Fs(Y)54 b Fu(suc)m(h)35
b(that)e Fs(d)1017 2927 y Fi(0)1017 2988 y Fn(1)1090
2963 y Fu(=)h Fs(f)54 b(d)1344 2978 y Fn(1)1417 2963
y Fu(and)34 b Fs(d)1668 2927 y Fi(0)1668 2988 y Fn(2)1741
2963 y Fu(=)f Fs(f)55 b(d)1995 2978 y Fn(2)2035 2963
y Fu(.)46 b(Since)34 b Fs(Y)53 b Fu(is)33 b(a)h(c)m(hain)f(w)m(e)i(ha)m
(v)m(e)g(that)e(either)283 3083 y Fs(d)343 3098 y Fn(1)416
3083 y Ft(v)g Fs(d)586 3098 y Fn(2)660 3083 y Fu(or)i
Fs(d)842 3098 y Fn(2)917 3083 y Ft(v)g Fs(d)1089 3098
y Fn(1)1129 3083 y Fu(.)51 b(In)35 b(either)g(case)h(w)m(e)g(get)g
(that)f(the)g(same)g(order)g(holds)g(b)s(et)m(w)m(een)i
Fs(d)3716 3047 y Fi(0)3716 3108 y Fn(1)283 3204 y Fu(and)g
Fs(d)537 3168 y Fi(0)537 3228 y Fn(2)613 3204 y Fu(b)s(ecause)h(of)e
(the)h(monotonicit)m(y)e(of)h Fs(f)21 b Fu(.)56 b(This)36
b(pro)m(v)m(es)j(that)d Ft(f)g Fs(f)58 b(d)47 b Ft(j)36
b Fs(d)47 b Ft(2)36 b Fs(Y)57 b Ft(g)36 b Fu(is)g(a)283
3324 y(c)m(hain.)430 3444 y(T)-8 b(o)46 b(pro)m(v)m(e)g(the)h(second)g
(part)e(of)g(the)h(lemma)e(consider)i(an)f(arbitrary)g(elemen)m(t)h
Fs(d)55 b Fu(of)283 3565 y Fs(Y)20 b Fu(.)48 b(Then)g(it)f(will)e(b)s
(e)j(the)g(case)g(that)g Fs(d)57 b Ft(v)2042 3498 y Fg(F)2111
3565 y Fs(Y)20 b Fu(.)48 b(The)g(monotonicit)m(y)e(of)h
Fs(f)68 b Fu(giv)m(es)48 b(that)283 3685 y Fs(f)54 b(d)43
b Ft(v)537 3649 y Fi(0)593 3685 y Fs(f)21 b Fu(\()682
3619 y Fg(F)751 3685 y Fs(Y)f Fu(\).)76 b(Since)44 b(this)f(holds)g
(for)g(all)e Fs(d)54 b Ft(2)44 b Fs(Y)63 b Fu(w)m(e)45
b(get)e(that)h Fs(f)21 b Fu(\()3012 3619 y Fg(F)3081
3685 y Fs(Y)e Fu(\))44 b(is)f(an)g(upp)s(er)283 3806
y(b)s(ound)33 b(on)g Ft(f)f Fs(f)53 b(d)43 b Ft(j)32
b Fs(d)43 b Ft(2)p Fs(Y)53 b Ft(g)o Fu(,)33 b(that)f(is)1740
3739 y Fg(F)1810 3769 y Fi(0)1865 3806 y Ft(f)h Fs(f)53
b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33
b(v)2627 3769 y Fi(0)2683 3806 y Fs(f)21 b Fu(\()2772
3739 y Fg(F)2841 3806 y Fs(Y)f Fu(\).)683 b Fh(2)430
4009 y Fu(In)40 b(general)f(w)m(e)i(cannot)f(exp)s(ect)h(that)e(a)g
(monotone)g(function)h(preserv)m(es)i(least)d(upp)s(er)283
4129 y(b)s(ounds)d(on)f(c)m(hains,)g(that)g(is)1402 4063
y Fg(F)1471 4093 y Fi(0)1529 4129 y Ft(f)g Fs(f)55 b(d)45
b Ft(j)35 b Fs(d)44 b Ft(2)q Fs(Y)54 b Ft(g)35 b Fu(=)f
Fs(f)21 b Fu(\()2428 4063 y Fg(F)2497 4129 y Fs(Y)f Fu(\).)35
b(This)g(is)f(illustrated)f(b)m(y)i(the)283 4250 y(follo)m(wing)30
b(example:)283 4477 y Fw(Example)37 b(4.31)49 b Fu(F)-8
b(rom)29 b(Example)i(4.23)f(w)m(e)i(get)f(that)f(\()p
Ft(P)9 b Fu(\()p Fw(N)30 b Ft([)h(f)p Fu(a)p Ft(g)p Fu(\),)g
Ft(\022)p Fu(\))g(is)f(a)h(ccp)s(o.)43 b(No)m(w)283 4597
y(consider)33 b(the)g(function)f Fs(f)21 b Fu(:)44 b
Ft(P)8 b Fu(\()p Fw(N)32 b Ft([)h(f)p Fu(a)p Ft(g)p Fu(\))f
Ft(!)g(P)9 b Fu(\()p Fw(N)32 b Ft([)h(f)p Fu(a)p Ft(g)p
Fu(\))f(de\014ned)i(b)m(y)527 4887 y Fs(f)54 b(X)48 b
Fu(=)840 4713 y Fg(8)840 4788 y(<)840 4937 y(:)955 4803
y Fs(X)379 b Fu(if)32 b Fs(X)48 b Fu(is)32 b(\014nite)955
4970 y Fs(X)49 b Ft([)33 b(f)p Fu(a)p Ft(g)82 b Fu(if)32
b Fs(X)48 b Fu(is)32 b(in\014nite)283 5171 y(Clearly)-8
b(,)34 b Fs(f)54 b Fu(is)33 b(a)h(monotone)e(function:)46
b(if)32 b Fs(X)1960 5186 y Fn(1)2033 5171 y Ft(\022)i
Fs(X)2232 5186 y Fn(2)2306 5171 y Fu(then)g(also)f Fs(f)54
b(X)2898 5186 y Fn(1)2971 5171 y Ft(\022)35 b Fs(f)54
b(X)3255 5186 y Fn(2)3295 5171 y Fu(.)46 b(Ho)m(w)m(ev)m(er,)283
5292 y Fs(f)54 b Fu(do)s(es)33 b(not)f(preserv)m(e)i(the)f(least)f(upp)
s(er)h(b)s(ounds)g(of)f(c)m(hains.)44 b(T)-8 b(o)32 b(see)i(this)e
(consider)g(the)h(set)527 5494 y Fs(Y)53 b Fu(=)32 b
Ft(f)g(f)p Fu(0,1,)p Ft(\001)17 b(\001)g(\001)n Fu(,n)p
Ft(g)33 b(j)f Fu(n)p Ft(\025)q Fu(0)g Ft(g)p eop
%%Page: 103 113
103 112 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127
b(103)p 0 193 3473 4 v 0 515 a Fu(It)25 b(consists)h(of)f(the)g(elemen)
m(ts)h Ft(f)p Fu(0)p Ft(g)p Fu(,)g Ft(f)p Fu(0,1)p Ft(g)p
Fu(,)g Ft(f)p Fu(0,1,2)p Ft(g)p Fu(,)f Ft(\001)17 b(\001)g(\001)24
b Fu(and)h(it)f(is)h(straigh)m(tforw)m(ard)f(to)h(v)m(erify)0
636 y(that)40 b(it)f(is)h(a)g(c)m(hain)g(with)g Fw(N)g
Fu(as)g(its)g(least)f(upp)s(er)i(b)s(ound,)i(that)d(is)2597
569 y Fg(F)2666 636 y Fs(Y)60 b Fu(=)40 b Fw(N)p Fu(.)g(When)h(w)m(e)0
756 y(apply)32 b Fs(f)54 b Fu(to)32 b(the)h(elemen)m(ts)g(of)f
Fs(Y)52 b Fu(w)m(e)34 b(get)244 897 y Fg(F)346 963 y
Ft(f)e Fs(f)53 b(X)c Ft(j)32 b Fs(X)49 b Ft(2)33 b Fs(Y)52
b Ft(g)32 b Fu(=)1227 897 y Fg(F)1296 963 y Fs(Y)52 b
Fu(=)33 b Fw(N)0 1171 y Fu(Ho)m(w)m(ev)m(er,)i(w)m(e)f(also)d(ha)m(v)m
(e)244 1378 y Fs(f)53 b Fu(\()365 1312 y Fg(F)434 1378
y Fs(Y)20 b Fu(\))33 b(=)f Fs(f)53 b Fw(N)33 b Fu(=)f
Fw(N)g Ft([)h(f)p Fu(a)p Ft(g)0 1585 y Fu(sho)m(wing)g(that)f
Fs(f)54 b Fu(do)s(es)33 b(not)f(preserv)m(e)j(the)e(least)f(upp)s(er)h
(b)s(ounds)g(of)g(c)m(hains.)542 b Fh(2)146 1819 y Fu(W)-8
b(e)31 b(shall)e(b)s(e)i(in)m(terested)h(in)e(functions)g(that)h
(preserv)m(e)h(least)f(upp)s(er)g(b)s(ounds)g(of)f(c)m(hains,)0
1939 y(that)i(is)g(functions)h Fs(f)53 b Fu(that)33 b(satisfy)244
2080 y Fg(F)313 2110 y Fi(0)336 2147 y Ft(f)g Fs(f)53
b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33
b Fu(=)f Fs(f)21 b Fu(\()1218 2080 y Fg(F)1287 2147 y
Fs(Y)f Fu(\))0 2354 y(In)m(tuitiv)m(ely)-8 b(,)54 b(this)c(means)g
(that)g(w)m(e)i(obtain)d(the)i(same)f(information)d(indep)s(enden)m
(tly)k(of)0 2474 y(whether)42 b(w)m(e)g(determine)f(the)g(least)g(upp)s
(er)h(b)s(ound)f(b)s(efore)g(or)f(after)h(applying)f(the)h(func-)0
2595 y(tion)32 b Fs(f)20 b Fu(.)146 2716 y(W)-8 b(e)31
b(shall)d(sa)m(y)j(that)f(a)f(function)h Fs(f)21 b Fu(:)42
b Fs(D)c Ft(!)30 b Fs(D)1815 2680 y Fi(0)1868 2716 y
Fu(de\014ned)h(on)f(ccp)s(o's)h(\()p Fs(D)9 b Fu(,)30
b Ft(v)p Fu(\))g(and)g(\()p Fs(D)3253 2680 y Fi(0)3276
2716 y Fu(,)h Ft(v)3411 2680 y Fi(0)3435 2716 y Fu(\))0
2836 y(is)h Fs(c)-5 b(ontinuous)32 b Fu(if)g(it)f(is)h(monotone)g(and)
244 2977 y Fg(F)313 3007 y Fi(0)336 3043 y Ft(f)h Fs(f)53
b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33
b Fu(=)f Fs(f)21 b Fu(\()1218 2977 y Fg(F)1287 3043 y
Fs(Y)f Fu(\))0 3251 y(holds)40 b(for)g(all)f Fs(non-empty)h
Fu(c)m(hains)h Fs(Y)19 b Fu(.)41 b(If)1622 3184 y Fg(F)1691
3251 y Ft(f)f Fs(f)62 b(d)50 b Ft(j)41 b Fs(d)50 b Ft(2)41
b Fs(Y)61 b Ft(g)40 b Fu(=)g Fs(f)21 b Fu(\()2677 3184
y Fg(F)2746 3251 y Fs(Y)f Fu(\))41 b(holds)f(for)g(the)0
3371 y(empt)m(y)33 b(c)m(hain,)g(that)f(is)g Ft(?)h Fu(=)f
Fs(f)54 b Ft(?)p Fu(,)33 b(then)g(w)m(e)h(shall)d(sa)m(y)i(that)g
Fs(f)53 b Fu(is)32 b Fs(strict)p Fu(.)0 3606 y Fw(Example)37
b(4.32)49 b Fu(The)37 b(function)g Fs(f)1353 3621 y Fn(1)1429
3606 y Fu(of)f(Example)g(4.26)h(is)f(also)g(con)m(tin)m(uous.)57
b(T)-8 b(o)37 b(see)h(this)0 3726 y(consider)31 b(a)g(non-empt)m(y)g(c)
m(hain)g Fs(Y)50 b Fu(of)31 b Ft(P)8 b Fu(\()p Ft(f)p
Fu(a,b,c)p Ft(g)p Fu(\).)43 b(The)32 b(least)f(upp)s(er)g(b)s(ound)g
(of)g Fs(Y)51 b Fu(will)28 b(b)s(e)0 3846 y(the)33 b(largest)f(elemen)m
(t,)g(sa)m(y)i Fs(X)1127 3861 y Fn(0)1167 3846 y Fu(,)e(of)g
Fs(Y)52 b Fu(\(see)34 b(Example)e(4.17\).)43 b(Therefore)34
b(w)m(e)f(ha)m(v)m(e)294 4051 y Fs(f)345 4066 y Fn(1)417
4051 y Fu(\()455 3984 y Fg(F)524 4051 y Fs(Y)19 b Fu(\))100
b(=)h Fs(f)981 4066 y Fn(1)1053 4051 y Fs(X)1141 4066
y Fn(0)1879 4051 y Fu(b)s(ecause)34 b Fs(X)2328 4066
y Fn(0)2400 4051 y Fu(=)2508 3984 y Fg(F)2577 4051 y
Fs(Y)753 4218 y Ft(\022)930 4152 y Fg(F)999 4218 y Ft(f)f
Fs(f)1132 4233 y Fn(1)1204 4218 y Fs(X)49 b Ft(j)32 b
Fs(X)49 b Ft(2)33 b Fs(Y)52 b Ft(g)100 b Fu(b)s(ecause)34
b Fs(X)2328 4233 y Fn(0)2400 4218 y Ft(2)f Fs(Y)0 4424
y Fu(Using)41 b(that)h Fs(f)555 4439 y Fn(1)636 4424
y Fu(is)f(monotone)g(w)m(e)i(get)f(from)e(Lemma)h(4.30)g(that)2559
4358 y Fg(F)2628 4424 y Ft(f)h Fs(f)2771 4439 y Fn(1)2852
4424 y Fs(X)58 b Ft(j)41 b Fs(X)58 b Ft(2)42 b Fs(Y)62
b Ft(g)0 4545 y(\022)36 b Fs(f)163 4560 y Fn(1)238 4545
y Fu(\()276 4478 y Fg(F)345 4545 y Fs(Y)20 b Fu(\).)35
b(It)g(follo)m(ws)f(that)h Fs(f)1233 4560 y Fn(1)1307
4545 y Fu(is)g(con)m(tin)m(uous.)52 b(Also,)35 b Fs(f)2243
4560 y Fn(1)2317 4545 y Fu(is)g(a)g(strict)f(function)h(b)s(ecause)0
4665 y Fs(f)51 4680 y Fn(1)123 4665 y Ft(;)d Fu(=)h Ft(;)o
Fu(.)146 4786 y(The)j(function)f Fs(f)56 b Fu(of)35 b(Example)f(4.31)h
(is)g Fs(not)44 b Fu(a)35 b(con)m(tin)m(uous)h(function)e(b)s(ecause)j
(there)f(is)0 4907 y(a)c(c)m(hain)h(for)f(whic)m(h)h(it)e(do)s(es)i
(not)g(preserv)m(e)i(the)e(least)f(upp)s(er)h(b)s(ound.)790
b Fh(2)0 5140 y Fw(Exercise)36 b(4.33)49 b Fu(Sho)m(w)34
b(that)e(the)h(functional)e Fs(F)1863 5104 y Fi(0)1919
5140 y Fu(of)h(Example)g(4.1)g(is)g(con)m(tin)m(uous.)226
b Fh(2)0 5374 y Fw(Exercise)36 b(4.34)49 b Fu(Assume)33
b(that)e(\()p Fs(D)9 b Fu(,)31 b Ft(v)q Fu(\))g(and)h(\()p
Fs(D)1898 5338 y Fi(0)1921 5374 y Fu(,)g Ft(v)2057 5338
y Fi(0)2081 5374 y Fu(\))f(are)h(ccp)s(o's)g(and)g(that)f
Fs(f)21 b Fu(:)43 b Fs(D)d Ft(!)31 b Fs(D)3449 5338 y
Fi(0)0 5494 y Fu(satis\014es)p eop
%%Page: 104 114
104 113 bop 251 130 a Fw(104)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 449 a Fg(F)597
479 y Fi(0)620 515 y Ft(f)c Fs(f)54 b(d)42 b Ft(j)32
b Fs(d)43 b Ft(2)q Fs(Y)52 b Ft(g)32 b Fu(=)g Fs(f)21
b Fu(\()1501 449 y Fg(F)1570 515 y Fs(Y)f Fu(\))283 721
y(for)32 b(all)f Fs(non-empty)h Fu(c)m(hains)h Fs(Y)52
b Fu(of)32 b Fs(D)9 b Fu(.)33 b(Sho)m(w)g(that)f Fs(f)54
b Fu(is)32 b(monotone.)863 b Fh(2)430 953 y Fu(W)-8 b(e)33
b(can)h(extend)h(the)e(result)g(of)g(Lemma)f(4.29)h(to)g(sho)m(w)h
(that)f(the)h(comp)s(osition)c(of)j(t)m(w)m(o)283 1074
y(con)m(tin)m(uous)h(functions)e(will)f(also)g(b)s(e)i(con)m(tin)m
(uous:)p 283 1195 3473 5 v 283 1372 a Fw(Lemma)38 b(4.35)49
b Fu(Let)38 b(\()p Fs(D)9 b Fu(,)38 b Ft(v)p Fu(\),)h(\()p
Fs(D)1597 1336 y Fi(0)1621 1372 y Fu(,)g Ft(v)1764 1336
y Fi(0)1788 1372 y Fu(\))e(and)i(\()p Fs(D)2180 1336
y Fi(00)2222 1372 y Fu(,)g Ft(v)2366 1336 y Fi(00)2408
1372 y Fu(\))f(b)s(e)g(ccp)s(o's)h(and)f(let)f Fs(f)21
b Fu(:)54 b Fs(D)47 b Ft(!)38 b Fs(D)3733 1336 y Fi(0)283
1493 y Fu(and)d Fs(f)526 1456 y Fi(0)550 1493 y Fu(:)43
b Fs(D)703 1456 y Fi(0)759 1493 y Ft(!)32 b Fs(D)974
1456 y Fi(00)1051 1493 y Fu(b)s(e)j(con)m(tin)m(uous)g(functions.)50
b(Then)36 b Fs(f)2449 1456 y Fi(0)2505 1493 y Ft(\016)c
Fs(f)21 b Fu(:)44 b Fs(D)d Ft(!)32 b Fs(D)3039 1456 y
Fi(00)3116 1493 y Fu(is)j(a)f(con)m(tin)m(uous)283 1613
y(function.)p 283 1733 V 283 1939 a Fw(Pro)s(of:)48 b
Fu(F)-8 b(rom)40 b(Lemma)h(4.29)g(w)m(e)h(get)g(that)g
Fs(f)2067 1903 y Fi(0)2132 1939 y Ft(\016)g Fs(f)62 b
Fu(is)42 b(monotone.)70 b(T)-8 b(o)41 b(pro)m(v)m(e)i(that)f(it)e(is)
283 2060 y(con)m(tin)m(uous)34 b(let)e Fs(Y)52 b Fu(b)s(e)33
b(a)f(non-empt)m(y)h(c)m(hain)f(in)g Fs(D)9 b Fu(.)33
b(The)g(con)m(tin)m(uit)m(y)g(of)f Fs(f)53 b Fu(giv)m(es)527
2199 y Fg(F)597 2230 y Fi(0)620 2266 y Ft(f)32 b Fs(f)54
b(d)42 b Ft(j)32 b Fs(d)43 b Ft(2)33 b Fs(Y)52 b Ft(g)33
b Fu(=)f Fs(f)53 b Fu(\()1566 2199 y Fg(F)1636 2266 y
Fs(Y)19 b Fu(\))283 2472 y(Since)36 b Ft(f)e Fs(f)56
b(d)46 b Ft(j)34 b Fs(d)45 b Ft(2)36 b Fs(Y)54 b Ft(g)35
b Fu(is)g(a)g(\(non-empt)m(y\))g(c)m(hain)g(in)f Fs(D)2487
2436 y Fi(0)2545 2472 y Fu(w)m(e)i(can)g(use)g(the)f(con)m(tin)m(uit)m
(y)g(of)283 2592 y Fs(f)334 2556 y Fi(0)390 2592 y Fu(and)e(get)527
2732 y Fg(F)597 2762 y Fi(00)639 2798 y Ft(f)f Fs(f)772
2762 y Fi(0)828 2798 y Fs(d)888 2762 y Fi(0)944 2798
y Ft(j)g Fs(d)1064 2762 y Fi(0)1120 2798 y Ft(2)h(f)f
Fs(f)54 b(d)42 b Ft(j)33 b Fs(d)42 b Ft(2)33 b Fs(Y)52
b Ft(g)33 b(g)f Fu(=)h Fs(f)2177 2762 y Fi(0)2233 2798
y Fu(\()2271 2732 y Fg(F)2340 2762 y Fi(0)2364 2798 y
Ft(f)f Fs(f)53 b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)33 b
Fs(Y)52 b Ft(g)p Fu(\))283 3004 y(whic)m(h)34 b(is)e(equiv)-5
b(alen)m(t)32 b(to)527 3144 y Fg(F)597 3174 y Fi(00)639
3210 y Ft(f)g Fs(f)772 3174 y Fi(0)828 3210 y Fu(\()p
Fs(f)53 b(d)10 b Fu(\))33 b Ft(j)f Fs(d)43 b Ft(2)33
b Fs(Y)52 b Ft(g)32 b Fu(=)h Fs(f)1698 3174 y Fi(0)1753
3210 y Fu(\()p Fs(f)54 b Fu(\()1913 3144 y Fg(F)1982
3210 y Fs(Y)20 b Fu(\)\))283 3416 y(This)33 b(pro)m(v)m(es)i(the)e
(result.)2439 b Fh(2)283 3732 y Fw(Exercise)37 b(4.36)49
b Fu(Pro)m(v)m(e)34 b(that)e(if)g Fs(f)53 b Fu(and)33
b Fs(f)1875 3696 y Fi(0)1930 3732 y Fu(are)g(strict)f(functions)h(then)
g(so)g(is)f Fs(f)3260 3696 y Fi(0)3316 3732 y Ft(\016)g
Fs(f)21 b Fu(.)205 b Fh(2)430 3964 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g
(de\014ne)h(the)f(required)g(\014xed)g(p)s(oin)m(t)f(op)s(erator)g
(FIX:)p 283 4085 V 283 4262 a Fw(Theorem)38 b(4.37)49
b Fu(Let)29 b Fs(f)21 b Fu(:)42 b Fs(D)d Ft(!)29 b Fs(D)38
b Fu(b)s(e)30 b(a)f(con)m(tin)m(uous)h(function)g(on)f(the)h(ccp)s(o)g
(\()p Fs(D)9 b Fu(,)29 b Ft(v)q Fu(\))g(with)283 4382
y(least)k(elemen)m(t)f Ft(?)q Fu(.)43 b(Then)527 4588
y(FIX)33 b Fs(f)53 b Fu(=)924 4522 y Fg(F)993 4588 y
Ft(f)32 b Fs(f)1126 4552 y Fn(n)1202 4588 y Ft(?)h(j)f
Fu(n)p Ft(\025)q Fu(0)g Ft(g)283 4794 y Fu(de\014nes)j(an)d(elemen)m(t)
h(of)f Fs(D)41 b Fu(and)33 b(this)f(elemen)m(t)h(is)f(the)h(least)f
(\014xed)i(p)s(oin)m(t)d(of)h Fs(f)21 b Fu(.)p 283 4915
V 283 5121 a(Here)34 b(w)m(e)f(ha)m(v)m(e)h(used)g(that)527
5327 y Fs(f)578 5291 y Fn(0)650 5327 y Fu(=)f(id,)f(and)527
5494 y Fs(f)578 5458 y Fn(n+1)744 5494 y Fu(=)h Fs(f)53
b Ft(\016)32 b Fs(f)1069 5458 y Fn(n)1145 5494 y Fu(for)g(n)p
Ft(\025)q Fu(0)p eop
%%Page: 105 115
105 114 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127
b(105)p 0 193 3473 4 v 0 515 a(Pro)s(of:)33 b Fu(W)-8
b(e)28 b(\014rst)h(sho)m(w)h(the)f Fs(wel)5 b(l-de\014ne)-5
b(dness)34 b Fu(of)28 b(FIX)g Fs(f)21 b Fu(.)42 b(Note)29
b(that)f Fs(f)2724 479 y Fn(0)2792 515 y Ft(?)h Fu(=)f
Ft(?)h Fu(and)g(that)0 636 y Ft(?)k(v)g Fs(d)43 b Fu(for)32
b(all)e Fs(d)43 b Ft(2)33 b Fs(D)9 b Fu(.)32 b(By)h(induction)f(on)h(n)
f(one)h(ma)m(y)f(sho)m(w)i(that)244 801 y Fs(f)295 765
y Fn(n)371 801 y Ft(?)f(v)g Fs(f)642 765 y Fn(n)717 801
y Fs(d)0 966 y Fu(for)i(all)f Fs(d)46 b Ft(2)36 b Fs(D)45
b Fu(since)36 b Fs(f)56 b Fu(is)36 b(monotone.)52 b(It)36
b(follo)m(ws)e(that)i Fs(f)2233 930 y Fn(n)2312 966 y
Ft(?)g(v)g Fs(f)2589 930 y Fn(m)2688 966 y Ft(?)g Fu(whenev)m(er)i(n)p
Ft(\024)q Fu(m.)0 1086 y(Hence)33 b Ft(f)f Fs(f)422 1050
y Fn(n)497 1086 y Ft(?)h(j)e Fu(n)p Ft(\025)q Fu(0)h
Ft(g)g Fu(is)f(a)h(\(non-empt)m(y\))g(c)m(hain)g(in)f
Fs(D)41 b Fu(and)32 b(FIX)g Fs(f)53 b Fu(exists)33 b(b)s(ecause)g
Fs(D)41 b Fu(is)0 1207 y(a)32 b(ccp)s(o.)146 1327 y(W)-8
b(e)44 b(next)f(sho)m(w)h(that)f(FIX)g Fs(f)63 b Fu(is)43
b(a)f Fs(\014xe)-5 b(d)44 b(p)-5 b(oint)p Fu(,)45 b(that)d(is)h
Fs(f)63 b Fu(\(FIX)43 b Fs(f)21 b Fu(\))43 b(=)f(FIX)33
b Fs(f)21 b Fu(.)74 b(W)-8 b(e)0 1448 y(calculate:)294
1585 y Fs(f)53 b Fu(\(FIX)33 b Fs(f)20 b Fu(\))100 b(=)g
Fs(f)53 b Fu(\()1105 1518 y Fg(F)1174 1585 y Ft(f)32
b Fs(f)1307 1549 y Fn(n)1383 1585 y Ft(?)h(j)f Fu(n)p
Ft(\025)q Fu(0)g Ft(g)p Fu(\))325 b(\(de\014nition)31
b(of)h(FIX)h Fs(f)21 b Fu(\))808 1752 y(=)984 1686 y
Fg(F)1053 1752 y Ft(f)32 b Fs(f)21 b Fu(\()p Fs(f)1275
1716 y Fn(n)1351 1752 y Ft(?)p Fu(\))33 b Ft(j)f Fu(n)p
Ft(\025)q Fu(0)g Ft(g)357 b Fu(\(con)m(tin)m(uit)m(y)32
b(of)h Fs(f)21 b Fu(\))808 1920 y(=)984 1854 y Fg(F)1053
1920 y Ft(f)32 b Fs(f)1186 1884 y Fn(n)1262 1920 y Ft(?)h(j)f
Fu(n)p Ft(\025)q Fu(1)g Ft(g)808 2088 y Fu(=)984 2021
y Fg(F)1053 2088 y Fu(\()p Ft(f)g Fs(f)1224 2052 y Fn(n)1300
2088 y Ft(?)h(j)f Fu(n)p Ft(\025)q Fu(1)g Ft(g)g([)h(f?)q(g)p
Fu(\))99 b(\()2217 2021 y Fg(F)2286 2088 y Fu(\()p Fs(Y)52
b Ft([)33 b(f?g)p Fu(\))g(=)2903 2021 y Fg(F)2972 2088
y Fs(Y)2179 2255 y Fu(for)f(all)e(c)m(hains)j Fs(Y)20
b Fu(\))808 2423 y(=)984 2357 y Fg(F)1053 2423 y Ft(f)32
b Fs(f)1186 2387 y Fn(n)1262 2423 y Ft(?)h(j)f Fu(n)p
Ft(\025)q Fu(0)g Ft(g)484 b Fu(\()p Fs(f)2268 2387 y
Fn(0)2340 2423 y Ft(?)33 b Fu(=)f Ft(?)q Fu(\))808 2591
y(=)100 b(FIX)32 b Fs(f)961 b Fu(\(de\014nition)31 b(of)h(FIX)h
Fs(f)21 b Fu(\))146 2749 y(T)-8 b(o)39 b(see)h(that)e(FIX)h
Fs(f)60 b Fu(is)38 b(the)h Fs(le)-5 b(ast)48 b Fu(\014xed)40
b(p)s(oin)m(t)e(assume)h(that)g Fs(d)49 b Fu(is)38 b(some)g(other)h
(\014xed)0 2869 y(p)s(oin)m(t.)i(Clearly)28 b Ft(?)h(v)g
Fs(d)39 b Fu(so)29 b(the)g(monotonicit)m(y)e(of)h Fs(f)50
b Fu(giv)m(es)29 b Fs(f)2267 2833 y Fn(n)2339 2869 y
Ft(?)g(v)g Fs(f)2602 2833 y Fn(n)2678 2869 y Fs(d)39
b Fu(for)28 b(n)p Ft(\025)q Fu(0)g(and)h(as)g Fs(d)0
2990 y Fu(w)m(as)34 b(a)f(\014xed)i(p)s(oin)m(t)d(w)m(e)j(obtain)d
Fs(f)1262 2953 y Fn(n)1339 2990 y Ft(?)h(v)h Fs(d)44
b Fu(for)33 b(all)e(n)p Ft(\025)q Fu(0.)45 b(Hence)35
b Fs(d)43 b Fu(is)33 b(an)g(upp)s(er)h(b)s(ound)g(of)0
3110 y(the)g(c)m(hain)g Ft(f)f Fs(f)561 3074 y Fn(n)637
3110 y Ft(?)g(j)g Fu(n)p Ft(\025)p Fu(0)f Ft(g)i Fu(and)g(using)g(that)
g(FIX)e Fs(f)55 b Fu(is)33 b(the)i(least)e(upp)s(er)i(b)s(ound)f(w)m(e)
h(ha)m(v)m(e)0 3230 y(FIX)d Fs(f)54 b Ft(v)33 b Fs(d)10
b Fu(.)2913 b Fh(2)0 3491 y Fw(Example)37 b(4.38)49 b
Fu(Consider)33 b(the)g(function)f Fs(F)1745 3455 y Fi(0)1800
3491 y Fu(of)g(Example)h(4.1:)244 3737 y(\()p Fs(F)359
3701 y Fi(0)415 3737 y Fs(g)9 b Fu(\))32 b Fs(s)40 b
Fu(=)728 3563 y Fg(8)728 3638 y(<)728 3787 y(:)843 3653
y Fs(g)h(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p
Fu(=)f Fw(0)843 3820 y Fs(s)177 b Fu(if)32 b Fs(s)40
b Fr(x)33 b Fu(=)f Fw(0)0 3984 y Fu(W)-8 b(e)32 b(shall)e(determine)i
(its)f(least)g(\014xed)i(p)s(oin)m(t)d(using)i(the)g(approac)m(h)g(of)f
(Theorem)h(4.37.)42 b(The)0 4105 y(least)32 b(elemen)m(t)h
Ft(?)g Fu(of)g Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)g
Fu(is)g(giv)m(en)f(b)m(y)i(Lemma)e(4.13)g(and)h(has)g
Ft(?)g Fs(s)41 b Fu(=)33 b(undef)p 3237 4118 236 4 v
0 4225 a(for)f(all)f Fs(s)8 b Fu(.)43 b(W)-8 b(e)33 b(then)g(determine)
f(the)h(elemen)m(ts)g(of)f(the)h(set)h Ft(f)e Fs(F)2406
4189 y Fi(0)p Fn(n)2501 4225 y Ft(?)h(j)f Fu(n)p Ft(\025)q
Fu(0)g Ft(g)h Fu(as)f(follo)m(ws:)294 4387 y(\()p Fs(F)409
4351 y Fi(0)p Fn(0)500 4387 y Ft(?)p Fu(\))h Fs(s)107
b Fu(=)100 b(\(id)32 b Ft(?)p Fu(\))h Fs(s)663 b Fu(\(de\014nition)32
b(of)g Fs(F)2634 4351 y Fi(0)p Fn(0)2725 4387 y Ft(?)p
Fu(\))795 4578 y(=)100 b(undef)p 971 4591 V 768 w(\(de\014nition)32
b(of)g(id)g(and)g Ft(?)q Fu(\))294 4770 y(\()p Fs(F)409
4733 y Fi(0)p Fn(1)500 4770 y Ft(?)p Fu(\))h Fs(s)107
b Fu(=)100 b(\()p Fs(F)1086 4733 y Fi(0)1142 4770 y Ft(?)p
Fu(\))33 b Fs(s)644 b Fu(\(de\014nition)32 b(of)g Fs(F)2634
4733 y Fi(0)p Fn(1)2725 4770 y Ft(?)p Fu(\))795 5051
y(=)971 4877 y Fg(8)971 4951 y(<)971 5101 y(:)1086 4966
y Ft(?)h Fs(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p
Fu(=)f Fw(0)1086 5134 y Fs(s)201 b Fu(if)32 b Fs(s)40
b Fr(x)33 b Fu(=)f Fw(0)1974 5051 y Fu(\(de\014nition)g(of)g
Fs(F)2634 5015 y Fi(0)2690 5051 y Ft(?)p Fu(\))795 5403
y(=)971 5229 y Fg(8)971 5304 y(<)971 5453 y(:)1086 5319
y Fu(undef)p 1086 5332 V 84 w(if)f Fs(s)41 b Fr(x)33
b Ft(6)p Fu(=)f Fw(0)1086 5486 y Fs(s)279 b Fu(if)31
b Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)1974 5403 y Fu(\(de\014nition)g(of)g
Ft(?)p Fu(\))p eop
%%Page: 106 116
106 115 bop 251 130 a Fw(106)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 577 500 a Fu(\()p Fs(F)692
464 y Fi(0)p Fn(2)783 500 y Ft(?)q Fu(\))c Fs(s)108 b
Fu(=)99 b Fs(F)1331 464 y Fi(0)1387 500 y Fu(\()p Fs(F)1502
464 y Fi(0)p Fn(1)1593 500 y Ft(?)q Fu(\))32 b Fs(s)643
b Fu(\(de\014nition)31 b(of)i Fs(F)3084 464 y Fi(0)p
Fn(2)3175 500 y Ft(?)p Fu(\))1079 781 y(=)1254 607 y
Fg(8)1254 682 y(<)1254 831 y(:)1370 697 y Fu(\()p Fs(F)1485
661 y Fi(0)p Fn(1)1576 697 y Ft(?)p Fu(\))g Fs(s)91 b
Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h Fw(0)1370
864 y Fs(s)445 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h
Fw(0)2424 781 y Fu(\(de\014nition)e(of)i Fs(F)3084 745
y Fi(0)3107 781 y Fu(\))1079 1134 y(=)1254 959 y Fg(8)1254
1034 y(<)1254 1183 y(:)1370 1049 y Fu(undef)p 1370 1062
236 4 v 83 w(if)f Fs(s)40 b Fr(x)33 b Ft(6)p Fu(=)g Fw(0)1370
1217 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Fu(=)g
Fw(0)2424 1134 y Fu(\(de\014nition)e(of)i Fs(F)3084 1097
y Fi(0)p Fn(1)3175 1134 y Ft(?)p Fu(\))765 1318 y(.)765
1351 y(.)765 1384 y(.)283 1580 y(In)g(general)f(w)m(e)i(ha)m(v)m(e)g
Fs(F)1187 1544 y Fi(0)p Fn(n)1282 1580 y Ft(?)f Fu(=)f
Fs(F)1577 1544 y Fi(0)p Fn(n+1)1762 1580 y Ft(?)h Fu(for)f(n)h
Fo(>)g Fu(0.)43 b(Therefore)527 1707 y Fg(F)597 1774
y Ft(f)32 b Fs(F)756 1737 y Fi(0)p Fn(n)851 1774 y Ft(?)h(j)f
Fu(n)p Ft(\025)q Fu(0)g Ft(g)g Fu(=)1425 1707 y Fg(F)1526
1774 y Ft(f)p Fs(F)1653 1737 y Fi(0)p Fn(0)1744 1774
y Ft(?)q Fu(,)g Fs(F)1958 1737 y Fi(0)p Fn(1)2049 1774
y Ft(?)q(g)g Fu(=)h Fs(F)2395 1737 y Fi(0)p Fn(1)2486
1774 y Ft(?)283 1967 y Fu(b)s(ecause)h Fs(F)721 1931
y Fi(0)p Fn(0)812 1967 y Ft(?)f Fu(=)g Ft(?)p Fu(.)44
b(Th)m(us)34 b(the)f(least)f(\014xed)i(p)s(oin)m(t)e(of)g
Fs(F)2501 1931 y Fi(0)2556 1967 y Fu(will)f(b)s(e)h(the)h(function)552
2216 y Fs(g)606 2231 y Fn(1)678 2216 y Fs(s)40 b Fu(=)867
2042 y Fg(8)867 2116 y(<)867 2266 y(:)982 2131 y Fu(undef)p
982 2144 V 84 w(if)31 b Fs(s)41 b Fr(x)33 b Ft(6)p Fu(=)f
Fw(0)982 2299 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33
b Fu(=)f Fw(0)3681 2216 y Fh(2)283 2512 y Fw(Exercise)37
b(4.39)49 b Fu(Redo)39 b(Exercise)h(4.15)e(using)h(the)g(approac)m(h)g
(of)g(Theorem)g(4.37,)h(that)e(is)283 2633 y(deduce)d(the)e(general)f
(form)g(of)g(the)h(iterands,)g Fs(F)2102 2597 y Fn(n)2178
2633 y Ft(?)p Fu(,)g(for)g(the)g(functional,)e Fs(F)13
b Fu(,)33 b(of)f(Exercises)283 2753 y(4.2)h(and)f(4.3.)2899
b Fh(2)283 2968 y Fw(Exercise)37 b(4.40)49 b(\(Essen)m(tial\))36
b Fu(Let)j Fs(f)20 b Fu(:)56 b Fs(D)47 b Ft(!)38 b Fs(D)47
b Fu(b)s(e)39 b(a)f(con)m(tin)m(uous)h(function)f(on)g(a)h(ccp)s(o)283
3088 y(\()p Fs(D)9 b Fu(,)33 b Ft(v)p Fu(\))g(and)g(let)f
Fs(d)10 b Ft(2)p Fs(D)42 b Fu(satisfy)32 b Fs(f)54 b(d)42
b Ft(v)33 b Fs(d)10 b Fu(.)44 b(Sho)m(w)33 b(that)g(FIX)f
Fs(f)54 b Ft(v)33 b Fs(d)10 b Fu(.)821 b Fh(2)430 3303
y Fu(The)38 b(table)f(b)s(elo)m(w)g(summarizes)g(the)h(dev)m(elopmen)m
(t)g(w)m(e)h(ha)m(v)m(e)g(p)s(erformed)e(in)g(order)g(to)283
3424 y(demonstrate)c(the)g(existence)h(of)e(least)h(\014xed)g(p)s(oin)m
(ts:)p 283 3573 3470 4 v 283 3589 V 281 3797 4 208 v
298 3797 V 1541 3718 a Fw(Fixed)g(P)m(oin)m(t)d(Theory)p
3735 3797 V 3752 3797 V 283 3800 3470 4 v 281 4049 4
249 v 298 4049 V 350 3966 a Fu(1:)143 b(W)-8 b(e)33 b(restrict)f
(ourselv)m(es)i(to)e Fs(chain)i(c)-5 b(omplete)34 b(p)-5
b(artial)5 b(ly)35 b(or)-5 b(der)g(e)g(d)34 b(sets)41
b Fu(|)32 b(ccp)s(o's.)p 3735 4049 V 3752 4049 V 281
4217 4 168 v 298 4217 V 350 4133 a(2:)143 b(W)-8 b(e)33
b(restrict)f(ourselv)m(es)i(to)e Fs(c)-5 b(ontinuous)35
b(functions)40 b Fu(on)33 b(ccp)s(o's.)p 3735 4217 V
3752 4217 V 281 4505 4 289 v 298 4505 V 350 4301 a(3:)143
b(W)-8 b(e)26 b(sho)m(w)h(that)f(con)m(tin)m(uous)g(functions)g(on)g
(ccp)s(o's)h(alw)m(a)m(ys)f(ha)m(v)m(e)i Fs(le)-5 b(ast)28
b(\014xe)-5 b(d)28 b(p)-5 b(oints)569 4421 y Fu(\(Theorem)33
b(4.37\).)p 3735 4505 V 3752 4505 V 283 4508 3470 4 v
283 4525 V 283 4702 a Fw(Exercise)k(4.41)49 b Fu(*)32
b(Let)h(\()p Fs(D)9 b Fu(,)32 b Ft(v)q Fu(\))g(b)s(e)h(a)f(ccp)s(o)h
(and)g(de\014ne)h(\()p Fs(D)9 b Ft(!)o Fs(D)g Fu(,)p
Ft(v)2878 4666 y Fi(0)2901 4702 y Fu(\))33 b(b)m(y)g(setting)527
4895 y Fs(f)578 4910 y Fn(1)650 4895 y Ft(v)728 4859
y Fi(0)784 4895 y Fs(f)834 4910 y Fn(2)906 4895 y Fu(if)f(and)g(only)h
(if)e Fs(f)1540 4910 y Fn(1)1612 4895 y Fs(d)43 b Ft(v)33
b Fs(f)1865 4910 y Fn(2)1937 4895 y Fs(d)43 b Fu(for)32
b(all)f Fs(d)42 b Ft(2)33 b Fs(D)283 5089 y Fu(Sho)m(w)h(that)e(\()p
Fs(D)9 b Ft(!)p Fs(D)g Fu(,)p Ft(v)1160 5052 y Fi(0)1184
5089 y Fu(\))32 b(is)g(a)h(ccp)s(o)f(and)h(that)f(FIX)h(is)f(\\con)m
(tin)m(uous")h(in)f(the)h(sense)h(that)527 5282 y(FIX)f(\()770
5215 y Fg(F)839 5246 y Fi(0)895 5282 y Ft(F)9 b Fu(\))33
b(=)1155 5215 y Fg(F)1224 5282 y Ft(f)g Fu(FIX)f Fs(f)54
b Ft(j)32 b Fs(f)53 b Ft(2)33 b(F)42 b(g)283 5475 y Fu(holds)33
b(for)f(all)e(non-empt)m(y)j(c)m(hains)g Ft(F)42 b(\022)33
b Fs(D)9 b Ft(!)p Fs(D)41 b Fu(of)32 b(con)m(tin)m(uous)h(functions.)
538 b Fh(2)p eop
%%Page: 107 117
107 116 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)
50 b(existence)1444 b(107)p 0 193 3473 4 v 0 515 a(Exercise)36
b(4.42)49 b Fu(**)34 b(\(F)-8 b(or)34 b(mathematicians\))e(Giv)m(en)j
(a)f(ccp)s(o)h(\()p Fs(D)9 b Fu(,)35 b Ft(v)p Fu(\))g(w)m(e)h(de\014ne)
g(an)e Fs(op)-5 b(en)0 636 y(set)42 b Fu(of)32 b Fs(D)42
b Fu(to)32 b(b)s(e)h(a)f(subset)i Fs(Y)52 b Fu(of)32
b Fs(D)42 b Fu(satisfying)70 849 y(\(1\))49 b(if)31 b
Fs(d)393 864 y Fn(1)433 849 y Ft(2)p Fs(Y)52 b Fu(and)33
b Fs(d)873 864 y Fn(1)945 849 y Ft(v)g Fs(d)1115 864
y Fn(2)1187 849 y Fu(then)h Fs(d)1470 864 y Fn(2)1509
849 y Ft(2)q Fs(Y)19 b Fu(,)33 b(and)70 1063 y(\(2\))49
b(if)30 b Fs(Y)424 1027 y Fi(0)479 1063 y Fu(is)h(a)h(non-empt)m(y)g(c)
m(hain)f(satisfying)1834 997 y Fg(F)1903 1063 y Fs(Y)1995
1027 y Fi(0)2050 1063 y Ft(2)h Fs(Y)52 b Fu(then)32 b(there)g(exists)h
(an)f(elemen)m(t)244 1184 y Fs(d)43 b Fu(of)32 b Fs(Y)539
1147 y Fi(0)595 1184 y Fu(whic)m(h)h(also)f(is)g(an)g(elemen)m(t)h(of)f
Fs(Y)20 b Fu(.)0 1397 y(The)36 b(set)f(of)g(op)s(en)f(sets)i(of)f
Fs(D)43 b Fu(is)35 b(denoted)h Ft(O)1686 1412 y Fc(D)1750
1397 y Fu(.)50 b(Sho)m(w)35 b(that)g(this)f(is)h(indeed)g(a)f
Fs(top)-5 b(olo)g(gy)43 b Fu(on)0 1518 y Fs(D)9 b Fu(,)33
b(that)f(is)g(sho)m(w)i(that)145 1731 y Ft(\017)49 b(;)32
b Fu(and)h Fs(D)41 b Fu(are)33 b(mem)m(b)s(ers)f(of)g
Ft(O)1400 1746 y Fc(D)1464 1731 y Fu(,)g(and)145 1945
y Ft(\017)49 b Fu(the)33 b(in)m(tersection)f(of)g(t)m(w)m(o)i(op)s(en)e
(sets)i(is)e(an)h(op)s(en)g(set,)g(and)145 2159 y Ft(\017)49
b Fu(the)33 b(union)f(of)g(an)m(y)h(collection)e(of)h(op)s(en)h(sets)g
(is)f(an)h(op)s(en)g(set.)0 2372 y(Let)c(\()p Fs(D)9
b Fu(,)28 b Ft(v)q Fu(\))g(and)g(\()p Fs(D)797 2336 y
Fi(0)821 2372 y Fu(,)h Ft(v)955 2336 y Fi(0)978 2372
y Fu(\))f(b)s(e)h(ccp)s(o's.)43 b(A)28 b(function)g Fs(f)21
b Fu(:)p Fs(D)9 b Ft(!)p Fs(D)2323 2336 y Fi(0)2375 2372
y Fu(is)28 b Fs(top)-5 b(olo)g(gic)g(al)5 b(ly-c)-5 b(ontinuous)0
2493 y Fu(if)31 b(and)i(only)f(if)g(the)h(function)f
Fs(f)1184 2457 y Fi(\000)p Fn(1)1278 2493 y Fu(:)43 b
Ft(P)9 b Fu(\()p Fs(D)1547 2457 y Fi(0)1570 2493 y Fu(\))33
b Ft(!)f(P)8 b Fu(\()p Fs(D)h Fu(\))33 b(de\014ned)h(b)m(y)244
2706 y Fs(f)295 2670 y Fi(\000)p Fn(1)389 2706 y Fu(\()p
Fs(Y)519 2670 y Fi(0)542 2706 y Fu(\))e(=)h Ft(f)f Fs(d)43
b Ft(2)33 b Fs(D)41 b Ft(j)32 b Fs(f)54 b(d)43 b Ft(2)33
b Fs(Y)1537 2670 y Fi(0)1593 2706 y Ft(g)0 2920 y Fu(maps)24
b(op)s(en)g(sets)h(to)e(op)s(en)h(sets,)j(that)d(is)f(sp)s(ecializes)g
(to)h Fs(f)2119 2884 y Fi(\000)p Fn(1)2213 2920 y Fu(:)39
b Ft(O)2361 2935 y Fc(D)2421 2916 y Fa(0)2471 2920 y
Ft(!)24 b(O)2677 2935 y Fc(D)2741 2920 y Fu(.)40 b(Sho)m(w)25
b(that)f Fs(f)44 b Fu(is)24 b(a)0 3041 y(con)m(tin)m(uous)h(function)f
(b)s(et)m(w)m(een)i Fs(D)33 b Fu(and)25 b Fs(D)1594 3004
y Fi(0)1641 3041 y Fu(if)e(and)h(only)g(if)f(it)g(is)h(a)g(top)s
(ologically-con)m(tin)m(uous)0 3161 y(function)32 b(b)s(et)m(w)m(een)j
Fs(D)41 b Fu(and)33 b Fs(D)1147 3125 y Fi(0)1170 3161
y Fu(.)2201 b Fh(2)0 3506 y Fj(4.3)161 b(Direct)53 b(st)l(yle)g(seman)l
(tics:)70 b(existence)0 3730 y Fu(W)-8 b(e)43 b(ha)m(v)m(e)h(no)m(w)g
(obtained)e(the)h(mathematical)d(foundations)i(needed)i(to)e(pro)m(v)m
(e)i(that)f(the)0 3850 y(seman)m(tic)33 b(clauses)h(of)f(T)-8
b(able)33 b(4.1)g(do)h(indeed)f(de\014ne)i(a)e(function.)46
b(So)33 b(consider)h(once)g(again)0 3970 y(the)f(clause)244
4184 y Ft(S)312 4199 y Fn(ds)383 4184 y Fu([)-17 b([)p
Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
b(])33 b(=)f(FIX)h Fs(F)480 4352 y Fu(where)h Fs(F)45
b(g)c Fu(=)33 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q(,)33 b Fs(g)41 b Ft(\016)32 b(S)1795
4367 y Fn(ds)1866 4352 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b(id\))0 4565 y(F)-8 b(or)43 b(this)g(to)h(mak)m(e)f(sense)j(w)
m(e)f(m)m(ust)e(sho)m(w)i(that)f Fs(F)56 b Fu(is)43 b(con)m(tin)m
(uous.)78 b(T)-8 b(o)44 b(do)f(so)h(w)m(e)h(\014rst)0
4686 y(observ)m(e)34 b(that)244 4899 y Fs(F)45 b(g)c
Fu(=)33 b Fs(F)625 4914 y Fn(1)697 4899 y Fu(\()p Fs(F)812
4914 y Fn(2)884 4899 y Fs(g)9 b Fu(\))0 5113 y(where)244
5327 y Fs(F)321 5342 y Fn(1)393 5327 y Fs(g)41 b Fu(=)32
b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
b Fs(g)9 b Fu(,)32 b(id\))244 5494 y Fs(F)321 5509 y
Fn(2)393 5494 y Fs(g)41 b Fu(=)32 b Fs(g)41 b Ft(\016)33
b(S)824 5509 y Fn(ds)895 5494 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])p eop
%%Page: 108 118
108 117 bop 251 130 a Fw(108)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(Using)29
b(Lemma)f(4.35)h(w)m(e)i(then)f(obtain)e(the)i(con)m(tin)m(uit)m(y)f
(of)g Fs(F)42 b Fu(b)m(y)31 b(sho)m(wing)e(that)g Fs(F)3384
530 y Fn(1)3453 515 y Fu(and)g Fs(F)3716 530 y Fn(2)283
636 y Fu(are)k(con)m(tin)m(uous.)44 b(W)-8 b(e)33 b(shall)e(\014rst)i
(pro)m(v)m(e)h(that)f Fs(F)2121 651 y Fn(1)2193 636 y
Fu(is)f(con)m(tin)m(uous:)p 283 756 3473 5 v 283 928
a Fw(Lemma)38 b(4.43)49 b Fu(Let)32 b Fs(g)1157 943 y
Fn(0)1196 928 y Fu(:)44 b Fw(State)32 b Fo(,)-17 b Ft(!)33
b Fw(State)p Fu(,)g Fs(p)6 b Fu(:)43 b Fw(State)33 b
Ft(!)f Fw(T)g Fu(and)h(de\014ne)527 1129 y Fs(F)46 b(g)41
b Fu(=)32 b(cond\()p Fs(p)6 b Fu(,)33 b Fs(g)9 b Fu(,)32
b Fs(g)1352 1144 y Fn(0)1391 1129 y Fu(\))283 1329 y(Then)i
Fs(F)46 b Fu(is)32 b(con)m(tin)m(uous.)p 283 1450 V 283
1651 a Fw(Pro)s(of:)39 b Fu(W)-8 b(e)33 b(shall)f(\014rst)i(pro)m(v)m
(e)h(that)e Fs(F)46 b Fu(is)33 b Fs(monotone)7 b Fu(.)45
b(So)33 b(assume)h(that)f Fs(g)3145 1666 y Fn(1)3217
1651 y Ft(v)h Fs(g)3382 1666 y Fn(2)3454 1651 y Fu(and)g(w)m(e)283
1771 y(shall)29 b(sho)m(w)i(that)f Fs(F)45 b(g)1120 1786
y Fn(1)1192 1771 y Ft(v)33 b Fs(F)45 b(g)1465 1786 y
Fn(2)1504 1771 y Fu(.)e(It)30 b(su\016ces)i(to)e(consider)g(an)g
(arbitrary)f(state)i Fs(s)38 b Fu(and)30 b(sho)m(w)283
1891 y(that)527 2092 y(\()p Fs(F)46 b(g)729 2107 y Fn(1)768
2092 y Fu(\))32 b Fs(s)41 b Fu(=)32 b Fs(s)1075 2056
y Fi(0)1131 2092 y Fu(implies)e(\()p Fs(F)46 b(g)1664
2107 y Fn(2)1703 2092 y Fu(\))32 b Fs(s)41 b Fu(=)32
b Fs(s)2010 2056 y Fi(0)283 2293 y Fu(If)i Fs(p)40 b(s)i
Fu(=)34 b Fw(tt)f Fu(then)i(\()p Fs(F)47 b(g)1212 2308
y Fn(1)1251 2293 y Fu(\))34 b Fs(s)42 b Fu(=)33 b Fs(g)1568
2308 y Fn(1)1641 2293 y Fs(s)42 b Fu(and)34 b(from)f
Fs(g)2200 2308 y Fn(1)2273 2293 y Ft(v)h Fs(g)2438 2308
y Fn(2)2511 2293 y Fu(w)m(e)h(get)f(that)g Fs(g)3087
2308 y Fn(1)3160 2293 y Fs(s)42 b Fu(=)34 b Fs(s)3400
2257 y Fi(0)3457 2293 y Fu(implies)283 2413 y Fs(g)337
2428 y Fn(2)411 2413 y Fs(s)42 b Fu(=)34 b Fs(s)651 2377
y Fi(0)674 2413 y Fu(.)48 b(Since)34 b(\()p Fs(F)47 b(g)1208
2428 y Fn(2)1247 2413 y Fu(\))34 b Fs(s)42 b Fu(=)34
b Fs(g)1565 2428 y Fn(2)1638 2413 y Fs(s)42 b Fu(w)m(e)35
b(ha)m(v)m(e)h(pro)m(v)m(ed)f(the)g(result.)48 b(So)34
b(consider)g(the)h(case)283 2534 y(where)30 b Fs(p)35
b(s)i Fu(=)28 b Fw(\013)p Fu(.)43 b(Then)30 b(\()p Fs(F)41
b(g)1410 2549 y Fn(1)1449 2534 y Fu(\))29 b Fs(s)37 b
Fu(=)28 b Fs(g)1751 2549 y Fn(0)1819 2534 y Fs(s)37 b
Fu(and)28 b(similarly)d(\()p Fs(F)46 b(g)2678 2549 y
Fn(2)2717 2534 y Fu(\))32 b Fs(s)37 b Fu(=)29 b Fs(g)3023
2549 y Fn(0)3090 2534 y Fs(s)37 b Fu(and)29 b(the)g(result)283
2654 y(is)k(immediate.)430 2775 y(T)-8 b(o)29 b(pro)m(v)m(e)h(that)f
Fs(F)42 b Fu(is)28 b Fs(c)-5 b(ontinuous)37 b Fu(let)29
b Fs(Y)48 b Fu(b)s(e)30 b(a)e(non-empt)m(y)h(c)m(hain)g(in)g
Fw(State)j Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(.)283 2895
y(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)h(that)527 3096 y Fs(F)46
b Fu(\()675 3029 y Fg(F)744 3096 y Fs(Y)20 b Fu(\))32
b Ft(v)1016 3029 y Fg(F)1085 3096 y Ft(f)h Fs(F)45 b(g)c
Ft(j)32 b Fs(g)9 b Ft(2)p Fs(Y)53 b Ft(g)283 3297 y Fu(since)32
b Fs(F)43 b Fu(\()666 3230 y Fg(F)736 3297 y Fs(Y)19
b Fu(\))31 b Ft(w)1004 3230 y Fg(F)1073 3297 y Ft(f)g
Fs(F)44 b(g)39 b Ft(j)30 b Fs(g)9 b Ft(2)p Fs(Y)51 b
Ft(g)30 b Fu(follo)m(ws)g(from)f(the)i(monotonicit)m(y)e(of)i
Fs(F)43 b Fu(\(see)32 b(Lemma)283 3417 y(4.30\).)43 b(Th)m(us)34
b(w)m(e)g(ha)m(v)m(e)g(to)e(sho)m(w)i(that)527 3618 y(graph\()p
Fs(F)13 b Fu(\()924 3551 y Fg(F)993 3618 y Fs(Y)20 b
Fu(\)\))32 b Ft(\022)1303 3551 y Fg(S)1373 3618 y Ft(f)g
Fu(graph\()p Fs(F)45 b(g)9 b Fu(\))32 b Ft(j)g Fs(g)9
b Ft(2)p Fs(Y)53 b Ft(g)283 3819 y Fu(using)26 b(the)h(c)m
(haracterization)e(of)h(least)g(upp)s(er)h(b)s(ounds)g(of)f(c)m(hains)g
(in)g Fw(State)g Fo(,)-17 b Ft(!)26 b Fw(State)h Fu(giv)m(en)283
3939 y(in)h(Lemma)f(4.25.)42 b(So)28 b(assume)h(that)f(\()p
Fs(F)41 b Fu(\()1832 3872 y Fg(F)1901 3939 y Fs(Y)20
b Fu(\)\))28 b Fs(s)37 b Fu(=)28 b Fs(s)2326 3903 y Fi(0)2377
3939 y Fu(and)h(let)f(us)h(determine)f Fs(g)37 b Ft(2)28
b Fs(Y)48 b Fu(suc)m(h)283 4059 y(that)30 b(\()p Fs(F)42
b(g)9 b Fu(\))29 b Fs(s)37 b Fu(=)30 b Fs(s)988 4023
y Fi(0)1011 4059 y Fu(.)42 b(If)30 b Fs(p)35 b(s)j Fu(=)29
b Fw(\013)h Fu(w)m(e)g(ha)m(v)m(e)h Fs(F)45 b Fu(\()2047
3993 y Fg(F)2117 4059 y Fs(Y)19 b Fu(\))33 b Fs(s)k Fu(=)29
b Fs(g)2515 4074 y Fn(0)2587 4059 y Fs(s)37 b Fu(=)30
b Fs(s)2818 4023 y Fi(0)2870 4059 y Fu(and)g(clearly)-8
b(,)29 b(for)g(ev)m(ery)283 4180 y(elemen)m(t)k Fs(g)42
b Fu(of)33 b(the)h(non-empt)m(y)f(set)h Fs(Y)53 b Fu(w)m(e)34
b(ha)m(v)m(e)g(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)41
b Fu(=)33 b Fs(g)2663 4195 y Fn(0)2735 4180 y Fs(s)41
b Fu(=)33 b Fs(s)2973 4144 y Fi(0)2996 4180 y Fu(.)46
b(If)33 b Fs(p)39 b(s)i Fu(=)33 b Fw(tt)f Fu(then)283
4300 y(w)m(e)i(get)f(\()p Fs(F)45 b Fu(\()775 4234 y
Fg(F)844 4300 y Fs(Y)20 b Fu(\)\))32 b Fs(s)41 b Fu(=)32
b(\()1271 4234 y Fg(F)1340 4300 y Fs(Y)20 b Fu(\))33
b Fs(s)40 b Fu(=)33 b Fs(s)1740 4264 y Fi(0)1795 4300
y Fu(so)g Ft(h)p Fs(s)8 b Fu(,)33 b Fs(s)2110 4264 y
Fi(0)2133 4300 y Ft(i)f(2)h Fu(graph\()2585 4234 y Fg(F)2654
4300 y Fs(Y)20 b Fu(\).)32 b(Since)527 4501 y(graph\()809
4434 y Fg(F)878 4501 y Fs(Y)20 b Fu(\))32 b(=)1149 4434
y Fg(S)1218 4501 y Ft(f)g Fu(graph\()p Fs(g)9 b Fu(\))32
b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)53 b Ft(g)283 4702 y Fu(\(according)25
b(to)f(Lemma)g(4.25\))g(w)m(e)i(therefore)f(ha)m(v)m(e)i
Fs(g)9 b Ft(2)p Fs(Y)44 b Fu(suc)m(h)26 b(that)f Fs(g)33
b(s)g Fu(=)25 b Fs(s)3148 4665 y Fi(0)3196 4702 y Fu(and)g(it)f(follo)m
(ws)283 4822 y(that)33 b(\()p Fs(F)45 b(g)9 b Fu(\))32
b Fs(s)41 b Fu(=)32 b Fs(s)1003 4786 y Fi(0)1027 4822
y Fu(.)43 b(This)33 b(pro)m(v)m(es)h(the)f(result.)1626
b Fh(2)283 5130 y Fw(Exercise)37 b(4.44)49 b(\(Essen)m(tial\))29
b Fu(Pro)m(v)m(e)j(that)f(\(in)g(the)g(setting)g(of)g(Lemma)f(4.43\))g
Fs(F)44 b Fu(de\014ned)283 5250 y(b)m(y)38 b Fs(F)50
b(g)c Fu(=)37 b(cond\()p Fs(p)6 b Fu(,)38 b Fs(g)1154
5265 y Fn(0)1193 5250 y Fu(,)g Fs(g)9 b Fu(\))37 b(is)f(con)m(tin)m
(uous,)j(that)e(is)f(`cond')i(is)e(con)m(tin)m(uous)i(in)e(its)h
(second)283 5371 y(and)c(third)f(argumen)m(ts.)2495 b
Fh(2)p eop
%%Page: 109 119
109 118 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)
50 b(existence)1444 b(109)p 0 193 3473 4 v 0 515 3473
5 v 0 683 a(Lemma)37 b(4.45)49 b Fu(Let)33 b Fs(g)874
698 y Fn(0)913 683 y Fu(:)43 b Fw(State)33 b Fo(,)-17
b Ft(!)33 b Fw(State)f Fu(and)h(de\014ne)244 880 y Fs(F)45
b(g)c Fu(=)33 b Fs(g)41 b Ft(\016)32 b Fs(g)770 895 y
Fn(0)0 1077 y Fu(Then)i Fs(F)45 b Fu(is)32 b(con)m(tin)m(uous.)p
0 1198 V 0 1395 a Fw(Pro)s(of:)48 b Fu(W)-8 b(e)43 b(shall)d(\014rst)j
(pro)m(v)m(e)g(that)f Fs(F)55 b Fu(is)41 b(monotone.)71
b(If)42 b Fs(g)2373 1410 y Fn(1)2454 1395 y Ft(v)h Fs(g)2628
1410 y Fn(2)2709 1395 y Fu(then)f(graph\()p Fs(g)3276
1410 y Fn(1)3315 1395 y Fu(\))g Ft(\022)0 1515 y Fu(graph\()p
Fs(g)336 1530 y Fn(2)375 1515 y Fu(\))32 b(according)g(to)g(Exercise)i
(4.8)f(so)f(that)244 1712 y(graph\()p Fs(g)580 1727 y
Fn(0)619 1712 y Fu(\))g Ft(\005)f Fu(graph\()p Fs(g)1107
1727 y Fn(1)1146 1712 y Fu(\))i Ft(\022)g Fu(graph\()p
Fs(g)1663 1727 y Fn(0)1702 1712 y Fu(\))f Ft(\005)f Fu(graph\()p
Fs(g)2190 1727 y Fn(2)2229 1712 y Fu(\))0 1909 y(and)h(this)g(sho)m(ws)
i(that)e Fs(F)45 b(g)1033 1924 y Fn(1)1105 1909 y Ft(v)32
b Fs(F)46 b(g)1378 1924 y Fn(2)1417 1909 y Fu(.)d(Next)33
b(w)m(e)g(shall)e(pro)m(v)m(e)j(that)e Fs(F)45 b Fu(is)32
b(con)m(tin)m(uous.)44 b(If)32 b Fs(Y)0 2029 y Fu(is)g(a)g(non-empt)m
(y)h(c)m(hain)g(then)244 2226 y(graph\()p Fs(F)13 b Fu(\()641
2160 y Fg(F)710 2226 y Fs(Y)19 b Fu(\)\))33 b(=)f(graph\(\()1338
2160 y Fg(F)1407 2226 y Fs(Y)20 b Fu(\))32 b Ft(\016)h
Fs(g)1706 2241 y Fn(0)1745 2226 y Fu(\))910 2394 y(=)f(graph\()p
Fs(g)1354 2409 y Fn(0)1393 2394 y Fu(\))h Ft(\005)e Fu(graph\()1828
2328 y Fg(F)1897 2394 y Fs(Y)20 b Fu(\))910 2562 y(=)32
b(graph\()p Fs(g)1354 2577 y Fn(0)1393 2562 y Fu(\))h
Ft(\005)1546 2495 y Fg(S)1615 2562 y Ft(f)p Fu(graph\()p
Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)20 b
Ft(g)910 2729 y Fu(=)1018 2663 y Fg(S)1087 2729 y Ft(f)p
Fu(graph\()p Fs(g)1473 2744 y Fn(0)1512 2729 y Fu(\))33
b Ft(\005)e Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9
b Ft(2)p Fs(Y)20 b Ft(g)910 2897 y Fu(=)32 b(graph\()1300
2830 y Fg(F)1369 2897 y Ft(f)p Fs(F)46 b(g)41 b Ft(j)32
b Fs(g)9 b Ft(2)p Fs(Y)19 b Ft(g)p Fu(\))0 3094 y(where)34
b(w)m(e)f(ha)m(v)m(e)h(used)g(Lemma)d(4.25)h(t)m(wice.)44
b(Th)m(us)34 b Fs(F)46 b Fu(\()2112 3027 y Fg(F)2181
3094 y Fs(Y)20 b Fu(\))32 b(=)2451 3027 y Fg(F)2521 3094
y Ft(f)p Fs(F)45 b(g)c Ft(j)32 b Fs(g)9 b Ft(2)p Fu(Y)p
Ft(g)p Fu(.)302 b Fh(2)0 3397 y Fw(Exercise)36 b(4.46)49
b(\(Essen)m(tial\))29 b Fu(Pro)m(v)m(e)k(that)e(\(in)f(the)i(setting)f
(of)g(Lemma)e(4.45\))i Fs(F)44 b Fu(de\014ned)0 3517
y(b)m(y)33 b Fs(F)46 b(g)41 b Fu(=)32 b Fs(g)493 3532
y Fn(0)565 3517 y Ft(\016)g Fs(g)41 b Fu(is)32 b(con)m(tin)m(uous,)i
(that)e(is)g Ft(\016)h Fu(is)f(con)m(tin)m(uous)h(in)f(b)s(oth)g
(argumen)m(ts.)260 b Fh(2)146 3737 y Fu(W)-8 b(e)26 b(ha)m(v)m(e)g(no)m
(w)g(established)f(the)h(results)f(needed)i(to)e(sho)m(w)h(that)f(the)h
(equations)f(of)g(T)-8 b(able)0 3857 y(4.1)32 b(de\014ne)i(a)e
(function)g Ft(S)970 3872 y Fn(ds)1041 3857 y Fu(:)p
0 3978 V 0 4145 a Fw(Prop)s(osition)k(4.47)49 b Fu(The)44
b(seman)m(tic)e(equations)i(of)f(T)-8 b(able)42 b(4.1)h(de\014ne)h(a)f
(total)f(function)0 4266 y Ft(S)68 4281 y Fn(ds)172 4266
y Fu(in)31 b Fw(Stm)h Ft(!)g Fu(\()p Fw(State)h Fo(,)-17
b Ft(!)32 b Fw(State)p Fu(\).)p 0 4386 V 0 4583 a Fw(Pro)s(of:)37
b Fu(The)d(pro)s(of)e(is)g(b)m(y)h(structural)f(induction)g(on)g(the)h
(statemen)m(t)h Fs(S)12 b Fu(.)0 4751 y Fw(The)24 b(case)g
Fs(x)36 b Fu(:=)23 b Fs(a)7 b Fu(:)40 b(Clearly)23 b(the)h(function)f
(that)g(maps)h(a)f(state)h Fs(s)32 b Fu(to)23 b(the)i(state)f
Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7
b Fu(])-17 b(])q Fs(s)8 b Fu(])0 4871 y(is)32 b(w)m(ell-de\014ned.)0
5039 y Fw(The)h(case)g Fr(skip)p Fu(:)45 b(Clearly)31
b(the)i(function)f(id)g(is)g(w)m(ell-de\014ned.)0 5206
y Fw(The)42 b(case)h Fs(S)542 5221 y Fn(1)582 5206 y
Fu(;)p Fs(S)676 5221 y Fn(2)715 5206 y Fu(:)63 b(The)43
b(induction)e(h)m(yp)s(othesis)i(giv)m(es)g(that)f Ft(S)2486
5221 y Fn(ds)2557 5206 y Fu([)-17 b([)p Fs(S)2661 5221
y Fn(1)2701 5206 y Fu(])g(])42 b(and)h Ft(S)3048 5221
y Fn(ds)3119 5206 y Fu([)-17 b([)p Fs(S)3223 5221 y Fn(2)3263
5206 y Fu(])g(])42 b(are)0 5327 y(w)m(ell-de\014ned)33
b(and)f(clearly)g(their)g(comp)s(osition)e(will)h(b)s(e)h(w)m
(ell-de\014ned.)0 5494 y Fw(The)42 b(case)f Fr(if)h Fs(b)47
b Fr(then)c Fs(S)1023 5509 y Fn(1)1103 5494 y Fr(else)f
Fs(S)1416 5509 y Fn(2)1456 5494 y Fu(:)60 b(The)43 b(induction)d(h)m
(yp)s(othesis)i(giv)m(es)g(that)f Ft(S)3220 5509 y Fn(ds)3291
5494 y Fu([)-17 b([)q Fs(S)3396 5509 y Fn(1)3435 5494
y Fu(])g(])p eop
%%Page: 110 120
110 119 bop 251 130 a Fw(110)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(and)41
b Ft(S)549 530 y Fn(ds)620 515 y Fu([)-17 b([)q Fs(S)725
530 y Fn(2)764 515 y Fu(])g(])41 b(are)g(w)m(ell-de\014ned)f(functions)
h(and)g(clearly)e(this)h(prop)s(ert)m(y)i(is)e(preserv)m(ed)j(b)m(y)283
636 y(the)33 b(function)g(`cond'.)283 803 y Fw(The)24
b(case)g Fr(while)g Fs(b)29 b Fr(do)24 b Fs(S)12 b Fu(:)23
b(The)h(induction)e(h)m(yp)s(othesis)i(giv)m(es)g(that)f
Ft(S)2903 818 y Fn(ds)2974 803 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])24 b(is)f(w)m(ell-de\014ned.)283 924 y(The)34
b(functions)f Fs(F)982 939 y Fn(1)1053 924 y Fu(and)g
Fs(F)1320 939 y Fn(2)1392 924 y Fu(de\014ned)h(b)m(y)527
1121 y Fs(F)604 1136 y Fn(1)676 1121 y Fs(g)41 b Fu(=)33
b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32
b Fs(g)9 b Fu(,)33 b(id\))527 1288 y Fs(F)604 1303 y
Fn(2)676 1288 y Fs(g)41 b Fu(=)33 b Fs(g)41 b Ft(\016)32
b(S)1107 1303 y Fn(ds)1178 1288 y Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])283 1485 y(are)34 b(con)m(tin)m(uous)h(according)e(to)h
(Lemmas)f(4.43)g(and)h(4.45.)47 b(Th)m(us)35 b(Lemma)e(4.35)g(giv)m(es)
h(that)283 1606 y Fs(F)47 b(g)c Fu(=)34 b Fs(F)669 1621
y Fn(1)742 1606 y Fu(\()p Fs(F)857 1621 y Fn(2)931 1606
y Fs(g)9 b Fu(\))33 b(is)h(con)m(tin)m(uous.)49 b(F)-8
b(rom)32 b(Theorem)j(4.37)e(w)m(e)i(then)g(ha)m(v)m(e)g(that)f(FIX)g
Fs(F)47 b Fu(is)283 1726 y(w)m(ell-de\014ned)37 b(and)g(thereb)m(y)i
(that)d Ft(S)1655 1741 y Fn(ds)1726 1726 y Fu([)-17 b([)q
Fr(while)38 b Fs(b)k Fr(do)c Fs(S)12 b Fu(])-17 b(])37
b(is)f(w)m(ell-de\014ned.)56 b(This)37 b(completes)283
1846 y(the)c(pro)s(of.)2980 b Fh(2)283 2149 y Fw(Example)37
b(4.48)49 b Fu(Consider)33 b(the)g(denotational)e(seman)m(tics)h(of)g
(the)h(factorial)e(statemen)m(t:)527 2346 y Ft(S)595
2361 y Fn(ds)666 2346 y Fu([)-17 b([)q Fr(y)33 b Fu(:=)f
Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])283 2543 y(W)-8 b(e)29 b(shall)d(b)s(e)i(in)m
(terested)h(in)e(applying)g(this)g(function)h(to)f(a)h(state)g
Fs(s)2780 2558 y Fn(0)2848 2543 y Fu(where)h Fr(x)f Fu(has)g(the)g(v)-5
b(alue)283 2663 y Fw(3)p Fu(.)44 b(T)-8 b(o)33 b(do)f(that)g(w)m(e)i
(shall)d(\014rst)i(apply)g(the)g(clauses)g(of)f(T)-8
b(able)32 b(4.1)g(and)h(w)m(e)h(then)f(get)f(that)527
2860 y Ft(S)595 2875 y Fn(ds)666 2860 y Fu([)-17 b([)q
Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])35 b Fs(s)2705 2875 y Fn(0)764
3028 y Fu(=)d(\(FIX)g Fs(F)13 b Fu(\))33 b Fs(s)1310
3043 y Fn(0)1349 3028 y Fu([)p Fr(y)p Ft(7!)p Fw(1)p
Fu(])283 3225 y(where)527 3484 y Fs(F)46 b(g)41 b(s)g
Fu(=)912 3310 y Fg(8)912 3384 y(<)912 3534 y(:)1027 3399
y Fs(g)g Fu(\()p Ft(S)1219 3414 y Fn(ds)1290 3399 y Fu([)-17
b([)q Fr(y)p Fu(:=)33 b Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p
Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])34 b Fs(s)8
b Fu(\))83 b(if)31 b Ft(B)t Fu([)-17 b([)p Ft(:)q Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])33 b Fs(s)41 b Fu(=)32
b Fw(tt)1027 3567 y Fs(s)1232 b Fu(if)31 b Ft(B)t Fu([)-17
b([)p Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])33
b Fs(s)41 b Fu(=)32 b Fw(\013)283 3763 y Fu(or,)h(equiv)-5
b(alen)m(tly)d(,)527 4041 y Fs(F)46 b(g)41 b(s)g Fu(=)912
3867 y Fg(8)912 3942 y(<)912 4091 y(:)1027 3957 y Fs(g)g
Fu(\()p Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)41
b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)f Fr(x)p Fu(\)][)p
Fr(x)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p
Fw(1)p Fu(]\))84 b(if)31 b Fs(s)41 b Fr(x)33 b Ft(6)p
Fu(=)f Fw(1)1027 4124 y Fs(s)1469 b Fu(if)31 b Fs(s)41
b Fr(x)33 b Fu(=)f Fw(1)283 4320 y Fu(W)-8 b(e)34 b(can)g(no)m(w)g
(calculate)f(the)g(v)-5 b(arious)33 b(functions)h Fs(F)2246
4284 y Fn(n)2322 4320 y Ft(?)g Fu(used)h(in)e(the)g(de\014nition)g(of)g
(FIX)g Fs(F)283 4440 y Fu(in)f(Theorem)h(4.37:)527 4637
y(\()p Fs(F)642 4601 y Fn(0)714 4637 y Ft(?)q Fu(\))f
Fs(s)41 b Fu(=)32 b(undef)p 1051 4650 236 4 v 527 4892
a(\()p Fs(F)642 4856 y Fn(1)714 4892 y Ft(?)q Fu(\))g
Fs(s)41 b Fu(=)1051 4718 y Fg(8)1051 4792 y(<)1051 4942
y(:)1166 4807 y Fu(undef)p 1166 4820 V 84 w(if)32 b Fs(s)40
b Fr(x)33 b Ft(6)p Fu(=)f Fw(1)1166 4975 y Fs(s)279 b
Fu(if)32 b Fs(s)40 b Fr(x)33 b Fu(=)f Fw(1)527 5325 y
Fu(\()p Fs(F)642 5289 y Fn(2)714 5325 y Ft(?)q Fu(\))g
Fs(s)41 b Fu(=)1051 5076 y Fg(8)1051 5150 y(>)1051 5175
y(>)1051 5200 y(>)1051 5225 y(<)1051 5375 y(>)1051 5400
y(>)1051 5424 y(>)1051 5449 y(:)1166 5156 y Fu(undef)p
1166 5169 V 675 w(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p
Fu(=)g Fw(1)f Fu(and)h Fs(s)40 b Fr(x)33 b Ft(6)p Fu(=)g
Fw(2)1166 5324 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)q Fu(\()p
Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fw(2)p Fu(][)p Fr(x)p
Ft(7!)p Fw(1)p Fu(])83 b(if)32 b Fs(s)40 b Fr(x)33 b
Fu(=)g Fw(2)1166 5492 y Fs(s)870 b Fu(if)32 b Fs(s)40
b Fr(x)33 b Fu(=)g Fw(1)p eop
%%Page: 111 121
111 120 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)
50 b(existence)1444 b(111)p 0 193 3473 4 v 0 515 a Fu(Th)m(us)32
b(if)d Fr(x)h Fu(is)g Fw(1)g Fu(or)g Fw(2)g Fu(then)h(the)f
Fs(F)1260 479 y Fn(2)1330 515 y Ft(?)g Fu(will)e(giv)m(e)i(the)h
(correct)g(v)-5 b(alue)29 b(for)h Fr(y)g Fu(and)h(for)e(all)f(other)0
636 y(v)-5 b(alues)27 b(of)g Fr(x)h Fu(the)g(result)f(is)g
(unde\014ned.)44 b(This)28 b(is)f(a)g(general)g(pattern:)41
b(the)28 b(n)m(th)g Fs(iter)-5 b(and)37 b(F)3319 600
y Fn(n)3395 636 y Ft(?)0 756 y Fu(will)d(determine)h(the)i(correct)g(v)
-5 b(alue)35 b(if)g(it)g(can)h(b)s(e)g(computed)h(with)e
Fs(at)k(most)c Fu(n)i Fs(unfoldings)0 877 y Fu(of)i(the)h
Fr(while)p Fu(-lo)s(op)f(\(that)h(is)f(n)g(ev)-5 b(aluations)39
b(of)g(the)h(b)s(o)s(olean)e(condition\).)63 b(The)41
b(general)0 997 y(form)m(ula)31 b(is)269 1227 y(\()p
Fs(F)384 1191 y Fn(n)460 1227 y Ft(?)p Fu(\))h Fs(s)41
b Fu(=)796 1052 y Fg(8)796 1127 y(<)796 1277 y(:)912
1142 y Fu(undef)p 912 1155 236 4 v 989 w(if)31 b Fs(s)41
b Fr(x)32 b Fo(<)h Fw(1)f Fu(or)h Fs(s)40 b Fr(x)33 b
Fo(>)f Fu(n)912 1310 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
Fu(\()p Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fs(j)14 b Ft(\001)j(\001)g
(\001)o Fo(?)p Fw(2)p Fo(?)o Fw(1)p Fu(][)p Fr(x)p Ft(7!)p
Fw(1)p Fu(])84 b(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h Fs(j)46
b Fu(and)33 b Fw(1)p Ft(\024)q Fs(j)46 b Fu(and)33 b
Fs(j)14 b Ft(\024)q Fu(n)0 1476 y(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244
1793 y(\(FIX)f Fs(F)13 b Fu(\))33 b Fs(s)40 b Fu(=)823
1619 y Fg(8)823 1694 y(<)823 1843 y(:)938 1709 y Fu(undef)p
938 1722 V 1007 w(if)31 b Fs(s)41 b Fr(x)33 b Fo(<)f
Fw(1)938 1876 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fu(\()p
Fs(s)41 b Fr(y)p Fu(\))p Fo(?)p Fs(n)7 b Ft(\001)17 b(\001)g(\001)n
Fo(?)p Fw(2)p Fo(?)p Fw(1)p Fu(][)p Fr(x)p Ft(7!)p Fw(1)p
Fu(])83 b(if)31 b Fs(s)41 b Fr(x)33 b Fu(=)f Fs(n)40
b Fu(and)33 b Fs(n)7 b Ft(\025)p Fw(1)0 2130 y Fu(So)32
b(in)f(the)i(state)f Fs(s)702 2145 y Fn(0)773 2130 y
Fu(where)i Fr(x)e Fu(has)g(the)h(v)-5 b(alue)31 b Fw(3)h
Fu(w)m(e)h(get)f(that)g(the)g(v)-5 b(alue)32 b(computed)g(b)m(y)h(the)0
2250 y(factorial)d(statemen)m(t)j(is)244 2505 y(\(FIX)f
Fs(F)13 b Fu(\))33 b(\()p Fs(s)720 2520 y Fn(0)759 2505
y Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(]\))g Fr(y)g Fu(=)f
Fw(1)h Fo(?)f Fw(3)g Fo(?)h Fw(2)f Fo(?)g Fw(1)h Fu(=)f
Fw(6)0 2760 y Fu(as)h(exp)s(ected.)2879 b Fh(2)0 3061
y Fw(Exercise)36 b(4.49)49 b Fu(Consider)33 b(the)g(statemen)m(t)244
3315 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0
3570 y(and)f(p)s(erform)e(a)h(dev)m(elopmen)m(t)i(analogous)d(to)h
(that)h(of)f(Example)g(4.48.)694 b Fh(2)0 3871 y Fw(Exercise)36
b(4.50)49 b Fu(Sho)m(w)30 b(that)f Ft(S)1220 3886 y Fn(ds)1292
3871 y Fu([)-17 b([)p Fr(while)30 b(true)g(do)g(skip)p
Fu(])-17 b(])30 b(is)e(the)i(totally)d(unde\014ned)j(func-)0
3991 y(tion)i Ft(?)p Fu(.)3093 b Fh(2)0 4292 y Fw(Exercise)36
b(4.51)49 b Fu(Extend)42 b(the)f(language)e(with)h(the)h(statemen)m(t)g
Fr(repeat)34 b Fs(S)44 b Fr(until)34 b Fs(b)46 b Fu(and)0
4412 y(giv)m(e)37 b(the)g(new)g(\(comp)s(ositional\))c(clause)k(for)f
Ft(S)1795 4427 y Fn(ds)1866 4412 y Fu(.)56 b(V)-8 b(alidate)34
b(the)j(w)m(ell-de\014nedness)i(of)d(the)0 4532 y(extended)f(v)m
(ersion)e(of)f Ft(S)925 4547 y Fn(ds)996 4532 y Fu(.)2375
b Fh(2)0 4833 y Fw(Exercise)36 b(4.52)49 b Fu(Extend)37
b(the)e(language)f(with)g(the)h(statemen)m(t)g Fr(for)h
Fs(x)47 b Fu(:=)34 b Fs(a)2937 4848 y Fn(1)3012 4833
y Fr(to)h Fs(a)3206 4848 y Fn(2)3280 4833 y Fr(do)h Fs(S)0
4953 y Fu(and)f(giv)m(e)g(the)g(new)h(\(comp)s(ositional\))c(clause)j
(for)f Ft(S)1977 4968 y Fn(ds)2048 4953 y Fu(.)51 b(V)-8
b(alidate)33 b(the)i(w)m(ell-de\014nedness)i(of)0 5074
y(the)c(extended)i(v)m(ersion)e(of)f Ft(S)1093 5089 y
Fn(ds)1164 5074 y Fu(.)2207 b Fh(2)146 5374 y Fu(T)-8
b(o)31 b(summarize,)f(the)h(w)m(ell-de\014nedness)h(of)e
Ft(S)1851 5389 y Fn(ds)1952 5374 y Fu(relies)g(on)g(the)h(follo)m(wing)
d(results)j(estab-)0 5494 y(lished)h(ab)s(o)m(v)m(e:)p
eop
%%Page: 112 122
112 121 bop 251 130 a Fw(112)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 419 3470 4 v 283
436 V 281 643 4 208 v 298 643 V 1371 564 a(Pro)s(of)c(Summary)h(for)f
(While)p Fu(:)p 3735 643 V 3752 643 V 281 851 V 298 851
V 961 772 a Fw(W)-9 b(ell)p Fu(-)p Fw(de\014nedness)32
b(of)h(Denotational)e(Seman)m(tics)p 3735 851 V 3752
851 V 283 854 3470 4 v 281 1223 4 370 v 298 1223 V 350
1020 a Fu(1:)143 b(The)34 b(set)g Fw(State)g Fo(,)-17
b Ft(!)33 b Fw(State)g Fu(equipp)s(ed)h(with)f(an)h(appropriate)e
(order)i Ft(v)f Fu(is)g(a)g(ccp)s(o)569 1140 y(\(Lemmas)e(4.13)h(and)h
(4.25\).)p 3735 1223 V 3752 1223 V 281 1511 4 289 v 298
1511 V 350 1308 a(2:)143 b(Certain)34 b(functions)g(\011:)47
b(\()p Fw(State)34 b Fo(,)-17 b Ft(!)35 b Fw(State)p
Fu(\))f Ft(!)g Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)35
b Fw(State)p Fu(\))f(are)g(con)m(tin-)569 1428 y(uous)f(\(Lemmas)e
(4.43)h(and)h(4.45\).)p 3735 1511 V 3752 1511 V 281 1799
V 298 1799 V 350 1596 a(3:)143 b(In)31 b(the)g(de\014nition)f(of)g
Ft(S)1464 1611 y Fn(ds)1566 1596 y Fu(w)m(e)i(only)e(apply)g(the)i
(\014xed)g(p)s(oin)m(t)e(op)s(eration)f(to)h(con)m(tin-)569
1716 y(uous)j(functions)f(\(Prop)s(osition)f(4.47\).)p
3735 1799 V 3752 1799 V 283 1803 3470 4 v 283 1819 V
283 2069 a Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283
2260 y Fu(In)35 b(the)f(op)s(erational)d(seman)m(tics)j(w)m(e)h
(de\014ned)g(a)f(notion)f(of)g(t)m(w)m(o)h(statemen)m(ts)h(b)s(eing)e
(seman-)283 2380 y(tically)46 b(equiv)-5 b(alen)m(t.)87
b(A)48 b(similar)c(notion)i(can)i(b)s(e)g(de\014ned)g(based)h(on)e(the)
h(denotational)283 2501 y(seman)m(tics:)c Fs(S)831 2516
y Fn(1)903 2501 y Fu(and)33 b Fs(S)1160 2516 y Fn(2)1231
2501 y Fu(are)g Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5
b(quivalent)41 b Fu(if)32 b(and)g(only)h(if)527 2720
y Ft(S)595 2735 y Fn(ds)666 2720 y Fu([)-17 b([)q Fs(S)771
2735 y Fn(1)810 2720 y Fu(])g(])33 b(=)g Ft(S)1056 2735
y Fn(ds)1128 2720 y Fu([)-17 b([)p Fs(S)1232 2735 y Fn(2)1272
2720 y Fu(])g(])283 2973 y Fw(Exercise)37 b(4.53)49 b
Fu(Sho)m(w)f(that)f(the)g(follo)m(wing)e(statemen)m(ts)j(of)f
Fw(While)e Fu(are)j(seman)m(tically)283 3093 y(equiv)-5
b(alen)m(t)33 b(in)f(the)h(ab)s(o)m(v)m(e)g(sense:)429
3312 y Ft(\017)48 b Fs(S)12 b Fu(;)p Fr(skip)34 b Fu(and)f
Fs(S)429 3531 y Ft(\017)48 b Fs(S)594 3546 y Fn(1)634
3531 y Fu(;\()p Fs(S)766 3546 y Fn(2)805 3531 y Fu(;)p
Fs(S)899 3546 y Fn(3)938 3531 y Fu(\))33 b(and)f(\()p
Fs(S)1303 3546 y Fn(1)1343 3531 y Fu(;)p Fs(S)1437 3546
y Fn(2)1476 3531 y Fu(\);)p Fs(S)1608 3546 y Fn(3)429
3749 y Ft(\017)48 b Fr(while)34 b Fs(b)39 b Fr(do)33
b Fs(S)44 b Fu(and)33 b Fr(if)g Fs(b)38 b Fr(then)c Fu(\()p
Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)c Fs(S)12
b Fu(\))32 b Fr(else)h(skip)651 b Fh(2)283 3999 y Fw(Exercise)37
b(4.54)49 b Fu(*)29 b(Pro)m(v)m(e)h(that)f Fr(repeat)i
Fs(S)41 b Fr(until)30 b Fs(b)35 b Fu(and)29 b Fs(S)12
b Fu(;)29 b Fr(while)h Ft(:)q Fs(b)35 b Fr(do)29 b Fs(S)41
b Fu(are)29 b(seman-)283 4120 y(tically)i(equiv)-5 b(alen)m(t)33
b(using)g(the)h(denotational)d(approac)m(h.)45 b(The)34
b(seman)m(tics)g(of)e(the)i Fr(repeat)p Fu(-)283 4240
y(construct)g(is)e(giv)m(en)h(in)f(Exercise)i(4.51.)1917
b Fh(2)283 4592 y Fj(4.4)161 b(An)53 b(equiv)-9 b(alence)55
b(result)283 4817 y Fu(Ha)m(ving)33 b(pro)s(duced)h(y)m(et)g(another)g
(seman)m(tics)f(of)f(the)i(language)e Fw(While)f Fu(w)m(e)k(shall)c(b)s
(e)j(in)m(ter-)283 4937 y(ested)d(in)e(its)f(relation)g(to)h(the)h(op)s
(erational)d(seman)m(tics)i(and)g(for)g(this)g(w)m(e)i(shall)d(fo)s
(cus)h(on)g(the)283 5058 y(structural)k(op)s(erational)d(seman)m(tics.)
p 283 5181 3473 5 v 283 5374 a Fw(Theorem)38 b(4.55)49
b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44
b Fu(of)32 b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2863
5389 y Fn(sos)2958 5374 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])33 b(=)g Ft(S)3308 5389 y Fn(ds)3380 5374 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 283 5494 V eop
%%Page: 113 123
113 122 bop 0 130 a Fw(4.4)112 b(An)38 b(equiv)-6 b(alence)37
b(result)1991 b(113)p 0 193 3473 4 v 0 515 a Fu(Both)25
b Ft(S)302 530 y Fn(ds)373 515 y Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])25 b(and)g Ft(S)790 530 y Fn(sos)885 515
y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])25 b(are)g(functions)f(in)g
Fw(State)h Fo(,)-17 b Ft(!)24 b Fw(State)p Fu(,)j(that)d(is)g(they)i
(are)e(elemen)m(ts)0 636 y(of)40 b(a)h(partially)c(ordered)42
b(set.)68 b(T)-8 b(o)41 b(pro)m(v)m(e)h(that)e(t)m(w)m(o)i(elemen)m(ts)
e Fs(d)2485 651 y Fn(1)2566 636 y Fu(and)g Fs(d)2823
651 y Fn(2)2904 636 y Fu(of)g(a)g(partially)0 756 y(ordered)30
b(set)g(are)g(equal)f(it)g(is)g(su\016cien)m(t)i(to)e(pro)m(v)m(e)i
(that)e Fs(d)2153 771 y Fn(1)2222 756 y Ft(v)h Fs(d)2389
771 y Fn(2)2458 756 y Fu(and)g(that)f Fs(d)2913 771 y
Fn(2)2982 756 y Ft(v)h Fs(d)3149 771 y Fn(1)3188 756
y Fu(.)43 b(Th)m(us)0 877 y(to)32 b(pro)m(v)m(e)i(Theorem)f(4.55)f(w)m
(e)i(shall)d(sho)m(w)i(that)145 1066 y Ft(\017)49 b(S)312
1081 y Fn(sos)407 1066 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])33 b Ft(v)g(S)759 1081 y Fn(ds)830 1066 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(],)33 b(and)145 1264 y Ft(\017)49
b(S)312 1279 y Fn(ds)383 1264 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])33 b Ft(v)g(S)735 1279 y Fn(sos)830 1264
y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(].)0 1454 y(The)34
b(\014rst)f(result)f(is)g(expressed)k(b)m(y)d(the)g(follo)m(wing)d
(lemma:)p 0 1574 3473 5 v 0 1734 a Fw(Lemma)37 b(4.56)49
b Fu(F)-8 b(or)32 b(ev)m(ery)i(statemen)m(t)f Fs(S)45
b Fu(of)32 b Fw(While)f Fu(w)m(e)i(ha)m(v)m(e)h Ft(S)2501
1749 y Fn(sos)2596 1734 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])33 b Ft(v)g(S)2949 1749 y Fn(ds)3020 1734 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 0 1854 V 0 2044 a
Fw(Pro)s(of:)37 b Fu(It)c(is)f(su\016cien)m(t)i(to)e(pro)m(v)m(e)i
(that)e(for)g(all)f(states)i Fs(s)41 b Fu(and)32 b Fs(s)2427
2007 y Fi(0)269 2211 y Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8
b Ft(i)32 b(\))653 2175 y Fi(\003)725 2211 y Fs(s)773
2175 y Fi(0)829 2211 y Fu(implies)e Ft(S)1228 2226 y
Fn(ds)1299 2211 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q
Fs(s)40 b Fu(=)33 b Fs(s)1678 2175 y Fi(0)3348 2211 y
Fu(\(*\))0 2379 y(T)-8 b(o)33 b(do)f(so)h(w)m(e)g(shall)f(need)h(to)f
(establish)h(the)g(follo)m(wing)c(prop)s(ert)m(y)310
2538 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f
Fs(s)775 2502 y Fi(0)1109 2538 y Fu(implies)80 b Ft(S)1558
2553 y Fn(ds)1629 2538 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fs(s)2008 2502 y Fi(0)310 2706
y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f(h)p
Fs(S)833 2670 y Fi(0)856 2706 y Fu(,)g Fs(s)963 2670
y Fi(0)987 2706 y Ft(i)83 b Fu(implies)d Ft(S)1558 2721
y Fn(ds)1629 2706 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Ft(S)2028 2721 y Fn(ds)2099
2706 y Fu([)-17 b([)q Fs(S)2204 2670 y Fi(0)2227 2706
y Fu(])g(])p Fs(s)2312 2670 y Fi(0)3299 2623 y Fu(\(**\))0
2872 y(Assuming)39 b(that)g(\(**\))g(holds)h(the)g(pro)s(of)e(of)h
(\(*\))h(is)f(a)g(straigh)m(tforw)m(ard)g(induction)f(on)i(the)0
2992 y(length)32 b(k)h(of)f(the)h(deriv)-5 b(ation)31
b(sequence)k Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(\))1908 2956 y Fn(k)1981 2992 y Fs(s)2029 2956 y Fi(0)2085
2992 y Fu(\(see)i(Section)e(2.2\).)146 3113 y(W)-8 b(e)40
b(no)m(w)g(turn)f(to)g(the)g(pro)s(of)g(of)f(\(**\))h(and)g(for)g(this)
g(w)m(e)h(shall)e(use)i(induction)e(on)h(the)0 3233 y(shap)s(e)33
b(of)f(the)h(deriv)-5 b(ation)31 b(tree)i(for)f Ft(h)p
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g Fs(s)1820
3197 y Fi(0)1876 3233 y Fu(or)g Ft(h)p Fs(S)12 b Fu(,)32
b Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)2518 3197 y Fi(0)2541
3233 y Fu(,)g Fs(s)2648 3197 y Fi(0)2672 3233 y Ft(i)o
Fu(.)0 3401 y Fw(The)h(case)g Fu([ass)608 3416 y Fn(sos)704
3401 y Fu(]:)44 b(W)-8 b(e)32 b(ha)m(v)m(e)244 3590 y
Ft(h)p Fs(x)44 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
b Ft(i)33 b(\))f Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(])0 3779 y(and)33
b(since)g Ft(S)496 3794 y Fn(ds)568 3779 y Fu([)-17 b([)p
Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(s)41
b Fu(=)32 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17
b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])32 b(the)h(result)g(follo)m
(ws.)0 3947 y Fw(The)g(case)g Fu([skip)654 3962 y Fn(sos)749
3947 y Fu(]:)44 b(Analogous.)0 4114 y Fw(The)33 b(case)g
Fu([comp)723 4078 y Fn(1)711 4139 y(sos)806 4114 y Fu(]:)43
b(Assume)34 b(that)244 4304 y Ft(h)p Fs(S)350 4319 y
Fn(1)389 4304 y Fu(;)p Fs(S)483 4319 y Fn(2)522 4304
y Fu(,)f Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)939 4268 y
Fi(0)939 4328 y Fn(1)978 4304 y Fu(;)p Fs(S)1072 4319
y Fn(2)1112 4304 y Fu(,)g Fs(s)1219 4268 y Fi(0)1243
4304 y Ft(i)0 4493 y Fu(b)s(ecause)39 b Ft(h)o Fs(S)471
4508 y Fn(1)511 4493 y Fu(,)f Fs(s)8 b Ft(i)37 b(\))g(h)o
Fs(S)942 4457 y Fi(0)942 4517 y Fn(1)982 4493 y Fu(,)h
Fs(s)1095 4457 y Fi(0)1118 4493 y Ft(i)p Fu(.)57 b(Then)39
b(the)e(induction)g(h)m(yp)s(othesis)h(applied)e(to)h(the)g(latter)0
4613 y(transition)31 b(giv)m(es)i Ft(S)752 4628 y Fn(ds)823
4613 y Fu([)-17 b([)q Fs(S)928 4628 y Fn(1)967 4613 y
Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(S)1261 4628 y Fn(ds)1332
4613 y Fu([)-17 b([)q Fs(S)1437 4577 y Fi(0)1437 4638
y Fn(1)1476 4613 y Fu(])g(])q Fs(s)1562 4577 y Fi(0)1618
4613 y Fu(and)32 b(w)m(e)i(get)244 4802 y Ft(S)312 4817
y Fn(ds)383 4802 y Fu([)-17 b([)p Fs(S)487 4817 y Fn(1)527
4802 y Fu(;)p Fs(S)621 4817 y Fn(2)660 4802 y Fu(])g(])33
b Fs(s)41 b Fu(=)32 b Ft(S)987 4817 y Fn(ds)1058 4802
y Fu([)-17 b([)q Fs(S)1163 4817 y Fn(2)1202 4802 y Fu(])g(])q(\()p
Ft(S)1345 4817 y Fn(ds)1417 4802 y Fu([)g([)p Fs(S)1521
4817 y Fn(1)1560 4802 y Fu(])g(])q Fs(s)8 b Fu(\))811
4970 y(=)32 b Ft(S)987 4985 y Fn(ds)1058 4970 y Fu([)-17
b([)q Fs(S)1163 4985 y Fn(2)1202 4970 y Fu(])g(])q(\()p
Ft(S)1345 4985 y Fn(ds)1417 4970 y Fu([)g([)p Fs(S)1521
4934 y Fi(0)1521 4995 y Fn(1)1560 4970 y Fu(])g(])q Fs(s)1646
4934 y Fi(0)1669 4970 y Fu(\))811 5138 y(=)32 b Ft(S)987
5153 y Fn(ds)1058 5138 y Fu([)-17 b([)q Fs(S)1163 5102
y Fi(0)1163 5162 y Fn(1)1202 5138 y Fu(;)p Fs(S)1296
5153 y Fn(2)1335 5138 y Fu(])g(])q Fs(s)1421 5102 y Fi(0)0
5327 y Fu(as)33 b(required.)0 5494 y Fw(The)g(case)g
Fu([comp)723 5458 y Fn(2)711 5519 y(sos)806 5494 y Fu(]:)43
b(Assume)34 b(that)p eop
%%Page: 114 124
114 123 bop 251 130 a Fw(114)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fs(S)633
530 y Fn(1)672 515 y Fu(;)p Fs(S)766 530 y Fn(2)806 515
y Fu(,)c Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)1223 530 y
Fn(2)1262 515 y Fu(,)g Fs(s)1369 479 y Fi(0)1393 515
y Ft(i)283 747 y Fu(b)s(ecause)44 b Ft(h)p Fs(S)760 762
y Fn(1)799 747 y Fu(,)g Fs(s)8 b Ft(i\))42 b Fs(s)1147
711 y Fi(0)1170 747 y Fu(.)72 b(Then)43 b(the)f(induction)f(h)m(yp)s
(othesis)i(applied)e(to)h(that)f(transition)283 867 y(giv)m(es)33
b Ft(S)590 882 y Fn(ds)661 867 y Fu([)-17 b([)q Fs(S)766
882 y Fn(1)805 867 y Fu(])g(])q Fs(s)41 b Fu(=)32 b Fs(s)1080
831 y Fi(0)1136 867 y Fu(and)g(w)m(e)i(get)527 1099 y
Ft(S)595 1114 y Fn(ds)666 1099 y Fu([)-17 b([)q Fs(S)771
1114 y Fn(1)810 1099 y Fu(;)p Fs(S)904 1114 y Fn(2)944
1099 y Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(S)1238 1114
y Fn(ds)1309 1099 y Fu([)-17 b([)q Fs(S)1414 1114 y Fn(2)1453
1099 y Fu(])g(])q(\()p Ft(S)1596 1114 y Fn(ds)1668 1099
y Fu([)g([)p Fs(S)1772 1114 y Fn(1)1811 1099 y Fu(])g(])q
Fs(s)8 b Fu(\))32 b(=)h Ft(S)2144 1114 y Fn(ds)2215 1099
y Fu([)-17 b([)p Fs(S)2319 1114 y Fn(2)2359 1099 y Fu(])g(])p
Fs(s)2444 1063 y Fi(0)283 1331 y Fu(where)40 b(the)g(\014rst)f(equalit)
m(y)f(comes)h(from)e(the)i(de\014nition)f(of)g Ft(S)2659
1346 y Fn(ds)2769 1331 y Fu(and)h(w)m(e)g(just)h(argued)e(for)283
1451 y(the)33 b(second)h(equalit)m(y)-8 b(.)43 b(This)33
b(pro)m(v)m(es)h(the)f(result.)283 1619 y Fw(The)g(case)g
Fu([if)836 1582 y Fn(tt)824 1643 y(sos)919 1619 y Fu(]:)43
b(Assume)34 b(that)527 1850 y Ft(h)p Fr(if)f Fs(b)39
b Fr(then)33 b Fs(S)1089 1865 y Fn(1)1161 1850 y Fr(else)h
Fs(S)1466 1865 y Fn(2)1505 1850 y Fu(,)e Fs(s)8 b Ft(i)33
b(\))f(h)p Fs(S)1922 1865 y Fn(1)1961 1850 y Fu(,)h Fs(s)8
b Ft(i)283 2082 y Fu(b)s(ecause)34 b Ft(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])33 b Fs(s)41 b Fu(=)32 b
Fw(tt)p Fu(.)43 b(Then)552 2249 y Ft(S)620 2264 y Fn(ds)691
2249 y Fu([)-17 b([)q Fr(if)33 b Fs(b)38 b Fr(then)c
Fs(S)1252 2264 y Fn(1)1324 2249 y Fr(else)f Fs(S)1628
2264 y Fn(2)1667 2249 y Fu(])-17 b(])q Fs(s)41 b Fu(=)32
b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
b Ft(S)2455 2264 y Fn(ds)2526 2249 y Fu([)-17 b([)p Fs(S)2630
2264 y Fn(1)2670 2249 y Fu(])g(],)33 b Ft(S)2835 2264
y Fn(ds)2906 2249 y Fu([)-17 b([)p Fs(S)3010 2264 y Fn(2)3050
2249 y Fu(])g(]\))p Fs(s)41 b Fu(=)32 b Ft(S)3382 2264
y Fn(ds)3453 2249 y Fu([)-17 b([)q Fs(S)3558 2264 y Fn(1)3597
2249 y Fu(])g(])q Fs(s)283 2417 y Fu(as)33 b(required.)283
2585 y Fw(The)g(case)g Fu([if)836 2549 y Fn(\013)824
2609 y(sos)919 2585 y Fu(]:)43 b(Analogous.)283 2752
y Fw(The)33 b(case)g Fu([while)989 2767 y Fn(sos)1084
2752 y Fu(]:)43 b(Assume)34 b(that)527 2984 y Ft(h)p
Fr(while)g Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8
b Ft(i)32 b(\))g(h)p Fr(if)h Fs(b)39 b Fr(then)33 b Fu(\()p
Fs(S)12 b Fu(;)33 b Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12
b Fu(\))32 b Fr(else)i(skip)p Fu(,)f Fs(s)8 b Ft(i)283
3216 y Fu(F)-8 b(rom)41 b(the)i(de\014nition)f(of)g Ft(S)1359
3231 y Fn(ds)1473 3216 y Fu(w)m(e)h(ha)m(v)m(e)h Ft(S)1929
3231 y Fn(ds)2000 3216 y Fu([)-17 b([)q Fr(while)43 b
Fs(b)49 b Fr(do)42 b Fs(S)12 b Fu(])-17 b(])43 b(=)f(FIX)h
Fs(F)55 b Fu(where)44 b Fs(F)55 b(g)c Fu(=)283 3336 y(cond\()p
Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)41
b Ft(\016)33 b(S)1012 3351 y Fn(ds)1084 3336 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\).)43 b(W)-8
b(e)33 b(therefore)g(get)527 3568 y Ft(S)595 3583 y Fn(ds)666
3568 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k Fr(do)33 b
Fs(S)12 b Fu(])-17 b(])q(=)32 b(\(FIX)h Fs(F)13 b Fu(\))1316
3735 y(=)32 b Fs(F)46 b Fu(\(FIX)32 b Fs(F)13 b Fu(\))1316
3903 y(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b
Fu(])-17 b(],)33 b Ft(S)1985 3918 y Fn(ds)2056 3903 y
Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12
b Fu(])-17 b(])33 b Ft(\016)f(S)2888 3918 y Fn(ds)2959
3903 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))1316
4070 y(=)f(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b Ft(S)1985 4085 y Fn(ds)2056 4070 y Fu([)-17
b([)p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33
b Fs(S)12 b Fu(])-17 b(])q(,)32 b Ft(S)2959 4085 y Fn(ds)3030
4070 y Fu([)-17 b([)q Fr(skip)p Fu(])g(])q(\))1316 4238
y(=)32 b Ft(S)1492 4253 y Fn(ds)1563 4238 y Fu([)-17
b([)q Fr(if)33 b Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12
b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33
b Fr(else)g(skip)p Fu(])-17 b(])283 4470 y(as)33 b(required.)44
b(This)33 b(completes)f(the)h(pro)s(of)f(of)g(\(**\).)1450
b Fh(2)430 4679 y Fu(Note)39 b(that)g(\(*\))g(do)s(es)g
Fs(not)49 b Fu(imply)37 b(that)i Ft(S)2032 4694 y Fn(sos)2127
4679 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])40 b(=)f
Ft(S)2491 4694 y Fn(ds)2562 4679 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])40 b(as)f(w)m(e)h(ha)m(v)m(e)h(only)d(pro)m(v)m(ed)283
4799 y(that)26 b Fs(if)46 b Ft(S)662 4814 y Fn(sos)757
4799 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(s)33
b Ft(6)p Fu(=)26 b(undef)p 1074 4812 236 4 v 26 w Fs(then)33
b Ft(S)1617 4814 y Fn(sos)1713 4799 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])q Fs(s)33 b Fu(=)25 b Ft(S)2097
4814 y Fn(ds)2168 4799 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])p Fs(s)8 b Fu(.)42 b(Still)23 b(there)j(is)f(the)h(p)s(ossibilit)m
(y)d(that)283 4919 y Ft(S)351 4934 y Fn(ds)422 4919 y
Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])28 b(ma)m(y)f(b)s(e)h(de\014ned)h
(for)e(more)f(argumen)m(ts)i(than)f Ft(S)2399 4934 y
Fn(sos)2494 4919 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(].)42 b(Ho)m(w)m(ev)m(er)30 b(this)d(is)g(ruled)g(out)283
5040 y(b)m(y)34 b(the)f(follo)m(wing)d(lemma:)p 283 5166
3473 5 v 283 5374 a Fw(Lemma)38 b(4.57)49 b Fu(F)-8 b(or)31
b(ev)m(ery)k(statemen)m(t)e Fs(S)44 b Fu(of)32 b Fw(While)f
Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2785 5389 y Fn(ds)2856 5374
y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 b Ft(v)g(S)3208
5389 y Fn(sos)3303 5374 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(].)p 283 5494 V eop
%%Page: 115 125
115 124 bop 0 130 a Fw(4.4)112 b(An)38 b(equiv)-6 b(alence)37
b(result)1991 b(115)p 0 193 3473 4 v 0 515 a(Pro)s(of:)37
b Fu(W)-8 b(e)33 b(pro)s(ceed)h(b)m(y)f(structural)f(induction)g(on)h
(the)g(statemen)m(t)g Fs(S)12 b Fu(.)0 683 y Fw(The)38
b(case)g Fs(x)50 b Fu(:=)37 b Fs(a)7 b Fu(:)54 b(Clearly)37
b Ft(S)1251 698 y Fn(ds)1322 683 y Fu([)-17 b([)q Fs(x)49
b Fu(:=)38 b Fs(a)7 b Fu(])-17 b(])q Fs(s)46 b Fu(=)37
b Ft(S)1957 698 y Fn(sos)2052 683 y Fu([)-17 b([)q Fs(x)49
b Fu(:=)38 b Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(.)59
b(Note)37 b(that)h(this)f(means)0 803 y(that)32 b Ft(S)279
818 y Fn(sos)407 803 y Fu(satis\014es)h(the)g(clause)g(de\014ning)f
Ft(S)1658 818 y Fn(ds)1762 803 y Fu(in)g(T)-8 b(able)32
b(4.1.)0 971 y Fw(The)h(case)g Fr(skip)p Fu(:)45 b(Clearly)31
b Ft(S)1138 986 y Fn(ds)1209 971 y Fu([)-17 b([)q Fr(skip)p
Fu(])g(])r Fs(s)40 b Fu(=)32 b Ft(S)1746 986 y Fn(sos)1841
971 y Fu([)-17 b([)q Fr(skip)p Fu(])g(])r Fs(s)8 b Fu(.)0
1139 y Fw(The)28 b(case)h Fs(S)514 1154 y Fn(1)582 1139
y Fu(;)g Fs(S)705 1154 y Fn(2)745 1139 y Fu(:)41 b(Recall)26
b(that)i Ft(\016)g Fu(is)g(monotone)f(in)h(b)s(oth)g(argumen)m(ts)g
(\(Lemma)f(4.45)g(and)0 1259 y(Exercise)34 b(4.46\).)43
b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244 1456 y Ft(S)312
1471 y Fn(ds)383 1456 y Fu([)-17 b([)p Fs(S)487 1471
y Fn(1)559 1456 y Fu(;)33 b Fs(S)686 1471 y Fn(2)725
1456 y Fu(])-17 b(])33 b(=)g Ft(S)971 1471 y Fn(ds)1043
1456 y Fu([)-17 b([)p Fs(S)1147 1471 y Fn(2)1186 1456
y Fu(])g(])34 b Ft(\016)e(S)1407 1471 y Fn(ds)1478 1456
y Fu([)-17 b([)p Fs(S)1582 1471 y Fn(1)1622 1456 y Fu(])g(])795
1623 y Ft(v)32 b(S)971 1638 y Fn(sos)1067 1623 y Fu([)-17
b([)p Fs(S)1171 1638 y Fn(2)1210 1623 y Fu(])g(])33 b
Ft(\016)g(S)1431 1638 y Fn(sos)1526 1623 y Fu([)-17 b([)p
Fs(S)1630 1638 y Fn(1)1670 1623 y Fu(])g(])0 1820 y(b)s(ecause)39
b(the)g(induction)e(h)m(yp)s(othesis)i(applied)e(to)h
Fs(S)2004 1835 y Fn(1)2081 1820 y Fu(and)g Fs(S)2343
1835 y Fn(2)2421 1820 y Fu(giv)m(es)g Ft(S)2733 1835
y Fn(ds)2804 1820 y Fu([)-17 b([)q Fs(S)2909 1835 y Fn(1)2948
1820 y Fu(])g(])33 b Ft(v)g(S)3196 1835 y Fn(sos)3291
1820 y Fu([)-17 b([)q Fs(S)3396 1835 y Fn(1)3435 1820
y Fu(])g(])0 1940 y(and)44 b Ft(S)269 1955 y Fn(ds)340
1940 y Fu([)-17 b([)q Fs(S)445 1955 y Fn(2)484 1940 y
Fu(])g(])33 b Ft(v)g(S)732 1955 y Fn(sos)827 1940 y Fu([)-17
b([)p Fs(S)931 1955 y Fn(2)971 1940 y Fu(])g(].)78 b(F)-8
b(urthermore,)46 b(Exercise)f(2.21)f(giv)m(es)g(that)g(if)f
Ft(h)o Fs(S)3011 1955 y Fn(1)3051 1940 y Fu(,)32 b Fs(s)8
b Ft(i)32 b(\))3329 1904 y Fi(\003)3401 1940 y Fs(s)3449
1904 y Fi(0)0 2060 y Fu(then)h Ft(h)p Fs(S)328 2075 y
Fn(1)400 2060 y Fu(;)f Fs(S)526 2075 y Fn(2)566 2060
y Fu(,)g Fs(s)8 b Ft(i)33 b(\))844 2024 y Fi(\003)916
2060 y Ft(h)p Fs(S)1022 2075 y Fn(2)1061 2060 y Fu(,)g
Fs(s)1169 2024 y Fi(0)1192 2060 y Ft(i)f Fu(and)h(hence)244
2257 y Ft(S)312 2272 y Fn(sos)407 2257 y Fu([)-17 b([)p
Fs(S)511 2272 y Fn(2)551 2257 y Fu(])g(])33 b Ft(\016)f(S)771
2272 y Fn(sos)866 2257 y Fu([)-17 b([)q Fs(S)971 2272
y Fn(1)1010 2257 y Fu(])g(])33 b Ft(v)g(S)1258 2272 y
Fn(sos)1353 2257 y Fu([)-17 b([)p Fs(S)1457 2272 y Fn(1)1529
2257 y Fu(;)33 b Fs(S)1656 2272 y Fn(2)1695 2257 y Fu(])-17
b(])0 2453 y(and)38 b(this)f(pro)m(v)m(es)i(the)f(result.)58
b(Note)38 b(that)f(in)g(this)g(case)h Ft(S)2243 2468
y Fn(sos)2376 2453 y Fu(ful\014ls)e(a)h(w)m(eak)m(er)j(v)m(ersion)e(of)
0 2574 y(the)33 b(clause)g(de\014ning)f Ft(S)892 2589
y Fn(ds)996 2574 y Fu(in)g(T)-8 b(able)32 b(4.1.)0 2741
y Fw(The)d(case)h Fr(if)f Fs(b)35 b Fr(then)30 b Fs(S)961
2756 y Fn(1)1030 2741 y Fr(else)g Fs(S)1331 2756 y Fn(2)1370
2741 y Fu(:)42 b(Recall)27 b(that)i(`cond')g(is)g(monotone)f(in)g(its)h
(second)h(and)0 2862 y(third)i(argumen)m(t)g(\(Lemma)f(4.43)h(and)h
(Exercise)h(4.44\).)43 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244
3058 y Ft(S)312 3073 y Fn(ds)383 3058 y Fu([)-17 b([)p
Fr(if)34 b Fs(b)k Fr(then)c Fs(S)944 3073 y Fn(1)1015
3058 y Fr(else)g Fs(S)1320 3073 y Fn(2)1359 3058 y Fu(])-17
b(])33 b(=)g(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b
Fu(])-17 b(])q(,)32 b Ft(S)2098 3073 y Fn(ds)2169 3058
y Fu([)-17 b([)q Fs(S)2274 3073 y Fn(1)2313 3058 y Fu(])g(])q(,)32
b Ft(S)2478 3073 y Fn(ds)2549 3058 y Fu([)-17 b([)q Fs(S)2654
3073 y Fn(2)2693 3058 y Fu(])g(])q(\))1429 3226 y Ft(v)32
b Fu(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(,)32 b Ft(S)2098 3241 y Fn(sos)2193 3226 y Fu([)-17
b([)q Fs(S)2298 3241 y Fn(1)2337 3226 y Fu(])g(])q(,)32
b Ft(S)2502 3241 y Fn(sos)2597 3226 y Fu([)-17 b([)q
Fs(S)2702 3241 y Fn(2)2741 3226 y Fu(])g(])q(\))0 3422
y(b)s(ecause)39 b(the)g(induction)e(h)m(yp)s(othesis)i(applied)e(to)h
Fs(S)2004 3437 y Fn(1)2081 3422 y Fu(and)g Fs(S)2343
3437 y Fn(2)2421 3422 y Fu(giv)m(es)g Ft(S)2733 3437
y Fn(ds)2804 3422 y Fu([)-17 b([)q Fs(S)2909 3437 y Fn(1)2948
3422 y Fu(])g(])33 b Ft(v)g(S)3196 3437 y Fn(sos)3291
3422 y Fu([)-17 b([)q Fs(S)3396 3437 y Fn(1)3435 3422
y Fu(])g(])0 3543 y(and)33 b Ft(S)257 3558 y Fn(ds)329
3543 y Fu([)-17 b([)p Fs(S)433 3558 y Fn(2)473 3543 y
Fu(])g(])33 b Ft(v)g(S)720 3558 y Fn(sos)816 3543 y Fu([)-17
b([)p Fs(S)920 3558 y Fn(2)959 3543 y Fu(])g(])q(.)43
b(F)-8 b(urthermore,)33 b(it)e(follo)m(ws)g(from)h([if)2405
3507 y Fn(tt)2393 3568 y(sos)2487 3543 y Fu(])g(and)h([if)2833
3507 y Fn(\013)2821 3568 y(sos)2915 3543 y Fu(])g(that)244
3739 y Ft(S)312 3754 y Fn(sos)407 3739 y Fu([)-17 b([)p
Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)967 3754 y Fn(1)1039
3739 y Fr(else)h Fs(S)1344 3754 y Fn(2)1383 3739 y Fu(])-17
b(])q Fs(s)40 b Fu(=)33 b Ft(S)1677 3754 y Fn(sos)1773
3739 y Fu([)-17 b([)p Fs(S)1877 3754 y Fn(1)1916 3739
y Fu(])g(])q Fs(s)73 b Fu(if)32 b Ft(B)s Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)244
3907 y Ft(S)312 3922 y Fn(sos)407 3907 y Fu([)-17 b([)p
Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)967 3922 y Fn(1)1039
3907 y Fr(else)h Fs(S)1344 3922 y Fn(2)1383 3907 y Fu(])-17
b(])q Fs(s)40 b Fu(=)33 b Ft(S)1677 3922 y Fn(sos)1773
3907 y Fu([)-17 b([)p Fs(S)1877 3922 y Fn(2)1916 3907
y Fu(])g(])q Fs(s)73 b Fu(if)32 b Ft(B)s Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0
4104 y Fu(so)h(that)244 4300 y(cond\()p Ft(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b Ft(S)804 4315 y
Fn(sos)899 4300 y Fu([)-17 b([)q Fs(S)1004 4315 y Fn(1)1043
4300 y Fu(])g(])q(,)32 b Ft(S)1208 4315 y Fn(sos)1303
4300 y Fu([)-17 b([)q Fs(S)1408 4315 y Fn(2)1447 4300
y Fu(])g(])q(\))32 b(=)h Ft(S)1731 4315 y Fn(sos)1827
4300 y Fu([)-17 b([)p Fr(if)33 b Fs(b)39 b Fr(then)33
b Fs(S)2387 4315 y Fn(1)2459 4300 y Fr(else)h Fs(S)2764
4315 y Fn(2)2803 4300 y Fu(])-17 b(])0 4497 y(and)39
b(this)g(pro)m(v)m(es)i(the)f(result.)63 b(Note)39 b(that)g(in)g(this)f
(case)i Ft(S)2263 4512 y Fn(sos)2397 4497 y Fu(ful\014ls)e(the)i
(clause)f(de\014ning)0 4617 y Ft(S)68 4632 y Fn(ds)172
4617 y Fu(in)31 b(T)-8 b(able)33 b(4.1.)0 4785 y Fw(The)g(case)g
Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(:)33 b(W)-8
b(e)33 b(ha)m(v)m(e)244 4981 y Ft(S)312 4996 y Fn(ds)383
4981 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(])-17 b(])33 b(=)f(FIX)h Fs(F)0 5178 y
Fu(where)i Fs(F)47 b(g)42 b Fu(=)34 b(cond\()p Ft(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)34 b Fs(g)42
b Ft(\016)34 b(S)1323 5193 y Fn(ds)1395 5178 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)34 b(id\))f(and)g(w)m(e)i(recall)e
(that)g Fs(F)47 b Fu(is)33 b(con)m(tin)m(uous.)48 b(It)34
b(is)0 5298 y(su\016cien)m(t)g(to)e(pro)m(v)m(e)i(that)244
5494 y Fs(F)13 b Fu(\()p Fs(S)426 5509 y Fn(sos)521 5494
y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12
b Fu(])-17 b(]\))33 b Ft(v)g Fs(S)1418 5509 y Fn(sos)1512
5494 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k Fr(do)33 b
Fs(S)12 b Fu(])-17 b(])p eop
%%Page: 116 126
116 125 bop 251 130 a Fw(116)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)g(then)f
(Exercise)h(4.40)e(giv)m(es)h(FIX)f Fs(F)47 b Ft(v)35
b Fs(S)2201 530 y Fn(sos)2296 515 y Fu([)-17 b([)q Fr(while)35
b Fs(b)41 b Fr(do)34 b Fs(S)12 b Fu(])-17 b(])35 b(as)g(required.)49
b(F)-8 b(rom)283 636 y(Exercise)34 b(2.21)e(w)m(e)i(get)602
795 y Ft(S)670 810 y Fn(sos)765 795 y Fu([)-17 b([)q
Fr(while)33 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
b(])101 b(=)f(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b
Fu(])-17 b(],)33 b Ft(S)2251 810 y Fn(sos)2347 795 y
Fu([)-17 b([)p Fs(S)45 b Fu(;)32 b Fr(while)i Fs(b)k
Fr(do)33 b Fs(S)12 b Fu(])-17 b(])q(,)33 b(id\))1514
963 y Ft(w)100 b Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(],)33 b Ft(S)2251 978 y Fn(sos)2347 963
y Fu([)-17 b([)p Fr(while)34 b Fs(b)k Fr(do)c Fs(S)12
b Fu(])-17 b(])32 b Ft(\016)h(S)3179 978 y Fn(sos)3274
963 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283
1129 y(The)h(induction)e(h)m(yp)s(othesis)i(applied)d(to)i
Fs(S)43 b Fu(giv)m(es)32 b Ft(S)2259 1144 y Fn(ds)2330
1129 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])32 b Ft(v)g(S)2681
1144 y Fn(sos)2776 1129 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])32 b(so)g(using)f(the)h(mono-)283 1249 y(tonicit)m(y)g(of)g
Ft(\016)h Fu(and)f(`cond')h(w)m(e)h(get)527 1453 y Ft(S)595
1468 y Fn(sos)690 1453 y Fu([)-17 b([)q Fr(while)34 b
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b Ft(w)g
Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
b Ft(S)2043 1468 y Fn(sos)2138 1453 y Fu([)-17 b([)p
Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
b(])33 b Ft(\016)f(S)2970 1468 y Fn(sos)3065 1453 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))1372 1620
y Ft(w)h Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b Ft(S)2043 1635 y Fn(sos)2138 1620 y Fu([)-17
b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
b(])33 b Ft(\016)f(S)2970 1635 y Fn(ds)3041 1620 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)33 b(id\))1372 1788
y(=)h Fs(F)13 b Fu(\()p Ft(S)1665 1803 y Fn(sos)1760
1788 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(])-17 b(]\))283 1991 y(Note)37 b(that)e(in)h(this)f
(case)i Ft(S)1326 2006 y Fn(sos)1457 1991 y Fu(also)e(ful\014ls)g(a)g
(w)m(eak)m(er)j(v)m(ersion)f(of)e(the)i(clause)f(de\014ning)g
Ft(S)3685 2006 y Fn(ds)283 2112 y Fu(in)c(T)-8 b(able)33
b(4.1.)2863 b Fh(2)430 2315 y Fu(The)33 b(k)m(ey)h(tec)m(hnique)g(used)
g(in)e(the)h(pro)s(of)f(can)h(b)s(e)f(summarized)g(as)h(follo)m(ws:)p
283 2393 3470 4 v 283 2410 V 281 2618 4 208 v 298 2618
V 1371 2539 a Fw(Pro)s(of)f(Summary)h(for)f(While)p Fu(:)p
3735 2618 V 3752 2618 V 281 2825 V 298 2825 V 402 2746
a Fw(Equiv)-6 b(alence)31 b(of)i(Op)s(erational)f(Seman)m(tics)g(and)h
(Denotational)f(Seman)m(tics)p 3735 2825 V 3752 2825
V 283 2829 3470 4 v 281 4290 4 1461 v 298 4290 V 350
2994 a Fu(1:)143 b(Pro)m(v)m(e)23 b(that)g Ft(S)1102
3009 y Fn(sos)1197 2994 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])23 b Ft(v)f(S)1529 3009 y Fn(ds)1600 2994 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])23 b(b)m(y)g(\014rst)g(using)f
Fs(induction)j(on)g(the)g(shap)-5 b(e)25 b(of)g(deriva-)569
3114 y(tion)34 b(tr)-5 b(e)g(es)41 b Fu(to)32 b(sho)m(w)i(that)714
3318 y Ft(\017)49 b Fu(if)d(a)h(statemen)m(t)h(is)f(executed)i
Fs(one)f(step)54 b Fu(in)46 b(the)i(structural)f(op)s(erational)813
3438 y(seman)m(tics)f(and)h(do)s(es)g(not)g(terminate)e(then)i(this)f
(do)s(es)h(not)g(c)m(hange)g(the)813 3559 y(meaning)31
b(in)h(the)h(denotational)d(seman)m(tics,)j(and)714 3762
y Ft(\017)49 b Fu(if)d(a)h(statemen)m(t)h(is)f(executed)i
Fs(one)f(step)54 b Fu(in)46 b(the)i(structural)f(op)s(erational)813
3882 y(seman)m(tics)39 b(and)f(do)s(es)i(terminate,)f(then)g(the)h
(same)e(result)h(is)f(obtained)h(in)813 4003 y(the)33
b(denotational)d(seman)m(tics.)569 4206 y(and)i(secondly)i(b)m(y)f
(using)g Fs(induction)h(on)g(the)h(length)g(of)f(derivation)g(se)-5
b(quenc)g(es)p Fu(.)p 3735 4290 V 3752 4290 V 281 5391
4 1102 v 298 5391 V 350 4374 a(2:)143 b(Pro)m(v)m(e)34
b(that)e Ft(S)1123 4389 y Fn(ds)1194 4374 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])33 b Ft(v)g(S)1546 4389
y Fn(sos)1642 4374 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
b(])33 b(b)m(y)h(sho)m(wing)e(that)714 4577 y Ft(\017)49
b(S)880 4592 y Fn(sos)998 4577 y Fu(ful\014ls)21 b(sligh)m(tly)f(w)m
(eak)m(er)25 b(v)m(ersions)e(of)f(the)g(clauses)h(de\014ning)f
Ft(S)3254 4592 y Fn(ds)3348 4577 y Fu(in)f(T)-8 b(able)813
4698 y(4.1,)32 b(that)g(is)g(if)1027 4901 y Ft(S)1095
4916 y Fn(ds)1166 4901 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])33 b(=)f(\011\()p Ft(\001)17 b(\001)g(\001)31 b(S)1779
4916 y Fn(ds)1851 4901 y Fu([)-17 b([)p Fs(S)1955 4865
y Fi(0)1978 4901 y Fu(])g(])34 b Ft(\001)17 b(\001)g(\001)n
Fu(\))813 5104 y(then)33 b Ft(S)1103 5119 y Fn(sos)1198
5104 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 b Ft(w)g
Fu(\011\()p Ft(\001)17 b(\001)g(\001)31 b(S)1813 5119
y Fn(sos)1908 5104 y Fu([)-17 b([)p Fs(S)2012 5068 y
Fi(0)2035 5104 y Fu(])g(])34 b Ft(\001)17 b(\001)g(\001)n
Fu(\))569 5308 y(A)32 b(pro)s(of)g(b)m(y)i Fs(structur)-5
b(al)35 b(induction)40 b Fu(then)33 b(giv)m(es)g(that)f
Ft(S)2684 5323 y Fn(ds)2755 5308 y Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])33 b Ft(v)g(S)3108 5323 y Fn(sos)3203
5308 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 3735
5391 V 3752 5391 V 283 5395 3470 4 v 283 5411 V eop
%%Page: 117 127
117 126 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(117)p 0 193 3473 4 v 0 515 a(Exercise)36 b(4.58)49
b Fu(Giv)m(e)33 b(a)f(detailed)f(argumen)m(t)i(sho)m(wing)f(that)236
683 y Ft(S)304 698 y Fn(sos)399 683 y Fu([)-17 b([)q
Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33
b Ft(w)g Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b Ft(S)1751 698 y Fn(sos)1847 683 y Fu([)-17
b([)p Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17
b(])33 b Ft(\016)g(S)2679 698 y Fn(sos)2774 683 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\).)276 b Fh(2)0
861 y Fw(Exercise)36 b(4.59)49 b Fu(Extend)24 b(the)e(pro)s(of)g(of)f
(Theorem)i(4.55)e(so)h(that)g(it)f(applies)g(to)h(the)g(language)0
981 y(when)34 b(augmen)m(ted)f(with)f Fr(repeat)i Fs(S)44
b Fr(until)34 b Fs(b)6 b Fu(.)1619 b Fh(2)0 1159 y Fw(Exercise)36
b(4.60)49 b Fu(Extend)24 b(the)e(pro)s(of)g(of)f(Theorem)i(4.55)e(so)h
(that)g(it)f(applies)g(to)h(the)g(language)0 1279 y(when)34
b(augmen)m(ted)f(with)f Fr(for)h Fs(x)12 b Fu(:=)p Fs(a)1376
1294 y Fn(1)1448 1279 y Fr(to)33 b Fs(a)1640 1294 y Fn(2)1712
1279 y Fr(do)g Fs(S)12 b Fu(.)1457 b Fh(2)0 1457 y Fw(Exercise)36
b(4.61)49 b Fu(Com)m(bining)31 b(the)i(results)f(of)g(Theorem)h(2.26)e
(and)i(Theorem)f(4.55)g(w)m(e)h(get)0 1577 y(that)h Ft(S)281
1592 y Fn(ns)352 1577 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])35 b(=)f Ft(S)707 1592 y Fn(ds)778 1577 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])34 b(holds)h(for)e(ev)m(ery)k(statemen)m
(t)e Fs(S)46 b Fu(of)34 b Fw(While)p Fu(.)48 b(Giv)m(e)34
b(a)g(direct)g(pro)s(of)0 1698 y(of)e(this)g(\(that)h(is)f(without)g
(using)g(the)h(t)m(w)m(o)g(theorems\).)1329 b Fh(2)0
2024 y Fj(4.5)161 b(Extensions)52 b(of)i(While)0 2243
y Fu(W)-8 b(e)23 b(shall)e(conclude)i(this)g(c)m(hapter)g(b)m(y)h
(considering)e(a)g(couple)h(of)f(extensions)i(of)e(the)h(language)0
2363 y Fw(While)p Fu(.)88 b(The)49 b(extensions)h(ha)m(v)m(e)f(b)s(een)
g(c)m(hosen)g(so)f(as)h(to)e(illustrate)f(t)m(w)m(o)j(of)f(the)g(most)0
2484 y(imp)s(ortan)m(t)31 b(concepts)j(of)e(denotational)f(seman)m
(tics:)145 2649 y Ft(\017)49 b Fs(lo)-5 b(c)g(ations)p
Fu(,)32 b(and)145 2840 y Ft(\017)49 b Fs(c)-5 b(ontinuations)p
Fu(.)0 3005 y(In)32 b(the)g(\014rst)g(case)g Fw(While)e
Fu(is)h(extended)j(with)d(blo)s(c)m(ks)h(and)g(pro)s(cedures)h(and)e
(in)g(the)h(second)0 3126 y(case)g(with)f(exceptions.)44
b(In)31 b(b)s(oth)g(cases)i(w)m(e)f(shall)e(sho)m(w)i(ho)m(w)g(to)f(mo)
s(dify)e(the)j(seman)m(tics)f(of)0 3246 y(T)-8 b(able)32
b(4.1.)0 3528 y Fp(The)44 b(concept)h(of)g(lo)t(cations)0
3713 y Fu(W)-8 b(e)32 b(shall)e(\014rst)i(extend)h Fw(While)d
Fu(with)h(blo)s(c)m(ks)h(declaring)f(lo)s(cal)e(v)-5
b(ariables)30 b(and)i(pro)s(cedures.)0 3833 y(The)i(new)f(language)e
(is)i(called)e Fw(Pro)s(c)h Fu(and)g(its)h(syn)m(tax)h(is)294
3990 y Fs(S)188 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 b Fs(a)40
b Ft(j)32 b Fr(skip)h Ft(j)f Fs(S)1506 4005 y Fn(1)1578
3990 y Fu(;)h Fs(S)1705 4005 y Fn(2)1777 3990 y Ft(j)f
Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2360 4005 y Fn(1)2432
3990 y Fr(else)f Fs(S)2736 4005 y Fn(2)588 4158 y Ft(j)151
b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 b Ft(j)32 b
Fr(begin)i Fs(D)1806 4173 y Fc(V)1899 4158 y Fs(D)1982
4173 y Fc(P)2073 4158 y Fs(S)45 b Fr(end)33 b Ft(j)f
Fr(call)i Fs(p)294 4326 y(D)377 4341 y Fc(V)537 4326
y Fu(::=)100 b Fr(var)33 b Fs(x)45 b Fu(:=)32 b Fs(a)7
b Fu(;)33 b Fs(D)1378 4341 y Fc(V)1471 4326 y Ft(j)g
Fo(")294 4493 y Fs(D)377 4508 y Fc(P)537 4493 y Fu(::=)100
b Fr(proc)34 b Fs(p)k Fr(is)33 b Fs(S)12 b Fu(;)32 b
Fs(D)1437 4508 y Fc(P)1529 4493 y Ft(j)g Fo(")0 4652
y Fu(where)i Fs(D)365 4667 y Fc(V)459 4652 y Fu(and)f
Fs(D)732 4667 y Fc(P)823 4652 y Fu(are)g(meta-v)-5 b(ariables)31
b(ranging)g(o)m(v)m(er)j(the)f(syn)m(tactic)h(categories)f
Fw(Dec)3415 4667 y Fn(V)0 4772 y Fu(of)c(v)-5 b(ariable)27
b(declarations)h(and)i Fw(Dec)1383 4787 y Fn(P)1464 4772
y Fu(of)f(pro)s(cedure)h(declarations,)f(resp)s(ectiv)m(ely)-8
b(,)30 b(and)g Fs(p)35 b Fu(is)0 4893 y(a)c(meta-v)-5
b(ariable)29 b(ranging)h(o)m(v)m(er)i(the)64 b(syn)m(tactic)32
b(category)g Fw(Pname)f Fu(of)g(pro)s(cedure)h(names.)0
5013 y(The)k(idea)f(is)f(that)h(v)-5 b(ariables)34 b(and)i(pro)s
(cedures)g(are)g(only)e(kno)m(wn)j(inside)d(the)i(blo)s(c)m(k)f(where)0
5133 y(they)26 b(are)g(declared.)41 b(Pro)s(cedures)28
b(ma)m(y)d(or)g(ma)m(y)h(not)f(b)s(e)h(recursiv)m(e)h(and)f(w)m(e)g
(shall)e(emphasize)0 5254 y(the)33 b(di\013erences)h(in)e(the)h(seman)m
(tics)f(to)h(b)s(e)f(sp)s(eci\014ed)i(b)s(elo)m(w.)146
5374 y(W)-8 b(e)39 b(shall)d(adopt)i Fs(static)i(sc)-5
b(op)g(e)39 b(rules)46 b Fu(rather)38 b(than)g(dynamic)f(scop)s(e)i
(rules.)60 b(Consider)0 5494 y(the)33 b(follo)m(wing)d(statemen)m(t:)p
eop
%%Page: 118 128
118 127 bop 251 130 a Fw(118)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fr(begin)e(var)g(x)e
Fu(:=)h Fr(7)p Fu(;)g Fr(proc)g(p)g(is)g(x)g Fu(:=)f
Fr(0)p Fu(;)816 683 y Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p
Fu(;)f Fr(call)i(p)f(end)527 851 y(end)283 1024 y Fu(Using)k(static)g
(scop)s(e)h(rules)f(the)g(e\013ect)h(of)f(executing)h
Fr(call)g(p)f Fu(in)g(the)g(inner)g(blo)s(c)m(k)g(will)e(b)s(e)283
1144 y(to)k(mo)s(dify)e(the)i Fs(glob)-5 b(al)48 b Fu(v)-5
b(ariable)37 b Fr(x)p Fu(.)63 b(Using)38 b(dynamic)g(scop)s(e)i(rules)f
(the)g(e\013ect)h(will)c(b)s(e)j(to)283 1264 y(mo)s(dify)31
b(the)i Fs(lo)-5 b(c)g(al)43 b Fu(v)-5 b(ariable)30 b
Fr(x)p Fu(.)430 1385 y(T)-8 b(o)48 b(obtain)e(static)h(scop)s(e)i
(rules)f(w)m(e)g(shall)f(in)m(tro)s(duce)g(the)h(notion)f(of)g
Fs(lo)-5 b(c)g(ations)8 b Fu(:)73 b(to)283 1505 y(eac)m(h)39
b(v)-5 b(ariable)35 b(w)m(e)k(asso)s(ciate)e(a)g(unique)g(lo)s(cation)e
(and)j(to)f(eac)m(h)h(lo)s(cation)d(w)m(e)j(asso)s(ciate)f(a)283
1625 y(v)-5 b(alue.)43 b(This)31 b(is)f(in)h(con)m(trast)g(to)g(what)g
(w)m(e)h(did)f(in)f(T)-8 b(able)30 b(4.1)h(where)h(w)m(e)g(emplo)m(y)m
(ed)f(a)g(direct)283 1746 y(asso)s(ciation)36 b(b)s(et)m(w)m(een)j(v)-5
b(ariables)35 b(and)i(v)-5 b(alues.)57 b(The)38 b(idea)e(then)i(is)e
(that)h(whenev)m(er)i(a)e(new)283 1866 y(v)-5 b(ariable)33
b(is)h(declared)h(it)e(is)h(asso)s(ciated)g(with)g(a)h(new)g(un)m(used)
h(lo)s(cation)c(and)j(that)f(it)f(is)h(the)283 1987 y(v)-5
b(alue)31 b(of)f(this)h(lo)s(cation)d(that)j(is)g(c)m(hanged)h(b)m(y)f
(assignmen)m(t)g(to)g(the)g(v)-5 b(ariable.)41 b(With)31
b(resp)s(ect)283 2107 y(to)d(the)g(ab)s(o)m(v)m(e)g(statemen)m(t)g
(this)f(means)h(that)f(the)h(global)d(v)-5 b(ariable)26
b Fr(x)i Fu(and)f(the)h(lo)s(cal)e(v)-5 b(ariable)283
2227 y Fr(x)35 b Fu(will)e(ha)m(v)m(e)j(di\013eren)m(t)f(lo)s(cations.)
48 b(In)35 b(the)h(inner)e(blo)s(c)m(k)h(w)m(e)g(can)g(only)g(directly)
f(access)i(the)283 2348 y(lo)s(cation)i(of)h(the)h(lo)s(cal)d(v)-5
b(ariable)38 b(but)i(the)g(pro)s(cedure)g(b)s(o)s(dy)g(for)f
Fr(p)h Fu(ma)m(y)f(only)g(access)i(the)283 2468 y(lo)s(cation)31
b(of)h(the)h(global)d(v)-5 b(ariable.)283 2723 y Fw(Stores)38
b(and)g(v)-6 b(ariable)37 b(en)m(vironmen)m(ts)283 2907
y Fu(So)32 b(far)e(states)j(in)d Fw(State)i Fu(ha)m(v)m(e)g(b)s(een)g
(used)h(to)e(asso)s(ciate)g(v)-5 b(alues)31 b(with)g(v)-5
b(ariables.)42 b(W)-8 b(e)31 b(shall)283 3028 y(no)m(w)48
b(replace)e(states)h(with)f Fs(stor)-5 b(es)55 b Fu(that)46
b(map)f(lo)s(cations)g(to)h(v)-5 b(alues)46 b(and)h(with)f
Fs(variable)283 3148 y(envir)-5 b(onments)40 b Fu(that)32
b(map)g(v)-5 b(ariables)31 b(to)h(lo)s(cations.)42 b(W)-8
b(e)33 b(in)m(tro)s(duce)g(the)g(domain)527 3321 y Fw(Lo)s(c)g
Fu(=)g Fw(Z)283 3494 y Fu(of)g(lo)s(cations)f(whic)m(h)i(for)f(the)h
(sak)m(e)h(of)e(simplicit)m(y)e(has)j(b)s(een)g(iden)m(ti\014ed)f(with)
g(the)h(in)m(tegers.)283 3614 y(W)-8 b(e)33 b(shall)f(need)h(an)g(op)s
(eration)527 3787 y(new:)45 b Fw(Lo)s(c)33 b Ft(!)f Fw(Lo)s(c)283
3960 y Fu(on)37 b(lo)s(cations)d(that)i(giv)m(en)h(a)f(lo)s(cation)d
(will)h(giv)m(e)j(the)f(next)i(one;)g(since)f Fw(Lo)s(c)f
Fu(is)g Fw(Z)h Fu(w)m(e)g(ma)m(y)283 4081 y(tak)m(e)d(`new')g(to)e(b)s
(e)h(the)g(successor)h(function)f(on)f(the)h(in)m(tegers.)430
4201 y(W)-8 b(e)33 b(can)g(no)m(w)g(de\014ne)h(a)e(store,)h
Fs(sto)6 b Fu(,)33 b(as)g(an)f(elemen)m(t)g(of)527 4374
y Fw(Store)h Fu(=)f Fw(Lo)s(c)h Ft([)g(f)p Fu(next)p
Ft(g)g(!)f Fw(Z)283 4547 y Fu(where)h(`next')f(is)f(a)g(sp)s(ecial)f
(tok)m(en)i(used)g(to)f(hold)g(the)g Fs(next)j(fr)-5
b(e)g(e)33 b(lo)-5 b(c)g(ation)p Fu(.)42 b(Note)31 b(that)g(since)283
4667 y Fw(Lo)s(c)i Fu(is)f Fw(Z)h Fu(w)m(e)h(ha)m(v)m(e)g(that)e(`)p
Fs(sto)39 b Fu(next')34 b(is)e(a)g(lo)s(cation.)430 4788
y(A)g(v)-5 b(ariable)31 b(en)m(vironmen)m(t)i Fs(env)1618
4803 y Fc(V)1711 4788 y Fu(is)f(an)g(elemen)m(t)h(of)527
4960 y Fw(En)m(v)719 4975 y Fn(V)810 4960 y Fu(=)f Fw(V)-9
b(ar)32 b Ft(!)g Fw(Lo)s(c)283 5133 y Fu(Th)m(us)j(the)e(v)-5
b(ariable)30 b(en)m(vironmen)m(t)j(will)e(assign)h(a)g(lo)s(cation)e
(to)j(eac)m(h)g(v)-5 b(ariable.)430 5254 y(So,)43 b(rather)e(than)h(ha)
m(ving)f(a)f(single)h(mapping)e Fs(s)49 b Fu(from)40
b(v)-5 b(ariables)40 b(to)h(v)-5 b(alues)41 b(w)m(e)i(ha)m(v)m(e)283
5374 y(split)29 b(it)g(in)m(to)g(t)m(w)m(o)i(mappings)e
Fs(env)1563 5389 y Fc(V)1653 5374 y Fu(and)h Fs(sto)36
b Fu(and)30 b(the)h(idea)e(is)h(that)f Fs(s)38 b Fu(=)30
b Fs(sto)36 b Ft(\016)30 b Fs(env)3436 5389 y Fc(V)3496
5374 y Fu(.)43 b(This)283 5494 y(motiv)-5 b(ates)32 b(de\014ning)g(the)
h(function)f(`lo)s(okup')g(b)m(y)p eop
%%Page: 119 129
119 128 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(119)p 0 193 3473 4 v 0 419 V 0 1836 4 1418 v 382 519
a Ft(S)450 483 y Fi(0)450 543 y Fn(ds)521 519 y Fu([)-17
b([)q Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 b(])p Fs(env)969
534 y Fc(V)1062 519 y Fs(sto)39 b Fu(=)32 b Fs(sto)6
b Fu([)p Fs(l)k Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q(\(lo)s(okup)32 b Fs(env)2347 534 y Fc(V)2439 519
y Fs(sto)6 b Fu(\)])651 686 y(where)34 b Fs(l)42 b Fu(=)33
b Fs(env)1265 701 y Fc(V)1357 686 y Fs(x)382 878 y Ft(S)450
841 y Fi(0)450 902 y Fn(ds)521 878 y Fu([)-17 b([)q Fr(skip)p
Fu(])g(])q Fs(env)957 893 y Fc(V)1050 878 y Fu(=)32 b(id)382
1069 y Ft(S)450 1033 y Fi(0)450 1093 y Fn(ds)521 1069
y Fu([)-17 b([)q Fs(S)626 1084 y Fn(1)697 1069 y Fu(;)33
b Fs(S)824 1084 y Fn(2)863 1069 y Fu(])-17 b(])q Fs(env)1057
1084 y Fc(V)1150 1069 y Fu(=)32 b(\()p Ft(S)1364 1033
y Fi(0)1364 1093 y Fn(ds)1435 1069 y Fu([)-17 b([)p Fs(S)1539
1084 y Fn(2)1579 1069 y Fu(])g(])p Fs(env)1772 1084 y
Fc(V)1832 1069 y Fu(\))33 b Ft(\016)f Fu(\()p Ft(S)2091
1033 y Fi(0)2091 1093 y Fn(ds)2162 1069 y Fu([)-17 b([)q
Fs(S)2267 1084 y Fn(1)2306 1069 y Fu(])g(])q Fs(env)2500
1084 y Fc(V)2560 1069 y Fu(\))382 1260 y Ft(S)450 1224
y Fi(0)450 1285 y Fn(ds)521 1260 y Fu([)g([)q Fr(if)33
b Fs(b)38 b Fr(then)c Fs(S)1082 1275 y Fn(1)1154 1260
y Fr(else)f Fs(S)1458 1275 y Fn(2)1497 1260 y Fu(])-17
b(])q Fs(env)1691 1275 y Fc(V)1784 1260 y Fu(=)651 1428
y(cond\()p Ft(B)t Fu([)g([)p Fs(b)6 b Fu(])-17 b(])q
Ft(\016)p Fu(\(lo)s(okup)31 b Fs(env)1647 1443 y Fc(V)1707
1428 y Fu(\),)i Ft(S)1873 1392 y Fi(0)1873 1452 y Fn(ds)1944
1428 y Fu([)-17 b([)q Fs(S)2049 1443 y Fn(1)2088 1428
y Fu(])g(])p Fs(env)2281 1443 y Fc(V)2342 1428 y Fu(,)32
b Ft(S)2469 1392 y Fi(0)2469 1452 y Fn(ds)2540 1428 y
Fu([)-17 b([)q Fs(S)2645 1443 y Fn(2)2684 1428 y Fu(])g(])q
Fs(env)2878 1443 y Fc(V)2938 1428 y Fu(\))382 1619 y
Ft(S)450 1583 y Fi(0)450 1644 y Fn(ds)521 1619 y Fu([)g([)q
Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p
Fs(env)1326 1634 y Fc(V)1419 1619 y Fu(=)32 b(FIX)h Fs(F)618
1787 y Fu(where)h Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p
Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Ft(\016)p
Fu(\(lo)s(okup)32 b Fs(env)2201 1802 y Fc(V)2261 1787
y Fu(\),)g Fs(g)41 b Ft(\016)33 b Fu(\()p Ft(S)2632 1750
y Fi(0)2632 1811 y Fn(ds)2704 1787 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q Fs(env)3002 1802 y Fc(V)3062 1787 y
Fu(\),)32 b(id\))p 3469 1836 V 0 1839 3473 4 v 438 2000
a(T)-8 b(able)33 b(4.2:)43 b(Denotational)30 b(seman)m(tics)j(for)f
Fw(While)f Fu(using)h(lo)s(cations)244 2286 y(lo)s(okup)g
Fs(env)720 2301 y Fc(V)812 2286 y Fs(sto)39 b Fu(=)32
b Fs(sto)39 b Ft(\016)32 b Fs(env)1480 2301 y Fc(V)0
2491 y Fu(so)h(that)f(`lo)s(okup)g Fs(env)834 2506 y
Fc(V)894 2491 y Fu(')h(will)d(transform)i(a)g(store)h(to)f(a)g(state,)i
(that)e(is)244 2696 y(lo)s(okup:)43 b Fw(En)m(v)794 2711
y Fn(V)884 2696 y Ft(!)32 b Fw(Store)g Ft(!)h Fw(State)146
2902 y Fu(Ha)m(ving)e(replaced)g(a)g(one)h(stage)f(mapping)e(with)i(a)g
(t)m(w)m(o)h(stage)f(mapping)f(w)m(e)i(shall)e(w)m(an)m(t)0
3022 y(to)38 b(reform)m(ulate)g(the)h(seman)m(tic)f(equations)h(of)f(T)
-8 b(able)39 b(4.1)f(to)g(use)i(v)-5 b(ariable)37 b(en)m(vironmen)m(ts)
0 3142 y(and)c(stores.)44 b(The)34 b(new)f(seman)m(tic)f(function)g
Ft(S)1760 3106 y Fi(0)1760 3167 y Fn(ds)1864 3142 y Fu(has)h
(functionalit)m(y)244 3347 y Ft(S)312 3311 y Fi(0)312
3372 y Fn(ds)383 3347 y Fu(:)43 b Fw(Stm)32 b Ft(!)g
Fw(En)m(v)1009 3362 y Fn(V)1100 3347 y Ft(!)g Fu(\()p
Fw(Store)g Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))0 3553
y(so)f(that)g(only)f(the)i(store)f(is)f(up)s(dated)i(during)e(the)h
(execution)h(of)f(statemen)m(ts.)44 b(The)33 b(clauses)0
3673 y(de\014ning)41 b Ft(S)445 3637 y Fi(0)445 3698
y Fn(ds)557 3673 y Fu(are)g(giv)m(en)g(in)f(T)-8 b(able)41
b(4.2.)68 b(Note)41 b(that)g(in)f(the)i(clause)f(for)f(assignmen)m(t)h
(the)0 3793 y(v)-5 b(ariable)40 b(en)m(vironmen)m(t)h(is)g(consulted)h
(to)g(determine)f(the)h(lo)s(cation)d(of)i(the)h(v)-5
b(ariable)39 b(and)0 3914 y(this)g(lo)s(cation)e(is)i(up)s(dated)h(in)f
(the)h(store.)64 b(In)40 b(the)g(clauses)g(for)f(the)h(conditional)c
(and)k(the)0 4034 y Fr(while)p Fu(-construct)35 b(w)m(e)e(use)h(the)f
(auxiliary)d(function)i(`cond')h(of)g(functionalit)m(y)244
4239 y(cond:)44 b(\()p Fw(Store)32 b Ft(!)g Fw(T)p Fu(\))h
Ft(\002)g Fu(\()p Fw(Store)f Fo(,)-17 b Ft(!)33 b Fw(Store)p
Fu(\))f Ft(\002)h Fu(\()p Fw(Store)f Fo(,)-17 b Ft(!)33
b Fw(Store)p Fu(\))749 4407 y Ft(!)f Fu(\()p Fw(Store)g
Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))0 4612 y(and)g(its)f
(de\014nition)f(is)h(as)h(in)f(Section)g(4.1.)0 4843
y Fw(Exercise)k(4.62)49 b Fu(W)-8 b(e)34 b(ha)m(v)m(e)g(to)f(mak)m(e)g
(sure)g(that)g(the)h(clauses)f(of)g(T)-8 b(able)32 b(4.2)h(de\014ne)h
(a)f(w)m(ell-)0 4964 y(de\014ned)h(function)e Ft(S)786
4928 y Fi(0)786 4988 y Fn(ds)857 4964 y Fu(.)44 b(T)-8
b(o)32 b(do)h(so)145 5169 y Ft(\017)49 b Fu(equip)33
b Fw(Store)f Fo(,)-17 b Ft(!)33 b Fw(Store)f Fu(with)g(a)g(partial)f
(ordering)h(suc)m(h)i(that)e(it)g(b)s(ecomes)h(a)f(ccp)s(o,)145
5374 y Ft(\017)49 b Fu(sho)m(w)31 b(that)e Ft(\016)g
Fu(is)h(con)m(tin)m(uous)g(in)f(b)s(oth)g(of)g(its)h(argumen)m(ts)f
(and)h(that)g(`cond')g(is)f(con)m(tin-)244 5494 y(uous)k(in)f(its)g
(second)i(and)e(third)g(argumen)m(t,)h(and)p eop
%%Page: 120 130
120 129 bop 251 130 a Fw(120)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 429 515 a Ft(\017)48
b Fu(sho)m(w)34 b(that)e(the)h(\014xed)h(p)s(oin)m(t)e(op)s(eration)f
(is)h(only)g(applied)g(to)g(con)m(tin)m(uous)h(functions.)283
717 y(Conclude)h(that)e Ft(S)991 681 y Fi(0)991 742 y
Fn(ds)1094 717 y Fu(is)h(a)f(w)m(ell-de\014ned)h(function.)1496
b Fh(2)283 943 y Fw(Exercise)37 b(4.63)49 b Fu(*)32 b(Pro)m(v)m(e)i
(that)e(the)h(t)m(w)m(o)h(seman)m(tic)e(functions)h Ft(S)2787
958 y Fn(ds)2891 943 y Fu(and)g Ft(S)3149 907 y Fi(0)3149
967 y Fn(ds)3252 943 y Fu(satisfy)527 1144 y Ft(S)595
1159 y Fn(ds)666 1144 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])33 b Ft(\016)f Fu(\(lo)s(okup)g Fs(env)1437 1159
y Fc(V)1497 1144 y Fu(\))g(=)h(\(lo)s(okup)f Fs(env)2190
1159 y Fc(V)2250 1144 y Fu(\))g Ft(\016)g Fu(\()p Ft(S)2508
1108 y Fi(0)2508 1169 y Fn(ds)2579 1144 y Fu([)-17 b([)q
Fs(S)12 b Fu(])-17 b(])p Fs(env)2877 1159 y Fc(V)2937
1144 y Fu(\))283 1346 y(for)44 b(all)e(statemen)m(ts)j
Fs(S)55 b Fu(of)44 b Fw(While)e Fu(and)i(for)g(all)d
Fs(env)2326 1361 y Fc(V)2430 1346 y Fu(suc)m(h)46 b(that)e
Fs(env)3041 1361 y Fc(V)3145 1346 y Fu(is)f(an)h(injectiv)m(e)283
1466 y(mapping.)3001 b Fh(2)283 1692 y Fw(Exercise)37
b(4.64)49 b Fu(Ha)m(ving)23 b(replaced)h(a)f(one)h(stage)g(mapping)f
(with)g(a)g(t)m(w)m(o)i(stage)f(mapping)e(w)m(e)283 1812
y(migh)m(t)j(consider)h(rede\014ning)g(the)g(seman)m(tic)g(functions)f
Ft(A)h Fu(and)f Ft(B)t Fu(.)41 b(The)27 b(new)g(functionalities)283
1933 y(of)33 b Ft(A)f Fu(and)g Ft(B)k Fu(migh)m(t)31
b(b)s(e)527 2134 y Ft(A)607 2098 y Fi(0)630 2134 y Fu(:)44
b Fw(Aexp)32 b Ft(!)g Fw(En)m(v)1314 2149 y Fn(V)1405
2134 y Ft(!)g Fu(\()p Fw(Store)g Ft(!)g Fw(Z)p Fu(\))527
2302 y Ft(B)596 2266 y Fi(0)619 2302 y Fu(:)44 b Fw(Bexp)32
b Ft(!)g Fw(En)m(v)1298 2317 y Fn(V)1389 2302 y Ft(!)g
Fu(\()p Fw(Store)g Ft(!)g Fw(T)p Fu(\))283 2504 y(and)h(the)g(in)m
(tended)g(relationship)e(is)h(that)527 2705 y Ft(A)607
2669 y Fi(0)630 2705 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q Fs(env)919 2720 y Fc(V)1011 2705 y Fu(=)33 b Ft(A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b Ft(\016)f Fu(\(lo)s(okup)g
Fs(env)1960 2720 y Fc(V)2020 2705 y Fu(\))527 2873 y
Ft(B)596 2837 y Fi(0)619 2873 y Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])p Fs(env)901 2888 y Fc(V)994 2873 y Fu(=)32
b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(\016)g
Fu(\(lo)s(okup)e Fs(env)1925 2888 y Fc(V)1985 2873 y
Fu(\))283 3074 y(Giv)m(e)40 b(a)g(comp)s(ositional)c(de\014nition)j(of)
h(the)g(functions)g Ft(A)2479 3038 y Fi(0)2542 3074 y
Fu(and)g Ft(B)2808 3038 y Fi(0)2871 3074 y Fu(suc)m(h)h(that)f(this)g
(is)f(the)283 3195 y(case.)3198 b Fh(2)283 3454 y Fw(Up)s(dating)38
b(the)f(v)-6 b(ariable)37 b(en)m(vironmen)m(t)283 3639
y Fu(The)g(v)-5 b(ariable)34 b(en)m(vironmen)m(t)j(is)e(up)s(dated)h
(whenev)m(er)j(w)m(e)e(en)m(ter)f(a)g(blo)s(c)m(k)g(con)m(taining)e(lo)
s(cal)283 3759 y(declarations.)60 b(T)-8 b(o)38 b(express)i(this)e(w)m
(e)h(shall)e(in)m(tro)s(duce)h(a)g(seman)m(tic)f(function)h
Ft(D)3357 3723 y Fn(V)3357 3784 y(ds)3466 3759 y Fu(for)f(the)283
3880 y(syn)m(tactic)d(category)f(of)f(v)-5 b(ariable)31
b(declarations.)42 b(It)33 b(has)g(functionalit)m(y)527
4081 y Ft(D)607 4045 y Fn(V)607 4106 y(ds)678 4081 y
Fu(:)44 b Fw(Dec)936 4096 y Fn(V)1026 4081 y Ft(!)32
b Fw(En)m(v)1350 4096 y Fc(V)1443 4081 y Ft(\002)h Fw(Store)g
Ft(!)f Fw(En)m(v)2169 4096 y Fc(V)2262 4081 y Ft(\002)h
Fw(Store)283 4283 y Fu(The)i(function)f Ft(D)949 4246
y Fn(V)949 4307 y(ds)1020 4283 y Fu([)-17 b([)p Fs(D)1140
4298 y Fc(V)1201 4283 y Fu(])g(])35 b(will)c(tak)m(e)k(a)f(pair)f(as)h
(argumen)m(ts:)47 b(the)34 b(\014rst)h(comp)s(onen)m(t)f(of)f(that)283
4403 y(pair)22 b(will)e(b)s(e)i(the)h(curren)m(t)g(v)-5
b(ariable)21 b(en)m(vironmen)m(t)h(and)h(the)f(second)i(comp)s(onen)m
(t)e(the)h(curren)m(t)283 4523 y(store.)62 b(The)39 b(function)f(will)e
(return)j(the)g(up)s(dated)f(v)-5 b(ariable)37 b(en)m(vironmen)m(t)i
(as)f(w)m(ell)g(as)g(the)283 4644 y(up)s(dated)32 b(store.)44
b(The)32 b(function)f(is)g(de\014ned)h(b)m(y)h(the)e(seman)m(tic)g
(clauses)h(of)f(T)-8 b(able)31 b(4.3.)43 b(Note)283 4764
y(that)36 b(w)m(e)i(pro)s(cess)f(the)g(declarations)e(from)g(left)g(to)
h(righ)m(t)g(and)g(that)g(w)m(e)h(up)s(date)g(the)f(v)-5
b(alue)283 4885 y(of)33 b(the)g(tok)m(en)g(`next')h(in)e(the)h(store.)
430 5005 y(In)28 b(the)h(case)g(where)g(there)g(are)f
Fs(no)34 b Fu(pro)s(cedure)29 b(declarations)e(in)h(a)g(blo)s(c)m(k)g
(w)m(e)h(can)f(extend)283 5125 y(the)33 b(seman)m(tic)g(function)f
Ft(S)1306 5089 y Fi(0)1306 5150 y Fn(ds)1409 5125 y Fu(of)g(T)-8
b(able)33 b(4.2)f(with)g(a)g(clause)h(lik)m(e)527 5327
y Ft(S)595 5291 y Fi(0)595 5351 y Fn(ds)666 5327 y Fu([)-17
b([)q Fr(begin)34 b Fs(D)1076 5342 y Fc(V)1169 5327 y
Fs(S)45 b Fr(end)p Fu(])-17 b(])q Fs(env)1616 5342 y
Fc(V)1709 5327 y Fs(sto)38 b Fu(=)33 b Ft(S)2045 5291
y Fi(0)2045 5351 y Fn(ds)2117 5327 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q Fs(env)2415 5291 y Fi(0)2415 5351 y
Fc(V)2507 5327 y Fs(sto)2635 5291 y Fi(0)796 5494 y Fu(where)34
b Ft(D)1158 5458 y Fn(V)1158 5519 y(ds)1229 5494 y Fu([)-17
b([)p Fs(D)1349 5509 y Fc(V)1410 5494 y Fu(])g(])q(\()p
Fs(env)1642 5509 y Fc(V)1702 5494 y Fu(,)32 b Fs(sto)6
b Fu(\))33 b(=)f(\()p Fs(env)2262 5458 y Fi(0)2262 5519
y Fc(V)2322 5494 y Fu(,)h Fs(sto)2510 5458 y Fi(0)2534
5494 y Fu(\))p eop
%%Page: 121 131
121 130 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(121)p 0 193 3473 4 v 0 419 V 0 1102 4 683 v 382 526
a Ft(D)462 489 y Fn(V)462 550 y(ds)533 526 y Fu([)-17
b([)p Fr(var)34 b Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)32
b Fs(D)1181 541 y Fc(V)1242 526 y Fu(])-17 b(])q(\()p
Fs(env)1474 541 y Fc(V)1534 526 y Fu(,)33 b Fs(sto)6
b Fu(\))32 b(=)651 693 y Ft(D)730 657 y Fn(V)730 718
y(ds)802 693 y Fu([)-17 b([)p Fs(D)922 708 y Fc(V)983
693 y Fu(])g(])q(\()p Fs(env)1215 708 y Fc(V)1275 693
y Fu([)p Fs(x)12 b Ft(7!)o Fs(l)e Fu(],)33 b Fs(sto)6
b Fu([)p Fs(l)k Ft(7!)p Fs(v)h Fu(][next)p Ft(7!)q Fu(new)33
b Fs(l)10 b Fu(]\))651 861 y(where)34 b Fs(l)42 b Fu(=)33
b Fs(sto)38 b Fu(next)c(and)f Fs(v)43 b Fu(=)32 b Ft(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(\(lo)s(okup)32
b Fs(env)2601 876 y Fc(V)2693 861 y Fs(sto)6 b Fu(\))382
1052 y Ft(D)462 1016 y Fn(V)462 1077 y(ds)533 1052 y
Fu([)-17 b([)p Fo(")p Fu(])g(])33 b(=)g(id)p 3469 1102
V 0 1105 3473 4 v 479 1266 a(T)-8 b(able)32 b(4.3:)43
b(Denotational)30 b(seman)m(tics)j(for)f(v)-5 b(ariable)31
b(declarations)0 1536 y(Th)m(us)g(w)m(e)e(ev)-5 b(aluate)29
b(the)g(b)s(o)s(dy)g Fs(S)41 b Fu(in)28 b(an)h(up)s(dated)g(v)-5
b(ariable)28 b(en)m(vironmen)m(t)h(and)g(an)g(up)s(dated)0
1657 y(store.)55 b(W)-8 b(e)36 b(shall)f(later)g(mo)s(dify)g(the)h(ab)s
(o)m(v)m(e)i(clause)e(to)g(tak)m(e)h(the)f(pro)s(cedure)h(declarations)
0 1777 y(in)m(to)32 b(accoun)m(t.)0 2025 y Fw(Exercise)k(4.65)49
b Fu(Consider)33 b(the)g(follo)m(wing)d(statemen)m(t)j(of)f
Fw(Pro)s(c)p Fu(:)244 2241 y Fr(begin)i(var)f(y)g Fu(:=)f
Fr(0)p Fu(;)h Fr(var)h(x)e Fu(:=)h Fr(1)p Fu(;)533 2409
y Fr(begin)h(var)f(x)g Fu(:=)f Fr(7)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Fu(+)p Fr(1)h(end)p Fu(;)533 2576 y Fr(y)g Fu(:=)f
Fr(x)244 2744 y(end)0 2960 y Fu(Use)g(the)f(seman)m(tic)f(equations)h
(to)f(sho)m(w)i(that)f(the)g(lo)s(cation)d(for)i Fr(y)h
Fu(is)f(assigned)h(the)g(v)-5 b(alue)30 b Fw(1)0 3080
y Fu(in)i(the)h(\014nal)f(store.)2666 b Fh(2)0 3355 y
Fw(Pro)s(cedure)37 b(en)m(vironmen)m(ts)0 3545 y Fu(T)-8
b(o)32 b(cater)g(for)g(pro)s(cedures)h(w)m(e)g(shall)e(in)m(tro)s(duce)
h(the)g(notion)f(of)h(a)g Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)34
b(envir)-5 b(onment)p Fu(.)0 3666 y(It)43 b(will)e(b)s(e)j(a)f(total)e
(function)i(that)g(will)e(asso)s(ciate)i(eac)m(h)h(pro)s(cedure)g(with)
f(the)h(e\013ect)g(of)0 3786 y(executing)38 b(its)g(b)s(o)s(dy)-8
b(.)59 b(This)38 b(means)g(that)f(a)h(pro)s(cedure)g(en)m(vironmen)m
(t,)i Fs(env)2918 3801 y Fc(P)2976 3786 y Fu(,)f(will)c(b)s(e)j(an)0
3906 y(elemen)m(t)32 b(of)244 4122 y Fw(En)m(v)436 4137
y Fn(P)520 4122 y Fu(=)h Fw(Pname)f Ft(!)g Fu(\()p Fw(Store)h
Fo(,)-17 b Ft(!)32 b Fw(Store)p Fu(\))0 4338 y Fw(Remark)24
b Fu(This)h(notion)e(of)h(pro)s(cedure)h(en)m(vironmen)m(t)g(di\013ers)
f(from)g(that)g(of)g(the)h(op)s(erational)0 4458 y(approac)m(h.)2984
b Fh(2)146 4581 y Fu(The)46 b(pro)s(cedure)g(en)m(vironmen)m(t)f(is)f
(up)s(dated)i(using)e(the)h(seman)m(tic)g(function)f
Ft(D)3240 4545 y Fn(P)3240 4606 y(ds)3356 4581 y Fu(for)0
4702 y(pro)s(cedure)34 b(declarations.)42 b(It)33 b(has)g(functionalit)
m(y)244 4917 y Ft(D)323 4881 y Fn(P)323 4942 y(ds)395
4917 y Fu(:)43 b Fw(Dec)652 4932 y Fn(P)737 4917 y Ft(!)32
b Fw(En)m(v)1061 4932 y Fn(V)1151 4917 y Ft(!)g Fw(En)m(v)1475
4932 y Fn(P)1560 4917 y Ft(!)g Fw(En)m(v)1884 4932 y
Fn(P)0 5133 y Fu(So)e(giv)m(en)f(the)i(curren)m(t)g(v)-5
b(ariable)27 b(en)m(vironmen)m(t)k(and)e(the)i(curren)m(t)f(pro)s
(cedure)h(en)m(vironmen)m(t)0 5254 y(the)k(function)e
Ft(D)633 5218 y Fn(P)633 5278 y(ds)704 5254 y Fu([)-17
b([)q Fs(D)825 5269 y Fc(P)883 5254 y Fu(])g(])35 b(will)d(up)s(date)i
(the)h(pro)s(cedure)g(en)m(vironmen)m(t.)48 b(The)35
b(v)-5 b(ariable)33 b(en)m(vi-)0 5374 y(ronmen)m(t)e(m)m(ust)g(b)s(e)h
(a)m(v)-5 b(ailable)29 b(b)s(ecause)j(pro)s(cedures)h(m)m(ust)e(kno)m
(w)h(the)g(v)-5 b(ariables)30 b(that)h(ha)m(v)m(e)0 5494
y(b)s(een)i(declared)g(so)g(far.)43 b(An)33 b(example)f(is)g(the)h
(statemen)m(t)p eop
%%Page: 122 132
122 131 bop 251 130 a Fw(122)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 934 4
516 v 666 526 a Ft(D)745 489 y Fn(P)745 550 y(ds)816
526 y Fu([)-17 b([)q Fr(proc)34 b Fs(p)k Fr(is)33 b Fs(S)12
b Fu(;)32 b Fs(D)1524 541 y Fc(P)1583 526 y Fu(])-17
b(])q Fs(env)1777 541 y Fc(V)1869 526 y Fs(env)2025 541
y Fc(P)2116 526 y Fu(=)32 b Ft(D)2304 489 y Fn(P)2304
550 y(ds)2375 526 y Fu([)-17 b([)q Fs(D)2496 541 y Fc(P)2554
526 y Fu(])g(])q Fs(env)2748 541 y Fc(V)2840 526 y Fu(\()p
Fs(env)3034 541 y Fc(P)3092 526 y Fu([)p Fs(p)6 b Ft(7!)p
Fs(g)j Fu(]\))934 693 y(where)34 b Fs(g)41 b Fu(=)33
b Ft(S)1478 708 y Fn(ds)1550 693 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])q Fs(env)1848 708 y Fc(V)1940 693 y Fs(env)2096
708 y Fc(P)666 884 y Ft(D)745 848 y Fn(P)745 909 y(ds)816
884 y Fu([)g([)q Fo(")p Fu(])g(])p Fs(env)1093 899 y
Fc(V)1186 884 y Fu(=)32 b(id)p 3753 934 V 283 937 3473
4 v 421 1098 a(T)-8 b(able)32 b(4.4:)43 b(Denotational)30
b(seman)m(tics)j(for)f(non-recursiv)m(e)h(pro)s(cedure)h(declarations)
527 1360 y Fr(begin)g(var)g(x)e Fu(:=)h Fr(7)p Fu(;)g
Fr(proc)g(p)g(is)g(x)g Fu(:=)f Fr(0)p Fu(;)816 1527 y
Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p Fu(;)f Fr(call)i(p)f(end)527
1695 y(end)283 1864 y Fu(where)k(the)f(b)s(o)s(dy)g(of)f
Fr(p)h Fu(m)m(ust)g(kno)m(w)h(that)e(a)h(v)-5 b(ariable)34
b Fr(x)h Fu(has)h(b)s(een)h(declared)f(in)f(the)h(outer)283
1984 y(blo)s(c)m(k.)430 2104 y(The)h(seman)m(tic)g(clauses)g
(de\014ning)g Ft(D)1826 2068 y Fn(P)1826 2129 y(ds)1933
2104 y Fu(in)f(the)h(case)h(of)e Fs(non-r)-5 b(e)g(cursive)38
b(pr)-5 b(o)g(c)g(e)g(dur)g(es)36 b Fu(are)283 2225 y(giv)m(en)i(in)e
(T)-8 b(able)37 b(4.4.)56 b(In)37 b(the)h(clause)f(for)g(pro)s(cedure)h
(declarations)e(w)m(e)i(use)g(the)f(seman)m(tic)283 2345
y(function)30 b Ft(S)730 2360 y Fn(ds)831 2345 y Fu(for)f(statemen)m
(ts)i(\(de\014ned)g(b)s(elo)m(w\))e(to)g(determine)g(the)h(meaning)f
(of)g(the)h(b)s(o)s(dy)283 2465 y(of)35 b(the)h(pro)s(cedure)g(using)f
(that)h Fs(env)1652 2480 y Fc(V)1747 2465 y Fu(and)g
Fs(env)2096 2480 y Fc(P)2189 2465 y Fu(are)f(the)h(en)m(vironmen)m(ts)g
(at)f(the)h(p)s(oin)m(t)e(of)283 2586 y(declaration.)41
b(The)30 b(v)-5 b(ariables)28 b(o)s(ccurring)h(in)f(the)h(b)s(o)s(dy)h
Fs(S)40 b Fu(of)29 b Fs(p)35 b Fu(will)27 b(therefore)j(b)s(e)f(b)s
(ound)g(to)283 2706 y(the)37 b(lo)s(cations)e(of)h(the)h(v)-5
b(ariables)35 b(as)h(kno)m(wn)i(at)e(the)h(time)e(of)h(declaration)e
(but)j(the)g(v)-5 b(alues)283 2827 y(of)39 b(the)g(lo)s(cations)e(will)
f(not)j(b)s(e)g(kno)m(wn)h(un)m(til)d(the)i(time)f(of)g(call.)60
b(In)39 b(this)g(w)m(a)m(y)h(w)m(e)f(ensure)283 2947
y(that)j(w)m(e)g(obtain)f(static)g(scop)s(e)h(for)f(v)-5
b(ariables.)69 b(Also)41 b(an)g(o)s(ccurrence)i(of)e
Fr(call)i Fs(p)3433 2911 y Fi(0)3498 2947 y Fu(in)d(the)283
3067 y(b)s(o)s(dy)g(of)e(the)i(pro)s(cedure)g(will)d(refer)i(to)g(a)g
(pro)s(cedure)h Fs(p)2439 3031 y Fi(0)2502 3067 y Fu(men)m(tioned)e(in)
h Fs(env)3259 3082 y Fc(P)3317 3067 y Fu(,)h(that)f(is)g(a)283
3188 y(pro)s(cedure)k(declared)g(in)e(an)h(outer)g(blo)s(c)m(k)g(or)g
(in)f(the)i(curren)m(t)g(blo)s(c)m(k)f(but)g(preceding)g(the)283
3308 y(presen)m(t)32 b(pro)s(cedure.)44 b(In)30 b(this)g(w)m(a)m(y)h(w)
m(e)g(obtain)e(static)h(scop)s(e)h(for)f(pro)s(cedures.)44
b(This)30 b(will)e(b)s(e)283 3429 y(illustrated)j(in)h(Exercise)i(4.67)
e(b)s(elo)m(w.)283 3682 y Fw(The)38 b(seman)m(tic)e(function)h
Ft(S)1483 3697 y Fn(ds)1592 3682 y Fw(for)g(Pro)s(c)283
3867 y Fu(The)j(meaning)c(of)i(a)g(statemen)m(t)g(dep)s(ends)i(on)e
(the)h(v)-5 b(ariables)37 b(and)h(pro)s(cedures)i(that)e(ha)m(v)m(e)283
3987 y(b)s(een)i(declared.)63 b(Therefore)40 b(the)f(seman)m(tic)g
(function)f Ft(S)2451 4002 y Fn(ds)2561 3987 y Fu(for)g(statemen)m(ts)i
(in)e Fw(Pro)s(c)g Fu(will)283 4108 y(ha)m(v)m(e)c(functionalit)m(y)527
4276 y Ft(S)595 4291 y Fn(ds)666 4276 y Fu(:)44 b Fw(Stm)32
b Ft(!)g Fw(En)m(v)1293 4291 y Fn(V)1383 4276 y Ft(!)g
Fw(En)m(v)1707 4291 y Fn(P)1792 4276 y Ft(!)g Fu(\()p
Fw(Store)g Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))283
4445 y(The)f(function)d(is)h(de\014ned)i(b)m(y)f(the)f(clauses)h(of)f
(T)-8 b(able)30 b(4.5.)42 b(In)30 b(most)g(cases)i(the)e(de\014nition)f
(of)283 4565 y Ft(S)351 4580 y Fn(ds)453 4565 y Fu(is)h(a)g(straigh)m
(tforw)m(ard)h(mo)s(di\014cation)d(of)i(the)h(clauses)g(of)f
Ft(S)2648 4529 y Fi(0)2648 4590 y Fn(ds)2719 4565 y Fu(.)43
b(Note)31 b(that)f(the)h(meaning)283 4686 y(of)i(a)f(pro)s(cedure)h
(call)e(is)h(obtained)g(b)m(y)i(simply)d(consulting)h(the)h(pro)s
(cedure)g(en)m(vironmen)m(t.)283 4867 y Fw(Example)k(4.66)49
b Fu(This)29 b(example)e(sho)m(ws)j(ho)m(w)g(w)m(e)f(obtain)e(static)h
(scop)s(e)h(rules)g(for)f(the)h(v)-5 b(ari-)283 4988
y(ables.)44 b(Consider)33 b(the)g(application)d(of)i(the)h(seman)m(tic)
f(function)g Ft(S)2778 5003 y Fn(ds)2882 4988 y Fu(to)g(the)h(statemen)
m(t)527 5156 y Fr(begin)h(var)g(x)e Fu(:=)h Fr(7)p Fu(;)g
Fr(proc)g(p)g(is)g(x)g Fu(:=)f Fr(0)p Fu(;)816 5324 y
Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p Fu(;)f Fr(call)i(p)f(end)527
5492 y(end)p eop
%%Page: 123 133
123 132 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(123)p 0 193 3473 4 v 0 419 V 0 2889 4 2471 v 382 519
a Ft(S)450 534 y Fn(ds)521 519 y Fu([)-17 b([)q Fs(x)12
b Fu(:=)p Fs(a)7 b Fu(])-17 b(])p Fs(env)969 534 y Fc(V)1062
519 y Fs(env)1218 534 y Fc(P)1308 519 y Fs(sto)39 b Fu(=)32
b Fs(sto)6 b Fu([)p Fs(l)k Ft(7!A)p Fu([)-17 b([)q Fs(a)7
b Fu(])-17 b(]\(lo)s(okup)32 b Fs(env)2593 534 y Fc(V)2686
519 y Fs(sto)6 b Fu(\)])651 686 y(where)34 b Fs(l)42
b Fu(=)33 b Fs(env)1265 701 y Fc(V)1357 686 y Fs(x)382
878 y Ft(S)450 893 y Fn(ds)521 878 y Fu([)-17 b([)q Fr(skip)p
Fu(])g(])q Fs(env)957 893 y Fc(V)1050 878 y Fs(env)1206
893 y Fc(P)1296 878 y Fu(=)33 b(id)382 1069 y Ft(S)450
1084 y Fn(ds)521 1069 y Fu([)-17 b([)q Fs(S)626 1084
y Fn(1)697 1069 y Fu(;)33 b Fs(S)824 1084 y Fn(2)863
1069 y Fu(])-17 b(])q Fs(env)1057 1084 y Fc(V)1150 1069
y Fs(env)1306 1084 y Fc(P)1396 1069 y Fu(=)32 b(\()p
Ft(S)1610 1084 y Fn(ds)1681 1069 y Fu([)-17 b([)q Fs(S)1786
1084 y Fn(2)1825 1069 y Fu(])g(])q Fs(env)2019 1084 y
Fc(V)2111 1069 y Fs(env)2267 1084 y Fc(P)2325 1069 y
Fu(\))33 b Ft(\016)f Fu(\()p Ft(S)2584 1084 y Fn(ds)2655
1069 y Fu([)-17 b([)q Fs(S)2760 1084 y Fn(1)2799 1069
y Fu(])g(])p Fs(env)2992 1084 y Fc(V)3085 1069 y Fs(env)3241
1084 y Fc(P)3299 1069 y Fu(\))382 1260 y Ft(S)450 1275
y Fn(ds)521 1260 y Fu([)g([)q Fr(if)33 b Fs(b)38 b Fr(then)c
Fs(S)1082 1275 y Fn(1)1154 1260 y Fr(else)f Fs(S)1458
1275 y Fn(2)1497 1260 y Fu(])-17 b(])q Fs(env)1691 1275
y Fc(V)1784 1260 y Fs(env)1940 1275 y Fc(P)2030 1260
y Fu(=)651 1428 y(cond\()p Ft(B)t Fu([)g([)p Fs(b)6 b
Fu(])-17 b(])q Ft(\016)p Fu(\(lo)s(okup)31 b Fs(env)1647
1443 y Fc(V)1707 1428 y Fu(\),)i Ft(S)1873 1443 y Fn(ds)1944
1428 y Fu([)-17 b([)q Fs(S)2049 1443 y Fn(1)2088 1428
y Fu(])g(])p Fs(env)2281 1443 y Fc(V)2374 1428 y Fs(env)2530
1443 y Fc(P)2588 1428 y Fu(,)1359 1595 y Ft(S)1427 1610
y Fn(ds)1498 1595 y Fu([)g([)q Fs(S)1603 1610 y Fn(2)1642
1595 y Fu(])g(])q Fs(env)1836 1610 y Fc(V)1929 1595 y
Fs(env)2085 1610 y Fc(P)2142 1595 y Fu(\))382 1787 y
Ft(S)450 1802 y Fn(ds)521 1787 y Fu([)g([)q Fr(while)34
b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p Fs(env)1326
1802 y Fc(V)1419 1787 y Fs(env)1575 1802 y Fc(P)1665
1787 y Fu(=)33 b(FIX)f Fs(F)618 1954 y Fu(where)i Fs(F)46
b(g)41 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])p Ft(\016)p Fu(\(lo)s(okup)32 b Fs(env)2201
1969 y Fc(V)2261 1954 y Fu(\),)1359 2122 y Fs(g)42 b
Ft(\016)32 b Fu(\()p Ft(S)1634 2137 y Fn(ds)1705 2122
y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q Fs(env)2003
2137 y Fc(V)2095 2122 y Fs(env)2251 2137 y Fc(P)2309
2122 y Fu(\),)33 b(id\))382 2313 y Ft(S)450 2328 y Fn(ds)521
2313 y Fu([)-17 b([)q Fr(begin)34 b Fs(D)931 2328 y Fc(V)1024
2313 y Fs(D)1107 2328 y Fc(P)1198 2313 y Fs(S)44 b Fr(end)p
Fu(])-17 b(])r Fs(env)1645 2328 y Fc(V)1738 2313 y Fs(env)1894
2328 y Fc(P)1984 2313 y Fs(sto)39 b Fu(=)32 b Ft(S)2321
2328 y Fn(ds)2392 2313 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])p Fs(env)2690 2277 y Fi(0)2690 2338 y Fc(V)2783 2313
y Fs(env)2939 2277 y Fi(0)2939 2338 y Fc(P)3029 2313
y Fs(sto)3157 2277 y Fi(0)651 2481 y Fu(where)34 b Ft(D)1012
2445 y Fn(V)1012 2505 y(ds)1083 2481 y Fu([)-17 b([)q
Fs(D)1204 2496 y Fc(V)1265 2481 y Fu(])g(])q(\()p Fs(env)1497
2496 y Fc(V)1557 2481 y Fu(,)32 b Fs(sto)6 b Fu(\))33
b(=)f(\()p Fs(env)2117 2445 y Fi(0)2117 2505 y Fc(V)2177
2481 y Fu(,)h Fs(sto)2365 2445 y Fi(0)2388 2481 y Fu(\))651
2648 y(and)f Ft(D)920 2612 y Fn(P)920 2673 y(ds)991 2648
y Fu([)-17 b([)q Fs(D)1112 2663 y Fc(P)1171 2648 y Fu(])g(])p
Fs(env)1364 2612 y Fi(0)1364 2673 y Fc(V)1457 2648 y
Fs(env)1613 2663 y Fc(P)1703 2648 y Fu(=)33 b Fs(env)1968
2612 y Fi(0)1968 2673 y Fc(P)382 2840 y Ft(S)450 2855
y Fn(ds)521 2840 y Fu([)-17 b([)q Fr(call)33 b Fs(p)6
b Fu(])-17 b(])q Fs(env)1046 2855 y Fc(V)1138 2840 y
Fs(env)1294 2855 y Fc(P)1385 2840 y Fu(=)32 b Fs(env)1649
2855 y Fc(P)1740 2840 y Fs(p)p 3469 2889 V 0 2892 3473
4 v 801 3053 a Fu(T)-8 b(able)32 b(4.5:)43 b(Denotational)30
b(seman)m(tics)j(for)f Fw(Pro)s(c)0 3325 y Fu(Assume)49
b(that)f(the)g(initial)c(en)m(vironmen)m(ts)49 b(are)f
Fs(env)2033 3340 y Fc(V)2141 3325 y Fu(and)g Fs(env)2502
3340 y Fc(P)2608 3325 y Fu(and)g(that)g(the)g(initial)0
3445 y(store)40 b Fs(sto)46 b Fu(has)41 b Fs(sto)46 b
Fu(next)40 b(=)g Fw(12)p Fu(.)66 b(Then)41 b(the)f(\014rst)h(step)f
(will)e(b)s(e)i(to)g(up)s(date)g(the)g(v)-5 b(ariable)0
3565 y(en)m(vironmen)m(t)33 b(with)f(the)h(declarations)f(of)g(the)h
(outer)f(blo)s(c)m(k:)244 3783 y Ft(D)323 3747 y Fn(V)323
3808 y(ds)395 3783 y Fu([)-17 b([)p Fr(var)34 b(x)e Fu(:=)h
Fr(7)p Fu(;])-17 b(])q(\()p Fs(env)1148 3798 y Fc(V)1208
3783 y Fu(,)32 b Fs(sto)6 b Fu(\))513 3951 y(=)32 b Ft(D)701
3914 y Fn(V)701 3975 y(ds)772 3951 y Fu([)-17 b([)p Fo(")p
Fu(])g(])q(\()p Fs(env)1087 3966 y Fc(V)1147 3951 y Fu([)p
Fr(x)p Ft(7!)p Fw(12)p Fu(],)32 b Fs(sto)6 b Fu([)p Fw(12)p
Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))513
4118 y(=)32 b(\()p Fs(env)815 4133 y Fc(V)875 4118 y
Fu([)p Fr(x)p Ft(7!)p Fw(12)p Fu(],)h Fs(sto)6 b Fu([)p
Fw(12)p Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))0
4336 y(Next)33 b(w)m(e)h(up)s(date)f(the)g(pro)s(cedure)g(en)m
(vironmen)m(t:)244 4553 y Ft(D)323 4517 y Fn(P)323 4578
y(ds)395 4553 y Fu([)-17 b([)p Fr(proc)34 b(p)f(is)g(x)f
Fu(:=)h(0;])-17 b(]\()p Fs(env)1415 4568 y Fc(V)1475
4553 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p Fu(]\))33 b Fs(env)2019
4568 y Fc(P)513 4721 y Fu(=)f Ft(D)701 4685 y Fn(P)701
4746 y(ds)772 4721 y Fu([)-17 b([)p Fo(")p Fu(])g(])q(\()p
Fs(env)1087 4736 y Fc(V)1147 4721 y Fu([)p Fr(x)p Ft(7!)p
Fw(12)p Fu(]\))32 b(\()p Fs(env)1728 4736 y Fc(P)1786
4721 y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))513 4889
y(=)32 b Fs(env)777 4904 y Fc(P)835 4889 y Fu([)p Fr(p)p
Ft(7!)p Fs(g)9 b Fu(])0 5106 y(where)244 5324 y Fs(g)41
b(sto)e Fu(=)32 b Ft(S)667 5339 y Fn(ds)738 5324 y Fu([)-17
b([)q Fr(x)32 b Fu(:=)h Fr(0)p Fu(])-17 b(])q(\()p Fs(env)1278
5339 y Fc(V)1338 5324 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p
Fu(]\))32 b Fs(env)1881 5339 y Fc(P)1972 5324 y Fs(sto)491
5492 y Fu(=)g Fs(sto)6 b Fu([)p Fw(12)p Ft(7!)p Fw(0)p
Fu(])p eop
%%Page: 124 134
124 133 bop 251 130 a Fw(124)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)44
b Fr(x)f Fu(is)f(to)g(b)s(e)g(found)g(in)g(lo)s(cation)e
Fw(12)i Fu(according)g(to)g(the)h(v)-5 b(ariable)40 b(en)m(vironmen)m
(t.)283 636 y(Then)34 b(w)m(e)g(get)527 798 y Ft(S)595
813 y Fn(ds)666 798 y Fu([)-17 b([)q Fr(begin)34 b(var)f(x)g
Fu(:=)f Fr(7)p Fu(;)h Fr(proc)h(p)f(is)g(x)f Fu(:=)h
Fr(0)p Fu(;)993 965 y Fr(begin)h(var)f(x)g Fu(:=)f Fr(5)p
Fu(;)h Fr(call)h(p)e(end)i(end)p Fu(])-17 b(])q Fs(env)2653
980 y Fc(V)2746 965 y Fs(env)2902 980 y Fc(P)2992 965
y Fs(sto)527 1133 y Fu(=)33 b Ft(S)704 1148 y Fn(ds)775
1133 y Fu([)-17 b([)p Fr(begin)34 b(var)f(x)g Fu(:=)g
Fr(5)p Fu(;)g Fr(call)g(p)g(end)p Fu(])-17 b(])34 b(\()p
Fs(env)2357 1148 y Fc(V)2417 1133 y Fu([)p Fr(x)p Ft(7!)p
Fw(12)p Fu(]\))f(\()p Fs(env)2999 1148 y Fc(P)3056 1133
y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 1300 y(\()p
Fs(sto)d Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][next)p Ft(7!)q
Fw(13)p Fu(]\))283 1462 y(F)-8 b(or)32 b(the)h(v)-5 b(ariable)31
b(declarations)h(of)g(the)h(inner)f(blo)s(c)m(k)g(w)m(e)i(ha)m(v)m(e)
527 1624 y Ft(D)607 1588 y Fn(V)607 1649 y(ds)678 1624
y Fu([)-17 b([)q Fr(var)33 b(x)g Fu(:=)f Fr(5)p Fu(;])-17
b(])q(\()p Fs(env)1431 1639 y Fc(V)1491 1624 y Fu([)p
Fr(x)p Ft(7!)p Fw(12)p Fu(],)33 b Fs(sto)6 b Fu([)p Fw(12)p
Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))796
1792 y(=)32 b Ft(D)984 1755 y Fn(V)984 1816 y(ds)1055
1792 y Fu([)-17 b([)q Fo(")p Fu(])g(]\()p Fs(env)1370
1807 y Fc(V)1430 1792 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p
Fu(],)33 b Fs(sto)6 b Fu([)p Fw(12)p Ft(7!)p Fw(7)p Fu(][)p
Fw(13)p Ft(7!)p Fw(5)p Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))796
1959 y(=)32 b(\()p Fs(env)1098 1974 y Fc(V)1159 1959
y Fu([)p Fr(x)p Ft(7!)p Fw(13)p Fu(],)g Fs(sto)6 b Fu([)p
Fw(12)p Ft(7!)p Fw(7)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p
Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))283 2121 y(and)527
2283 y Ft(D)607 2247 y Fn(P)607 2307 y(ds)678 2283 y
Fu([)-17 b([)q Fo(")o Fu(])g(])q(\()p Fs(env)993 2298
y Fc(V)1053 2283 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p Fu(]\))33
b(\()p Fs(env)1635 2298 y Fc(P)1692 2283 y Fu([)p Fr(p)p
Ft(7!)p Fs(g)9 b Fu(]\))33 b(=)f Fs(env)2286 2298 y Fc(P)2344
2283 y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(])283 2445 y(Th)m(us)35
b(w)m(e)e(get)527 2606 y Ft(S)595 2621 y Fn(ds)666 2606
y Fu([)-17 b([)q Fr(begin)34 b(var)f(x)g Fu(:=)f Fr(5)p
Fu(;)h Fr(call)h(p)f(end)p Fu(])-17 b(])34 b(\()p Fs(env)2249
2621 y Fc(V)2309 2606 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p
Fu(]\))e(\()p Fs(env)2890 2621 y Fc(P)2948 2606 y Fu([)p
Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 2774 y(\()p Fs(sto)d
Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p
Fu(]\))796 2942 y(=)32 b Ft(S)972 2957 y Fn(ds)1043 2942
y Fu([)-17 b([)q Fr(call)34 b(p)p Fu(])-17 b(]\()p Fs(env)1601
2957 y Fc(V)1662 2942 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p
Fu(]\))32 b(\()p Fs(env)2243 2957 y Fc(P)2301 2942 y
Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 3109 y(\()p
Fs(sto)d Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][)p Fw(13)p
Ft(7!)p Fw(5)p Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))796
3277 y(=)32 b Fs(g)42 b Fu(\()p Fs(sto)6 b Fu([)p Fw(12)p
Ft(7!)o Fw(7)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p Fu(][next)p
Ft(7!)q Fw(14)p Fu(]\))796 3445 y(=)32 b Fs(sto)6 b Fu([)p
Fw(12)p Ft(7!)p Fw(0)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p
Fu(][next)p Ft(7!)q Fw(14)p Fu(])283 3606 y(so)33 b(w)m(e)h(see)g(that)
e(in)g(the)h(\014nal)e(store)i(the)g(lo)s(cation)e(for)h(the)h(lo)s
(cal)d(v)-5 b(ariable)31 b(has)i(the)g(v)-5 b(alue)32
b Fw(5)283 3727 y Fu(and)h(the)g(one)g(for)f(the)h(global)d(v)-5
b(ariable)31 b(has)i(the)g(v)-5 b(alue)32 b Fw(0)p Fu(.)1214
b Fh(2)283 3899 y Fw(Exercise)37 b(4.67)49 b Fu(Consider)33
b(the)g(follo)m(wing)d(statemen)m(t)j(in)f Fw(Pro)s(c)p
Fu(:)527 4061 y Fr(begin)i(var)g(x)e Fu(:=)h Fr(0)p Fu(;)816
4229 y Fr(proc)h(p)f(is)g(x)f Fu(:=)h Fr(x)p Fu(+)p Fr(1)p
Fu(;)816 4397 y Fr(proc)h(q)f(is)g(call)g(p)p Fu(;)816
4564 y Fr(begin)h(proc)g(p)e(is)h(x)g Fu(:=)g Fr(7)p
Fu(;)1105 4732 y Fr(call)h(q)816 4899 y(end)527 5067
y(end)283 5229 y Fu(Use)i(the)g(seman)m(tic)e(clauses)i(of)e
Fw(Pro)s(c)h Fu(to)f(illustrate)f(that)i(pro)s(cedures)h(ha)m(v)m(e)g
(static)f(scop)s(e,)283 5349 y(that)i(is)e(sho)m(w)j(that)e(the)h
(\014nal)e(store)i(will)d(asso)s(ciate)i(the)g(lo)s(cation)e(of)i
Fr(x)h Fu(with)e(the)i(v)-5 b(alue)36 b Fw(1)283 5470
y Fu(\(rather)d(than)g Fw(7)p Fu(\).)2718 b Fh(2)p eop
%%Page: 125 135
125 134 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(125)p 0 193 3473 4 v 0 419 V 0 934 4 516 v 382 526
a Ft(D)462 489 y Fn(P)462 550 y(ds)533 526 y Fu([)-17
b([)p Fr(proc)34 b Fs(p)k Fr(is)c Fs(S)12 b Fu(;)32 b
Fs(D)1241 541 y Fc(P)1300 526 y Fu(])-17 b(])p Fs(env)1493
541 y Fc(V)1586 526 y Fs(env)1742 541 y Fc(P)1832 526
y Fu(=)33 b Ft(D)2020 489 y Fn(P)2020 550 y(ds)2091 526
y Fu([)-17 b([)q Fs(D)2212 541 y Fc(P)2271 526 y Fu(])g(])p
Fs(env)2464 541 y Fc(V)2557 526 y Fu(\()p Fs(env)2751
541 y Fc(P)2809 526 y Fu([)p Fs(p)6 b Ft(7!)o Fu(FIX)33
b Fs(F)13 b Fu(]\))651 693 y(where)34 b Fs(F)45 b(g)c
Fu(=)33 b Ft(S)1304 708 y Fn(ds)1376 693 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])q Fs(env)1674 708 y Fc(V)1766
693 y Fu(\()p Fs(env)1960 708 y Fc(P)2018 693 y Fu([)p
Fs(p)6 b Ft(7!)p Fs(g)j Fu(]\))382 884 y Ft(D)462 848
y Fn(P)462 909 y(ds)533 884 y Fu([)-17 b([)p Fo(")p Fu(])g(])q
Fs(env)810 899 y Fc(V)902 884 y Fu(=)33 b(id)p 3469 934
V 0 937 3473 4 v 232 1098 a(T)-8 b(able)32 b(4.6:)43
b(Denotational)30 b(seman)m(tics)j(for)f(recursiv)m(e)i(pro)s(cedure)g
(declarations)0 1370 y Fw(Recursiv)m(e)i(pro)s(cedures)0
1555 y Fu(In)d(the)f(case)h(where)h(pro)s(cedures)f(are)g(allo)m(w)m
(ed)e(to)h(b)s(e)g Fs(r)-5 b(e)g(cursive)39 b Fu(w)m(e)34
b(shall)c(b)s(e)j(in)m(terested)g(in)0 1675 y(a)f(function)g
Fs(g)41 b Fu(in)32 b Fw(Store)h Fo(,)-17 b Ft(!)32 b
Fw(Store)h Fu(satisfying)244 1859 y Fs(g)41 b Fu(=)32
b Ft(S)506 1874 y Fn(ds)577 1859 y Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])p Fs(env)875 1874 y Fc(V)968 1859 y Fu(\()p
Fs(env)1162 1874 y Fc(P)1220 1859 y Fu([)p Fs(p)6 b Ft(7!)o
Fs(g)j Fu(]\))0 2043 y(since)29 b(this)f(will)f(ensure)j(that)e(the)h
(meaning)f(of)g(all)e(the)j(recursiv)m(e)i(calls)c(is)h(the)h(same)g
(as)g(that)0 2164 y(of)g(the)h(pro)s(cedure)g(b)s(eing)f(de\014ned.)44
b(F)-8 b(or)28 b(this)h(only)g(the)h(clause)f(for)g Ft(D)2599
2127 y Fn(P)2599 2188 y(ds)2670 2164 y Fu([)-17 b([)q
Fr(proc)33 b Fs(p)39 b Fr(is)33 b Fs(S)12 b Fu(;)32 b
Fo(D)3376 2179 y Fc(P)3435 2164 y Fu(])-17 b(])0 2284
y(needs)42 b(to)e(b)s(e)h(mo)s(di\014ed)f(and)g(the)h(new)h(clause)f
(is)f(giv)m(en)h(in)f(T)-8 b(able)40 b(4.6.)67 b(W)-8
b(e)41 b(shall)e(see)j(in)0 2404 y(Exercise)34 b(4.69)e(that)h(this)f
(is)h(a)f(p)s(ermissible)f(de\014nition,)h(that)h(is)f
Fs(F)46 b Fu(of)32 b(T)-8 b(able)32 b(4.6)h(is)f(indeed)0
2525 y(con)m(tin)m(uous.)0 2692 y Fw(Remark)e Fu(Let)g(us)h(brie\015y)f
(compare)g(the)g(ab)s(o)m(v)m(e)h(seman)m(tics)g(with)f(the)g(op)s
(erational)e(seman-)0 2813 y(tics)35 b(giv)m(en)g(in)g(Section)g(2.5)g
(for)f(the)i(same)f(language.)51 b(In)35 b(the)h(op)s(erational)d
(seman)m(tics)i(the)0 2933 y(p)s(ossibilit)m(y)27 b(of)i(recursion)g
(is)g(handled)g(b)m(y)h(up)s(dating)e(the)i(en)m(vironmen)m(t)f
Fs(e)-5 b(ach)32 b(time)f(the)h(pr)-5 b(o-)0 3053 y(c)g(e)g(dur)g(e)42
b(is)g(c)-5 b(al)5 b(le)-5 b(d)50 b Fu(and,)43 b(except)f(for)e
(recording)g(the)h(declaration,)h(no)e(action)g(tak)m(es)i(place)0
3174 y(when)27 b(the)f(pro)s(cedure)g(is)f(declared.)41
b(In)26 b(the)g(denotational)e(approac)m(h,)j(the)f(situation)e(is)h(v)
m(ery)0 3294 y(di\013eren)m(t.)66 b(The)41 b(p)s(ossibilit)m(y)c(of)j
(recursion)g(is)g(handled)f Fs(onc)-5 b(e)41 b(and)g(for)h(al)5
b(l)p Fu(,)41 b(namely)e Fs(when)0 3415 y(the)c(pr)-5
b(o)g(c)g(e)g(dur)g(e)34 b(is)h(de)-5 b(clar)g(e)g(d)p
Fu(.)2340 b Fh(2)0 3617 y Fw(Exercise)36 b(4.68)49 b
Fu(Consider)33 b(the)g(declaration)e(of)h(the)h(factorial)d(pro)s
(cedure)244 3801 y Fr(proc)j(fac)h(is)f(begin)h(var)f(z)g
Fu(:=)f Fr(x)p Fu(;)1092 3969 y Fr(if)h(x)f Fu(=)h Fr(1)g(then)g(skip)
1092 4136 y(else)g Fu(\()p Fr(x)g Fu(:=)f Fr(x)h Ft(\000)g
Fr(1)p Fu(;)g Fr(call)h(fac)p Fu(;)f Fr(y)g Fu(:=)f Fr(z)h
Fo(?)f Fr(y)p Fu(\))803 4304 y Fr(end)p Fu(;)0 4488 y(Assume)39
b(that)g(the)g(initial)c(en)m(vironmen)m(ts)k(are)g Fs(env)1977
4503 y Fc(V)2076 4488 y Fu(and)f Fs(env)2427 4503 y Fc(P)2524
4488 y Fu(and)g(that)h Fs(env)3093 4503 y Fc(V)3192 4488
y Fr(x)f Fu(=)h Fs(l)3431 4503 y Fn(x)0 4608 y Fu(and)33
b Fs(env)346 4623 y Fc(V)438 4608 y Fr(y)g Fu(=)f Fs(l)665
4623 y Fn(y)708 4608 y Fu(.)44 b(Determine)31 b(the)i(up)s(dated)g(pro)
s(cedure)h(en)m(vironmen)m(t.)586 b Fh(2)146 4811 y Fu(As)31
b(for)e Fw(While)f Fu(w)m(e)j(m)m(ust)f(ensure)h(that)f(the)g(seman)m
(tic)g(clauses)g(de\014ne)h(a)f(total)e(function)0 4931
y Ft(S)68 4946 y Fn(ds)139 4931 y Fu(.)43 b(W)-8 b(e)33
b(lea)m(v)m(e)h(the)f(details)e(to)h(the)h(exercise)h(b)s(elo)m(w.)0
5133 y Fw(Exercise)i(4.69)49 b Fu(**)40 b(T)-8 b(o)40
b(ensure)h(that)f(the)g(clauses)h(for)e Ft(S)2243 5148
y Fn(ds)2354 5133 y Fu(de\014ne)i(a)f(total)e(function)h(w)m(e)0
5254 y(m)m(ust)23 b(sho)m(w)h(that)f(FIX)g(is)f(only)h(applied)e(to)i
(con)m(tin)m(uous)h(functions.)40 b(In)23 b(the)h(case)f(of)g(recursiv)
m(e)0 5374 y(pro)s(cedures)34 b(this)f(is)f(a)h(rather)g(lab)s(orious)d
(task.)45 b(First)32 b(one)h(ma)m(y)g(use)h(structural)e(induction)0
5494 y(to)g(sho)m(w)i(that)e Ft(D)652 5458 y Fn(V)652
5519 y(ds)756 5494 y Fu(is)g(indeed)h(a)f(w)m(ell-de\014ned)h
(function.)43 b(Secondly)33 b(one)g(ma)m(y)f(de\014ne)p
eop
%%Page: 126 136
126 135 bop 251 130 a Fw(126)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(env)683
530 y Fc(P)774 515 y Ft(v)851 479 y Fi(0)907 515 y Fs(env)1063
479 y Fi(0)1063 540 y Fc(P)1153 515 y Fu(if)c(and)h(only)f(if)f
Fs(env)1892 530 y Fc(P)1982 515 y Fs(p)39 b Ft(v)33 b
Fs(env)2337 479 y Fi(0)2337 540 y Fc(P)2427 515 y Fs(p)39
b Fu(for)32 b(all)e Fs(p)39 b Ft(2)33 b Fw(Pname)283
712 y Fu(and)j(sho)m(w)g(that)e(\()p Fw(En)m(v)1163 727
y Fn(P)1215 712 y Fu(,)i Ft(v)1355 676 y Fi(0)1379 712
y Fu(\))e(is)h(a)g(ccp)s(o.)51 b(Finally)-8 b(,)32 b(one)k(ma)m(y)e
(use)i(Exercise)h(4.41)d(\(with)g Fs(D)283 833 y Fu(b)s(eing)k
Fw(Store)f Fo(,)-17 b Ft(!)38 b Fw(Store)p Fu(\))g(to)f(sho)m(w)i(that)
f(for)g(all)d Fs(env)2370 848 y Fc(V)2468 833 y Ft(2)k
Fw(En)m(v)2765 848 y Fn(V)2860 833 y Fu(the)g(clauses)f(of)g(T)-8
b(ables)283 953 y(4.3,)33 b(4.5)f(and)h(4.6)f(do)g(de\014ne)i(con)m
(tin)m(uous)f(functions)527 1150 y Ft(S)595 1165 y Fn(ds)666
1150 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(env)964
1165 y Fc(V)1024 1150 y Fu(:)44 b Fw(En)m(v)1287 1165
y Fn(P)1371 1150 y Ft(!)33 b Fu(\()p Fw(Store)f Fo(,)-17
b Ft(!)32 b Fw(Store)p Fu(\))527 1318 y Ft(D)607 1282
y Fn(P)607 1343 y(ds)678 1318 y Fu([)-17 b([)q Fs(D)799
1333 y Fc(P)857 1318 y Fu(])g(])q Fs(env)1051 1333 y
Fc(V)1111 1318 y Fu(:)44 b Fw(En)m(v)1374 1333 y Fn(P)1458
1318 y Ft(!)32 b Fw(En)m(v)1782 1333 y Fn(P)283 1515
y Fu(This)38 b(is)e(p)s(erformed)g(using)h(m)m(utual)f(structural)g
(induction)g(on)h(statemen)m(ts)h Fs(S)49 b Fu(and)37
b(decla-)283 1635 y(rations)32 b Fs(D)692 1650 y Fn(P)744
1635 y Fu(.)2910 b Fh(2)283 1855 y Fw(Exercise)37 b(4.70)49
b Fu(Mo)s(dify)43 b(the)h(syn)m(tax)h(of)e(pro)s(cedures)i(so)f(that)f
(they)i(tak)m(e)f(t)m(w)m(o)h Fs(c)-5 b(al)5 b(l-by-)283
1976 y(value)40 b Fu(parameters:)527 2173 y Fs(D)610
2188 y Fc(P)702 2173 y Fu(::=)32 b Fr(proc)i Fs(p)6 b
Fu(\()p Fs(x)1253 2188 y Fn(1)1292 2173 y Fu(,)p Fs(x)1376
2188 y Fn(2)1415 2173 y Fu(\))33 b Fr(is)g Fs(S)12 b
Fu(;)32 b Fs(D)1830 2188 y Fc(P)1921 2173 y Ft(j)g Fo(")527
2340 y Fs(S)45 b Fu(::=)32 b Ft(\001)17 b(\001)g(\001)31
b(j)h Fr(call)i Fs(p)6 b Fu(\()p Fs(a)1387 2355 y Fn(1)1426
2340 y Fu(,)p Fs(a)1510 2355 y Fn(2)1550 2340 y Fu(\))283
2537 y(The)41 b(meaning)c(of)i(a)g(pro)s(cedure)h(will)d(no)m(w)j(dep)s
(end)g(up)s(on)g(the)f(v)-5 b(alues)39 b(of)g(its)g(parameters)283
2658 y(as)34 b(w)m(ell)f(as)h(the)g(state)g(in)f(whic)m(h)h(it)f(is)g
(executed.)49 b(W)-8 b(e)34 b(therefore)g(c)m(hange)h(the)f
(de\014nition)e(of)283 2778 y Fw(En)m(v)475 2793 y Fn(P)560
2778 y Fu(to)g(b)s(e)527 2975 y Fw(En)m(v)719 2990 y
Fn(P)804 2975 y Fu(=)g Fw(Pname)h Ft(!)f Fu(\(\()p Fw(Z)h
Ft(\002)g Fw(Z)p Fu(\))g Ft(!)f Fu(\()p Fw(Store)g Fo(,)-17
b Ft(!)33 b Fw(Store)p Fu(\)\))283 3172 y(so)d(that)f(giv)m(en)h(a)f
(pair)f(of)h(v)-5 b(alues)29 b(and)g(a)h(store)f(w)m(e)i(can)e
(determine)g(the)h(\014nal)f(store.)42 b(Mo)s(dify)283
3293 y(the)h(de\014nition)e(of)g Ft(S)1092 3308 y Fn(ds)1205
3293 y Fu(to)g(use)i(this)e(pro)s(cedure)i(en)m(vironmen)m(t.)72
b(Also)41 b(pro)m(vide)h(seman)m(tic)283 3413 y(clauses)36
b(for)f Ft(D)844 3377 y Fn(P)844 3438 y(ds)950 3413 y
Fu(in)f(the)i(case)g(of)e(non-recursiv)m(e)j(as)e(w)m(ell)f(as)i
(recursiv)m(e)g(pro)s(cedures.)53 b(Con-)283 3533 y(struct)34
b(statemen)m(ts)f(that)g(illustrate)d(ho)m(w)j(the)g(new)h(clauses)f
(are)g(used.)723 b Fh(2)283 3753 y Fw(Exercise)37 b(4.71)49
b Fu(*)35 b(Mo)s(dify)f(the)h(seman)m(tics)h(of)e Fw(Pro)s(c)h
Fu(so)g(that)g(dynamic)f(scop)s(e)i(rules)f(are)283 3874
y(emplo)m(y)m(ed)e(for)f(v)-5 b(ariables)32 b(as)g(w)m(ell)g(as)h(pro)s
(cedures.)1492 b Fh(2)283 4161 y Fp(The)45 b(concept)g(of)g(con)l(tin)l
(uations)283 4346 y Fu(Another)35 b(imp)s(ortan)m(t)c(concept)k(from)d
(denotational)g(seman)m(tics)i(is)f(that)g(of)g Fs(c)-5
b(ontinuations)8 b Fu(.)283 4466 y(T)-8 b(o)35 b(illustrate)e(it)h(w)m
(e)i(shall)d(consider)i(an)g(extension)h(of)e Fw(While)f
Fu(where)k(exceptions)f(can)f(b)s(e)283 4587 y(raised)e(and)f(handled.)
44 b(The)33 b(new)h(language)d(is)i(called)e Fw(Exc)h
Fu(and)h(its)f(syn)m(tax)i(is:)577 4775 y Fs(S)112 b
Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 b
Fr(skip)i Ft(j)e Fs(S)1713 4790 y Fn(1)1785 4775 y Fu(;)g
Fs(S)1911 4790 y Fn(2)1983 4775 y Ft(j)g Fr(if)h Fs(b)39
b Fr(then)33 b Fs(S)2566 4790 y Fn(1)2638 4775 y Fr(else)h
Fs(S)2943 4790 y Fn(2)795 4943 y Ft(j)150 b Fr(while)34
b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32 b Fr(begin)i
Fs(S)1996 4958 y Fn(1)2068 4943 y Fr(handle)g Fs(e)7
b Fu(:)44 b Fs(S)2598 4958 y Fn(2)2669 4943 y Fr(end)34
b Ft(j)e Fr(raise)i Fs(e)283 5133 y Fu(The)c(meta-v)-5
b(ariable)26 b Fs(e)36 b Fu(ranges)29 b(o)m(v)m(er)h(the)f(syn)m
(tactic)g(category)g Fw(Exception)56 b Fu(of)29 b(exceptions.)283
5254 y(The)34 b(statemen)m(t)e Fr(raise)i Fs(e)39 b Fu(is)32
b(a)f(kind)h(of)g(jump)g(instruction:)42 b(when)33 b(it)e(is)h(encoun)m
(tered,)i(the)283 5374 y(execution)f(of)d(the)i(encapsulating)f(blo)s
(c)m(k)g(is)g(stopp)s(ed)h(and)g(the)f(\015o)m(w)h(of)f(con)m(trol)g
(is)g(giv)m(en)g(to)283 5494 y(the)i(statemen)m(t)h(declaring)d(the)i
(exception)g Fs(e)7 b Fu(.)44 b(An)33 b(example)f(is)g(the)h(statemen)m
(t)p eop
%%Page: 127 137
127 136 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(127)p 0 193 3473 4 v 244 515 a Fr(begin)34 b(while)g(true)f(do)g(if)g
(x)p Ft(\024)q Fr(0)1194 683 y(then)h(raise)g(exit)1194
851 y(else)g(x)f Fu(:=)f Fr(x)p Ft(\000)p Fr(1)533 1018
y(handle)i(exit)p Fu(:)44 b Fr(y)33 b Fu(:=)g Fr(7)244
1186 y(end)0 1381 y Fu(Assume)d(that)f Fs(s)614 1396
y Fn(0)683 1381 y Fu(is)f(the)i(initial)25 b(state)30
b(and)f(that)g Fs(s)1898 1396 y Fn(0)1967 1381 y Fr(x)g
Fo(>)g Fw(0)p Fu(.)43 b(Then)30 b(the)g(false)e(branc)m(h)i(of)f(the)0
1502 y(conditional)h(will)h(b)s(e)h(c)m(hosen)j(and)e(the)g(v)-5
b(alue)32 b(of)g Fr(x)h Fu(decremen)m(ted.)46 b(Ev)m(en)m(tually)-8
b(,)33 b Fr(x)g Fu(gets)g(the)0 1622 y(v)-5 b(alue)31
b Fw(0)g Fu(and)g(the)g(true)h(branc)m(h)g(of)e(the)i(conditional)c
(will)h(raise)i(the)g(exception)h Fr(exit)p Fu(.)44 b(This)0
1742 y(will)37 b(cause)k(the)e(execution)h(of)f(the)h
Fr(while)p Fu(-lo)s(op)f(to)g(b)s(e)h(terminated)e(and)h(con)m(trol)g
(will)e(b)s(e)0 1863 y(transferred)d(to)f(the)h(handler)g(for)e
Fr(exit)p Fu(.)48 b(Th)m(us)35 b(the)f(statemen)m(t)g(will)d(terminate)
h(in)h(a)g(state)0 1983 y(where)h Fr(x)f Fu(has)g(the)g(v)-5
b(alue)32 b Fw(0)g Fu(and)h Fr(y)g Fu(the)g(v)-5 b(alue)32
b Fw(7)p Fu(.)146 2103 y(The)39 b(meaning)e(of)g(an)h(exception)h(will)
c(b)s(e)j(the)h(e\013ect)f(of)g Fs(exe)-5 b(cuting)39
b(the)h(r)-5 b(emainder)39 b(of)0 2224 y(the)c(pr)-5
b(o)g(gr)g(am)39 b Fu(starting)32 b(from)f(the)i(handler.)43
b(Consider)33 b(a)g(statemen)m(t)g(of)f(the)h(form)244
2419 y(\()p Fr(if)g Fs(b)38 b Fr(then)c Fs(S)805 2434
y Fn(1)877 2419 y Fr(else)f Fs(S)1181 2434 y Fn(2)1221
2419 y Fu(\))f(;)h Fs(S)1418 2434 y Fn(3)0 2614 y Fu(In)43
b(the)h(language)e Fw(While)g Fu(it)g(is)g(eviden)m(t)i(that)f(indep)s
(enden)m(tly)h(of)f(whether)h(w)m(e)g(execute)0 2735
y Fs(S)67 2750 y Fn(1)144 2735 y Fu(or)38 b Fs(S)336
2750 y Fn(2)413 2735 y Fu(w)m(e)h(ha)m(v)m(e)g(to)e(con)m(tin)m(ue)i
(with)e Fs(S)1606 2750 y Fn(3)1646 2735 y Fu(.)59 b(When)39
b(w)m(e)g(in)m(tro)s(duce)e(exceptions)i(this)f(do)s(es)0
2855 y(not)32 b(hold)f(an)m(y)h(longer:)43 b(if)30 b(one)j(of)e(the)h
(branc)m(hes)i(raises)e(an)g(exception)g(not)g(handled)g(inside)0
2975 y(that)41 b(branc)m(h,)j(then)d(w)m(e)h(will)d(certainly)h(not)g
(execute)j Fs(S)2173 2990 y Fn(3)2212 2975 y Fu(.)69
b(It)41 b(is)f(therefore)i(necessary)h(to)0 3096 y(rewrite)32
b(the)h(seman)m(tics)f(of)f Fw(While)g Fu(to)h(mak)m(e)g(the)g
(\\e\013ect)h(of)e(executing)i(the)g(remainder)e(of)0
3216 y(the)i(program")e(more)h(explicit.)0 3475 y Fw(Con)m(tin)m
(uation)k(st)m(yle)h(seman)m(tics)f(for)i(While)0 3659
y Fu(In)26 b(a)f Fs(c)-5 b(ontinuation)27 b(style)i(semantics)j
Fu(the)26 b(con)m(tin)m(uations)f(describ)s(e)h(the)51
b Fs(e\013e)-5 b(ct)28 b(of)g(exe)-5 b(cuting)0 3780
y(the)31 b(r)-5 b(emainder)29 b(of)h(the)h(pr)-5 b(o)g(gr)g(am)p
Fu(.)41 b(F)-8 b(or)27 b(us)i(a)e Fs(c)-5 b(ontinuation)35
b(c)e Fu(is)28 b(an)g(elemen)m(t)f(of)h(the)g(domain)244
3975 y Fw(Con)m(t)k Fu(=)h Fw(State)f Fo(,)-17 b Ft(!)33
b Fw(State)0 4170 y Fu(and)38 b(is)f(th)m(us)h(a)f(partial)f(function)h
(from)f Fw(State)h Fu(to)g Fw(State)p Fu(.)59 b(Sometimes)36
b(one)i(uses)h(partial)0 4291 y(functions)24 b(from)f
Fw(State)h Fu(to)f(a)h(\\simpler")e(set)i Fw(Ans)g Fu(of)g(answ)m(ers)i
(but)e(in)f(all)f(cases)j(the)g(purp)s(ose)0 4411 y(of)e(a)g(con)m(tin)
m(uation)g(is)g(to)g(express)i(the)f(\\outcome")f(of)g(the)h(remainder)
e(of)h(the)h(program)e(when)0 4531 y(started)33 b(in)f(a)g(giv)m(en)h
(state.)146 4652 y(Consider)e(a)f(statemen)m(t)g(of)g(the)g(form)f
Ft(\001)17 b(\001)g(\001)n Fu(;)31 b Fs(S)42 b Fu(;)30
b Ft(\001)17 b(\001)g(\001)28 b Fu(and)i(let)g(us)h(explain)e(the)h
(meaning)f(of)0 4772 y Fs(S)47 b Fu(in)34 b(terms)g(of)h(the)g
(e\013ect)h(of)e(executing)i(the)f(remainder)f(of)g(the)i(program.)49
b(The)35 b(starting)0 4893 y(p)s(oin)m(t)40 b(will)f(b)s(e)j(the)g(con)
m(tin)m(uation)e Fs(c)47 b Fu(determining)39 b(the)j(e\013ect)g(of)f
(executing)h(the)g(part)f(of)0 5013 y(the)35 b(program)f
Fs(after)45 b(S)12 b Fu(,)35 b(that)g(is)f Fs(c)41 b(s)i
Fu(is)34 b(the)h(state)h(obtained)e(when)i(the)g(remainder)e(of)g(the)0
5133 y(program)29 b(is)i(executed)i(from)c(state)j Fs(s)8
b Fu(.)43 b(W)-8 b(e)31 b(shall)e(then)j(determine)e(the)i(e\013ect)f
(of)g(executing)0 5254 y Fs(S)45 b Fu(and)32 b(the)i(remainder)e(of)g
(the)h(program,)f(that)g(is)h(w)m(e)g(shall)f(determine)g(a)h(con)m
(tin)m(uation)f Fs(c)3450 5218 y Fi(0)0 5374 y Fu(suc)m(h)f(that)e
Fs(c)476 5338 y Fi(0)529 5374 y Fs(s)37 b Fu(is)29 b(the)h(state)g
(obtained)f(when)i(executing)f Fs(S)42 b Fu(and)29 b(the)h(part)g(of)f
(the)h(program)0 5494 y(follo)m(wing)g Fs(S)44 b Fu(from)32
b(state)h Fs(s)8 b Fu(.)43 b(Pictorially)-8 b(,)30 b(from)p
eop
%%Page: 128 138
128 137 bop 251 130 a Fw(128)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1501
4 1083 v 666 519 a Ft(S)733 483 y Fi(0)733 543 y Fn(cs)797
519 y Fu([)-17 b([)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17
b(])q Fs(c)38 b(s)j Fu(=)32 b Fs(c)38 b Fu(\()p Fs(s)8
b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q Fs(s)8 b Fu(]\))666 710 y Ft(S)733 674 y Fi(0)733
735 y Fn(cs)797 710 y Fu([)-17 b([)p Fr(skip)p Fu(])g(])34
b(=)f(id)666 901 y Ft(S)733 865 y Fi(0)733 926 y Fn(cs)797
901 y Fu([)-17 b([)p Fs(S)901 916 y Fn(1)973 901 y Fu(;)33
b Fs(S)1100 916 y Fn(2)1139 901 y Fu(])-17 b(])33 b(=)f
Ft(S)1385 865 y Fi(0)1385 926 y Fn(cs)1449 901 y Fu([)-17
b([)p Fs(S)1553 916 y Fn(1)1592 901 y Fu(])g(])34 b Ft(\016)e(S)1813
865 y Fi(0)1813 926 y Fn(cs)1876 901 y Fu([)-17 b([)q
Fs(S)1981 916 y Fn(2)2020 901 y Fu(])g(])666 1092 y Ft(S)733
1056 y Fi(0)733 1117 y Fn(cs)797 1092 y Fu([)g([)p Fr(if)33
b Fs(b)39 b Fr(then)33 b Fs(S)1357 1107 y Fn(1)1429 1092
y Fr(else)h Fs(S)1734 1107 y Fn(2)1773 1092 y Fu(])-17
b(])q Fs(c)38 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)2563 1056 y Fi(0)2563
1117 y Fn(cs)2626 1092 y Fu([)-17 b([)p Fs(S)2730 1107
y Fn(1)2770 1092 y Fu(])g(])p Fs(c)6 b Fu(,)32 b Ft(S)2985
1056 y Fi(0)2985 1117 y Fn(cs)3049 1092 y Fu([)-17 b([)p
Fs(S)3153 1107 y Fn(2)3193 1092 y Fu(])g(])p Fs(c)6 b
Fu(\))666 1284 y Ft(S)733 1248 y Fi(0)733 1308 y Fn(cs)797
1284 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(])-17 b(])33 b(=)f(FIX)g Fs(G)934 1451
y Fu(where)i(\()p Fs(G)42 b(g)9 b Fu(\))32 b Fs(c)38
b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b Ft(S)2247 1415 y Fi(0)2247 1476 y Fn(cs)2310
1451 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\()p Fs(g)41
b(c)6 b Fu(\),)32 b Fs(c)6 b Fu(\))p 3753 1501 V 283
1504 3473 4 v 937 1665 a(T)-8 b(able)32 b(4.7:)43 b(Con)m(tin)m(uation)
32 b(st)m(yle)h(seman)m(tics)g(for)f Fw(While)769 1959
y Ft(\001)17 b(\001)g(\001)240 b Fu(;)300 b Fs(S)310
b Fu(;)275 b Ft(\001)17 b(\001)g(\001)1879 1994 y Fg(|)p
1916 1994 226 10 v 226 w({z)p 2216 1994 V 226 w(})2154
2075 y Fs(c)283 2266 y Fu(w)m(e)34 b(w)m(an)m(t)g(to)e(obtain)769
2491 y Ft(\001)17 b(\001)g(\001)240 b Fu(;)300 b Fs(S)278
b Fu(;)259 b Ft(\001)17 b(\001)g(\001)1187 2545 y Fg(|)p
1224 2545 548 10 v 548 w({z)p 1846 2545 V 548 w(})1772
2657 y Fs(c)1823 2621 y Fi(0)283 2851 y Fu(W)-8 b(e)49
b(shall)d(de\014ne)j(a)e(seman)m(tic)g(function)h Ft(S)1987
2815 y Fi(0)1987 2876 y Fn(cs)2098 2851 y Fu(for)f Fw(While)g
Fu(that)g(ac)m(hiev)m(es)i(this.)89 b(It)47 b(has)283
2971 y(functionalit)m(y)527 3196 y Ft(S)595 3160 y Fi(0)595
3221 y Fn(cs)658 3196 y Fu(:)d Fw(Stm)32 b Ft(!)g Fu(\()p
Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p Fu(\))283 3421 y(and)j(is)f(de\014ned)
h(in)f(T)-8 b(able)34 b(4.7.)48 b(The)36 b(clauses)f(for)e(assignmen)m
(t)h(and)h Fr(skip)g Fu(are)f(straigh)m(tfor-)283 3542
y(w)m(ard;)g(ho)m(w)m(ev)m(er,)h(note)e(that)g(w)m(e)h(no)m(w)f(use)h
(id)e(as)h(the)g(iden)m(tit)m(y)g(function)f(on)h Fw(Con)m(t)p
Fu(,)g(that)f(is)283 3662 y(id)c Fs(c)35 b(s)h Fu(=)29
b Fs(c)34 b(s)8 b Fu(.)42 b(In)29 b(the)g(clause)g(for)g(comp)s
(osition)d(the)j(order)g(of)f(the)h(functional)e(comp)s(osition)283
3783 y(is)33 b Fs(r)-5 b(everse)g(d)42 b Fu(compared)33
b(with)g(the)g(direct)g(st)m(yle)g(seman)m(tics)h(of)e(T)-8
b(able)33 b(4.1.)44 b(In)m(tuitiv)m(ely)-8 b(,)32 b(the)283
3903 y(reason)43 b(is)e(that)h(the)g(con)m(tin)m(uations)f(are)h
(\\pulled)f(bac)m(kw)m(ards")i(through)f(the)g(t)m(w)m(o)h(state-)283
4023 y(men)m(ts.)55 b(So)36 b(assuming)f(that)h Fs(c)41
b Fu(is)36 b(the)g(con)m(tin)m(uation)f(for)h(the)g(remainder)f(of)h
(the)g(program)283 4144 y(w)m(e)44 b(shall)c(\014rst)j(determine)f(a)g
(con)m(tin)m(uation)f(for)g Fs(S)2239 4159 y Fn(2)2321
4144 y Fu(follo)m(w)m(ed)g(b)m(y)i(the)g(remainder)e(of)g(the)283
4264 y(program)32 b(and)g(next)i(for)e Fs(S)1299 4279
y Fn(1)1371 4264 y Fu(follo)m(w)m(ed)f(b)m(y)j Fs(S)1950
4279 y Fn(2)2022 4264 y Fs(and)42 b Fu(the)33 b(remainder)e(of)i(the)g
(program.)430 4389 y(The)42 b(clause)g(for)f(the)g(conditional)e(is)i
(straigh)m(tforw)m(ard)g(as)g(the)h(con)m(tin)m(uation)f(applies)283
4509 y(to)g(b)s(oth)g(branc)m(hes.)72 b(In)41 b(the)h(clause)f(for)g
(the)h Fr(while)p Fu(-construct)h(w)m(e)f(use)h(the)e(\014xed)i(p)s
(oin)m(t)283 4630 y(op)s(erator)33 b(as)g(in)g(the)h(direct)f(st)m(yle)
g(seman)m(tics.)46 b(If)33 b(the)h(test)g(of)f Fr(while)h
Fs(b)39 b Fr(do)34 b Fs(S)45 b Fu(ev)-5 b(aluates)33
b(to)283 4750 y Fw(\013)g Fu(then)f(w)m(e)h(return)f(the)g(con)m(tin)m
(uation)f Fs(c)37 b Fu(for)31 b(the)h(remainder)f(of)g(the)i(program.)
41 b(If)32 b(the)g(test)283 4870 y(ev)-5 b(aluates)33
b(to)g Fw(tt)f Fu(then)i Fs(g)41 b(c)e Fu(denotes)34
b(the)g(e\013ect)g(of)e(executing)i(the)f(remainder)f(of)h(the)g(lo)s
(op)283 4991 y(follo)m(w)m(ed)j(b)m(y)h(the)g(remainder)e(of)h(the)h
(program)d(and)j(is)f(the)g(con)m(tin)m(uation)g(to)f(b)s(e)i(used)g
(for)283 5111 y(the)c(\014rst)h(unfolding)c(of)i(the)h(lo)s(op.)283
5374 y Fw(Example)k(4.72)49 b Fu(Consider)34 b(the)g(statemen)m(t)g
Fr(z)g Fu(:=)f Fr(x)p Fu(;)i Fr(x)f Fu(:=)f Fr(y)p Fu(;)i
Fr(y)e Fu(:=)h Fr(z)g Fu(of)f(Chapter)h(1.)47 b(Let)283
5494 y(id)32 b(b)s(e)h(the)g(iden)m(tit)m(y)f(function)h(on)f
Fw(State)p Fu(.)44 b(Then)33 b(w)m(e)h(ha)m(v)m(e)p eop
%%Page: 129 139
129 138 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(129)p 0 193 3473 4 v 244 515 a Ft(S)312 479 y Fi(0)312
540 y Fn(cs)375 515 y Fu([)-17 b([)q Fr(z)32 b Fu(:=)h
Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(y)p Fu(;)h Fr(y)g Fu(:=)f
Fr(z)p Fu(])-17 b(])q(id)413 683 y(=)32 b(\()p Ft(S)627
647 y Fi(0)627 708 y Fn(cs)690 683 y Fu([)-17 b([)q Fr(z)32
b Fu(:=)h Fr(x)p Fu(])-17 b(])33 b Ft(\016)g(S)1218 647
y Fi(0)1218 708 y Fn(cs)1282 683 y Fu([)-17 b([)p Fr(x)33
b Fu(:=)g Fr(y)p Fu(])-17 b(])33 b Ft(\016)f(S)1810 647
y Fi(0)1810 708 y Fn(cs)1874 683 y Fu([)-17 b([)p Fr(y)33
b Fu(:=)f Fr(z)p Fu(])-17 b(])q(\))33 b(id)413 851 y(=)f(\()p
Ft(S)627 814 y Fi(0)627 875 y Fn(cs)690 851 y Fu([)-17
b([)q Fr(z)32 b Fu(:=)h Fr(x)p Fu(])-17 b(])33 b Ft(\016)g(S)1218
814 y Fi(0)1218 875 y Fn(cs)1282 851 y Fu([)-17 b([)p
Fr(x)33 b Fu(:=)g Fr(y)p Fu(])-17 b(])q(\))32 b Fs(g)1752
866 y Fn(1)681 1018 y Fu(where)i Fs(g)1017 1033 y Fn(1)1089
1018 y Fs(s)40 b Fu(=)33 b(id\()p Fs(s)8 b Fu([)p Fr(y)p
Ft(7!)o Fu(\()p Fs(s)41 b Fr(z)p Fu(\)]\))413 1186 y(=)32
b Ft(S)589 1150 y Fi(0)589 1211 y Fn(cs)652 1186 y Fu([)-17
b([)q Fr(z)33 b Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(g)1052
1201 y Fn(2)681 1354 y Fu(where)34 b Fs(g)1017 1369 y
Fn(2)1089 1354 y Fs(s)40 b Fu(=)33 b Fs(g)1332 1369 y
Fn(1)1371 1354 y Fu(\()p Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
Fu(\()p Fs(s)40 b Fr(y)p Fu(\)]\))1169 1521 y(=)33 b(id\()p
Fs(s)8 b Fu([)p Fr(x)p Ft(7!)o Fu(\()p Fs(s)41 b Fr(y)p
Fu(\)][)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)f Fr(z)p Fu(\)]\))413
1689 y(=)32 b Fs(g)575 1704 y Fn(3)681 1856 y Fu(where)i
Fs(g)1017 1871 y Fn(3)1089 1856 y Fs(s)40 b Fu(=)33 b
Fs(g)1332 1871 y Fn(2)1371 1856 y Fu(\()p Fs(s)8 b Fu([)p
Fr(z)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(x)p Fu(\)]\))1169
2024 y(=)33 b(id\()p Fs(s)8 b Fu([)p Fr(z)p Ft(7!)o Fu(\()p
Fs(s)41 b Fr(x)p Fu(\)][)p Fr(x)p Ft(7!)p Fu(\()p Fs(s)f
Fr(y)p Fu(\)][)p Fr(y)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p
Fu(\)]\))0 2242 y(Note)33 b(that)f(the)h(seman)m(tic)f(function)g(is)h
(constructed)h(in)e(a)g(\\bac)m(kw)m(ards")i(manner.)258
b Fh(2)146 2491 y Fu(As)35 b(in)f(the)h(case)g(of)f(the)h(direct)g(st)m
(yle)g(seman)m(tics)f(w)m(e)i(m)m(ust)f(ensure)g(that)g(the)g(seman)m
(tic)0 2612 y(clauses)e(de\014ne)h(a)e(total)f(function)h
Ft(S)1372 2576 y Fi(0)1372 2636 y Fn(cs)1436 2612 y Fu(.)43
b(W)-8 b(e)33 b(lea)m(v)m(e)g(the)g(details)f(to)g(the)h(exercise)h(b)s
(elo)m(w.)0 2864 y Fw(Exercise)i(4.73)49 b Fu(**)40 b(T)-8
b(o)41 b(ensure)h(that)e(the)h(clauses)h(for)e Ft(S)2247
2828 y Fi(0)2247 2889 y Fn(cs)2351 2864 y Fu(de\014ne)i(a)e(total)f
(function)h(w)m(e)0 2984 y(m)m(ust)31 b(sho)m(w)h(that)e(FIX)h(is)f
(only)g(applied)f(to)i(con)m(tin)m(uous)g(functions.)43
b(First)30 b(one)h(ma)m(y)f(de\014ne)244 3203 y Fs(g)298
3218 y Fn(1)369 3203 y Ft(v)447 3166 y Fi(0)503 3203
y Fs(g)557 3218 y Fn(2)628 3203 y Fu(if)i(and)g(only)g(if)g
Fs(g)1265 3218 y Fn(1)1336 3203 y Fs(c)38 b Ft(v)33 b
Fs(g)1583 3218 y Fn(2)1655 3203 y Fs(c)38 b Fu(for)32
b(all)f Fs(c)38 b Ft(2)33 b Fw(Con)m(t)0 3421 y Fu(and)g(sho)m(w)g
(that)g(\()p Fw(Con)m(t)f Ft(!)g Fw(Con)m(t)p Fu(,)g
Ft(v)1462 3385 y Fi(0)1485 3421 y Fu(\))h(is)f(a)g(ccp)s(o.)44
b(Secondly)-8 b(,)33 b(one)g(ma)m(y)f(de\014ne)244 3639
y([)p Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p Fu(])h(=)f Ft(f)g
Fs(g)9 b Fu(:)43 b Fw(Con)m(t)33 b Ft(!)f Fw(Con)m(t)g
Ft(j)g Fs(g)41 b Fu(is)32 b(con)m(tin)m(uous)i Ft(g)0
3857 y Fu(and)29 b(sho)m(w)i(that)e(\([)p Fw(Con)m(t)g
Ft(!)f Fw(Con)m(t)p Fu(],)i Ft(v)1497 3821 y Fi(0)1520
3857 y Fu(\))f(is)g(a)g(ccp)s(o.)42 b(Finally)-8 b(,)28
b(one)h(ma)m(y)g(use)h(Exercise)h(4.41)0 3978 y(\(with)26
b Fs(D)36 b Fu(=)26 b([)p Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p
Fu(]\))h(to)f(sho)m(w)i(that)e(the)h(clauses)g(of)f(T)-8
b(able)27 b(4.7)f(de\014ne)i(a)e(function)244 4196 y
Ft(S)312 4160 y Fi(0)312 4221 y Fn(cs)375 4196 y Fu(:)43
b([)p Fw(Con)m(t)33 b Ft(!)f Fw(Con)m(t)p Fu(])0 4414
y(using)g(structural)h(induction)e(on)i Fs(S)12 b Fu(.)2029
b Fh(2)0 4664 y Fw(Exercise)36 b(4.74)49 b Fu(*)33 b(Pro)m(v)m(e)h
(that)e(the)h(t)m(w)m(o)g(seman)m(tic)g(functions)f Ft(S)2504
4679 y Fn(ds)2608 4664 y Fu(and)g Ft(S)2865 4627 y Fi(0)2865
4688 y Fn(cs)2961 4664 y Fu(satisfy)244 4882 y Ft(S)312
4846 y Fi(0)312 4906 y Fn(cs)375 4882 y Fu([)-17 b([)q
Fs(S)12 b Fu(])-17 b(])p Fs(c)38 b Fu(=)33 b Fs(c)38
b Ft(\016)32 b(S)942 4897 y Fn(ds)1013 4882 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])0 5100 y(for)32 b(all)f(statemen)m(ts)i
Fs(S)44 b Fu(of)33 b Fw(While)d Fu(and)j(for)f(all)f(con)m(tin)m
(uations)h Fs(c)6 b Fu(.)933 b Fh(2)0 5349 y Fw(Exercise)36
b(4.75)49 b Fu(Extend)26 b(the)g(language)d Fw(While)g
Fu(with)h(the)h(construct)h Fr(repeat)34 b Fs(S)45 b
Fr(until)34 b Fs(b)0 5470 y Fu(and)f(giv)m(e)f(the)h(new)h(\(comp)s
(ositional\))29 b(clause)j(for)g Ft(S)1960 5433 y Fi(0)1960
5494 y Fn(cs)2024 5470 y Fu(.)1347 b Fh(2)p eop
%%Page: 130 140
130 139 bop 251 130 a Fw(130)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 2219
4 1800 v 666 519 a Ft(S)733 534 y Fn(cs)797 519 y Fu([)-17
b([)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 b(])q Fs(env)1245
534 y Fc(E)1336 519 y Fs(c)38 b(s)j Fu(=)32 b Fs(c)38
b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q
Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(]\))666 710 y Ft(S)733
725 y Fn(cs)797 710 y Fu([)-17 b([)p Fr(skip)p Fu(])g(])r
Fs(env)1233 725 y Fc(E)1324 710 y Fu(=)33 b(id)666 901
y Ft(S)733 916 y Fn(cs)797 901 y Fu([)-17 b([)p Fs(S)901
916 y Fn(1)973 901 y Fu(;)33 b Fs(S)1100 916 y Fn(2)1139
901 y Fu(])-17 b(])q Fs(env)1333 916 y Fc(E)1424 901
y Fu(=)32 b(\()p Ft(S)1638 916 y Fn(cs)1701 901 y Fu([)-17
b([)q Fs(S)1806 916 y Fn(1)1845 901 y Fu(])g(])q Fs(env)2039
916 y Fc(E)2098 901 y Fu(\))32 b Ft(\016)g Fu(\()p Ft(S)2356
916 y Fn(cs)2419 901 y Fu([)-17 b([)q Fs(S)2524 916 y
Fn(2)2563 901 y Fu(])g(])q Fs(env)2757 916 y Fc(E)2816
901 y Fu(\))666 1092 y Ft(S)733 1107 y Fn(cs)797 1092
y Fu([)g([)p Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)1357
1107 y Fn(1)1429 1092 y Fr(else)h Fs(S)1734 1107 y Fn(2)1773
1092 y Fu(])-17 b(])q Fs(env)1967 1107 y Fc(E)2058 1092
y Fs(c)38 b Fu(=)934 1260 y(cond\()p Ft(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)1495 1275 y Fn(cs)1558
1260 y Fu([)-17 b([)q Fs(S)1663 1275 y Fn(1)1702 1260
y Fu(])g(])q Fs(env)1896 1275 y Fc(E)1987 1260 y Fs(c)6
b Fu(,)32 b Ft(S)2165 1275 y Fn(cs)2228 1260 y Fu([)-17
b([)q Fs(S)2333 1275 y Fn(2)2372 1260 y Fu(])g(])q Fs(env)2566
1275 y Fc(E)2657 1260 y Fs(c)6 b Fu(\))666 1451 y Ft(S)733
1466 y Fn(cs)797 1451 y Fu([)-17 b([)p Fr(while)34 b
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p Fs(env)1602
1466 y Fc(E)1693 1451 y Fu(=)33 b(FIX)f Fs(G)934 1619
y Fu(where)i(\()p Fs(G)42 b(g)9 b Fu(\))32 b Fs(c)38
b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b Ft(S)2247 1634 y Fn(cs)2310 1619 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])p Fs(env)2608 1634 y Fc(E)2699
1619 y Fu(\()p Fs(g)41 b(c)6 b Fu(\),)33 b Fs(c)6 b Fu(\))666
1810 y Ft(S)733 1825 y Fn(cs)797 1810 y Fu([)-17 b([)p
Fr(begin)34 b Fs(S)1190 1825 y Fn(1)1262 1810 y Fr(handle)g
Fs(e)7 b Fu(:)44 b Fs(S)1792 1825 y Fn(2)1864 1810 y
Fr(end)p Fu(])-17 b(])q Fs(env)2211 1825 y Fc(E)2302
1810 y Fs(c)38 b Fu(=)934 1978 y Ft(S)1002 1993 y Fn(cs)1065
1978 y Fu([)-17 b([)q Fs(S)1170 1993 y Fn(1)1209 1978
y Fu(])g(])q(\()p Fs(env)1441 1993 y Fc(E)1500 1978 y
Fu([)p Fs(e)7 b Ft(7!S)1746 1993 y Fn(cs)1810 1978 y
Fu([)-17 b([)p Fs(S)1914 1993 y Fn(2)1954 1978 y Fu(])g(])p
Fs(env)2147 1993 y Fc(E)2238 1978 y Fs(c)6 b Fu(]\))33
b Fs(c)666 2169 y Ft(S)733 2184 y Fn(cs)797 2169 y Fu([)-17
b([)p Fr(raise)34 b Fs(e)7 b Fu(])-17 b(])q Fs(env)1369
2184 y Fc(E)1460 2169 y Fs(c)38 b Fu(=)33 b Fs(env)1808
2184 y Fc(E)1899 2169 y Fs(e)p 3753 2219 V 283 2222 3473
4 v 991 2383 a Fu(T)-8 b(able)33 b(4.8:)43 b(Con)m(tin)m(uation)31
b(st)m(yle)j(seman)m(tics)e(for)g Fw(Exc)283 2677 y(The)38
b(seman)m(tic)e(function)h Ft(S)1483 2692 y Fn(cs)1584
2677 y Fw(for)g(Exc)283 2871 y Fu(In)30 b(order)g(to)f(k)m(eep)i(trac)m
(k)f(of)f(the)h(exceptions)h(that)e(ha)m(v)m(e)i(b)s(een)f(in)m(tro)s
(duced)g(w)m(e)g(shall)e(use)j(an)283 2992 y Fs(exc)-5
b(eption)34 b(envir)-5 b(onment)p Fu(.)43 b(It)32 b(will)f(b)s(e)h(an)h
(elemen)m(t,)f Fs(env)2408 3007 y Fc(E)2467 2992 y Fu(,)h(of)527
3219 y Fw(En)m(v)719 3234 y Fn(E)804 3219 y Fu(=)f Fw(Exception)g
Ft(!)g Fw(Con)m(t)283 3446 y Fu(Giv)m(en)h(an)f(exception)h(en)m
(vironmen)m(t)f Fs(env)1853 3461 y Fc(E)1944 3446 y Fu(and)h(an)f
(exception)h Fs(e)7 b Fu(,)33 b(the)f(e\013ect)h(of)f(executing)283
3566 y(the)f(remainder)e(of)g(the)i(program)d(starting)h(from)g(the)h
(handler)g(for)f Fs(e)38 b Fu(will)27 b(then)k(b)s(e)f
Fs(env)3588 3581 y Fc(E)3677 3566 y Fs(e)7 b Fu(.)430
3691 y(The)40 b(seman)m(tic)f(function)f Ft(S)1504 3706
y Fn(cs)1606 3691 y Fu(for)h(the)h(statemen)m(ts)g(of)e(the)i(language)
e Fw(Exc)g Fu(has)i(func-)283 3812 y(tionalit)m(y)527
4039 y Ft(S)595 4054 y Fn(cs)658 4039 y Fu(:)k Fw(Stm)32
b Ft(!)g Fw(En)m(v)1285 4054 y Fn(E)1369 4039 y Ft(!)h
Fu(\()p Fw(Con)m(t)f Ft(!)g Fw(Con)m(t)p Fu(\))283 4265
y(The)25 b(function)f(is)f(de\014ned)i(b)m(y)g(the)g(clauses)f(of)g(T)
-8 b(able)23 b(4.8.)40 b(Most)25 b(of)e(the)h(clauses)h(are)f(straigh)m
(t-)283 4386 y(forw)m(ard)g(extensions)h(of)e(those)h(giv)m(en)g(for)f
Fw(While)f Fu(in)g(T)-8 b(able)23 b(4.7.)40 b(The)25
b(meaning)d(of)h(the)h(blo)s(c)m(k)283 4506 y(construct)33
b(is)d(to)h(execute)i(the)f(b)s(o)s(dy)f(in)f(the)i(up)s(dated)g(en)m
(vironmen)m(t.)43 b(Therefore)32 b(the)g(en)m(vi-)283
4627 y(ronmen)m(t)g(is)g(up)s(dated)g(so)g(that)g Fs(e)39
b Fu(is)32 b(b)s(ound)g(to)g(the)g(e\013ect)h(of)e(executing)i(the)f
(remainder)f(of)283 4747 y(the)i(program)d(starting)h(from)f(the)i
(handler)f(for)g Fs(e)39 b Fu(and)32 b(this)f(is)h(the)g(con)m(tin)m
(uation)e(obtained)283 4867 y(b)m(y)j(executing)f(\014rst)g
Fs(S)1120 4882 y Fn(2)1191 4867 y Fu(and)g(then)g(the)g(remainder)f(of)
g(the)h(program,)e(that)h(is)h Ft(S)3296 4882 y Fn(cs)3360
4867 y Fu([)-17 b([)p Fs(S)3464 4882 y Fn(2)3504 4867
y Fu(])g(])p Fs(env)3697 4882 y Fc(E)283 4988 y Fs(c)6
b Fu(.)48 b(Finally)-8 b(,)31 b(in)i(the)i(clause)f(for)f
Fr(raise)i Fs(e)41 b Fu(w)m(e)35 b Fs(ignor)-5 b(e)41
b Fu(the)34 b(con)m(tin)m(uation)f(that)h(is)f(otherwise)283
5108 y(supplied.)44 b(So)32 b(rather)h(than)f(using)h
Fs(c)38 b Fu(w)m(e)33 b(c)m(ho)s(ose)h(to)e(use)i Fs(env)2598
5123 y Fc(E)2689 5108 y Fs(e)7 b Fu(.)283 5374 y Fw(Example)37
b(4.76)49 b Fu(Let)40 b Fs(env)1332 5389 y Fc(E)1431
5374 y Fu(b)s(e)g(an)g(initial)c(en)m(vironmen)m(t)k(and)g(assume)h
(that)e(the)i(initial)283 5494 y(con)m(tin)m(uation)32
b(is)g(the)h(iden)m(tit)m(y)g(function,)f(id.)42 b(Then)34
b(w)m(e)g(ha)m(v)m(e)p eop
%%Page: 131 141
131 140 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
b(131)p 0 193 3473 4 v 244 515 a Ft(S)312 530 y Fn(cs)375
515 y Fu([)-17 b([)q Fr(begin)33 b(while)h(true)g(do)f(if)g(x)p
Ft(\024)q Fr(0)g(then)g(raise)h(exit)g(else)f(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)413 683 y(handle)i(exit)p Fu(:)44
b Fr(y)33 b Fu(:=)g Fr(7)f(end)p Fu(])-17 b(])r Fs(env)1679
698 y Fc(E)1770 683 y Fu(id)244 851 y(=)93 b(\(FIX)32
b Fs(G)9 b Fu(\))33 b(id)0 1054 y(where)h Fs(G)42 b Fu(is)32
b(de\014ned)i(b)m(y)244 1257 y Fs(G)42 b(g)f(c)d(s)i
Fu(=)33 b(cond\()p Ft(B)t Fu([)-17 b([)p Fr(true)p Fu(])g(])r(,)957
1425 y(cond\()p Ft(B)t Fu([)g([)q Fr(x)p Ft(\024)q Fr(0)p
Fu(])g(],)33 b Fs(c)1630 1440 y Fn(exit)1749 1425 y Fu(,)g
Fs(S)1876 1440 y Fn(cs)1939 1425 y Fu([)-17 b([)q Fr(x)33
b Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])r Fs(env)2570
1440 y Fc(E)2628 1425 y Fu([)p Fr(exit)p Ft(7!)p Fs(c)3010
1440 y Fn(exit)3131 1425 y Fu(])32 b(\()p Fs(g)41 b(c)6
b Fu(\)\),)957 1593 y Fs(c)g Fu(\))32 b Fs(s)610 1850
y Fu(=)719 1676 y Fg(8)719 1751 y(<)719 1900 y(:)834
1766 y Fs(c)885 1781 y Fn(exit)1037 1766 y Fs(s)756 b
Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(\024)h Fw(0)834 1933
y Fu(\()p Fs(g)41 b(c)6 b Fu(\))32 b(\()p Fs(s)8 b Fu([)p
Fr(x)p Ft(7!)p Fu(\()p Fs(s)41 b Fr(x)p Fu(\))p Ft(\000)p
Fw(1)p Fu(]\))84 b(if)31 b Fs(s)41 b Fr(x)32 b Fo(>)h
Fw(0)0 2135 y Fu(and)g(the)g(con)m(tin)m(uation)e Fs(c)972
2150 y Fn(exit)1124 2135 y Fu(asso)s(ciated)i(with)f(the)h(exception)g
Fr(exit)h Fu(is)e(giv)m(en)g(b)m(y)244 2339 y Fs(c)295
2354 y Fn(exit)447 2339 y Fs(s)40 b Fu(=)33 b(id)f(\()p
Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(7)p Fu(]\))32 b(=)h
Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(7)p Fu(])0 2542 y(Note)36
b(that)f Fs(G)45 b Fu(ma)m(y)36 b(c)m(ho)s(ose)h(to)e(use)i(the)f
(\\default")f(con)m(tin)m(uation)f Fs(c)42 b Fu(or)35
b(the)h(con)m(tin)m(uation)0 2663 y Fs(c)51 2678 y Fn(exit)203
2663 y Fu(asso)s(ciated)c(with)h(the)g(exception,)g(as)g(appropriate.)
42 b(W)-8 b(e)33 b(then)g(get)269 2912 y(\(FIX)f Fs(G)9
b Fu(\))33 b(id)f Fs(s)40 b Fu(=)969 2738 y Fg(8)969
2812 y(<)969 2962 y(:)1084 2827 y Fs(s)8 b Fu([)p Fr(y)p
Ft(7!)p Fw(7)p Fu(])344 b(if)32 b Fs(s)40 b Fr(x)33 b
Ft(\024)g Fw(0)1084 2995 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
Fw(0)p Fu(][)p Fr(y)p Ft(7!)p Fw(7)p Fu(])83 b(if)32
b Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)3398 2912 y Fh(2)0
3222 y Fw(Exercise)j(4.77)49 b Fu(Sho)m(w)33 b(that)f(FIX)g
Fs(G)42 b Fu(as)32 b(sp)s(eci\014ed)h(in)f(the)g(ab)s(o)m(v)m(e)h
(example)f(is)f(indeed)i(the)0 3342 y(least)39 b(\014xed)j(p)s(oin)m
(t,)f(that)e(is)h(construct)h(the)f(iterands)g Fs(G)2171
3306 y Fn(n)2254 3342 y Ft(?)h Fu(and)f(sho)m(w)h(that)e(their)h(least)
0 3463 y(upp)s(er)33 b(b)s(ound)g(is)f(as)h(sp)s(eci\014ed.)2213
b Fh(2)0 3691 y Fw(Exercise)36 b(4.78)49 b Fu(**)31 b(Extend)j
(Exercise)f(4.73)e(to)g(sho)m(w)i(the)f(w)m(ell-de\014nedness)h(of)e
(the)h(func-)0 3811 y(tion)g Ft(S)268 3826 y Fn(cs)364
3811 y Fu(de\014ned)i(b)m(y)g(the)f(clauses)g(of)f(T)-8
b(able)32 b(4.8.)1537 b Fh(2)0 4040 y Fw(Exercise)36
b(4.79)49 b Fu(Supp)s(ose)36 b(that)e(there)i(is)e(a)g(distinguished)g
(output)h(v)-5 b(ariable)33 b Fr(out)i Ft(2)g Fw(V)-9
b(ar)0 4160 y Fu(and)38 b(that)f(only)h(the)g(\014nal)f(v)-5
b(alue)37 b(of)g(this)h(v)-5 b(ariable)36 b(is)h(of)g(in)m(terest.)60
b(This)38 b(migh)m(t)e(motiv)-5 b(ate)0 4280 y(de\014ning)244
4484 y Fw(Con)m(t)32 b Fu(=)h Fw(State)f Fo(,)-17 b Ft(!)33
b Fw(Z)0 4687 y Fu(De\014ne)h(the)h(initial)30 b(con)m(tin)m(uation)j
Fs(c)1372 4702 y Fn(0)1444 4687 y Ft(2)h Fw(Con)m(t)p
Fu(.)47 b(What)34 b(c)m(hanges)h(to)f Fw(En)m(v)2808
4702 y Fn(E)2860 4687 y Fu(,)g(the)g(function-)0 4808
y(alit)m(y)d(of)h Ft(S)401 4823 y Fn(cs)497 4808 y Fu(and)h(T)-8
b(able)32 b(4.8)g(are)h(necessary?)1680 b Fh(2)p eop
%%Page: 132 142
132 141 bop 251 130 a Fw(132)1978 b(4)112 b(Denotational)36
b(Seman)m(tics)p 251 193 3473 4 v eop
%%Page: 133 143
133 142 bop 0 1185 a Fv(Chapter)78 b(5)0 1606 y(Static)g(Program)f
(Analysis)0 2063 y Fu(When)41 b(implemen)m(ting)36 b(a)k(programming)d
(language)h(it)h(is)g(crucial)f(that)i(the)g(implemen)m(ta-)0
2184 y(tion)30 b(is)h(faithful)f(to)h(the)h(seman)m(tics)g(of)f(the)h
(language)e(and)i(in)e(Chapter)j(3)e(w)m(e)h(sa)m(w)h(ho)m(w)f(the)0
2304 y(op)s(erational)27 b(seman)m(tics)j(could)f(b)s(e)h(used)g(to)f
(pro)m(v)m(e)i(this)e(formally)-8 b(.)40 b(Ho)m(w)m(ev)m(er,)32
b(it)d(is)g(also)g(im-)0 2425 y(p)s(ortan)m(t)f(that)f(the)h(implemen)m
(tation)d(is)j(reasonably)f(e\016cien)m(t)i(and)f(it)f(is)g(therefore)i
(common)0 2545 y(to)f(com)m(bine)f(the)h(co)s(de)h(generation)e(with)g
(v)-5 b(arious)28 b(analyses)g(collecting)e(information)f(ab)s(out)0
2665 y(the)34 b(programs.)45 b(In)34 b(this)f(c)m(hapter)i(w)m(e)f
(shall)e(dev)m(elop)i(one)g(suc)m(h)h(analysis)e(in)f(detail)g(but)i
(let)0 2786 y(us)f(\014rst)g(consider)g(a)f(couple)h(of)f(example)g
(analyses.)146 2912 y Fs(Constant)47 b(pr)-5 b(op)g(agation)53
b Fu(is)46 b(an)g(analysis)g(that)g(determines)h(whether)h(an)e
(expression)0 3032 y(alw)m(a)m(ys)30 b(ev)-5 b(aluates)30
b(to)f(a)h(constan)m(t)g(v)-5 b(alue)30 b(and)f(if)g(so)h(determines)g
(that)f(v)-5 b(alue.)42 b(The)31 b(analysis)0 3152 y(is)44
b(the)g(basis)g(for)g(an)g(optimization)d(called)i Fs(c)-5
b(onstant)45 b(folding)51 b Fu(where)46 b(the)e(expression)i(is)0
3273 y(replaced)30 b(b)m(y)i(the)e(constan)m(t.)44 b(As)31
b(an)f(example)g(the)g(analysis)g(will)e(detect)j(that)f(the)h(v)-5
b(alue)30 b(of)0 3393 y Fr(y)j Fu(in)f(the)h(statemen)m(t)244
3624 y Fr(x)g Fu(:=)f Fr(5)p Fu(;)h Fr(y)g Fu(:=)f Fr(x)h
Fo(?)f Fr(x)h Fu(+)g Fr(25)0 3854 y Fu(will)d(alw)m(a)m(ys)j(b)s(e)g
Fw(50)p Fu(.)44 b(It)32 b(is)g(therefore)i(safe)f(to)f(replace)g(the)h
(statemen)m(t)g(b)m(y)244 4085 y Fr(x)g Fu(:=)f Fr(5)p
Fu(;)h Fr(y)g Fu(:=)f Fr(50)0 4316 y Fu(and)h(more)f(e\016cien)m(t)h
(co)s(de)g(can)g(b)s(e)f(generated.)146 4441 y(Another)j(example)f(is)g
(the)h Fs(dete)-5 b(ction)36 b(of)h(signs)f(analysis)41
b Fu(where)36 b(the)f(idea)f(is)g(to)g(deter-)0 4562
y(mine)e(the)i(sign)e(of)h(expressions.)47 b(So)33 b(it)f(will)f(for)i
(example)f(determine)h(that)g(the)h(v)-5 b(alue)32 b(of)h
Fr(y)0 4682 y Fu(in)244 4913 y Fr(y)g Fu(:=)f Fr(x)h
Fo(?)f Fr(x)h Fu(+)f Fr(25)0 5143 y Fu(alw)m(a)m(ys)24
b(will)e(b)s(e)h(p)s(ositiv)m(e)g(\(indep)s(enden)m(tly)i(of)e(the)h(v)
-5 b(alue)23 b(assigned)h(to)f Fr(x)p Fu(\).)41 b(This)24
b(information)0 5264 y(will)30 b(b)s(e)j(useful)g(for)f(an)g
(optimization)d(kno)m(wn)34 b(as)f Fs(c)-5 b(o)g(de)34
b(elimination)p Fu(:)42 b(in)32 b(a)g(statemen)m(t)h(as)244
5494 y Fr(y)g Fu(:=)f Fr(x)h Fo(?)f Fr(x)h Fu(+)f Fr(25)p
Fu(;)i Fr(while)f(y)g Ft(\024)g Fr(0)g(do)g Ft(\001)17
b(\001)g(\001)1663 5849 y Fu(133)p eop
%%Page: 134 144
134 143 bop 251 130 a Fw(134)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(there)48
b(is)f(no)g(need)h(to)f(generate)h(co)s(de)g(for)e(the)i
Fr(while)p Fu(-lo)s(op)e(b)s(ecause)j(it)d(will)f(nev)m(er)k(b)s(e)283
636 y(executed.)430 757 y(The)30 b(example)f(analysis)f(to)h(b)s(e)h
(dev)m(elop)s(ed)g(in)e(this)h(c)m(hapter)h(is)f(a)g
Fs(dep)-5 b(endency)31 b(analysis)p Fu(.)283 878 y(Here)38
b(the)f(idea)g(is)f(to)g(regard)h(some)g(of)f(the)i(v)-5
b(ariables)35 b(as)i Fs(input)47 b Fu(v)-5 b(ariables)35
b(and)i(others)h(as)283 998 y Fs(output)k Fu(v)-5 b(ariables.)41
b(The)32 b(analysis)e(will)f(then)j(determine)e(whether)i(or)f(not)g
(the)g(\014nal)f(v)-5 b(alues)283 1118 y(of)24 b(the)g(output)g(v)-5
b(ariables)23 b(only)g(dep)s(end)i(up)s(on)f(the)g(initial)c(v)-5
b(alues)24 b(of)f(the)h(input)g(v)-5 b(ariables.)39 b(If)283
1239 y(so)27 b(w)m(e)g(shall)e(sa)m(y)i(that)f(there)h(is)e(a)h
Fs(functional)i(dep)-5 b(endency)34 b Fu(b)s(et)m(w)m(een)28
b(the)f(input)e(and)i(output)283 1359 y(v)-5 b(ariables)32
b(of)g(the)h(statemen)m(t.)44 b(As)33 b(an)f(example)h(consider)f(once)
i(more)e(the)h(statemen)m(t)527 1568 y Fr(y)g Fu(:=)g
Fr(x)f Fo(?)h Fr(x)f Fu(+)h Fr(25)283 1776 y Fu(and)26
b(assume)g(that)g Fr(x)g Fu(is)f(an)h(input)f(v)-5 b(ariable)24
b(and)i Fr(y)g Fu(an)f(output)h(v)-5 b(ariable.)40 b(Then)26
b(the)h(analysis)283 1897 y(will)j(conclude)i(that)f(there)h(is)f
(indeed)h(a)f(functional)f(dep)s(endency)k(b)s(et)m(w)m(een)g(the)e
(input)f(and)283 2017 y(output)37 b(v)-5 b(ariables)36
b(for)g(the)i(ab)s(o)m(v)m(e)f(statemen)m(t.)57 b(Ho)m(w)m(ev)m(er,)40
b(if)c Fr(x)h Fu(is)f Fs(not)46 b Fu(an)37 b(input)g(v)-5
b(ariable)283 2138 y(then)30 b(the)f(analysis)f(will)f(determine)i
(that)f(the)i(v)-5 b(alue)28 b(of)g Fr(y)h Fu(is)g(dubious)g(as)g(it)f
(do)s(es)h(not)g(solely)283 2258 y(dep)s(end)e(on)e(the)g(v)-5
b(alues)25 b(of)f(the)i(input)e(v)-5 b(ariables.)40 b(In)25
b(that)g(case)h(the)f(compiler)e(migh)m(t)h(c)m(ho)s(ose)283
2378 y(to)33 b(issue)g(a)f(w)m(arning)g(as)h(this)f(probably)g(is)h
(not)f(the)h(in)m(ten)m(tion)f(of)g(the)h(programmer.)430
2500 y(A)f(more)g(in)m(teresting)g(example)h(program)e(is)h(the)h
(factorial)d(statemen)m(t:)527 2708 y Fr(y)j Fu(:=)g
Fr(1)p Fu(;)f Fr(while)i Ft(:)f Fu(\()p Fr(x)g Fu(=)f
Fr(1)p Fu(\))h Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)h
Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)f Ft(\000)h
Fr(1)p Fu(\))283 2917 y(Again)h(assume)h(that)f Fr(x)h
Fu(is)f(an)g(input)g(v)-5 b(ariable)33 b(and)h(that)h
Fr(y)f Fu(is)g(an)h(output)f(v)-5 b(ariable.)48 b(Then)283
3038 y(the)35 b(\014nal)d(v)-5 b(alue)34 b(of)f Fr(y)h
Fu(only)f(dep)s(ends)i(up)s(on)f(the)g(initial)c(v)-5
b(alue)33 b(of)g Fr(x)p Fu(.)47 b(Ho)m(w)m(ev)m(er,)37
b(if)32 b(w)m(e)j(drop)283 3158 y(the)k(initialization)32
b(of)37 b Fr(y)h Fu(\(and)g(assume)g(that)g Fr(y)g Fu(is)f(not)h(an)f
(input)h(v)-5 b(ariable\))36 b(and)i(consider)283 3278
y(the)33 b(statemen)m(t)527 3487 y Fr(while)h Ft(:)f
Fu(\()p Fr(x)g Fu(=)f Fr(1)p Fu(\))h Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)h Ft(\000)g Fr(1)p Fu(\))283 3696 y(then)42 b(the)f(\014nal)f(v)-5
b(alue)40 b(of)g Fr(y)g Fu(do)s(es)h(not)g(only)f(dep)s(end)i(on)e(the)
h(initial)c(v)-5 b(alue)40 b(of)g(the)h(input)283 3816
y(v)-5 b(ariable)23 b Fr(x)p Fu(,)j(but)e(also)f(on)h(the)g(initial)c
(v)-5 b(alue)23 b(of)h Fr(y)p Fu(,)i(so)e(it)f(is)g Fs(not)34
b Fu(the)24 b(case)h(that)e(the)i(\014nal)e(v)-5 b(alues)283
3936 y(of)33 b(the)g(output)f(v)-5 b(ariables)32 b(only)g(dep)s(end)h
(on)g(the)g(initial)c(v)-5 b(alues)32 b(of)g(the)h(input)f(v)-5
b(ariables.)430 4058 y(The)38 b(kind)f(of)g(analyses)g(exempli\014ed)g
(ab)s(o)m(v)m(e)h(can)g(b)s(e)f(sp)s(eci\014ed)h(b)m(y)g(de\014ning)f
(so-called)283 4178 y Fs(non-standar)-5 b(d)42 b(semantics)47
b Fu(of)41 b(the)g(programming)d(language.)67 b(These)42
b(seman)m(tics)f(will)e(b)s(e)283 4299 y(patterned)k(after)e(the)h
(denotational)e(seman)m(tics)i(of)f(Chapter)h(4)g(but)g(they)g
(di\013er)f(in)g(that)283 4419 y(they)30 b(do)f Fs(not)39
b Fu(op)s(erate)29 b(on)f(the)i(exact)g(v)-5 b(alues)29
b(of)f(v)-5 b(ariables)28 b(and)h(expressions)i(but)e(rather)g(on)283
4539 y Fs(pr)-5 b(op)g(erties)42 b Fu(of)33 b(the)h(exact)h(v)-5
b(alues.)47 b(F)-8 b(or)33 b(the)h(constan)m(t)h(propagation)d
(analysis)h(w)m(e)i(ma)m(y)f(use)283 4660 y(prop)s(erties)f(lik)m(e)527
4868 y Fb(any)p Fu(,)g Fb(const)p Fu(-)p Fb(0)p Fu(,)f
Fb(const)p Fu(-)p Fb(1)p Fu(,)g Fb(const)p Fu(-)p Fb(2)p
Fu(,)g Ft(\001)17 b(\001)g(\001)283 5077 y Fu(F)-8 b(or)32
b(the)h(detection)g(of)f(signs)h(analysis)e(w)m(e)j(ma)m(y)e(use)i
(prop)s(erties)e(lik)m(e)527 5286 y Fb(any)p Fu(,)h Fb(pos)p
Fu(,)f Fb(neg)p Fu(,)h(and)f Fb(zer)n(o)283 5494 y Fu(and)h(for)f(the)h
(dep)s(endency)i(analysis)d(w)m(e)i(ma)m(y)e(use)i(prop)s(erties)p
eop
%%Page: 135 145
135 144 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
(y)e(states)1540 b(135)p 0 193 3473 4 v 244 515 a Fb(d)p
Fu(?)33 b(\(meaning)e(dubious\))h(and)h Fb(ok)g Fu(\(meaning)e(prop)s
(er\))146 701 y(Usually)-8 b(,)38 b(the)g(analyses)g(will)d(b)s(e)j
(part)f(of)g(a)g(compiler)e(and)j(it)e(is)h(therefore)h(imp)s(ortan)m
(t)0 821 y(that)29 b(they)g(alw)m(a)m(ys)h(terminate)d(ev)m(en)k(for)d
(programs)g(that)g(lo)s(op)f(when)j(executed.)45 b(The)30
b(price)0 942 y(w)m(e)c(pa)m(y)f(for)f(alw)m(a)m(ys)h(getting)f(answ)m
(ers)j(is)d(that)g(w)m(e)i(o)s(ccasionally)c(get)j(imprecise)f(answ)m
(ers.)42 b(So)0 1062 y(in)28 b(the)i(case)g(of)f(constan)m(t)h
(propagation)d(the)j(prop)s(ert)m(y)g Fb(any)f Fu(means)g(that)g(the)h
(analysis)e(w)m(as)0 1182 y(not)e(able)f(to)h(detect)h(that)f(the)h(v)
-5 b(alue)25 b(alw)m(a)m(ys)i(w)m(ould)f(b)s(e)g(constan)m(t.)43
b(Similarly)-8 b(,)23 b(the)k(prop)s(ert)m(y)0 1303 y
Fb(any)40 b Fu(for)f(the)h(detection)g(of)g(signs)f(analysis)h(means)f
(that)h(the)g(analysis)f(w)m(as)i(not)f(able)f(to)0 1423
y(detect)f(a)e(unique)h(sign)f(for)f(the)i(v)-5 b(alue.)55
b(F)-8 b(or)35 b(the)i(dep)s(endency)i(analysis)d(the)h(prop)s(ert)m(y)
g Fb(d)p Fu(?)0 1544 y(means)k(that)h(the)f(analysis)g(w)m(as)h(not)g
(able)e(to)h(detect)i(that)e(the)h(v)-5 b(alue)41 b(only)f(dep)s(ends)j
(on)0 1664 y(the)f(input)g(v)-5 b(ariables.)69 b(Note)42
b(that)g(an)f(analysis)h(that)f(alw)m(a)m(ys)h(returns)h(these)g
(\\fail-safe")0 1784 y(prop)s(erties)35 b(will)e(b)s(e)j(a)f(safe)h
(analysis)e(although)h(not)g(a)g(v)m(ery)i(informativ)m(e)c(one.)52
b(Also)35 b(note)0 1905 y(that)29 b(in)f(the)i(case)g(of)f(the)h(dep)s
(endency)h(analysis)e(w)m(e)h(could)f(alw)m(a)m(ys)h(exp)s(ect)g(the)g
(answ)m(er)h Fb(ok)0 2025 y Fu(if)h(all)g(v)-5 b(ariables)32
b(w)m(ere)j(regarded)f(as)g(input)f(v)-5 b(ariables)32
b(but)i(again)e(this)h(is)g(not)h(what)g(w)m(e)g(are)0
2145 y(in)m(terested)g(in.)146 2266 y(The)e(analysis)d(w)m(e)j(shall)d
(dev)m(elop)i(will)d(detect)j(whether)h(or)e(not)g(a)g(statemen)m(t)h
Fs(de\014nitely)0 2386 y Fu(has)k(a)f(functional)f(dep)s(endency)k(b)s
(et)m(w)m(een)f(its)e(input)g(and)h(output)f(v)-5 b(ariables.)48
b(The)35 b(o)m(v)m(erall)0 2507 y(algorithm)h(op)s(erates)k(as)g(follo)
m(ws:)56 b(initially)36 b(all)h(input)i(v)-5 b(ariables)39
b(ha)m(v)m(e)h(the)g(prop)s(ert)m(y)h Fb(ok)0 2627 y
Fu(and)31 b(all)e(other)h(v)-5 b(ariables)30 b(the)h(prop)s(ert)m(y)h
Fb(d)p Fu(?.)43 b(Then)32 b(the)f(analysis)f(is)g(p)s(erformed)g(and)h
(when)0 2747 y(it)g(has)h(terminated)g(the)g(prop)s(erties)g(of)g(the)g
(output)g(v)-5 b(ariables)31 b(are)h(insp)s(ected.)44
b(If)32 b(they)h(are)0 2868 y(all)26 b Fb(ok)i Fu(then)h(the)f
(analysis)g(returns)g(the)h(answ)m(er)g(YES)g(and)f(otherwise)g(NO?.)42
b(The)29 b(analysis)0 2988 y(is)36 b(guaran)m(teed)h(to)g(giv)m(e)f(an)
h(answ)m(er)g(within)f(a)g(\014nite)g(amoun)m(t)g(of)h(time)e(\(dep)s
(ending)h(up)s(on)0 3108 y(the)41 b(statemen)m(t\))g(but)g(the)g(answ)m
(er)h(will)d(not)h(b)s(e)h(precise)g(in)f(all)f(cases.)69
b(Ho)m(w)m(ev)m(er,)45 b(it)40 b(will)0 3229 y(alw)m(a)m(ys)33
b(b)s(e)g Fs(safe)39 b Fu(in)32 b(the)h(sense)h(that)145
3414 y Ft(\017)49 b Fu(if)21 b(the)i(analysis)f(sa)m(ys)i(YES)f(then)g
(there)g(is)f(indeed)g(a)h(functional)d(dep)s(endency)25
b(b)s(et)m(w)m(een)244 3535 y(input)32 b(and)h(output,)g(but)145
3732 y Ft(\017)49 b Fu(if)33 b(the)i(analysis)f(sa)m(ys)i(NO?)e(then)h
(there)g(ma)m(y)g(or)f(ma)m(y)g(not)g(b)s(e)h(a)f(functional)f(dep)s
(en-)244 3853 y(dency)h(b)s(et)m(w)m(een)h(input)d(and)g(output.)0
4038 y(The)c(analysis)e(will)e(b)s(e)j(sp)s(eci\014ed)g
Fs(c)-5 b(omp)g(ositional)5 b(ly)34 b Fu(just)27 b(as)g(the)g
(denotational)e(seman)m(tics)i(of)0 4158 y(Chapter)33
b(4.)43 b(As)33 b(men)m(tioned)e(ab)s(o)m(v)m(e)i(the)g(main)d
(di\013erence)j(b)s(et)m(w)m(een)h(the)e(analysis)g(and)g(the)0
4279 y(denotational)j(seman)m(tics)i(is)f(that)g(the)h(analysis)f(do)s
(es)h(not)g(op)s(erate)f(on)h(exact)h(v)-5 b(alues)36
b(but)0 4399 y(rather)31 b(on)g Fs(pr)-5 b(op)g(erties)38
b Fu(of)31 b(exact)g(v)-5 b(alues.)43 b(Because)33 b(of)d(the)h(close)g
(corresp)s(ondence)i(b)s(et)m(w)m(een)0 4520 y(the)d(sp)s
(eci\014cation)g(of)f(the)i(analysis)e(and)h(the)g(denotational)e
(seman)m(tics)i(w)m(e)h(shall)e(pro)m(v)m(e)i(the)0 4640
y(safet)m(y)j(of)e(the)h(analysis)f(with)g(resp)s(ect)i(to)e(the)h
(denotational)e(seman)m(tics.)0 4970 y Fj(5.1)161 b(Prop)t(erties)53
b(and)g(prop)t(ert)l(y)g(states)0 5189 y Fu(F)-8 b(or)32
b(the)h(dep)s(endency)i(analysis)d(w)m(e)h(shall)f(b)s(e)g(in)m
(terested)i(in)e(t)m(w)m(o)h(prop)s(erties:)145 5374
y Ft(\017)49 b Fb(ok)39 b Fu(meaning)f(that)h(the)g(v)-5
b(alue)39 b Fs(de\014nitely)47 b Fu(only)39 b(dep)s(ends)h(on)f(the)h
(initial)35 b(v)-5 b(alues)39 b(of)244 5494 y(the)33
b(input)f(v)-5 b(ariables,)31 b(and)p eop
%%Page: 136 146
136 145 bop 251 130 a Fw(136)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 429 515 a Ft(\017)48
b Fb(d)p Fu(?)42 b(meaning)e(that)h(the)h(v)-5 b(alue)41
b Fs(may)49 b Fu(dep)s(end)43 b(on)e(the)h(initial)37
b(v)-5 b(alues)42 b(of)f(non-input)527 636 y(v)-5 b(ariables,)32
b(that)g(is)g(the)h(v)-5 b(alue)32 b(ma)m(y)h(b)s(e)f(dubious.)283
822 y(W)-8 b(e)33 b(shall)f(write)527 1008 y Fw(P)g Fu(=)h
Ft(f)p Fb(ok)p Fu(,)g Fb(d)p Fu(?)p Ft(g)283 1194 y Fu(for)41
b(this)g(set)i(of)e(prop)s(erties)g(and)h(w)m(e)g(use)g
Fs(p)48 b Fu(as)41 b(a)h(meta-v)-5 b(ariable)38 b(ranging)i(o)m(v)m(er)
j Fw(P)p Fu(.)e(It)g(is)283 1314 y(more)34 b(informativ)m(e)e(to)h(kno)
m(w)i(that)f(an)g(expression)h(has)f(the)h(prop)s(ert)m(y)f
Fb(ok)h Fu(than)f Fb(d)p Fu(?.)48 b(As)34 b(a)283 1435
y(record)g(of)e(this)g(w)m(e)h(de\014ne)h(a)f(partial)d(order)j
Ft(v)2036 1450 y Fn(P)2121 1435 y Fu(on)f Fw(P)p Fu(:)527
1621 y Fb(ok)h Ft(v)764 1636 y Fn(P)849 1621 y Fb(d)p
Fu(?,)98 b Fb(ok)33 b Ft(v)1318 1636 y Fn(P)1403 1621
y Fb(ok)p Fu(,)98 b Fb(d)p Fu(?)33 b Ft(v)1872 1636 y
Fn(P)1957 1621 y Fb(d)p Fu(?)283 1807 y(and)g(depicted)g(as)942
2232 y Ft(\017)65 b Fb(ok)942 1942 y Ft(\017)g Fb(d)p
Fu(?)p 966 2174 4 225 v 283 2501 a(Th)m(us)35 b(the)e(more)e
(informativ)m(e)g(prop)s(ert)m(y)i(is)f(at)h(the)g(b)s(ottom)e(of)h
(the)h(ordering!)43 b(W)-8 b(e)33 b(ha)m(v)m(e)p 283
2622 3473 5 v 283 2779 a Fw(F)-9 b(act)38 b(5.1)49 b
Fu(\()p Fw(P)p Fu(,)32 b Ft(v)973 2794 y Fn(P)1026 2779
y Fu(\))g(is)g(a)g(complete)g(lattice.)42 b(If)33 b Fs(Y)52
b Fu(is)32 b(a)g(subset)j(of)d Fw(P)g Fu(then)552 2880
y Fg(F)621 2961 y Fn(P)674 2946 y Fs(Y)52 b Fu(=)32 b
Fb(d)p Fu(?)h(if)e(and)i(only)f(if)f Fb(d)p Fu(?)i Ft(2)g
Fs(Y)p 283 3067 V 283 3253 a Fw(Pro)s(of:)g Fu(The)c(pro)s(of)f(is)g
(straigh)m(tforw)m(ard)g(using)g(the)h(de\014nition)f(of)f(complete)h
(lattices)g(giv)m(en)283 3373 y(in)k(Chapter)i(4.)2828
b Fh(2)430 3577 y Fu(It)35 b(is)f(con)m(v)m(enien)m(t)i(to)f(write)f
Fs(p)1551 3592 y Fn(1)1623 3577 y Ft(t)1690 3592 y Fn(P)1774
3577 y Fs(p)1830 3592 y Fn(2)1904 3577 y Fu(instead)h(of)2356
3510 y Fg(F)2426 3592 y Fn(P)2478 3577 y Ft(f)p Fs(p)2584
3592 y Fn(1)2623 3577 y Fu(,)g Fs(p)2741 3592 y Fn(2)2781
3577 y Ft(g)p Fu(.)49 b(It)35 b(follo)m(ws)f(from)f(F)-8
b(act)283 3697 y(5.1)33 b(that)f(the)h(binary)f(op)s(eration)f
Ft(t)1629 3712 y Fn(P)1714 3697 y Fu(ma)m(y)h(b)s(e)h(giv)m(en)f(b)m(y)
i(the)f(table)585 3875 y Ft(t)652 3890 y Fn(P)p 752 3911
4 121 v 803 3875 a Fb(ok)101 b(d)p Fu(?)p 527 3914 661
4 v 577 3998 a Fb(ok)p 752 4035 4 121 v 100 w(ok)g(d)p
Fu(?)596 4119 y Fb(d)p Fu(?)p 752 4155 V 109 w Fb(d)p
Fu(?)109 b Fb(d)p Fu(?)430 4298 y(When)23 b(reasoning)f(ab)s(out)g(the)
h(safet)m(y)g(of)f(the)h(analysis)e(w)m(e)j(need)f(to)f(b)s(e)h(a)f
(bit)f(more)h(precise)283 4418 y(ab)s(out)29 b(the)g(meaning)f(of)h
(the)g(prop)s(erties)g(with)g(resp)s(ect)h(to)e(the)i(v)-5
b(alues)29 b(of)f(the)i(denotational)283 4539 y(seman)m(tics.)43
b(While)28 b(it)g(ma)m(y)h(b)s(e)g(in)m(tuitiv)m(ely)f(clear)h(whether)
h(or)f(not)g(the)h(v)-5 b(alue)28 b(of)h(a)g(v)-5 b(ariable)283
4659 y(only)42 b(dep)s(ends)h(on)f(the)g(input)f(v)-5
b(ariables,)43 b(it)e(turns)h(out)g(to)f(b)s(e)h(imp)s(ossible)e(to)h
(insp)s(ect)h(a)283 4780 y(sp)s(eci\014c)36 b(v)-5 b(alue,)35
b(for)f(example)g Fw(27)p Fu(,)h(and)g(decide)g(whether)h(or)f(not)f
(this)g(is)h(indeed)g(the)g(case.)283 4900 y(The)k(reason)g(is)e(that)h
(w)m(e)g(lose)g(the)g(con)m(text)h(in)e(whic)m(h)i(the)f(v)-5
b(alue)37 b(arises.)60 b(W)-8 b(e)38 b(shall)e(solv)m(e)283
5020 y(this)42 b(di\016cult)m(y)f(in)g(Section)h(5.3)f(and)h(to)f
(prepare)h(for)f(the)h(solution)f(w)m(e)h(shall)f(de\014ne)h(the)283
5141 y(follo)m(wing)30 b(parameterized)i(relations:)527
5327 y(rel)p 527 5340 109 4 v 15 x Fn(Aexp)801 5327 y
Fu(:)43 b Fw(P)32 b Ft(!)g Fu(\()p Fw(Z)h Ft(\002)g Fw(Z)g
Ft(!)f Fw(T)p Fu(\))527 5494 y(rel)p 527 5507 V 15 x
Fn(Bexp)798 5494 y Fu(:)43 b Fw(P)32 b Ft(!)g Fu(\()p
Fw(T)h Ft(\002)g Fw(T)f Ft(!)g Fw(T)p Fu(\))p eop
%%Page: 137 147
137 146 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
(y)e(states)1540 b(137)p 0 193 3473 4 v 0 515 a Fu(F)-8
b(or)32 b(arithmetic)e(expressions)35 b(the)e(relation)d(is)i
(de\014ned)i(b)m(y:)244 801 y(rel)p 244 814 109 4 v 352
816 a Fn(Aexp)517 801 y Fu(\()p Fs(p)6 b Fu(\)\()p Fs(v)743
816 y Fn(1)782 801 y Fu(,)32 b Fs(v)897 816 y Fn(2)936
801 y Fu(\))h(=)1115 627 y Fg(8)1115 701 y(<)1115 851
y(:)1231 716 y Fw(tt)82 b Fs(p)38 b Fu(=)33 b Fb(d)p
Fu(?)f(or)h Fs(v)1914 731 y Fn(1)1985 716 y Fu(=)f Fs(v)2149
731 y Fn(2)1231 884 y Fw(\013)105 b Fu(otherwise)0 1087
y(and)33 b(similarly)c(for)j(b)s(o)s(olean)f(expression:)244
1372 y(rel)p 244 1385 V 352 1387 a Fn(Bexp)514 1372 y
Fu(\()p Fs(p)6 b Fu(\)\()p Fs(v)740 1387 y Fn(1)779 1372
y Fu(,)33 b Fs(v)895 1387 y Fn(2)934 1372 y Fu(\))f(=)1112
1198 y Fg(8)1112 1273 y(<)1112 1422 y(:)1228 1288 y Fw(tt)82
b Fs(p)38 b Fu(=)33 b Fb(d)p Fu(?)f(or)h Fs(v)1911 1303
y Fn(1)1982 1288 y Fu(=)g Fs(v)2147 1303 y Fn(2)1228
1455 y Fw(\013)105 b Fu(otherwise)0 1658 y(W)-8 b(e)46
b(shall)f(often)h(omit)e(the)i(subscript)h(when)g(no)f(confusion)f(is)h
(lik)m(ely)e(to)i(result.)83 b(Eac)m(h)0 1778 y(of)43
b(the)g(relations)f(tak)m(e)i(a)f(prop)s(ert)m(y)h(and)f(t)m(w)m(o)h(v)
-5 b(alues)43 b(as)g(parameters.)76 b(In)m(tuitiv)m(ely)-8
b(,)45 b(the)0 1899 y(prop)s(ert)m(y)37 b(expresses)i(ho)m(w)e(m)m(uc)m
(h)g(the)g(t)m(w)m(o)g(v)-5 b(alues)36 b(are)g(allo)m(w)m(ed)g(to)f
(di\013er.)54 b(Th)m(us)38 b Fb(d)p Fu(?)f(puts)0 2019
y(no)32 b(requiremen)m(ts)i(on)e(the)h(v)-5 b(alues)33
b(whereas)h Fb(ok)f Fu(requires)g(that)f(the)h(t)m(w)m(o)g(v)-5
b(alues)33 b(are)f(equal.)0 2139 y(As)h(an)g(aid)e(to)h(readabilit)m(y)
f(w)m(e)j(shall)d(often)i(write)244 2343 y Fs(v)300 2358
y Fn(1)371 2343 y Ft(\021)g Fs(v)537 2358 y Fn(2)609
2343 y Fu(rel)p 609 2356 V 32 w Fs(p)0 2547 y Fu(instead)i(of)g(rel)p
453 2560 V(\()p Fs(p)6 b Fu(\)\()p Fs(v)788 2562 y Fn(1)827
2547 y Fu(,)36 b Fs(v)946 2562 y Fn(2)985 2547 y Fu(\))f(and)h(w)m(e)g
(shall)e(sa)m(y)j(that)e Fs(v)2070 2562 y Fn(1)2144 2547
y Fs(and)46 b(v)2401 2562 y Fn(2)2475 2547 y Fs(ar)-5
b(e)37 b(e)-5 b(qual)38 b(as)f(far)g(as)43 b(p)f(is)0
2668 y(c)-5 b(onc)g(erne)g(d)42 b Fu(\(or)32 b(relativ)m(e)g(to)g
Fs(p)6 b Fu(\).)0 2928 y Fw(Prop)s(ert)m(y)37 b(states)0
3113 y Fu(In)49 b(the)g(op)s(erational)d(and)i(denotational)f(seman)m
(tics)h(a)h(state)f(maps)h(v)-5 b(ariables)47 b(to)h(their)0
3234 y(v)-5 b(alues.)43 b(In)30 b(the)h(analysis)e(the)i(coun)m
(terpart)g(of)f(this)g(will)e(b)s(e)i(a)g Fs(pr)-5 b(op)g(erty)33
b(state)38 b Fu(whic)m(h)31 b(maps)0 3354 y(v)-5 b(ariables)28
b(to)h(prop)s(erties,)h(that)f(is)f(essen)m(tially)h(a)g(function)g(in)
f Fw(V)-9 b(ar)29 b Ft(!)f Fw(P)p Fu(.)h(The)h(idea)f(is)g(that)0
3475 y(the)35 b(initial)c(prop)s(ert)m(y)36 b(state)f(will)e(only)h
(map)g(the)h(input)f(v)-5 b(ariables)34 b(to)g Fb(ok)i
Fu(and)f(that)f(if)g(the)0 3595 y(\014nal)40 b(prop)s(ert)m(y)h(state)g
(is)f(acceptable)h(and)f(maps)g(all)f(output)h(v)-5 b(ariables)40
b(to)g Fb(ok)h Fu(then)g(the)0 3715 y(output)33 b(of)f(the)h(statemen)m
(t)g(will)d(de\014nitely)j(b)s(e)f(functionally)f(dep)s(enden)m(t)j(on)
f(the)g(input.)146 3836 y(T)-8 b(o)42 b(mak)m(e)g(this)f(idea)g(w)m
(ork)i(w)m(e)g(ha)m(v)m(e)g(to)e(extend)i(the)f(prop)s(ert)m(y)h(state)
f(to)f(mo)s(del)f(one)0 3956 y(additional)34 b(phenomenon,)j(namely)f
(the)h(\\\015o)m(w)g(of)f(con)m(trol".)54 b(W)-8 b(e)37
b(shall)e(illustrate)f(this)i(in)0 4077 y(Example)i(5.3)g(b)s(elo)m(w)g
(but)g(let)g(us)h(\014rst)g(in)m(tro)s(duce)f(some)g(notation)f(that)h
(will)e(handle)i(the)0 4197 y(problem.)k(The)32 b(set)g
Fw(PState)f Fu(of)g(prop)s(ert)m(y)g(states)i(ranged)e(o)m(v)m(er)h(b)m
(y)g(the)g(meta-v)-5 b(ariable)28 b Fs(ps)8 b Fu(,)0
4317 y(is)32 b(de\014ned)i(b)m(y)244 4521 y Fw(PState)e
Fu(=)g(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
Ft(g)p Fu(\))g Ft(!)f Fw(P)0 4725 y Fu(where)27 b(`on-trac)m(k')f(is)f
(a)g(sp)s(ecial)g(tok)m(en)i(used)g(to)e(mo)s(del)f(the)i(\\\015o)m(w)g
(of)f(con)m(trol".)40 b(If)26 b(`on-trac)m(k')0 4846
y(is)42 b(mapp)s(ed)h(to)f Fb(ok)i Fu(this)e(means)h(that)g(the)g
(\\\015o)m(w)g(of)f(con)m(trol")g(only)h(dep)s(ends)h(up)s(on)f(the)0
4966 y(v)-5 b(alues)33 b(of)g(the)h(input)f(v)-5 b(ariables;)33
b(if)f(it)g(is)h(mapp)s(ed)g(to)g Fb(d)p Fu(?)h(this)f(need)i(not)e(b)s
(e)g(the)h(case.)47 b(F)-8 b(or)0 5086 y(a)32 b(prop)s(ert)m(y)i(state)
f Fs(ps)40 b Ft(2)33 b Fw(PState)f Fu(w)m(e)i(de\014ne)g(the)f(set)244
5290 y(OK\()p Fs(ps)8 b Fu(\))32 b(=)g Ft(f)h Fs(x)44
b Ft(2)33 b Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
Ft(g)f(j)g Fs(ps)41 b(x)j Fu(=)33 b Fb(ok)g Ft(g)0 5494
y Fu(of)f(\\v)-5 b(ariables")31 b(mapp)s(ed)h(to)g Fb(ok)i
Fu(and)e(w)m(e)i(sa)m(y)f(that)p eop
%%Page: 138 148
138 147 bop 251 130 a Fw(138)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fs(ps)41
b Fu(is)32 b Fs(pr)-5 b(op)g(er)43 b Fu(if)31 b(and)i(only)f(if)f
Fs(ps)8 b Fu(\(on-trac)m(k\))33 b(=)f Fb(ok)p Fu(.)283
711 y(If)h Fs(ps)40 b Fu(is)32 b(not)h(prop)s(er)g(w)m(e)g(shall)e
(sometimes)h(sa)m(y)h(that)g(it)e(is)h(improp)s(er.)430
832 y(The)d(relationship)d(b)s(et)m(w)m(een)31 b(prop)s(ert)m(y)d
(states)i(and)e(states)h(is)f(giv)m(en)g(b)m(y)h(the)g(parameter-)283
952 y(ized)k(relation:)527 1148 y(rel)p 527 1161 109
4 v 15 x Fn(Stm)765 1148 y Fu(:)44 b Fw(PState)32 b Ft(!)g
Fu(\()p Fw(State)h Ft(\002)g Fw(State)f Ft(!)g Fw(T)p
Fu(\))283 1344 y(de\014ned)i(b)m(y)527 1700 y(rel)p 527
1713 V 15 x Fn(Stm)765 1700 y Fu(\()p Fs(ps)8 b Fu(\)\()p
Fs(s)1025 1715 y Fn(1)1065 1700 y Fu(,)32 b Fs(s)1172
1715 y Fn(2)1212 1700 y Fu(\))g(=)1391 1451 y Fg(8)1391
1525 y(>)1391 1550 y(>)1391 1575 y(>)1391 1600 y(<)1391
1749 y(>)1391 1774 y(>)1391 1799 y(>)1391 1824 y(:)1506
1531 y Fw(tt)82 b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33
b(=)f Fb(d)p Fu(?)1676 1699 y(or)g Ft(8)h Fs(x)44 b Ft(2)33
b Fw(V)-9 b(ar)32 b Ft(\\)h Fu(OK\()p Fs(ps)8 b Fu(\):)43
b Fs(s)2822 1714 y Fn(1)2894 1699 y Fs(x)i Fu(=)32 b
Fs(s)3140 1714 y Fn(2)3212 1699 y Fs(x)1506 1866 y Fw(\013)105
b Fu(otherwise)283 2056 y(and)39 b(again)d(w)m(e)j(ma)m(y)f(omit)f(the)
h(subscript)h(when)g(no)f(confusion)g(is)g(lik)m(ely)f(to)h(o)s(ccur.)
60 b(The)283 2176 y(relation)34 b(expresses)39 b(the)e(exten)m(t)g(to)e
(whic)m(h)i(t)m(w)m(o)f(states)h(are)f(allo)m(w)m(ed)f(to)g(di\013er)h
(as)g(far)f(as)h(a)283 2296 y(giv)m(en)30 b(prop)s(ert)m(y)g(state)g
(is)e(concerned.)45 b(If)29 b Fs(ps)37 b Fu(is)29 b(not)g(prop)s(er)g
(then)h(rel)p 2766 2309 V -1 w(\()p Fs(ps)8 b Fu(\))29
b(will)e(hold)i(on)g(an)m(y)283 2417 y(t)m(w)m(o)h(states.)44
b(Ho)m(w)m(ev)m(er,)32 b(if)c Fs(ps)37 b Fu(is)29 b(prop)s(er)g(then)h
(rel)p 2031 2430 V -1 w(\()p Fs(ps)8 b Fu(\))29 b(will)e(hold)i(on)g(t)
m(w)m(o)h(states)g(if)e(they)i(are)283 2537 y(equal)37
b(on)f(the)g(v)-5 b(ariables)35 b(in)h(OK\()p Fs(ps)8
b Fu(\).)54 b(Phrased)37 b(di\013eren)m(tly)-8 b(,)37
b(w)m(e)h(ma)m(y)e(view)g Fs(ps)44 b Fu(as)37 b(a)f(pair)283
2657 y(of)i(glasses)g(that)f(only)h(allo)m(ws)e(us)i(to)g(see)h(part)e
(of)g(the)i(states)f(and)g(rel)p 2853 2670 V -1 w(\()p
Fs(ps)8 b Fu(\)\()p Fs(s)3221 2672 y Fn(1)3261 2657 y
Fu(,)39 b Fs(s)3375 2672 y Fn(2)3414 2657 y Fu(\))f(means)283
2778 y(that)32 b Fs(s)542 2793 y Fn(1)614 2778 y Fu(and)g
Fs(s)851 2793 y Fn(2)922 2778 y Fu(lo)s(ok)f(the)i(same)f(when)h(view)m
(ed)g(through)f(that)g(pair)f(of)g(glasses.)44 b(Again)31
b(w)m(e)283 2898 y(shall)h(write)527 3094 y Fs(s)575
3109 y Fn(1)647 3094 y Ft(\021)h Fs(s)805 3109 y Fn(2)877
3094 y Fu(rel)p 877 3107 V 32 w Fs(ps)283 3290 y Fu(for)f(rel)p
432 3303 V(\()p Fs(ps)8 b Fu(\)\()p Fs(s)801 3305 y Fn(1)840
3290 y Fu(,)33 b Fs(s)948 3305 y Fn(2)987 3290 y Fu(\).)283
3508 y Fw(Example)k(5.2)49 b Fu(Let)33 b Fs(s)1161 3523
y Fn(1)1200 3508 y Fu(,)g Fs(s)1308 3523 y Fn(2)1380
3508 y Fu(and)g Fs(ps)40 b Fu(b)s(e)33 b(giv)m(en)f(b)m(y)527
3704 y Fs(s)575 3719 y Fn(1)647 3704 y Fr(x)h Fu(=)g
Fw(1)f Fu(and)h Fs(s)1166 3719 y Fn(1)1238 3704 y Fs(y)41
b Fu(=)33 b Fw(0)f Fu(for)g Fs(y)42 b Ft(2)33 b Fw(V)-9
b(ar)p Ft(n)o(f)p Fr(x)p Ft(g)527 3872 y Fs(s)575 3887
y Fn(2)647 3872 y Fr(x)33 b Fu(=)g Fw(2)f Fu(and)h Fs(s)1166
3887 y Fn(2)1238 3872 y Fs(y)41 b Fu(=)33 b Fw(0)f Fu(for)g
Fs(y)42 b Ft(2)33 b Fw(V)-9 b(ar)p Ft(n)o(f)p Fr(x)p
Ft(g)527 4039 y Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(and)f
Fs(ps)41 b(y)g Fu(=)33 b Fb(ok)g Fu(for)f Fs(y)42 b Ft(2)32
b Fu(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
Ft(g)p Fu(\))p Ft(nf)p Fr(x)p Ft(g)283 4235 y Fu(Then)h
Fs(s)586 4250 y Fn(1)658 4235 y Ft(\021)f Fs(s)816 4250
y Fn(2)888 4235 y Fu(rel)p 888 4248 V 32 w Fs(ps)8 b
Fu(.)2527 b Fh(2)283 4454 y Fw(Example)37 b(5.3)49 b
Fu(T)-8 b(o)26 b(motiv)-5 b(ate)24 b(the)j(need)g(for)f(improp)s(er)e
(prop)s(ert)m(y)j(states,)i(that)d(is)f(the)i(need)283
4574 y(for)32 b(`on-trac)m(k',)i(consider)e(the)h(follo)m(wing)d
(statemen)m(ts:)527 4770 y Fs(S)594 4785 y Fn(1)634 4770
y Fu(:)97 b Fr(x)33 b Fu(:=)g Fr(1)527 4937 y Fs(S)594
4952 y Fn(2)634 4937 y Fu(:)97 b Fr(x)33 b Fu(:=)g Fr(2)283
5133 y Fu(It)g(w)m(ould)f(b)s(e)g(natural)f(to)h(exp)s(ect)h(that)f
(the)h(analysis)e(of)h Fs(S)2496 5148 y Fn(1)2567 5133
y Fu(will)e(map)i(an)m(y)h(prop)s(ert)m(y)f(state)283
5254 y Fs(ps)46 b Fu(to)36 b(the)i(prop)s(ert)m(y)g(state)g
Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)o Fb(ok)p Fu(])38 b(since)g(a)f(constan)m
(t)h(v)-5 b(alue)37 b(cannot)g(dep)s(end)h(on)f(the)283
5374 y(v)-5 b(alue)31 b(of)f(an)m(y)i(\(non-input\))e(v)-5
b(ariable.)41 b(A)31 b(similar)d(argumen)m(t)j(holds)f(for)h
Fs(S)3079 5389 y Fn(2)3118 5374 y Fu(.)43 b(No)m(w)32
b(consider)283 5494 y(the)h(statemen)m(ts)p eop
%%Page: 139 149
139 148 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
(y)e(states)1540 b(139)p 0 193 3473 4 v 244 515 a Fs(S)311
530 y Fn(11)385 515 y Fu(:)98 b Fr(if)33 b(x)g Fu(=)f
Fr(1)h(then)h Fs(S)1226 530 y Fn(1)1297 515 y Fr(else)g
Fs(S)1602 530 y Fn(1)244 683 y Fs(S)311 698 y Fn(12)385
683 y Fu(:)98 b Fr(if)33 b(x)g Fu(=)f Fr(1)h(then)h Fs(S)1226
698 y Fn(1)1297 683 y Fr(else)g Fs(S)1602 698 y Fn(2)0
874 y Fu(Again)h(w)m(e)i(ma)m(y)f(exp)s(ect)h(that)f(the)h(analysis)e
(of)h Fs(S)1901 889 y Fn(11)2012 874 y Fu(will)d(map)j(an)m(y)g(prop)s
(ert)m(y)h(state)g Fs(ps)44 b Fu(to)0 994 y(the)33 b(prop)s(ert)m(y)g
(state)g Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)p Fb(ok)p Fu(],)34
b(since)f Fs(S)1601 1009 y Fn(11)1708 994 y Fu(is)f(seman)m(tically)e
(equiv)-5 b(alen)m(t)33 b(to)f Fs(S)3014 1009 y Fn(1)3053
994 y Fu(.)146 1114 y(Concerning)d Fs(S)724 1129 y Fn(12)827
1114 y Fu(it)f(will)e(not)j(alw)m(a)m(ys)g(b)s(e)g(correct)g(for)f(the)
h(analysis)f(to)g(map)g(a)h(prop)s(ert)m(y)0 1235 y(state)k
Fs(ps)40 b Fu(to)33 b Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)p
Fb(ok)p Fu(].)44 b(F)-8 b(or)31 b(an)i(example)f(supp)s(ose)i(that)e
Fs(ps)8 b Fu(,)33 b Fs(s)2465 1250 y Fn(1)2537 1235 y
Fu(and)g Fs(s)2775 1250 y Fn(2)2847 1235 y Fu(are)f(suc)m(h)i(that)244
1425 y Fs(ps)40 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(and)g
Fs(ps)40 b(y)i Fu(=)32 b Fb(ok)h Fu(for)g Fs(y)41 b Ft(2)33
b Fu(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
Ft(g)p Fu(\))p Ft(nf)p Fr(x)p Ft(g)244 1593 y Fs(s)292
1608 y Fn(1)364 1593 y Fr(x)g Fu(=)f Fw(1)h Fu(and)f
Fs(s)882 1608 y Fn(1)954 1593 y Fs(y)42 b Fu(=)32 b Fw(0)h
Fu(for)f Fs(y)41 b Ft(2)33 b Fw(V)-9 b(ar)p Ft(nf)p Fr(x)p
Ft(g)244 1761 y Fs(s)292 1776 y Fn(2)364 1761 y Fr(x)33
b Fu(=)f Fw(2)h Fu(and)f Fs(s)882 1776 y Fn(2)954 1761
y Fs(y)42 b Fu(=)32 b Fw(0)h Fu(for)f Fs(y)41 b Ft(2)33
b Fw(V)-9 b(ar)p Ft(nf)p Fr(x)p Ft(g)0 1951 y Fu(Then)34
b(Example)e(5.2)g(giv)m(es)244 2142 y Fs(s)292 2157 y
Fn(1)364 2142 y Ft(\021)h Fs(s)522 2157 y Fn(2)594 2142
y Fu(rel)p 594 2155 109 4 v 32 w Fs(ps)0 2333 y Fu(but)50
b Ft(S)264 2348 y Fn(ds)335 2333 y Fu([)-17 b([)q Fs(S)440
2348 y Fn(12)514 2333 y Fu(])g(])q Fs(s)600 2348 y Fn(1)689
2333 y Ft(\021)51 b(S)885 2348 y Fn(ds)956 2333 y Fu([)-17
b([)p Fs(S)1060 2348 y Fn(12)1135 2333 y Fu(])g(])q Fs(s)1221
2348 y Fn(2)1310 2333 y Fu(rel)p 1310 2346 V 49 w Fs(ps)8
b Fu([)p Fr(x)p Ft(7!)p Fb(ok)p Fu(])51 b Fs(fails)57
b Fu(b)s(ecause)52 b Ft(S)2627 2348 y Fn(ds)2698 2333
y Fu([)-17 b([)p Fs(S)2802 2348 y Fn(12)2877 2333 y Fu(])g(])q
Fs(s)2963 2348 y Fn(1)3052 2333 y Fu(=)50 b Fs(s)3226
2348 y Fn(1)3315 2333 y Fu(and)0 2453 y Ft(S)68 2468
y Fn(ds)139 2453 y Fu([)-17 b([)q Fs(S)244 2468 y Fn(12)318
2453 y Fu(])g(])q Fs(s)404 2468 y Fn(2)476 2453 y Fu(=)32
b Fs(s)632 2468 y Fn(2)704 2453 y Fu(and)h Fs(s)942 2468
y Fn(1)1014 2453 y Fr(x)g Ft(6)p Fu(=)f Fs(s)1254 2468
y Fn(2)1326 2453 y Fr(x)p Fu(.)146 2573 y(Ho)m(w)m(ev)m(er,)j(from)c
(the)i(p)s(oin)m(t)f(of)g(view)g(of)g(the)h Fs(analysis)40
b Fu(there)33 b(is)f(no)g(di\013erence)h(b)s(et)m(w)m(een)0
2694 y Fs(S)67 2709 y Fn(1)137 2694 y Fu(and)d Fs(S)391
2709 y Fn(2)461 2694 y Fu(b)s(ecause)i(neither)e(the)h(v)-5
b(alue)30 b(of)g Fr(1)g Fu(nor)h Fr(2)f Fu(dep)s(ends)i(on)f(the)g(v)-5
b(alues)30 b(of)g(the)h(input)0 2814 y(v)-5 b(ariables.)90
b(Since)48 b(the)h(analysis)f(is)g(comp)s(ositionally)c(de\014ned)50
b(this)e(means)g(that)h(there)0 2935 y(can)36 b(b)s(e)g(no)f
(di\013erence)h(b)s(et)m(w)m(een)i Fs(S)1342 2950 y Fn(11)1452
2935 y Fu(and)e Fs(S)1712 2950 y Fn(12)1822 2935 y Fu(from)e(the)i(p)s
(oin)m(t)f(of)g(view)h(of)f(the)h(analysis.)0 3055 y(Therefore)27
b(w)m(e)g(ha)m(v)m(e)g(to)e(accept)h(that)g(also)f(the)h(analysis)f(of)
g Fs(S)2284 3070 y Fn(11)2384 3055 y Fu(should)h Fs(not)35
b Fu(allo)m(w)24 b(mapping)0 3175 y(an)32 b(arbitrary)g(prop)s(ert)m(y)
h(state)g Fs(ps)41 b Fu(to)32 b Fs(ps)8 b Fu([)p Fr(x)p
Ft(7!)p Fb(ok)p Fu(].)146 3296 y(The)38 b(di\013erence)g(b)s(et)m(w)m
(een)h Fs(S)1240 3311 y Fn(1)1316 3296 y Fu(and)e Fs(S)1577
3311 y Fn(2)1653 3296 y Fu(arises)f(when)i(the)g(\\\015o)m(w)f(of)f
(con)m(trol")g(do)s(es)i(not)0 3416 y(dep)s(end)25 b(on)e(the)i(input)e
(v)-5 b(ariables)22 b(and)i(it)f(is)g(here)h(the)h(need)f(for)f(the)i
(sp)s(ecial)d(tok)m(en)j(`on-trac)m(k')0 3536 y(comes)33
b(in.)44 b(W)-8 b(e)34 b(shall)e(transform)g(a)g(prop)s(ert)m(y)i
(state)g(in)m(to)e(an)h(improp)s(er)e(one,)j(b)m(y)g(mapping)0
3657 y(`on-trac)m(k')39 b(to)f Fb(d)p Fu(?,)i(whenev)m(er)h(the)e
(\\\015o)m(w)g(of)f(con)m(trol")f(is)h(not)h(\\functionally)d(dep)s
(enden)m(t")0 3777 y(on)47 b(the)g(input)f(v)-5 b(ariables.)85
b(Th)m(us)48 b(if)e Fs(ps)55 b Fr(x)46 b Fu(=)h Fb(d)p
Fu(?)g(then)g(it)f(is)g(the)i(test,)j Fr(x)c Fu(=)f Fr(1)p
Fu(,)51 b(in)46 b Fs(S)3398 3792 y Fn(11)0 3898 y Fu(and)33
b Fs(S)257 3913 y Fn(12)365 3898 y Fu(that)g(will)d(b)s(e)k(resp)s
(onsible)f(for)f(mapping)g Fs(ps)41 b Fu(in)m(to)32 b(the)i(improp)s
(er)d(prop)s(ert)m(y)j(state)0 4018 y Fs(ps)8 b Fu([on-trac)m(k)p
Ft(7!)p Fb(d)p Fu(?])39 b(and)g(then)g(the)g(e\013ect)h(of)e(analysing)
g Fs(S)2235 4033 y Fn(1)2313 4018 y Fu(and)h Fs(S)2576
4033 y Fn(2)2653 4018 y Fu(do)s(es)h(not)e(matter)g(as)0
4138 y(long)31 b(as)i(an)g(improp)s(er)e(prop)s(ert)m(y)i(state)g(is)f
(not)g(mapp)s(ed)h(in)m(to)e(a)i(prop)s(er)f(one.)468
b Fh(2)146 4350 y Fu(Our)33 b(next)g(task)g(will)d(b)s(e)j(to)f(endo)m
(w)i Fw(PState)e Fu(with)g(some)g(partially)e(ordered)j(structure)0
4470 y(and)h(to)h(in)m(v)m(estigate)f(the)h(prop)s(erties)f(of)g(rel)p
1543 4483 V 1651 4485 a Fn(Stm)1781 4470 y Fu(.)49 b(Concerning)35
b(the)f(former)g(this)g(will)e(b)s(e)i(an)0 4590 y(instance)f(of)f(a)g
(general)g(pro)s(cedure:)p 0 4711 3473 5 v 0 4872 a Fw(Lemma)37
b(5.4)49 b Fu(Assume)43 b(that)f Fs(S)54 b Fu(is)41 b(a)h(non-empt)m(y)
g(set)h(and)f(that)f(\()p Fs(D)9 b Fu(,)42 b Ft(v)q Fu(\))g(is)f(a)h
(partially)0 4993 y(ordered)33 b(set.)44 b(Let)33 b Ft(v)795
4957 y Fi(0)851 4993 y Fu(b)s(e)f(the)h(ordering)f(on)h(the)g(set)g
Fs(S)12 b Ft(!)o Fs(D)42 b Fu(de\014ned)34 b(b)m(y)244
5183 y Fs(f)295 5198 y Fn(1)367 5183 y Ft(v)444 5147
y Fi(0)500 5183 y Fs(f)551 5198 y Fn(2)623 5183 y Fu(if)d(and)i(only)f
(if)g Fs(f)1256 5198 y Fn(1)1328 5183 y Fs(x)45 b Ft(v)33
b Fs(f)1579 5198 y Fn(2)1651 5183 y Fs(x)44 b Fu(for)32
b(all)e Fs(x)45 b Ft(2)33 b Fs(S)0 5374 y Fu(Then)i(\()p
Fs(S)12 b Ft(!)o Fs(D)d Fu(,)33 b Ft(v)681 5338 y Fi(0)704
5374 y Fu(\))g(is)g(a)g(partially)e(ordered)j(set.)47
b(F)-8 b(urthermore,)33 b(\()p Fs(S)12 b Ft(!)o Fs(D)d
Fu(,)34 b Ft(v)2914 5338 y Fi(0)2938 5374 y Fu(\))f(is)g(a)g(ccp)s(o)h
(if)0 5494 y Fs(D)42 b Fu(is)32 b(and)g(it)g(is)g(a)g(complete)g
(lattice)f(if)h Fs(D)41 b Fu(is.)i(In)33 b(b)s(oth)f(cases)i(w)m(e)g
(ha)m(v)m(e)p eop
%%Page: 140 150
140 149 bop 251 130 a Fw(140)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fu(\()565
449 y Fg(F)634 479 y Fi(0)658 515 y Fs(Y)19 b Fu(\))33
b Fs(x)44 b Fu(=)1018 449 y Fg(F)1119 515 y Ft(f)33 b
Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52
b Ft(g)283 715 y Fu(so)33 b(that)g(least)f(upp)s(er)h(b)s(ounds)g(are)g
(determined)f(p)s(oin)m(t)m(wise.)p 283 835 3473 5 v
283 1034 a Fw(Pro)s(of:)48 b Fu(It)41 b(is)g(straigh)m(tforw)m(ard)g
(to)g(v)m(erify)h(that)f Ft(v)2255 998 y Fi(0)2320 1034
y Fu(is)g(a)g(partial)e(order)i(so)h(w)m(e)g(omit)d(the)283
1155 y(details.)50 b(W)-8 b(e)35 b(shall)f(\014rst)h(pro)m(v)m(e)h(the)
g(lemma)d(in)h(the)h(case)h(where)g Fs(D)44 b Fu(is)34
b(a)h(complete)f(lattice)283 1275 y(so)f(let)f Fs(Y)52
b Fu(b)s(e)33 b(a)f(subset)j(of)d Fs(S)44 b Ft(!)32 b
Fs(D)9 b Fu(.)33 b(Then)g(the)g(form)m(ula)527 1474 y(\()565
1408 y Fg(F)634 1438 y Fi(0)658 1474 y Fs(Y)19 b Fu(\))33
b Fs(x)44 b Fu(=)1018 1408 y Fg(F)1119 1474 y Ft(f)33
b Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52
b Ft(g)283 1674 y Fu(de\014nes)33 b(an)e(elemen)m(t)1094
1607 y Fg(F)1164 1637 y Fi(0)1187 1674 y Fs(Y)50 b Fu(of)31
b Fs(S)42 b Ft(!)31 b Fs(D)39 b Fu(b)s(ecause)32 b Fs(D)40
b Fu(b)s(eing)30 b(a)h(complete)f(lattice)f(means)i(that)283
1728 y Fg(F)353 1794 y Ft(f)43 b Fs(f)64 b(x)55 b Ft(j)43
b Fs(f)64 b Ft(2)44 b Fs(Y)63 b Ft(g)43 b Fu(exists)h(for)f(all)e
Fs(x)55 b Fu(of)43 b Fs(S)12 b Fu(.)43 b(This)g(sho)m(ws)i(that)2834
1728 y Fg(F)2904 1758 y Fi(0)2927 1794 y Fs(Y)63 b Fu(is)43
b(a)g Fs(wel)5 b(l-de\014ne)-5 b(d)283 1914 y Fu(elemen)m(t)38
b(of)e Fs(S)49 b Ft(!)37 b Fs(D)9 b Fu(.)37 b(T)-8 b(o)38
b(see)g(that)1679 1848 y Fg(F)1748 1878 y Fi(0)1772 1914
y Fs(Y)56 b Fu(is)37 b(an)g Fs(upp)-5 b(er)39 b(b)-5
b(ound)48 b Fu(of)36 b Fs(Y)57 b Fu(let)37 b Fs(f)3151
1929 y Fn(0)3223 1914 y Ft(2)c Fs(Y)56 b Fu(and)38 b(w)m(e)283
2035 y(shall)c(sho)m(w)i(that)f Fs(f)1023 2050 y Fn(0)1097
2035 y Ft(v)1175 1999 y Fi(0)1233 1968 y Fg(F)1302 1999
y Fi(0)1325 2035 y Fs(Y)20 b Fu(.)35 b(This)g(amoun)m(ts)g(to)g
(considering)f(an)h(arbitrary)f Fs(x)47 b Fu(in)34 b
Fs(S)47 b Fu(and)283 2155 y(sho)m(wing)527 2354 y Fs(f)578
2369 y Fn(0)650 2354 y Fs(x)e Ft(v)850 2288 y Fg(F)919
2354 y Ft(f)32 b Fs(f)53 b(x)45 b Ft(j)32 b Fs(f)53 b
Ft(2)33 b Fs(Y)53 b Ft(g)283 2554 y Fu(and)34 b(this)g(is)f(immediate)f
(b)s(ecause)1606 2487 y Fg(F)1709 2554 y Fu(is)h(the)h(least)g(upp)s
(er)g(b)s(ound)g(op)s(eration)f(in)g Fs(D)9 b Fu(.)34
b(T)-8 b(o)34 b(see)283 2674 y(that)500 2608 y Fg(F)569
2638 y Fi(0)592 2674 y Fs(Y)57 b Fu(is)37 b(the)h Fs(le)-5
b(ast)46 b Fu(upp)s(er)38 b(b)s(ound)g(of)f Fs(Y)57 b
Fu(let)36 b Fs(f)2261 2689 y Fn(1)2338 2674 y Fu(b)s(e)i(an)f(upp)s(er)
h(b)s(ound)f(of)g Fs(Y)57 b Fu(and)38 b(w)m(e)283 2794
y(shall)32 b(sho)m(w)h(that)965 2728 y Fg(F)1034 2758
y Fi(0)1057 2794 y Fs(Y)52 b Ft(v)1259 2758 y Fi(0)1315
2794 y Fs(f)1366 2809 y Fn(1)1405 2794 y Fu(.)43 b(This)33
b(amoun)m(ts)g(to)f(sho)m(wing)527 2927 y Fg(F)597 2994
y Ft(f)g Fs(f)53 b(x)45 b Ft(j)32 b Fs(f)53 b Ft(2)33
b Fs(Y)52 b Ft(g)33 b(v)g Fs(f)1462 3009 y Fn(1)1534
2994 y Fs(x)283 3193 y Fu(for)c(an)g(arbitrary)f Fs(x)41
b Ft(2)29 b Fs(S)12 b Fu(.)29 b(Ho)m(w)m(ev)m(er,)j(this)d(is)f
(immediate)f(b)s(ecause)j Fs(f)2856 3208 y Fn(1)2924
3193 y Fs(x)41 b Fu(m)m(ust)29 b(b)s(e)g(an)g(upp)s(er)283
3313 y(b)s(ound)j(of)e Ft(f)h Fs(f)52 b(x)43 b Ft(j)31
b Fs(f)51 b Ft(2)32 b Fs(Y)51 b Ft(g)30 b Fu(and)i(b)s(ecause)1932
3247 y Fg(F)2032 3313 y Fu(is)f(the)g(least)g(upp)s(er)g(b)s(ound)h(op)
s(eration)e(in)g Fs(D)9 b Fu(.)430 3434 y(T)-8 b(o)34
b(pro)m(v)m(e)i(the)f(other)g(part)f(of)g(the)h(lemma)d(assume)j(that)g
Fs(D)43 b Fu(is)34 b(a)g(ccp)s(o)h(and)g(that)f Fs(Y)54
b Fu(is)283 3554 y(a)33 b(c)m(hain)f(in)g Fs(S)44 b Ft(!)32
b Fs(D)9 b Fu(.)33 b(The)h(form)m(ula)527 3753 y(\()565
3687 y Fg(F)634 3717 y Fi(0)658 3753 y Fs(Y)19 b Fu(\))33
b Fs(x)44 b Fu(=)1018 3687 y Fg(F)1119 3753 y Ft(f)33
b Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52
b Ft(g)283 3953 y Fu(de\014nes)43 b(an)e(elemen)m(t)1125
3886 y Fg(F)1194 3917 y Fi(0)1218 3953 y Fs(Y)60 b Fu(of)41
b Fs(S)53 b Ft(!)41 b Fs(D)9 b Fu(:)41 b(eac)m(h)h Ft(f)f
Fs(f)62 b(x)52 b Ft(j)41 b Fs(f)62 b Ft(2)42 b Fs(Y)60
b Ft(g)41 b Fu(will)e(b)s(e)i(a)g(c)m(hain)g(in)f Fs(D)283
4073 y Fu(b)s(ecause)32 b Fs(Y)50 b Fu(is)30 b(a)g(c)m(hain)g(and)g
(hence)i(eac)m(h)1867 4007 y Fg(F)1937 4073 y Ft(f)e
Fs(f)51 b(x)42 b Ft(j)30 b Fs(f)51 b Ft(2)31 b Fs(Y)50
b Ft(g)30 b Fu(exists)h(b)s(ecause)g Fs(D)40 b Fu(is)29
b(a)h(ccp)s(o.)283 4194 y(That)527 4127 y Fg(F)597 4157
y Fi(0)620 4194 y Fs(Y)52 b Fu(is)32 b(the)h(least)f(upp)s(er)h(b)s
(ound)g(of)f Fs(Y)52 b Fu(in)32 b Fs(S)45 b Ft(!)32 b
Fs(D)41 b Fu(follo)m(ws)32 b(as)g(ab)s(o)m(v)m(e.)457
b Fh(2)430 4397 y Fu(Instan)m(tiating)31 b Fs(S)45 b
Fu(to)32 b(b)s(e)h Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
Ft(g)f Fu(and)h Fs(D)41 b Fu(to)32 b(b)s(e)h Fw(P)f Fu(w)m(e)i(get:)p
283 4517 V 283 4688 a Fw(Corollary)i(5.5)49 b Fu(Let)33
b Ft(v)1226 4703 y Fn(PS)1349 4688 y Fu(b)s(e)g(the)g(ordering)f(on)g
Fw(PState)h Fu(de\014ned)h(b)m(y)527 4887 y Fs(ps)625
4902 y Fn(1)694 4887 y Ft(v)772 4902 y Fn(PS)893 4887
y Fs(ps)991 4902 y Fn(2)1060 4887 y Fu(if)28 b(and)i(only)g(if)e
Fs(ps)1729 4902 y Fn(1)1798 4887 y Fs(x)42 b Ft(v)1962
4902 y Fn(P)2044 4887 y Fs(ps)2142 4902 y Fn(2)2211 4887
y Fs(x)f Fu(for)30 b(all)d Fs(x)42 b Ft(2)30 b Fw(V)-9
b(ar)29 b Ft([)h(f)p Fu(on-trac)m(k)p Ft(g)283 5086 y
Fu(Then)40 b(\()p Fw(PState)p Fu(,)f Ft(v)1057 5101 y
Fn(PS)1149 5086 y Fu(\))e(is)h(a)g(complete)f(lattice.)59
b(In)38 b(particular,)g(the)g(least)g(upp)s(er)h(b)s(ound)283
5140 y Fg(F)353 5221 y Fn(PS)444 5206 y Fs(Y)52 b Fu(of)32
b(a)h(subset)h Fs(Y)52 b Fu(of)32 b Fw(PState)g Fu(is)g(c)m
(haracterized)i(b)m(y)552 5374 y(\()590 5308 y Fg(F)659
5389 y Fn(PS)751 5374 y Fs(Y)19 b Fu(\))33 b Fs(x)44
b Fu(=)1111 5308 y Fg(F)1180 5389 y Fn(P)1264 5374 y
Ft(f)33 b Fs(ps)40 b(x)k Ft(j)33 b Fs(ps)40 b Ft(2)33
b Fs(Y)52 b Ft(g)p 283 5494 V eop
%%Page: 141 151
141 150 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
(y)e(states)1540 b(141)p 0 193 3473 4 v 146 515 a Fu(W)-8
b(e)28 b(shall)e(write)h Fb(lost)g Fu(for)g(the)h(prop)s(ert)m(y)g
(state)f Fs(ps)36 b Fu(that)27 b(maps)g(all)e(v)-5 b(ariables)26
b(to)h Fb(d)p Fu(?)g(and)0 636 y(that)38 b(maps)f(`on-trac)m(k')h(to)g
Fb(d)p Fu(?.)59 b(Similarly)-8 b(,)35 b(w)m(e)k(shall)d(write)i
Fb(init)g Fu(for)f(the)h(prop)s(ert)m(y)h(state)0 756
y(that)c(maps)h(all)d(v)-5 b(ariables)34 b(to)i Fb(ok)g
Fu(and)f(that)h(maps)f(`on-trac)m(k')h(to)f Fb(ok)p Fu(.)53
b(Note)36 b(that)f Fb(init)h Fu(is)0 877 y(the)d Fs(le)-5
b(ast)35 b(element)41 b Fu(of)32 b Fw(PState)p Fu(.)0
1105 y Fw(Exercise)k(5.6)49 b(\(Essen)m(tial\))31 b Fu(Sho)m(w)i(that)
244 1308 y Fs(ps)342 1323 y Fn(1)414 1308 y Ft(v)491
1323 y Fn(PS)615 1308 y Fs(ps)713 1323 y Fn(2)785 1308
y Fu(if)e(and)i(only)f(if)g(OK\()p Fs(ps)1656 1323 y
Fn(1)1694 1308 y Fu(\))h Ft(\023)g Fu(OK\()p Fs(ps)2163
1323 y Fn(2)2202 1308 y Fu(\))0 1512 y(Next)g(sho)m(w)h(that)244
1715 y(OK\()434 1649 y Fg(F)503 1730 y Fn(PS)627 1715
y Fs(Y)19 b Fu(\))33 b(=)897 1649 y Fg(T)966 1715 y Ft(f)g
Fu(OK\()p Fs(ps)8 b Fu(\))32 b Ft(j)g Fs(ps)40 b Ft(2)33
b Fs(Y)52 b Ft(g)0 1918 y Fu(whenev)m(er)35 b Fs(Y)52
b Fu(is)32 b(a)h(non-empt)m(y)f(subset)j(of)d Fw(PState)p
Fu(.)1409 b Fh(2)0 2178 y Fw(Prop)s(erties)36 b(of)i(rel)p
676 2191 129 4 v 0 2363 a Fu(T)-8 b(o)36 b(study)i(the)e(prop)s(erties)
h(of)e(the)i(parameterized)f(relation)e(rel)p 2339 2376
109 4 v 36 w(w)m(e)j(need)h(a)e(notion)f(of)g(an)0 2483
y(equiv)-5 b(alence)33 b(relation.)41 b(A)33 b(relation)244
2687 y Fs(R)t Fu(:)g Fs(E)44 b Ft(\002)33 b Fs(E)45 b
Ft(!)32 b Fw(T)0 2890 y Fu(is)g(an)h Fs(e)-5 b(quivalenc)g(e)33
b(r)-5 b(elation)40 b Fu(on)32 b(a)g(set)i Fs(E)45 b
Fu(if)31 b(and)i(only)f(if)294 3085 y Fs(R)t Fu(\()p
Fs(e)459 3100 y Fn(1)498 3085 y Fu(,)h Fs(e)610 3100
y Fn(1)650 3085 y Fu(\))1416 b(\(re\015exivit)m(y\))294
3253 y Fs(R)t Fu(\()p Fs(e)459 3268 y Fn(1)498 3253 y
Fu(,)33 b Fs(e)610 3268 y Fn(2)650 3253 y Fu(\))f(and)h
Fs(R)t Fu(\()p Fs(e)1075 3268 y Fn(2)1115 3253 y Fu(,)f
Fs(e)1226 3268 y Fn(3)1266 3253 y Fu(\))g(imply)f Fs(R)t
Fu(\()p Fs(e)1775 3268 y Fn(1)1815 3253 y Fu(,)i Fs(e)1927
3268 y Fn(3)1966 3253 y Fu(\))100 b(\(transitivit)m(y\))294
3420 y Fs(R)t Fu(\()p Fs(e)459 3435 y Fn(1)498 3420 y
Fu(,)33 b Fs(e)610 3435 y Fn(2)650 3420 y Fu(\))f(implies)e
Fs(R)t Fu(\()p Fs(e)1216 3435 y Fn(2)1256 3420 y Fu(,)j
Fs(e)1368 3435 y Fn(1)1407 3420 y Fu(\))659 b(\(symmetry\))0
3617 y(for)32 b(all)f Fs(e)337 3632 y Fn(1)376 3617 y
Fu(,)i Fs(e)488 3632 y Fn(2)560 3617 y Fu(and)g Fs(e)802
3632 y Fn(3)874 3617 y Fu(of)f Fs(E)12 b Fu(.)0 3845
y Fw(Exercise)36 b(5.7)49 b Fu(Sho)m(w)39 b(that)f(rel)p
1115 3858 V 1223 3860 a Fn(Aexp)1388 3845 y Fu(\()p Fs(p)6
b Fu(\),)39 b(rel)p 1586 3858 V 1694 3860 a Fn(Bexp)1856
3845 y Fu(\()p Fs(p)6 b Fu(\))38 b(and)g(rel)p 2221 3858
V 2329 3860 a Fn(Stm)2459 3845 y Fu(\()p Fs(ps)8 b Fu(\))38
b(are)f(equiv)-5 b(alence)39 b(re-)0 3966 y(lations)31
b(for)h(all)e(c)m(hoices)k(of)e Fs(p)38 b Ft(2)33 b Fw(P)f
Fu(and)h Fs(ps)40 b Ft(2)33 b Fw(PState)p Fu(.)1285 b
Fh(2)146 4194 y Fu(Eac)m(h)33 b(of)e(rel)p 498 4207 V
606 4209 a Fn(Aexp)771 4194 y Fu(,)h(rel)p 830 4207 V
938 4209 a Fn(Bexp)1132 4194 y Fu(and)f(rel)p 1320 4207
V 15 x Fn(Stm)1590 4194 y Fu(are)h(examples)f(of)g(parameterized)g
(\(equiv)-5 b(alence\))0 4314 y(relations.)42 b(In)33
b(general)f(a)g Fs(p)-5 b(ar)g(ameterize)g(d)34 b(r)-5
b(elation)39 b Fu(is)33 b(of)f(the)h(form)244 4518 y
Ft(R)p Fu(:)44 b Fs(D)d Ft(!)32 b Fu(\()p Fs(E)45 b Ft(\002)33
b Fs(E)45 b Ft(!)32 b Fw(T)p Fu(\))0 4721 y(where)e(\()p
Fs(D)9 b Fu(,)30 b Ft(v)p Fu(\))f(is)g(a)g(partially)e(ordered)j(set,)g
Fs(E)42 b Fu(is)29 b(a)g(set)h(and)f(eac)m(h)h Ft(R)q
Fu(\()p Fs(d)10 b Fu(\))29 b(is)f(a)h(relation.)41 b(W)-8
b(e)0 4842 y(shall)31 b(sa)m(y)j(that)e(a)g(parameterized)g(relation)f
Ft(R)i Fu(is)f(a)g Fs(Kripke-r)-5 b(elation)39 b Fu(if)244
5045 y Fs(d)304 5060 y Fn(1)376 5045 y Ft(v)33 b Fs(d)546
5060 y Fn(2)618 5045 y Fu(implies)d(that)j(for)f(all)e
Fs(e)1497 5060 y Fn(1)1537 5045 y Fu(,)i Fs(e)1648 5060
y Fn(2)1721 5045 y Ft(2)h Fs(E)12 b Fu(:)949 5213 y(if)32
b Ft(R)p Fu(\()p Fs(d)1221 5228 y Fn(1)1261 5213 y Fu(\)\()p
Fs(e)1389 5228 y Fn(1)1428 5213 y Fu(,)h Fs(e)1540 5228
y Fn(2)1579 5213 y Fu(\))g(then)g Ft(R)q Fu(\()p Fs(d)2055
5228 y Fn(2)2094 5213 y Fu(\)\()p Fs(e)2222 5228 y Fn(1)2262
5213 y Fu(,)f Fs(e)2373 5228 y Fn(2)2413 5213 y Fu(\))0
5416 y(Note)h(that)f(this)g(is)g(a)h(kind)f(of)g(monotonicit)m(y)f
(prop)s(ert)m(y)-8 b(.)p eop
%%Page: 142 152
142 151 bop 251 130 a Fw(142)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473
5 v 283 702 a(Lemma)i(5.8)49 b Fu(rel)p 873 715 109 4
v 981 717 a Fn(Stm)1143 702 y Fu(is)32 b(a)g(Kripk)m(e-relation.)p
283 822 3473 5 v 283 1036 a Fw(Pro)s(of:)38 b Fu(Let)32
b Fs(ps)896 1051 y Fn(1)968 1036 y Fu(and)h Fs(ps)1256
1051 y Fn(2)1328 1036 y Fu(b)s(e)g(suc)m(h)h(that)e Fs(ps)1990
1051 y Fn(1)2062 1036 y Ft(v)2139 1051 y Fn(PS)2263 1036
y Fs(ps)2361 1051 y Fn(2)2433 1036 y Fu(and)h(assume)g(that)527
1250 y Fs(s)575 1265 y Fn(1)647 1250 y Ft(\021)g Fs(s)805
1265 y Fn(2)877 1250 y Fu(rel)p 877 1263 109 4 v 32 w
Fs(ps)1116 1265 y Fn(1)283 1463 y Fu(holds)g(for)f(all)e(states)k
Fs(s)1149 1478 y Fn(1)1221 1463 y Fu(and)e Fs(s)1458
1478 y Fn(2)1498 1463 y Fu(.)43 b(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)527
1677 y Fs(s)575 1692 y Fn(1)647 1677 y Ft(\021)g Fs(s)805
1692 y Fn(2)877 1677 y Fu(rel)p 877 1690 V 32 w Fs(ps)1116
1692 y Fn(2)283 1890 y Fu(If)40 b Fs(ps)486 1905 y Fn(2)565
1890 y Fu(on-trac)m(k)g(=)g Fb(d)p Fu(?)g(this)f(is)g(immediate)e(from)
i(the)h(de\014nition)f(of)g(rel)p 2979 1903 V 3087 1905
a Fn(Stm)3217 1890 y Fu(.)65 b(So)39 b(assume)283 2011
y(that)33 b Fs(ps)593 2026 y Fn(2)665 2011 y Fu(on-trac)m(k)f(=)h
Fb(ok)p Fu(.)44 b(In)33 b(this)f(case)i(w)m(e)f(m)m(ust)g(sho)m(w)527
2224 y Ft(8)q Fs(x)44 b Ft(2)33 b Fu(OK\()p Fs(ps)1059
2239 y Fn(2)1098 2224 y Fu(\))f Ft(\\)h Fw(V)-9 b(ar)p
Fu(:)43 b Fs(s)1561 2239 y Fn(1)1633 2224 y Fs(x)i Fu(=)32
b Fs(s)1879 2239 y Fn(2)1951 2224 y Fs(x)283 2438 y Fu(Since)g
Fs(ps)635 2453 y Fn(1)706 2438 y Ft(v)784 2453 y Fn(PS)907
2438 y Fs(ps)1005 2453 y Fn(2)1076 2438 y Fu(and)g Fs(ps)1363
2453 y Fn(2)1434 2438 y Fu(on-trac)m(k)g(=)g Fb(ok)g
Fu(it)f(m)m(ust)h(b)s(e)g(the)g(case)h(that)e Fs(ps)3235
2453 y Fn(1)3306 2438 y Fu(on-trac)m(k)h(is)283 2558
y Fb(ok)p Fu(.)45 b(F)-8 b(rom)31 b Fs(s)785 2573 y Fn(1)857
2558 y Ft(\021)i Fs(s)1015 2573 y Fn(2)1087 2558 y Fu(rel)p
1087 2571 V 32 w Fs(ps)1326 2573 y Fn(1)1397 2558 y Fu(w)m(e)h
(therefore)f(get)527 2772 y Ft(8)q Fs(x)44 b Ft(2)33
b Fu(OK\()p Fs(ps)1059 2787 y Fn(1)1098 2772 y Fu(\))f
Ft(\\)h Fw(V)-9 b(ar)p Fu(:)43 b Fs(s)1561 2787 y Fn(1)1633
2772 y Fs(x)i Fu(=)32 b Fs(s)1879 2787 y Fn(2)1951 2772
y Fs(x)283 2986 y Fu(F)-8 b(rom)38 b(Exercise)i(5.6)f(and)g(the)g
(assumption)f Fs(ps)2090 3001 y Fn(1)2168 2986 y Ft(v)2246
3001 y Fn(PS)2376 2986 y Fs(ps)2474 3001 y Fn(2)2552
2986 y Fu(w)m(e)i(get)f(OK\()p Fs(ps)3159 3001 y Fn(1)3198
2986 y Fu(\))g Ft(\023)g Fu(OK\()p Fs(ps)3679 3001 y
Fn(2)3718 2986 y Fu(\))283 3106 y(and)33 b(thereb)m(y)h(w)m(e)g(get)f
(the)g(desired)g(result.)1784 b Fh(2)283 3434 y Fw(Exercise)37
b(5.9)49 b(\(Essen)m(tial\))29 b Fu(Sho)m(w)k(that)f(rel)p
1938 3447 V 2046 3449 a Fn(Aexp)2243 3434 y Fu(and)f(rel)p
2431 3447 V 15 x Fn(Bexp)2734 3434 y Fu(are)g(Kripk)m(e-relations.)74
b Fh(2)283 3779 y Fj(5.2)161 b(The)53 b(analysis)283
4002 y Fu(When)43 b(sp)s(ecifying)d(the)i(analysis)f(w)m(e)h(shall)e(b)
s(e)i(concerned)h(with)e(expressions)i(as)e(w)m(ell)g(as)283
4123 y(statemen)m(ts.)283 4424 y Fp(Expressions)283 4613
y Fu(The)c(analysis)e(of)h(an)f(arithmetic)f(expression)j
Fs(a)43 b Fu(will)33 b(b)s(e)j(sp)s(eci\014ed)h(b)m(y)g(a)e(\(total\))f
(function)283 4733 y Ft(P)8 b(A)q Fu([)-17 b([)p Fs(a)7
b Fu(])-17 b(])33 b(from)f(prop)s(ert)m(y)h(states)h(to)e(prop)s
(erties:)527 4947 y Ft(P)8 b(A)p Fu(:)44 b Fw(Aexp)33
b Ft(!)f Fu(\()p Fw(PState)g Ft(!)g Fw(P)p Fu(\))283
5160 y(Similarly)-8 b(,)21 b(the)j(analysis)e(of)g(a)h(b)s(o)s(olean)e
(expression)k Fs(b)j Fu(will)21 b(b)s(e)i(de\014ned)i(b)m(y)e(a)g
(\(total\))e(function)283 5281 y Ft(P)8 b(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])33 b(from)e(prop)s(ert)m(y)j(states)f(to)f
(prop)s(erties:)527 5494 y Ft(P)8 b(B)t Fu(:)44 b Fw(Bexp)32
b Ft(!)h Fu(\()p Fw(PState)f Ft(!)g Fw(P)p Fu(\))p eop
%%Page: 143 153
143 152 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
b(143)p 0 193 3473 4 v 0 419 V 0 3216 4 2798 v 432 618
a Ft(P)8 b(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])p
Fs(ps)382 b Fu(=)1373 444 y Fg(8)1373 519 y(<)1373 668
y(:)1488 534 y Fb(ok)84 b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33
b(=)f Fb(ok)1488 701 y(d)p Fu(?)102 b(otherwise)432 971
y Ft(P)8 b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p
Fs(ps)387 b Fu(=)1373 796 y Fg(8)1373 871 y(<)1373 1020
y(:)1488 886 y Fs(ps)41 b(x)95 b Fu(if)31 b Fs(ps)40
b Fu(on-trac)m(k)33 b(=)g Fb(ok)1488 1053 y(d)p Fu(?)163
b(otherwise)432 1233 y Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)684
1248 y Fn(1)756 1233 y Fu(+)32 b Fs(a)921 1248 y Fn(2)961
1233 y Fu(])-17 b(])p Fs(ps)110 b Fu(=)99 b(\()p Ft(P)8
b(A)p Fu([)-17 b([)q Fs(a)1663 1248 y Fn(1)1702 1233
y Fu(])g(])q Fs(ps)8 b Fu(\))32 b Ft(t)1975 1248 y Fn(P)2059
1233 y Fu(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)2349
1248 y Fn(2)2389 1233 y Fu(])g(])p Fs(ps)8 b Fu(\))432
1424 y Ft(P)g(A)p Fu([)-17 b([)q Fs(a)684 1439 y Fn(1)756
1424 y Fo(?)32 b Fs(a)894 1439 y Fn(2)934 1424 y Fu(])-17
b(])p Fs(ps)137 b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17
b([)q Fs(a)1663 1439 y Fn(1)1702 1424 y Fu(])g(])q Fs(ps)8
b Fu(\))32 b Ft(t)1975 1439 y Fn(P)2059 1424 y Fu(\()p
Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)2349 1439 y Fn(2)2389
1424 y Fu(])g(])p Fs(ps)8 b Fu(\))432 1615 y Ft(P)g(A)p
Fu([)-17 b([)q Fs(a)684 1630 y Fn(1)756 1615 y Ft(\000)33
b Fs(a)923 1630 y Fn(2)962 1615 y Fu(])-17 b(])q Fs(ps)108
b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663
1630 y Fn(1)1702 1615 y Fu(])g(])q Fs(ps)8 b Fu(\))32
b Ft(t)1975 1630 y Fn(P)2059 1615 y Fu(\()p Ft(P)8 b(A)p
Fu([)-17 b([)q Fs(a)2349 1630 y Fn(2)2389 1615 y Fu(])g(])p
Fs(ps)8 b Fu(\))432 1967 y Ft(P)g(B)t Fu([)-17 b([)p
Fr(true)p Fu(])g(])r Fs(ps)250 b Fu(=)1373 1793 y Fg(8)1373
1868 y(<)1373 2017 y(:)1488 1883 y Fb(ok)84 b Fu(if)31
b Fs(ps)41 b Fu(on-trac)m(k)33 b(=)f Fb(ok)1488 2050
y(d)p Fu(?)102 b(otherwise)432 2320 y Ft(P)8 b(B)t Fu([)-17
b([)p Fr(false)p Fu(])g(])r Fs(ps)199 b Fu(=)1373 2145
y Fg(8)1373 2220 y(<)1373 2369 y(:)1488 2235 y Fb(ok)84
b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33 b(=)f Fb(ok)1488
2402 y(d)p Fu(?)102 b(otherwise)432 2582 y Ft(P)8 b(B)t
Fu([)-17 b([)p Fs(a)672 2597 y Fn(1)745 2582 y Fu(=)32
b Fs(a)910 2597 y Fn(2)950 2582 y Fu(])-17 b(])p Fs(ps)121
b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663
2597 y Fn(1)1702 2582 y Fu(])g(])q Fs(ps)8 b Fu(\))32
b Ft(t)1975 2597 y Fn(P)2059 2582 y Fu(\()p Ft(P)8 b(A)p
Fu([)-17 b([)q Fs(a)2349 2597 y Fn(2)2389 2582 y Fu(])g(])p
Fs(ps)8 b Fu(\))432 2773 y Ft(P)g(B)t Fu([)-17 b([)p
Fs(a)672 2788 y Fn(1)745 2773 y Ft(\024)33 b Fs(a)912
2788 y Fn(2)951 2773 y Fu(])-17 b(])q Fs(ps)119 b Fu(=)99
b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663 2788 y Fn(1)1702
2773 y Fu(])g(])q Fs(ps)8 b Fu(\))32 b Ft(t)1975 2788
y Fn(P)2059 2773 y Fu(\()p Ft(P)8 b(A)p Fu([)-17 b([)q
Fs(a)2349 2788 y Fn(2)2389 2773 y Fu(])g(])p Fs(ps)8
b Fu(\))432 2964 y Ft(P)g(B)t Fu([)-17 b([)p Ft(:)33
b Fs(b)6 b Fu(])-17 b(])q Fs(ps)305 b Fu(=)99 b Ft(P)8
b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(ps)432
3155 y Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)666 3170 y Fn(1)738
3155 y Ft(^)33 b Fs(b)888 3170 y Fn(2)928 3155 y Fu(])-17
b(])p Fs(ps)143 b Fu(=)99 b(\()p Ft(P)8 b(B)t Fu([)-17
b([)q Fs(b)1646 3170 y Fn(1)1685 3155 y Fu(])g(])p Fs(ps)8
b Fu(\))33 b Ft(t)1957 3170 y Fn(P)2042 3155 y Fu(\()p
Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)2314 3170 y Fn(2)2354
3155 y Fu(])g(])p Fs(ps)8 b Fu(\))p 3469 3216 V 0 3219
3473 4 v 1015 3380 a(T)-8 b(able)33 b(5.1:)43 b(Analysis)32
b(of)g(expressions)0 3651 y(The)c(de\014ning)f(clauses)h(are)f(giv)m
(en)g(in)f(T)-8 b(able)27 b(5.1.)41 b(The)28 b(clause)f(for)g
Fs(n)34 b Fu(re\015ects)29 b(that)d(the)i(v)-5 b(alue)0
3771 y(of)33 b Fs(n)40 b Fu(in)32 b(a)h(prop)s(er)g(prop)s(ert)m(y)h
(state)g Fs(ps)41 b Fu(do)s(es)33 b(not)g(dep)s(end)h(on)f(an)m(y)h(v)
-5 b(ariable)32 b(and)h(therefore)0 3892 y(it)j(will)g(ha)m(v)m(e)i
(the)g(prop)s(ert)m(y)h Fb(ok)p Fu(.)58 b(The)39 b(prop)s(ert)m(y)f(of)
f(a)g(v)-5 b(ariable)36 b Fs(x)49 b Fu(in)37 b(a)g(prop)s(er)h(prop)s
(ert)m(y)0 4012 y(state)g Fs(ps)46 b Fu(is)37 b(the)h(prop)s(ert)m(y)g
(b)s(ound)g(to)g Fs(x)49 b Fu(in)37 b Fs(ps)8 b Fu(,)39
b(that)e(is)g Fs(ps)46 b(x)12 b Fu(.)59 b(Th)m(us)39
b(if)d Fs(ps)46 b Fu(is)37 b(the)h(initial)0 4132 y(prop)s(ert)m(y)c
(state)h(then)f(the)g(in)m(ten)m(tion)f(is)g(that)h Ft(P)8
b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(ps)41
b Fu(is)34 b Fb(ok)g Fu(if)f(and)g(only)h(if)e Fs(x)46
b Fu(is)33 b(one)h(of)0 4253 y(the)j(input)f(v)-5 b(ariables.)54
b(F)-8 b(or)36 b(a)g(comp)s(osite)g(expression,)j(lik)m(e)c
Fs(a)2358 4268 y Fn(1)2435 4253 y Fu(+)h Fs(a)2604 4268
y Fn(2)2644 4253 y Fu(,)h(the)g(idea)f(is)g(that)g(it)0
4373 y(can)d(only)f(ha)m(v)m(e)i(the)e(prop)s(ert)m(y)i
Fb(ok)f Fu(if)e(b)s(oth)h(sub)s(expressions)j(ha)m(v)m(e)f(that)e(prop)
s(ert)m(y)-8 b(.)44 b(This)33 b(is)0 4494 y(ensured)h(b)m(y)g(the)f
(binary)f(op)s(eration)f Ft(t)1471 4509 y Fn(P)1555 4494
y Fu(in)m(tro)s(duced)i(in)f(Section)g(5.1.)0 4693 y
Fw(Example)37 b(5.10)49 b Fu(If)42 b Fs(ps)50 b Fr(x)43
b Fu(=)f Fb(ok)h Fu(and)f Fs(ps)50 b Fu(on-trac)m(k)43
b(=)f Fb(ok)h Fu(then)g Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)42
b Fu(+)h Fr(1)p Fu(])-17 b(])p Fs(ps)51 b Fu(=)42 b Fb(ok)0
4813 y Fu(since)35 b Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)p
Fu(])g(])q Fs(ps)42 b Fu(=)35 b Fb(ok)h Fu(and)f Ft(P)8
b(A)p Fu([)-17 b([)p Fr(1)p Fu(])g(])q Fs(ps)43 b Fu(=)34
b Fb(ok)p Fu(.)51 b(On)35 b(the)h(other)f(hand,)g(if)f
Fs(ps)43 b Fr(x)35 b Fu(=)g Fb(d)p Fu(?)g(then)0 4934
y Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)32 b Fu(+)h Fr(1)p
Fu(])-17 b(])q Fs(ps)40 b Fu(=)32 b Fb(d)p Fu(?)h(b)s(ecause)h
Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)p Fu(])g(])q Fs(ps)40
b Fu(=)32 b Fb(d)p Fu(?.)146 5054 y(F)-8 b(urthermore,)32
b Ft(P)8 b(B)t Fu([)-17 b([)q Fr(x)33 b Fu(=)f Fr(x)p
Fu(])-17 b(])q Fs(ps)40 b Fu(=)32 b Fb(d)p Fu(?)h(if)e
Fs(ps)41 b Fr(x)32 b Fu(=)h Fb(d)p Fu(?)f(ev)m(en)i(though)f(the)g
(test)g Fr(x)g Fu(=)f Fr(x)h Fu(will)0 5175 y(ev)-5 b(aluate)32
b(to)g Fw(tt)g Fu(indep)s(enden)m(tly)h(of)f(whether)i(or)f(not)f
Fr(x)h Fu(is)f(initialized)d(prop)s(erly)-8 b(.)359 b
Fh(2)146 5374 y Fu(The)43 b(functions)f Ft(P)8 b(A)p
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])42 b(and)h Ft(P)8
b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])42 b(are)g(closely)g
(connected)h(with)f(the)g(sets)i(of)d(free)0 5494 y(v)-5
b(ariables)31 b(de\014ned)j(in)e(Chapter)h(1:)p eop
%%Page: 144 154
144 153 bop 251 130 a Fw(144)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 419 V 283
1501 4 1083 v 666 519 a Ft(P)8 b(S)g Fu([)-17 b([)p Fs(x)45
b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])34 b Fs(ps)40 b Fu(=)32
b Fs(ps)8 b Fu([)p Fs(x)k Ft(7!P)c(A)p Fu([)-17 b([)p
Fs(a)7 b Fu(])-17 b(])q Fs(ps)8 b Fu(])666 710 y Ft(P)g(S)g
Fu([)-17 b([)p Fr(skip)p Fu(])g(])35 b(=)d(id)666 901
y Ft(P)8 b(S)g Fu([)-17 b([)p Fs(S)915 916 y Fn(1)955
901 y Fu(;)p Fs(S)1049 916 y Fn(2)1088 901 y Fu(])g(])33
b(=)g Ft(P)8 b(S)g Fu([)-17 b([)p Fs(S)1516 916 y Fn(2)1556
901 y Fu(])g(])33 b Ft(\016)f(P)8 b(S)g Fu([)-17 b([)q
Fs(S)1958 916 y Fn(1)1997 901 y Fu(])g(])666 1092 y Ft(P)8
b(S)g Fu([)-17 b([)p Fr(if)33 b Fs(b)39 b Fr(then)33
b Fs(S)1371 1107 y Fn(1)1443 1092 y Fr(else)h Fs(S)1748
1107 y Fn(2)1787 1092 y Fu(])-17 b(])33 b(=)g(cond)2166
1107 y Fn(P)2218 1092 y Fu(\()p Ft(P)8 b(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17
b([)q Fs(S)2838 1107 y Fn(1)2877 1092 y Fu(])g(])q(,)32
b Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)3224 1107 y Fn(2)3263
1092 y Fu(])g(])q(\))666 1284 y Ft(P)8 b(S)g Fu([)-17
b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
b(])33 b(=)f(FIX)h Fs(H)934 1451 y Fu(where)h Fs(H)49
b(h)39 b Fu(=)33 b(cond)1735 1466 y Fn(P)1788 1451 y
Fu(\()p Ft(P)8 b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])q(,)32 b Fs(h)40 b Ft(\016)32 b(P)8 b(S)h Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))p 3753 1501
V 283 1504 3473 4 v 1088 1665 a(T)-8 b(able)33 b(5.2:)43
b(Analysis)32 b(of)g(statemen)m(ts)i(in)d Fw(While)283
1955 y(Exercise)37 b(5.11)49 b(\(Essen)m(tial\))27 b
Fu(Pro)m(v)m(e)j(that)f(for)g(ev)m(ery)i(arithmetic)c(expression)j
Fs(a)36 b Fu(w)m(e)31 b(ha)m(v)m(e)527 2169 y Ft(P)8
b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(ps)40
b Fu(=)33 b Fb(ok)g Fu(if)e(and)i(only)f(if)f(FV\()p
Fs(a)7 b Fu(\))33 b Ft([)g(f)p Fu(on-trac)m(k)p Ft(g)f(\022)h
Fu(OK\()p Fs(ps)8 b Fu(\))283 2384 y(F)-8 b(orm)m(ulate)32
b(and)i(pro)m(v)m(e)h(a)e(similar)e(result)i(for)g(b)s(o)s(olean)f
(expressions.)49 b(Deduce)34 b(that)g(for)f(all)283 2504
y Fs(a)38 b Fu(of)31 b Fw(Aexp)g Fu(w)m(e)g(get)g Ft(P)8
b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(ps)38
b Fu(=)31 b Fb(d)p Fu(?)g(if)e Fs(ps)39 b Fu(is)30 b(improp)s(er,)g
(and)h(that)f(for)g(all)f Fs(b)37 b Fu(of)30 b Fw(Bexp)h
Fu(w)m(e)283 2625 y(get)i Ft(P)8 b(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])p Fs(ps)41 b Fu(=)32 b Fb(d)p Fu(?)h(if)e
Fs(ps)41 b Fu(is)32 b(improp)s(er.)1849 b Fh(2)283 2928
y Fp(Statemen)l(ts)283 3117 y Fu(T)-8 b(urning)40 b(to)f(statemen)m(ts)
i(w)m(e)g(shall)d(sp)s(ecify)j(their)e(analysis)g(b)m(y)i(a)e(function)
g Ft(P)8 b(S)49 b Fu(of)39 b(func-)283 3237 y(tionalit)m(y:)527
3452 y Ft(P)8 b(S)h Fu(:)43 b Fw(Stm)32 b Ft(!)g Fu(\()p
Fw(PState)g Ft(!)g Fw(PState)p Fu(\))283 3667 y(The)47
b(totalit)m(y)d(of)h Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])46 b(re\015ects)i(that)d(w)m(e)i(shall)d(b)s(e)i(able)f
(to)g(analyse)h Fs(al)5 b(l)56 b Fu(statemen)m(ts)283
3787 y(including)27 b(a)i(statemen)m(t)g(lik)m(e)f Fr(while)h(true)h
(do)f(skip)h Fu(that)e(lo)s(ops.)41 b(The)30 b(de\014nition)d(of)h
Ft(P)8 b(S)37 b Fu(is)283 3907 y(giv)m(en)30 b(in)e(T)-8
b(able)28 b(5.2)h(and)g(the)g(clauses)h(for)e(assignmen)m(t,)i
Fr(skip)g Fu(and)f(comp)s(osition)d(are)j(m)m(uc)m(h)283
4028 y(as)k(in)f(the)h(direct)g(st)m(yle)g(denotational)e(seman)m(tics)
h(of)h(Chapter)g(4.)43 b(The)34 b(remaining)c(clauses)283
4148 y(will)h(b)s(e)i(explained)f(b)s(elo)m(w.)283 4395
y Fw(Example)37 b(5.12)49 b Fu(Consider)33 b(the)g(statemen)m(t)527
4609 y Fr(y)g Fu(:=)g Fr(x)283 4824 y Fu(First)j(assume)i(that)e
Fs(ps)45 b Fu(is)36 b(a)h(prop)s(er)g(prop)s(ert)m(y)g(state)g(with)g
Fs(ps)44 b Fr(x)37 b Fu(=)g Fb(ok)g Fu(and)g Fs(ps)45
b Fr(y)37 b Fu(=)g Fb(d)p Fu(?.)283 4945 y(Then)d(w)m(e)g(ha)m(v)m(e)
527 5159 y(\()p Ft(P)8 b(S)h Fu([)-17 b([)p Fr(y)33 b
Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(ps)8 b Fu(\))33 b Fr(x)f
Fu(=)h Fb(ok)527 5327 y Fu(\()p Ft(P)8 b(S)h Fu([)-17
b([)p Fr(y)33 b Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(ps)8
b Fu(\))33 b Fr(y)f Fu(=)h Fb(ok)527 5494 y Fu(\()p Ft(P)8
b(S)h Fu([)-17 b([)p Fr(y)33 b Fu(:=)f Fr(x)p Fu(])-17
b(])q Fs(ps)8 b Fu(\))33 b(on-trac)m(k)f(=)h Fb(ok)p
eop
%%Page: 145 155
145 154 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
b(145)p 0 193 3473 4 v 0 515 a Fu(Since)34 b Ft(P)8 b(S)g
Fu([)-17 b([)q Fr(y)34 b Fu(:=)f Fr(x)p Fu(])-17 b(])q
Fs(ps)42 b Fu(is)33 b(prop)s(er)h(w)m(e)h(conclude)f(that)g(b)s(oth)f
Fr(x)h Fu(and)g Fr(y)g Fu(only)f(dep)s(end)i(on)f(the)0
636 y(input)26 b(v)-5 b(ariables)25 b(after)h Fr(y)g
Fu(is)g(assigned)h(a)f(v)-5 b(alue)25 b(that)h(only)g(dep)s(ends)i(on)e
(the)h(input)f(v)-5 b(ariables.)146 756 y(Assume)34 b(next)f(that)g
Fs(ps)40 b Fr(y)33 b Fu(=)f Fb(ok)h Fu(but)g Fs(ps)41
b Fr(x)32 b Fu(=)h Fb(d)p Fu(?.)44 b(Then)244 940 y(\()p
Ft(P)8 b(S)g Fu([)-17 b([)q Fr(y)32 b Fu(:=)h Fr(x)p
Fu(])-17 b(])q Fs(ps)8 b Fu(\))32 b Fr(y)h Fu(=)f Fb(d)p
Fu(?)0 1123 y(sho)m(wing)42 b(that)g(when)h(a)f(dubious)g(v)-5
b(alue)41 b(is)g(used)i(in)f(an)f(assignmen)m(t)h(then)h(the)f
(assigned)0 1244 y(v)-5 b(ariable)31 b(will)f(get)j(a)f(dubious)h(v)-5
b(alue)32 b(as)g(w)m(ell.)1676 b Fh(2)0 1445 y Fw(Exercise)36
b(5.13)49 b Fu(Consider)40 b(the)f(statemen)m(ts)g Fs(S)1843
1460 y Fn(1)1921 1445 y Fu(and)g Fs(S)2184 1460 y Fn(2)2262
1445 y Fu(of)g(Example)f(5.3.)62 b(Use)39 b(T)-8 b(ables)0
1566 y(5.1)37 b(and)h(5.2)f(to)h(c)m(haracterize)g(the)g(b)s(eha)m
(viour)f(of)h Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)2185 1581
y Fn(1)2224 1566 y Fu(])g(])38 b(and)g Ft(P)8 b(S)g Fu([)-17
b([)q Fs(S)2744 1581 y Fn(2)2783 1566 y Fu(])g(])38 b(on)g(prop)s(er)f
(and)0 1686 y(improp)s(er)31 b(prop)s(ert)m(y)i(states.)45
b(An)m(ticipating)30 b(Section)j(5.3)f(sho)m(w)i(that)244
1870 y Fs(s)292 1885 y Fn(1)364 1870 y Ft(\021)f Fs(s)522
1885 y Fn(2)594 1870 y Fu(rel)p 594 1883 109 4 v 32 w
Fs(ps)40 b Fu(implies)30 b Ft(S)1264 1885 y Fn(ds)1335
1870 y Fu([)-17 b([)q Fs(S)1440 1885 y Fn(i)1464 1870
y Fu(])g(])p Fs(s)1549 1885 y Fn(1)1621 1870 y Ft(\021)33
b(S)1799 1885 y Fn(ds)1870 1870 y Fu([)-17 b([)q Fs(S)1975
1885 y Fn(i)1998 1870 y Fu(])g(])q Fs(s)2084 1885 y Fn(2)2156
1870 y Fu(rel)p 2156 1883 V 32 w Ft(P)8 b(S)g Fu([)-17
b([)q Fs(S)2547 1885 y Fn(i)2570 1870 y Fu(])g(])q Fs(ps)0
2053 y Fu(for)32 b(i)g(=)g(1,)g(2)h(and)f(for)g(all)f
Fs(ps)40 b Ft(2)33 b Fw(PState)p Fu(.)1829 b Fh(2)146
2255 y Fu(In)40 b(the)g(clause)g(for)g Fr(if)g Fs(b)45
b Fr(then)c Fs(S)1446 2270 y Fn(1)1525 2255 y Fr(else)g
Fs(S)1837 2270 y Fn(2)1915 2255 y Fu(w)m(e)g(use)g(the)f(auxiliary)e
(function)h(cond)3420 2270 y Fn(P)0 2376 y Fu(de\014ned)34
b(b)m(y)244 2641 y(cond)444 2656 y Fn(P)497 2641 y Fu(\()p
Fs(f)20 b Fu(,)33 b Fs(h)702 2656 y Fn(1)742 2641 y Fu(,)f
Fs(h)858 2656 y Fn(2)898 2641 y Fu(\))g Fs(ps)41 b Fu(=)1207
2466 y Fg(8)1207 2541 y(<)1207 2691 y(:)1323 2556 y Fu(\()p
Fs(h)1418 2571 y Fn(1)1490 2556 y Fs(ps)8 b Fu(\))32
b Ft(t)1725 2571 y Fn(PS)1848 2556 y Fu(\()p Fs(h)1943
2571 y Fn(2)2016 2556 y Fs(ps)8 b Fu(\))82 b(if)32 b
Fs(f)53 b(ps)41 b Fu(=)32 b Fb(ok)1323 2724 y(lost)692
b Fu(if)32 b Fs(f)53 b(ps)41 b Fu(=)32 b Fb(d)p Fu(?)0
2906 y(First)g(consider)h(the)g(case)h(where)g(w)m(e)g(are)f
(successful)i(in)d(analysing)f(the)j(condition,)d(that)i(is)0
3026 y(where)39 b Fs(f)59 b(ps)46 b Fu(=)38 b Fb(ok)p
Fu(.)61 b(F)-8 b(or)37 b(eac)m(h)j(v)-5 b(ariable)36
b Fs(x)50 b Fu(w)m(e)39 b(can)f(determine)g(the)h(result)f(of)g
(analysing)0 3147 y(eac)m(h)d(of)g(the)g(branc)m(hes,)h(namely)e(\()p
Fs(h)1374 3162 y Fn(1)1448 3147 y Fs(ps)8 b Fu(\))35
b Fs(x)46 b Fu(for)34 b(the)h(true)g(branc)m(h)g(and)g(\()p
Fs(h)2850 3162 y Fn(2)2924 3147 y Fs(ps)8 b Fu(\))35
b Fs(x)46 b Fu(for)34 b(the)0 3267 y(false)c(branc)m(h.)44
b(The)32 b(least)e(upp)s(er)i(b)s(ound)f(of)f(these)i(t)m(w)m(o)g
(results)f(will)e(b)s(e)i(the)g(new)h(prop)s(ert)m(y)0
3388 y(b)s(ound)h(to)f Fs(x)12 b Fu(,)32 b(that)h(is)f(the)h(new)g
(prop)s(ert)m(y)h(state)f(will)d(map)i Fs(x)44 b Fu(to)244
3571 y(\(\()p Fs(h)377 3586 y Fn(1)449 3571 y Fs(ps)8
b Fu(\))32 b Fs(x)12 b Fu(\))33 b Ft(t)811 3586 y Fn(P)896
3571 y Fu(\(\()p Fs(h)1029 3586 y Fn(2)1101 3571 y Fs(ps)8
b Fu(\))32 b Fs(x)12 b Fu(\))0 3755 y(If)24 b(the)h(analysis)f(of)g
(the)h(condition)e(is)i(not)f(successful,)k(that)c(is)g
Fs(f)46 b(ps)32 b Fu(=)24 b Fb(d)p Fu(?,)j(then)e(the)g(analysis)0
3875 y(of)32 b(the)h(conditional)d(will)g(fail)h(and)h(w)m(e)i(shall)d
(therefore)i(use)h(the)f(prop)s(ert)m(y)g(state)g Fb(lost)p
Fu(.)0 4077 y Fw(Example)k(5.14)49 b Fu(Consider)33 b(no)m(w)g(the)g
(statemen)m(t)244 4260 y Fr(if)g(x)g Fu(=)f Fr(x)h(then)g(z)g
Fu(:=)g Fr(y)g(else)g(y)g Fu(:=)f Fr(z)0 4444 y Fu(Clearly)-8
b(,)37 b(the)f(\014nal)g(v)-5 b(alue)36 b(of)g Fr(z)h
Fu(can)g(b)s(e)f(determined)h(uniquely)f(from)f(the)i(initial)c(v)-5
b(alue)36 b(of)0 4564 y Fr(y)p Fu(.)53 b(Ho)m(w)m(ev)m(er,)39
b(if)34 b Fr(z)i Fu(is)f(dubious)h(then)h(the)f(analysis)f(cannot)g
(giv)m(e)h(this)f(result.)53 b(T)-8 b(o)36 b(see)h(this)0
4685 y(assume)h(that)f Fs(ps)46 b Fu(is)37 b(a)g(prop)s(er)h(prop)s
(ert)m(y)g(state)g(suc)m(h)h(that)f Fs(ps)i Fr(x)e Fu(=)f
Fb(ok)p Fu(,)j Fs(ps)45 b Fr(y)38 b Fu(=)f Fb(ok)h Fu(and)0
4805 y Fs(ps)i Fr(z)33 b Fu(=)g Fb(d)p Fu(?.)43 b(Then)244
4989 y(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fr(if)33 b(x)g
Fu(=)f Fr(x)h(then)g(z)g Fu(:=)g Fr(y)f(else)i(y)f Fu(:=)f
Fr(z)p Fu(])-17 b(])q Fs(ps)8 b Fu(\))32 b Fr(z)465 5156
y Fu(=)g(\(cond)811 5171 y Fn(P)864 5156 y Fu(\()p Ft(P)8
b(B)t Fu([)-17 b([)p Fr(x)33 b Fu(=)f Fr(x)p Fu(])-17
b(])q(,)33 b Ft(P)8 b(S)g Fu([)-17 b([)q Fr(z)32 b Fu(:=)h
Fr(y)p Fu(])-17 b(])q(,)32 b Ft(P)8 b(S)h Fu([)-17 b([)p
Fr(y)33 b Fu(:=)g Fr(z)p Fu(])-17 b(]\))33 b Fs(ps)8
b Fu(\))32 b Fr(z)465 5324 y Fu(=)g(\()p Ft(P)8 b(S)g
Fu([)-17 b([)q Fr(z)33 b Fu(:=)f Fr(y)p Fu(])-17 b(])34
b Fs(ps)40 b Ft(t)1331 5339 y Fn(P)1416 5324 y Ft(P)8
b(S)g Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(z)p Fu(])-17
b(])34 b Fs(ps)8 b Fu(\))32 b Fr(z)465 5492 y Fu(=)g
Fb(d)p Fu(?)p eop
%%Page: 146 156
146 155 bop 251 130 a Fw(146)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)d
Ft(P)8 b(B)t Fu([)-17 b([)p Fr(x)31 b Fu(=)g Fr(x)p Fu(])-17
b(])q Fs(ps)39 b Fu(=)30 b Fb(ok)p Fu(,)i(\()p Ft(P)8
b(S)g Fu([)-17 b([)q Fr(z)31 b Fu(:=)g Fr(y)p Fu(])-17
b(])q Fs(ps)8 b Fu(\))30 b Fr(z)h Fu(=)g Fb(ok)g Fu(but)h(\()p
Ft(P)8 b(S)g Fu([)-17 b([)p Fr(y)32 b Fu(:=)e Fr(z)p
Fu(])-17 b(])q Fs(ps)8 b Fu(\))31 b Fr(z)g Fu(=)g Fb(d)p
Fu(?.)283 636 y(So)i(ev)m(en)h(though)e(the)h(false)f(branc)m(h)h(nev)m
(er)h(will)c(b)s(e)j(executed)h(it)e(will)e(in\015uence)j(the)g(result)
283 756 y(obtained)g(b)m(y)g(the)g(analysis.)430 877
y(Similarly)-8 b(,)21 b(ev)m(en)j(if)e Fr(y)h Fu(and)g
Fr(z)g Fu(are)g(not)g(dubious)g(but)g Fr(x)g Fu(is,)i(the)e(analysis)f
(cannot)h(determine)283 997 y(that)35 b(the)g(\014nal)f(v)-5
b(alue)35 b(of)f Fr(z)h Fu(only)f(dep)s(ends)j(on)d(the)i(v)-5
b(alue)34 b(of)g Fr(y)p Fu(.)51 b(T)-8 b(o)34 b(see)i(this)f(assume)g
(that)283 1117 y Fs(ps)k Fu(is)31 b(a)f(prop)s(er)h(prop)s(ert)m(y)h
(state)f(suc)m(h)h(that)f Fs(ps)38 b Fr(x)32 b Fu(=)e
Fb(d)p Fu(?,)i Fs(ps)38 b Fr(y)31 b Fu(=)g Fb(ok)h Fu(and)f
Fs(ps)38 b Fr(z)31 b Fu(=)g Fb(ok)p Fu(.)43 b(W)-8 b(e)283
1238 y(then)34 b(get)527 1440 y Ft(P)8 b(S)h Fu([)-17
b([)p Fr(if)33 b(x)g Fu(=)f Fr(x)h(then)h(z)f Fu(:=)f
Fr(y)h(else)g(y)g Fu(:=)g Fr(z)p Fu(])-17 b(])q Fs(ps)710
1608 y Fu(=)33 b(cond)1019 1623 y Fn(P)1071 1608 y Fu(\()p
Ft(P)8 b(B)t Fu([)-17 b([)q Fr(x)33 b Fu(=)f Fr(x)p Fu(])-17
b(])q(,)32 b Ft(P)8 b(S)h Fu([)-17 b([)p Fr(z)33 b Fu(:=)g
Fr(y)p Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 b([)q
Fr(y)33 b Fu(:=)f Fr(z)p Fu(])-17 b(])q(\))p Fs(ps)710
1775 y Fu(=)33 b Fb(lost)283 1978 y Fu(b)s(ecause)j Ft(P)8
b(B)t Fu([)-17 b([)p Fr(x)34 b Fu(=)g Fr(x)p Fu(])-17
b(])q Fs(ps)41 b Fu(=)34 b Fb(d)p Fu(?.)48 b(These)35
b(examples)f(sho)m(w)h(that)f(the)g(result)g(of)f(the)i(analysis)283
2098 y(is)j(safe)h(but)g(usually)f(somewhat)g(imprecise.)60
b(More)39 b(complex)f(analyses)h(could)f(do)g(b)s(etter)283
2218 y(\(for)28 b(example)f(b)m(y)i(trying)e(to)g(predict)h(the)g
(outcome)f(of)h(tests\))g(but)g(in)f(general)h(no)f(decidable)283
2339 y(analysis)32 b(can)h(pro)m(vide)g(exact)g(results.)1944
b Fh(2)283 2566 y Fw(Exercise)37 b(5.15)49 b Fu(Consider)33
b(the)g(statemen)m(ts)h Fs(S)2109 2581 y Fn(11)2217 2566
y Fu(and)f Fs(S)2474 2581 y Fn(12)2581 2566 y Fu(of)f(Example)h(5.3.)44
b(Use)34 b(T)-8 b(ables)283 2686 y(5.1)32 b(and)h(5.2)e(to)h(c)m
(haracterize)h(the)g(b)s(eha)m(viour)f(of)g Ft(P)8 b(S)g
Fu([)-17 b([)q Fs(S)2425 2701 y Fn(11)2499 2686 y Fu(])g(])33
b(and)f Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)3008 2701 y
Fn(12)3083 2686 y Fu(])g(])32 b(on)g(prop)s(er)h(and)283
2806 y(improp)s(er)e(prop)s(ert)m(y)j(states.)44 b(An)m(ticipating)31
b(Section)h(5.3)g(sho)m(w)i(that)527 3009 y Fs(s)575
3024 y Fn(1)647 3009 y Ft(\021)f Fs(s)805 3024 y Fn(2)877
3009 y Fu(rel)p 877 3022 109 4 v 32 w Fs(ps)41 b Fu(implies)30
b Ft(S)1548 3024 y Fn(ds)1619 3009 y Fu([)-17 b([)p Fs(S)1723
3024 y Fn(i)1747 3009 y Fu(])g(])q Fs(s)1833 3024 y Fn(1)1905
3009 y Ft(\021)33 b(S)2082 3024 y Fn(ds)2154 3009 y Fu([)-17
b([)p Fs(S)2258 3024 y Fn(i)2282 3009 y Fu(])g(])p Fs(s)2367
3024 y Fn(2)2439 3009 y Fu(rel)p 2439 3022 V 32 w Ft(P)8
b(S)h Fu([)-17 b([)p Fs(S)2830 3024 y Fn(i)2854 3009
y Fu(])g(])p Fs(ps)283 3211 y Fu(for)29 b(i)e(=)i(11,)g(12)f(and)h(for)
f(all)f Fs(ps)36 b Ft(2)29 b Fw(PState)p Fu(.)42 b(Finally)26
b(argue)j(that)f(it)g(w)m(ould)h Fs(not)38 b Fu(b)s(e)29
b(sensible)283 3331 y(to)k(use)527 3534 y(cond)727 3498
y Fi(0)727 3558 y Fn(P)780 3534 y Fu(\()p Fs(f)21 b Fu(,)32
b Fs(h)985 3549 y Fn(1)1025 3534 y Fu(,)h Fs(h)1142 3549
y Fn(2)1181 3534 y Fu(\))g Fs(ps)40 b Fu(=)33 b(\()p
Fs(h)1586 3549 y Fn(1)1658 3534 y Fs(ps)8 b Fu(\))32
b Ft(t)1893 3549 y Fn(PS)2017 3534 y Fu(\()p Fs(h)2112
3549 y Fn(2)2184 3534 y Fs(ps)8 b Fu(\))283 3736 y(instead)33
b(of)f(the)h(cond)1099 3751 y Fn(P)1184 3736 y Fu(de\014ned)h(ab)s(o)m
(v)m(e.)1891 b Fh(2)430 3963 y Fu(In)32 b(the)h(clause)f(for)g(the)g
Fr(while)p Fu(-lo)s(op)g(w)m(e)h(also)e(use)i(the)g(function)e(cond)
3080 3978 y Fn(P)3165 3963 y Fu(and)h(otherwise)283 4083
y(the)23 b(clause)f(is)f(as)h(in)f(the)i(direct)e(st)m(yle)i
(denotational)d(seman)m(tics)i(of)f(Chapter)i(4.)39 b(In)23
b(particular)283 4204 y(w)m(e)28 b(use)f(the)g(\014xed)h(p)s(oin)m(t)d
(op)s(eration)h(FIX)g(as)h(it)e(corresp)s(onds)j(to)e(unfolding)f(the)i
Fr(while)p Fu(-lo)s(op)283 4324 y(a)40 b(n)m(um)m(b)s(er)h(of)e(times)g
(|)h(once)g(for)g(eac)m(h)h(time)d(the)j Fs(analysis)47
b Fu(tra)m(v)m(erses)42 b(the)f(lo)s(op.)64 b(As)41 b(in)283
4444 y(Chapter)34 b(4)e(the)h(\014xed)h(p)s(oin)m(t)e(is)g(de\014ned)i
(b)m(y)527 4647 y(FIX)f Fs(H)48 b Fu(=)961 4580 y Fg(F)1030
4647 y Ft(f)32 b Fs(H)1200 4611 y Fn(n)1276 4647 y Ft(?)h(j)g
Fu(n)f Ft(\025)h Fu(0)g Ft(g)283 4849 y Fu(where)h(the)f(functionalit)m
(y)e(of)h Fs(H)49 b Fu(is)527 5051 y Fs(H)16 b Fu(:)33
b(\()p Fw(PState)f Ft(!)g Fw(PState)p Fu(\))g Ft(!)g
Fu(\()p Fw(PState)h Ft(!)f Fw(PState)p Fu(\))283 5254
y(and)25 b(where)h Fw(PState)d Ft(!)h Fw(PState)g Fu(is)g(the)h(set)g
(of)f(total)f(functions)h(from)f Fw(PState)h Fu(to)g
Fw(PState)p Fu(.)283 5374 y(In)37 b(order)f(for)f(this)h(to)f(mak)m(e)i
(sense)g Fs(H)52 b Fu(m)m(ust)36 b(b)s(e)h(a)e(con)m(tin)m(uous)i
(function)e(on)h(a)g(ccp)s(o)g(with)283 5494 y Ft(?)d
Fu(as)g(its)f(least)g(elemen)m(t.)44 b(W)-8 b(e)33 b(shall)e(shortly)h
(v)m(erify)h(that)g(this)f(is)g(indeed)h(the)g(case.)p
eop
%%Page: 147 157
147 156 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
b(147)p 0 193 3473 4 v 0 515 a(Example)37 b(5.16)49 b
Fu(W)-8 b(e)36 b(are)h(no)m(w)g(in)f(a)g(p)s(osition)f(where)j(w)m(e)f
(can)g(attempt)f(the)h(application)0 636 y(of)32 b(the)h(analysis)f(to)
g(the)h(factorial)d(statemen)m(t:)244 814 y Ft(P)8 b(S)g
Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])0 993 y(W)-8 b(e)35
b(shall)f(apply)g(this)h(function)f(to)g(the)i(prop)s(er)e(prop)s(ert)m
(y)i(state)f Fs(ps)2593 1008 y Fn(0)2667 993 y Fu(that)g(maps)f
Fr(x)h Fu(to)g Fb(ok)0 1113 y Fu(and)d(all)e(other)h(v)-5
b(ariables)31 b(\(including)f Fr(y)p Fu(\))i(to)f Fb(d)p
Fu(?)h(as)g(this)f(corresp)s(onds)i(to)f(viewing)f Fr(x)h
Fu(as)g(the)0 1234 y(only)g(input)g(v)-5 b(ariable)31
b(of)h(the)h(statemen)m(t.)146 1354 y(T)-8 b(o)33 b(do)f(so)h(w)m(e)h
(use)f(the)g(clauses)h(of)e(T)-8 b(ables)32 b(5.1)h(and)f(5.2)g(and)h
(get)244 1533 y Ft(P)8 b(S)g Fu([)-17 b([)q Fr(y)33 b
Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])34 b Fs(ps)2607 1548 y Fn(0)513
1700 y Fu(=)e(\(FIX)g Fs(H)16 b Fu(\))33 b(\()p Fs(ps)1158
1715 y Fn(0)1197 1700 y Fu([)p Fr(y)p Ft(7!)p Fb(ok)p
Fu(]\))0 1879 y(where)244 2057 y Fs(H)48 b(h)40 b Fu(=)33
b(cond)763 2072 y Fn(P)815 2057 y Fu(\()p Ft(P)8 b(B)t
Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)33
b Fs(h)39 b Ft(\016)33 b(P)8 b(S)g Fu([)-17 b([)q Fr(y)32
b Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])r(,)32 b(id\))0
2236 y(W)-8 b(e)33 b(\014rst)g(simplify)d Fs(H)49 b Fu(and)32
b(obtain)244 2496 y(\()p Fs(H)48 b(h)7 b Fu(\))33 b Fs(ps)41
b Fu(=)769 2322 y Fg(8)769 2397 y(<)769 2546 y(:)884
2412 y Fb(lost)449 b Fu(if)31 b Fs(ps)24 b Fu(on-trac)m(k)16
b(=)g Fb(d)p Fu(?)34 b(or)e Fs(ps)24 b Fr(x)16 b Fu(=)g
Fb(d)p Fu(?)884 2579 y(\()p Fs(h)40 b(ps)8 b Fu(\))32
b Ft(t)1247 2594 y Fn(PS)1371 2579 y Fs(ps)91 b Fu(if)31
b Fs(ps)24 b Fu(on-trac)m(k)16 b(=)g Fb(ok)34 b Fu(and)f
Fs(ps)24 b Fr(x)16 b Fu(=)g Fb(ok)0 2762 y Fu(A)m(t)29
b(this)g(p)s(oin)m(t)f(w)m(e)i(shall)e(pretend)i(that)f(w)m(e)h(ha)m(v)
m(e)g(sho)m(wn)h(the)e(follo)m(wing)d(prop)s(ert)m(y)k(of)f
Fs(H)45 b Fu(\(to)0 2882 y(b)s(e)33 b(pro)m(v)m(ed)h(in)e(Exercise)i
(5.18\):)244 3061 y(if)d Fs(H)421 3025 y Fn(n)497 3061
y Ft(?)i Fu(=)g Fs(H)804 3025 y Fn(n+1)970 3061 y Ft(?)g
Fu(for)f(some)g(n)244 3229 y(then)h(FIX)g Fs(H)48 b Fu(=)33
b Fs(H)988 3192 y Fn(n)1064 3229 y Ft(?)0 3407 y Fu(where)e
Ft(?)f Fu(is)f(the)h(function)f Ft(?)h Fs(ps)38 b Fu(=)29
b Fb(init)h Fu(for)f(all)e Fs(ps)8 b Fu(.)43 b(W)-8 b(e)30
b(can)g(no)m(w)g(calculate)e(the)i(iterands)0 3527 y
Fs(H)88 3491 y Fn(0)160 3527 y Ft(?)q Fu(,)i Fs(H)385
3491 y Fn(1)457 3527 y Ft(?)q Fu(,)g Ft(\001)17 b(\001)g(\001)o
Fu(.)43 b(W)-8 b(e)33 b(obtain)244 3706 y(\()p Fs(H)370
3670 y Fn(0)442 3706 y Ft(?)p Fu(\))g Fs(ps)40 b Fu(=)33
b Fb(init)244 3961 y Fu(\()p Fs(H)370 3925 y Fn(1)442
3961 y Ft(?)p Fu(\))g Fs(ps)40 b Fu(=)829 3786 y Fg(8)829
3861 y(<)829 4011 y(:)944 3876 y Fb(lost)83 b Fu(if)31
b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f Fs(ps)40
b Fu(not)33 b(prop)s(er)944 4044 y Fs(ps)212 b Fu(if)31
b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g Fs(ps)40
b Fu(prop)s(er)244 4315 y(\()p Fs(H)370 4279 y Fn(2)442
4315 y Ft(?)p Fu(\))33 b Fs(ps)40 b Fu(=)829 4141 y Fg(8)829
4216 y(<)829 4365 y(:)944 4231 y Fb(lost)83 b Fu(if)31
b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f Fs(ps)40
b Fu(not)33 b(prop)s(er)944 4398 y Fs(ps)212 b Fu(if)31
b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g Fs(ps)40
b Fu(prop)s(er)0 4585 y(where)27 b Fs(ps)33 b Fu(is)25
b(an)h(arbitrary)f(prop)s(ert)m(y)h(state.)42 b(Since)25
b Fs(H)2027 4549 y Fn(1)2092 4585 y Ft(?)i Fu(=)e Fs(H)2385
4549 y Fn(2)2450 4585 y Ft(?)h Fu(our)g(assumption)f(ab)s(o)m(v)m(e)0
4706 y(ensures)35 b(that)d(w)m(e)h(ha)m(v)m(e)h(found)f(the)g(least)f
(\014xed)i(p)s(oin)m(t)e(for)g Fs(H)16 b Fu(:)244 4966
y(\(FIX)32 b Fs(H)16 b Fu(\))33 b Fs(ps)40 b Fu(=)884
4791 y Fg(8)884 4866 y(<)884 5016 y(:)999 4881 y Fb(lost)83
b Fu(if)31 b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f
Fs(ps)40 b Fu(not)33 b(prop)s(er)999 5049 y Fs(ps)212
b Fu(if)31 b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g
Fs(ps)40 b Fu(prop)s(er)0 5232 y(It)e(is)g(no)m(w)h(straigh)m(tforw)m
(ard)f(to)g(v)m(erify)g(that)g(\(FIX)h Fs(H)16 b Fu(\))38
b(\()p Fs(ps)2283 5247 y Fn(0)2322 5232 y Fu([)p Fr(y)p
Ft(7!)p Fb(ok)p Fu(]\))h Fr(y)f Fu(=)g Fb(ok)h Fu(and)g(that)0
5352 y(\(FIX)32 b Fs(H)16 b Fu(\)\()p Fs(ps)504 5367
y Fn(0)544 5352 y Fu([)p Fr(y)p Ft(7!)p Fb(ok)p Fu(]\))22
b(is)g(prop)s(er.)40 b(W)-8 b(e)22 b(conclude)h(that)e(there)i
Fs(is)30 b Fu(a)22 b(functional)e(dep)s(endency)0 5472
y(b)s(et)m(w)m(een)35 b(the)e(input)f(v)-5 b(ariable)31
b Fr(x)h Fu(and)h(the)g(output)g(v)-5 b(ariable)31 b
Fr(y)p Fu(.)1022 b Fh(2)p eop
%%Page: 148 158
148 157 bop 251 130 a Fw(148)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fp(W)-11
b(ell-de\014nedness)46 b(of)f FC(P)10 b(S)283 700 y Fu(Ha)m(ving)32
b(sp)s(eci\014ed)h(the)g(analysis)e(w)m(e)j(shall)c(no)m(w)j(sho)m(w)g
(that)f(it)g(is)f(indeed)i(w)m(ell-de\014ned.)43 b(As)283
820 y(in)32 b(Chapter)i(4)e(there)h(are)g(three)g(stages:)429
1024 y Ft(\017)48 b Fu(First)23 b(w)m(e)i(in)m(tro)s(duce)e(a)g
(partial)f(order)h(on)h Fw(PState)f Ft(!)g Fw(PState)g
Fu(suc)m(h)i(that)f(it)e(b)s(ecomes)527 1144 y(a)33 b(ccp)s(o.)429
1348 y Ft(\017)48 b Fu(Then)37 b(w)m(e)f(sho)m(w)g(that)f(certain)g
(auxiliary)e(functions)i(used)h(in)e(the)i(de\014nition)e(of)h
Ft(P)8 b(S)527 1468 y Fu(are)33 b(con)m(tin)m(uous.)429
1671 y Ft(\017)48 b Fu(Finally)32 b(w)m(e)j(sho)m(w)h(that)e(the)g
(\014xed)i(p)s(oin)m(t)d(op)s(erator)h(only)f(is)h(applied)f(to)h(con)m
(tin)m(uous)527 1792 y(functions.)283 1995 y(Th)m(us)h(our)d(\014rst)h
(task)g(is)f(to)h(de\014ne)g(a)g(partial)d(order)j(on)f
Fw(PState)g Ft(!)g Fw(PState)h Fu(and)f(for)g(this)283
2116 y(w)m(e)j(use)g(the)g(approac)m(h)f(dev)m(elop)s(ed)h(in)e(Lemma)g
(5.4.)47 b(Instan)m(tiating)33 b(the)h(non-empt)m(y)g(set)h
Fs(S)283 2236 y Fu(to)d(the)h(set)g Fw(PState)f Fu(and)h(the)f
(partially)e(ordered)j(set)g(\()p Fs(D)9 b Fu(,)33 b
Ft(v)p Fu(\))f(to)g(\()p Fw(PState)p Fu(,)g Ft(v)3294
2251 y Fn(PS)3385 2236 y Fu(\))g(w)m(e)i(get:)p 283 2356
3473 5 v 283 2531 a Fw(Corollary)i(5.17)49 b Fu(Let)33
b Ft(v)g Fu(b)s(e)g(the)g(ordering)f(on)g Fw(PState)g
Ft(!)g Fw(PState)h Fu(de\014ned)h(b)m(y)527 2734 y Fs(h)584
2749 y Fn(1)657 2734 y Ft(v)f Fs(h)824 2749 y Fn(2)896
2734 y Fu(if)e(and)i(only)f(if)f Fs(h)1535 2749 y Fn(1)1608
2734 y Fs(ps)40 b Ft(v)1815 2749 y Fn(PS)1939 2734 y
Fs(h)1996 2749 y Fn(2)2069 2734 y Fs(ps)g Fu(for)32 b(all)e(prop)s(ert)
m(y)k(states)f Fs(ps)283 2938 y Fu(Then)42 b(\()p Fw(PState)d
Ft(!)h Fw(PState)p Fu(,)h Ft(v)p Fu(\))f(is)g(a)f(complete)h(lattice,)g
(and)g(hence)h(a)f(ccp)s(o,)i(and)e(the)283 3058 y(form)m(ula)31
b(for)h(least)g(upp)s(er)h(b)s(ounds)h(is)527 3261 y(\()565
3195 y Fg(F)667 3261 y Fs(Y)20 b Fu(\))32 b Fs(ps)41
b Fu(=)1068 3195 y Fg(F)1137 3276 y Fn(PS)1261 3261 y
Ft(f)32 b Fs(h)40 b(ps)g Ft(j)33 b Fs(h)39 b Ft(2)33
b Fs(Y)53 b Ft(g)283 3465 y Fu(for)32 b(an)m(y)i(subset)g
Fs(Y)52 b Fu(of)32 b Fw(PState)g Ft(!)g Fw(PState)p Fu(.)p
283 3585 V 283 3813 a Fw(Exercise)37 b(5.18)49 b(\(Essen)m(tial\))33
b Fu(Sho)m(w)j(that)f(the)h(assumption)f(made)g(in)g(Example)g(5.16)f
(is)283 3934 y(correct.)45 b(That)32 b(is)h(\014rst)g(sho)m(w)g(that)
527 4137 y Fs(H)16 b Fu(:)33 b(\()p Fw(PState)f Ft(!)g
Fw(PState)p Fu(\))g Ft(!)g Fu(\()p Fw(PState)h Ft(!)f
Fw(PState)p Fu(\))283 4341 y(as)d(de\014ned)g(in)f(Example)g(5.16)f(is)
h(indeed)g(a)g(monotone)g(function.)41 b(Next)29 b(sho)m(w)h(that)e
(for)f(an)m(y)283 4461 y(monotone)32 b(function)g Fs(H)49
b Fu(of)32 b(the)h(ab)s(o)m(v)m(e)g(functionalit)m(y)e(if)527
4664 y Fs(H)615 4628 y Fn(n)691 4664 y Ft(?)i Fu(=)g
Fs(H)998 4628 y Fn(n+1)1164 4664 y Ft(?)283 4868 y Fu(for)f(some)h(n)g
(then)g Fs(H)1074 4832 y Fn(n)1150 4868 y Ft(?)g Fu(is)f(the)h(least)f
(\014xed)i(p)s(oin)m(t)e(of)g Fs(H)16 b Fu(.)1210 b Fh(2)430
5096 y Fu(Our)37 b(second)i(task)f(is)f(to)g(ensure)i(that)e(the)h
(function)f Fs(H)53 b Fu(used)39 b(in)e(T)-8 b(able)37
b(5.2)g(is)g(a)g(con-)283 5216 y(tin)m(uous)45 b(function)e(from)g
Fw(PState)h Ft(!)f Fw(PState)h Fu(to)g Fw(PState)f Ft(!)h
Fw(PState)p Fu(.)78 b(F)-8 b(or)43 b(this)h(w)m(e)283
5337 y(follo)m(w)27 b(the)j(approac)m(h)f(of)f(Section)h(4.3)f(and)h
(sho)m(w)h(that)e(cond)2571 5352 y Fn(P)2653 5337 y Fu(is)g(con)m(tin)m
(uous)h(in)f(its)h(second)283 5457 y(argumen)m(t)k(and)f(later)g(that)g
(comp)s(osition)f(is)h(con)m(tin)m(uous)h(in)f(its)g(\014rst)h(argumen)
m(t.)p eop
%%Page: 149 159
149 158 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
b(149)p 0 193 3473 4 v 0 515 3473 5 v 0 697 a(Lemma)37
b(5.19)49 b Fu(Let)33 b Fs(f)21 b Fu(:)43 b Fw(PState)32
b Ft(!)h Fw(P)p Fu(,)f Fs(h)1631 712 y Fn(0)1670 697
y Fu(:)44 b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)244
906 y Fs(H)48 b(h)40 b Fu(=)33 b(cond)763 921 y Fn(P)815
906 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)7 b Fu(,)33 b
Fs(h)1138 921 y Fn(0)1177 906 y Fu(\))0 1115 y(Then)h
Fs(H)16 b Fu(:)32 b(\()p Fw(PState)p Ft(!)p Fw(PState)p
Fu(\))g Ft(!)g Fu(\()p Fw(PState)p Ft(!)o Fw(PState)p
Fu(\))g(is)g(a)g(con)m(tin)m(uous)i(function.)p 0 1235
V 0 1444 a Fw(Pro)s(of:)48 b Fu(W)-8 b(e)42 b(shall)e(\014rst)i(pro)m
(v)m(e)h(that)e Fs(H)58 b Fu(is)41 b Fs(monotone)48 b
Fu(so)42 b(let)f Fs(h)2505 1459 y Fn(1)2586 1444 y Fu(and)h
Fs(h)2842 1459 y Fn(2)2923 1444 y Fu(b)s(e)g(suc)m(h)h(that)0
1565 y Fs(h)57 1580 y Fn(1)129 1565 y Ft(v)33 b Fs(h)296
1580 y Fn(2)336 1565 y Fu(,)e(that)g(is)g Fs(h)758 1580
y Fn(1)828 1565 y Fs(ps)39 b Ft(v)1035 1580 y Fn(PS)1157
1565 y Fs(h)1214 1580 y Fn(2)1285 1565 y Fs(ps)f Fu(for)31
b(all)e(prop)s(ert)m(y)i(states)h Fs(ps)8 b Fu(.)43 b(W)-8
b(e)32 b(then)f(ha)m(v)m(e)i(to)d(sho)m(w)0 1685 y(that)38
b(cond)417 1700 y Fn(P)470 1685 y Fu(\()p Fs(f)21 b Fu(,)39
b Fs(h)682 1700 y Fn(1)722 1685 y Fu(,)h Fs(h)846 1700
y Fn(0)885 1685 y Fu(\))e Fs(ps)46 b Ft(v)1175 1700 y
Fn(PS)1304 1685 y Fu(cond)1504 1700 y Fn(P)1557 1685
y Fu(\()p Fs(f)21 b Fu(,)40 b Fs(h)1770 1700 y Fn(2)1809
1685 y Fu(,)g Fs(h)1933 1700 y Fn(0)1973 1685 y Fu(\))e
Fs(ps)8 b Fu(.)60 b(The)39 b(pro)s(of)e(is)h(b)m(y)h(cases)h(on)e(the)0
1806 y(v)-5 b(alue)32 b(of)g Fs(f)54 b(ps)8 b Fu(.)43
b(If)32 b Fs(f)54 b(ps)40 b Fu(=)33 b Fb(ok)g Fu(then)g(the)g(result)g
(follo)m(ws)e(since)244 2015 y(\()p Fs(h)339 2030 y Fn(1)411
2015 y Fs(ps)8 b Fu(\))32 b Ft(t)646 2030 y Fn(PS)770
2015 y Fu(\()p Fs(h)865 2030 y Fn(0)937 2015 y Fs(ps)8
b Fu(\))32 b Ft(v)1183 2030 y Fn(PS)1307 2015 y Fu(\()p
Fs(h)1402 2030 y Fn(2)1474 2015 y Fs(ps)8 b Fu(\))32
b Ft(t)1708 2030 y Fn(PS)1832 2015 y Fu(\()p Fs(h)1927
2030 y Fn(0)1999 2015 y Fs(ps)8 b Fu(\))0 2224 y(If)33
b Fs(f)53 b(ps)40 b Fu(=)33 b Fb(d)p Fu(?)g(then)g(the)g(result)f
(follo)m(ws)g(since)h Fb(lost)f Ft(v)2111 2239 y Fn(PS)2234
2224 y Fb(lost)p Fu(.)146 2345 y(T)-8 b(o)27 b(see)g(that)f
Fs(H)42 b Fu(is)26 b Fs(c)-5 b(ontinuous)34 b Fu(let)26
b Fs(Y)46 b Fu(b)s(e)26 b(a)g(non-empt)m(y)h(c)m(hain)f(in)f
Fw(PState)h Ft(!)g Fw(PState)p Fu(.)0 2466 y(Using)f(the)g(c)m
(haracterization)f(of)h(least)f(upp)s(er)i(b)s(ounds)g(in)e
Fw(PState)g Fu(giv)m(en)h(in)g(Corollary)e(5.17)0 2586
y(w)m(e)34 b(see)f(that)g(w)m(e)g(m)m(ust)g(sho)m(w)h(that)244
2795 y(\()p Fs(H)48 b Fu(\()440 2729 y Fg(F)510 2795
y Fs(Y)19 b Fu(\)\))33 b Fs(ps)40 b Fu(=)948 2729 y Fg(F)1018
2810 y Fn(PS)1141 2795 y Ft(f)33 b Fu(\()p Fs(H)48 b(h)7
b Fu(\))33 b Fs(ps)40 b Ft(j)33 b Fs(h)39 b Ft(2)33 b
Fs(Y)53 b Ft(g)0 3005 y Fu(for)35 b(all)f(prop)s(ert)m(y)i(states)g
Fs(ps)44 b Fu(in)35 b Fw(PState)p Fu(.)52 b(The)36 b(pro)s(of)f(is)g(b)
m(y)h(cases)h(on)f(the)g(v)-5 b(alue)35 b(of)g Fs(f)56
b(ps)8 b Fu(.)0 3125 y(If)33 b Fs(f)53 b(ps)40 b Fu(=)33
b Fb(d)p Fu(?)g(then)g(w)m(e)g(ha)m(v)m(e)h(\()p Fs(H)49
b Fu(\()1348 3058 y Fg(F)1417 3125 y Fs(Y)20 b Fu(\)\))32
b Fs(ps)40 b Fu(=)33 b Fb(lost)f Fu(and)244 3268 y Fg(F)313
3349 y Fn(PS)437 3334 y Ft(f)g Fu(\()p Fs(H)49 b(h)7
b Fu(\))33 b Fs(ps)40 b Ft(j)32 b Fs(h)40 b Ft(2)p Fs(Y)53
b Ft(g)32 b Fu(=)1467 3268 y Fg(F)1536 3349 y Fn(PS)1660
3334 y Ft(f)h Fb(lost)f Ft(j)g Fs(h)40 b Ft(2)33 b Fs(Y)52
b Ft(g)1359 3502 y Fu(=)32 b Fb(lost)0 3711 y Fu(where)47
b(the)g(last)e(equalit)m(y)h(is)f(b)s(ecause)j Fs(Y)65
b Fu(is)46 b(not)g(empt)m(y)-8 b(.)84 b(Th)m(us)48 b(w)m(e)f(ha)m(v)m
(e)g(pro)m(v)m(ed)h(the)0 3831 y(required)33 b(result)g(in)f(this)g
(case.)45 b(If)33 b Fs(f)53 b(ps)41 b Fu(=)33 b Fb(ok)g
Fu(then)g(the)g(c)m(haracterization)f(of)h(least)f(upp)s(er)0
3952 y(b)s(ounds)h(in)f Fw(PState)g Fu(giv)m(es:)244
4161 y(\()p Fs(H)48 b Fu(\()440 4094 y Fg(F)510 4161
y Fs(Y)19 b Fu(\)\))33 b Fs(ps)40 b Fu(=)32 b(\(\()1024
4094 y Fg(F)1093 4161 y Fs(Y)20 b Fu(\))33 b Fs(ps)8
b Fu(\))32 b Ft(t)1490 4176 y Fn(PS)1614 4161 y Fu(\()p
Fs(h)1709 4176 y Fn(0)1781 4161 y Fs(ps)8 b Fu(\))840
4328 y(=)32 b(\()986 4262 y Fg(F)1056 4343 y Fn(PS)1179
4328 y Ft(f)h Fs(h)40 b(ps)g Ft(j)32 b Fs(h)40 b Ft(2)33
b Fs(Y)52 b Ft(g)p Fu(\))32 b Ft(t)2042 4343 y Fn(PS)2166
4328 y Fu(\()p Fs(h)2261 4343 y Fn(0)2333 4328 y Fs(ps)8
b Fu(\))840 4496 y(=)948 4430 y Fg(F)1018 4511 y Fn(PS)1141
4496 y Ft(f)33 b Fs(h)40 b(ps)g Ft(j)32 b Fs(h)40 b Ft(2)33
b Fs(Y)52 b Ft([)33 b(f)f Fs(h)2055 4511 y Fn(0)2128
4496 y Ft(g)g(g)0 4705 y Fu(and)244 4848 y Fg(F)313 4929
y Fn(PS)437 4914 y Ft(f)g Fu(\()p Fs(H)49 b(h)7 b Fu(\))33
b Fs(ps)40 b Ft(j)32 b Fs(h)40 b Ft(2)33 b Fs(Y)52 b
Ft(g)32 b Fu(=)1500 4848 y Fg(F)1569 4929 y Fn(PS)1693
4914 y Ft(f)g Fu(\()p Fs(h)40 b(ps)8 b Fu(\))32 b Ft(t)2138
4929 y Fn(PS)2261 4914 y Fu(\()p Fs(h)2356 4929 y Fn(0)2429
4914 y Fs(ps)8 b Fu(\))32 b Ft(j)g Fs(h)40 b Ft(2)33
b Fs(Y)52 b Ft(g)1391 5082 y Fu(=)1500 5016 y Fg(F)1569
5097 y Fn(PS)1693 5082 y Ft(f)32 b Fs(h)40 b(ps)g Ft(j)33
b Fs(h)39 b Ft(2)33 b Fs(Y)52 b Ft([)33 b(f)g Fs(h)2607
5097 y Fn(0)2679 5082 y Ft(g)f(g)0 5291 y Fu(where)g(the)f(last)f
(equalit)m(y)g(follo)m(ws)f(b)s(ecause)j Fs(Y)50 b Fu(is)30
b(not)h(empt)m(y)-8 b(.)43 b(Th)m(us)32 b(the)f(result)g(follo)m(ws)e
(in)0 5411 y(this)j(case.)3008 b Fh(2)p eop
%%Page: 150 160
150 159 bop 251 130 a Fw(150)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Exercise)h(5.20)49
b Fu(Let)33 b Fs(f)20 b Fu(:)44 b Fw(PState)32 b Ft(!)g
Fw(P)p Fu(,)g Fs(h)1960 530 y Fn(0)2000 515 y Fu(:)44
b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)527
706 y Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 721 y Fn(P)1099
706 y Fu(\()p Fs(f)21 b Fu(,)32 b Fs(h)1304 721 y Fn(0)1344
706 y Fu(,)h Fs(h)7 b Fu(\))283 897 y(Sho)m(w)32 b(that)e
Fs(H)16 b Fu(:)30 b(\()p Fw(PState)g Ft(!)f Fw(PState)p
Fu(\))h Ft(!)g Fu(\()p Fw(PState)g Ft(!)f Fw(PState)p
Fu(\))h(is)g(a)g(con)m(tin)m(uous)h(func-)283 1018 y(tion.)3202
b Fh(2)p 283 1230 3473 5 v 283 1392 a Fw(Lemma)38 b(5.21)49
b Fu(Let)32 b Fs(h)1160 1407 y Fn(0)1200 1392 y Fu(:)44
b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)527
1583 y Fs(H)49 b(h)40 b Fu(=)32 b Fs(h)40 b Ft(\016)32
b Fs(h)1075 1598 y Fn(0)283 1774 y Fu(Then)i Fs(H)16
b Fu(:)33 b(\()p Fw(PState)p Ft(!)o Fw(PState)p Fu(\))f
Ft(!)g Fu(\()p Fw(PState)p Ft(!)o Fw(PState)p Fu(\))h(is)f(a)g(con)m
(tin)m(uous)h(function.)p 283 1894 V 283 2085 a Fw(Pro)s(of:)50
b Fu(W)-8 b(e)43 b(shall)e(\014rst)j(sho)m(w)g(that)f
Fs(H)58 b Fu(is)43 b Fs(monotone)49 b Fu(so)43 b(let)f
Fs(h)2781 2100 y Fn(1)2864 2085 y Fu(and)h Fs(h)3121
2100 y Fn(2)3204 2085 y Fu(b)s(e)g(suc)m(h)h(that)283
2206 y Fs(h)340 2221 y Fn(1)413 2206 y Ft(v)33 b Fs(h)580
2221 y Fn(2)619 2206 y Fu(,)h(that)g(is)f Fs(h)1049 2221
y Fn(1)1123 2206 y Fs(ps)41 b Ft(v)1332 2221 y Fn(PS)1457
2206 y Fs(h)1514 2221 y Fn(2)1587 2206 y Fs(ps)h Fu(for)33
b(all)f(prop)s(ert)m(y)i(states)h Fs(ps)8 b Fu(.)46 b(Clearly)33
b(w)m(e)i(then)g(ha)m(v)m(e)283 2326 y Fs(h)340 2341
y Fn(1)380 2326 y Fu(\()p Fs(h)475 2341 y Fn(0)544 2326
y Fs(ps)8 b Fu(\))29 b Ft(v)787 2341 y Fn(PS)908 2326
y Fs(h)965 2341 y Fn(2)1004 2326 y Fu(\()p Fs(h)1099
2341 y Fn(0)1168 2326 y Fs(ps)8 b Fu(\))30 b(for)e(all)g(prop)s(ert)m
(y)i(states)g Fs(ps)38 b Fu(and)29 b(thereb)m(y)i(w)m(e)g(ha)m(v)m(e)g
(pro)m(v)m(ed)f(the)283 2446 y(monotonicit)m(y)h(of)h
Fs(H)16 b Fu(.)430 2567 y(T)-8 b(o)40 b(pro)m(v)m(e)h(the)f
Fs(c)-5 b(ontinuity)49 b Fu(let)39 b Fs(Y)59 b Fu(b)s(e)40
b(a)g(non-empt)m(y)g(c)m(hain)f(in)g Fw(PState)h Ft(!)f
Fw(PState)p Fu(.)283 2687 y(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)h(that)527
2878 y(\()p Fs(H)49 b Fu(\()724 2812 y Fg(F)793 2878
y Fs(Y)20 b Fu(\)\))32 b Fs(ps)40 b Fu(=)33 b(\()1270
2812 y Fg(F)1339 2878 y Ft(f)f Fs(H)49 b(h)40 b Ft(j)32
b Fs(h)40 b Ft(2)33 b Fs(Y)52 b Ft(g)p Fu(\))32 b Fs(ps)283
3069 y Fu(for)h(all)e(prop)s(ert)m(y)j(states)g Fs(ps)8
b Fu(.)46 b(Using)33 b(the)g(c)m(haracterization)f(of)h(least)g(upp)s
(er)h(b)s(ounds)g(giv)m(en)283 3190 y(in)e(Corollary)f(5.17)h(w)m(e)i
(get)527 3381 y(\()p Fs(H)49 b Fu(\()724 3314 y Fg(F)793
3381 y Fs(Y)20 b Fu(\)\))32 b Fs(ps)40 b Fu(=)33 b(\(\()1308
3314 y Fg(F)1377 3381 y Fs(Y)20 b Fu(\))32 b Ft(\016)g
Fs(h)1678 3396 y Fn(0)1718 3381 y Fu(\))h Fs(ps)1123
3548 y Fu(=)g(\()1270 3482 y Fg(F)1339 3548 y Fs(Y)20
b Fu(\))32 b(\()p Fs(h)1596 3563 y Fn(0)1668 3548 y Fs(ps)8
b Fu(\))1123 3716 y(=)1232 3649 y Fg(F)1301 3731 y Fn(PS)1425
3716 y Ft(f)32 b Fs(h)40 b Fu(\()p Fs(h)1692 3731 y Fn(0)1764
3716 y Fs(ps)8 b Fu(\))33 b Ft(j)f Fs(h)40 b Ft(2)32
b Fs(Y)53 b Ft(g)283 3907 y Fu(and)527 4098 y(\()565
4031 y Fg(F)634 4098 y Ft(f)33 b Fs(H)48 b(h)40 b Ft(j)32
b Fs(h)40 b Ft(2)33 b Fs(Y)52 b Ft(g)p Fu(\))33 b Fs(ps)40
b Fu(=)1659 4031 y Fg(F)1729 4113 y Fn(PS)1852 4098 y
Ft(f)33 b Fu(\()p Fs(H)48 b(h)7 b Fu(\))33 b Fs(ps)40
b Ft(j)33 b Fs(h)39 b Ft(2)33 b Fs(Y)53 b Ft(g)1551 4265
y Fu(=)1659 4199 y Fg(F)1729 4280 y Fn(PS)1852 4265 y
Ft(f)33 b Fu(\()p Fs(h)39 b Ft(\016)33 b Fs(h)2202 4280
y Fn(0)2241 4265 y Fu(\))g Fs(ps)40 b Ft(j)33 b Fs(h)39
b Ft(2)33 b Fs(Y)52 b Ft(g)283 4457 y Fu(Hence)34 b(the)f(result)g
(follo)m(ws.)2352 b Fh(2)430 4660 y Fu(This)33 b(su\016ces)h(for)e(sho)
m(wing)h(the)g(w)m(ell-de\014nedness)h(of)e Ft(P)8 b(S)h
Fu(:)p 283 4780 V 283 4942 a Fw(Prop)s(osition)36 b(5.22)49
b Fu(The)41 b(seman)m(tic)f(function)f Ft(P)8 b(S)h Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(:)58 b Fw(PState)39 b
Ft(!)h Fw(PState)g Fu(of)f(T)-8 b(able)283 5063 y(5.2)33
b(is)f(a)g(w)m(ell-de\014ned)h(function)f(for)g(all)e(statemen)m(ts)k
Fs(S)44 b Fu(of)32 b(the)h(language)f Fw(While)p Fu(.)p
283 5183 V 283 5374 a Fw(Pro)s(of:)k Fu(The)c(pro)s(of)e(is)h(b)m(y)h
(structural)f(induction)f(on)h Fs(S)43 b Fu(and)32 b(only)e(the)i(case)
g(of)e(the)i Fr(while)p Fu(-)283 5494 y(lo)s(op)g(is)g(in)m(teresting.)
43 b(W)-8 b(e)33 b(note)f(that)h(the)g(function)f Fs(H)49
b Fu(used)33 b(in)f(T)-8 b(able)32 b(5.2)g(is)h(giv)m(en)f(b)m(y)p
eop
%%Page: 151 161
151 160 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
b(151)p 0 193 3473 4 v 244 515 a Fs(H)48 b Fu(=)33 b
Fs(H)561 530 y Fn(1)633 515 y Ft(\016)f Fs(H)803 530
y Fn(2)0 724 y Fu(where)244 932 y Fs(H)332 947 y Fn(1)404
932 y Fs(h)40 b Fu(=)32 b(cond)802 947 y Fn(P)855 932
y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(,)32 b Fs(h)7 b Fu(,)33 b(id\))244 1099 y Fs(H)332
1114 y Fn(2)404 1099 y Fs(h)40 b Fu(=)32 b Fs(h)40 b
Ft(\016)32 b(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])0 1307 y(As)39 b Fs(H)238 1322 y Fn(1)315 1307 y
Fu(and)f Fs(H)598 1322 y Fn(2)676 1307 y Fu(are)g(con)m(tin)m(uous)g
(functions)g(b)m(y)h(Lemmas)e(5.19)h(and)g(5.21)f(w)m(e)i(ha)m(v)m(e)h
(that)0 1428 y Fs(H)47 b Fu(is)31 b(a)g(con)m(tin)m(uous)g(function)g
(b)m(y)h(Lemma)e(4.35.)42 b(Hence)32 b(FIX)f Fs(H)48
b Fu(is)30 b(w)m(ell-de\014ned)i(and)f(this)0 1548 y(completes)h(the)h
(pro)s(of.)2530 b Fh(2)0 1867 y Fw(Exercise)36 b(5.23)49
b Fu(Consider)33 b(the)g(statemen)m(t)244 2075 y Fr(z)g
Fu(:=)f Fr(0)p Fu(;)h Fr(while)h(y)p Ft(\024)q Fr(x)e(do)h
Fu(\()p Fr(z)g Fu(:=)g Fr(z)p Fu(+)p Fr(1)p Fu(;)g Fr(x)f
Fu(:=)h Fr(x)p Ft(\000)p Fr(y)p Fu(\))0 2283 y(where)h
Fr(x)f Fu(and)f Fr(y)h Fu(are)g(input)f(v)-5 b(ariables)31
b(and)i Fr(z)g Fu(is)f(the)h(output)g(v)-5 b(ariable.)41
b(Use)34 b(the)f(approac)m(h)0 2404 y(of)e(Example)g(5.16)g(to)h(sho)m
(w)g(that)g(there)g(is)f(a)h(functional)e(dep)s(endency)k(b)s(et)m(w)m
(een)g(the)e(input)0 2524 y(and)h(output)f(v)-5 b(ariables.)2489
b Fh(2)0 2759 y Fw(Exercise)36 b(5.24)49 b Fu(Apply)31
b(the)g(analysis)f Ft(P)8 b(S)39 b Fu(to)30 b(the)i(statemen)m(t)f
Fr(while)h(true)f(do)h(skip)f Fu(and)0 2879 y(explain)h(wh)m(y)i(the)f
(analysis)f(terminates.)1840 b Fh(2)0 3114 y Fw(Exercise)36
b(5.25)49 b Fu(Extend)g Fw(While)d Fu(with)h(the)h(statemen)m(t)g
Fr(repeat)34 b Fs(S)45 b Fr(until)33 b Fs(b)54 b Fu(and)47
b(giv)m(e)0 3235 y(the)38 b(new)g(\(comp)s(ositional\))c(clause)k(for)e
Ft(P)8 b(S)h Fu(.)58 b(Discuss)38 b(y)m(our)g(extension)g(and)f(v)-5
b(alidate)36 b(the)0 3355 y(w)m(ell-de\014nedness.)2697
b Fh(2)0 3590 y Fw(Exercise)36 b(5.26)49 b Fu(Extend)41
b Fw(While)d Fu(with)i(the)g(statemen)m(t)g Fr(for)g
Fo(x)g Fu(:=)g Fo(a)2716 3605 y Fn(1)2795 3590 y Fr(to)g
Fo(a)2988 3605 y Fn(2)3067 3590 y Fr(do)g Fs(S)51 b Fu(and)0
3711 y(giv)m(e)35 b(the)g(new)h(\(comp)s(ositional\))31
b(clause)k(for)g Ft(P)8 b(S)g Fu(.)50 b(Discuss)36 b(y)m(our)f
(extension)h(and)f(v)-5 b(alidate)0 3831 y(the)33 b(w)m
(ell-de\014nedness.)2529 b Fh(2)0 4066 y Fw(Exercise)36
b(5.27)49 b(\(Essen)m(tial\))31 b Fu(Sho)m(w)i(that)f(for)g(ev)m(ery)j
(statemen)m(t)e Fs(S)244 4274 y(ps)40 b Fu(on-trac)m(k)33
b Ft(v)g Fu(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])p Fs(ps)8 b Fu(\))33 b(on-trac)m(k)0 4482
y(so)g(that)g Fs(ps)40 b Fu(m)m(ust)34 b(b)s(e)f(prop)s(er)g(if)e
Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q
Fs(ps)40 b Fu(is.)k(In)33 b(the)h(case)g(of)e Fr(while)i
Fs(b)39 b Fr(do)33 b Fs(S)45 b Fu(y)m(ou)34 b(should)0
4602 y(\014rst)f(pro)m(v)m(e)h(that)e(for)g(all)f(n)h
Ft(\025)h Fu(1:)244 4811 y Fs(ps)40 b Fu(on-trac)m(k)33
b Ft(v)g Fu(\(\()p Fs(H)1033 4774 y Fn(n)1109 4811 y
Ft(?)p Fu(\))g Fs(ps)8 b Fu(\))32 b(on-trac)m(k)0 5019
y(where)i Ft(?)f Fs(ps)490 4983 y Fi(0)546 5019 y Fu(=)f
Fb(init)h Fu(for)f(all)e Fs(ps)1249 4983 y Fi(0)1305
5019 y Fu(and)j Fs(H)48 b(h)40 b Fu(=)32 b(cond)2013
5034 y Fn(P)2066 5019 y Fu(\()p Ft(P)8 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b Fs(h)39 b Ft(\016)33
b(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33
b(id\).)296 b Fh(2)0 5254 y Fw(Exercise)36 b(5.28)49
b Fu(Sho)m(w)25 b(that)f(there)h(exists)g Fs(h)1702 5269
y Fn(0)1741 5254 y Fu(:)40 b Fw(PState)23 b Ft(!)h Fw(PState)f
Fu(suc)m(h)j(that)e Fs(H)40 b Fu(de\014ned)0 5374 y(b)m(y)h
Fs(H)56 b(h)47 b Fu(=)40 b Fs(h)541 5389 y Fn(0)621 5374
y Ft(\016)g Fs(h)47 b Fu(is)40 b Fs(not)h(even)47 b Fu(a)40
b(monotone)f(function)h(from)f Fw(PState)g Ft(!)h Fw(PState)g
Fu(to)0 5494 y Fw(PState)32 b Ft(!)g Fw(PState)p Fu(.)2543
b Fh(2)p eop
%%Page: 152 162
152 161 bop 251 130 a Fw(152)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Remark)30
b Fu(The)h(example)f(of)f(the)i(ab)s(o)m(v)m(e)g(exercise)g(indicates)f
(a)g(ma)5 b(jor)29 b(departure)i(from)d(the)283 636 y(secure)46
b(w)m(orld)d(of)g(Chapter)h(4.)76 b(Luc)m(kily)44 b(an)f(insurance)h(p)
s(olicy)e(can)i(b)s(e)g(arranged.)76 b(The)283 756 y(premium)31
b(is)h(to)h(replace)f(all)f(o)s(ccurrences)j(of)527 993
y Fw(PState)e Ft(!)h Fw(PState)97 b Fu(and)130 b Fw(PState)32
b Ft(!)g Fw(P)283 1229 y Fu(b)m(y)527 1466 y([)p Fw(PState)h
Ft(!)f Fw(PState)p Fu(])97 b(and)130 b([)p Fw(PState)32
b Ft(!)h Fw(P)p Fu(])283 1702 y(where)45 b([)p Fs(D)52
b Ft(!)42 b Fs(E)12 b Fu(])44 b(=)e Ft(f)h Fs(f)21 b
Fu(:)64 b Fs(D)52 b Ft(!)43 b Fs(E)55 b Ft(j)43 b Fs(f)64
b Fu(is)42 b(con)m(tin)m(uous)i Ft(g)p Fu(.)75 b(One)43
b(can)g(then)h(sho)m(w)g(that)283 1823 y([)p Fs(D)49
b Ft(!)39 b Fs(E)12 b Fu(])40 b(is)f(a)h(ccp)s(o)g(if)e
Fs(D)49 b Fu(and)40 b Fs(E)51 b Fu(are)40 b(and)g(that)f(the)h(c)m
(haracterization)f(of)g(least)g(upp)s(er)283 1943 y(b)s(ounds)c(giv)m
(en)f(in)g(Lemma)f(5.4)g(still)f(holds.)48 b(F)-8 b(urthermore,)34
b(one)g(can)g(sho)m(w)i(that)d(Exercise)283 2063 y(5.6)26
b(ensures)h(that)f Ft(P)8 b(A)p Fu([)-17 b([)p Fs(a)7
b Fu(])-17 b(])27 b(and)f Ft(P)8 b(B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])26 b(are)g(con)m(tin)m(uous.)42
b(Finally)-8 b(,)24 b(the)i(en)m(tire)g(dev)m(elopmen)m(t)283
2184 y(in)k(this)h(section)g(still)d(carries)j(through)f(although)g
(there)h(are)g(additional)d(pro)s(of)i(obligations)283
2304 y(to)i(b)s(e)h(carried)f(out.)43 b(In)32 b(this)g(setting)g(one)g
(gets)h(that)f(if)f Fs(h)2438 2319 y Fn(0)2478 2304 y
Fu(:)43 b([)p Fw(PState)32 b Ft(!)g Fw(PState)p Fu(])g(then)g
Fs(H)283 2424 y Fu(de\014ned)c(b)m(y)f Fs(H)42 b(h)34
b Fu(=)26 b Fs(h)1099 2439 y Fn(0)1171 2424 y Ft(\016)32
b Fs(h)h Fu(is)26 b(indeed)g(a)g(con)m(tin)m(uous)h(function)f(from)f
([)p Fw(PState)g Ft(!)h Fw(PState)p Fu(])283 2545 y(to)33
b([)p Fw(PState)f Ft(!)g Fw(PState)p Fu(].)2369 b Fh(2)430
2672 y Fu(T)-8 b(o)30 b(summarize,)f(the)h(w)m(ell-de\014nedness)i(of)e
Ft(P)8 b(S)38 b Fu(relies)29 b(on)h(the)g(follo)m(wing)d(results)k
(estab-)283 2792 y(lished)h(ab)s(o)m(v)m(e:)p 283 2922
3470 4 v 283 2939 V 281 3146 4 208 v 298 3146 V 1371
3067 a Fw(Pro)s(of)g(Summary)h(for)f(While)p Fu(:)p 3735
3146 V 3752 3146 V 281 3354 V 298 3354 V 1174 3275 a
Fw(W)-9 b(ell)p Fu(-)p Fw(de\014nedness)32 b(of)g(Static)g(Analysis)p
3735 3354 V 3752 3354 V 283 3357 3470 4 v 281 3726 4
370 v 298 3726 V 350 3523 a Fu(1:)143 b(The)37 b(set)h
Fw(PState)e Ft(!)g Fw(PState)g Fu(equipp)s(ed)h(with)f(an)h
(appropriate)f(ordering)f Ft(v)i Fu(is)569 3643 y(a)32
b(ccp)s(o)h(\(Corollary)e(5.17\).)p 3735 3726 V 3752
3726 V 281 4014 4 289 v 298 4014 V 350 3811 a(2:)143
b(Certain)38 b(functions)g(\011:)55 b(\()p Fw(PState)38
b Ft(!)g Fw(PState)p Fu(\))g Ft(!)g Fu(\()p Fw(PState)g
Ft(!)g Fw(PState)p Fu(\))g(are)569 3931 y(con)m(tin)m(uous)33
b(\(Lemmas)f(5.19)g(and)g(5.21\).)p 3735 4014 V 3752
4014 V 281 4302 V 298 4302 V 350 4099 a(3:)143 b(In)30
b(the)h(de\014nition)e(of)h Ft(P)8 b(S)39 b Fu(w)m(e)31
b(only)f(apply)g(the)h(\014xed)g(p)s(oin)m(t)f(op)s(eration)f(to)g(con)
m(tin-)569 4219 y(uous)k(functions)f(\(Prop)s(osition)f(5.22\).)p
3735 4302 V 3752 4302 V 283 4306 3470 4 v 283 4322 V
283 4518 a(Our)h(o)m(v)m(erall)e(algorithm)f(for)i(determining)f
(whether)j(or)e(not)g(there)h(is)f(a)h(functional)d(dep)s(en-)283
4638 y(dency)35 b(b)s(et)m(w)m(een)f(input)e(and)h(output)g(v)-5
b(ariables)31 b(then)i(pro)s(ceeds)h(as)f(follo)m(ws:)333
4821 y(INPUT:)212 b(a)33 b(statemen)m(t)g Fs(S)44 b Fu(of)32
b Fw(While)889 4989 y Fu(a)h(set)g Fs(I)48 b Ft(\022)33
b Fw(V)-9 b(ar)32 b Fu(of)g(input)g(v)-5 b(ariables)889
5156 y(a)33 b(set)g Fs(O)42 b Ft(\022)33 b Fw(V)-9 b(ar)32
b Fu(of)g(output)h(v)-5 b(ariables)333 5324 y(OUTPUT:)101
b(YES,)34 b(if)d(there)i Fs(de\014nitely)41 b Fu(is)32
b(a)h(functional)e(dep)s(endency)889 5492 y(NO?,)i(if)f(there)h
Fs(may)i(not)41 b Fu(b)s(e)33 b(a)g(functional)d(dep)s(endency)p
eop
%%Page: 153 163
153 162 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
2007 b(153)p 0 193 3473 4 v 50 500 a Fu(METHOD:)100 b(let)32
b Fs(ps)865 515 y Fc(I)937 500 y Fu(b)s(e)h(uniquely)g(determined)f(b)m
(y)i(OK\()p Fs(ps)2399 515 y Fc(I)2438 500 y Fu(\))f(=)f
Fs(I)48 b Ft([)33 b(f)p Fu(on-trac)m(k)p Ft(g)626 668
y Fu(let)f Fs(ps)865 683 y Fc(O)957 668 y Fu(=)h Ft(P)8
b(S)g Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q Fs(ps)1451
683 y Fc(I)626 835 y Fu(output)33 b(YES)g(if)f(OK\()p
Fs(ps)1550 850 y Fc(O)1609 835 y Fu(\))g Ft(\023)h Fs(O)42
b Ft([)33 b(f)p Fu(on-trac)m(k)p Ft(g)626 1003 y Fu(output)g(NO?)g
(otherwise)0 1289 y Fj(5.3)161 b(Safet)l(y)53 b(of)h(the)f(analysis)0
1508 y Fu(In)44 b(this)g(section)g(w)m(e)h(shall)d(sho)m(w)j(that)f
(the)g(analysis)g(functions)g Ft(P)8 b(A)p Fu(,)46 b
Ft(P)8 b(B)48 b Fu(and)c Ft(P)8 b(S)52 b Fu(are)0 1628
y(correct)37 b(with)e(resp)s(ect)i(to)f(the)h(seman)m(tic)e(functions)h
Ft(A)p Fu(,)h Ft(B)i Fu(and)d Ft(S)2526 1643 y Fn(ds)2597
1628 y Fu(.)54 b(This)36 b(amoun)m(ts)g(to)g(a)0 1749
y(formalization)29 b(of)k(the)h(considerations)f(that)g(w)m(ere)i
(already)e(illustrated)e(in)i(Exercises)i(5.13)0 1869
y(and)e(5.15.)43 b(W)-8 b(e)33 b(b)s(egin)e(with)i(the)g(rather)f
(simple)f(case)j(of)e(arithmetic)e(expressions.)0 2150
y Fp(Expressions)0 2334 y Fu(Let)37 b Fs(g)9 b Fu(:)53
b Fw(State)37 b Ft(!)g Fw(Z)h Fu(b)s(e)f(a)g(function,)i(p)s(erhaps)f
(of)e(the)i(form)e Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])39 b(for)d(some)h(arithmetic)0 2455 y(expression)j
Fs(a)45 b Ft(2)39 b Fw(Aexp)p Fu(,)h(and)e(let)g Fs(h)7
b Fu(:)55 b Fw(PState)38 b Ft(!)g Fw(P)g Fu(b)s(e)g(another)g
(function,)i(p)s(erhaps)f(of)0 2575 y(the)c(form)d Ft(P)8
b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])35 b(for)e(some)h
(arithmetic)e(expression)k Fs(a)41 b Ft(2)34 b Fw(Aexp)p
Fu(.)48 b(W)-8 b(e)35 b(shall)e(in)m(tro)s(duce)h(a)0
2696 y(relation)244 2852 y Fs(g)41 b Fu(sat)p 330 2865
126 4 v 15 x Fn(Aexp)652 2852 y Fs(h)0 3007 y Fu(for)30
b(expressing)i(when)f(the)g(analysis)f Fs(h)38 b Fu(is)30
b(correct)h(with)f(resp)s(ect)h(to)f(the)h(seman)m(tics)g
Fs(g)9 b Fu(.)42 b(It)31 b(is)0 3128 y(de\014ned)j(b)m(y)244
3284 y Fs(s)292 3299 y Fn(1)364 3284 y Ft(\021)f Fs(s)522
3299 y Fn(2)594 3284 y Fu(rel)p 594 3297 109 4 v 702
3299 a Fn(Stm)864 3284 y Fs(ps)41 b Fu(implies)30 b Fs(g)41
b(s)1460 3299 y Fn(1)1532 3284 y Ft(\021)33 b Fs(g)41
b(s)1776 3299 y Fn(2)1848 3284 y Fu(rel)p 1848 3297 V
15 x Fn(Aexp)2154 3284 y Fs(h)f(ps)0 3440 y Fu(for)27
b(all)f(states)j Fs(s)596 3455 y Fn(1)663 3440 y Fu(and)f
Fs(s)896 3455 y Fn(2)963 3440 y Fu(and)g(prop)s(ert)m(y)h(states)g
Fs(ps)8 b Fu(.)41 b(This)28 b(condition)f(sa)m(ys)i(that)f(the)g
(results)0 3560 y(of)34 b Fs(g)42 b Fu(will)32 b(b)s(e)i(suitably)g
(related)f(pro)m(vided)i(that)f(the)g(argumen)m(ts)g(are.)48
b(It)35 b(is)e(p)s(erhaps)i(more)0 3680 y(in)m(tuitiv)m(e)c(when)j
(rephrased)g(as)244 3836 y(\()p Fs(s)330 3851 y Fn(1)402
3836 y Ft(\021)f Fs(s)560 3851 y Fn(2)632 3836 y Fu(rel)p
632 3849 V 740 3851 a Fn(Stm)902 3836 y Fs(ps)8 b Fu(\))33
b(and)f(\()p Fs(h)40 b(ps)h Fu(=)32 b Fb(ok)p Fu(\))h(imply)e
Fs(g)41 b(s)2232 3851 y Fn(1)2304 3836 y Fu(=)32 b Fs(g)41
b(s)2546 3851 y Fn(2)0 3992 y Fu(The)34 b(safet)m(y)f(of)f(the)h
(analysis)f Ft(P)8 b(A)33 b Fu(is)f(then)h(expressed)i(b)m(y)p
0 4113 3473 5 v 0 4239 a Fw(F)-9 b(act)37 b(5.29)49 b
Fu(F)-8 b(or)32 b(all)f(arithmetic)f(expressions)k Fs(a)40
b Ft(2)33 b Fw(Aexp)g Fu(w)m(e)h(ha)m(v)m(e)269 4407
y Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b(sat)p
513 4420 126 4 v 15 x Fn(Aexp)836 4407 y Ft(P)8 b(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])p 0 4528 3473 5
v 0 4684 a Fw(Pro)s(of:)37 b Fu(This)c(is)f(an)h(immediate)d
(consequence)35 b(of)d(Lemma)f(1.11)h(and)h(Exercise)h(5.11.)134
b Fh(2)146 4887 y Fu(The)34 b(analysis)e Ft(P)8 b(B)36
b Fu(of)c(b)s(o)s(olean)f(expressions)k(is)d(safe)h(in)f(the)h(follo)m
(wing)c(sense:)0 5043 y Fw(Exercise)36 b(5.30)49 b(\(Essen)m(tial\))21
b Fu(Rep)s(eat)i(the)g(dev)m(elopmen)m(t)g(for)g(b)s(o)s(olean)e
(expressions,)27 b(that)0 5163 y(is)32 b(de\014ne)i(a)e(relation)f(sat)
p 819 5176 126 4 v 15 x Fn(Bexp)1139 5163 y Fu(and)h(sho)m(w)i(that)244
5319 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
b(sat)p 471 5332 V 15 x Fn(Bexp)791 5319 y Ft(P)8 b(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])0 5475 y(for)32
b(all)f(b)s(o)s(olean)g(expressions)j Fs(b)k Ft(2)33
b Fw(Bexp)p Fu(.)1781 b Fh(2)p eop
%%Page: 154 164
154 163 bop 251 130 a Fw(154)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fp(Statemen)l(ts)283
704 y Fu(The)k(safet)m(y)g(of)f(the)g(analysis)g(of)f(statemen)m(ts)i
(will)d(express)k(that)e(if)f(OK\()p Fs(ps)8 b Fu(\))38
b(includes)h(all)283 824 y(the)45 b(input)e(v)-5 b(ariables)42
b(and)i(if)e(OK\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])p Fs(ps)8 b Fu(\))44 b(includes)f(`on-trac)m(k')h(and)g
(all)e(the)i(output)283 945 y(v)-5 b(ariables)32 b(then)i
Ft(S)979 960 y Fn(ds)1050 945 y Fu([)-17 b([)q Fs(S)12
b Fu(])-17 b(])33 b(determines)h(a)e(functional)g(relationship)f(b)s
(et)m(w)m(een)k(the)f(input)f(and)283 1065 y(output)49
b(v)-5 b(ariables.)90 b(This)49 b(v)-5 b(alidation)45
b(is)j(imp)s(ortan)m(t)f(b)s(ecause)j(although)d(the)i(in)m(tuition)283
1185 y(ab)s(out)35 b Fb(ok)g Fu(meaning)f(\\dep)s(ending)h(only)f(on)h
(input)f(v)-5 b(ariables")34 b(go)s(es)g(a)h(long)f(w)m(a)m(y)i(to)m(w)
m(ards)283 1306 y(motiv)-5 b(ating)30 b(the)j(analysis,)f(it)g(is)g
(not)h(p)s(erfect.)44 b(As)33 b(w)m(e)h(already)e(men)m(tioned)h(in)f
(Section)g(5.1)283 1426 y(one)c(cannot)f(insp)s(ect)g(a)f(v)-5
b(alue,)28 b(lik)m(e)e Fw(27)p Fu(,)i(and)f(determine)g(whether)h(it)e
(has)h(its)f(v)-5 b(alue)26 b(b)s(ecause)283 1547 y(it)36
b(only)g(dep)s(ends)h(on)g(input)e(v)-5 b(ariables)35
b(or)h(b)s(ecause)i(it)d(just)i(happ)s(ened)g(to)f(b)s(e)h
Fw(27)p Fu(.)55 b(T)-8 b(o)36 b(aid)283 1667 y(the)42
b(in)m(tuition)e(in)h(determining)f(that)h(no)h(errors)f(ha)m(v)m(e)i
(b)s(een)g(made)e(in)g(the)h(de\014nition)e(of)283 1787
y(the)33 b(analysis)e(it)f(is)h Fs(ne)-5 b(c)g(essary)40
b Fu(to)31 b(giv)m(e)h(a)f(formal)f(statemen)m(t)i(of)f(the)h
(relationship)e(b)s(et)m(w)m(een)283 1908 y(computations)i(in)g(the)h
(standard)g(\(denotational\))d(seman)m(tics)j(and)g(in)f(the)h
(analysis.)430 2030 y(Our)h(k)m(ey)h(to)s(ol)e(will)e(b)s(e)j(the)h
(relation)d Fs(s)1905 2045 y Fn(1)1979 2030 y Ft(\021)i
Fs(s)2138 2045 y Fn(2)2211 2030 y Fu(rel)p 2211 2043
109 4 v 34 w Fs(ps)42 b Fu(and)34 b(w)m(e)h(shall)d(sho)m(w)k(that)d
(if)g(this)283 2150 y(relationship)i(holds)i(b)s(efore)g(the)g
(statemen)m(t)h(is)e(executed)j(and)e(analysed)g(then)h(either)e(the)
283 2271 y(statemen)m(t)e(will)c(lo)s(op)h(on)i(b)s(oth)f(states)i(or)e
(the)h(same)g(relationship)d(will)h(hold)h(b)s(et)m(w)m(een)i(the)283
2391 y(\014nal)j(states)h(and)f(the)g(\014nal)f(prop)s(ert)m(y)i(state)
g(\(pro)m(vided)f(that)g(the)g(analysis)g(do)s(es)g(not)g(get)283
2511 y(\\lost"\).)43 b(W)-8 b(e)33 b(shall)e(formalize)f(this)i(b)m(y)i
(de\014ning)e(a)g(relation)527 2724 y Fs(g)41 b Fu(sat)p
613 2737 126 4 v 739 2739 a Fn(Stm)901 2724 y Fs(h)283
2937 y Fu(b)s(et)m(w)m(een)35 b(a)d(function)g Fs(g)9
b Fu(:)44 b Fw(State)32 b Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(,)f(p)s(erhaps)i(of)e(the)h(form)e Ft(S)2936 2952
y Fn(ds)3007 2937 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])33 b(for)f(some)g Fs(S)45 b Fu(in)283 3057 y Fw(Stm)p
Fu(,)29 b(and)h(another)f(function)f Fs(h)7 b Fu(:)42
b Fw(PState)29 b Ft(!)f Fw(PState)p Fu(,)i(p)s(erhaps)f(of)g(the)g
(form)f Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])29 b(for)283 3178 y(some)k Fs(S)44 b Fu(in)32 b Fw(Stm)p
Fu(.)43 b(The)33 b(formal)d(de\014nition)i(amoun)m(ts)g(to)764
3390 y(\()p Fs(s)850 3405 y Fn(1)922 3390 y Ft(\021)h
Fs(s)1080 3405 y Fn(2)1152 3390 y Fu(rel)p 1152 3403
109 4 v 31 w Fs(ps)8 b Fu(\))33 b(and)g(\()p Fs(h)39
b(ps)i Fu(is)32 b(prop)s(er\))527 3558 y(imply)764 3726
y(\()p Fs(g)41 b(s)936 3741 y Fn(1)1008 3726 y Fu(=)32
b(undef)p 1116 3739 236 4 v 33 w(and)h Fs(g)41 b(s)1708
3741 y Fn(2)1780 3726 y Fu(=)32 b(undef)p 1888 3739 V
1 w(\))h(or)764 3893 y(\()p Fs(g)41 b(s)936 3908 y Fn(1)1008
3893 y Ft(6)p Fu(=)32 b(undef)p 1116 3906 V 33 w(and)h
Fs(g)41 b(s)1708 3908 y Fn(2)1780 3893 y Ft(6)p Fu(=)32
b(undef)p 1888 3906 V 34 w(and)g Fs(g)41 b(s)2480 3908
y Fn(1)2553 3893 y Ft(\021)33 b Fs(g)41 b(s)2797 3908
y Fn(2)2869 3893 y Fu(rel)p 2869 3906 109 4 v 32 w Fs(h)e(ps)8
b Fu(\))283 4106 y(for)39 b(all)e(states)j Fs(s)913 4121
y Fn(1)952 4106 y Fu(,)h Fs(s)1068 4121 y Fn(2)1146 4106
y Ft(2)e Fw(State)g Fu(and)g(all)e(prop)s(ert)m(y)j(states)g
Fs(ps)46 b Ft(2)40 b Fw(PState)p Fu(.)62 b(T)-8 b(o)39
b(motiv)-5 b(ate)283 4226 y(this)34 b(de\014nition)e(consider)i(t)m(w)m
(o)g(states)h Fs(s)1802 4241 y Fn(1)1875 4226 y Fu(and)f
Fs(s)2114 4241 y Fn(2)2187 4226 y Fu(that)f(are)h(equal)f(relativ)m(e)g
(to)g Fs(ps)8 b Fu(.)46 b(If)34 b Fs(ps)41 b Fu(is)283
4347 y(prop)s(er)e(this)g(means)f(that)h Fs(s)1368 4362
y Fn(1)1446 4347 y Fs(x)51 b Fu(=)38 b Fs(s)1704 4362
y Fn(2)1782 4347 y Fs(x)51 b Fu(for)38 b(all)f(v)-5 b(ariables)37
b Fs(x)50 b Fu(in)38 b(OK\()p Fs(ps)8 b Fu(\).)62 b(The)40
b(analysis)283 4467 y(of)c(the)h(statemen)m(t)g(ma)m(y)f(get)h(\\lost")
e(in)g(whic)m(h)i(case)g Fs(h)44 b(ps)g Fu(is)36 b(not)g(prop)s(er)h
(and)f(w)m(e)i(cannot)283 4588 y(deduce)h(an)m(ything)d(ab)s(out)g(the)
h(b)s(eha)m(viour)f(of)g(the)h(statemen)m(t.)56 b(Alternativ)m(ely)-8
b(,)37 b(it)e(ma)m(y)i(b)s(e)283 4708 y(the)j(case)f(that)g
Fs(h)46 b(ps)g Fu(is)38 b(prop)s(er)h(and)g(in)f(that)g(case)i(the)f
(statemen)m(t)g(m)m(ust)g(b)s(eha)m(v)m(e)h(in)e(the)283
4828 y(same)33 b(w)m(a)m(y)h(whether)g(executed)g(from)e
Fs(s)1782 4843 y Fn(1)1854 4828 y Fu(or)g(from)f Fs(s)2251
4843 y Fn(2)2291 4828 y Fu(.)43 b(In)33 b(particular)429
5041 y Ft(\017)48 b Fu(the)j(statemen)m(t)f(ma)m(y)g(en)m(ter)h(a)f(lo)
s(op)f(when)i(executed)h(from)d Fs(s)2996 5056 y Fn(1)3085
5041 y Fu(and)i Fs(s)3341 5056 y Fn(2)3380 5041 y Fu(,)j(that)c(is)527
5161 y Fs(g)41 b(s)661 5176 y Fn(1)733 5161 y Fu(=)33
b(undef)p 842 5174 236 4 v 33 w(and)g Fs(g)41 b(s)1434
5176 y Fn(2)1506 5161 y Fu(=)32 b(undef)p 1614 5174 V
1 w(,)h(or)429 5374 y Ft(\017)48 b Fu(the)37 b(statemen)m(t)f(do)s(es)h
(not)f(en)m(ter)h(a)f(lo)s(op)e(when)j(executed)i(from)34
b Fs(s)3055 5389 y Fn(1)3131 5374 y Fu(and)i Fs(s)3372
5389 y Fn(2)3412 5374 y Fu(,)g(that)g(is)527 5494 y Fs(g)41
b(s)661 5509 y Fn(1)733 5494 y Ft(6)p Fu(=)33 b(undef)p
842 5507 V 33 w(and)g Fs(g)41 b(s)1434 5509 y Fn(2)1506
5494 y Ft(6)p Fu(=)32 b(undef)p 1614 5507 V 1 w(.)p eop
%%Page: 155 165
155 164 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
2007 b(155)p 0 193 3473 4 v 0 515 a Fu(In)34 b(the)h(latter)e(case)i
(the)g(t)m(w)m(o)g(\014nal)e(states)i Fs(g)43 b(s)1757
530 y Fn(1)1830 515 y Fu(and)35 b Fs(g)42 b(s)2157 530
y Fn(2)2231 515 y Fu(m)m(ust)34 b(b)s(e)h(equal)f(relativ)m(e)f(to)h
(the)0 636 y(resulting)41 b(prop)s(ert)m(y)h(state)g
Fs(h)49 b(ps)8 b Fu(,)44 b(that)e(is)f(\()p Fs(g)50 b(s)1843
651 y Fn(1)1882 636 y Fu(\))42 b Fs(x)53 b Fu(=)42 b(\()p
Fs(g)50 b(s)2359 651 y Fn(2)2399 636 y Fu(\))41 b Fs(x)54
b Fu(for)41 b(all)e(v)-5 b(ariables)41 b Fs(x)53 b Fu(in)0
756 y(OK\()p Fs(h)39 b(ps)8 b Fu(\).)146 877 y(W)-8 b(e)28
b(ma)m(y)f(then)h(form)m(ulate)e(the)i(desired)f(relationship)f(b)s(et)
m(w)m(een)j(the)f(seman)m(tics)g(and)f(the)0 997 y(analysis)32
b(as)h(follo)m(ws:)p 0 1117 3473 5 v 0 1292 a Fw(Theorem)k(5.31)49
b Fu(F)-8 b(or)32 b(all)e(statemen)m(ts)k Fs(S)44 b Fu(of)32
b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2496 1307 y
Fn(ds)2567 1292 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33
b(sat)p 2741 1305 126 4 v 2867 1307 a Fn(Stm)3029 1292
y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(].)p
0 1412 3473 5 v 146 1615 a(Before)32 b(conducting)f(the)h(pro)s(of)e(w)
m(e)j(need)f(to)f(establish)g(some)g(prop)s(erties)g(of)g(the)g(auxil-)
0 1736 y(iary)h(op)s(erations)g(comp)s(osition)e(and)i(conditional.)p
0 1856 V 0 2031 a Fw(Lemma)37 b(5.32)49 b Fu(Let)39 b
Fs(g)880 2046 y Fn(1)919 2031 y Fu(,)h Fs(g)1040 2046
y Fn(2)1079 2031 y Fu(:)56 b Fw(State)38 b Fo(,)-17 b
Ft(!)39 b Fw(State)g Fu(and)f Fs(h)2150 2046 y Fn(1)2190
2031 y Fu(,)i Fs(h)2314 2046 y Fn(2)2354 2031 y Fu(:)56
b Fw(PState)38 b Ft(!)g Fw(PState)g Fu(and)0 2151 y(assume)33
b(that)269 2319 y Fs(ps)40 b Fu(on-trac)m(k)33 b Ft(v)861
2334 y Fn(P)946 2319 y Fu(\()p Fs(h)1041 2334 y Fn(2)1113
2319 y Fs(ps)8 b Fu(\))33 b(on-trac)m(k)1714 b(\(*\))0
2486 y(holds)32 b(for)g(all)f Fs(ps)40 b Ft(2)33 b Fw(PState)p
Fu(.)43 b(Then)269 2654 y Fs(g)323 2669 y Fn(1)394 2654
y Fu(sat)p 394 2667 126 4 v 15 x Fn(Stm)682 2654 y Fs(h)739
2669 y Fn(1)811 2654 y Fu(and)32 b Fs(g)1054 2669 y Fn(2)1126
2654 y Fu(sat)p 1126 2667 V 15 x Fn(Stm)1413 2654 y Fs(h)1470
2669 y Fn(2)1543 2654 y Fu(imply)e Fs(g)1870 2669 y Fn(2)1942
2654 y Ft(\016)i Fs(g)2078 2669 y Fn(1)2150 2654 y Fu(sat)p
2150 2667 V 15 x Fn(Stm)2437 2654 y Fs(h)2494 2669 y
Fn(2)2566 2654 y Ft(\016)g Fs(h)2705 2669 y Fn(1)p 0
2774 3473 5 v 0 2978 a Fw(Pro)s(of:)37 b Fu(Let)c Fs(s)563
2993 y Fn(1)603 2978 y Fu(,)f Fs(s)710 2993 y Fn(2)782
2978 y Fu(and)h Fs(ps)40 b Fu(b)s(e)33 b(suc)m(h)h(that)244
3181 y Fs(s)292 3196 y Fn(1)364 3181 y Ft(\021)f Fs(s)522
3196 y Fn(2)594 3181 y Fu(rel)p 594 3194 109 4 v 32 w
Fs(ps)8 b Fu(,)32 b(and)h(\()p Fs(h)1177 3196 y Fn(2)1249
3181 y Ft(\016)g Fs(h)1389 3196 y Fn(1)1428 3181 y Fu(\))g
Fs(ps)40 b Fu(is)32 b(prop)s(er)0 3384 y(Using)f(that)g
Fs(h)540 3399 y Fn(2)611 3384 y Fu(\()p Fs(h)706 3399
y Fn(1)777 3384 y Fs(ps)8 b Fu(\))31 b(is)g(prop)s(er)g(w)m(e)h(get)f
(from)g(\(*\))f(that)h Fs(h)2306 3399 y Fn(1)2377 3384
y Fs(ps)39 b Fu(m)m(ust)32 b(b)s(e)f(prop)s(er)h(as)f(w)m(ell)0
3505 y(\(b)m(y)i(taking)f Fs(ps)41 b Fu(to)32 b(b)s(e)h
Fs(h)914 3520 y Fn(1)986 3505 y Fs(ps)8 b Fu(\).)43 b(So)33
b(from)e(the)i(assumption)f Fs(g)2296 3520 y Fn(1)2367
3505 y Fu(sat)p 2367 3518 126 4 v 2493 3520 a Fn(Stm)2655
3505 y Fs(h)2712 3520 y Fn(1)2784 3505 y Fu(w)m(e)i(get)244
3708 y Fs(g)298 3723 y Fn(1)369 3708 y Fs(s)417 3723
y Fn(1)489 3708 y Fu(=)f(undef)p 598 3721 236 4 v 33
w(and)g Fs(g)1110 3723 y Fn(1)1181 3708 y Fs(s)1229 3723
y Fn(2)1301 3708 y Fu(=)g(undef)p 1410 3721 V(,)g(or)244
3876 y Fs(g)298 3891 y Fn(1)369 3876 y Fs(s)417 3891
y Fn(1)489 3876 y Ft(6)p Fu(=)g(undef)p 598 3889 V 33
w(and)g Fs(g)1110 3891 y Fn(1)1181 3876 y Fs(s)1229 3891
y Fn(2)1301 3876 y Ft(6)p Fu(=)g(undef)p 1410 3889 V
33 w(and)g Fs(g)1922 3891 y Fn(1)1993 3876 y Fs(s)2041
3891 y Fn(1)2113 3876 y Ft(\021)g Fs(g)2277 3891 y Fn(1)2349
3876 y Fs(s)2397 3891 y Fn(2)2469 3876 y Fu(rel)p 2469
3889 109 4 v 32 w Fs(h)2667 3891 y Fn(1)2739 3876 y Fs(ps)0
4079 y Fu(In)e(the)g(\014rst)h(case)f(w)m(e)h(are)f(\014nished)g(since)
h(it)d(follo)m(ws)h(that)g(\()p Fs(g)2302 4094 y Fn(2)2372
4079 y Ft(\016)h Fs(g)2507 4094 y Fn(1)2546 4079 y Fu(\))f
Fs(s)2662 4094 y Fn(1)2733 4079 y Fu(=)g(undef)p 2839
4092 236 4 v 32 w(and)h(that)0 4200 y(\()p Fs(g)92 4215
y Fn(2)163 4200 y Ft(\016)i Fs(g)300 4215 y Fn(1)339
4200 y Fu(\))f Fs(s)457 4215 y Fn(2)529 4200 y Fu(=)h(undef)p
638 4213 V(.)44 b(In)33 b(the)g(second)h(case)f(w)m(e)h(use)f(that)244
4403 y Fs(g)298 4418 y Fn(1)369 4403 y Fs(s)417 4418
y Fn(1)489 4403 y Ft(\021)g Fs(g)653 4418 y Fn(1)725
4403 y Fs(s)773 4418 y Fn(2)845 4403 y Fu(rel)p 845 4416
109 4 v 32 w Fs(h)1043 4418 y Fn(1)1115 4403 y Fs(ps)8
b Fu(,)33 b(and)f Fs(h)1519 4418 y Fn(2)1559 4403 y Fu(\()p
Fs(h)1654 4418 y Fn(1)1726 4403 y Fs(ps)8 b Fu(\))33
b(is)f(prop)s(er)0 4606 y(The)i(assumption)d Fs(g)770
4621 y Fn(2)842 4606 y Fu(sat)p 842 4619 126 4 v 15 x
Fn(Stm)1129 4606 y Fs(h)1186 4621 y Fn(2)1259 4606 y
Fu(then)i(giv)m(es)244 4810 y Fs(g)298 4825 y Fn(2)369
4810 y Fu(\()p Fs(g)461 4825 y Fn(1)533 4810 y Fs(s)581
4825 y Fn(1)620 4810 y Fu(\))g(=)f(undef)p 799 4823 236
4 v 33 w(and)h Fs(g)1311 4825 y Fn(2)1383 4810 y Fu(\()p
Fs(g)1475 4825 y Fn(1)1546 4810 y Fs(s)1594 4825 y Fn(2)1634
4810 y Fu(\))f(=)h(undef)p 1813 4823 V(,)g(or)244 4977
y Fs(g)298 4992 y Fn(2)369 4977 y Fu(\()p Fs(g)461 4992
y Fn(1)533 4977 y Fs(s)581 4992 y Fn(1)620 4977 y Fu(\))g
Ft(6)p Fu(=)f(undef)p 799 4990 V 33 w(and)h Fs(g)1311
4992 y Fn(2)1383 4977 y Fu(\()p Fs(g)1475 4992 y Fn(1)1546
4977 y Fs(s)1594 4992 y Fn(2)1634 4977 y Fu(\))f Ft(6)p
Fu(=)h(undef)p 1813 4990 V 33 w(and)513 5145 y Fs(g)567
5160 y Fn(2)606 5145 y Fu(\()p Fs(g)698 5160 y Fn(1)769
5145 y Fs(s)817 5160 y Fn(1)857 5145 y Fu(\))f Ft(\021)h
Fs(g)1091 5160 y Fn(2)1130 5145 y Fu(\()p Fs(g)1222 5160
y Fn(1)1294 5145 y Fs(s)1342 5160 y Fn(2)1381 5145 y
Fu(\))g(rel)p 1452 5158 109 4 v 31 w Fs(h)1649 5160 y
Fn(2)1689 5145 y Fu(\()p Fs(h)1784 5160 y Fn(1)1856 5145
y Fs(ps)8 b Fu(\))0 5348 y(In)33 b(b)s(oth)f(cases)i(w)m(e)g(ha)m(v)m
(e)g(completed)e(the)h(pro)s(of.)1548 b Fh(2)p eop
%%Page: 156 166
156 165 bop 251 130 a Fw(156)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473
5 v 283 667 a(Lemma)i(5.33)49 b Fu(Assume)31 b(that)g
Fs(g)1552 682 y Fn(1)1591 667 y Fu(,)g Fs(g)1703 682
y Fn(2)1742 667 y Fu(:)43 b Fw(State)31 b Fo(,)-17 b
Ft(!)31 b Fw(State)p Fu(,)g(and)h Fs(g)9 b Fu(:)42 b
Fw(State)31 b Ft(!)f Fw(T)h Fu(and)g(that)283 787 y Fs(h)340
802 y Fn(1)380 787 y Fu(,)i Fs(h)497 802 y Fn(2)536 787
y Fu(:)44 b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h
Fs(f)21 b Fu(:)43 b Fw(PState)33 b Ft(!)f Fw(P)p Fu(.)g(Then)552
955 y Fs(g)41 b Fu(sat)p 638 968 126 4 v 15 x Fn(Bexp)958
955 y Fs(f)21 b Fu(,)32 b Fs(g)1122 970 y Fn(1)1194 955
y Fu(sat)p 1194 968 V 15 x Fn(Stm)1481 955 y Fs(h)1538
970 y Fn(1)1611 955 y Fu(and)g Fs(g)1854 970 y Fn(2)1926
955 y Fu(sat)p 1926 968 V 15 x Fn(Stm)2213 955 y Fs(h)2270
970 y Fn(2)2342 955 y Fu(imply)788 1122 y(cond\()p Fs(g)9
b Fu(,)33 b Fs(g)1194 1137 y Fn(1)1233 1122 y Fu(,)g
Fs(g)1347 1137 y Fn(2)1386 1122 y Fu(\))f(sat)p 1456
1135 V 15 x Fn(Stm)1743 1122 y Fu(cond)1943 1137 y Fn(P)1996
1122 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)2202 1137 y Fn(1)2241
1122 y Fu(,)g Fs(h)2358 1137 y Fn(2)2398 1122 y Fu(\))p
283 1243 3473 5 v 283 1423 a Fw(Pro)s(of:)38 b Fu(Let)32
b Fs(s)846 1438 y Fn(1)886 1423 y Fu(,)h Fs(s)994 1438
y Fn(2)1066 1423 y Fu(and)f Fs(ps)41 b Fu(b)s(e)33 b(suc)m(h)h(that)527
1603 y Fs(s)575 1618 y Fn(1)647 1603 y Ft(\021)f Fs(s)805
1618 y Fn(2)877 1603 y Fu(rel)p 877 1616 109 4 v 32 w
Fs(ps)41 b Fu(and)32 b(cond)1538 1618 y Fn(P)1591 1603
y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)1797 1618 y Fn(1)1836
1603 y Fu(,)g Fs(h)1953 1618 y Fn(2)1993 1603 y Fu(\))f
Fs(ps)40 b Fu(is)33 b(prop)s(er)283 1783 y(First)42 b(assume)h(that)g
Fs(f)63 b(ps)51 b Fu(=)42 b Fb(d)p Fu(?.)74 b(This)43
b(case)h(turns)f(out)g(to)f(b)s(e)h(imp)s(ossible)d(since)j(then)283
1904 y(cond)483 1919 y Fn(P)536 1904 y Fu(\()p Fs(f)21
b Fu(,)33 b Fs(h)742 1919 y Fn(1)781 1904 y Fu(,)g Fs(h)898
1919 y Fn(2)938 1904 y Fu(\))f Fs(ps)40 b Fu(=)33 b Fb(lost)f
Fu(so)h(cond)1818 1919 y Fn(P)1871 1904 y Fu(\()p Fs(f)21
b Fu(,)32 b Fs(h)2076 1919 y Fn(1)2116 1904 y Fu(,)h
Fs(h)2233 1919 y Fn(2)2272 1904 y Fu(\))g Fs(ps)40 b
Fu(cannot)33 b(b)s(e)g(prop)s(er.)430 2024 y(So)k(w)m(e)i(kno)m(w)g
(that)f Fs(f)59 b(ps)45 b Fu(=)38 b Fb(ok)p Fu(.)60 b(F)-8
b(rom)36 b Fs(g)41 b Fu(sat)p 2094 2037 126 4 v 15 x
Fn(Bexp)2413 2024 y Fs(f)59 b Fu(w)m(e)39 b(then)f(get)g
Fs(g)j(s)3180 2039 y Fn(1)3252 2024 y Fu(=)33 b Fs(g)41
b(s)3495 2039 y Fn(2)3534 2024 y Fu(.)59 b(W)-8 b(e)283
2144 y(also)32 b(get)h(that)f(cond)1053 2159 y Fn(P)1106
2144 y Fu(\()p Fs(f)20 b Fu(,)33 b Fs(h)1311 2159 y Fn(1)1351
2144 y Fu(,)f Fs(h)1467 2159 y Fn(2)1507 2144 y Fu(\))g
Fs(ps)41 b Fu(=)32 b(\()p Fs(h)1911 2159 y Fn(1)1983
2144 y Fs(ps)8 b Fu(\))33 b Ft(t)2218 2159 y Fn(PS)2342
2144 y Fu(\()p Fs(h)2437 2159 y Fn(2)2509 2144 y Fs(ps)8
b Fu(\).)43 b(Th)m(us)34 b Fs(h)3019 2159 y Fn(1)3092
2144 y Fs(ps)40 b Fu(as)33 b(w)m(ell)e(as)i Fs(h)3716
2159 y Fn(2)283 2265 y Fs(ps)41 b Fu(m)m(ust)32 b(b)s(e)g(prop)s(er)g
(since)h(otherwise)g(cond)1971 2280 y Fn(P)2024 2265
y Fu(\()p Fs(f)20 b Fu(,)33 b Fs(h)2229 2280 y Fn(1)2268
2265 y Fu(,)g Fs(h)2385 2280 y Fn(2)2424 2265 y Fu(\))f
Fs(ps)41 b Fu(cannot)32 b(b)s(e)g(prop)s(er.)44 b(No)m(w)33
b(let)283 2385 y(i)f(denote)h(the)g(branc)m(h)h(c)m(hosen)g(b)m(y)g
(the)f(test)g Fs(g)9 b Fu(.)43 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)527
2565 y Fs(s)575 2580 y Fn(1)647 2565 y Ft(\021)g Fs(s)805
2580 y Fn(2)877 2565 y Fu(rel)p 877 2578 109 4 v 32 w
Fs(ps)41 b Fu(and)32 b Fs(h)1395 2580 y Fn(i)1452 2565
y Fs(ps)40 b Fu(is)32 b(prop)s(er)283 2745 y(F)-8 b(rom)32
b(the)h(assumption)e Fs(g)1277 2760 y Fn(i)1333 2745
y Fu(sat)p 1333 2758 126 4 v 15 x Fn(Stm)1621 2745 y
Fs(h)1678 2760 y Fn(i)1734 2745 y Fu(w)m(e)j(therefore)f(get)527
2926 y Fs(g)581 2941 y Fn(i)637 2926 y Fs(s)685 2941
y Fn(1)757 2926 y Fu(=)g(undef)p 866 2939 236 4 v 33
w(and)g Fs(g)1378 2941 y Fn(i)1433 2926 y Fs(s)1481 2941
y Fn(2)1553 2926 y Fu(=)g(undef)p 1662 2939 V 1 w(,)f(or)527
3093 y Fs(g)581 3108 y Fn(i)637 3093 y Fs(s)685 3108
y Fn(1)757 3093 y Ft(6)p Fu(=)h(undef)p 866 3106 V 33
w(and)g Fs(g)1378 3108 y Fn(i)1433 3093 y Fs(s)1481 3108
y Fn(2)1553 3093 y Ft(6)p Fu(=)g(undef)p 1662 3106 V
33 w(and)g Fs(g)2174 3108 y Fn(i)2230 3093 y Fs(s)2278
3108 y Fn(1)2350 3093 y Ft(\021)g Fs(g)2514 3108 y Fn(i)2569
3093 y Fs(s)2617 3108 y Fn(2)2690 3093 y Fu(rel)p 2690
3106 109 4 v 31 w Fs(h)2887 3108 y Fn(i)2944 3093 y Fs(ps)283
3273 y Fu(In)g(the)g(\014rst)g(case)h(w)m(e)g(get)527
3454 y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 3469 y Fn(1)972
3454 y Fu(,)g Fs(g)1086 3469 y Fn(2)1125 3454 y Fu(\))f
Fs(s)1243 3469 y Fn(1)1315 3454 y Fu(=)g(undef)p 1423
3467 236 4 v 34 w(and)g(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)2287
3469 y Fn(1)2326 3454 y Fu(,)g Fs(g)2440 3469 y Fn(2)2479
3454 y Fu(\))f Fs(s)2597 3469 y Fn(2)2669 3454 y Fu(=)h(undef)p
2778 3467 V 283 3634 a(and)g(w)m(e)h(are)e(\014nished.)45
b(In)32 b(the)h(second)h(case)g(w)m(e)f(get)527 3814
y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 3829 y Fn(1)972
3814 y Fu(,)g Fs(g)1086 3829 y Fn(2)1125 3814 y Fu(\))f
Fs(s)1243 3829 y Fn(1)1315 3814 y Ft(6)p Fu(=)g(undef)p
1423 3827 V 34 w(and)g(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)2287
3829 y Fn(1)2326 3814 y Fu(,)g Fs(g)2440 3829 y Fn(2)2479
3814 y Fu(\))f Fs(s)2597 3829 y Fn(2)2669 3814 y Ft(6)p
Fu(=)h(undef)p 2778 3827 V 283 3994 a(F)-8 b(urthermore,)33
b(w)m(e)g(ha)m(v)m(e)527 4174 y(cond\()p Fs(g)9 b Fu(,)33
b Fs(g)933 4189 y Fn(1)972 4174 y Fu(,)g Fs(g)1086 4189
y Fn(2)1125 4174 y Fu(\))f Fs(s)1243 4189 y Fn(1)1315
4174 y Ft(\021)h Fu(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)1831
4189 y Fn(1)1870 4174 y Fu(,)f Fs(g)1983 4189 y Fn(2)2022
4174 y Fu(\))h Fs(s)2141 4189 y Fn(2)2213 4174 y Fu(rel)p
2213 4187 109 4 v 32 w Fs(h)2411 4189 y Fn(i)2467 4174
y Fs(ps)283 4355 y Fu(Clearly)d Fs(h)677 4370 y Fn(i)732
4355 y Fs(ps)38 b Ft(v)31 b Fs(h)1025 4370 y Fn(1)1095
4355 y Fs(ps)38 b Ft(t)1290 4370 y Fn(PS)1412 4355 y
Fs(h)1469 4370 y Fn(2)1539 4355 y Fs(ps)g Fu(and)31 b(using)f(the)h
(de\014nition)e(of)h(cond)3014 4370 y Fn(P)3098 4355
y Fu(and)g(Lemma)f(5.8)283 4475 y(w)m(e)34 b(get)527
4655 y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 4670 y Fn(1)972
4655 y Fu(,)g Fs(g)1086 4670 y Fn(2)1125 4655 y Fu(\))f
Fs(s)1243 4670 y Fn(1)1315 4655 y Ft(\021)h Fu(cond\()p
Fs(g)9 b Fu(,)33 b Fs(g)1831 4670 y Fn(1)1870 4655 y
Fu(,)f Fs(g)1983 4670 y Fn(2)2022 4655 y Fu(\))h Fs(s)2141
4670 y Fn(2)2213 4655 y Fu(rel)p 2213 4668 V 32 w(cond)2554
4670 y Fn(P)2606 4655 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)2812
4670 y Fn(1)2852 4655 y Fu(,)f Fs(h)2968 4670 y Fn(2)3008
4655 y Fu(\))g Fs(ps)283 4835 y Fu(as)h(required.)2902
b Fh(2)430 5039 y Fu(W)-8 b(e)33 b(no)m(w)g(ha)m(v)m(e)h(the)f
(apparatus)g(needed)h(to)e(sho)m(w)i(the)f(safet)m(y)g(of)g
Ft(P)8 b(S)g Fu(:)283 5206 y Fw(Pro)s(of)56 b(of)g(Theorem)g(5.31:)76
b Fu(W)-8 b(e)49 b(shall)e(sho)m(w)j(that)e Ft(S)2538
5221 y Fn(ds)2609 5206 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])49 b(sat)p 2800 5219 126 4 v 15 x Fn(Stm)3103 5206
y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])49
b(and)g(w)m(e)283 5327 y(pro)s(ceed)34 b(b)m(y)f(structural)g
(induction)e(on)i(the)g(statemen)m(t)g Fs(S)12 b Fu(.)283
5494 y Fw(The)33 b(case)g Fs(x)45 b Fu(:=)32 b Fs(a)7
b Fu(:)44 b(Let)33 b Fs(s)1315 5509 y Fn(1)1354 5494
y Fu(,)g Fs(s)1462 5509 y Fn(2)1534 5494 y Fu(and)g Fs(ps)40
b Fu(b)s(e)33 b(giv)m(en)g(suc)m(h)h(that)p eop
%%Page: 157 167
157 166 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
2007 b(157)p 0 193 3473 4 v 244 515 a Fs(s)292 530 y
Fn(1)364 515 y Ft(\021)33 b Fs(s)522 530 y Fn(2)594 515
y Fu(rel)p 594 528 109 4 v 32 w Fs(ps)40 b Fu(and)33
b Ft(P)8 b(S)g Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7
b Fu(])-17 b(])p Fs(ps)41 b Fu(is)32 b(prop)s(er)0 726
y(It)c(then)h(follo)m(ws)e(from)f(Exercise)k(5.27)d(that)h
Fs(ps)36 b Fu(is)28 b(prop)s(er)g(b)s(ecause)h Ft(P)8
b(S)g Fu([)-17 b([)q Fs(x)40 b Fu(:=)28 b Fs(a)7 b Fu(])-17
b(])q Fs(ps)35 b Fu(is.)42 b(Also)0 847 y(b)s(oth)27
b Ft(S)293 862 y Fn(ds)364 847 y Fu([)-17 b([)q Fs(x)44
b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(s)770 862 y Fn(1)837
847 y Fu(and)27 b Ft(S)1089 862 y Fn(ds)1160 847 y Fu([)-17
b([)q Fs(x)39 b Fu(:=)28 b Fs(a)7 b Fu(])-17 b(])p Fs(s)1555
862 y Fn(2)1622 847 y Fu(will)26 b(b)s(e)h(de\014ned)i(so)f(w)m(e)h
(only)e(ha)m(v)m(e)i(to)e(sho)m(w)i(that)244 1058 y(\()p
Ft(S)350 1073 y Fn(ds)421 1058 y Fu([)-17 b([)p Fs(x)45
b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(s)826 1073 y
Fn(1)866 1058 y Fu(\))32 b Fs(y)42 b Fu(=)32 b(\()p Ft(S)1239
1073 y Fn(ds)1310 1058 y Fu([)-17 b([)q Fs(x)44 b Fu(:=)32
b Fs(a)7 b Fu(])-17 b(])q Fs(s)1715 1073 y Fn(2)1755
1058 y Fu(\))32 b Fs(y)0 1269 y Fu(for)26 b(all)e Fs(y)35
b Ft(2)26 b Fw(V)-9 b(ar)26 b Ft(\\)g Fu(OK\()p Ft(P)8
b(S)g Fu([)-17 b([)q Fs(x)38 b Fu(:=)26 b Fs(a)7 b Fu(])-17
b(])q Fs(ps)8 b Fu(\).)41 b(If)26 b Fs(y)35 b Ft(6)p
Fu(=)26 b Fs(x)38 b Fu(and)26 b Fo(y)j Fu(is)d(in)g(OK\()p
Ft(P)8 b(S)f Fu([)-17 b([)q Fs(x)38 b Fu(:=)26 b Fs(a)7
b Fu(])-17 b(])q Fs(ps)8 b Fu(\))26 b(then)0 1389 y Fs(y)41
b Ft(2)32 b Fu(OK\()p Fs(ps)8 b Fu(\))31 b(and)h(it)f(is)h(immediate)d
(from)h(the)j(de\014nition)d(of)i Ft(S)2411 1404 y Fn(ds)2514
1389 y Fu(that)f(\()p Ft(S)2830 1404 y Fn(ds)2901 1389
y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17
b(])p Fs(s)3306 1404 y Fn(1)3346 1389 y Fu(\))32 b Fs(y)0
1509 y Fu(=)40 b(\()p Ft(S)222 1524 y Fn(ds)293 1509
y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17
b(])p Fs(s)698 1524 y Fn(2)738 1509 y Fu(\))32 b Fs(y)9
b Fu(.)67 b(If)41 b Fs(y)49 b Fu(=)40 b Fs(x)52 b Fu(and)41
b Fs(x)52 b Fu(is)40 b(in)f(OK\()p Ft(P)8 b(S)g Fu([)-17
b([)q Fs(x)52 b Fu(:=)40 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)8
b Fu(\))40 b(then)h(w)m(e)h(use)f(the)0 1630 y(assumption)32
b Fs(s)564 1645 y Fn(1)636 1630 y Ft(\021)h Fs(s)794
1645 y Fn(2)866 1630 y Fu(rel)p 866 1643 V 32 w Fs(ps)40
b Fu(together)33 b(with)f(\()p Ft(P)8 b(S)h Fu([)-17
b([)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)8
b Fu(\))32 b Fs(x)44 b Fu(=)33 b Fb(ok)g Fu(to)f(get)244
1841 y Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q
Fs(s)504 1856 y Fn(1)576 1841 y Fu(=)32 b Ft(A)p Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)944 1856 y Fn(2)0
2052 y Fu(b)m(y)41 b(F)-8 b(act)39 b(5.29.)64 b(Hence)41
b(\()p Ft(S)1036 2067 y Fn(ds)1107 2052 y Fu([)-17 b([)p
Fs(x)52 b Fu(:=)39 b Fs(a)7 b Fu(])-17 b(])q Fs(s)1526
2067 y Fn(1)1566 2052 y Fu(\))39 b Fs(y)49 b Fu(=)40
b(\()p Ft(S)1960 2067 y Fn(ds)2032 2052 y Fu([)-17 b([)p
Fs(x)52 b Fu(:=)39 b Fs(a)7 b Fu(])-17 b(])q Fs(s)2451
2067 y Fn(2)2490 2052 y Fu(\))40 b Fs(y)49 b Fu(follo)m(ws)38
b(also)h(in)g(this)0 2172 y(case.)44 b(This)33 b(pro)m(v)m(es)h(the)f
(required)h(relationship.)0 2340 y Fw(The)f(case)g Fr(skip)p
Fu(:)45 b(Straigh)m(tforw)m(ard.)0 2507 y Fw(The)33 b(case)g
Fs(S)523 2522 y Fn(1)562 2507 y Fu(;)p Fs(S)656 2522
y Fn(2)696 2507 y Fu(:)43 b(The)34 b(induction)d(h)m(yp)s(othesis)j
(applied)d(to)i Fs(S)2409 2522 y Fn(1)2480 2507 y Fu(and)g
Fs(S)2737 2522 y Fn(2)2809 2507 y Fu(giv)m(es)244 2718
y Ft(S)312 2733 y Fn(ds)383 2718 y Fu([)-17 b([)p Fs(S)487
2733 y Fn(1)527 2718 y Fu(])g(])33 b(sat)p 597 2731 126
4 v 15 x Fn(Stm)884 2718 y Ft(P)8 b(S)g Fu([)-17 b([)q
Fs(S)1134 2733 y Fn(1)1173 2718 y Fu(])g(])33 b(and)g
Ft(S)1501 2733 y Fn(ds)1572 2718 y Fu([)-17 b([)q Fs(S)1677
2733 y Fn(2)1716 2718 y Fu(])g(])33 b(sat)p 1786 2731
V 15 x Fn(Stm)2073 2718 y Ft(P)8 b(S)h Fu([)-17 b([)p
Fs(S)2323 2733 y Fn(2)2363 2718 y Fu(])g(])0 2929 y(It)37
b(follo)m(ws)e(from)g(Exercise)j(5.27)e(that)h Fs(ps)44
b Fu(on-trac)m(k)37 b Ft(v)2082 2944 y Fn(P)2171 2929
y Fu(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)2459 2944
y Fn(2)2498 2929 y Fu(])g(])q Fs(ps)8 b Fu(\))36 b(on-trac)m(k)h(holds)
f(for)0 3050 y(all)30 b(prop)s(ert)m(y)k(states)f Fs(ps)8
b Fu(.)44 b(The)33 b(desired)g(result)244 3261 y Ft(S)312
3276 y Fn(ds)383 3261 y Fu([)-17 b([)p Fs(S)487 3276
y Fn(2)527 3261 y Fu(])g(])33 b Ft(\016)f(S)747 3276
y Fn(ds)818 3261 y Fu([)-17 b([)q Fs(S)923 3276 y Fn(1)962
3261 y Fu(])g(])33 b(sat)p 1032 3274 V 15 x Fn(Stm)1319
3261 y Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)1569 3276 y Fn(2)1609
3261 y Fu(])g(])33 b Ft(\016)f(P)8 b(S)g Fu([)-17 b([)q
Fs(S)2011 3276 y Fn(1)2050 3261 y Fu(])g(])0 3472 y(then)33
b(follo)m(ws)e(from)h(Lemma)f(5.32.)0 3639 y Fw(The)i(case)g
Fr(if)g Fs(b)39 b Fr(then)33 b Fs(S)979 3654 y Fn(1)1051
3639 y Fr(else)g Fs(S)1355 3654 y Fn(2)1395 3639 y Fu(:)43
b(F)-8 b(rom)31 b(Exercise)j(5.30)e(w)m(e)i(ha)m(v)m(e)244
3850 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
b(sat)p 471 3863 V 15 x Fn(Bexp)791 3850 y Ft(P)8 b(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])0 4061 y(and)33
b(the)g(induction)e(h)m(yp)s(othesis)j(applied)d(to)i
Fs(S)1800 4076 y Fn(1)1871 4061 y Fu(and)g Fs(S)2128
4076 y Fn(2)2200 4061 y Fu(giv)m(es)244 4272 y Ft(S)312
4287 y Fn(ds)383 4272 y Fu([)-17 b([)p Fs(S)487 4287
y Fn(1)527 4272 y Fu(])g(])33 b(sat)p 597 4285 V 15 x
Fn(Stm)884 4272 y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)1134
4287 y Fn(1)1173 4272 y Fu(])g(])33 b(and)g Ft(S)1501
4287 y Fn(ds)1572 4272 y Fu([)-17 b([)q Fs(S)1677 4287
y Fn(2)1716 4272 y Fu(])g(])33 b(sat)p 1786 4285 V 15
x Fn(Stm)2073 4272 y Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)2323
4287 y Fn(2)2363 4272 y Fu(])g(])0 4483 y(The)34 b(desired)f(result)244
4694 y(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])q(,)33 b Ft(S)804 4709 y Fn(ds)876 4694 y Fu([)-17
b([)p Fs(S)980 4709 y Fn(1)1019 4694 y Fu(])g(])q(,)33
b Ft(S)1184 4709 y Fn(ds)1256 4694 y Fu([)-17 b([)p Fs(S)1360
4709 y Fn(2)1399 4694 y Fu(])g(])q(\))32 b(sat)p 1507
4707 V 1633 4709 a Fn(Stm)1795 4694 y Fu(cond)1995 4709
y Fn(P)2047 4694 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 b([)q
Fs(S)2667 4709 y Fn(1)2706 4694 y Fu(])g(])q(,)32 b Ft(P)8
b(S)h Fu([)-17 b([)p Fs(S)3053 4709 y Fn(2)3093 4694
y Fu(])g(]\))0 4905 y(then)33 b(follo)m(ws)e(from)h(Lemma)f(5.33.)0
5073 y Fw(The)i(case)g Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12
b Fu(:)33 b(W)-8 b(e)33 b(m)m(ust)f(pro)m(v)m(e)i(that)244
5284 y(FIX\()p Fs(G)9 b Fu(\))33 b(sat)p 609 5297 V 15
x Fn(Stm)896 5284 y Fu(FIX\()p Fs(H)16 b Fu(\))0 5494
y(where)p eop
%%Page: 158 168
158 167 bop 251 130 a Fw(158)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fs(G)42
b(g)f Fu(=)33 b(cond)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(],)33 b Fs(g)41 b Ft(\016)32 b(S)1600 530
y Fn(ds)1671 515 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b(id\))527 683 y Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046
698 y Fn(P)1131 683 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)40 b Ft(\016)32 b(P)8
b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))283
879 y(T)-8 b(o)33 b(do)g(this)f(w)m(e)h(recall)f(the)h(de\014nition)e
(of)h(the)h(least)f(\014xed)i(p)s(oin)m(ts:)527 1075
y(FIX)f Fs(G)42 b Fu(=)957 1008 y Fg(F)1026 1075 y Ft(f)p
Fs(G)1160 1038 y Fn(n)1236 1075 y Fs(g)1290 1090 y Fn(0)1362
1075 y Ft(j)32 b Fu(n)h Ft(\025)g Fu(0)f Ft(g)g Fu(where)i
Fs(g)2118 1090 y Fn(0)2190 1075 y Fs(s)40 b Fu(=)33 b(undef)p
2379 1088 236 4 v 33 w(for)f(all)e Fs(s)527 1242 y Fu(FIX)j
Fs(H)48 b Fu(=)961 1176 y Fg(F)1030 1242 y Ft(f)p Fs(H)1168
1206 y Fn(n)1244 1242 y Fs(h)1301 1257 y Fn(0)1373 1242
y Ft(j)32 b Fu(n)h Ft(\025)g Fu(0)f Ft(g)h Fu(where)g
Fs(h)2132 1257 y Fn(0)2205 1242 y Fs(ps)40 b Fu(=)32
b Fb(init)h Fu(for)f(all)f Fs(ps)283 1438 y Fu(The)j(pro)s(of)e(pro)s
(ceeds)i(in)d(t)m(w)m(o)j(stages.)44 b(W)-8 b(e)33 b(b)s(egin)f(b)m(y)h
(pro)m(ving)f(that)552 1606 y Fs(G)636 1570 y Fn(n)712
1606 y Fs(g)766 1621 y Fn(0)838 1606 y Fu(sat)p 838 1619
126 4 v 15 x Fn(Stm)1125 1606 y Fu(FIX)h Fs(H)48 b Fu(for)32
b(all)f(n)1842 b(\(*\))283 1773 y(and)33 b(then)552 1941
y(FIX)g Fs(G)41 b Fu(sat)p 873 1954 V 999 1956 a Fn(Stm)1161
1941 y Fu(FIX)32 b Fs(H)2145 b Fu(\(**\))283 2132 y(W)-8
b(e)33 b(pro)m(v)m(e)h(\(*\))e(b)m(y)i(induction)d(on)i(n.)44
b(F)-8 b(or)31 b(the)i(base)h(case)f(w)m(e)h(observ)m(e)g(that)527
2328 y Fs(g)581 2343 y Fn(0)653 2328 y Fu(sat)p 653 2341
V 15 x Fn(Stm)940 2328 y Fu(FIX)f Fs(H)283 2524 y Fu(holds)27
b(trivially)d(since)k Fs(g)1184 2539 y Fn(0)1250 2524
y Fs(s)35 b Fu(=)27 b(undef)p 1428 2537 236 4 v 27 w(for)g(all)e
(states)j Fs(s)8 b Fu(.)42 b(F)-8 b(or)26 b(the)h(induction)f(step)i(w)
m(e)g(assume)283 2644 y(that)527 2840 y Fs(G)611 2804
y Fn(n)687 2840 y Fs(g)741 2855 y Fn(0)813 2840 y Fu(sat)p
813 2853 126 4 v 15 x Fn(Stm)1100 2840 y Fu(FIX)33 b
Fs(H)283 3036 y Fu(and)g(w)m(e)h(shall)d(pro)m(v)m(e)j(the)f(result)f
(for)g(n+1.)44 b(W)-8 b(e)33 b(ha)m(v)m(e)527 3232 y
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b(sat)p
754 3245 V 880 3247 a Fn(Bexp)1074 3232 y Ft(P)8 b(B)t
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])283 3427 y(from)32
b(Exercise)i(5.30,)527 3623 y Ft(S)595 3638 y Fn(ds)666
3623 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])33 b(sat)p
841 3636 V 15 x Fn(Stm)1128 3623 y Ft(P)8 b(S)g Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])283 3819 y(from)41 b(the)h(induction)f(h)m
(yp)s(othesis)i(applied)e(to)g(the)i(b)s(o)s(dy)e(of)h(the)g
Fr(while)p Fu(-lo)s(op,)i(and)e(it)e(is)283 3939 y(clear)33
b(that)527 4135 y(id)f(sat)p 641 4148 V 15 x Fn(Stm)928
4135 y Fu(id)283 4331 y(By)i(Exercise)f(5.27)f(w)m(e)i(also)e(ha)m(v)m
(e)527 4527 y Fs(ps)41 b Fu(on-trac)m(k)33 b Ft(v)1120
4542 y Fn(P)1205 4527 y Fu(\(\(FIX)f Fs(H)16 b Fu(\))33
b Fs(ps)8 b Fu(\))32 b(on-trac)m(k)283 4723 y(for)g(all)f(prop)s(ert)m
(y)i(states)h Fs(ps)8 b Fu(.)43 b(W)-8 b(e)33 b(then)g(obtain)552
4890 y(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(],)33 b(\()p Fs(G)1167 4854 y Fn(n)1259 4890 y Fs(g)1313
4905 y Fn(0)1352 4890 y Fu(\))p Ft(\016S)1508 4905 y
Fn(ds)1579 4890 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33
b(id\))e(sat)p 1932 4903 V 15 x Fn(Stm)2220 4890 y Fu(cond)2420
4905 y Fn(P)2472 4890 y Fu(\()p Ft(P)8 b(B)t Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)33 b(\(FIX)f Fs(H)16 b Fu(\))p
Ft(\016P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33
b(id\))283 5058 y(from)j(Lemmas)f(5.32)h(and)g(5.33)g(and)h(this)f(is)g
(indeed)g(the)h(desired)g(result)g(since)f(the)h(righ)m(t-)283
5178 y(hand)c(side)g(amoun)m(ts)f(to)h Fs(H)48 b Fu(\(FIX)33
b Fs(H)16 b Fu(\))32 b(whic)m(h)h(equals)g(FIX)g Fs(H)16
b Fu(.)430 5299 y(Finally)30 b(w)m(e)j(m)m(ust)g(sho)m(w)h(\(**\).)43
b(This)32 b(amoun)m(ts)h(to)f(sho)m(wing)527 5428 y Fg(F)597
5494 y Fs(Y)52 b Fu(sat)p 721 5507 V 15 x Fn(Stm)1008
5494 y Fu(FIX)33 b Fs(H)p eop
%%Page: 159 169
159 168 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
2007 b(159)p 0 193 3473 4 v 0 515 a Fu(where)34 b Fs(Y)52
b Fu(=)32 b Ft(f)h Fs(G)681 479 y Fn(n)757 515 y Fs(g)811
530 y Fn(0)882 515 y Ft(j)g Fu(n)f Ft(\025)h Fu(0)g Ft(g)p
Fu(.)43 b(So)32 b(assume)h(that)244 715 y Fs(s)292 730
y Fn(1)364 715 y Ft(\021)g Fs(s)522 730 y Fn(2)594 715
y Fu(rel)p 594 728 109 4 v 32 w Fs(ps)40 b Fu(and)33
b(\(FIX)f Fs(H)16 b Fu(\))33 b Fs(ps)40 b Fu(is)32 b(prop)s(er)0
914 y(Since)h Fs(g)41 b Fu(sat)p 341 927 126 4 v 15 x
Fn(Stm)628 914 y Fu(FIX)33 b Fs(H)48 b Fu(holds)32 b(for)h(all)d
Fs(g)41 b Ft(2)33 b Fs(Y)52 b Fu(b)m(y)34 b(\(*\))e(w)m(e)h(get)g(that)
f(either)244 1113 y Fs(g)41 b(s)378 1128 y Fn(1)450 1113
y Fu(=)32 b(undef)p 558 1126 236 4 v 34 w(and)g Fs(g)41
b(s)1150 1128 y Fn(2)1222 1113 y Fu(=)33 b(undef)p 1331
1126 V 1 w(,)f(or)244 1281 y Fs(g)41 b(s)378 1296 y Fn(1)450
1281 y Ft(6)p Fu(=)32 b(undef)p 558 1294 V 34 w(and)g
Fs(g)41 b(s)1150 1296 y Fn(2)1222 1281 y Ft(6)p Fu(=)33
b(undef)p 1331 1294 V 33 w(and)g Fs(g)41 b(s)1923 1296
y Fn(1)1995 1281 y Ft(\021)33 b Fs(g)41 b(s)2239 1296
y Fn(2)2311 1281 y Fu(rel)p 2311 1294 109 4 v 32 w(\(FIX)32
b Fs(H)16 b Fu(\))33 b Fs(ps)0 1480 y Fu(If)e(\()134
1414 y Fg(F)203 1480 y Fs(Y)20 b Fu(\))31 b Fs(s)412
1495 y Fn(1)482 1480 y Fu(=)g(undef)p 589 1493 236 4
v 32 w(then)h Fs(g)39 b(s)1209 1495 y Fn(1)1280 1480
y Fu(=)31 b(undef)p 1387 1493 V 32 w(for)f(all)f Fs(g)40
b Ft(2)31 b Fs(Y)51 b Fu(and)31 b(thereb)m(y)i Fs(g)40
b(s)2912 1495 y Fn(2)2982 1480 y Fu(=)31 b(undef)p 3089
1493 V 32 w(for)0 1600 y(all)j Fs(g)46 b Ft(2)36 b Fs(Y)57
b Fu(so)36 b(that)h(\()838 1534 y Fg(F)907 1600 y Fs(Y)19
b Fu(\))37 b Fs(s)1121 1615 y Fn(2)1197 1600 y Fu(=)f(undef)p
1309 1613 V 1 w(.)55 b(Similarly)33 b(\()2084 1534 y
Fg(F)2153 1600 y Fs(Y)20 b Fu(\))36 b Fs(s)2367 1615
y Fn(2)2443 1600 y Fu(=)g(undef)p 2555 1613 V 38 w(will)e(imply)h(that)
0 1721 y(\()38 1654 y Fg(F)107 1721 y Fs(Y)20 b Fu(\))39
b Fs(s)324 1736 y Fn(1)404 1721 y Fu(=)g(undef)p 519
1734 V 1 w(.)65 b(So)40 b(consider)g(no)m(w)h(the)f(case)g(where)i(\()
2304 1654 y Fg(F)2373 1721 y Fs(Y)19 b Fu(\))33 b Fs(s)2583
1736 y Fn(1)2662 1721 y Ft(6)p Fu(=)40 b(undef)p 2778
1734 V 40 w(as)g(w)m(ell)f(as)0 1841 y(\()38 1775 y Fg(F)107
1841 y Fs(Y)20 b Fu(\))32 b Fs(s)317 1856 y Fn(2)389
1841 y Ft(6)p Fu(=)h(undef)p 498 1854 V 33 w(and)g(let)f
Fs(x)44 b Ft(2)33 b Fw(V)-9 b(ar)32 b Ft(\\)h Fu(OK\(\(FIX)f
Fs(H)16 b Fu(\))32 b Fs(ps)8 b Fu(\).)44 b(By)33 b(Lemma)e(4.25)h(w)m
(e)i(ha)m(v)m(e)244 2040 y(graph\()526 1974 y Fg(F)595
2040 y Fs(Y)20 b Fu(\))32 b(=)865 1974 y Fg(S)935 2040
y Ft(f)g Fu(graph)g Fs(g)41 b Ft(j)33 b Fs(g)41 b Ft(2)33
b Fs(Y)52 b Ft(g)0 2240 y Fu(and)41 b(\()236 2173 y Fg(F)305
2240 y Fs(Y)19 b Fu(\))41 b Fs(s)523 2255 y Fn(i)587
2240 y Ft(6)p Fu(=)f(undef)p 703 2253 V 41 w(therefore)h(sho)m(ws)h
(the)f(existence)h(of)e(an)g(elemen)m(t)h Fs(g)2968 2255
y Fn(i)3031 2240 y Fu(in)f Fs(Y)60 b Fu(suc)m(h)0 2360
y(that)38 b Fs(g)271 2375 y Fn(i)326 2360 y Fs(s)374
2375 y Fn(i)431 2360 y Ft(6)p Fu(=)32 b(undef)p 539 2373
V 39 w(and)37 b(\()1045 2294 y Fg(F)1114 2360 y Fs(Y)20
b Fu(\))38 b Fs(s)1330 2375 y Fn(i)1391 2360 y Fu(=)g
Fs(g)1559 2375 y Fn(i)1620 2360 y Fs(s)1668 2375 y Fn(i)1729
2360 y Fu(\(for)f(i)g(=)h(1,)h(2\).)58 b(Since)38 b Fs(Y)57
b Fu(is)38 b(a)f(c)m(hain)h(either)0 2480 y Fs(g)54 2495
y Fn(1)126 2480 y Ft(v)33 b Fs(g)290 2495 y Fn(2)361
2480 y Fu(or)f Fs(g)534 2495 y Fn(2)606 2480 y Ft(v)h
Fs(g)770 2495 y Fn(1)841 2480 y Fu(so)g(let)f Fs(g)41
b Fu(b)s(e)33 b(the)g(larger)e(of)h(the)h(t)m(w)m(o.)45
b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)294 2671 y(\(\()370
2605 y Fg(F)439 2671 y Fs(Y)19 b Fu(\))33 b Fs(s)649
2686 y Fn(1)688 2671 y Fu(\))g Fs(x)111 b Fu(=)33 b(\()p
Fs(g)1116 2686 y Fn(1)1187 2671 y Fs(s)1235 2686 y Fn(1)1275
2671 y Fu(\))f Fs(x)255 b Fu(as)33 b(\()1803 2605 y Fg(F)1872
2671 y Fs(Y)20 b Fu(\))32 b Fs(s)2082 2686 y Fn(1)2154
2671 y Fu(=)h Fs(g)2317 2686 y Fn(1)2388 2671 y Fs(s)2436
2686 y Fn(1)915 2839 y Fu(=)g(\()p Fs(g)41 b(s)1196 2854
y Fn(1)1235 2839 y Fu(\))33 b Fs(x)294 b Fu(as)33 b Fs(g)1819
2854 y Fn(1)1891 2839 y Ft(v)g Fs(g)41 b Fu(and)32 b
Fs(g)2330 2854 y Fn(1)2402 2839 y Fs(s)2450 2854 y Fn(1)2522
2839 y Ft(6)p Fu(=)g(undef)p 2630 2852 V 915 3006 a(=)h(\()p
Fs(g)41 b(s)1196 3021 y Fn(2)1235 3006 y Fu(\))33 b Fs(x)294
b Fu(as)33 b Fs(g)41 b(s)1899 3021 y Fn(1)1971 3006 y
Ft(\021)33 b Fs(g)41 b(s)2215 3021 y Fn(2)2287 3006 y
Fu(rel)p 2287 3019 109 4 v 32 w(\(FIX)33 b Fs(H)16 b
Fu(\))32 b Fs(ps)915 3174 y Fu(=)h(\()p Fs(g)1116 3189
y Fn(2)1187 3174 y Fs(s)1235 3189 y Fn(2)1275 3174 y
Fu(\))f Fs(x)255 b Fu(as)33 b Fs(g)1819 3189 y Fn(2)1891
3174 y Ft(v)g Fs(g)41 b Fu(and)32 b Fs(g)2330 3189 y
Fn(2)2402 3174 y Fs(s)2450 3189 y Fn(2)2522 3174 y Ft(6)p
Fu(=)g(undef)p 2630 3187 236 4 v 915 3342 a(=)h(\(\()1100
3275 y Fg(F)1169 3342 y Fs(Y)19 b Fu(\))33 b Fs(s)1379
3357 y Fn(2)1418 3342 y Fu(\))g Fs(x)111 b Fu(as)33 b(\()1803
3275 y Fg(F)1872 3342 y Fs(Y)20 b Fu(\))32 b Fs(s)2082
3357 y Fn(2)2154 3342 y Fu(=)h Fs(g)2317 3357 y Fn(2)2388
3342 y Fs(s)2436 3357 y Fn(2)0 3534 y Fu(as)g(required.)44
b(This)33 b(\014nishes)g(the)g(pro)s(of)f(of)g(the)h(theorem.)1217
b Fh(2)146 3737 y Fu(It)31 b(follo)m(ws)e(from)g(this)g(theorem)h(that)
g(the)h(algorithm)c(listed)i(at)h(the)h(end)g(of)f(Section)g(5.2)0
3858 y(is)c(indeed)h(correct.)42 b(The)28 b(pro)s(of)e(of)g(safet)m(y)i
(of)e(the)h(analysis)f(can)h(b)s(e)g(summarized)f(as)h(follo)m(ws:)p
0 4007 3470 4 v 0 4024 V -2 4231 4 208 v 15 4231 V 1088
4152 a Fw(Pro)s(of)32 b(Summary)g(for)h(While)p Fu(:)p
3452 4231 V 3469 4231 V -2 4439 V 15 4439 V 1142 4360
a Fw(Safet)m(y)g(of)g(Static)f(Analysis)p 3452 4439 V
3469 4439 V 0 4442 3470 4 v -2 4811 4 370 v 15 4811 V
66 4608 a Fu(1:)143 b(De\014ne)32 b(a)f(relation)e(sat)p
1022 4621 126 4 v 15 x Fn(Stm)1308 4608 y Fu(expressing)k(the)e
(relationship)e(b)s(et)m(w)m(een)34 b(the)d(functions)285
4728 y(of)h Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)f
Fu(and)h Fw(PState)f Ft(!)g Fw(PState)p Fu(.)p 3452 4811
4 370 v 3469 4811 V -2 5220 4 409 v 15 5220 V 66 4896
a(2:)143 b(Sho)m(w)32 b(that)g(the)f(relation)f(is)h(preserv)m(ed)i(b)m
(y)g(certain)e(pairs)f(of)h(auxiliary)e(functions)285
5016 y(used)36 b(in)e(the)g(denotational)f(seman)m(tics)h(and)h(the)g
(static)f(analysis)g(\(Lemmas)f(5.32)285 5136 y(and)g(5.33\).)p
3452 5220 V 3469 5220 V -2 5508 4 289 v 15 5508 V 66
5304 a(3:)143 b(Use)42 b Fs(structur)-5 b(al)44 b(induction)k
Fu(on)40 b(the)i(statemen)m(ts)g Fs(S)52 b Fu(to)41 b(sho)m(w)h(that)f
(the)g(relation)285 5424 y(holds)33 b(b)s(et)m(w)m(een)h(the)f(seman)m
(tics)g(and)g(the)g(analysis)f(of)g Fs(S)12 b Fu(.)p
3452 5508 V 3469 5508 V 0 5511 3470 4 v 0 5528 V eop
%%Page: 160 170
160 169 bop 251 130 a Fw(160)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Exercise)h(5.34)49
b Fu(Extend)40 b(the)e(pro)s(of)g(of)g(the)h(theorem)f(to)g(incorp)s
(orate)f(the)i(analysis)f(de-)283 636 y(v)m(elop)s(ed)33
b(for)f Fr(repeat)j Fs(S)44 b Fr(until)34 b Fs(b)k Fu(in)32
b(Exercise)i(5.25.)1383 b Fh(2)283 906 y Fw(Exercise)37
b(5.35)49 b Fu(When)35 b(sp)s(ecifying)f Ft(P)8 b(S)42
b Fu(in)33 b(the)i(previous)g(section)f(w)m(e)h(rejected)h(the)e(p)s
(os-)283 1026 y(sibilit)m(y)d(of)h(using)527 1259 y(cond)727
1223 y Fi(0)727 1284 y Fn(P)780 1259 y Fu(\()p Fs(f)21
b Fu(,)32 b Fs(h)985 1274 y Fn(1)1025 1259 y Fu(,)h Fs(h)1142
1274 y Fn(2)1181 1259 y Fu(\))g Fs(ps)40 b Fu(=)33 b(\()p
Fs(h)1586 1274 y Fn(1)1658 1259 y Fs(ps)8 b Fu(\))32
b Ft(t)1893 1274 y Fn(PS)2017 1259 y Fu(\()p Fs(h)2112
1274 y Fn(2)2184 1259 y Fs(ps)8 b Fu(\))283 1492 y(rather)24
b(than)f(cond)985 1507 y Fn(P)1038 1492 y Fu(.)40 b(F)-8
b(ormally)20 b(sho)m(w)k(that)f(the)h(analysis)e(obtained)h(b)m(y)h
(using)f(cond)3420 1456 y Fi(0)3420 1517 y Fn(P)3496
1492 y Fu(rather)283 1613 y(than)38 b(cond)716 1628 y
Fn(P)806 1613 y Fu(cannot)g(b)s(e)g(correct)g(in)f(the)h(sense)h(of)e
(Theorem)h(5.31.)58 b(Hin)m(t:)53 b(Consider)38 b(the)283
1733 y(statemen)m(t)c Fs(S)804 1748 y Fn(12)911 1733
y Fu(of)e(Example)g(5.3.)2102 b Fh(2)283 2003 y Fw(Exercise)37
b(5.36)49 b Fu(In)37 b(the)h(ab)s(o)m(v)m(e)h(exercise)f(w)m(e)h(sa)m
(w)f(that)f(cond)2678 2018 y Fn(P)2768 2003 y Fu(could)g(not)g(b)s(e)h
(simpli\014ed)283 2124 y(so)32 b(as)f(to)g(ignore)g(the)h(test)f(for)g
(whether)i(the)f(condition)e(is)g(dubious)i(or)f(not.)43
b(No)m(w)32 b(consider)283 2244 y(the)h(follo)m(wing)d(remedy)552
2412 y(cond)752 2375 y Fi(0)752 2436 y Fn(P)805 2412
y Fu(\()p Fs(f)21 b Fu(,)32 b Fs(h)1010 2427 y Fn(1)1050
2412 y Fu(,)h Fs(h)1167 2427 y Fn(2)1206 2412 y Fu(\))g
Fs(ps)552 2745 y Fu(=)660 2496 y Fg(8)660 2570 y(>)660
2595 y(>)660 2620 y(>)660 2645 y(<)660 2795 y(>)660 2819
y(>)660 2844 y(>)660 2869 y(:)776 2576 y Fu(\()p Fs(h)871
2591 y Fn(1)943 2576 y Fs(ps)8 b Fu(\))32 b Ft(t)1178
2591 y Fn(PS)1302 2576 y Fu(\()p Fs(h)1397 2591 y Fn(2)1469
2576 y Fs(ps)8 b Fu(\))83 b(if)31 b Fs(f)53 b(ps)41 b
Fu(=)32 b Fb(ok)776 2744 y Fu(\(\()p Fs(h)909 2759 y
Fn(1)981 2744 y Fu(\()p Fs(ps)8 b Fu([on-trac)m(k)p Ft(7!)p
Fb(d)p Fu(?]\)\))43 b Ft(t)1917 2759 y Fn(PS)2041 2744
y Fu(\()p Fs(h)2136 2759 y Fn(2)2208 2744 y Fu(\()p Fs(ps)8
b Fu([on-trac)m(k)p Ft(7!)p Fb(d)p Fu(?]\)\)\)[on-trac)m(k)p
Ft(7!)p Fb(ok)p Fu(])1688 2912 y(if)31 b Fs(f)53 b(ps)41
b Fu(=)32 b Fb(d)p Fu(?)283 3076 y(Giv)m(e)37 b(an)g(example)f
(statemen)m(t)h(where)h(cond)1985 3040 y Fi(0)1985 3101
y Fn(P)2074 3076 y Fu(is)f(preferable)f(to)h(cond)2957
3091 y Fn(P)3009 3076 y Fu(.)56 b(Do)s(es)37 b(the)g(safet)m(y)283
3197 y(pro)s(of)43 b(carry)h(through)f(when)i(cond)1657
3212 y Fn(P)1753 3197 y Fu(is)e(replaced)h(b)m(y)g(cond)2604
3160 y Fi(0)2604 3221 y Fn(P)2657 3197 y Fu(?)76 b(If)43
b(not,)k(suggest)d(ho)m(w)g(to)283 3317 y(w)m(eak)m(en)35
b(the)e(safet)m(y)h(predicate)f(suc)m(h)h(that)e(another)h(safet)m(y)g
(result)g(ma)m(y)f(b)s(e)h(pro)m(v)m(ed.)194 b Fh(2)283
3686 y Fj(5.4)161 b(Bounded)52 b(iteration)283 3918 y
Fu(In)32 b(Example)e(5.16)h(w)m(e)h(analysed)f(the)g(factorial)e
(statemen)m(t)i(and)g(sa)m(w)h(that)f(the)h(\014xed)g(p)s(oin)m(t)283
4038 y(computation)26 b(stabilizes)f(after)i(a)f(\014nite)h(n)m(um)m(b)
s(er)g(of)f(unfoldings,)h(irresp)s(ectiv)m(e)g(of)f(the)h(prop-)283
4158 y(ert)m(y)32 b(state)e(that)g(is)g(supplied)g(as)h(argumen)m(t.)42
b(This)31 b(is)e(quite)i(unlik)m(e)f(what)g(w)m(as)h(the)g(case)g(for)
283 4279 y(the)25 b(denotational)d(seman)m(tics)j(of)f(Chapter)h(4,)h
(where)f(the)g(n)m(um)m(b)s(er)f(of)g(unfoldings)f(dep)s(ended)283
4399 y(on)33 b(the)g(state)g(and)g(w)m(as)h(un)m(b)s(ounded.)45
b(A)33 b(similar)c(example)k(w)m(as)g(studied)g(in)f(Exercise)i(5.24)
283 4520 y(where)48 b(w)m(e)f(sa)m(w)h(that)e(the)g(analysis)g(w)m
(ould)g(terminate)f(up)s(on)h(a)g(statemen)m(t)h(that)f(nev)m(er)283
4640 y(terminated)32 b(in)g(the)h(denotational)d(seman)m(tics)j(of)f
(Chapter)i(4.)430 4766 y(This)24 b(is)f(an)h(instance)g(of)f(a)h
(general)f(phenomenon)i(and)e(w)m(e)i(shall)e(sho)m(w)i(t)m(w)m(o)f
(prop)s(ositions)283 4887 y(ab)s(out)32 b(this.)42 b(The)33
b(\014rst)f(prop)s(osition)e(sa)m(ys)j(that)e(for)h(eac)m(h)g(statemen)
m(t)g Fr(while)h Fs(b)38 b Fr(do)32 b Fs(S)43 b Fu(there)283
5007 y(is)d(a)f(constan)m(t)h(k)g(suc)m(h)h(that)f(the)g(kth)g
(unfolding)e(will)f(indeed)j(b)s(e)g(the)g(\014xed)g(p)s(oin)m(t.)64
b(The)283 5127 y(second)35 b(prop)s(osition)c(is)h(considerably)h
(harder)g(and)g(sa)m(ys)h(that)f(it)f(is)g(p)s(ossible)h(to)f(tak)m(e)i
(k)f(to)283 5248 y(b)s(e)g(\(m+1\))699 5212 y Fn(2)770
5248 y Fu(where)h(m)e(is)g(the)h(n)m(um)m(b)s(er)g(of)f(distinct)g(v)-5
b(ariables)31 b(in)h Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12
b Fu(.)430 5374 y(T)-8 b(o)35 b(prepare)h(for)f(the)h(\014rst)g(prop)s
(osition)e(w)m(e)i(need)h(an)e(inductiv)m(e)h(de\014nition)e(of)h(the)h
(set)283 5494 y(FV\()p Fs(S)12 b Fu(\))32 b(of)h(free)g(v)-5
b(ariables)31 b(in)h(the)h(statemen)m(t)g Fs(S)12 b Fu(:)p
eop
%%Page: 161 171
161 170 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
b(161)p 0 193 3473 4 v 294 500 a Fu(FV\()p Fs(x)44 b
Fu(:=)32 b Fs(a)7 b Fu(\))757 b(=)99 b(FV\()p Fs(a)7
b Fu(\))33 b Ft([)g(f)p Fs(x)12 b Ft(g)294 668 y Fu(FV\()p
Fr(skip)p Fu(\))834 b(=)99 b Ft(;)294 835 y Fu(FV\()p
Fs(S)536 850 y Fn(1)575 835 y Fu(;)p Fs(S)669 850 y Fn(2)708
835 y Fu(\))799 b(=)99 b(FV\()p Fs(S)1962 850 y Fn(1)2001
835 y Fu(\))33 b Ft([)g Fu(FV\()p Fs(S)2413 850 y Fn(2)2452
835 y Fu(\))294 1003 y(FV\()p Fr(if)f Fs(b)39 b Fr(then)33
b Fs(S)991 1018 y Fn(1)1063 1003 y Fr(else)h Fs(S)1368
1018 y Fn(2)1407 1003 y Fu(\))100 b(=)f(FV\()p Fs(b)6
b Fu(\))32 b Ft([)h Fu(FV\()p Fs(S)2357 1018 y Fn(1)2396
1003 y Fu(\))g Ft([)g Fu(FV\()p Fs(S)2808 1018 y Fn(2)2847
1003 y Fu(\))294 1171 y(FV\()p Fr(while)g Fs(b)39 b Fr(do)33
b Fs(S)12 b Fu(\))464 b(=)99 b(FV\()p Fs(b)6 b Fu(\))32
b Ft([)h Fu(FV\()p Fs(S)12 b Fu(\))0 1355 y(Our)24 b(\014rst)g(observ)
-5 b(ation)24 b(is)f(that)h(w)m(e)h(can)f(rep)s(eat)g(the)g(dev)m
(elopmen)m(t)h(of)e(the)h(previous)h(sections)0 1475
y(if)41 b(w)m(e)i(restrict)f(the)g(prop)s(ert)m(y)h(states)g(to)e
(consider)i(only)e(v)-5 b(ariables)41 b(that)g(are)h(free)h(in)e(the)0
1596 y(o)m(v)m(erall)33 b(program.)45 b(So)33 b(let)g
Fs(X)49 b Ft(\022)34 b Fw(V)-9 b(ar)33 b Fu(b)s(e)h(a)f(\014nite)h(set)
g(of)f(v)-5 b(ariables)32 b(and)i(de\014ne)g Fw(PState)3405
1611 y Fc(X)0 1716 y Fu(to)e(b)s(e)244 1907 y Fw(PState)576
1922 y Fc(X)675 1907 y Fu(=)h(\()p Fs(X)48 b Ft([)33
b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(\))g Ft(!)f Fw(P)0 2119
y(Exercise)k(5.37)49 b(\(Essen)m(tial\))24 b Fu(De\014ne)i
Fw(Aexp)1789 2134 y Fc(X)1882 2119 y Fu(to)g(b)s(e)g(the)g(set)h(of)e
(arithmetic)f(expressions)0 2239 y Fs(a)30 b Fu(of)22
b Fw(Aexp)g Fu(with)g(FV\()p Fs(a)7 b Fu(\))22 b Ft(\022)h
Fs(X)39 b Fu(and)22 b(let)g Fw(Bexp)1737 2254 y Fc(X)1827
2239 y Fu(and)g Fw(Stm)2206 2254 y Fc(X)2295 2239 y Fu(b)s(e)h
(de\014ned)h(similarly)-8 b(.)36 b(Mo)s(dify)0 2360 y(T)-8
b(ables)33 b(5.1)f(and)h(5.2)f(to)g(de\014ne)i(analysis)e(functions)269
2527 y Ft(P)8 b(A)426 2542 y Fc(X)493 2527 y Fu(:)44
b Fw(Aexp)821 2542 y Fc(X)921 2527 y Ft(!)32 b Fw(PState)1385
2542 y Fc(X)1484 2527 y Ft(!)g Fw(P)269 2695 y Ft(P)8
b(B)415 2710 y Fc(X)482 2695 y Fu(:)44 b Fw(Bexp)805
2710 y Fc(X)905 2695 y Ft(!)32 b Fw(PState)1369 2710
y Fc(X)1468 2695 y Ft(!)g Fw(P)269 2863 y Ft(P)8 b(S)414
2878 y Fc(X)481 2863 y Fu(:)44 b Fw(Stm)752 2878 y Fc(X)851
2863 y Ft(!)32 b Fw(PState)1315 2878 y Fc(X)1415 2863
y Ft(!)g Fw(PState)1879 2878 y Fc(X)3398 2863 y Fh(2)146
3074 y Fu(The)g(connection)e(b)s(et)m(w)m(een)j(the)e(analysis)f
(functions)g(of)g(the)h(ab)s(o)m(v)m(e)g(exercise)h(and)f(those)0
3195 y(of)h(T)-8 b(ables)32 b(5.1)f(and)i(5.2)e(should)h(b)s(e)g(in)m
(tuitiv)m(ely)f(clear.)43 b(F)-8 b(ormally)29 b(the)j(connection)g(ma)m
(y)g(b)s(e)0 3315 y(w)m(ork)m(ed)i(out)f(as)f(follo)m(ws:)0
3527 y Fw(Exercise)k(5.38)49 b Fu(*)33 b(De\014ne)244
3718 y(extend)527 3733 y Fc(X)596 3718 y Fu(:)43 b Fw(PState)998
3733 y Fc(X)1098 3718 y Ft(!)32 b Fw(PState)0 3909 y
Fu(b)m(y)244 4182 y(\(extend)565 4197 y Fc(X)666 4182
y Fs(ps)8 b Fu(\))33 b Fs(x)44 b Fu(=)1032 4007 y Fg(8)1032
4082 y(<)1032 4232 y(:)1148 4097 y Fs(ps)c(x)390 b Fu(if)32
b Fs(x)44 b Ft(2)33 b Fs(X)49 b Ft([)33 b(f)p Fu(on-trac)m(k)p
Ft(g)1148 4265 y Fs(ps)40 b Fu(on-trac)m(k)83 b(otherwise)0
4455 y(Sho)m(w)33 b(that)294 4618 y Ft(P)8 b(A)p Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])34 b Ft(\016)e Fu(extend)981
4633 y Fc(X)1150 4618 y Fu(=)99 b Ft(P)8 b(A)1482 4633
y Fc(X)1549 4618 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])294
4785 y Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])33 b Ft(\016)g Fu(extend)964 4800 y Fc(X)1150 4785
y Fu(=)99 b Ft(P)8 b(B)1471 4800 y Fc(X)1538 4785 y Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])294 4953 y Ft(P)8 b(S)g Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(])33 b Ft(\016)f Fu(extend)979
4968 y Fc(X)1150 4953 y Fu(=)99 b(extend)1608 4968 y
Fc(X)1709 4953 y Ft(\016)33 b(P)8 b(S)1937 4968 y Fc(X)2004
4953 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])0 5143 y(whenev)m(er)35
b(FV\()p Fs(a)7 b Fu(\))33 b Ft(\022)g Fs(X)16 b Fu(,)32
b(FV\()p Fs(b)6 b Fu(\))32 b Ft(\022)h Fs(X)49 b Fu(and)33
b(FV\()p Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)1156
b Fh(2)146 5355 y Fu(The)37 b(prop)s(ert)m(y)f(states)h(of)e
Fw(PState)1478 5370 y Fc(X)1581 5355 y Fu(are)g(only)h(de\014ned)h(on)e
(a)h(\014nite)f(n)m(um)m(b)s(er)h(of)f(argu-)0 5475 y(men)m(ts)e(b)s
(ecause)h Fs(X)49 b Fu(is)32 b(a)g(\014nite)g(set.)45
b(This)32 b(is)g(the)h(k)m(ey)i(to)d(sho)m(wing:)p eop
%%Page: 162 172
162 171 bop 251 130 a Fw(162)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473
5 v 283 665 a(Prop)s(osition)g(5.39)49 b Fu(F)-8 b(or)47
b(eac)m(h)h(statemen)m(t)g Fr(while)g Fs(b)53 b Fr(do)48
b Fs(S)59 b Fu(of)47 b Fw(While)f Fu(there)i(exists)g(a)283
786 y(constan)m(t)34 b(k)f(suc)m(h)h(that)527 965 y Ft(P)8
b(S)673 980 y Fc(X)740 965 y Fu([)-17 b([)q Fr(while)33
b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f
Fs(H)1618 928 y Fn(k)1692 965 y Ft(?)283 1143 y Fu(where)i
Fs(H)49 b(h)40 b Fu(=)32 b(cond)1084 1158 y Fn(P)1137
1143 y Fu(\()p Ft(P)8 b(B)1321 1158 y Fc(X)1388 1143
y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)39
b Ft(\016)33 b(P)8 b(S)1891 1158 y Fc(X)1958 1143 y Fu([)-17
b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f(and)h(FV\()p
Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b
Ft(\022)h Fs(X)16 b Fu(.)p 283 1264 V 283 1443 a(Note)33
b(that)g(using)f(the)h(result)f(of)g(Exercise)i(5.38)e(w)m(e)i(could)e
(disp)s(ense)i(with)e Fs(X)49 b Fu(altogether.)283 1610
y Fw(Pro)s(of:)36 b Fu(Let)c(m)e(b)s(e)h(the)h(cardinalit)m(y)d(of)i
Fs(X)16 b Fu(.)31 b(Then)i(there)f(will)d(b)s(e)i(2)2813
1574 y Fn(m+1)2997 1610 y Fs(di\013er)-5 b(ent)40 b Fu(prop)s(ert)m(y)
283 1731 y(states)34 b(in)e Fw(PState)1007 1746 y Fc(X)1074
1731 y Fu(.)43 b(This)33 b(means)g(that)f Fw(PState)2209
1746 y Fc(X)2308 1731 y Ft(!)h Fw(PState)2773 1746 y
Fc(X)2872 1731 y Fu(will)d(con)m(tain)527 1910 y(k)j(=)g(\(2)807
1874 y Fn(m+1)960 1910 y Fu(\))998 1874 y Fn(2)1033 1850
y Fd(m+1)283 2089 y Fu(di\013eren)m(t)f(functions.)44
b(It)31 b(follo)m(ws)g(that)g(there)i(can)e(b)s(e)h(at)g(most)f(k)h
(di\013eren)m(t)g(iterands)f Fs(H)3603 2052 y Fn(n)3678
2089 y Ft(?)283 2209 y Fu(of)38 b Fs(H)16 b Fu(.)39 b(Since)f
Fs(H)54 b Fu(is)38 b(monotone)g(Exercise)h(5.18)f(giv)m(es)h(that)f
Fs(H)2651 2173 y Fn(k)2731 2209 y Ft(?)g Fu(m)m(ust)h(b)s(e)f(equal)g
(to)g(the)283 2329 y(\014xed)c(p)s(oin)m(t)e(FIX)g Fs(H)16
b Fu(.)33 b(This)g(concludes)g(the)g(pro)s(of)f(of)g(the)h(prop)s
(osition.)682 b Fh(2)283 2697 y Fp(Making)46 b(it)f(practical)283
2882 y Fu(The)38 b(constan)m(t)g(k)f(determined)g(ab)s(o)m(v)m(e)g(is)g
(a)f(safe)h(upp)s(er)g(b)s(ound)g(but)g(is)g(rather)g(large)e(ev)m(en)
283 3002 y(for)43 b(small)e(statemen)m(ts.)77 b(As)44
b(an)f(example)g(it)f(sa)m(ys)i(that)g(the)f(16,777,216th)f(iteration)f
(of)283 3123 y(the)d(functional)e(will)e(su\016ce)39
b(for)e(the)h(factorial)c(statemen)m(t)k(and)f(this)g(is)g(quite)g
(useless)h(for)283 3243 y(practical)h(purp)s(oses.)69
b(In)40 b(the)h(remainder)f(of)f(this)i(section)f(w)m(e)h(shall)e(sho)m
(w)j(that)e(a)g(m)m(uc)m(h)283 3363 y(smaller)31 b(constan)m(t)i(can)g
(b)s(e)g(used:)p 283 3484 V 283 3634 a Fw(Prop)s(osition)j(5.40)49
b Fu(F)-8 b(or)32 b(eac)m(h)h(statemen)m(t)g Fr(while)h
Fs(b)39 b Fr(do)33 b Fs(S)44 b Fu(of)32 b Fw(While)f
Fu(w)m(e)j(ha)m(v)m(e)527 3812 y Ft(P)8 b(S)673 3827
y Fc(X)740 3812 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f Fs(H)1618
3776 y Fn(k)1692 3812 y Ft(?)283 3991 y Fu(where)k Fs(H)50
b(h)42 b Fu(=)34 b(cond)1091 4006 y Fn(P)1144 3991 y
Fu(\()p Ft(P)8 b(B)1328 4006 y Fc(X)1395 3991 y Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(],)35 b Fs(h)42 b Ft(\016)34
b(P)8 b(S)1904 4006 y Fc(X)1971 3991 y Fu([)-17 b([)q
Fs(S)12 b Fu(])-17 b(],)35 b(id\),)f(k)h(=)f(\(m+1\))2835
3955 y Fn(2)2873 3991 y Fu(,)h(and)g(m)e(is)h(the)h(cardi-)283
4112 y(nalit)m(y)d(of)g(the)h(set)g Fs(X)49 b Fu(=)32
b(FV\()p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)p
283 4232 V 283 4411 a(Note)33 b(that)g(using)f(the)h(result)f(of)g
(Exercise)i(5.38)e(w)m(e)i(could)e(disp)s(ense)i(with)e
Fs(X)49 b Fu(altogether.)430 4531 y(F)-8 b(or)36 b(the)i(factorial)d
(statemen)m(t)j(this)f(will)e(imply)h(that)h(FIX)g Fs(H)54
b Fu(=)37 b Fs(H)3042 4495 y Fn(9)3119 4531 y Ft(?)h
Fu(so)f(only)g(nine)283 4652 y(iterands)25 b(need)g(to)f(b)s(e)h
(constructed.)42 b(This)25 b(ma)m(y)f(b)s(e)g(compared)h(with)f(the)g
(observ)-5 b(ation)24 b(made)283 4772 y(in)32 b(Example)g(5.16)g(that)h
(already)f Fs(H)1652 4736 y Fn(1)1724 4772 y Ft(?)h Fu(is)f(the)h
(least)f(\014xed)i(p)s(oin)m(t.)430 4893 y(The)i(pro)s(of)e(of)h(Prop)s
(osition)f(5.40)g(requires)j(some)e(preliminary)d(results.)52
b(T)-8 b(o)36 b(motiv)-5 b(ate)283 5013 y(these)25 b(consider)f(wh)m(y)
i(the)e(upp)s(er)g(b)s(ound)g(determined)f(in)g(Prop)s(osition)f(5.39)h
(is)h(so)g(imprecise.)283 5133 y(The)33 b(reason)g(is)e(that)h(w)m(e)h
(consider)f Fs(al)5 b(l)42 b Fu(functions)32 b(in)g Fw(PState)2630
5148 y Fc(X)2728 5133 y Ft(!)g Fw(PState)3192 5148 y
Fc(X)3291 5133 y Fu(and)g(do)g(not)283 5254 y(exploit)46
b(an)m(y)h(sp)s(ecial)f(prop)s(erties)g(of)g(the)h(functions)g
Fs(H)2452 5218 y Fn(n)2542 5254 y Ft(?)p Fu(,)k(suc)m(h)d(as)e
(monotonicit)m(y)f(or)283 5374 y(con)m(tin)m(uit)m(y)-8
b(.)60 b(T)-8 b(o)38 b(obtain)f(a)h(b)s(etter)g(b)s(ound)h(w)m(e)g
(shall)d(exploit)h(prop)s(erties)h(of)g(the)g Ft(P)8
b(S)3547 5389 y Fc(X)3614 5374 y Fu([)-17 b([)p Fs(S)12
b Fu(])-17 b(])283 5494 y(analysis)32 b(functions.)44
b(Recall)31 b(that)h(a)g(function)p eop
%%Page: 163 173
163 172 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
b(163)p 0 193 3473 4 v 244 515 a Fs(h)7 b Fu(:)44 b Fw(PState)704
530 y Fc(X)803 515 y Ft(!)32 b Fw(PState)1267 530 y Fc(X)0
720 y Fu(is)g Fs(strict)43 b Fu(if)31 b(and)i(only)f(if)244
924 y Fs(h)40 b Fb(init)514 939 y Fc(X)614 924 y Fu(=)32
b Fb(init)902 939 y Fc(X)0 1128 y Fu(where)c Fb(init)456
1143 y Fc(X)551 1128 y Fu(is)f(the)g(least)g(elemen)m(t)g(of)g
Fw(PState)1822 1143 y Fc(X)1889 1128 y Fu(.)41 b(It)28
b(is)e(an)h Fs(additive)34 b Fu(function)27 b(if)f(and)h(only)0
1249 y(if)244 1453 y Fs(h)40 b Fu(\()p Fs(ps)470 1468
y Fn(1)541 1453 y Ft(t)608 1468 y Fn(PS)732 1453 y Fs(ps)830
1468 y Fn(2)869 1453 y Fu(\))33 b(=)f(\()p Fs(h)40 b(ps)1274
1468 y Fn(1)1313 1453 y Fu(\))32 b Ft(t)1450 1468 y Fn(PS)1574
1453 y Fu(\()p Fs(h)39 b(ps)1799 1468 y Fn(2)1839 1453
y Fu(\))0 1657 y(holds)32 b(for)g(all)f(prop)s(ert)m(y)i(states)h
Fs(ps)1314 1672 y Fn(1)1385 1657 y Fu(and)f Fs(ps)1673
1672 y Fn(2)1745 1657 y Fu(of)f Fw(PState)2188 1672 y
Fc(X)2255 1657 y Fu(.)0 1887 y Fw(Exercise)k(5.41)49
b(\(Essen)m(tial\))29 b Fu(Giv)m(e)i(a)g(formal)e(de\014nition)h(of)g
(what)i(it)e(means)h(for)g(a)f(func-)0 2007 y(tion)244
2212 y Fs(h)7 b Fu(:)44 b Fw(PState)704 2227 y Fc(X)803
2212 y Ft(!)32 b Fw(P)0 2416 y Fu(to)39 b(b)s(e)g(strict)f(and)h
(additiv)m(e.)62 b(Use)40 b(Exercise)h(5.11)d(to)g(sho)m(w)i(that)f
Ft(P)8 b(A)2698 2431 y Fc(X)2766 2416 y Fu([)-17 b([)p
Fs(a)7 b Fu(])-17 b(])40 b(and)f Ft(P)8 b(B)3279 2431
y Fc(X)3346 2416 y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])0
2537 y(are)31 b(strict)f(and)g(additiv)m(e.)43 b(\(W)-8
b(e)30 b(tacitly)g(assume)h(that)f(FV\()p Fs(a)7 b Fu(\))30
b Ft(\022)h Fs(X)47 b Fu(and)31 b(FV\()p Fs(b)6 b Fu(\))30
b Ft(\022)h Fs(X)16 b Fu(.\))63 b Fh(2)146 2766 y Fu(W)-8
b(e)27 b(shall)d(\014rst)i(sho)m(w)h(that)f(the)g(auxiliary)e
(functions)h(for)h(comp)s(osition)d(and)j(conditional)0
2886 y(preserv)m(e)f(strictness)g(and)e(additivit)m(y)f(and)h(next)h(w)
m(e)g(shall)e(pro)m(v)m(e)i(that)f(the)g(analysis)g(function)0
3007 y Ft(P)8 b(S)145 3022 y Fc(X)213 3007 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])33 b(is)f(strict)h(and)f(additiv)m(e)g
(for)g(all)f(statemen)m(ts)i Fs(S)12 b Fu(.)0 3237 y
Fw(Exercise)36 b(5.42)49 b(\(Essen)m(tial\))33 b Fu(Sho)m(w)j(that)f
(if)f Fs(h)1869 3252 y Fn(1)1943 3237 y Fu(and)h Fs(h)2192
3252 y Fn(2)2267 3237 y Fu(are)g(strict)g(and)g(additiv)m(e)f(func-)0
3357 y(tions)e(in)g Fw(PState)685 3372 y Fc(X)784 3357
y Ft(!)g Fw(PState)1248 3372 y Fc(X)1348 3357 y Fu(then)h(so)g(is)f
Fs(h)1845 3372 y Fn(1)1917 3357 y Ft(\016)h Fs(h)2057
3372 y Fn(2)2096 3357 y Fu(.)1275 b Fh(2)0 3587 y Fw(Exercise)36
b(5.43)49 b(\(Essen)m(tial\))22 b Fu(Assume)i(that)g
Fs(f)44 b Fu(in)23 b Fw(PState)2301 3602 y Fc(X)2392
3587 y Ft(!)g Fw(P)g Fu(is)g(strict)g(and)h(additiv)m(e)0
3707 y(and)36 b(that)g Fs(h)465 3722 y Fn(1)541 3707
y Fu(and)h Fs(h)792 3722 y Fn(2)867 3707 y Fu(in)f Fw(PState)1317
3722 y Fc(X)1420 3707 y Ft(!)g Fw(PState)1888 3722 y
Fc(X)1991 3707 y Fu(are)g(strict)g(and)h(additiv)m(e.)54
b(Sho)m(w)37 b(that)0 3827 y(cond)200 3842 y Fn(P)253
3827 y Fu(\()p Fs(f)21 b Fu(,)37 b Fs(h)463 3842 y Fn(1)503
3827 y Fu(,)g Fs(h)624 3842 y Fn(2)664 3827 y Fu(\))f(is)g(a)g(strict)g
(and)g(additiv)m(e)g(function.)55 b(Hin)m(t:)50 b(if)35
b Fs(f)58 b Fu(\()p Fs(ps)2771 3842 y Fn(1)2846 3827
y Ft(t)2913 3842 y Fn(PS)3040 3827 y Fs(ps)3138 3842
y Fn(2)3178 3827 y Fu(\))36 b(=)g Fb(d)p Fu(?)0 3948
y(then)d Fs(f)54 b(ps)404 3963 y Fn(i)460 3948 y Fu(=)32
b Fb(d)p Fu(?)h(for)f(i)g(=)g(1)g(or)h(i)e(=)i(2.)1927
b Fh(2)p 0 4177 3473 5 v 0 4353 a Fw(Lemma)37 b(5.44)49
b Fu(F)-8 b(or)42 b(all)e(statemen)m(ts)k Fs(S)54 b Fu(of)42
b Fw(While)p Fu(,)h Ft(P)8 b(S)2215 4368 y Fc(X)2283
4353 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])43 b(is)f(a)g(strict)g
(and)h(additiv)m(e)0 4473 y(function)32 b(whenev)m(er)j(FV\()p
Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)p 0 4594
V 0 4798 a Fw(Pro)s(of:)37 b Fu(W)-8 b(e)33 b(pro)s(ceed)h(b)m(y)f
(structural)f(induction)g(on)h Fs(S)44 b Fu(and)33 b(assume)g(that)f
(FV\()p Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)0
4965 y Fw(The)33 b(case)g Fs(x)44 b Fu(:=)33 b Fs(a)7
b Fu(:)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 5170 y Ft(P)8
b(S)389 5185 y Fc(X)457 5170 y Fu([)-17 b([)p Fs(x)44
b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b Fb(init)1026
5185 y Fc(X)1126 5170 y Fu(=)g Fb(init)1415 5185 y Fc(X)0
5374 y Fu(b)s(ecause)j(Exercise)g(5.41)d(giv)m(es)i(that)f
Ft(P)8 b(A)1568 5389 y Fc(X)1635 5374 y Fu([)-17 b([)p
Fs(a)7 b Fu(])-17 b(])36 b(is)e(strict)g(so)g Ft(P)8
b(A)2437 5389 y Fc(X)2505 5374 y Fu([)-17 b([)p Fs(a)7
b Fu(])-17 b(])36 b Fb(init)2852 5389 y Fc(X)2954 5374
y Fu(=)e Fb(ok)p Fu(.)50 b(Next)0 5494 y(w)m(e)34 b(sho)m(w)f(that)g
Ft(P)8 b(S)742 5509 y Fc(X)809 5494 y Fu([)-17 b([)q
Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b(is)f(additiv)m(e:)p
eop
%%Page: 164 174
164 173 bop 251 130 a Fw(164)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Ft(P)8
b(S)673 530 y Fc(X)740 515 y Fu([)-17 b([)q Fs(x)44 b
Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q(\()p Fs(ps)1233 530
y Fn(1)1305 515 y Ft(t)1371 530 y Fn(PS)1495 515 y Fs(ps)1593
530 y Fn(2)1633 515 y Fu(\))778 683 y(=)32 b(\()p Fs(ps)1022
698 y Fn(1)1094 683 y Ft(t)1160 698 y Fn(PS)1284 683
y Fs(ps)1382 698 y Fn(2)1421 683 y Fu(\)[)p Fs(x)12 b
Ft(7!)32 b(P)8 b(A)1832 698 y Fc(X)1900 683 y Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])q(\()p Fs(ps)2168 698 y Fn(1)2240
683 y Ft(t)2306 698 y Fn(PS)2430 683 y Fs(ps)2528 698
y Fn(2)2568 683 y Fu(\)])778 851 y(=)32 b(\()p Fs(ps)1022
866 y Fn(1)1094 851 y Ft(t)1160 866 y Fn(PS)1284 851
y Fs(ps)1382 866 y Fn(2)1421 851 y Fu(\)[)p Fs(x)12 b
Ft(7!)32 b(P)8 b(A)1832 866 y Fc(X)1900 851 y Fu([)-17
b([)p Fs(a)7 b Fu(])-17 b(])q Fs(ps)2130 866 y Fn(1)2202
851 y Ft(t)2268 866 y Fn(P)2353 851 y Ft(P)8 b(A)2510
866 y Fc(X)2578 851 y Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q Fs(ps)2808 866 y Fn(2)2847 851 y Fu(])778 1018
y(=)32 b Fs(ps)984 1033 y Fn(1)1023 1018 y Fu([)p Fs(x)12
b Ft(7!P)c(A)1364 1033 y Fc(X)1431 1018 y Fu([)-17 b([)q
Fs(a)7 b Fu(])-17 b(])q Fs(ps)1662 1033 y Fn(1)1701 1018
y Fu(])33 b Ft(t)1827 1033 y Fn(PS)1951 1018 y Fs(ps)2049
1033 y Fn(2)2088 1018 y Fu([)p Fs(x)12 b Ft(7!P)c(A)2429
1033 y Fc(X)2496 1018 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q Fs(ps)2727 1033 y Fn(2)2766 1018 y Fu(])778 1186
y(=)32 b Ft(P)8 b(S)1031 1201 y Fc(X)1099 1186 y Fu([)-17
b([)p Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)1554
1201 y Fn(1)1626 1186 y Ft(t)1692 1201 y Fn(PS)1816 1186
y Ft(P)8 b(S)1961 1201 y Fc(X)2029 1186 y Fu([)-17 b([)p
Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)2484
1201 y Fn(2)283 1385 y Fu(where)34 b(the)f(second)h(equalit)m(y)e
(follo)m(ws)g(from)f Ft(P)8 b(A)2127 1400 y Fc(X)2194
1385 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b(b)s(eing)f(additiv)m
(e)g(\(Exercise)i(5.41\).)283 1552 y Fw(The)f(case)g
Fr(skip)h Fu(is)e(immediate.)283 1720 y Fw(The)h(case)f
Fs(S)805 1735 y Fn(1)844 1720 y Fu(;)g Fs(S)970 1735
y Fn(2)1041 1720 y Fu(follo)m(ws)f(from)f(Exercise)j(5.42)e(and)h(the)g
(induction)f(h)m(yp)s(othesis)i(applied)283 1840 y(to)g
Fs(S)470 1855 y Fn(1)541 1840 y Fu(and)g Fs(S)798 1855
y Fn(2)837 1840 y Fu(.)283 2008 y Fw(The)c(case)g Fr(if)g
Fs(b)34 b Fr(then)c Fs(S)1242 2023 y Fn(1)1309 2008 y
Fr(else)g Fs(S)1610 2023 y Fn(2)1678 2008 y Fu(follo)m(ws)d(from)g
(Exercise)j(5.43,)e(the)h(induction)f(h)m(yp)s(oth-)283
2128 y(esis)33 b(applied)f(to)g Fs(S)991 2143 y Fn(1)1063
2128 y Fu(and)h Fs(S)1320 2143 y Fn(2)1391 2128 y Fu(and)g(Exercise)h
(5.41.)283 2296 y Fw(The)f(case)g Fr(while)h Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(:)32 b(De\014ne)527 2495 y
Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 2510 y Fn(P)1099
2495 y Fu(\()p Ft(P)8 b(B)1283 2510 y Fc(X)1350 2495
y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)40
b Ft(\016)32 b(P)8 b(S)1853 2510 y Fc(X)1921 2495 y Fu([)-17
b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 2694 y(Our)h(\014rst)g
(claim)d(is)i(that)527 2893 y Fs(H)615 2857 y Fn(n)691
2893 y Ft(?)283 3092 y Fu(is)42 b(strict)h(and)f(additiv)m(e)g(for)g
(all)f Fs(n)7 b Fu(.)73 b(This)43 b(is)f(pro)m(v)m(ed)i(b)m(y)f(n)m
(umerical)e(induction)h(and)g(the)283 3212 y(base)h(case,)i(n)d(=)g(0,)
i(is)e(immediate.)69 b(The)42 b(induction)f(step)i(follo)m(ws)e(from)g
(the)h(induction)283 3332 y(h)m(yp)s(othesis)37 b(of)d(the)i
(structural)f(induction,)f(the)i(induction)e(h)m(yp)s(othesis)i(of)f
(the)g(n)m(umerical)283 3453 y(induction,)42 b(Exercises)g(5.42,)f
(5.41)e(and)i(5.43)e(and)h(that)g(id)g(is)f(strict)h(and)g(additiv)m
(e.)66 b(Our)283 3573 y(second)34 b(claim)c(is)j(that)527
3772 y(FIX)g Fs(H)48 b Fu(=)961 3706 y Fg(F)1030 3787
y Fn(PS)1154 3772 y Ft(f)32 b Fs(H)1324 3736 y Fn(n)1400
3772 y Ft(?)h(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)283 3971
y Fu(is)h(strict)f(and)g(additiv)m(e.)43 b(F)-8 b(or)32
b(strictness)i(w)m(e)g(calculate)577 4142 y(\(FIX)f Fs(H)16
b Fu(\))32 b Fb(init)1158 4157 y Fc(X)1325 4142 y Fu(=)1434
4076 y Fg(F)1503 4157 y Fn(PS)1627 4142 y Ft(f)g Fu(\()p
Fs(H)1835 4106 y Fn(n)1911 4142 y Ft(?)q Fu(\))g Fb(init)2239
4157 y Fc(X)2339 4142 y Ft(j)g Fu(n)h Ft(\025)g Fu(0)f
Ft(g)1325 4310 y Fu(=)h Fb(init)1614 4325 y Fc(X)283
4502 y Fu(where)g(the)f(last)e(equalit)m(y)h(follo)m(ws)f(from)g
Fs(H)1920 4466 y Fn(n)1995 4502 y Ft(?)i Fu(b)s(eing)e(strict)h(for)g
(all)e(n.)43 b(F)-8 b(or)31 b(additivit)m(y)f(w)m(e)283
4622 y(calculate)527 4821 y(\(FIX)j Fs(H)16 b Fu(\)\()p
Fs(ps)1032 4836 y Fn(1)1104 4821 y Ft(t)1170 4836 y Fn(PS)1294
4821 y Fs(ps)1392 4836 y Fn(2)1431 4821 y Fu(\))896 4989
y(=)1004 4922 y Fg(F)1073 5004 y Fn(PS)1197 4989 y Ft(f)33
b Fu(\()p Fs(H)1406 4953 y Fn(n)1481 4989 y Ft(?)q Fu(\)\()p
Fs(ps)1733 5004 y Fn(1)1805 4989 y Ft(t)1871 5004 y Fn(PS)1995
4989 y Fs(ps)2093 5004 y Fn(2)2132 4989 y Fu(\))g Ft(j)f
Fu(n)h Ft(\025)g Fu(0)f Ft(g)896 5156 y Fu(=)1004 5090
y Fg(F)1073 5171 y Fn(PS)1197 5156 y Ft(f)h Fu(\()p Fs(H)1406
5120 y Fn(n)1481 5156 y Ft(?)q Fu(\))p Fs(ps)1695 5171
y Fn(1)1767 5156 y Ft(t)1833 5171 y Fn(PS)1957 5156 y
Fu(\()p Fs(H)2083 5120 y Fn(n)2159 5156 y Ft(?)p Fu(\))p
Fs(ps)2372 5171 y Fn(2)2444 5156 y Ft(j)f Fu(n)h Ft(\025)g
Fu(0)f Ft(g)896 5324 y Fu(=)1004 5258 y Fg(F)1073 5339
y Fn(PS)1197 5324 y Ft(f)h Fu(\()p Fs(H)1406 5288 y Fn(n)1481
5324 y Ft(?)q Fu(\))p Fs(ps)1695 5339 y Fn(1)1767 5324
y Ft(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)g(t)2254 5339 y
Fn(PS)2378 5258 y Fg(F)2447 5339 y Fn(PS)2571 5324 y
Ft(f)g Fu(\()p Fs(H)2779 5288 y Fn(n)2855 5324 y Ft(?)p
Fu(\))p Fs(ps)3068 5339 y Fn(2)3140 5324 y Ft(j)g Fu(n)h
Ft(\025)g Fu(0)f Ft(g)896 5492 y Fu(=)g(\(FIX)h Fs(H)16
b Fu(\))p Fs(ps)1471 5507 y Fn(1)1543 5492 y Ft(t)1609
5507 y Fn(PS)1733 5492 y Fu(\(FIX)32 b Fs(H)16 b Fu(\))p
Fs(ps)2199 5507 y Fn(2)p eop
%%Page: 165 175
165 174 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
b(165)p 0 193 3473 4 v 0 515 a Fu(The)28 b(second)g(equalit)m(y)e(uses)
i(the)g(additivit)m(y)d(of)h Fs(H)1867 479 y Fn(n)1937
515 y Ft(?)i Fu(for)e(all)f(n.)41 b(This)27 b(concludes)h(the)f(pro)s
(of)0 636 y(of)32 b(the)h(lemma.)2808 b Fh(2)146 839
y Fu(Strict)32 b(and)h(additiv)m(e)f(functions)g(ha)m(v)m(e)i(a)f(n)m
(um)m(b)s(er)g(of)f(in)m(teresting)g(prop)s(erties:)0
1067 y Fw(Exercise)k(5.45)49 b(\(Essen)m(tial\))41 b
Fu(Sho)m(w)k(that)e(if)f Fs(h)7 b Fu(:)65 b Fw(PState)2326
1082 y Fc(X)2437 1067 y Ft(!)43 b Fw(PState)2912 1082
y Fc(X)3022 1067 y Fu(is)g(additiv)m(e)0 1187 y(then)33
b Fs(h)40 b Fu(is)32 b(monotone.)2543 b Fh(2)146 1415
y Fu(The)34 b(next)g(result)g(expresses)i(that)d(when)h(t)m(w)m(o)g
(distinct)e(analysis)h(functions)g Fs(h)3113 1430 y Fn(1)3185
1415 y Fu(and)h Fs(h)3433 1430 y Fn(2)0 1536 y Fu(are)g(strict)f(and)h
(additiv)m(e)f(and)h(satis\014es)g Fs(h)1594 1551 y Fn(1)1668
1536 y Ft(v)g Fs(h)1836 1551 y Fn(2)1909 1536 y Fu(then)g(it)f(will)f
(b)s(e)h(the)i(prop)s(ert)m(y)f(assigned)0 1656 y(to)e(just)h(one)g(of)
f(the)h(\\v)-5 b(ariables")31 b(that)h(accoun)m(ts)i(for)e(the)h
(di\013erence)g(b)s(et)m(w)m(een)i Fs(h)3069 1671 y Fn(1)3141
1656 y Fu(and)e Fs(h)3388 1671 y Fn(2)3428 1656 y Fu(.)p
0 1776 3473 5 v 0 1950 a Fw(Lemma)k(5.46)49 b Fu(Consider)33
b(strict)f(and)h(additiv)m(e)f(functions)244 2154 y Fs(h)301
2169 y Fn(1)341 2154 y Fu(,)g Fs(h)457 2169 y Fn(2)497
2154 y Fu(:)43 b Fw(PState)899 2169 y Fc(X)999 2154 y
Ft(!)32 b Fw(PState)1463 2169 y Fc(X)0 2357 y Fu(suc)m(h)26
b(that)f Fs(h)473 2372 y Fn(1)537 2357 y Ft(v)g Fs(h)696
2372 y Fn(2)761 2357 y Fu(and)g Fs(h)1000 2372 y Fn(1)1064
2357 y Ft(6)p Fu(=)g Fs(h)1222 2372 y Fn(2)1261 2357
y Fu(.)41 b(Then)26 b(there)f(exist)h(\\v)-5 b(ariables")23
b Fs(x)12 b Fu(,)26 b Fs(y)33 b Ft(2)26 b Fs(X)40 b Ft([)26
b(f)p Fu(on-trac)m(k)p Ft(g)0 2477 y Fu(suc)m(h)34 b(that)269
2645 y(\()p Fs(h)364 2660 y Fn(1)436 2645 y Fu(\()p Fb(init)654
2660 y Fc(X)721 2645 y Fu([)p Fs(y)9 b Ft(7!)p Fb(d)p
Fu(?]\)\))44 b Fs(x)g Fu(=)33 b Fb(ok)g Fu(but)269 2812
y(\()p Fs(h)364 2827 y Fn(2)436 2812 y Fu(\()p Fb(init)654
2827 y Fc(X)721 2812 y Fu([)p Fs(y)9 b Ft(7!)p Fb(d)p
Fu(?]\)\))44 b Fs(x)g Fu(=)33 b Fb(d)p Fu(?)p 0 2933
V 0 3136 a Fw(Pro)s(of:)k Fu(Since)c Fs(h)652 3151 y
Fn(1)724 3136 y Ft(v)g Fs(h)891 3151 y Fn(2)963 3136
y Fu(and)g Fs(h)1210 3151 y Fn(1)1282 3136 y Ft(6)p Fu(=)g
Fs(h)1448 3151 y Fn(2)1520 3136 y Fu(there)g(exists)h(a)e(prop)s(ert)m
(y)h(state)g Fs(ps)41 b Fu(suc)m(h)34 b(that)244 3339
y Fs(h)301 3354 y Fn(1)373 3339 y Fs(ps)41 b Ft(v)581
3354 y Fn(PS)705 3339 y Fs(h)762 3354 y Fn(2)834 3339
y Fs(ps)244 3506 y(h)301 3521 y Fn(1)373 3506 y Fs(ps)g
Ft(6)p Fu(=)32 b Fs(h)669 3521 y Fn(2)741 3506 y Fs(ps)0
3710 y Fu(It)h(follo)m(ws)e(that)h(there)i(exists)f(a)f(\\v)-5
b(ariable")31 b Fs(x)44 b Ft(2)33 b Fs(X)49 b Ft([)32
b(f)p Fu(on-trac)m(k)p Ft(g)h Fu(suc)m(h)h(that)244 3913
y(\()p Fs(h)339 3928 y Fn(1)411 3913 y Fs(ps)8 b Fu(\))32
b Fs(x)45 b Fu(=)32 b Fb(ok)244 4080 y Fu(\()p Fs(h)339
4095 y Fn(2)411 4080 y Fs(ps)8 b Fu(\))32 b Fs(x)45 b
Fu(=)32 b Fb(d)p Fu(?)0 4283 y(Consider)26 b(no)m(w)h(the)g(set)f(OK\()
p Fs(ps)8 b Fu(\).)41 b(It)26 b(is)g(\014nite)f(b)s(ecause)j(OK\()p
Fs(ps)8 b Fu(\))25 b Ft(\022)i Fs(X)42 b Ft([)26 b(f)p
Fu(on-trac)m(k)p Ft(g)p Fu(.)41 b(First)0 4404 y(assume)29
b(that)f(OK\()p Fs(ps)8 b Fu(\))27 b(=)h Fs(X)44 b Ft([)29
b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(.)42 b(Then)29 b Fs(ps)36
b Fu(=)28 b Fb(init)2389 4419 y Fc(X)2484 4404 y Fu(and)h(since)f(w)m
(e)h(kno)m(w)h(that)0 4524 y Fs(h)57 4539 y Fn(1)130
4524 y Fu(and)j Fs(h)377 4539 y Fn(2)449 4524 y Fu(are)g(strict)f(w)m
(e)i(ha)m(v)m(e)h Fs(h)1294 4539 y Fn(1)1366 4524 y Fb(init)1546
4539 y Fc(X)1647 4524 y Fu(=)d Fb(init)1935 4539 y Fc(X)2036
4524 y Fu(and)h Fs(h)2283 4539 y Fn(2)2355 4524 y Fb(init)2535
4539 y Fc(X)2636 4524 y Fu(=)f Fb(init)2924 4539 y Fc(X)2992
4524 y Fu(.)44 b(Therefore)0 4644 y Fs(h)57 4659 y Fn(1)129
4644 y Fs(ps)d Fu(=)32 b Fs(h)425 4659 y Fn(2)497 4644
y Fs(ps)41 b Fu(whic)m(h)33 b(con)m(tradicts)g(the)g(w)m(a)m(y)g
Fs(ps)41 b Fu(w)m(as)33 b(c)m(hosen.)146 4765 y(Therefore)e(OK\()p
Fs(ps)8 b Fu(\))30 b(is)f(a)h(true)g(subset)i(of)d Fs(X)46
b Ft([)30 b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(.)43 b(No)m(w)30
b(let)g Ft(f)p Fs(y)2923 4780 y Fn(1)2962 4765 y Fu(,)g
Ft(\001)17 b(\001)g(\001)o Fu(,)30 b Fs(y)3249 4780 y
Fn(n)3293 4765 y Ft(g)f Fu(b)s(e)0 4885 y(the)k(\\v)-5
b(ariables")30 b(of)i Fs(X)48 b Ft([)32 b(f)p Fu(on-trac)m(k)p
Ft(g)g Fu(that)g(do)g(not)g(o)s(ccur)h(in)e(OK\()p Fs(ps)8
b Fu(\).)43 b(This)32 b(means)h(that)244 5088 y Fs(ps)40
b Fu(=)33 b Fb(init)663 5103 y Fc(X)730 5088 y Fu([)p
Fs(y)813 5103 y Fn(1)853 5088 y Ft(7!)o Fb(d)p Fu(?])p
Ft(\001)17 b(\001)g(\001)o Fu([)p Fs(y)1287 5103 y Fn(n)1331
5088 y Ft(7!)o Fb(d)p Fu(?])0 5291 y(whic)m(h)33 b(is)f(equiv)-5
b(alen)m(t)33 b(to)244 5494 y Fs(ps)40 b Fu(=)33 b Fb(init)663
5509 y Fc(X)730 5494 y Fu([)p Fs(y)813 5509 y Fn(1)853
5494 y Ft(7!)o Fb(d)p Fu(?])44 b Ft(t)1198 5509 y Fn(PS)1321
5494 y Ft(\001)17 b(\001)g(\001)31 b(t)1537 5509 y Fn(PS)1661
5494 y Fb(init)1841 5509 y Fc(X)1908 5494 y Fu([)p Fs(y)1991
5509 y Fn(n)2035 5494 y Ft(7!)o Fb(d)p Fu(?])p eop
%%Page: 166 176
166 175 bop 251 130 a Fw(166)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(Since)d
Fs(h)595 530 y Fn(2)667 515 y Fu(is)f(additiv)m(e)g(w)m(e)i(ha)m(v)m(e)
527 715 y Fs(h)584 730 y Fn(2)657 715 y Fs(ps)40 b Fu(=)32
b Fs(h)952 730 y Fn(2)992 715 y Fu(\()p Fb(init)1210
730 y Fc(X)1278 715 y Fu([)p Fs(y)1361 730 y Fn(1)1400
715 y Ft(7!)p Fb(d)p Fu(?]\))43 b Ft(t)1783 730 y Fn(PS)1907
715 y Ft(\001)17 b(\001)g(\001)30 b(t)2122 730 y Fn(PS)2246
715 y Fs(h)2303 730 y Fn(2)2342 715 y Fu(\()p Fb(init)2560
730 y Fc(X)2628 715 y Fu([)p Fs(y)2711 730 y Fn(n)2755
715 y Ft(7!)o Fb(d)p Fu(?]\))283 915 y(W)-8 b(e)31 b(ha)m(v)m(e)h
(assumed)g(that)e(\()p Fs(h)1366 930 y Fn(2)1436 915
y Fs(ps)8 b Fu(\))31 b Fs(x)42 b Fu(=)31 b Fb(d)p Fu(?)f(and)h(no)m(w)g
(it)f(follo)m(ws)f(that)i(for)f(some)g(i)g(\(1)p Ft(\024)p
Fu(i)p Ft(\024)p Fu(n\))527 1115 y Fs(h)584 1130 y Fn(2)624
1115 y Fu(\()p Fb(init)842 1130 y Fc(X)910 1115 y Fu([)p
Fs(y)993 1130 y Fn(i)1016 1115 y Ft(7!)p Fb(d)p Fu(?]\))44
b Fs(x)g Fu(=)32 b Fb(d)p Fu(?)283 1314 y(Since)h Fb(init)718
1329 y Fc(X)786 1314 y Fu([)p Fs(y)869 1329 y Fn(i)893
1314 y Ft(7!)o Fb(d)p Fu(?])44 b Ft(v)1249 1329 y Fn(PS)1372
1314 y Fs(ps)d Fu(and)32 b Fs(h)1749 1329 y Fn(1)1822
1314 y Fu(is)g(monotone)g(\(Exercise)h(5.45\))f(w)m(e)i(get)f(that)527
1514 y Fs(h)584 1529 y Fn(1)657 1514 y Fu(\()p Fb(init)875
1529 y Fc(X)942 1514 y Fu([)p Fs(y)1025 1529 y Fn(i)1049
1514 y Ft(7!)p Fb(d)p Fu(?]\))43 b Ft(v)1443 1529 y Fn(PS)1567
1514 y Fs(h)1624 1529 y Fn(1)1696 1514 y Fs(ps)283 1714
y Fu(and)33 b(thereb)m(y)527 1913 y Fs(h)584 1928 y Fn(1)657
1913 y Fu(\()p Fb(init)875 1928 y Fc(X)942 1913 y Fu([)p
Fs(y)1025 1928 y Fn(i)1049 1913 y Ft(7!)p Fb(d)p Fu(?]\))43
b Fs(x)i Fu(=)32 b Fb(ok)283 2113 y Fu(So)h(the)g(lemma)d(follo)m(ws)i
(b)m(y)h(taking)f Fs(y)41 b Fu(to)33 b(b)s(e)f Fs(y)2054
2128 y Fn(i)2078 2113 y Fu(.)1576 b Fh(2)430 2316 y Fu(The)26
b(next)f(step)h(will)d(b)s(e)i(to)f(generalize)h(this)f(result)h(to)f
(sequences)29 b(of)24 b(strict)g(and)h(additiv)m(e)283
2437 y(functions.)p 283 2557 3473 5 v 283 2728 a Fw(Corollary)36
b(5.47)49 b Fu(Consider)33 b(a)g(sequence)527 2928 y
Fs(h)584 2943 y Fn(0)657 2928 y Ft(v)g Fs(h)824 2943
y Fn(1)896 2928 y Ft(v)g(\001)17 b(\001)g(\001)31 b(v)i
Fs(h)1322 2943 y Fn(n)283 3127 y Fu(of)g(strict)f(and)g(additiv)m(e)g
(functions)527 3327 y Fs(h)584 3342 y Fn(i)608 3327 y
Fu(:)44 b Fw(PState)1011 3342 y Fc(X)1110 3327 y Ft(!)32
b Fw(PState)1574 3342 y Fc(X)283 3527 y Fu(that)39 b(are)g(all)e
(distinct,)j(that)f(is)g Fs(h)1580 3542 y Fn(i)1643 3527
y Ft(6)p Fu(=)g Fs(h)1815 3542 y Fn(j)1880 3527 y Fu(if)e(i)i
Ft(6)p Fu(=)f(j.)63 b(Then)40 b(n)g Ft(\024)f Fu(\(m+1\))3030
3491 y Fn(2)3107 3527 y Fu(where)i(m)d(is)g(the)283 3647
y(cardinalit)m(y)31 b(of)h Fs(X)16 b Fu(.)p 283 3767
V 283 3967 a Fw(Pro)s(of:)32 b Fu(F)-8 b(or)26 b(eac)m(h)j(i)d
Ft(2)i(f)p Fu(0,1,)p Ft(\001)17 b(\001)g(\001)n Fu(,n)p
Ft(\000)p Fu(1)p Ft(g)28 b Fu(the)f(previous)h(lemma)e(applied)g(to)h
Fs(h)3115 3982 y Fn(i)3166 3967 y Fu(and)h Fs(h)3408
3982 y Fn(i+1)3549 3967 y Fu(giv)m(es)283 4088 y(that)33
b(there)g(are)g(\\v)-5 b(ariables")527 4287 y Fs(x)584
4302 y Fn(i)608 4287 y Fu(,)33 b Fs(y)724 4302 y Fn(i)780
4287 y Ft(2)g Fs(X)48 b Ft([)33 b(f)p Fu(on-trac)m(k)p
Ft(g)283 4487 y Fu(suc)m(h)h(that)527 4687 y Fs(h)584
4702 y Fn(i)608 4687 y Fu(\()p Fb(init)826 4702 y Fc(X)894
4687 y Fu([)p Fs(y)977 4702 y Fn(i)1001 4687 y Ft(7!)o
Fb(d)p Fu(?]\))44 b Fs(x)1374 4702 y Fn(i)1430 4687 y
Fu(=)33 b Fb(ok)527 4854 y Fs(h)584 4869 y Fn(i+1)699
4854 y Fu(\()p Fb(init)917 4869 y Fc(X)984 4854 y Fu([)p
Fs(y)1067 4869 y Fn(i)1091 4854 y Ft(7!)p Fb(d)p Fu(?]\))43
b Fs(x)1464 4869 y Fn(i)1520 4854 y Fu(=)33 b Fb(d)p
Fu(?)283 5054 y(First)38 b(assume)h(that)f(all)e(\()p
Fs(x)1323 5069 y Fn(i)1346 5054 y Fu(,)k Fs(y)1469 5069
y Fn(i)1493 5054 y Fu(\))e(are)g(distinct.)60 b(Since)39
b(the)f(cardinalit)m(y)f(of)g Fs(X)55 b Fu(is)38 b(m)f(there)283
5174 y(can)c(b)s(e)g(at)f(most)g(\(m+1\))1236 5138 y
Fn(2)1307 5174 y Fu(suc)m(h)i(pairs)e(and)h(w)m(e)g(ha)m(v)m(e)h(sho)m
(wn)g(n)f Ft(\024)g Fu(\(m+1\))3100 5138 y Fn(2)3138
5174 y Fu(.)430 5295 y(Next)e(assume)g(that)g(there)g(exists)h(i)d
Fo(<)i Fu(j)f(suc)m(h)i(that)f(\()p Fs(x)2473 5310 y
Fn(i)2496 5295 y Fu(,)g Fs(y)2610 5310 y Fn(i)2634 5295
y Fu(\))g(=)f(\()p Fs(x)2904 5310 y Fn(j)2930 5295 y
Fu(,)h Fs(y)3044 5310 y Fn(j)3069 5295 y Fu(\).)43 b(W)-8
b(e)31 b(then)h(ha)m(v)m(e)527 5494 y Fs(h)584 5509 y
Fn(i+1)699 5494 y Fu(\()p Fb(init)917 5509 y Fc(X)984
5494 y Fu([)p Fs(y)1067 5509 y Fn(i)1091 5494 y Ft(7!)p
Fb(d)p Fu(?]\))43 b Fs(x)1464 5509 y Fn(i)1520 5494 y
Fu(=)33 b Fb(d)p Fu(?)p eop
%%Page: 167 177
167 176 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
b(167)p 0 193 3473 4 v 0 515 a Fu(and)244 719 y Fs(h)301
734 y Fn(j)327 719 y Fu(\()p Fb(init)545 734 y Fc(X)612
719 y Fu([)p Fs(y)695 734 y Fn(i)719 719 y Ft(7!)p Fb(d)p
Fu(?]\))44 b Fs(x)1093 734 y Fn(i)1149 719 y Fu(=)32
b Fb(ok)0 922 y Fu(Since)h(i+1)e Ft(\024)i Fu(j)f(w)m(e)i(ha)m(v)m(e)g
Fs(h)1037 937 y Fn(i+1)1184 922 y Ft(v)f Fs(h)1351 937
y Fn(j)1409 922 y Fu(and)g(therefore)244 1125 y Fs(h)301
1140 y Fn(i+1)448 1125 y Fu(\()p Fb(init)666 1140 y Fc(X)733
1125 y Fu([)p Fs(y)816 1140 y Fn(i)840 1125 y Ft(7!)p
Fb(d)p Fu(?]\))43 b Fs(x)1213 1140 y Fn(i)1269 1125 y
Ft(v)1347 1140 y Fn(P)1432 1125 y Fs(h)1489 1140 y Fn(j)1547
1125 y Fu(\()p Fb(init)1765 1140 y Fc(X)1833 1125 y Fu([)p
Fs(y)1916 1140 y Fn(i)1939 1125 y Ft(7!)p Fb(d)p Fu(?]\))h
Fs(x)2313 1140 y Fn(i)0 1328 y Fu(This)31 b(is)f(a)g(con)m(tradiction)f
(as)i(it)e(is)h Fs(not)40 b Fu(the)31 b(case)h(that)e
Fb(d)p Fu(?)h Ft(v)2269 1343 y Fn(P)2352 1328 y Fb(ok)p
Fu(.)43 b(Th)m(us)32 b(it)e(cannot)g(b)s(e)h(the)0 1449
y(case)41 b(that)e(some)h(of)f(the)i(pairs)e(\()p Fs(x)1319
1464 y Fn(i)1342 1449 y Fu(,)j Fs(y)1467 1464 y Fn(i)1491
1449 y Fu(\))e(obtained)f(from)g(Lemma)f(5.46)h(coincide)g(and)h(w)m(e)
0 1569 y(ha)m(v)m(e)34 b(pro)m(v)m(ed)g(the)f(corollary)-8
b(.)2296 b Fh(2)146 1772 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)j(turn)e(to)
m(w)m(ards)i(the)f(pro)s(of)f(of)g(the)h(main)e(result:)0
1940 y Fw(Pro)s(of)i(of)h(Prop)s(osition)d(5.40)p Fu(.)46
b(Consider)34 b(the)g(construct)h Fr(while)f Fs(b)39
b Fr(do)34 b Fs(S)46 b Fu(and)33 b(let)g Fs(H)49 b Fu(b)s(e)0
2060 y(giv)m(en)33 b(b)m(y)244 2264 y Fs(H)48 b(h)40
b Fu(=)33 b(cond)763 2279 y Fn(P)815 2264 y Fu(\()p Ft(P)8
b(B)999 2279 y Fc(X)1067 2264 y Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q(,)32 b Fs(h)40 b Ft(\016)32 b(P)8 b(S)1570
2279 y Fc(X)1637 2264 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b(id\))0 2467 y(W)-8 b(e)33 b(shall)e(then)i(pro)m(v)m(e)h
(that)244 2670 y Ft(P)8 b(S)389 2685 y Fc(X)457 2670
y Fu([)-17 b([)p Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12
b Fu(])-17 b(])33 b(=)g Fs(H)1335 2634 y Fn(k)1409 2670
y Ft(?)0 2873 y Fu(where)e(k)e(=)h(\(m+1\))748 2837 y
Fn(2)815 2873 y Fu(and)g(m)e(is)h(the)h(cardinalit)m(y)e(of)g
Fs(X)46 b Fu(=)29 b(FV\()p Fr(while)i Fs(b)k Fr(do)30
b Fs(S)12 b Fu(\).)29 b(T)-8 b(o)29 b(do)h(that)0 2994
y(consider)j(the)g(sequence)244 3197 y Fs(H)332 3161
y Fn(0)404 3197 y Ft(?)g(v)g Fs(H)712 3161 y Fn(1)784
3197 y Ft(?)g(v)g(\001)17 b(\001)g(\001)31 b(v)i Fs(H)1351
3161 y Fn(k)1425 3197 y Ft(?)g(v)g Fs(H)1733 3161 y Fn(k+1)1897
3197 y Ft(?)0 3400 y Fu(It)38 b(follo)m(ws)e(from)g(Lemma)h(5.44)g
(that)g(eac)m(h)h Fs(H)1764 3364 y Fn(i)1826 3400 y Ft(?)g
Fu(is)f(a)g(strict)h(and)f(additiv)m(e)g(function.)58
b(It)0 3520 y(no)m(w)30 b(follo)m(ws)d(from)h(Corollary)f(5.47)h(that)h
(not)g(all)e Fs(H)1970 3484 y Fn(i)2023 3520 y Ft(?)p
Fu(,)j(for)e(i)g Ft(\024)h Fu(k+1,)h(are)f(distinct.)42
b(If)29 b(i)p Fo(<)p Fu(j)0 3641 y(satis\014es)244 3844
y Fs(H)332 3808 y Fn(i)388 3844 y Ft(?)k Fu(=)g Fs(H)695
3808 y Fn(j)753 3844 y Ft(?)0 4047 y Fu(then)g(w)m(e)h(also)d(ha)m(v)m
(e)244 4250 y Fs(H)332 4214 y Fn(i)388 4250 y Ft(?)i
Fu(=)g Fs(H)695 4214 y Fn(n)771 4250 y Ft(?)g Fu(for)f(n)p
Ft(\025)p Fu(i)0 4453 y(and)h(in)e(particular)244 4657
y Fs(H)332 4621 y Fn(k)406 4657 y Ft(?)i Fu(=)f Fs(H)712
4621 y Fn(k+1)876 4657 y Ft(?)0 4860 y Fu(Hence)i(FIX)e
Fs(H)49 b Fu(=)32 b Fs(H)811 4824 y Fn(k)885 4860 y Ft(?)h
Fu(as)g(desired)g(b)s(ecause)h(of)e(Exercise)i(5.18.)895
b Fh(2)0 5171 y Fw(Exercise)36 b(5.48)49 b Fu(*)33 b(Sho)m(w)h(that)e
(the)h(b)s(ound)g(exhibited)g(in)f(Corollary)f(5.47)h(is)h(tigh)m(t.)43
b(That)0 5291 y(is)32 b(describ)s(e)h(ho)m(w)h(to)e(construct)h(a)g
(sequence)244 5494 y Fs(h)301 5509 y Fn(0)373 5494 y
Ft(v)g Fs(h)540 5509 y Fn(1)612 5494 y Ft(v)g(\001)17
b(\001)g(\001)31 b(v)i Fs(h)1038 5509 y Fn(n)p eop
%%Page: 168 178
168 177 bop 251 130 a Fw(168)1937 b(5)112 b(Static)37
b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(of)31
b(strict)g(and)g(additiv)m(e)g(functions)g Fs(h)1684
530 y Fn(i)1708 515 y Fu(:)42 b Fw(PState)2109 530 y
Fc(X)2207 515 y Ft(!)31 b Fw(PState)2670 530 y Fc(X)2768
515 y Fu(suc)m(h)i(that)d(all)f Fs(h)3387 530 y Fn(i)3443
515 y Fu(are)i(dis-)283 636 y(tinct)e(and)g(n)f(=)h(\(m+1\))1169
600 y Fn(2)1236 636 y Fu(where)h(m)e(is)g(the)h(cardinalit)m(y)e(of)h
Fs(X)16 b Fu(.)29 b(Hin)m(t:)42 b(Begin)28 b(b)m(y)h(considering)283
756 y(m)j(=)h(0,)f(m)g(=)g(1,)h(m)e(=)i(2)f(and)h(then)g(try)g(to)f
(generalize.)1297 b Fh(2)430 948 y Fu(T)-8 b(o)31 b(summarize,)g(the)h
(quadratic)f(upp)s(er)h(b)s(ound)g(on)g(the)g(required)g(n)m(um)m(b)s
(er)g(of)f(iterands)283 1068 y(is)i(obtained)f(as)g(follo)m(ws:)p
283 1198 3470 4 v 283 1215 V 281 1422 4 208 v 298 1422
V 1371 1343 a Fw(Pro)s(of)g(Summary)h(for)f(While)p Fu(:)p
3735 1422 V 3752 1422 V 281 1630 V 298 1630 V 617 1551
a Fw(Bounding)h(the)f(Num)m(b)s(er)g(of)h(Iterations)e(in)h(the)h
(Static)e(Analysis)p 3735 1630 V 3752 1630 V 283 1633
3470 4 v 281 2003 4 370 v 298 2003 V 350 1799 a Fu(1:)143
b(The)48 b(analysis)f(is)g(mo)s(di\014ed)f(to)h(use)h(the)g(set)g
Fw(PState)2691 1814 y Fc(X)2805 1799 y Fu(rather)g(than)f
Fw(PState)569 1919 y Fu(\(Exercise)34 b(5.37\).)p 3735
2003 V 3752 2003 V 281 2291 4 289 v 298 2291 V 350 2087
a(2:)143 b(A)28 b(pro)s(of)g(b)m(y)h Fs(structur)-5 b(al)32
b(induction)j Fu(on)28 b(the)h(statemen)m(ts)h(sho)m(ws)g(that)e(the)g
(analysis)569 2207 y(functions)k Ft(P)8 b(S)1135 2222
y Fc(X)1202 2207 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(])32 b(are)h(strict)f(and)h(additiv)m(e)f(\(Lemma)f(5.44\).)p
3735 2291 V 3752 2291 V 281 2699 4 409 v 298 2699 V 350
2375 a(3:)143 b(Sequences)41 b(of)c(strict)h(and)g(additiv)m(e)f
(functions)h(in)f Fw(PState)2861 2390 y Fc(X)2966 2375
y Ft(!)h Fw(PState)3436 2390 y Fc(X)3541 2375 y Fu(can)569
2495 y(ha)m(v)m(e)h(length)f(at)f(most)h(\(m+1\))1755
2459 y Fn(2)1831 2495 y Fu(where)h(m)f(is)f(the)i(cardinalit)m(y)d(of)h
Fs(X)55 b Fu(\(Corollary)569 2616 y(5.47\).)p 3735 2699
V 3752 2699 V 283 2702 3470 4 v 283 2719 V 283 2914 a(Using)29
b(the)h(result)f(of)g(Prop)s(osition)f(5.40)h(w)m(e)h(get)f(that)g(at)g
(most)g(9)g(iterations)f(are)h(needed)i(to)283 3035 y(compute)26
b(the)g(\014xed)h(p)s(oin)m(t)d(presen)m(t)j(in)e(the)h(analysis)f(of)g
(the)h(factorial)d(statemen)m(t.)41 b(Since)26 b(w)m(e)283
3155 y(kno)m(w)31 b(that)e(already)g(the)h(\014rst)f(iterand)g(will)e
(equal)i(the)h(\014xed)g(p)s(oin)m(t)f(one)g(ma)m(y)h(ask)f(whether)283
3276 y(one)36 b(can)g(obtain)e(an)h(ev)m(en)i(b)s(etter)f(b)s(ound)f
(on)h(the)f(n)m(um)m(b)s(er)h(of)f(iterations.)50 b(The)37
b(follo)m(wing)283 3396 y(exercise)e(sho)m(ws)f(that)f(the)h(quadratic)
e(upp)s(er)i(b)s(ound)f(can)g(b)s(e)g(replaced)g(b)m(y)h(a)f(linear)e
(upp)s(er)283 3516 y(b)s(ound:)283 3708 y Fw(Exercise)37
b(5.49)49 b Fu(**)31 b(Sho)m(w)h(that)f(for)f(eac)m(h)j(statemen)m(t)e
Fr(while)i Fs(b)k Fr(do)32 b Fs(S)43 b Fu(of)31 b Fw(While)e
Fu(w)m(e)k(ha)m(v)m(e)527 3884 y Ft(P)8 b(S)673 3899
y Fc(X)740 3884 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f Fs(H)1618
3848 y Fn(k)1692 3884 y Ft(?)283 4060 y Fu(where)i Fs(H)49
b(h)39 b Fu(=)33 b(cond)1084 4075 y Fn(P)1136 4060 y
Fu(\()p Ft(P)8 b(B)1320 4075 y Fc(X)1388 4060 y Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Fs(h)7 b Ft(\016)q(P)h(S)1826
4075 y Fc(X)1893 4060 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
b(],)33 b(id\),)f(k)g(=)h(m+1,)e(and)i(m)f(is)g(the)h(cardinalit)m(y)
283 4181 y(of)g(the)g(set)g Fs(X)49 b Fu(=)32 b(FV\()p
Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)1923 b
Fh(2)430 4373 y Fu(F)-8 b(or)38 b(the)i(factorial)d(statemen)m(t)i
(this)g(result)g(will)e(giv)m(e)j(that)f(at)f(most)h(3)g(iterations)f
(are)283 4493 y(needed)f(to)d(determine)h(the)g(\014xed)h(p)s(oin)m(t.)
49 b(The)36 b(next)g(exercise)g(sho)m(ws)g(that)f(this)f(is)h(almost)
283 4613 y(the)e(b)s(est)h(upp)s(er)f(b)s(ound)g(w)m(e)g(can)g(hop)s(e)
g(for:)283 4805 y Fw(Exercise)k(5.50)49 b Fu(*)31 b(Sho)m(w)i(that)f
(for)f(eac)m(h)i(m)f Ft(\025)g Fu(1)g(there)g(is)g(a)g(statemen)m(t)g
Fr(while)h Fs(b)38 b Fr(do)33 b Fs(S)43 b Fu(of)283 4926
y Fw(While)31 b Fu(suc)m(h)j(that)527 5102 y Ft(P)8 b(S)673
5117 y Fc(X)740 5102 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b Ft(6)p Fu(=)f
Fs(H)1618 5066 y Fn(k)1692 5102 y Ft(?)283 5278 y Fu(where)i
Fs(H)49 b(h)39 b Fu(=)32 b(cond)1083 5293 y Fn(P)1136
5278 y Fu(\()p Ft(P)8 b(B)1320 5293 y Fc(X)1387 5278
y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)7 b
Ft(\016P)h(S)1825 5293 y Fc(X)1893 5278 y Fu([)-17 b([)p
Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\),)g(k)h(=)f(m)p Ft(\000)p
Fu(1,)g(and)g(m)g(is)g(the)h(cardinalit)m(y)283 5398
y(of)g(the)g(set)g Fs(X)49 b Fu(=)32 b(FV\()p Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)1923 b Fh(2)p eop
%%Page: 169 179
169 178 bop 0 1180 a Fv(Chapter)78 b(6)0 1595 y(Axiomatic)e(Program)h
(V)-19 b(eri\014cation)0 2047 y Fu(The)39 b(kinds)g(of)f(seman)m(tics)h
(w)m(e)g(ha)m(v)m(e)h(seen)g(so)e(far)g(sp)s(ecify)h(the)g(meaning)e
(of)h(programs)f(al-)0 2168 y(though)26 b(they)g(ma)m(y)g(also)f(b)s(e)
h(used)g(to)g(pro)m(v)m(e)h(that)e(giv)m(en)h(programs)f(p)s(ossess)j
(certain)d(prop)s(er-)0 2288 y(ties.)43 b(W)-8 b(e)33
b(ma)m(y)e(distinguish)g(b)s(et)m(w)m(een)j(sev)m(eral)f(classes)g(of)f
(prop)s(erties:)43 b Fs(p)-5 b(artial)34 b(c)-5 b(orr)g(e)g(ctness)0
2408 y(pr)g(op)g(erties)36 b Fu(are)29 b(prop)s(erties)f(expressing)i
(that)e Fs(if)49 b Fu(a)28 b(giv)m(en)h(program)e(terminates)h
Fs(then)36 b Fu(there)0 2529 y(will)e(b)s(e)j(a)f(certain)g
(relationship)f(b)s(et)m(w)m(een)j(the)f(initial)c(and)j(the)h(\014nal)
f(v)-5 b(alues)36 b(of)g(the)h(v)-5 b(ari-)0 2649 y(ables.)59
b(Th)m(us)40 b(a)d(partial)f(correctness)k(prop)s(ert)m(y)f(of)e(a)h
(program)e(need)j Fs(not)47 b Fu(ensure)40 b(that)d(it)0
2769 y(terminates.)42 b(This)31 b(is)f(con)m(trary)h(to)f
Fs(total)j(c)-5 b(orr)g(e)g(ctness)33 b(pr)-5 b(op)g(erties)38
b Fu(whic)m(h)31 b(express)i(that)d(the)0 2890 y(program)j
Fs(wil)5 b(l)44 b Fu(terminate)33 b Fs(and)44 b Fu(that)34
b(there)h(will)d(b)s(e)i(a)g(certain)g(relationship)f(b)s(et)m(w)m(een)
j(the)0 3010 y(initial)29 b(and)j(the)h(\014nal)f(v)-5
b(alues)33 b(of)f(the)h(v)-5 b(ariables.)42 b(Th)m(us)34
b(w)m(e)g(ha)m(v)m(e)244 3196 y(partial)c(correctness)35
b(+)d(termination)e(=)j(total)e(correctness)0 3382 y(Y)-8
b(et)24 b(another)f(class)g(of)g(prop)s(erties)g(is)g(concerned)i(with)
e(the)h Fs(r)-5 b(esour)g(c)g(es)31 b Fu(used)24 b(when)h(executing)0
3502 y(the)30 b(program.)41 b(An)30 b(example)e(is)h(the)h
Fs(time)37 b Fu(used)30 b(to)f(execute)j(the)e(program)e(on)h(a)g
(particular)0 3622 y(mac)m(hine.)0 3952 y Fj(6.1)161
b(Direct)53 b(pro)t(ofs)g(of)h(program)f(correctness)0
4171 y Fu(In)30 b(this)f(section)g(w)m(e)i(shall)d(giv)m(e)h(some)g
(examples)h(that)f(pro)m(v)m(e)i(partial)c(correctness)k(of)e(state-)0
4291 y(men)m(ts)45 b(based)h(directly)e(on)h(the)h(op)s(erational)c
(and)j(denotational)e(seman)m(tics.)81 b(W)-8 b(e)45
b(shall)0 4412 y(pro)m(v)m(e)34 b(that)e(the)h(factorial)d(statemen)m
(t)244 4598 y Fr(y)j Fu(:=)f Fr(1)p Fu(;)h Fr(while)h
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4783 y(is)38 b(partially)d(correct,)41
b(that)d(is)g Fs(if)59 b Fu(the)39 b(statemen)m(t)f(terminates)g
Fs(then)45 b Fu(the)39 b(\014nal)f(v)-5 b(alue)37 b(of)h
Fr(y)0 4904 y Fu(will)30 b(b)s(e)j(the)g(factorial)d(of)i(the)h
(initial)c(v)-5 b(alue)32 b(of)g Fr(x)p Fu(.)0 5189 y
Fp(Natural)46 b(seman)l(tics)0 5374 y Fu(Using)35 b Fs(natur)-5
b(al)38 b(semantics)k Fu(the)36 b(partial)d(correctness)38
b(of)d(the)h(factorial)d(statemen)m(t)i(can)h(b)s(e)0
5494 y(formalized)30 b(as)j(follo)m(ws:)1663 5849 y(169)p
eop
%%Page: 170 180
170 179 bop 251 130 a Fw(170)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Fu(F)h(or)32 b(all)f(states)i Fs(s)41 b Fu(and)32
b Fs(s)1433 479 y Fi(0)1457 515 y Fu(,)g(if)742 717 y
Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g
Fs(s)3152 681 y Fi(0)527 918 y Fu(then)i Fs(s)798 882
y Fi(0)853 918 y Fr(y)f Fu(=)g(\()p Fs(s)40 b Fr(x)p
Fu(\)!)k(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)283
1116 y Fu(This)j(is)f(indeed)h(a)f(partial)e(correctness)k(prop)s(ert)m
(y)g(b)s(ecause)f(the)g(statemen)m(t)g(do)s(es)g(not)f(ter-)283
1236 y(minate)e(if)f(the)i(initial)c(v)-5 b(alue)32 b
Fs(s)40 b Fr(x)33 b Fu(of)f Fr(x)h Fu(is)f(non-p)s(ositiv)m(e.)430
1357 y(The)h(pro)s(of)f(pro)s(ceeds)i(in)e(three)h(stages:)283
1554 y Fw(Stage)38 b(1:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(that)e(the)
h(b)s(o)s(dy)g(of)f(the)h Fr(while)h Fu(lo)s(op)d(satis\014es:)569
1713 y(if)g Ft(h)p Fr(y)i Fu(:=)f Fr(y)p Fo(?)p Fr(x)p
Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(,)i
Fs(s)8 b Ft(i)32 b(!)h Fs(s)1886 1677 y Fi(00)1961 1713
y Fu(and)f Fs(s)2198 1677 y Fi(00)2273 1713 y Fr(x)h
Fo(>)g Fw(0)569 1881 y Fu(then)g(\()p Fs(s)41 b Fr(y)p
Fu(\))32 b Fo(?)h Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32
b(\()p Fs(s)1585 1845 y Fi(00)1660 1881 y Fr(y)p Fu(\))h
Fo(?)f Fu(\()p Fs(s)1949 1845 y Fi(00)2024 1881 y Fr(x)p
Fu(\)!)44 b(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)3631
1798 y Fu(\(*\))283 2076 y Fw(Stage)38 b(2:)49 b Fu(W)-8
b(e)33 b(pro)m(v)m(e)h(that)e(the)h Fr(while)h Fu(lo)s(op)d
(satis\014es:)569 2235 y(if)g Ft(h)p Fr(while)j Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)32 b(!)h
Fs(s)2739 2199 y Fi(00)569 2402 y Fu(then)g(\()p Fs(s)41
b Fr(y)p Fu(\))32 b Fo(?)h Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32
b Fs(s)1547 2366 y Fi(00)1622 2402 y Fr(y)h Fu(and)g
Fs(s)1944 2366 y Fi(00)2019 2402 y Fr(x)f Fu(=)h Fw(1)f
Fu(and)h Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)3582 2319 y
Fu(\(**\))283 2597 y Fw(Stage)38 b(3:)49 b Fu(W)-8 b(e)33
b(pro)m(v)m(e)h(the)f(partial)d(correctness)35 b(prop)s(ert)m(y)e(for)f
(the)h(complete)f(program:)569 2756 y(if)f Ft(h)p Fr(y)i
Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
Fr(y)p Fo(?)q Fr(x)p Fu(;)g Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)33 b(!)f Fs(s)3069 2720
y Fi(0)569 2924 y Fu(then)h Fs(s)839 2888 y Fi(0)895
2924 y Fr(y)g Fu(=)f(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33
b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)3534 2841 y Fu(\(***\))283
3115 y(In)i(eac)m(h)f(of)g(the)g(three)h(stages)f(the)g(deriv)-5
b(ation)33 b(tree)h(of)f(the)i(giv)m(en)e(transition)g(is)g(insp)s
(ected)283 3235 y(in)f(order)h(to)f(pro)m(v)m(e)i(the)f(prop)s(ert)m(y)
-8 b(.)430 3355 y(In)33 b(the)g Fs(\014rst)i(stage)k
Fu(w)m(e)34 b(consider)f(the)g(transition)527 3553 y
Ft(h)p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g
Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(,)g Fs(s)8 b Ft(i)33
b(!)f Fs(s)1755 3517 y Fi(00)283 3751 y Fu(According)h(to)f([comp)1121
3766 y Fn(ns)1192 3751 y Fu(])h(there)g(will)d(b)s(e)j(transitions)527
3948 y Ft(h)p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(,)h
Fs(s)8 b Ft(i)33 b(!)f Fs(s)1296 3912 y Fi(0)1352 3948
y Fu(and)g Ft(h)p Fr(x)h Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p
Fu(,)i Fs(s)2087 3912 y Fi(0)2110 3948 y Ft(i)f(!)f Fs(s)2362
3912 y Fi(00)283 4146 y Fu(for)f(some)g Fs(s)722 4109
y Fi(0)745 4146 y Fu(.)43 b(F)-8 b(rom)30 b(the)i(axiom)d([ass)1677
4161 y Fn(ns)1749 4146 y Fu(])i(w)m(e)h(then)g(get)f(that)g
Fs(s)2589 4109 y Fi(0)2644 4146 y Fu(=)f Fs(s)8 b Fu([)p
Fr(y)p Ft(7!)q(A)o Fu([)-17 b([)q Fr(y)p Fo(?)p Fr(x)p
Fu(])g(])q Fs(s)8 b Fu(])31 b(and)g(that)283 4266 y Fs(s)331
4230 y Fi(00)406 4266 y Fu(=)i Fs(s)563 4230 y Fi(0)586
4266 y Fu([)p Fr(x)p Ft(7!A)p Fu([)-17 b([)p Fr(x)p Ft(\000)p
Fr(1)p Fu(])g(])r Fs(s)1147 4230 y Fi(0)1170 4266 y Fu(].)44
b(Com)m(bining)31 b(these)j(results)f(w)m(e)g(ha)m(v)m(e)527
4464 y Fs(s)575 4427 y Fi(00)650 4464 y Fu(=)g Fs(s)8
b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(y)p Fu(\))p
Fo(?)p Fu(\()p Fs(s)h Fr(x)p Fu(\)][)p Fr(x)p Ft(7!)p
Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p Fr(1)p Fu(])283
4661 y(Assuming)33 b(that)f Fs(s)991 4625 y Fi(00)1066
4661 y Fr(x)h Fo(>)f Fw(0)h Fu(w)m(e)g(can)g(then)g(calculate)527
4859 y(\()p Fs(s)613 4822 y Fi(00)688 4859 y Fr(y)p Fu(\))g
Fo(?)f Fu(\()p Fs(s)977 4822 y Fi(00)1052 4859 y Fr(x)p
Fu(\)!)44 b(=)32 b(\(\()p Fs(s)41 b Fr(y)p Fu(\))33 b
Fo(?)f Fu(\()p Fs(s)40 b Fr(x)p Fu(\)\))33 b Fo(?)f Fu(\(\()p
Fs(s)41 b Fr(x)p Fu(\))p Ft(\000)p Fr(1)p Fu(\)!)j(=)33
b(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41
b Fr(x)p Fu(\)!)283 5056 y(and)33 b(since)g Fs(s)41 b
Fr(x)33 b Fu(=)f(\()p Fs(s)1071 5020 y Fi(00)1146 5056
y Fr(x)p Fu(\))h(+)f Fw(1)h Fu(this)f(sho)m(ws)i(that)e(\(*\))g(do)s
(es)i(indeed)e(hold.)430 5177 y(In)27 b(the)h Fs(se)-5
b(c)g(ond)29 b(stage)34 b Fu(w)m(e)28 b(pro)s(ceed)g(b)m(y)h(induction)
d(on)h(the)h(shap)s(e)f(of)g(the)h(deriv)-5 b(ation)25
b(tree)283 5297 y(for)527 5494 y Ft(h)p Fr(while)34 b
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)32 b(!)h
Fs(s)2608 5458 y Fi(0)p eop
%%Page: 171 181
171 180 bop 0 130 a Fw(6.1)112 b(Direct)36 b(pro)s(ofs)i(of)g(program)f
(correctness)1242 b(171)p 0 193 3473 4 v 0 515 a Fu(One)40
b(of)f(t)m(w)m(o)h(axioms)f(and)g(rules)h(could)f(ha)m(v)m(e)i(b)s(een)
f(used)h(to)e(construct)i(this)e(deriv)-5 b(ation.)0
636 y(If)43 b([while)358 600 y Fn(\013)358 660 y(ns)428
636 y Fu(])g(has)g(b)s(een)h(used)g(then)f Fs(s)1436
600 y Fi(0)1502 636 y Fu(=)g Fs(s)51 b Fu(and)43 b Ft(B)s
Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q
Fs(s)51 b Fu(=)42 b Fw(\013)p Fu(.)75 b(This)43 b(means)g(that)0
756 y Fs(s)48 720 y Fi(0)104 756 y Fr(x)33 b Fu(=)f Fw(1)j
Fu(and)g(since)g Fw(1)p Fu(!)51 b(=)35 b Fw(1)g Fu(w)m(e)h(get)f(the)g
(required)g(\()p Fs(s)43 b Fr(y)p Fu(\))35 b Fo(?)g Fu(\()p
Fs(s)43 b Fr(x)p Fu(\)!)51 b(=)34 b Fs(s)43 b Fr(y)35
b Fu(and)g Fs(s)43 b Fr(x)36 b Fo(>)e Fw(0)p Fu(.)0 877
y(This)f(pro)m(v)m(es)h(\(**\).)146 997 y(Next)k(assume)g(that)f
([while)1197 961 y Fn(tt)1197 1022 y(ns)1268 997 y Fu(])g(is)g(used)h
(to)f(construct)h(the)g(deriv)-5 b(ation.)56 b(Then)38
b(it)e(m)m(ust)0 1117 y(b)s(e)d(the)g(case)g(that)g Ft(B)s
Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q
Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)244 1321 y Ft(h)p
Fr(y)g Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(,)i Fs(s)8 b Ft(i)32 b(!)g
Fs(s)1471 1285 y Fi(00)0 1525 y Fu(and)244 1728 y Ft(h)p
Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g
Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)2073
1692 y Fi(00)2115 1728 y Ft(i)e(!)h Fs(s)2367 1692 y
Fi(0)0 1932 y Fu(for)f(some)h(state)h Fs(s)682 1896 y
Fi(00)724 1932 y Fu(.)45 b(The)34 b(induction)e(h)m(yp)s(othesis)i
(applied)e(to)g(the)i(latter)e(deriv)-5 b(ation)31 b(giv)m(es)0
2053 y(that)244 2256 y(\()p Fs(s)330 2220 y Fi(00)405
2256 y Fr(y)p Fu(\))i Fo(?)f Fu(\()p Fs(s)694 2220 y
Fi(00)769 2256 y Fr(x)p Fu(\)!)43 b(=)33 b Fs(s)1085
2220 y Fi(0)1141 2256 y Fr(y)g Fu(and)f Fs(s)1462 2220
y Fi(0)1518 2256 y Fr(x)h Fu(=)f Fw(1)h Fu(and)g Fs(s)2037
2220 y Fi(00)2112 2256 y Fr(x)f Fo(>)h Fw(0)0 2460 y
Fu(F)-8 b(rom)31 b(\(*\))h(w)m(e)i(get)e(that)244 2664
y(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41
b Fr(x)p Fu(\)!)j(=)32 b(\()p Fs(s)1038 2628 y Fi(00)1113
2664 y Fr(y)p Fu(\))h Fo(?)f Fu(\()p Fs(s)1402 2628 y
Fi(00)1477 2664 y Fr(x)p Fu(\)!)44 b(and)32 b Fs(s)41
b Fr(x)33 b Fo(>)f Fw(0)0 2867 y Fu(Putting)g(these)i(results)f
(together)g(w)m(e)g(get)244 3071 y(\()p Fs(s)40 b Fr(y)p
Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(=)32
b Fs(s)1000 3035 y Fi(0)1056 3071 y Fr(y)h Fu(and)f Fs(s)1377
3035 y Fi(0)1433 3071 y Fr(x)h Fu(=)f Fw(1)h Fu(and)g
Fs(s)40 b Fr(x)33 b Fo(>)f Fw(0)0 3275 y Fu(This)h(pro)m(v)m(es)h
(\(**\))e(and)h(thereb)m(y)h(the)f(second)h(stage)f(of)f(the)h(pro)s
(of)e(is)i(completed.)146 3395 y(Finally)-8 b(,)30 b(consider)j(the)g
Fs(thir)-5 b(d)35 b(stage)40 b Fu(of)32 b(the)h(pro)s(of)e(and)i(the)g
(deriv)-5 b(ation)244 3599 y Ft(h)p Fr(y)32 b Fu(:=)h
Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g Fs(s)2654 3563
y Fi(0)0 3803 y Fu(According)g(to)h([comp)838 3818 y
Fn(ns)908 3803 y Fu(])g(there)g(will)e(b)s(e)h(a)h(state)g
Fs(s)1903 3767 y Fi(00)1978 3803 y Fu(suc)m(h)h(that)244
4006 y Ft(h)p Fr(y)e Fu(:=)h Fw(1)p Fu(,)g Fs(s)8 b Ft(i)32
b(!)g Fs(s)917 3970 y Fi(00)0 4210 y Fu(and)244 4414
y Ft(h)p Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p
Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)i Fs(s)2073 4378 y Fi(00)2115 4414 y Ft(i)e(!)h
Fs(s)2367 4378 y Fi(0)0 4618 y Fu(F)-8 b(rom)33 b(axiom)h([ass)703
4633 y Fn(ns)775 4618 y Fu(])h(w)m(e)h(see)g(that)e Fs(s)1404
4581 y Fi(00)1482 4618 y Fu(=)g Fs(s)8 b Fu([)p Fr(y)p
Ft(7!)q Fw(1)p Fu(])35 b(and)g(from)e(\(**\))i(w)m(e)h(get)e(that)h
Fs(s)3142 4581 y Fi(00)3220 4618 y Fr(x)g Fo(>)f Fw(0)0
4738 y Fu(and)29 b(therefore)g Fs(s)37 b Fr(x)29 b Fo(>)g
Fw(0)p Fu(.)42 b(Hence)31 b(\()p Fs(s)36 b Fr(x)p Fu(\)!)43
b(=)29 b(\()p Fs(s)1729 4702 y Fi(00)1800 4738 y Fr(y)p
Fu(\))g Fo(?)f Fu(\()p Fs(s)2081 4702 y Fi(00)2153 4738
y Fr(x)p Fu(\)!)42 b(holds)29 b(and)g(using)f(\(**\))g(w)m(e)i(get)244
4942 y(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32 b(\()p Fs(s)716
4905 y Fi(00)791 4942 y Fr(y)p Fu(\))h Fo(?)f Fu(\()p
Fs(s)1080 4905 y Fi(00)1155 4942 y Fr(x)p Fu(\)!)44 b(=)32
b Fs(s)1471 4905 y Fi(0)1527 4942 y Fr(y)0 5145 y Fu(as)h(required.)44
b(This)33 b(pro)m(v)m(es)h(the)f(partial)d(correctness)35
b(of)d(the)h(factorial)d(statemen)m(t.)0 5374 y Fw(Exercise)36
b(6.1)49 b Fu(Use)42 b(the)g(natural)e(seman)m(tics)i(to)f(pro)m(v)m(e)
h(the)g(partial)d(correctness)k(of)e(the)0 5494 y(statemen)m(t)p
eop
%%Page: 172 182
172 181 bop 251 130 a Fw(172)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Fr(z)33 b Fu(:=)g Fr(0)p Fu(;)f Fr(while)i(y)p
Ft(\024)q Fr(x)f(do)g Fu(\()p Fr(z)g Fu(:=)f Fr(z)p Fu(+)p
Fr(1)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(y)p
Fu(\))283 714 y(that)h(is)g(pro)m(v)m(e)h(that)e Fs(if)54
b Fu(the)33 b(statemen)m(t)h(terminates)e(in)g Fs(s)2449
677 y Fi(0)2505 714 y Fu(when)i(executed)h(from)d(a)h(state)g
Fs(s)283 834 y Fu(with)27 b Fs(s)41 b Fr(x)33 b Fo(>)f
Fw(0)27 b Fu(and)g Fs(s)35 b Fr(y)28 b Fo(>)f Fw(0)p
Fu(,)h Fs(then)34 b(s)1672 798 y Fi(0)1728 834 y Fr(z)f
Fu(=)f(\()p Fs(s)41 b Fr(x)p Fu(\))32 b Fw(div)h Fu(\()p
Fs(s)40 b Fr(y)p Fu(\))27 b(and)h Fs(s)2813 798 y Fi(0)2868
834 y Fr(x)33 b Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\))33
b Fw(mo)s(d)f Fu(\()p Fs(s)41 b Fr(y)p Fu(\))283 954
y(where)34 b Fw(div)e Fu(is)g(in)m(teger)h(division)e(and)i
Fw(mo)s(d)f Fu(is)g(the)h(mo)s(dulo)d(op)s(eration.)665
b Fh(2)283 1176 y Fw(Exercise)37 b(6.2)49 b Fu(Use)39
b(the)f(natural)f(seman)m(tics)h(to)g(pro)m(v)m(e)h(the)f(follo)m(wing)
e Fs(total)k(c)-5 b(orr)g(e)g(ctness)283 1296 y Fu(prop)s(ert)m(y)34
b(for)e(the)h(factorial)d(program:)42 b(for)32 b(all)f(states)i
Fs(s)527 1495 y Fu(if)f Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)f
Fu(then)h(there)h(exists)f(a)f(state)h Fs(s)2087 1458
y Fi(0)2143 1495 y Fu(suc)m(h)h(that)742 1696 y Ft(h)p
Fr(y)e Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g Fs(s)3152 1660
y Fi(0)552 1898 y Fu(and)h Fs(s)790 1862 y Fi(0)846 1898
y Fr(y)g Fu(=)f(\()p Fs(s)40 b Fr(x)p Fu(\)!)2409 b Fh(2)283
2186 y Fp(Structural)45 b(op)t(erational)i(seman)l(tics)283
2371 y Fu(The)29 b(partial)d(correctness)k(of)e(the)h(factorial)c
(statemen)m(t)k(can)f(also)f(b)s(e)h(established)h(using)e(the)283
2491 y Fs(structur)-5 b(al)36 b(op)-5 b(er)g(ational)34
b(semantics)p Fu(.)43 b(The)33 b(prop)s(ert)m(y)g(is)g(then)g(reform)m
(ulated)e(as:)527 2689 y(F)-8 b(or)32 b(all)f(states)i
Fs(s)41 b Fu(and)32 b Fs(s)1433 2653 y Fi(0)1457 2689
y Fu(,)g(if)742 2891 y Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g
Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h
Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8
b Ft(i)32 b(\))3072 2855 y Fi(\003)3144 2891 y Fs(s)3192
2855 y Fi(0)527 3093 y Fu(then)i Fs(s)798 3056 y Fi(0)853
3093 y Fr(y)f Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)32
b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)283 3291 y Fu(Again)g(it)g(is)g(w)m
(orth)m(while)g(to)g(approac)m(h)h(the)g(pro)s(of)f(in)g(stages:)283
3489 y Fw(Stage)38 b(1:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(b)m(y)g
(induction)d(on)i(the)g(length)f(of)g(deriv)-5 b(ation)31
b(sequences)36 b(that)527 3657 y(if)c Ft(h)p Fr(while)h
Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(\))2617
3621 y Fn(k)2690 3657 y Fs(s)2738 3621 y Fi(0)527 3824
y Fu(then)i Fs(s)798 3788 y Fi(0)853 3824 y Fr(y)f Fu(=)g(\()p
Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b
Fr(x)p Fu(\)!)i(and)33 b Fs(s)1883 3788 y Fi(0)1939 3824
y Fr(x)g Fu(=)f Fw(1)h Fu(and)f Fs(s)41 b Fr(x)33 b Fo(>)f
Fw(0)283 4026 y(Stage)38 b(2:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(that)
527 4194 y(if)e Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)g
Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(\))2947
4158 y Fi(\003)3019 4194 y Fs(s)3067 4158 y Fi(0)527
4361 y Fu(then)i Fs(s)798 4325 y Fi(0)853 4361 y Fr(y)f
Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)32 b Fs(s)41
b Fr(x)33 b Fo(>)f Fw(0)283 4583 y(Exercise)37 b(6.3)49
b Fu(Complete)32 b(the)h(pro)s(of)e(of)i(stages)g(1)f(and)h(2.)1154
b Fh(2)283 4871 y Fp(Denotational)48 b(seman)l(tics)283
5055 y Fu(W)-8 b(e)25 b(shall)e(no)m(w)i(use)g(the)g(denotational)d
(seman)m(tics)i(to)g(pro)m(v)m(e)i(partial)c(correctness)k(prop)s
(erties)283 5176 y(of)32 b(statemen)m(ts.)44 b(The)34
b(idea)d(is)h(to)g(form)m(ulate)e(the)j(prop)s(ert)m(y)g(as)f(a)g
Fs(pr)-5 b(e)g(dic)g(ate)39 b Fo( )d Fu(on)c(the)h(ccp)s(o)283
5296 y(\()p Fw(State)g Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(,)f Ft(v)q Fu(\),)g(that)h(is)527 5494 y Fo( )t Fu(:)44
b(\()p Fw(State)32 b Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(\))f Ft(!)h Fw(T)p eop
%%Page: 173 183
173 182 bop 0 130 a Fw(6.1)112 b(Direct)36 b(pro)s(ofs)i(of)g(program)f
(correctness)1242 b(173)p 0 193 3473 4 v 0 515 a Fu(As)38
b(an)g(example,)g(the)g(partial)d(correctness)40 b(of)d(the)h
(factorial)d(statemen)m(t)j(will)e(b)s(e)i(written)0
636 y(as)244 830 y Fo( )311 845 y Fc(f)7 b(ac)424 830
y Fu(\()p Ft(S)530 845 y Fn(ds)601 830 y Fu([)-17 b([)q
Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])r(\))32 b(=)h Fw(tt)0 1025 y Fu(where)h(the)f
(predicate)g Fo( )940 1040 y Fc(f)7 b(ac)1085 1025 y
Fu(is)33 b(de\014ned)h(b)m(y)458 1219 y Fo( )525 1234
y Fc(f)7 b(ac)639 1219 y Fu(\()p Fs(g)i Fu(\))32 b(=)g
Fw(tt)244 1380 y Fu(if)f(and)i(only)f(if)510 1547 y(for)d(all)f(states)
j Fs(s)38 b Fu(and)30 b Fs(s)1377 1511 y Fi(0)1401 1547
y Fu(,)g(if)f Fs(g)39 b(s)f Fu(=)29 b Fs(s)1860 1511
y Fi(0)1914 1547 y Fu(then)k Fs(s)2184 1511 y Fi(0)2240
1547 y Fr(y)f Fu(=)h(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)33
b Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)146 1742 y Fu(A)24
b(predicate)h Fo( )t Fu(:)39 b Fs(D)33 b Ft(!)24 b Fw(T)g
Fu(de\014ned)h(on)f(a)g(ccp)s(o)h(\()p Fs(D)9 b Fu(,)p
Ft(v)p Fu(\))24 b(is)g(called)f(an)h Fs(admissible)h(pr)-5
b(e)g(dic)g(ate)0 1862 y Fu(if)31 b(and)i(only)f(if)g(w)m(e)h(ha)m(v)m
(e)244 2057 y(if)e Fo( )37 b Fs(d)42 b Fu(=)33 b Fw(tt)f
Fu(for)g(all)e Fs(d)43 b Ft(2)33 b Fs(Y)52 b Fu(then)33
b Fo( )t Fu(\()1681 1990 y Fg(F)1750 2057 y Fs(Y)20 b
Fu(\))32 b(=)h Fw(tt)0 2251 y Fu(for)j(ev)m(ery)j(c)m(hain)d
Fs(Y)57 b Fu(in)36 b Fs(D)9 b Fu(.)36 b(Th)m(us)j(if)c
Fo( )41 b Fu(holds)36 b(on)h(all)e(the)i(elemen)m(ts)g(of)f(the)h(c)m
(hain)g(then)g(it)0 2372 y(also)32 b(holds)g(on)g(the)h(least)g(upp)s
(er)g(b)s(ound)f(of)h(the)g(c)m(hain.)0 2588 y Fw(Example)k(6.4)48
b Fu(Consider)33 b(the)g(predicate)g Fo( )1719 2552 y
Fi(0)1719 2613 y Fc(f)7 b(ac)1865 2588 y Fu(de\014ned)34
b(on)f Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(b)m(y)458
2783 y Fo( )525 2747 y Fi(0)525 2807 y Fc(f)7 b(ac)639
2783 y Fu(\()p Fs(g)i Fu(\))32 b(=)g Fw(tt)244 2943 y
Fu(if)f(and)i(only)f(if)458 3144 y(for)h(all)d(states)j
Fs(s)41 b Fu(and)33 b Fs(s)1339 3108 y Fi(0)1362 3144
y Fu(,)g(if)e Fs(g)41 b(s)g Fu(=)32 b Fs(s)1834 3108
y Fi(0)458 3311 y Fu(then)i Fs(s)729 3275 y Fi(0)785
3311 y Fr(y)e Fu(=)h(\()p Fs(s)40 b Fr(y)p Fu(\))33 b
Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33 b Fs(s)41
b Fr(x)33 b Fo(>)f Fw(0)0 3512 y Fu(Then)43 b Fo( )331
3476 y Fi(0)331 3536 y Fc(f)7 b(ac)486 3512 y Fu(is)41
b(an)h(admissible)e(predicate.)71 b(T)-8 b(o)42 b(see)g(this)g(assume)g
(that)g Fs(Y)61 b Fu(is)41 b(a)h(c)m(hain)f(in)0 3632
y Fw(State)34 b Fo(,)-17 b Ft(!)33 b Fw(State)h Fu(and)g(assume)g(that)
g Fo( )1530 3596 y Fi(0)1530 3657 y Fc(f)7 b(ac)1677
3632 y Fs(g)42 b Fu(=)33 b Fw(tt)g Fu(for)g(all)f Fs(g)42
b Ft(2)34 b Fs(Y)20 b Fu(.)33 b(W)-8 b(e)35 b(shall)d(then)i(pro)m(v)m
(e)0 3753 y(that)e Fo( )278 3716 y Fi(0)278 3777 y Fc(f)7
b(ac)392 3753 y Fu(\()430 3686 y Fg(F)499 3753 y Fs(Y)20
b Fu(\))32 b(=)g Fw(tt)p Fu(,)g(that)h(is)458 3947 y(\()496
3881 y Fg(F)566 3947 y Fs(Y)19 b Fu(\))33 b Fs(s)40 b
Fu(=)33 b Fs(s)965 3911 y Fi(0)244 4107 y Fu(implies)458
4308 y Fs(s)506 4272 y Fi(0)562 4308 y Fr(y)g Fu(=)g(\()p
Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b
Fr(x)p Fu(\)!)i(and)33 b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)0
4508 y Fu(F)-8 b(rom)23 b(Lemma)g(4.25)g(w)m(e)j(ha)m(v)m(e)f(graph\()
1419 4442 y Fg(F)1488 4508 y Fs(Y)20 b Fu(\))k(=)1742
4442 y Fg(S)1812 4508 y Ft(f)g Fu(graph\()p Fs(g)9 b
Fu(\))23 b Ft(j)h Fs(g)33 b Ft(2)25 b Fs(Y)44 b Ft(g)p
Fu(.)c(W)-8 b(e)25 b(ha)m(v)m(e)h(assumed)0 4629 y(that)34
b(\()251 4562 y Fg(F)320 4629 y Fs(Y)20 b Fu(\))32 b
Fs(s)41 b Fu(=)32 b Fs(s)719 4593 y Fi(0)776 4629 y Fu(so)j
Fs(Y)53 b Fu(cannot)34 b(b)s(e)h(empt)m(y)f(and)g Ft(h)p
Fs(s)8 b Fu(,)35 b Fs(s)2166 4593 y Fi(0)2189 4629 y
Ft(i)f(2)g Fu(graph\()p Fs(g)9 b Fu(\))33 b(for)h(some)g
Fs(g)42 b Ft(2)35 b Fs(Y)19 b Fu(.)0 4749 y(But)33 b(then)244
4944 y Fs(s)292 4908 y Fi(0)348 4944 y Fr(y)g Fu(=)f(\()p
Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b
Fr(x)p Fu(\)!)j(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)0
5138 y Fu(as)g Fo( )186 5102 y Fi(0)186 5163 y Fc(f)7
b(ac)331 5138 y Fs(g)40 b Fu(=)31 b Fw(tt)g Fu(for)g(all)e
Fs(g)40 b Ft(2)32 b Fs(Y)20 b Fu(.)32 b(This)f(pro)m(v)m(es)j(that)d
Fo( )2057 5102 y Fi(0)2057 5163 y Fc(f)7 b(ac)2202 5138
y Fu(is)31 b(an)h(admissible)d(predicate.)76 b Fh(2)146
5355 y Fu(F)-8 b(or)29 b(admissible)e(predicates)k(w)m(e)f(ha)m(v)m(e)h
(the)f(follo)m(wing)c(induction)j(principle)f(called)g
Fs(\014xe)-5 b(d)0 5475 y(p)g(oint)35 b(induction)p Fu(:)p
eop
%%Page: 174 184
174 183 bop 251 130 a Fw(174)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 3473 5 v 283 684 a(Theorem)38 b(6.5)49 b Fu(Let)34
b(\()p Fs(D)9 b Fu(,)p Ft(v)q Fu(\))34 b(b)s(e)h(a)f(ccp)s(o)h(and)f
(let)g Fs(f)21 b Fu(:)47 b Fs(D)d Ft(!)34 b Fs(D)43 b
Fu(b)s(e)35 b(a)f(con)m(tin)m(uous)h(function)283 804
y(and)e(let)f Fo( )37 b Fu(b)s(e)32 b(an)h(admissible)d(predicate)j(on)
g Fs(D)9 b Fu(.)32 b(If)h(for)f(all)e Fs(d)43 b Ft(2)33
b Fs(D)527 1001 y Fo( )k Fs(d)43 b Fu(=)32 b Fw(tt)g
Fu(implies)e Fo( )t Fu(\()p Fs(f)53 b(d)10 b Fu(\))33
b(=)f Fw(tt)283 1198 y Fu(then)i Fo( )t Fu(\(FIX)e Fs(f)21
b Fu(\))32 b(=)h Fw(tt)p Fu(.)p 283 1319 V 283 1516 a
Fw(Pro)s(of:)38 b Fu(W)-8 b(e)33 b(shall)e(\014rst)i(note)g(that)527
1713 y Fo( )k Ft(?)c Fu(=)f Fw(tt)283 1910 y Fu(holds)k(b)m(y)i
(admissibilit)m(y)32 b(of)k Fo( )k Fu(\(applied)35 b(to)h(the)h(c)m
(hain)f Fs(Y)56 b Fu(=)36 b Ft(;)p Fu(\).)54 b(By)37
b(induction)e(on)h(n)h(w)m(e)283 2031 y(can)c(then)h(sho)m(w)f(that)527
2228 y Fo( )t Fu(\()p Fs(f)683 2192 y Fn(n)759 2228 y
Ft(?)q Fu(\))f(=)g Fw(tt)283 2425 y Fu(using)f(the)f(assumptions)h(of)e
(the)i(theorem.)43 b(By)31 b(admissibilit)m(y)c(of)j
Fo( )k Fu(\(applied)29 b(to)h(the)h(c)m(hain)283 2546
y Fs(Y)53 b Fu(=)32 b Ft(f)g Fs(f)649 2509 y Fn(n)725
2546 y Ft(?)h(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)p Fu(\))h(w)m(e)g(then)g
(ha)m(v)m(e)527 2743 y Fo( )t Fu(\(FIX)g Fs(f)21 b Fu(\))32
b(=)h Fw(tt)283 2940 y Fu(This)g(completes)g(the)g(pro)s(of.)2306
b Fh(2)430 3143 y Fu(W)-8 b(e)42 b(are)g(no)m(w)g(in)f(a)h(p)s(osition)
e(where)j(w)m(e)g(can)f(pro)m(v)m(e)h(the)g(partial)c(correctness)44
b(of)d(the)283 3264 y(factorial)31 b(statemen)m(t.)44
b(The)33 b(\014rst)g(observ)-5 b(ation)32 b(is)g(that)527
3461 y Ft(S)595 3476 y Fn(ds)666 3461 y Fu([)-17 b([)q
Fr(y)33 b Fu(:=)f(1;)h Fr(while)g Ft(:)q Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h
Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])r Fs(s)40 b Fu(=)33 b Fs(s)2989
3425 y Fi(0)283 3658 y Fu(if)f(and)h(only)f(if)527 3856
y Ft(S)595 3871 y Fn(ds)666 3856 y Fu([)-17 b([)q Fr(while)34
b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g
Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g
Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])r(\()p
Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(]\))33 b(=)f
Fs(s)2998 3819 y Fi(0)283 4053 y Fu(Th)m(us)j(it)c(is)h(su\016cien)m(t)
i(to)e(pro)m(v)m(e)i(that)552 4220 y Fo( )619 4184 y
Fi(0)619 4245 y Fc(f)7 b(ac)733 4220 y Fu(\()p Ft(S)838
4235 y Fn(ds)910 4220 y Fu([)-17 b([)p Fr(while)34 b
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])q(\))33 b(=)f
Fw(tt)697 b Fu(\(*\))283 4388 y(\(where)34 b Fo( )670
4352 y Fi(0)670 4413 y Fc(f)7 b(ac)816 4388 y Fu(is)32
b(de\014ned)i(in)e(Example)g(6.4\))g(as)h(this)f(will)e(imply)h(that)
527 4585 y Fo( )594 4600 y Fc(f)7 b(ac)708 4585 y Fu(\()p
Ft(S)813 4600 y Fn(ds)885 4585 y Fu([)-17 b([)p Fr(y)33
b Fu(:=)g Fr(1)p Fu(;)f Fr(while)i Ft(:)q Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))e Fr(do)i Fu(\()p Fr(y)e Fu(:=)h
Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p
Fr(1)p Fu(\)])-17 b(])q(\))33 b(=)f Fw(tt)430 4782 y
Fu(W)-8 b(e)30 b(shall)e(no)m(w)i(reform)m(ulate)e(\(*\))h(sligh)m(tly)
f(to)i(bring)e(ourselv)m(es)j(in)e(a)g(p)s(osition)f(where)j(w)m(e)283
4903 y(can)i(use)h(\014xed)g(p)s(oin)m(t)d(induction.)43
b(Using)32 b(the)h(de\014nition)f(of)g Ft(S)2647 4918
y Fn(ds)2751 4903 y Fu(in)g(T)-8 b(able)32 b(4.1)g(w)m(e)i(ha)m(v)m(e)
527 5100 y Ft(S)595 5115 y Fn(ds)666 5100 y Fu([)-17
b([)q Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p
Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p
Fu(\)])-17 b(])34 b(=)f(FIX)f Fs(F)283 5297 y Fu(where)i(the)f
(functional)e Fs(F)46 b Fu(is)32 b(de\014ned)i(b)m(y)527
5494 y Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17
b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)33
b Fs(g)41 b Ft(\016)32 b(S)1830 5509 y Fn(ds)1901 5494
y Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(y)p Fo(?)p Fr(x)p
Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(])-17
b(])r(,)32 b(id\))p eop
%%Page: 175 185
175 184 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
(assertions)1619 b(175)p 0 193 3473 4 v 0 515 a Fu(Using)32
b(the)h(seman)m(tic)f(equations)h(de\014ning)g Ft(S)1720
530 y Fn(ds)1823 515 y Fu(w)m(e)h(can)f(rewrite)f(this)h(de\014nition)e
(as)244 776 y(\()p Fs(F)45 b(g)9 b Fu(\))32 b Fs(s)41
b Fu(=)704 601 y Fg(8)704 676 y(<)704 826 y(:)820 691
y Fs(s)1431 b Fu(if)32 b Fs(s)40 b(x)k Fu(=)33 b Fw(1)820
859 y Fs(g)9 b Fu(\()p Fs(s)f Fu([)p Fr(y)p Ft(7!)o Fu(\()p
Fs(s)41 b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)f Fr(x)p
Fu(\)][)p Fr(x)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p Fu(\))p
Ft(\000)p Fr(1)p Fu(]\))84 b(otherwise)146 1042 y(W)-8
b(e)29 b(ha)m(v)m(e)g(already)e(seen)i(that)f Fs(F)41
b Fu(is)27 b(a)h(con)m(tin)m(uous)g(function)f(\(for)h(example)f(in)g
(the)h(pro)s(of)0 1162 y(of)43 b(Prop)s(osition)f(4.47\))h(and)h(from)e
(Example)h(6.4)h(w)m(e)g(ha)m(v)m(e)h(that)f Fo( )2620
1126 y Fi(0)2620 1187 y Fc(f)7 b(ac)2777 1162 y Fu(is)43
b(an)g(admissible)0 1282 y(predicate.)h(Th)m(us)34 b(w)m(e)f(see)h
(from)d(Theorem)i(6.5)f(that)h(\(*\))f(follo)m(ws)f(if)h(w)m(e)h(sho)m
(w)h(that)244 1461 y Fo( )311 1425 y Fi(0)311 1486 y
Fc(f)7 b(ac)457 1461 y Fs(g)41 b Fu(=)32 b Fw(tt)g Fu(implies)e
Fo( )1169 1425 y Fi(0)1169 1486 y Fc(f)7 b(ac)1283 1461
y Fu(\()p Fs(F)45 b(g)9 b Fu(\))32 b(=)g Fw(tt)0 1640
y Fu(T)-8 b(o)33 b(pro)m(v)m(e)g(this)g(implication)28
b(assume)33 b(that)g Fo( )1722 1604 y Fi(0)1722 1665
y Fc(f)7 b(ac)1867 1640 y Fs(g)42 b Fu(=)32 b Fw(tt)p
Fu(,)g(that)g(is)g(for)g(all)f(states)i Fs(s)41 b Fu(and)32
b Fs(s)3398 1604 y Fi(0)244 1819 y Fu(if)f Fs(g)41 b(s)g
Fu(=)32 b Fs(s)656 1782 y Fi(0)712 1819 y Fu(then)h Fs(s)982
1782 y Fi(0)1038 1819 y Fr(y)g Fu(=)g(\()p Fs(s)40 b
Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33
b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)0 1997 y Fu(W)-8 b(e)33
b(shall)e(pro)m(v)m(e)j(that)e Fo( )937 1961 y Fi(0)937
2022 y Fc(f)7 b(ac)1051 1997 y Fu(\()p Fs(F)45 b(g)9
b Fu(\))32 b(=)h Fw(tt)p Fu(,)e(that)i(is)f(for)g(all)e(states)k
Fs(s)40 b Fu(and)33 b Fs(s)2767 1961 y Fi(0)244 2176
y Fu(if)e(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)40 b Fu(=)33
b Fs(s)842 2140 y Fi(0)898 2176 y Fu(then)g Fs(s)1168
2140 y Fi(0)1224 2176 y Fr(y)g Fu(=)f(\()p Fs(s)40 b
Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(and)32
b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)0 2355 y Fu(Insp)s(ecting)j(the)g
(de\014nition)f(of)g Fs(F)47 b Fu(w)m(e)36 b(see)g(that)e(there)i(are)e
(t)m(w)m(o)i(cases.)51 b(First)33 b(assume)j(that)0 2475
y Fs(s)45 b Fr(x)36 b Fu(=)h Fw(1)p Fu(.)55 b(Then)38
b(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)40 b Fu(=)33 b
Fs(s)44 b Fu(and)37 b(clearly)f Fs(s)44 b Fr(y)37 b Fu(=)f(\()p
Fs(s)45 b Fr(y)p Fu(\))37 b Fo(?)f Fu(\()p Fs(s)45 b
Fr(x)p Fu(\)!)55 b(and)37 b Fs(s)45 b Fr(x)37 b Fo(>)f
Fw(0)p Fu(.)56 b(Next)0 2596 y(assume)33 b(that)f Fs(s)41
b Fr(x)33 b Ft(6)p Fu(=)f Fw(1)p Fu(.)44 b(Then)244 2774
y(\()p Fs(F)h(g)9 b Fu(\))32 b Fs(s)41 b Fu(=)32 b Fs(g)9
b Fu(\()p Fs(s)f Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40
b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)h Fr(x)p Fu(\)][)p
Fr(x)p Ft(7!)p Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p
Fw(1)p Fu(]\))0 2953 y(F)-8 b(rom)31 b(the)i(assumptions)f(ab)s(out)h
Fs(g)41 b Fu(w)m(e)33 b(then)g(get)g(that)244 3132 y
Fs(s)292 3096 y Fi(0)348 3132 y Fr(y)g Fu(=)f(\(\()p
Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)h Fr(x)p
Fu(\)\))33 b Fo(?)f Fu(\(\()p Fs(s)40 b Fr(x)p Fu(\))p
Ft(\000)p Fw(1)p Fu(\)!)k(and)33 b(\()p Fs(s)41 b Fr(x)p
Fu(\))p Ft(\000)p Fw(1)33 b Fo(>)f Fw(0)0 3311 y Fu(so)h(that)f(the)h
(desired)g(result)244 3489 y Fs(s)292 3453 y Fi(0)348
3489 y Fr(y)g Fu(=)f(\()p Fs(s)40 b Fr(y)p Fu(\))33 b
Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(and)32 b Fs(s)41
b Fr(x)33 b Fo(>)f Fw(0)0 3668 y Fu(follo)m(ws.)0 3863
y Fw(Exercise)k(6.6)49 b Fu(Rep)s(eat)33 b(Exercise)h(6.1)e(using)g
(the)h(denotational)e(seman)m(tics.)463 b Fh(2)0 4192
y Fj(6.2)161 b(P)l(artial)55 b(correctness)c(assertions)0
4411 y Fu(One)30 b(ma)m(y)g(argue)g(that)g(the)g(ab)s(o)m(v)m(e)h(pro)s
(ofs)f(are)g(to)s(o)f(detailed)g(to)h(b)s(e)g(practically)e(useful;)j
(the)0 4531 y(reason)36 b(is)f(that)g(they)h(are)g(to)s(o)e(closely)h
(connected)i(with)e(the)h(seman)m(tics)g(of)e(the)i(program-)0
4652 y(ming)29 b(language.)42 b(One)32 b(ma)m(y)f(therefore)g(w)m(an)m
(t)h(to)f(capture)h(the)f Fs(essential)i(pr)-5 b(op)g(erties)38
b Fu(of)31 b(the)0 4772 y(v)-5 b(arious)42 b(constructs)i(so)f(that)f
(it)f(w)m(ould)i(b)s(e)g(less)g(demanding)e(to)h(conduct)i(pro)s(ofs)e
(ab)s(out)0 4893 y(giv)m(en)35 b(programs.)48 b(Of)34
b(course)i(the)f(c)m(hoice)g(of)f(\\essen)m(tial)g(prop)s(erties")h
(will)d(determine)i(the)0 5013 y(sort)42 b(of)g(prop)s(erties)g(that)f
(w)m(e)i(ma)m(y)f(accomplish)f(pro)m(ving.)71 b(In)43
b(this)e(section)i(w)m(e)g(shall)d(b)s(e)0 5133 y(in)m(terested)29
b(in)e(partial)f(correctness)k(prop)s(erties)e(and)h(therefore)f(the)h
(\\essen)m(tial)f(prop)s(erties")0 5254 y(of)k(the)h(v)-5
b(arious)32 b(constructs)i(will)c(not)j(include)f(termination.)146
5374 y(The)41 b(idea)e(is)g(to)g(sp)s(ecify)h(prop)s(erties)g(of)f
(programs)g(as)g Fs(assertions)p Fu(,)i(or)e(claims,)h(ab)s(out)0
5494 y(them.)j(An)33 b(assertion)g(is)f(a)g(triple)f(of)h(the)h(form)p
eop
%%Page: 176 186
176 185 bop 251 130 a Fw(176)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33
b Fs(Q)41 b Ft(g)283 761 y Fu(where)29 b Fs(S)40 b Fu(is)27
b(a)h(statemen)m(t)g(and)g Fs(P)38 b Fu(and)28 b Fs(Q)36
b Fu(are)28 b(predicates.)43 b(Here)28 b Fs(P)38 b Fu(is)27
b(called)g(the)h Fs(pr)-5 b(e)g(c)g(ondi-)283 881 y(tion)37
b Fu(and)29 b Fs(Q)37 b Fu(is)29 b(called)e(the)j Fs(p)-5
b(ostc)g(ondition)p Fu(.)83 b(In)m(tuitiv)m(ely)-8 b(,)29
b(the)g(meaning)f(of)g Ft(f)33 b Fs(P)42 b Ft(g)33 b
Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1001 y Fu(is)33
b(that)527 1246 y Fs(if)54 b(P)43 b Fu(holds)32 b(in)g(the)h(initial)28
b(state,)34 b(and)527 1414 y Fs(if)54 b Fu(the)33 b(execution)g(of)f
Fs(S)44 b Fu(terminates)32 b(when)i(started)f(in)f(that)g(state,)527
1582 y Fs(then)40 b(Q)i Fu(will)30 b(hold)i(in)g(the)h(state)g(in)e
(whic)m(h)j Fs(S)44 b Fu(halts)283 1827 y(Note)33 b(that)f(for)g
Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41
b Ft(g)32 b Fu(to)g(hold)g(w)m(e)i(do)e Fs(not)42 b Fu(require)32
b(that)h Fs(S)44 b Fu(halts)32 b(when)h(started)283 1947
y(in)28 b(states)h(satisfying)e Fs(P)38 b Fu(|)27 b(merely)h(that)g
Fs(if)48 b Fu(it)27 b(do)s(es)i(halt)e Fs(then)35 b(Q)i
Fu(holds)28 b(in)f(the)h(\014nal)f(state.)283 2288 y
Fp(Logical)46 b(v)-7 b(ariables)283 2489 y Fu(As)34 b(an)e(example)g(w)
m(e)i(ma)m(y)e(write)552 2657 y Ft(f)h Fr(x)p Fu(=)p
Fr(n)f Ft(g)h Fr(y)g Fu(:=)f Fr(1)p Fu(;)h Fr(while)h
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(x)p Fo(?)p Fr(y)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\))i Ft(f)e Fr(y)p Fu(=)p
Fr(n)p Fu(!)44 b Ft(^)33 b Fr(n)p Fo(>)p Fu(0)f Ft(g)283
2825 y Fu(to)45 b(express)i(that)d(if)g(the)h(v)-5 b(alue)44
b(of)g Fr(x)h Fu(is)f(equal)g(to)h(the)g(v)-5 b(alue)44
b(of)g Fr(n)h Fs(b)-5 b(efor)g(e)51 b Fu(the)45 b(factorial)283
2945 y(program)32 b(is)g(executed)j(then)e(the)g(v)-5
b(alue)32 b(of)g Fr(y)h Fu(will)d(b)s(e)j(equal)g(to)f(the)h(factorial)
d(of)i(the)h(v)-5 b(alue)283 3065 y(of)36 b Fr(n)g Fs(after)46
b Fu(the)36 b(execution)h(of)e(the)h(program)e(has)j(terminated)d(\(if)
h(indeed)h(it)f(terminates\).)283 3186 y(Here)46 b Fr(n)e
Fu(is)h(a)f(sp)s(ecial)f(v)-5 b(ariable)43 b(called)g(a)i
Fs(lo)-5 b(gic)g(al)53 b Fu(v)-5 b(ariable)43 b(and)i(these)h(logical)
41 b(v)-5 b(ariables)283 3306 y(m)m(ust)42 b(not)f(app)s(ear)g(in)f(an)
m(y)i(statemen)m(t)f(considered.)70 b(The)42 b(role)f(of)f(these)j(v)-5
b(ariables)40 b(is)g(to)283 3426 y(\\remem)m(b)s(er")f(the)g(initial)c
(v)-5 b(alues)39 b(of)g(the)g(program)f(v)-5 b(ariables.)61
b(Note)39 b(that)g(if)f(w)m(e)i(replace)283 3547 y(the)g(p)s
(ostcondition)e Fr(y)p Fu(=)p Fr(n)p Fu(!)63 b Ft(^)39
b Fr(n)p Fo(>)p Fu(0)g(b)m(y)h(the)g(new)g(p)s(ostcondition)d
Fr(y)p Fu(=)p Fr(x)p Fu(!)63 b Ft(^)40 b Fr(x)p Fo(>)p
Fu(0)f(then)g(the)283 3667 y(assertion)j(ab)s(o)m(v)m(e)h(will)c
(express)44 b(a)d(relationship)f(b)s(et)m(w)m(een)k(the)e(\014nal)f(v)
-5 b(alue)41 b(of)g Fr(y)h Fu(and)f(the)283 3788 y(\014nal)36
b(v)-5 b(alue)35 b(of)g Fr(x)i Fu(and)f(this)f(is)h(not)f(what)i(w)m(e)
g(w)m(an)m(t.)54 b(The)37 b(use)g(of)e(logical)e(v)-5
b(ariables)35 b(solv)m(es)283 3908 y(the)e(problem)f(b)s(ecause)i(it)d
(allo)m(ws)h(us)h(to)f(refer)h(to)f(initial)d(v)-5 b(alues)33
b(of)f(v)-5 b(ariables.)430 4037 y(W)d(e)33 b(shall)e(th)m(us)j
(distinguish)d(b)s(et)m(w)m(een)j(t)m(w)m(o)g(kinds)f(of)f(v)-5
b(ariables:)429 4282 y Ft(\017)48 b Fu(program)32 b(v)-5
b(ariables,)31 b(and)429 4527 y Ft(\017)48 b Fu(logical)30
b(v)-5 b(ariables.)283 4772 y(The)40 b(states)g(will)d(determine)h(the)
i(v)-5 b(alues)38 b(of)h(b)s(oth)f(kinds)i(of)e(v)-5
b(ariables)38 b(and)h(since)g(logical)283 4893 y(v)-5
b(ariables)35 b(do)h(not)g(o)s(ccur)g(in)f(programs)h(their)f(v)-5
b(alues)36 b(will)e(alw)m(a)m(ys)i(b)s(e)h(the)f(same.)54
b(In)36 b(case)283 5013 y(of)42 b(the)h(factorial)d(program)h(w)m(e)i
(kno)m(w)g(that)f(the)h(v)-5 b(alue)42 b(of)f Fr(n)i
Fu(is)f(the)g(same)g(in)g(the)h(initial)283 5133 y(state)30
b(and)g(in)e(the)i(\014nal)f(state.)43 b(The)30 b(precondition)e
Fr(x)33 b Fu(=)g Fr(n)c Fu(expresses)k(that)c Fr(n)g
Fu(has)h(the)g(same)283 5254 y(v)-5 b(alue)28 b(as)h
Fr(x)g Fu(in)e(the)i(initial)c(state.)43 b(Since)28 b(the)h(program)e
(will)f(not)j(c)m(hange)g(the)g(v)-5 b(alue)28 b(of)g
Fr(n)g Fu(the)283 5374 y(p)s(ostcondition)j Fr(y)h Fu(=)g
Fr(n)p Fu(!)43 b(will)30 b(express)k(that)d(the)i(\014nal)e(v)-5
b(alue)31 b(of)g Fr(y)h Fu(is)g(equal)g(to)f(the)h(factorial)283
5494 y(of)h(the)g(initial)28 b(v)-5 b(alue)32 b(of)g
Fr(x)p Fu(.)p eop
%%Page: 177 187
177 186 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
(assertions)1619 b(177)p 0 193 3473 4 v 0 515 a Fp(The)44
b(assertion)j(language)0 704 y Fu(There)37 b(are)f(t)m(w)m(o)g(approac)
m(hes)h(concerning)f(ho)m(w)g(to)g(sp)s(ecify)g(the)g(preconditions)f
(and)h(p)s(ost-)0 824 y(conditions)c(of)g(the)h(assertions:)145
1037 y Ft(\017)49 b Fu(the)33 b(in)m(tensional)e(approac)m(h,)i(v)m
(ersus)145 1249 y Ft(\017)49 b Fu(the)33 b(extensional)f(approac)m(h.)0
1461 y(In)f(the)g Fs(intensional)h(appr)-5 b(o)g(ach)37
b Fu(the)32 b(idea)e(is)g(to)g(in)m(tro)s(duce)h(an)g(explicit)e
(language)h(called)f(an)0 1582 y Fs(assertion)f(language)33
b Fu(and)26 b(then)h(the)f(conditions)g(will)d(b)s(e)k(form)m(ulae)d
(of)i(that)g(language.)40 b(This)0 1702 y(assertion)28
b(language)f(is)g(in)g(general)h(m)m(uc)m(h)g(more)g(p)s(o)m(w)m(erful)
g(than)g(the)g(b)s(o)s(olean)f(expressions,)0 1822 y
Fw(Bexp)p Fu(,)46 b(in)m(tro)s(duced)d(in)f(Chapter)h(1.)74
b(In)44 b(fact)e(the)i(assertion)e(language)g(has)h(to)g(b)s(e)g(v)m
(ery)0 1943 y(p)s(o)m(w)m(erful)35 b(indeed)g(in)e(order)i(to)f(b)s(e)h
(able)f(to)g(express)j(all)c(the)i(preconditions)f(and)h(p)s(ostcon-)0
2063 y(ditions)g(w)m(e)i(ma)m(y)f(b)s(e)h(in)m(terested)g(in;)g(w)m(e)g
(shall)e(return)i(to)f(this)g(in)f(the)i(next)g(section.)54
b(The)0 2184 y(approac)m(h)36 b(w)m(e)g(shall)d(follo)m(w)h(is)g(the)i
Fs(extensional)g(appr)-5 b(o)g(ach)41 b Fu(and)35 b(it)f(is)h(a)g(kind)
g(of)g(shortcut.)0 2304 y(The)41 b(idea)e(is)g(that)h(the)g(conditions)
f(are)g(predicates,)k(that)c(is)h(functions)f(in)g Fw(State)h
Ft(!)f Fw(T)p Fu(.)0 2424 y(Th)m(us)31 b(the)e(meaning)f(of)g
Ft(f)h Fs(P)39 b Ft(g)29 b Fs(S)41 b Ft(f)29 b Fs(Q)38
b Ft(g)29 b Fu(ma)m(y)f(b)s(e)i(reform)m(ulated)d(as)j(sa)m(ying)f
(that)g(if)e Fs(P)40 b Fu(holds)0 2545 y(on)31 b(a)g(state)g
Fs(s)40 b Fu(and)31 b(if)f Fs(S)43 b Fu(executed)33 b(from)d(state)h
Fs(s)39 b Fu(results)32 b(in)e(the)i(state)f Fs(s)2725
2509 y Fi(0)2780 2545 y Fu(then)g Fs(Q)41 b Fu(holds)30
b(on)0 2665 y Fs(s)48 2629 y Fi(0)71 2665 y Fu(.)48 b(W)-8
b(e)34 b(can)h(write)e(an)m(y)i(predicates)f(w)m(e)h(lik)m(e)f(and)g
(therefore)g(the)h(expressiv)m(eness)j(problem)0 2786
y(men)m(tioned)32 b(ab)s(o)m(v)m(e)i(do)s(es)f(not)f(arise.)146
2908 y(Eac)m(h)40 b(b)s(o)s(olean)d(expression)j Fs(b)45
b Fu(de\014nes)40 b(a)e(predicate)h Ft(B)s Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])q(.)61 b(W)-8 b(e)39 b(shall)f(feel)g(free)h(to)f
(let)0 3028 y Fs(b)i Fu(include)34 b(logical)d(v)-5 b(ariables)32
b(as)j(w)m(ell)e(as)h(program)f(v)-5 b(ariables)33 b(so)h(the)h
(precondition)e Fr(x)g Fu(=)f Fr(n)0 3148 y Fu(used)44
b(ab)s(o)m(v)m(e)g(is)e(an)h(example)g(of)f(a)h(b)s(o)s(olean)e
(expression.)76 b(T)-8 b(o)43 b(ease)h(the)g(readabilit)m(y)-8
b(,)43 b(w)m(e)0 3269 y(in)m(tro)s(duce)33 b(the)g(follo)m(wing)c
(notation)294 3473 y Fs(P)370 3488 y Fn(1)442 3473 y
Ft(^)k Fs(P)617 3488 y Fn(2)892 3473 y Fu(for)99 b Fs(P)43
b Fu(where)34 b Fs(P)43 b(s)e Fu(=)32 b(\()p Fs(P)1911
3488 y Fn(1)1983 3473 y Fs(s)8 b Fu(\))33 b(and)f(\()p
Fs(P)2405 3488 y Fn(2)2478 3473 y Fs(s)8 b Fu(\))294
3640 y Fs(P)370 3655 y Fn(1)442 3640 y Ft(_)33 b Fs(P)617
3655 y Fn(2)892 3640 y Fu(for)99 b Fs(P)43 b Fu(where)34
b Fs(P)43 b(s)e Fu(=)32 b(\()p Fs(P)1911 3655 y Fn(1)1983
3640 y Fs(s)8 b Fu(\))33 b(or)f(\()p Fs(P)2335 3655 y
Fn(2)2407 3640 y Fs(s)8 b Fu(\))294 3808 y Ft(:)p Fs(P)466
b Fu(for)99 b Fs(P)1184 3772 y Fi(0)1241 3808 y Fu(where)33
b Fs(P)1598 3772 y Fi(0)1655 3808 y Fs(s)40 b Fu(=)33
b Ft(:)p Fu(\()p Fs(P)43 b(s)8 b Fu(\))294 3976 y Fs(P)i
Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q(])99 b(for)g Fs(P)1184 3940 y Fi(0)1241 3976 y
Fu(where)33 b Fs(P)1598 3940 y Fi(0)1655 3976 y Fs(s)40
b Fu(=)33 b Fs(P)42 b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k
Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8
b Fu(]\))294 4143 y Fs(P)370 4158 y Fn(1)442 4143 y Ft(\))32
b Fs(P)650 4158 y Fn(2)892 4143 y Fu(for)99 b Ft(8)q
Fs(s)40 b Ft(2)33 b Fw(State)p Fu(:)44 b Fs(P)1745 4158
y Fn(1)1817 4143 y Fs(s)d Fu(implies)30 b Fs(P)2305 4158
y Fn(2)2377 4143 y Fs(s)0 4349 y Fu(When)49 b(it)e(is)g(con)m(v)m
(enien)m(t,)54 b(but)48 b(not)g(when)h(de\014ning)f(formal)d(inference)
k(rules,)j(w)m(e)d(shall)0 4469 y(allo)m(w)33 b(to)i(disp)s(ense)h
(with)e Ft(B)t Fu([)-17 b([)p Ft(\001)17 b(\001)g(\001)o
Fu(])-17 b(])35 b(and)g Ft(A)p Fu([)-17 b([)p Ft(\001)17
b(\001)g(\001)n Fu(])-17 b(])36 b(inside)e(square)i(brac)m(k)m(ets)h
(as)e(w)m(ell)f(as)h(within)0 4590 y(preconditions)d(and)h(p)s
(ostconditions.)0 4832 y Fw(Exercise)j(6.7)49 b Fu(Sho)m(w)34
b(that)145 5045 y Ft(\017)49 b(B)s Fu([)-17 b([)q Fs(b)6
b Fu([)p Fs(x)12 b Ft(7!)o Fs(a)7 b Fu(]])-17 b(])34
b(=)e Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q([)p
Fs(x)12 b Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q(])33 b(for)f(all)e Fs(b)39 b Fu(and)33 b Fs(a)7
b Fu(,)145 5257 y Ft(\017)49 b(B)s Fu([)-17 b([)q Fs(b)401
5272 y Fn(1)473 5257 y Ft(^)33 b Fs(b)623 5272 y Fn(2)662
5257 y Fu(])-17 b(])33 b(=)g Ft(B)s Fu([)-17 b([)q Fs(b)998
5272 y Fn(1)1037 5257 y Fu(])g(])33 b Ft(^)g(B)t Fu([)-17
b([)p Fs(b)1363 5272 y Fn(2)1403 5257 y Fu(])g(])33 b(for)f(all)e
Fs(b)1808 5272 y Fn(1)1880 5257 y Fu(and)j Fs(b)2121
5272 y Fn(2)2160 5257 y Fu(,)g(and)145 5470 y Ft(\017)49
b(B)s Fu([)-17 b([)q Ft(:)p Fs(b)6 b Fu(])-17 b(])33
b(=)g Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
b(for)f(all)f Fs(b)6 b Fu(.)2096 b Fh(2)p eop
%%Page: 178 188
178 187 bop 251 130 a Fw(178)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
419 V 283 2136 4 1717 v 715 528 a Fu([ass)867 543 y Fn(p)912
528 y Fu(])201 b Ft(f)32 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)p
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(]])33 b Ft(g)f Fs(x)45
b Fu(:=)32 b Fs(a)40 b Ft(f)32 b Fs(P)43 b Ft(g)715 696
y Fu([skip)913 711 y Fn(p)957 696 y Fu(])156 b Ft(f)32
b Fs(P)43 b Ft(g)33 b Fr(skip)g Ft(f)g Fs(P)42 b Ft(g)715
988 y Fu([comp)970 1003 y Fn(p)1013 988 y Fu(])1150 901
y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1491 916 y Fn(1)1562
901 y Ft(f)g Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b Fs(Q)42
b Ft(g)32 b Fs(S)2284 916 y Fn(2)2356 901 y Ft(f)g Fs(R)37
b Ft(g)p 1150 964 1479 4 v 1480 1069 a(f)c Fs(P)42 b
Ft(g)33 b Fs(S)1821 1084 y Fn(1)1860 1069 y Fu(;)g Fs(S)1987
1084 y Fn(2)2058 1069 y Ft(f)g Fs(R)j Ft(g)715 1327 y
Fu([if)800 1342 y Fn(p)843 1327 y Fu(])1150 1240 y Ft(f)c(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])34 b Ft(^)e Fs(P)43
b Ft(g)33 b Fs(S)1817 1255 y Fn(1)1888 1240 y Ft(f)g
Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b(:)q(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32
b Fs(S)2995 1255 y Fn(2)3067 1240 y Ft(f)g Fs(Q)42 b
Ft(g)p 1150 1303 2166 4 v 1486 1408 a(f)32 b Fs(P)43
b Ft(g)33 b Fr(if)g Fs(b)38 b Fr(then)c Fs(S)2283 1423
y Fn(1)2354 1408 y Fr(else)g Fs(S)2659 1423 y Fn(2)2731
1408 y Ft(f)e Fs(Q)42 b Ft(g)715 1666 y Fu([while)965
1681 y Fn(p)1008 1666 y Fu(])1437 1579 y Ft(f)32 b(B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43
b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43 b Ft(g)p 1150
1642 1514 4 v 1150 1747 a(f)32 b Fs(P)43 b Ft(g)33 b
Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(f)33 b(:B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43
b Ft(g)715 2005 y Fu([cons)926 2020 y Fn(p)971 2005 y
Fu(])1183 1918 y Ft(f)32 b Fs(P)1341 1882 y Fi(0)1397
1918 y Ft(g)g Fs(S)45 b Ft(f)32 b Fs(Q)1745 1882 y Fi(0)1801
1918 y Ft(g)p 1150 1981 701 4 v 1190 2086 a(f)g Fs(P)43
b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)1958 2005
y Fu(if)32 b Fs(P)43 b Ft(\))32 b Fs(P)2365 1968 y Fi(0)2421
2005 y Fu(and)h Fs(Q)2695 1968 y Fi(0)2751 2005 y Ft(\))f
Fs(Q)p 3753 2136 4 1717 v 283 2139 3473 4 v 925 2300
a Fu(T)-8 b(able)33 b(6.1:)43 b(Axiomatic)30 b(system)k(for)e(partial)e
(correctness)283 2588 y Fp(The)45 b(inference)g(system)283
2776 y Fu(The)32 b(partial)c(correctness)33 b(assertions)e(will)d(b)s
(e)i(sp)s(eci\014ed)i(b)m(y)f(an)g(inference)g(system)g(consist-)283
2897 y(ing)37 b(of)h(a)f(set)i(of)f(axioms)e(and)i(rules.)60
b(The)39 b(form)m(ulae)d(of)h(the)i(inference)f(system)h(ha)m(v)m(e)g
(the)283 3017 y(form)527 3229 y Ft(f)33 b Fs(P)43 b Ft(g)32
b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 3440 y Fu(where)35
b Fs(S)45 b Fu(is)33 b(a)g(statemen)m(t)h(in)e(the)i(language)e
Fw(While)g Fu(and)h Fs(P)44 b Fu(and)33 b Fs(Q)42 b Fu(are)34
b(predicates.)46 b(The)283 3561 y(axioms)35 b(and)h(rules)g(are)g
(summarized)f(in)g(T)-8 b(able)36 b(6.1)g(and)g(will)d(b)s(e)k
(explained)e(b)s(elo)m(w.)54 b(The)283 3681 y(inference)34
b(system)f(sp)s(eci\014es)h(an)e Fs(axiomatic)i(semantics)40
b Fu(for)32 b Fw(While)p Fu(.)430 3803 y(The)h(axiom)e(for)h(assignmen)
m(t)h(statemen)m(ts)g(is)527 4015 y Ft(f)g Fs(P)10 b
Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q(])32 b Ft(g)g Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(f)32
b Fs(P)43 b Ft(g)283 4227 y Fu(This)34 b(axiom)e(assumes)j(that)f(the)g
(execution)g(of)f Fs(x)46 b Fu(:=)33 b Fs(a)41 b Fu(starts)34
b(in)f(a)h(state)g Fs(s)42 b Fu(that)33 b(satis\014es)283
4347 y Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p
Fs(a)7 b Fu(])-17 b(])q(],)26 b(that)d(is)g(in)f(a)h(state)h
Fs(s)31 b Fu(where)25 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])23
b(satis\014es)h Fs(P)10 b Fu(.)24 b(The)g(axiom)e(expresses)283
4467 y(that)29 b(if)f(the)h(execution)h(of)f Fs(x)40
b Fu(:=)29 b Fs(a)36 b Fu(terminates)29 b(\(whic)m(h)g(will)e(alw)m(a)m
(ys)i(b)s(e)h(the)f(case\))h(then)f(the)283 4588 y(\014nal)38
b(state)h(will)c(satisfy)k Fs(P)10 b Fu(.)38 b(F)-8 b(rom)37
b(the)i(earlier)d(de\014nitions)i(of)g(the)g(seman)m(tics)h(of)e
Fw(While)283 4708 y Fu(w)m(e)30 b(kno)m(w)f(that)f(the)h(\014nal)e
(state)i(will)d(b)s(e)j Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])29
b(so)f(it)f(is)h(easy)h(to)f(see)i(that)e(the)g(axiom)283
4829 y(is)33 b(plausible.)430 4951 y(F)-8 b(or)32 b Fr(skip)h
Fu(the)g(axiom)e(is)527 5162 y Ft(f)i Fs(P)43 b Ft(g)32
b Fr(skip)h Ft(f)g Fs(P)43 b Ft(g)283 5374 y Fu(Th)m(us)i(if)d
Fs(P)53 b Fu(holds)42 b(b)s(efore)h Fr(skip)h Fu(is)f(executed)i(then)e
(it)f(also)g(holds)h(afterw)m(ards.)75 b(This)43 b(is)283
5494 y(clearly)32 b(plausible)f(as)i Fr(skip)g Fu(do)s(es)g(nothing.)p
eop
%%Page: 179 189
179 188 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
(assertions)1619 b(179)p 0 193 3473 4 v 146 515 a Fu(Axioms)28
b([ass)647 530 y Fn(p)692 515 y Fu(])h(and)g([skip)1132
530 y Fn(p)1175 515 y Fu(])g(are)g(really)f Fs(axiom)j(schemes)36
b Fu(generating)28 b(separate)i(axioms)0 636 y(for)g(eac)m(h)g(c)m
(hoice)h(of)e(predicate)i Fs(P)10 b Fu(.)30 b(The)h(meaning)e(of)g(the)
i(remaining)d(constructs)j(are)f(giv)m(en)0 756 y(b)m(y)39
b(rules)f(of)f(inference)i(rather)f(than)g(axiom)e(sc)m(hemes.)62
b(Eac)m(h)38 b(suc)m(h)i(rule)d(sp)s(eci\014es)i(a)f(w)m(a)m(y)0
877 y(of)i(deducing)g(an)g(assertion)h(ab)s(out)e(a)h(comp)s(ound)g
(construct)i(from)c(assertions)j(ab)s(out)f(its)0 997
y(constituen)m(ts.)45 b(F)-8 b(or)31 b(comp)s(osition)g(the)i(rule)f
(is:)254 1175 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)594 1190
y Fn(1)666 1175 y Ft(f)g Fs(Q)42 b Ft(g)p Fu(,)98 b Ft(f)32
b Fs(Q)42 b Ft(g)32 b Fs(S)1388 1190 y Fn(2)1460 1175
y Ft(f)g Fs(R)37 b Ft(g)p 254 1238 1479 4 v 584 1343
a(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)924 1358 y Fn(1)964
1343 y Fu(;)g Fs(S)1090 1358 y Fn(2)1162 1343 y Ft(f)g
Fs(R)37 b Ft(g)0 1520 y Fu(This)42 b(sa)m(ys)h(that)e(if)g
Fs(P)52 b Fu(holds)41 b(prior)f(to)i(the)g(execution)g(of)f
Fs(S)2334 1535 y Fn(1)2373 1520 y Fu(;)47 b Fs(S)2514
1535 y Fn(2)2594 1520 y Fu(and)42 b(if)f(the)h(execution)0
1641 y(terminates)i(then)g(w)m(e)i(can)e(conclude)h(that)f
Fs(R)k Fu(holds)c(in)g(the)h(\014nal)e(state)i(pro)m(vided)g(that)0
1761 y(there)33 b(is)f(a)h(predicate)f Fs(Q)42 b Fu(for)32
b(whic)m(h)h(w)m(e)h(can)f(deduce)h(that)145 1957 y Ft(\017)49
b Fu(if)28 b Fs(S)397 1972 y Fn(1)466 1957 y Fu(is)h(executed)j(from)c
(a)h(state)h(where)h Fs(P)40 b Fu(holds)29 b(and)h(if)e(it)h
(terminates)g(then)h Fs(Q)39 b Fu(will)244 2077 y(hold)32
b(for)g(the)h(\014nal)e(state,)j(and)e(that)145 2278
y Ft(\017)49 b Fu(if)28 b Fs(S)397 2293 y Fn(2)466 2278
y Fu(is)h(executed)j(from)d(a)g(state)h(where)h Fs(Q)39
b Fu(holds)29 b(and)h(if)e(it)h(terminates)g(then)h Fs(R)k
Fu(will)244 2398 y(hold)e(for)g(the)h(\014nal)e(state.)0
2594 y(The)j(rule)e(for)g(the)h(conditional)d(is)254
2752 y Ft(f)i(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)920 2767 y Fn(1)992
2752 y Ft(f)h Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b(:B)t
Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43
b Ft(g)33 b Fs(S)2099 2767 y Fn(2)2170 2752 y Ft(f)g
Fs(Q)41 b Ft(g)p 254 2815 2166 4 v 590 2920 a(f)32 b
Fs(P)43 b Ft(g)32 b Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)1386
2935 y Fn(1)1458 2920 y Fr(else)h Fs(S)1763 2935 y Fn(2)1835
2920 y Ft(f)e Fs(Q)42 b Ft(g)0 3098 y Fu(The)30 b(rule)e(sa)m(ys)i
(that)f(if)f Fr(if)h Fs(b)34 b Fr(then)c Fs(S)1396 3113
y Fn(1)1464 3098 y Fr(else)g Fs(S)1765 3113 y Fn(2)1833
3098 y Fu(is)e(executed)j(from)d(a)g(state)i(where)g
Fs(P)39 b Fu(holds)0 3218 y(and)44 b(if)e(it)h(terminates,)j(then)f
Fs(Q)52 b Fu(will)42 b(hold)h(for)g(the)h(\014nal)f(state)i(pro)m
(vided)f(that)f(w)m(e)i(can)0 3339 y(deduce)34 b(that)145
3534 y Ft(\017)49 b Fu(if)32 b Fs(S)401 3549 y Fn(1)474
3534 y Fu(is)i(executed)h(from)e(a)g(state)h(where)h
Fs(P)44 b Fu(and)34 b Fs(b)40 b Fu(hold)33 b(and)h(if)e(it)h
(terminates)g(then)244 3655 y Fs(Q)42 b Fu(holds)32 b(on)g(the)h
(\014nal)f(state,)h(and)g(that)145 3856 y Ft(\017)49
b Fu(if)28 b Fs(S)397 3871 y Fn(2)466 3856 y Fu(is)h(executed)j(from)c
(a)h(state)h(where)h Fs(P)40 b Fu(and)30 b Ft(:)p Fs(b)36
b Fu(hold)28 b(and)i(if)e(it)h(terminates)g(then)244
3976 y Fs(Q)42 b Fu(holds)32 b(on)g(the)h(\014nal)f(state.)0
4172 y(The)i(rule)e(for)g(the)h(iterativ)m(e)e(statemen)m(t)j(is)557
4330 y Ft(f)e(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
b Ft(^)g Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43
b Ft(g)p 254 4393 1514 4 v 254 4498 a(f)32 b Fs(P)43
b Ft(g)32 b Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)44 b
Ft(f)32 b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
b Ft(^)g Fs(P)43 b Ft(g)0 4676 y Fu(The)36 b(predicate)g
Fs(P)46 b Fu(is)35 b(called)f(an)h Fs(invariant)44 b
Fu(for)35 b(the)h Fr(while)p Fu(-lo)s(op)f(and)h(the)f(idea)g(is)g
(that)g(it)0 4796 y(will)29 b(hold)h Fs(b)-5 b(efor)g(e)37
b Fu(and)31 b Fs(after)42 b Fu(eac)m(h)31 b(execution)h(of)e(the)h(b)s
(o)s(dy)g Fs(S)43 b Fu(of)30 b(the)h(lo)s(op.)42 b(The)32
b(rule)e(sa)m(ys)0 4916 y(that)f(if)f(additionally)e
Fs(b)35 b Fu(is)28 b(true)i(b)s(efore)f(eac)m(h)h(execution)g(of)e(the)
i(b)s(o)s(dy)f(of)f(the)i(lo)s(op)d(then)j Ft(:)q Fs(b)0
5037 y Fu(will)g(b)s(e)j(true)g(when)h(the)f(execution)g(of)f(the)h
Fr(while)p Fu(-lo)s(op)f(has)h(terminated.)146 5157 y(T)-8
b(o)33 b(complete)f(the)h(inference)g(system)h(w)m(e)f(need)h(one)f
(more)e(rule)i(of)f(inference)286 5335 y Ft(f)h Fs(P)445
5299 y Fi(0)501 5335 y Ft(g)f Fs(S)45 b Ft(f)32 b Fs(Q)849
5299 y Fi(0)905 5335 y Ft(g)p 254 5398 701 4 v 293 5503
a(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41
b Ft(g)1062 5421 y Fu(if)32 b Fs(P)42 b Ft(\))33 b Fs(P)1469
5385 y Fi(0)1525 5421 y Fu(and)f Fs(Q)1798 5385 y Fi(0)1854
5421 y Ft(\))h Fs(Q)p eop
%%Page: 180 190
180 189 bop 251 130 a Fw(180)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 a Fu(This)38 b(rule)e(sa)m(ys)i(that)f(w)m(e)h(can)f(strengthen)h
(the)g(precondition)d Fs(P)2771 479 y Fi(0)2832 515 y
Fu(and)i(w)m(eak)m(en)i(the)e(p)s(ost-)283 636 y(condition)32
b Fs(Q)796 600 y Fi(0)819 636 y Fu(.)43 b(This)33 b(rule)f(is)g(often)h
(called)e(the)i Fs(rule)i(of)g(c)-5 b(onse)g(quenc)g(e)p
Fu(.)430 756 y(Note)25 b(that)f(T)-8 b(able)24 b(6.1)g(sp)s(eci\014es)i
(a)e(set)i(of)e(axioms)f(and)i(rules)g(just)g(as)f(the)i(tables)e
(de\014ning)283 877 y(the)k(op)s(erational)c(seman)m(tics)j(in)f
(Chapter)i(2.)41 b(The)28 b(analogue)e(of)g(a)h(deriv)-5
b(ation)25 b(tree)j(will)c(no)m(w)283 997 y(b)s(e)i(called)e(an)h
Fs(infer)-5 b(enc)g(e)27 b(tr)-5 b(e)g(e)33 b Fu(since)25
b(it)f(sho)m(ws)j(ho)m(w)f(to)f(infer)f(that)h(a)g(certain)g(prop)s
(ert)m(y)h(holds.)283 1117 y(Th)m(us)39 b(the)f(lea)m(v)m(es)g(of)f(an)
h(inference)f(tree)h(will)d(b)s(e)j(instances)g(of)f(axioms)f(and)h
(the)h(in)m(ternal)283 1238 y(no)s(des)h(will)d(corresp)s(ond)j(to)e
(instances)i(of)f(rules.)60 b(W)-8 b(e)38 b(shall)f(sa)m(y)h(that)g
(the)h(inference)f(tree)283 1358 y(giv)m(es)33 b(a)g
Fs(pr)-5 b(o)g(of)53 b Fu(of)32 b(the)h(prop)s(ert)m(y)g(expressed)j(b)
m(y)d(its)f(ro)s(ot.)43 b(W)-8 b(e)33 b(shall)e(write)527
1560 y Ft(`)588 1575 y Fn(p)664 1560 y Ft(f)h Fs(P)43
b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1762
y Fu(for)g(the)h(pro)m(v)-5 b(abilit)m(y)40 b(of)i(the)g(assertion)h
Ft(f)f Fs(P)52 b Ft(g)42 b Fs(S)54 b Ft(f)42 b Fs(Q)51
b Ft(g)p Fu(.)72 b(An)43 b(inference)g(tree)f(is)g(called)283
1882 y Fs(simple)35 b Fu(if)27 b(it)h(is)f(an)i(instance)f(of)g(one)h
(of)e(the)i(axioms)e(and)i(otherwise)g(it)e(is)h(called)f
Fs(c)-5 b(omp)g(osite)p Fu(.)283 2109 y Fw(Example)37
b(6.8)49 b Fu(Consider)29 b(the)f(statemen)m(t)h Fr(while)h(true)f(do)f
(skip)p Fu(.)44 b(F)-8 b(rom)26 b([skip)3325 2124 y Fn(p)3369
2109 y Fu(])i(w)m(e)i(ha)m(v)m(e)283 2229 y(\(omitting)g(the)j
Ft(B)s Fu([)-17 b([)q Ft(\001)17 b(\001)g(\001)n Fu(])-17
b(])q(\))527 2431 y Ft(`)588 2446 y Fn(p)664 2431 y Ft(f)32
b Fr(true)i Ft(g)e Fr(skip)i Ft(f)e Fr(true)i Ft(g)283
2633 y Fu(Since)c(\()p Fr(true)g Ft(^)f Fr(true)p Fu(\))h
Ft(\))f Fr(true)h Fu(w)m(e)g(can)g(apply)e(the)i(rule)e(of)h
(consequence)j([cons)3339 2648 y Fn(p)3383 2633 y Fu(])e(and)f(get)527
2835 y Ft(`)588 2850 y Fn(p)664 2835 y Ft(f)j Fr(true)i
Ft(^)f Fr(true)h Ft(g)e Fr(skip)h Ft(f)g Fr(true)g Ft(g)283
3037 y Fu(Hence)h(b)m(y)g(the)f(rule)f([while)1322 3052
y Fn(p)1365 3037 y Fu(])g(w)m(e)i(get)527 3240 y Ft(`)588
3255 y Fn(p)664 3240 y Ft(f)e Fr(true)i Ft(g)e Fr(while)i(true)g(do)f
(skip)g Ft(f)g(:)p Fr(true)h Ft(^)f Fr(true)g Ft(g)283
3442 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(that)f Ft(:)p Fr(true)h
Ft(^)f Fr(true)g Ft(\))f Fr(true)i Fu(so)f(b)m(y)g(applying)f([cons)
2763 3457 y Fn(p)2807 3442 y Fu(])g(once)i(more)d(w)m(e)j(get)527
3644 y Ft(`)588 3659 y Fn(p)664 3644 y Ft(f)e Fr(true)i
Ft(g)e Fr(while)i(true)g(do)f(skip)g Ft(f)g Fr(true)g
Ft(g)283 3846 y Fu(The)h(inference)f(ab)s(o)m(v)m(e)h(can)e(b)s(e)h
(summarized)f(b)m(y)h(the)g(follo)m(wing)d(inference)j(tree:)1109
4039 y Ft(f)g Fr(true)g Ft(g)g Fr(skip)g Ft(f)g Fr(true)g
Ft(g)p 527 4126 2174 4 v 941 4331 a(f)f Fr(true)i Ft(^)f
Fr(true)h Ft(g)e Fr(skip)h Ft(f)g Fr(true)g Ft(g)p 527
4417 V 577 4622 a(f)f Fr(true)i Ft(g)e Fr(while)i(true)g(do)f(skip)g
Ft(f)g(:)p Fr(true)h Ft(^)f Fr(true)g Ft(g)p 527 4709
V 779 4913 a(f)f Fr(true)i Ft(g)e Fr(while)i(true)f(do)g(skip)h
Ft(f)e Fr(true)i Ft(g)283 5114 y Fu(It)44 b(is)e(no)m(w)i(easy)g(to)e
(see)j(that)d(w)m(e)i(cannot)g(claim)c(that)j Ft(f)g
Fs(P)53 b Ft(g)43 b Fs(S)55 b Ft(f)42 b Fs(Q)52 b Ft(g)43
b Fu(means)g(that)g Fs(S)283 5234 y Fu(will)38 b(terminate)g(in)h(a)g
(state)h(satisfying)f Fs(Q)48 b Fu(when)41 b(it)e(is)g(started)h(in)f
(a)g(state)h(satisfying)e Fs(P)10 b Fu(.)283 5355 y(F)-8
b(or)28 b(the)g(assertion)h Ft(f)j Fr(true)i Ft(g)e Fr(while)i(true)f
(do)g(skip)h Ft(f)e Fr(true)i Ft(g)28 b Fu(this)g(reading)f(w)m(ould)h
(mean)283 5475 y(that)33 b(the)g(program)e(w)m(ould)i(alw)m(a)m(ys)g
(terminate)e(and)i(clearly)e(this)i(is)f(not)g(the)h(case.)256
b Fh(2)p eop
%%Page: 181 191
181 190 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
(assertions)1619 b(181)p 0 193 3473 4 v 0 515 a(Example)37
b(6.9)48 b Fu(T)-8 b(o)32 b(illustrate)e(the)i(use)h(of)e(the)i
(axiomatic)c(seman)m(tics)j(for)f(v)m(eri\014cation)g(w)m(e)0
636 y(shall)g(pro)m(v)m(e)j(the)f(assertion)244 850 y
Ft(f)f Fr(x)h Fu(=)f Fr(n)h Ft(g)244 1017 y Fr(y)g Fu(:=)f
Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p
Fr(1)p Fu(\))244 1185 y Ft(f)f Fr(y)h Fu(=)f Fr(n)p Fu(!)44
b Ft(^)33 b Fr(n)g Fo(>)f Fr(0)h Ft(g)0 1399 y Fu(where,)h(for)e(the)h
(sak)m(e)h(of)e(readabilit)m(y)-8 b(,)31 b(w)m(e)i(write)g
Fr(y)f Fu(=)h Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g Fo(>)g
Fr(0)f Fu(for)g(the)h(predicate)244 1613 y Fs(P)43 b
Fu(where)34 b Fs(P)42 b(s)f Fu(=)32 b(\()p Fs(s)41 b
Fr(y)33 b Fu(=)f(\()p Fs(s)41 b Fr(n)p Fu(\)!)i Ft(^)33
b Fs(s)41 b Fr(n)33 b Fo(>)f Fw(0)p Fu(\))0 1827 y(The)f(inference)g
(of)f(this)g(assertion)g(pro)s(ceeds)h(in)f(a)g(n)m(um)m(b)s(er)h(of)e
(stages.)44 b(First)29 b(w)m(e)i(de\014ne)h(the)0 1948
y(predicate)h Fs(INV)51 b Fu(that)32 b(is)g(going)f(to)i(b)s(e)f(the)h
(in)m(v)-5 b(arian)m(t)32 b(of)g(the)h Fr(while)p Fu(-lo)s(op:)244
2162 y Fs(INV)51 b(s)41 b Fu(=)32 b(\()p Fs(s)41 b Fr(x)32
b Fo(>)h Fw(0)f Fu(implies)e(\(\()p Fs(s)41 b Fr(y)p
Fu(\))33 b Fo(?)f Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32
b(\()p Fs(s)41 b Fr(n)p Fu(\)!)j(and)32 b Fs(s)41 b Fr(n)33
b Ft(\025)g Fs(s)40 b Fr(x)p Fu(\)\))0 2376 y(W)-8 b(e)33
b(shall)e(then)i(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)42
b(Using)32 b([ass)2370 2391 y Fn(p)2414 2376 y Fu(])h(w)m(e)h(get)244
2590 y Ft(`)305 2605 y Fn(p)381 2590 y Ft(f)e Fs(INV)19
b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])33
b Ft(g)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)g Ft(f)g
Fs(INV)51 b Ft(g)0 2804 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244
3018 y Ft(`)305 3033 y Fn(p)381 3018 y Ft(f)f Fu(\()p
Fs(INV)19 b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p
Fu(]\)[)p Fr(y)p Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])32
b Ft(g)h Fr(y)g Fu(:=)f Fr(y)h Fo(?)f Fr(x)h Ft(f)f Fs(INV)19
b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])34
b Ft(g)0 3232 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)f
([comp)1436 3247 y Fn(p)1479 3232 y Fu(])h(to)f(the)h(t)m(w)m(o)h
(assertions)f(ab)s(o)m(v)m(e)g(and)g(get)244 3446 y Ft(`)305
3461 y Fn(p)381 3446 y Ft(f)f Fu(\()p Fs(INV)19 b Fu([)p
Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p
Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])32 b Ft(g)h Fr(y)g
Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p
Ft(\000)p Fr(1)i Ft(f)e Fs(INV)51 b Ft(g)0 3661 y Fu(It)33
b(is)f(easy)h(to)g(v)m(erify)g(that)244 3875 y(\()p Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Ft(^)g Fs(INV)19
b Fu(\))32 b Ft(\))g Fu(\()p Fs(INV)19 b Fu([)p Fr(x)p
Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q
Fr(y)p Fo(?)p Fr(x)p Fu(])0 4089 y(so)33 b(using)f(the)h(rule)f([cons)
949 4104 y Fn(p)993 4089 y Fu(])h(w)m(e)h(get)244 4303
y Ft(`)305 4318 y Fn(p)381 4303 y Ft(f)e(:)p Fu(\()p
Fr(x)h Fu(=)f Fr(1)p Fu(\))h Ft(^)g Fs(INV)51 b Ft(g)33
b Fr(y)f Fu(:=)h Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)i Ft(f)e Fs(INV)51 b Ft(g)0 4517
y Fu(W)-8 b(e)33 b(are)g(no)m(w)g(in)f(a)g(p)s(osition)f(to)h(use)h
(the)g(rule)g([while)2002 4532 y Fn(p)2044 4517 y Fu(])g(and)f(get)244
4731 y Ft(`)305 4746 y Fn(p)381 4731 y Ft(f)g Fs(INV)51
b Ft(g)381 4899 y Fr(while)33 b Ft(:)q Fu(\()p Fr(x)p
Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h
Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\))381 5066 y Ft(f:)p Fu(\()p Ft(:)p Fu(\()p
Fr(x)h Fu(=)f Fr(1)p Fu(\)\))h Ft(^)g Fs(INV)51 b Ft(g)0
5280 y Fu(Clearly)32 b(w)m(e)h(ha)m(v)m(e)244 5494 y
Ft(:)p Fu(\()p Ft(:)q Fu(\()p Fr(x)f Fu(=)h Fr(1)p Fu(\)\))f
Ft(^)h Fs(INV)51 b Ft(\))33 b Fr(y)f Fu(=)h Fr(n)p Fu(!)44
b Ft(^)32 b Fr(n)h Fo(>)g Fr(0)p eop
%%Page: 182 192
182 191 bop 251 130 a Fw(182)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 a Fu(so)33 b(applying)f(rule)g([cons)1208 530 y Fn(p)1252
515 y Fu(])h(w)m(e)g(get)552 683 y Ft(`)613 698 y Fn(p)689
683 y Ft(f)f Fs(INV)51 b Ft(g)33 b Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\))i Ft(f)e Fr(y)h Fu(=)f
Fr(n)p Fu(!)44 b Ft(^)33 b Fr(n)g Fo(>)f Fr(0)h Ft(g)283
851 y Fu(W)-8 b(e)33 b(shall)f(no)m(w)h(apply)f(the)h(axiom)e([ass)1761
866 y Fn(p)1805 851 y Fu(])i(to)f(the)h(statemen)m(t)g
Fr(y)g Fu(:=)f Fr(1)h Fu(and)g(get)527 1054 y Ft(`)588
1069 y Fn(p)664 1054 y Ft(f)f Fs(INV)19 b Fu([)p Fr(y)p
Ft(7!)p Fr(1)p Fu(])33 b Ft(g)f Fr(y)h Fu(:=)g Fr(1)f
Ft(f)h Fs(INV)51 b Ft(g)283 1258 y Fu(Using)33 b(that)527
1462 y Fr(x)g Fu(=)g Fr(n)f Ft(\))g Fs(INV)19 b Fu([)p
Fr(y)p Ft(7!)p Fr(1)p Fu(])283 1666 y(together)33 b(with)f([cons)1101
1681 y Fn(p)1146 1666 y Fu(])g(w)m(e)i(get)527 1870 y
Ft(`)588 1885 y Fn(p)664 1870 y Ft(f)e Fr(x)h Fu(=)g
Fr(n)f Ft(g)h Fr(y)f Fu(:=)h Fr(1)g Ft(f)f Fs(INV)51
b Ft(g)283 2074 y Fu(Finally)-8 b(,)30 b(w)m(e)k(can)f(use)g(the)g
(rule)f([comp)1743 2089 y Fn(p)1787 2074 y Fu(])g(and)h(get)527
2278 y Ft(`)588 2293 y Fn(p)664 2278 y Ft(f)f Fr(x)h
Fu(=)g Fr(n)f Ft(g)664 2445 y Fr(y)h Fu(:=)f Fr(1)p Fu(;)h
Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e
Fr(do)h Fu(\()p Fr(y)g Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)f
Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(\))664 2613
y Ft(f)f Fr(y)h Fu(=)g Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g
Fo(>)f Fr(0)h Ft(g)283 2817 y Fu(as)g(required.)2902
b Fh(2)283 3046 y Fw(Exercise)37 b(6.10)49 b Fu(Sp)s(ecify)42
b(a)f(form)m(ula)f(expressing)k(the)e(partial)e(correctness)k(prop)s
(ert)m(y)e(of)283 3166 y(the)g(program)f(of)g(Exercise)h(6.1.)70
b(Construct)43 b(an)e(inference)h(tree)g(giving)e(a)i(pro)s(of)e(of)h
(this)283 3287 y(prop)s(ert)m(y)34 b(using)e(the)h(inference)g(system)h
(of)e(T)-8 b(able)32 b(6.1.)1312 b Fh(2)283 3516 y Fw(Exercise)37
b(6.11)49 b Fu(Suggest)e(an)f(inference)h(rule)f(for)g
Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85
b(Y)-8 b(ou)47 b(are)f(not)283 3636 y(allo)m(w)m(ed)32
b(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g Fr(while)p
Fu(-construct)i(in)e(the)h(language.)427 b Fh(2)283 3865
y Fw(Exercise)37 b(6.12)49 b Fu(Suggest)31 b(an)f(inference)g(rule)g
(for)g Fr(for)h Fs(x)42 b Fu(:=)30 b Fs(a)2671 3880 y
Fn(1)2741 3865 y Fr(to)g Fs(a)2930 3880 y Fn(2)3000 3865
y Fr(do)h Fs(S)12 b Fu(.)30 b(Y)-8 b(ou)30 b(are)g(not)283
3985 y(allo)m(w)m(ed)i(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g
Fr(while)p Fu(-construct)i(in)e(the)h(language.)427 b
Fh(2)283 4275 y Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283
4460 y Fu(In)27 b(the)f(op)s(erational)d(and)j(denotational)e(seman)m
(tics)i(w)m(e)h(de\014ned)g(a)e(notion)g(of)g(t)m(w)m(o)i(programs)283
4580 y(b)s(eing)39 b(seman)m(tically)e(equiv)-5 b(alen)m(t.)63
b(W)-8 b(e)39 b(can)h(de\014ne)g(a)f(similar)c(notion)j(for)h(the)g
(axiomatic)283 4700 y(seman)m(tics:)74 b(Tw)m(o)48 b(programs)f
Fs(S)1539 4715 y Fn(1)1625 4700 y Fu(and)h Fs(S)1897
4715 y Fn(2)1984 4700 y Fu(are)f Fs(pr)-5 b(ovably)48
b(e)-5 b(quivalent)56 b Fu(according)47 b(to)g(the)283
4821 y(axiomatic)35 b(seman)m(tics)h(of)g(T)-8 b(able)37
b(6.1)f(if)f(for)h(all)f(preconditions)h Fs(P)47 b Fu(and)36
b(p)s(ostconditions)g Fs(Q)283 4941 y Fu(w)m(e)e(ha)m(v)m(e)527
5145 y Ft(`)588 5160 y Fn(p)664 5145 y Ft(f)e Fs(P)43
b Ft(g)33 b Fs(S)1005 5160 y Fn(1)1076 5145 y Ft(f)g
Fs(Q)41 b Ft(g)98 b Fu(if)31 b(and)i(only)f(if)96 b Ft(`)2131
5160 y Fn(p)2207 5145 y Ft(f)32 b Fs(P)43 b Ft(g)33 b
Fs(S)2548 5160 y Fn(2)2619 5145 y Ft(f)g Fs(Q)41 b Ft(g)283
5374 y Fw(Exercise)c(6.13)49 b Fu(Sho)m(w)32 b(that)e(the)i(follo)m
(wing)c(statemen)m(ts)k(of)e Fw(While)f Fu(are)i(pro)m(v)-5
b(ably)31 b(equiv-)283 5494 y(alen)m(t)i(in)e(the)i(ab)s(o)m(v)m(e)h
(sense:)p eop
%%Page: 183 193
183 192 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
b(183)p 0 193 3473 4 v 145 515 a Ft(\017)49 b Fs(S)12
b Fu(;)32 b Fr(skip)i Fu(and)f Fs(S)145 718 y Ft(\017)49
b Fs(S)311 733 y Fn(1)350 718 y Fu(;)33 b(\()p Fs(S)515
733 y Fn(2)554 718 y Fu(;)g Fs(S)681 733 y Fn(3)720 718
y Fu(\))f(and)h(\()p Fs(S)1085 733 y Fn(1)1124 718 y
Fu(;)g Fs(S)1251 733 y Fn(2)1290 718 y Fu(\);)g Fs(S)1455
733 y Fn(3)3398 718 y Fh(2)146 944 y Fu(Pro)s(ofs)c(of)f(prop)s(erties)
h(of)f(the)h(axiomatic)d(seman)m(tics)j(will)d(often)j(pro)s(ceed)g(b)m
(y)h Fs(induction)0 1064 y(on)k(the)h(shap)-5 b(e)34
b(of)h(the)g(infer)-5 b(enc)g(e)34 b(tr)-5 b(e)g(e)p
Fu(:)p 0 1213 3470 4 v 0 1230 V -2 1438 4 208 v 15 1438
V 716 1359 a Fw(Induction)32 b(on)h(the)f(Shap)s(e)i(of)f(Inference)g
(T)-9 b(rees)p 3452 1438 V 3469 1438 V 0 1441 3470 4
v -2 1810 4 370 v 15 1810 V 66 1606 a Fu(1:)143 b(Pro)m(v)m(e)29
b(that)e(the)h(prop)s(ert)m(y)g(holds)f(for)f(all)f(the)j(simple)e
(inference)i(trees)g(b)m(y)g(sho)m(wing)285 1727 y(that)33
b(it)e(holds)h(for)g(the)h Fs(axioms)40 b Fu(of)32 b(the)h(inference)g
(system.)p 3452 1810 V 3469 1810 V -2 2339 4 529 v 15
2339 V 66 1894 a(2:)143 b(Pro)m(v)m(e)36 b(that)f(the)g(prop)s(ert)m(y)
g(holds)g(for)f(all)e(comp)s(osite)i(inference)h(trees:)49
b(F)-8 b(or)33 b(eac)m(h)285 2015 y Fs(rule)51 b Fu(assume)43
b(that)g(the)h(prop)s(ert)m(y)f(holds)g(for)f(its)h(premises)g(\(this)g
(is)f(called)g(the)285 2135 y Fs(induction)33 b(hyp)-5
b(othesis)p Fu(\))30 b(and)h(that)g(the)g(conditions)f(of)g(the)i(rule)
e(are)h(satis\014ed)g(and)285 2255 y(then)i(pro)m(v)m(e)h(that)f(it)e
(also)h(holds)g(for)g(the)h(conclusion)f(of)g(the)h(rule.)p
3452 2339 V 3469 2339 V 0 2342 3470 4 v 0 2359 V 0 2547
a Fw(Exercise)j(6.14)49 b Fu(**)26 b(Using)g(the)h(inference)f(rule)g
(for)g Fr(repeat)i Fs(S)38 b Fr(until)27 b Fs(b)32 b
Fu(giv)m(en)27 b(in)e(Exercise)0 2667 y(6.11)f(sho)m(w)j(that)d
Fr(repeat)j Fs(S)37 b Fr(until)26 b Fs(b)31 b Fu(is)24
b(pro)m(v)-5 b(ably)25 b(equiv)-5 b(alen)m(t)25 b(to)g
Fs(S)12 b Fu(;)25 b Fr(while)h Ft(:)p Fs(b)31 b Fr(do)26
b Fs(S)12 b Fu(.)25 b(Hin)m(t:)0 2788 y(it)34 b(is)h(not)h(to)s(o)e
(hard)i(to)f(sho)m(w)h(that)g(what)f(is)g(pro)m(v)-5
b(able)35 b(ab)s(out)g Fr(repeat)i Fs(S)47 b Fr(until)37
b Fs(b)k Fu(is)35 b(also)0 2908 y(pro)m(v)-5 b(able)32
b(ab)s(out)g Fs(S)12 b Fu(;)33 b Fr(while)h Ft(:)p Fs(b)k
Fr(do)c Fs(S)12 b Fu(.)1934 b Fh(2)0 3134 y Fw(Exercise)36
b(6.15)49 b Fu(Sho)m(w)28 b(that)e Ft(`)1209 3149 y Fn(p)1279
3134 y Ft(f)g Fs(P)37 b Ft(g)26 b Fs(S)38 b Ft(f)27 b
Fr(true)g Ft(g)g Fu(for)f(all)e(statemen)m(ts)k Fs(S)38
b Fu(and)26 b(prop)s(erties)0 3254 y Fs(P)10 b Fu(.)3295
b Fh(2)0 3586 y Fj(6.3)161 b(Soundness)50 b(and)k(completeness)0
3806 y Fu(W)-8 b(e)37 b(shall)d(no)m(w)j(address)h(the)f(relationship)d
(b)s(et)m(w)m(een)k(the)f(inference)g(system)g(of)f(T)-8
b(able)36 b(6.1)0 3926 y(and)28 b(the)g(op)s(erational)d(and)j
(denotational)e(seman)m(tics)i(of)f(the)h(previous)g(c)m(hapters.)44
b(W)-8 b(e)28 b(shall)0 4046 y(pro)m(v)m(e)34 b(that)145
4248 y Ft(\017)49 b Fu(the)40 b(inference)h(system)f(is)g
Fs(sound)p Fu(:)57 b(if)39 b(some)h(partial)d(correctness)42
b(prop)s(ert)m(y)f(can)f(b)s(e)244 4368 y(pro)m(v)m(ed)34
b(using)e(the)g(inference)h(system)g(then)g(it)f(do)s(es)g(indeed)h
(hold)e(according)h(to)g(the)244 4488 y(seman)m(tics,)h(and)145
4691 y Ft(\017)49 b Fu(the)38 b(inference)h(system)g(is)e
Fs(c)-5 b(omplete)p Fu(:)54 b(if)37 b(some)g(partial)f(correctness)k
(prop)s(ert)m(y)f(do)s(es)244 4812 y(hold)27 b(according)h(to)g(the)g
(seman)m(tics)h(then)f(w)m(e)i(can)e(also)f(\014nd)i(a)f(pro)s(of)f
(for)h(it)f(using)h(the)244 4932 y(inference)33 b(system.)0
5133 y(The)41 b(completeness)f(result)g(can)g(only)g(b)s(e)g(pro)m(v)m
(ed)h(b)s(ecause)g(w)m(e)g(use)g(the)f(extensional)g(ap-)0
5254 y(proac)m(h)i(where)h(preconditions)e(and)h(p)s(ostconditions)f
(are)g(arbitrary)g(predicates.)71 b(In)42 b(the)0 5374
y(in)m(tensional)30 b(approac)m(h)i(w)m(e)h(only)e(ha)m(v)m(e)i(a)f(w)m
(eak)m(er)h(result;)f(w)m(e)h(shall)d(return)j(to)e(this)g(later)g(in)0
5494 y(this)h(section.)p eop
%%Page: 184 194
184 193 bop 251 130 a Fw(184)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 430
515 a Fu(As)34 b(the)f(op)s(erational)e(and)j(denotational)d(seman)m
(tics)i(are)h(equiv)-5 b(alen)m(t)33 b(w)m(e)h(only)f(need)h(to)283
636 y(consider)f(one)g(of)f(them)g(here)h(and)g(w)m(e)g(shall)e(c)m(ho)
s(ose)j(the)f(natural)e(seman)m(tics.)44 b(The)33 b(partial)283
756 y(correctness)i(assertion)e Ft(f)f Fs(P)43 b Ft(g)32
b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(is)g(said)g(to)g(b)s(e)h
Fs(valid)42 b Fu(if)32 b(and)g(only)g(if)527 981 y(for)g(all)e(states)k
Fs(s)8 b Fu(,)32 b(if)f Fs(P)43 b(s)d Fu(=)32 b Fw(tt)g
Fu(and)g Ft(h)p Fs(S)12 b Fu(,)p Fs(s)c Ft(i)32 b(!)g
Fs(s)2323 945 y Fi(0)2378 981 y Fu(for)g(some)g Fs(s)2819
945 y Fi(0)2875 981 y Fu(then)h Fs(Q)41 b(s)3261 945
y Fi(0)3317 981 y Fu(=)32 b Fw(tt)283 1206 y Fu(and)h(w)m(e)h(shall)d
(write)h(this)g(as)527 1431 y Ft(j)-17 b Fu(=)614 1446
y Fn(p)690 1431 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44
b Ft(f)32 b Fs(Q)42 b Ft(g)283 1656 y Fu(The)34 b(soundness)h(prop)s
(ert)m(y)e(is)f(then)h(expressed)j(b)m(y)527 1881 y Ft(`)588
1896 y Fn(p)664 1881 y Ft(f)c Fs(P)43 b Ft(g)33 b Fs(S)44
b Ft(f)32 b Fs(Q)42 b Ft(g)65 b Fu(implies)d Ft(j)-17
b Fu(=)1801 1896 y Fn(p)1877 1881 y Ft(f)33 b Fs(P)43
b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 2106
y Fu(and)33 b(the)g(completeness)h(prop)s(ert)m(y)f(is)f(expressed)j(b)
m(y)527 2331 y Ft(j)-17 b Fu(=)614 2346 y Fn(p)690 2331
y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42
b Ft(g)65 b Fu(implies)e Ft(`)1801 2346 y Fn(p)1877 2331
y Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41
b Ft(g)283 2556 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)p 283 2681
3473 5 v 283 2881 a Fw(Theorem)38 b(6.16)49 b Fu(F)-8
b(or)31 b(all)g(partial)f(correctness)35 b(assertions)e
Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42
b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)552 3049 y Ft(j)-17
b Fu(=)639 3064 y Fn(p)715 3049 y Ft(f)32 b Fs(P)43 b
Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)65 b Fu(if)31
b(and)i(only)f(if)64 b Ft(`)2078 3064 y Fn(p)2154 3049
y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)41
b Ft(g)p 283 3169 V 283 3394 a Fu(It)33 b(is)f(customary)h(to)f(pro)m
(v)m(e)i(the)f(soundness)i(and)e(completeness)g(results)g(separately)-8
b(.)283 3709 y Fp(Soundness)283 3903 y Fu(W)g(e)33 b(shall)f(\014rst)h
(pro)m(v)m(e:)p 283 4028 V 283 4228 a Fw(Lemma)38 b(6.17)49
b Fu(The)29 b(inference)g(system)h(of)e(T)-8 b(able)28
b(6.1)g(is)g(sound,)i(that)f(is)f(for)g(ev)m(ery)i(partial)283
4348 y(correctness)35 b(form)m(ula)c Ft(f)h Fs(P)43 b
Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m
(e)552 4516 y Ft(`)613 4531 y Fn(p)689 4516 y Ft(f)e
Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32
b Fu(implies)e Ft(j)-17 b Fu(=)1761 4531 y Fn(p)1837
4516 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32
b Fs(Q)42 b Ft(g)p 283 4636 V 283 4861 a Fw(Pro)s(of:)d
Fu(The)34 b(pro)s(of)f(is)g(b)m(y)h(induction)f(on)g(the)h(shap)s(e)g
(of)g(the)f(inference)i(tree)f(used)g(to)g(infer)283
4982 y Ft(`)344 4997 y Fn(p)420 4982 y Ft(f)f Fs(P)42
b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)p Fu(.)47
b(This)34 b(amoun)m(ts)f(to)h(nothing)e(but)i(a)g(formalization)29
b(of)k(the)i(in)m(tuitions)283 5102 y(w)m(e)f(ga)m(v)m(e)g(when)f(in)m
(tro)s(ducing)f(the)h(axioms)e(and)i(rules.)283 5270
y Fw(The)g(case)g Fu([ass)891 5285 y Fn(p)936 5270 y
Fu(]:)43 b(W)-8 b(e)33 b(shall)e(pro)m(v)m(e)j(that)f(the)g(axiom)d(is)
j(v)-5 b(alid,)30 b(so)j(supp)s(ose)h(that)527 5494 y
Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(s)8
b Ft(i)32 b(!)g Fs(s)1207 5458 y Fi(0)p eop
%%Page: 185 195
185 194 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
b(185)p 0 193 3473 4 v 0 515 a Fu(and)29 b(\()p Fs(P)10
b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q(]\))29 b Fs(s)37 b Fu(=)29 b Fw(tt)p Fu(.)41 b(W)-8
b(e)30 b(shall)d(then)j(pro)m(v)m(e)g(that)f Fs(P)39
b(s)2356 479 y Fi(0)2409 515 y Fu(=)28 b Fw(tt)p Fu(.)42
b(F)-8 b(rom)27 b([ass)3074 530 y Fn(ns)3146 515 y Fu(])i(w)m(e)h(get)0
636 y(that)d Fs(s)254 600 y Fi(0)304 636 y Fu(=)g Fs(s)8
b Fu([)p Fs(x)k Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q Fs(s)8 b Fu(])27 b(and)h(from)d(\()p Fs(P)10 b
Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q(]\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)26 b Fu(w)m(e)i(get)f(that)g
Fs(P)38 b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(]\))0
756 y(=)32 b Fw(tt)p Fu(.)43 b(Th)m(us)34 b Fs(P)43 b(s)670
720 y Fi(0)726 756 y Fu(=)32 b Fw(tt)g Fu(as)h(w)m(as)g(to)g(b)s(e)f
(sho)m(wn.)0 924 y Fw(The)h(case)g Fu([skip)654 939 y
Fn(p)698 924 y Fu(]:)43 b(This)33 b(case)h(is)e(immediate)e(using)i
(the)h(clause)g([skip)2709 939 y Fn(ns)2780 924 y Fu(].)0
1091 y Fw(The)g(case)g Fu([comp)711 1106 y Fn(p)754 1091
y Fu(]:)44 b(W)-8 b(e)33 b(assume)g(that)244 1306 y Ft(j)-17
b Fu(=)331 1321 y Fn(p)407 1306 y Ft(f)32 b Fs(P)43 b
Ft(g)32 b Fs(S)747 1321 y Fn(1)819 1306 y Ft(f)g Fs(Q)42
b Ft(g)32 b Fu(and)h Ft(j)-17 b Fu(=)1377 1321 y Fn(p)1453
1306 y Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fs(S)1801 1321 y
Fn(2)1873 1306 y Ft(f)g Fs(R)37 b Ft(g)0 1521 y Fu(and)d(w)m(e)g(ha)m
(v)m(e)h(to)f(pro)m(v)m(e)g(that)g Ft(j)-17 b Fu(=)1245
1536 y Fn(p)1322 1521 y Ft(f)33 b Fs(P)44 b Ft(g)33 b
Fs(S)1665 1536 y Fn(1)1705 1521 y Fu(;)h Fs(S)1833 1536
y Fn(2)1906 1521 y Ft(f)f Fs(R)38 b Ft(g)p Fu(.)46 b(So)34
b(consider)f(arbitrary)g(states)i Fs(s)0 1642 y Fu(and)e
Fs(s)238 1606 y Fi(00)313 1642 y Fu(suc)m(h)h(that)e
Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 1857 y Ft(h)p
Fs(S)350 1872 y Fn(1)389 1857 y Fu(;)p Fs(S)483 1872
y Fn(2)522 1857 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)881
1821 y Fi(00)0 2072 y Fu(F)-8 b(rom)31 b([comp)511 2087
y Fn(ns)582 2072 y Fu(])i(w)m(e)g(get)g(that)f(there)h(is)g(a)f(state)h
Fs(s)1875 2036 y Fi(0)1931 2072 y Fu(suc)m(h)h(that)244
2287 y Ft(h)p Fs(S)350 2302 y Fn(1)389 2287 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2251 y Fi(0)869 2287
y Fu(and)98 b Ft(h)o Fs(S)1229 2302 y Fn(2)1269 2287
y Fu(,)32 b Fs(s)1376 2251 y Fi(0)1400 2287 y Ft(i)g(!)g
Fs(s)1651 2251 y Fi(00)0 2502 y Fu(F)-8 b(rom)37 b Ft(h)o
Fs(S)367 2517 y Fn(1)407 2502 y Fu(,)i Fs(s)8 b Ft(i)38
b(!)g Fs(s)784 2466 y Fi(0)807 2502 y Fu(,)i Fs(P)49
b(s)d Fu(=)38 b Fw(tt)f Fu(and)i Ft(j)-17 b Fu(=)1596
2517 y Fn(p)1678 2502 y Ft(f)38 b Fs(P)48 b Ft(g)38 b
Fs(S)2035 2517 y Fn(1)2113 2502 y Ft(f)g Fs(Q)47 b Ft(g)38
b Fu(w)m(e)h(get)g Fs(Q)47 b(s)2899 2466 y Fi(0)2960
2502 y Fu(=)38 b Fw(tt)p Fu(.)60 b(F)-8 b(rom)0 2622
y Ft(h)p Fs(S)106 2637 y Fn(2)145 2622 y Fu(,)33 b Fs(s)253
2586 y Fi(0)276 2622 y Ft(i)f(!)g Fs(s)527 2586 y Fi(00)570
2622 y Fu(,)g Fs(Q)41 b(s)793 2586 y Fi(0)848 2622 y
Fu(=)32 b Fw(tt)f Fu(and)h Ft(j)-17 b Fu(=)1351 2637
y Fn(p)1427 2622 y Ft(f)31 b Fs(Q)41 b Ft(g)32 b Fs(S)1773
2637 y Fn(2)1844 2622 y Ft(f)g Fs(R)k Ft(g)c Fu(it)f(follo)m(ws)f(that)
i Fs(R)k(s)2897 2586 y Fi(00)2971 2622 y Fu(=)c Fw(tt)f
Fu(as)h(w)m(as)0 2743 y(to)g(b)s(e)h(sho)m(wn.)0 2910
y Fw(The)g(case)g Fu([if)541 2925 y Fn(p)583 2910 y Fu(]:)44
b(Assume)33 b(that)244 3125 y Ft(j)-17 b Fu(=)331 3140
y Fn(p)407 3125 y Ft(f)32 b(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1073
3140 y Fn(1)1145 3125 y Ft(f)g Fs(Q)42 b Ft(g)32 b Fu(and)h
Ft(j)-17 b Fu(=)1703 3140 y Fn(p)1779 3125 y Ft(f)32
b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
Fs(P)43 b Ft(g)32 b Fs(S)2512 3140 y Fn(2)2584 3125 y
Ft(f)g Fs(Q)42 b Ft(g)0 3340 y Fu(T)-8 b(o)31 b(pro)m(v)m(e)h
Ft(j)-17 b Fu(=)490 3355 y Fn(p)564 3340 y Ft(f)30 b
Fs(P)41 b Ft(g)31 b Fr(if)g Fs(b)37 b Fr(then)31 b Fs(S)1349
3355 y Fn(1)1419 3340 y Fr(else)h Fs(S)1722 3355 y Fn(2)1792
3340 y Ft(f)f Fs(Q)39 b Ft(g)31 b Fu(consider)g(arbitrary)f(states)h
Fs(s)39 b Fu(and)31 b Fs(s)3449 3304 y Fi(0)0 3461 y
Fu(suc)m(h)j(that)e Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244
3676 y Ft(h)p Fr(if)h Fs(b)38 b Fr(then)c Fs(S)806 3691
y Fn(1)877 3676 y Fr(else)g Fs(S)1182 3691 y Fn(2)1221
3676 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 3639 y
Fi(0)0 3891 y Fu(There)i(are)f(t)m(w)m(o)h(cases.)46
b(If)33 b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
Fs(s)41 b Fu(=)33 b Fw(tt)f Fu(then)i(w)m(e)g(get)f(\()p
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)h
Fs(P)10 b Fu(\))33 b Fs(s)41 b Fu(=)33 b Fw(tt)f Fu(and)h(from)f([if)
3375 3906 y Fn(ns)3445 3891 y Fu(])0 4011 y(w)m(e)i(ha)m(v)m(e)244
4226 y Ft(h)p Fs(S)350 4241 y Fn(1)389 4226 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 4190 y Fi(0)0 4441 y
Fu(F)-8 b(rom)39 b(the)i(\014rst)g(assumption)f(w)m(e)i(therefore)f
(get)f Fs(Q)50 b(s)2085 4405 y Fi(0)2149 4441 y Fu(=)40
b Fw(tt)p Fu(.)67 b(If)40 b Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q Fs(s)48 b Fu(=)41 b Fw(\013)f Fu(the)h(result)0
4561 y(follo)m(ws)31 b(in)h(a)g(similar)e(w)m(a)m(y)j(from)f(the)h
(second)h(assumption.)0 4729 y Fw(The)f(case)g Fu([while)706
4744 y Fn(p)749 4729 y Fu(]:)43 b(Assume)34 b(that)244
4944 y Ft(j)-17 b Fu(=)331 4959 y Fn(p)407 4944 y Ft(f)32
b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(P)43 b Ft(g)0
5159 y Fu(T)-8 b(o)35 b(pro)m(v)m(e)h Ft(j)-17 b Fu(=)498
5174 y Fn(p)577 5159 y Ft(f)35 b Fs(P)45 b Ft(g)35 b
Fr(while)h Fs(b)41 b Fr(do)36 b Fs(S)46 b Ft(f)35 b(:)q(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])35 b Ft(^)h Fs(P)45
b Ft(g)35 b Fu(consider)g(arbitrary)f(states)i Fs(s)43
b Fu(and)0 5279 y Fs(s)48 5243 y Fi(00)123 5279 y Fu(suc)m(h)34
b(that)e Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 5494
y Ft(h)p Fr(while)h Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32
b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1216 5458 y Fi(00)p eop
%%Page: 186 196
186 195 bop 251 130 a Fw(186)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 a Fu(and)28 b(w)m(e)g(shall)e(sho)m(w)j(that)e(\()p
Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Ft(^)p
Fs(P)10 b Fu(\))28 b Fs(s)1827 479 y Fi(00)1897 515 y
Fu(=)f Fw(tt)p Fu(.)41 b(W)-8 b(e)27 b(shall)f(no)m(w)i(pro)s(ceed)g(b)
m(y)h(induction)d(on)283 636 y(the)33 b(shap)s(e)g(of)e(the)i(deriv)-5
b(ation)30 b(tree)j(in)e(the)i(natural)d(seman)m(tics.)44
b(One)32 b(of)g(t)m(w)m(o)h(cases)g(apply)-8 b(.)283
756 y(If)34 b Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fw(\013)i Fu(then)h Fs(s)1137
720 y Fi(00)1214 756 y Fu(=)f Fs(s)42 b Fu(according)33
b(to)h([while)2217 720 y Fn(\013)2217 781 y(ns)2287 756
y Fu(])g(and)h(clearly)e(\()p Ft(:B)s Fu([)-17 b([)q
Fs(b)6 b Fu(])-17 b(])35 b Ft(^)f Fs(P)10 b Fu(\))34
b Fs(s)3482 720 y Fi(00)3559 756 y Fu(=)g Fw(tt)283 877
y Fu(as)f(required.)44 b(Next)34 b(consider)f(the)g(case)g(where)h
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fw(tt)g Fu(and)527 1085 y Ft(h)p Fs(S)12
b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 1049 y Fi(0)1113
1085 y Fu(and)130 b Ft(h)p Fr(while)34 b Fs(b)k Fr(do)33
b Fs(S)12 b Fu(,)33 b Fs(s)2121 1049 y Fi(0)2144 1085
y Ft(i)f(!)g Fs(s)2395 1049 y Fi(00)283 1294 y Fu(for)38
b(some)h(state)g Fs(s)982 1258 y Fi(0)1005 1294 y Fu(.)61
b(Th)m(us)41 b(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])38 b Ft(^)h Fs(P)10 b Fu(\))39 b Fs(s)47 b Fu(=)38
b Fw(tt)g Fu(and)g(w)m(e)i(can)f(then)g(apply)f(the)h(assump-)283
1414 y(tion)f Ft(j)-17 b Fu(=)577 1429 y Fn(p)653 1414
y Ft(f)33 b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
b Ft(^)g Fs(P)42 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43
b Ft(g)c Fu(and)g(get)g(that)g Fs(P)49 b(s)2378 1378
y Fi(0)2441 1414 y Fu(=)38 b Fw(tt)p Fu(.)62 b(The)40
b(induction)e(h)m(yp)s(othe-)283 1535 y(sis)g(can)g(no)m(w)h(b)s(e)e
(applied)g(to)g(the)i(deriv)-5 b(ation)36 b Ft(h)o Fr(while)e
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2783 1499
y Fi(0)2807 1535 y Ft(i)g(!)g Fs(s)3058 1499 y Fi(00)3138
1535 y Fu(and)38 b(giv)m(es)g(that)283 1655 y(\()p Ft(:)q(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10
b Fu(\))33 b Fs(s)909 1619 y Fi(00)984 1655 y Fu(=)f
Fw(tt)o Fu(.)44 b(This)32 b(completes)h(the)g(pro)s(of)f(of)g(this)g
(case.)283 1823 y Fw(The)h(case)g Fu([cons)950 1838 y
Fn(p)995 1823 y Fu(]:)43 b(Supp)s(ose)34 b(that)527 2032
y Ft(j)-17 b Fu(=)614 2047 y Fn(p)690 2032 y Ft(f)32
b Fs(P)848 1996 y Fi(0)905 2032 y Ft(g)g Fs(S)44 b Ft(f)33
b Fs(Q)1253 1996 y Fi(0)1309 2032 y Ft(g)f Fu(and)h Fs(P)43
b Ft(\))32 b Fs(P)1898 1996 y Fi(0)1986 2032 y Fu(and)h
Fs(Q)2260 1996 y Fi(0)2316 2032 y Ft(\))f Fs(Q)283 2240
y Fu(T)-8 b(o)33 b(pro)m(v)m(e)h Ft(j)-17 b Fu(=)777
2255 y Fn(p)853 2240 y Ft(f)32 b Fs(P)43 b Ft(g)32 b
Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(consider)h(states)g
Fs(s)41 b Fu(and)33 b Fs(s)2483 2204 y Fi(0)2539 2240
y Fu(suc)m(h)h(that)e Fs(P)43 b(s)d Fu(=)33 b Fw(tt)e
Fu(and)527 2449 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b
Ft(i)32 b(!)g Fs(s)992 2413 y Fi(0)283 2658 y Fu(Since)e
Fs(P)39 b(s)e Fu(=)29 b Fw(tt)f Fu(and)h Fs(P)40 b Ft(\))28
b Fs(P)1434 2622 y Fi(0)1487 2658 y Fu(w)m(e)i(also)e(ha)m(v)m(e)j
Fs(P)2117 2622 y Fi(0)2169 2658 y Fs(s)38 b Fu(=)28 b
Fw(tt)h Fu(and)g(the)g(assumption)g(then)g(giv)m(es)283
2778 y(us)34 b(that)e Fs(Q)704 2742 y Fi(0)760 2778 y
Fs(s)808 2742 y Fi(0)864 2778 y Fu(=)g Fw(tt)p Fu(.)43
b(F)-8 b(rom)31 b Fs(Q)1470 2742 y Fi(0)1526 2778 y Ft(\))h
Fs(Q)42 b Fu(w)m(e)33 b(therefore)g(get)g Fs(Q)42 b(s)2655
2742 y Fi(0)2711 2778 y Fu(=)32 b Fw(tt)g Fu(as)g(required.)247
b Fh(2)283 3098 y Fw(Exercise)37 b(6.18)49 b Fu(Sho)m(w)38
b(that)g(the)g(inference)h(rule)e(for)g Fr(repeat)j Fs(S)49
b Fr(until)40 b Fs(b)j Fu(suggested)d(in)283 3219 y(Exercise)25
b(6.11)e(preserv)m(es)j(v)-5 b(alidit)m(y)d(.)38 b(Argue)24
b(that)f(this)g(means)h(that)f(the)h(en)m(tire)f(pro)s(of)g(system)283
3339 y(consisting)34 b(of)g(the)g(axioms)f(and)h(rules)g(of)g(T)-8
b(able)34 b(6.1)g(together)g(with)g(the)g(rule)g(of)f(Exercise)283
3460 y(6.11)f(is)g(sound.)2818 b Fh(2)283 3695 y Fw(Exercise)37
b(6.19)49 b Fu(De\014ne)33 b Ft(j)-17 b Fu(=)1364 3659
y Fi(0)1420 3695 y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45
b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(to)g(mean)g(that)527
3904 y(for)42 b(all)e(states)j Fs(s)50 b Fu(suc)m(h)43
b(that)f Fs(P)52 b(s)f Fu(=)41 b Fw(tt)h Fu(there)g(exists)h(a)f(state)
g Fs(s)3038 3868 y Fi(0)3104 3904 y Fu(suc)m(h)h(that)527
4025 y Fs(Q)f(s)692 3988 y Fi(0)748 4025 y Fu(=)32 b
Fw(tt)g Fu(and)h Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b
Ft(i)32 b(!)g Fs(s)1630 3988 y Fi(0)283 4233 y Fu(Sho)m(w)h(that)e(it)f
(is)h Fs(not)40 b Fu(the)32 b(case)g(that)f Ft(`)1763
4248 y Fn(p)1838 4233 y Ft(f)g Fs(P)41 b Ft(g)31 b Fs(S)43
b Ft(f)31 b Fs(Q)41 b Ft(g)31 b Fu(implies)d Ft(j)-17
b Fu(=)2899 4197 y Fi(0)2954 4233 y Ft(f)31 b Fs(P)41
b Ft(g)31 b Fs(S)43 b Ft(f)31 b Fs(Q)41 b Ft(g)31 b Fu(and)283
4354 y(conclude)j(that)f(the)h(pro)s(of)e(system)i(of)f(T)-8
b(able)33 b(6.1)g(cannot)g(b)s(e)h(sound)g(with)f(resp)s(ect)h(to)f
(this)283 4474 y(de\014nition)f(of)g(v)-5 b(alidit)m(y)d(.)2515
b Fh(2)283 4770 y Fp(Completeness)47 b(\(in)e(the)h(extensional)g
(approac)l(h\))283 4957 y Fu(Before)35 b(turning)f(to)g(the)h(pro)s(of)
e(of)h(the)h(completeness)g(result)g(w)m(e)g(shall)e(consider)i(a)f(sp)
s(ecial)283 5077 y(predicate)f(wlp\()p Fs(S)12 b Fu(,)32
b Fs(Q)9 b Fu(\))33 b(de\014ned)h(for)e(eac)m(h)h(statemen)m(t)g
Fs(S)45 b Fu(and)33 b(predicate)f Fs(Q)9 b Fu(:)527 5286
y(wlp\()p Fs(S)j Fu(,)32 b Fs(Q)9 b Fu(\))33 b Fs(s)41
b Fu(=)32 b Fw(tt)283 5494 y Fu(if)g(and)h(only)f(if)f(for)h(all)f
(states)i Fs(s)1476 5458 y Fi(0)1499 5494 y Fu(,)p eop
%%Page: 187 197
187 196 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
b(187)p 0 193 3473 4 v 244 515 a Fu(if)31 b Ft(h)p Fs(S)12
b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)798 479 y Fi(0)854
515 y Fu(then)h Fs(Q)42 b(s)1241 479 y Fi(0)1297 515
y Fu(=)32 b Fw(tt)0 719 y Fu(The)i(predicate)e(is)g(called)g(the)h
Fs(we)-5 b(akest)34 b(lib)-5 b(er)g(al)34 b(pr)-5 b(e)g(c)g(ondition)39
b Fu(for)32 b Fs(Q)42 b Fu(and)32 b(it)g(satis\014es:)p
0 839 3473 5 v 0 1014 a Fw(F)-9 b(act)37 b(6.20)49 b
Fu(F)-8 b(or)32 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 b
Fu(and)33 b(predicate)f Fs(Q)42 b Fu(w)m(e)34 b(ha)m(v)m(e)145
1217 y Ft(\017)49 b(j)-17 b Fu(=)331 1232 y Fn(p)407
1217 y Ft(f)32 b Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9
b Fu(\))33 b Ft(g)f Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)1958
b Fu(\(*\))145 1421 y Ft(\017)49 b Fu(if)31 b Ft(j)-17
b Fu(=)420 1436 y Fn(p)496 1421 y Ft(f)32 b Fs(P)43 b
Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(then)i
Fs(P)42 b Ft(\))33 b Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9
b Fu(\))1247 b(\(**\))0 1625 y(meaning)31 b(that)i(wlp\()p
Fs(S)12 b Fu(,)32 b Fs(Q)9 b Fu(\))32 b(is)g(the)h(w)m(eak)m(est)i(p)s
(ossible)d(precondition)g(for)g Fs(S)44 b Fu(and)33 b
Fs(Q)9 b Fu(.)p 0 1745 V 0 1948 a Fw(Pro)s(of:)54 b Fu(T)-8
b(o)47 b(v)m(erify)h(that)e(\(*\))h(holds)g(let)f Fs(s)55
b Fu(and)48 b Fs(s)1971 1912 y Fi(0)2041 1948 y Fu(b)s(e)f(states)h
(suc)m(h)h(that)e Ft(h)p Fs(S)12 b Fu(,)47 b Fs(s)8 b
Ft(i)46 b(!)h Fs(s)3449 1912 y Fi(0)0 2069 y Fu(and)38
b(wlp\()p Fs(S)12 b Fu(,)33 b Fs(Q)9 b Fu(\))32 b Fs(s)41
b Fu(=)32 b Fw(tt)o Fu(.)61 b(F)-8 b(rom)37 b(the)i(de\014nition)e(of)h
(wlp\()p Fs(S)12 b Fu(,)38 b Fs(Q)9 b Fu(\))38 b(w)m(e)i(get)e(that)g
Fs(Q)47 b(s)3209 2033 y Fi(0)3271 2069 y Fu(=)38 b Fw(tt)0
2189 y Fu(as)k(required.)71 b(T)-8 b(o)42 b(v)m(erify)g(that)f(\(**\))g
(holds)h(assume)g(that)f Ft(j)-17 b Fu(=)2362 2204 y
Fn(p)2447 2189 y Ft(f)42 b Fs(P)52 b Ft(g)41 b Fs(S)54
b Ft(f)41 b Fs(Q)51 b Ft(g)41 b Fu(and)h(let)0 2310 y
Fs(P)h(s)d Fu(=)33 b Fw(tt)o Fu(.)55 b(If)36 b Ft(h)p
Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1033
2273 y Fi(0)1092 2310 y Fu(then)37 b Fs(Q)46 b(s)1487
2273 y Fi(0)1546 2310 y Fu(=)37 b Fw(tt)e Fu(\(b)s(ecause)j
Ft(j)-17 b Fu(=)2272 2325 y Fn(p)2351 2310 y Ft(f)36
b Fs(P)47 b Ft(g)36 b Fs(S)48 b Ft(f)36 b Fs(Q)46 b Ft(g)p
Fu(\))36 b(so)g(clearly)0 2430 y(wlp\()p Fs(S)12 b Fu(,)p
Fs(Q)d Fu(\))32 b Fs(s)41 b Fu(=)32 b Fw(tt)o Fu(.)2657
b Fh(2)0 2742 y Fw(Exercise)36 b(6.21)49 b Fu(Pro)m(v)m(e)34
b(that)f(the)g(predicate)f Fs(INV)52 b Fu(of)32 b(Example)g(6.9)g
(satis\014es)269 2909 y Fs(INV)51 b Fu(=)32 b(wlp\()p
Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h
Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fu(1\),)i Fr(y)e Fu(=)h
Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g Fo(>)g Fr(0)p Fu(\))164
b Fh(2)0 3138 y Fw(Exercise)36 b(6.22)49 b Fu(Another)f(in)m(teresting)
e(predicate)h(called)f(the)h Fs(str)-5 b(ongest)48 b(p)-5
b(ostc)g(ondition)0 3258 y Fu(for)32 b Fs(S)44 b Fu(and)33
b Fs(P)43 b Fu(can)33 b(b)s(e)g(de\014ned)h(b)m(y)244
3462 y(sp\()p Fs(P)10 b Fu(,)33 b Fs(S)12 b Fu(\))33
b Fs(s)696 3426 y Fi(0)752 3462 y Fu(=)f Fw(tt)0 3665
y Fu(if)f(and)i(only)f(if)244 3869 y(there)h(exists)h
Fs(s)40 b Fu(suc)m(h)34 b(that)f Ft(h)o Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1739 3833 y Fi(0)1795 3869
y Fu(and)h Fs(P)43 b(s)d Fu(=)33 b Fw(tt)0 4072 y Fu(Pro)m(v)m(e)h
(that)145 4276 y Ft(\017)49 b(j)-17 b Fu(=)331 4291 y
Fn(p)407 4276 y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45
b Ft(f)32 b Fu(sp\()p Fs(P)10 b Fu(,)34 b Fs(S)12 b Fu(\))32
b Ft(g)145 4479 y(\017)49 b Fu(if)31 b Ft(j)-17 b Fu(=)420
4494 y Fn(p)496 4479 y Ft(f)32 b Fs(P)43 b Ft(g)33 b
Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(then)i(sp\()p
Fs(P)10 b Fu(,)33 b Fs(S)12 b Fu(\))32 b Ft(\))h Fs(Q)0
4683 y Fu(Th)m(us)h(sp\()p Fs(P)10 b Fu(,)34 b Fs(S)12
b Fu(\))32 b(is)g(the)h(strongest)g(p)s(ossible)f(p)s(ostcondition)g
(for)g Fs(P)43 b Fu(and)32 b Fs(S)12 b Fu(.)544 b Fh(2)p
0 4912 V 0 5086 a Fw(Lemma)37 b(6.23)49 b Fu(The)d(inference)f(system)h
(of)e(T)-8 b(able)45 b(6.1)f(is)g(complete,)j(that)e(is)f(for)h(ev)m
(ery)0 5206 y(partial)30 b(correctness)35 b(form)m(ula)c
Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42
b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)269 5374 y Ft(j)-17
b Fu(=)356 5389 y Fn(p)432 5374 y Ft(f)32 b Fs(P)43 b
Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)33 b Fu(implies)d
Ft(`)1478 5389 y Fn(p)1554 5374 y Ft(f)i Fs(P)43 b Ft(g)32
b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)p 0 5494 V eop
%%Page: 188 198
188 197 bop 251 130 a Fw(188)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 a(Pro)s(of:)38 b Fu(The)33 b(completeness)h(result)e(follo)m(ws)f
(if)h(w)m(e)h(can)g(infer)552 683 y Ft(`)613 698 y Fn(p)689
683 y Ft(f)f Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9 b
Fu(\))33 b Ft(g)f Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)1958
b Fu(\(*\))283 851 y(for)32 b(all)f(statemen)m(ts)j Fs(S)44
b Fu(and)33 b(predicates)g Fs(Q)9 b Fu(.)33 b(T)-8 b(o)32
b(see)i(this)e(supp)s(ose)i(that)527 1046 y Ft(j)-17
b Fu(=)614 1061 y Fn(p)690 1046 y Ft(f)32 b Fs(P)43 b
Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1242
y Fu(Then)34 b(F)-8 b(act)32 b(6.20)g(giv)m(es)h(that)527
1438 y Fs(P)43 b Ft(\))32 b Fu(wlp\()p Fs(S)12 b Fu(,)p
Fs(Q)d Fu(\))283 1633 y(so)33 b(that)g(\(*\))f(and)g([cons)1172
1648 y Fn(p)1217 1633 y Fu(])g(giv)m(e)527 1829 y Ft(`)588
1844 y Fn(p)664 1829 y Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)44
b Ft(f)32 b Fs(Q)42 b Ft(g)283 2025 y Fu(as)33 b(required.)430
2145 y(T)-8 b(o)32 b(pro)m(v)m(e)i(\(*\))e(w)m(e)i(pro)s(ceed)f(b)m(y)h
(structural)e(induction)g(on)g(the)h(statemen)m(t)g Fs(S)12
b Fu(.)283 2313 y Fw(The)33 b(case)g Fs(x)45 b Fu(:=)32
b Fs(a)7 b Fu(:)44 b(Based)33 b(on)g(the)g(natural)e(seman)m(tics)i(it)
f(is)g(easy)h(to)g(v)m(erify)g(that)527 2508 y(wlp\()p
Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(Q)9 b Fu(\))32
b(=)h Fs(Q)9 b Fu([)p Fs(x)j Ft(7!)o(A)p Fu([)-17 b([)p
Fs(a)7 b Fu(])-17 b(])q(])283 2704 y(so)33 b(the)g(result)g(follo)m(ws)
e(directly)h(from)f([ass)1900 2719 y Fn(p)1945 2704 y
Fu(].)283 2872 y Fw(The)i(case)g Fr(skip)p Fu(:)45 b(Since)33
b(wlp\()p Fr(skip)p Fu(,)g Fs(Q)9 b Fu(\))33 b(=)f Fs(Q)42
b Fu(the)33 b(result)f(follo)m(ws)g(from)f([skip)3292
2887 y Fn(p)3336 2872 y Fu(].)283 3039 y Fw(The)i(case)g
Fs(S)806 3054 y Fn(1)846 3039 y Fu(;)p Fs(S)940 3054
y Fn(2)979 3039 y Fu(:)44 b(The)33 b(induction)f(h)m(yp)s(othesis)h
(applied)f(to)g Fs(S)2692 3054 y Fn(1)2764 3039 y Fu(and)g
Fs(S)3020 3054 y Fn(2)3092 3039 y Fu(giv)m(es)527 3235
y Ft(`)588 3250 y Fn(p)664 3235 y Ft(f)g Fu(wlp\()p Fs(S)1003
3250 y Fn(2)1042 3235 y Fu(,)h Fs(Q)9 b Fu(\))33 b Ft(g)f
Fs(S)1406 3250 y Fn(2)1478 3235 y Ft(f)g Fs(Q)42 b Ft(g)283
3431 y Fu(and)527 3626 y Ft(`)588 3641 y Fn(p)664 3626
y Ft(f)32 b Fu(wlp\()p Fs(S)1003 3641 y Fn(1)1042 3626
y Fu(,)h(wlp\()p Fs(S)1359 3641 y Fn(2)1398 3626 y Fu(,)g
Fs(Q)9 b Fu(\)\))32 b Ft(g)g Fs(S)1799 3641 y Fn(1)1871
3626 y Ft(f)h Fu(wlp\()p Fs(S)2211 3641 y Fn(2)2249 3626
y Fu(,)g Fs(Q)9 b Fu(\))33 b Ft(g)283 3822 y Fu(so)g(that)g([comp)870
3837 y Fn(p)913 3822 y Fu(])f(giv)m(es)527 4018 y Ft(`)588
4033 y Fn(p)664 4018 y Ft(f)g Fu(wlp\()p Fs(S)1003 4033
y Fn(1)1042 4018 y Fu(,)h(wlp\()p Fs(S)1359 4033 y Fn(2)1398
4018 y Fu(,)g Fs(Q)9 b Fu(\)\))32 b Ft(g)g Fs(S)1799
4033 y Fn(1)1839 4018 y Fu(;)p Fs(S)1933 4033 y Fn(2)2005
4018 y Ft(f)g Fs(Q)42 b Ft(g)283 4213 y Fu(W)-8 b(e)33
b(shall)f(no)m(w)h(pro)m(v)m(e)h(that)527 4409 y(wlp\()p
Fs(S)784 4424 y Fn(1)823 4409 y Fu(;)p Fs(S)917 4424
y Fn(2)957 4409 y Fu(,)e Fs(Q)9 b Fu(\))33 b Ft(\))f
Fu(wlp\()p Fs(S)1560 4424 y Fn(1)1599 4409 y Fu(,)h(wlp\()p
Fs(S)1916 4424 y Fn(2)1955 4409 y Fu(,)f Fs(Q)9 b Fu(\)\))283
4605 y(as)27 b(then)h([cons)825 4620 y Fn(p)869 4605
y Fu(])f(will)d(giv)m(e)j(the)g(required)g(pro)s(of)f(in)g(the)h
(inference)h(system.)42 b(So)27 b(assume)g(that)283 4725
y(wlp\()p Fs(S)540 4740 y Fn(1)579 4725 y Fu(;)p Fs(S)673
4740 y Fn(2)713 4725 y Fu(,)j Fs(Q)9 b Fu(\))30 b Fs(s)37
b Fu(=)30 b Fw(tt)e Fu(and)i(w)m(e)h(shall)d(sho)m(w)j(that)e(wlp\()p
Fs(S)2478 4740 y Fn(1)2517 4725 y Fu(,)k(wlp\()p Fs(S)2834
4740 y Fn(2)2873 4725 y Fu(,)f Fs(Q)9 b Fu(\)\))33 b
Fs(s)41 b Fu(=)32 b Fw(tt)o Fu(.)43 b(This)29 b(is)283
4845 y(ob)m(vious)36 b(unless)f(there)h(is)e(a)h(state)g
Fs(s)1654 4809 y Fi(0)1713 4845 y Fu(suc)m(h)h(that)f
Ft(h)p Fs(S)2255 4860 y Fn(1)2294 4845 y Fu(,)g Fs(s)8
b Ft(i)35 b(!)g Fs(s)2661 4809 y Fi(0)2719 4845 y Fu(and)g(then)h(w)m
(e)g(m)m(ust)f(pro)m(v)m(e)283 4966 y(that)j(wlp\()p
Fs(S)757 4981 y Fn(2)796 4966 y Fu(,)i Fs(Q)9 b Fu(\))38
b Fs(s)1071 4930 y Fi(0)1132 4966 y Fu(=)g Fw(tt)p Fu(.)60
b(Ho)m(w)m(ev)m(er,)42 b(this)37 b(is)h(ob)m(vious)g(to)s(o)g(unless)h
(there)f(is)g(a)g(state)g Fs(s)3713 4930 y Fi(00)283
5086 y Fu(suc)m(h)33 b(that)e Ft(h)p Fs(S)818 5101 y
Fn(2)857 5086 y Fu(,)i Fs(s)965 5050 y Fi(0)988 5086
y Ft(i)f(!)g Fs(s)1239 5050 y Fi(00)1313 5086 y Fu(and)f(then)h(w)m(e)g
(m)m(ust)f(pro)m(v)m(e)i(that)e Fs(Q)40 b(s)2739 5050
y Fi(00)2812 5086 y Fu(=)31 b Fw(tt)p Fu(.)43 b(But)31
b(b)m(y)h([comp)3658 5101 y Fn(ns)3729 5086 y Fu(])283
5206 y(w)m(e)i(ha)m(v)m(e)g Ft(h)p Fs(S)758 5221 y Fn(1)797
5206 y Fu(;)p Fs(S)891 5221 y Fn(2)930 5206 y Fu(,)f
Fs(s)8 b Ft(i)32 b(!)g Fs(s)1289 5170 y Fi(00)1365 5206
y Fu(so)g(that)h Fs(Q)41 b(s)1860 5170 y Fi(00)1935 5206
y Fu(=)33 b Fw(tt)e Fu(follo)m(ws)h(from)f(wlp\()p Fs(S)2971
5221 y Fn(1)3010 5206 y Fu(;)p Fs(S)3104 5221 y Fn(2)3143
5206 y Fu(,)i Fs(Q)9 b Fu(\))33 b Fs(s)40 b Fu(=)33 b
Fw(tt)o Fu(.)283 5374 y Fw(The)g(case)g Fr(if)g Fs(b)38
b Fr(then)c Fs(S)1262 5389 y Fn(1)1333 5374 y Fr(else)g
Fs(S)1638 5389 y Fn(2)1677 5374 y Fu(:)43 b(The)33 b(induction)f(h)m
(yp)s(othesis)h(applied)f(to)g Fs(S)3389 5389 y Fn(1)3460
5374 y Fu(and)h Fs(S)3717 5389 y Fn(2)283 5494 y Fu(giv)m(es)p
eop
%%Page: 189 199
189 198 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
b(189)p 0 193 3473 4 v 244 515 a Ft(`)305 530 y Fn(p)381
515 y Ft(f)32 b Fu(wlp\()p Fs(S)720 530 y Fn(1)759 515
y Fu(,)h Fs(Q)9 b Fu(\))32 b Ft(g)g Fs(S)1122 530 y Fn(1)1194
515 y Ft(f)h Fs(Q)41 b Ft(g)33 b Fu(and)f Ft(`)1726 530
y Fn(p)1802 515 y Ft(f)g Fu(wlp\()p Fs(S)2141 530 y Fn(2)2180
515 y Fu(,)h Fs(Q)9 b Fu(\))32 b Ft(g)h Fs(S)2544 530
y Fn(2)2616 515 y Ft(f)f Fs(Q)42 b Ft(g)0 722 y Fu(De\014ne)33
b(the)g(predicate)g Fs(P)43 b Fu(b)m(y)244 929 y Fs(P)g
Fu(=)32 b(\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])33 b Ft(^)g Fu(wlp\()p Fs(S)1082 944 y Fn(1)1121
929 y Fu(,)g Fs(Q)9 b Fu(\)\))32 b Ft(_)h Fu(\()p Ft(:B)t
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fu(wlp\()p
Fs(S)2160 944 y Fn(2)2198 929 y Fu(,)g Fs(Q)9 b Fu(\)\))0
1136 y(Then)34 b(w)m(e)f(ha)m(v)m(e)244 1343 y(\()p Ft(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10
b Fu(\))33 b Ft(\))f Fu(wlp\()p Fs(S)1144 1358 y Fn(1)1183
1343 y Fu(,)g Fs(Q)9 b Fu(\))33 b(and)g(\()p Ft(:B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10
b Fu(\))33 b Ft(\))f Fu(wlp\()p Fs(S)2553 1358 y Fn(2)2592
1343 y Fu(,)h Fs(Q)9 b Fu(\))0 1550 y(so)33 b([cons)331
1565 y Fn(p)375 1550 y Fu(])g(can)f(b)s(e)h(applied)f(t)m(wice)h(and)f
(giv)m(es)244 1757 y Ft(`)305 1772 y Fn(p)381 1757 y
Ft(f)g(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b
Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1047 1772 y Fn(1)1119
1757 y Ft(f)g Fs(Q)42 b Ft(g)32 b Fu(and)h Ft(`)1651
1772 y Fn(p)1727 1757 y Ft(f)f(:B)t Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])33 b Ft(^)g Fs(P)42 b Ft(g)33 b Fs(S)2460
1772 y Fn(2)2532 1757 y Ft(f)f Fs(Q)42 b Ft(g)0 1964
y Fu(Using)32 b([if)359 1979 y Fn(p)402 1964 y Fu(])g(w)m(e)i
(therefore)f(get)244 2171 y Ft(`)305 2186 y Fn(p)381
2171 y Ft(f)f Fs(P)43 b Ft(g)32 b Fr(if)h Fs(b)39 b Fr(then)33
b Fs(S)1177 2186 y Fn(1)1249 2171 y Fr(else)h Fs(S)1554
2186 y Fn(2)1625 2171 y Ft(f)f Fs(Q)41 b Ft(g)0 2378
y Fu(T)-8 b(o)33 b(see)g(that)g(this)f(is)g(the)h(desired)g(result)g
(it)e(su\016ces)k(to)d(sho)m(w)i(that)244 2585 y(wlp\()p
Fr(if)f Fs(b)38 b Fr(then)c Fs(S)957 2600 y Fn(1)1028
2585 y Fr(else)g Fs(S)1333 2600 y Fn(2)1372 2585 y Fu(,)f
Fs(Q)9 b Fu(\))32 b Ft(\))h Fs(P)0 2792 y Fu(and)g(this)f(is)g(straigh)
m(tforw)m(ard)g(b)m(y)i(cases)g(on)e(the)h(v)-5 b(alue)32
b(of)g Fs(b)6 b Fu(.)0 2959 y Fw(The)33 b(case)g Fr(while)h
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(:)33 b(De\014ne)g(the)g(predicate)g
Fs(P)43 b Fu(b)m(y)244 3166 y Fs(P)g Fu(=)32 b(wlp\()p
Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(Q)9
b Fu(\))0 3373 y(W)-8 b(e)33 b(\014rst)g(sho)m(w)h(that)269
3541 y(\()p Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
b(])33 b Ft(^)g Fs(P)10 b Fu(\))33 b Ft(\))f Fs(Q)2246
b Fu(\(**\))269 3708 y(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])33 b Ft(^)g Fs(P)10 b Fu(\))33 b Ft(\))f
Fu(wlp\()p Fs(S)12 b Fu(,)p Fs(P)e Fu(\))1940 b(\(***\))0
3876 y(T)-8 b(o)36 b(v)m(erify)h(\(**\))e(let)g Fs(s)45
b Fu(b)s(e)36 b(suc)m(h)h(that)f(\()p Ft(:)q(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])36 b Ft(^)h Fs(P)10 b Fu(\))36
b Fs(s)44 b Fu(=)36 b Fw(tt)p Fu(.)53 b(Then)37 b(it)e(m)m(ust)i(b)s(e)
f(the)g(case)0 3996 y(that)i Ft(h)p Fr(while)33 b Fs(b)39
b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f
Fs(s)46 b Fu(so)38 b(w)m(e)h(ha)m(v)m(e)h Fs(Q)47 b(s)f
Fu(=)38 b Fw(tt)p Fu(.)59 b(T)-8 b(o)38 b(v)m(erify)h(\(***\))e(let)h
Fs(s)46 b Fu(b)s(e)38 b(suc)m(h)0 4117 y(that)33 b(\()p
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
Fs(P)10 b Fu(\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)f Fu(and)h(w)m(e)i
(shall)c(sho)m(w)k(that)e(wlp\()p Fs(S)12 b Fu(,)p Fs(P)e
Fu(\))33 b Fs(s)41 b Fu(=)33 b Fw(tt)p Fu(.)44 b(This)33
b(is)g(ob)m(vious)0 4237 y(unless)j(there)h(is)e(a)h(state)g
Fs(s)1020 4201 y Fi(0)1079 4237 y Fu(suc)m(h)h(that)f
Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1981
4201 y Fi(0)2040 4237 y Fu(in)j(whic)m(h)i(case)f(w)m(e)h(shall)e(pro)m
(v)m(e)i(that)0 4358 y Fs(P)44 b(s)158 4321 y Fi(0)215
4358 y Fu(=)33 b Fw(tt)p Fu(.)46 b(W)-8 b(e)34 b(ha)m(v)m(e)h(t)m(w)m
(o)f(cases.)48 b(First)32 b(w)m(e)j(assume)f(that)g Ft(h)o
Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)3005
4321 y Fi(0)3028 4358 y Ft(i)h(!)f Fs(s)3280 4321 y Fi(00)3356
4358 y Fu(for)0 4478 y(some)38 b Fs(s)298 4442 y Fi(00)341
4478 y Fu(.)61 b(Then)39 b([while)939 4442 y Fn(tt)939
4503 y(ns)1009 4478 y Fu(])g(giv)m(es)g(us)g(that)f Ft(h)p
Fr(while)h Fs(b)44 b Fr(do)39 b Fs(S)12 b Fu(,)38 b Fs(s)8
b Ft(i)39 b(!)e Fs(s)2674 4442 y Fi(00)2755 4478 y Fu(and)i(since)g
Fs(P)48 b(s)f Fu(=)0 4598 y Fw(tt)34 b Fu(w)m(e)h(get)f(that)h
Fs(Q)43 b(s)811 4562 y Fi(00)888 4598 y Fu(=)34 b Fw(tt)g
Fu(using)g(F)-8 b(act)34 b(6.20.)48 b(But)35 b(this)f(means)g(that)h
Fs(P)44 b(s)2906 4562 y Fi(0)2964 4598 y Fu(=)34 b Fw(tt)g
Fu(as)g(w)m(as)0 4719 y(required.)74 b(In)43 b(the)h(second)g(case)f(w)
m(e)h(assume)f(that)g Ft(h)p Fr(while)33 b Fs(b)39 b
Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2745 4683 y Fi(0)2769
4719 y Ft(i)g(!)g Fs(s)3020 4683 y Fi(00)3105 4719 y
Fu(do)s(es)43 b Fs(not)0 4839 y Fu(hold)29 b(for)g(an)m(y)h(state)h
Fs(s)826 4803 y Fi(00)868 4839 y Fu(.)43 b(But)29 b(this)h(means)g
(that)f Fs(P)43 b(s)1977 4803 y Fi(0)2033 4839 y Fu(=)32
b Fw(tt)d Fu(holds)g(v)-5 b(acuously)30 b(and)g(w)m(e)h(ha)m(v)m(e)0
4960 y(\014nished)i(the)g(pro)s(of)f(of)g(\(***\).)146
5081 y(The)i(induction)d(h)m(yp)s(othesis)j(applied)e(to)g(the)h(b)s(o)
s(dy)f Fs(S)45 b Fu(of)32 b(the)h Fr(while)p Fu(-lo)s(op)f(giv)m(es)244
5288 y Ft(`)305 5303 y Fn(p)381 5288 y Ft(f)g Fu(wlp\()p
Fs(S)12 b Fu(,)p Fs(P)e Fu(\))32 b Ft(g)h Fs(S)44 b Ft(f)32
b Fs(P)43 b Ft(g)0 5494 y Fu(and)33 b(using)f(\(***\))g(together)g
(with)h([cons)1518 5509 y Fn(p)1562 5494 y Fu(])f(w)m(e)i(get)p
eop
%%Page: 190 200
190 199 bop 251 130 a Fw(190)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Ft(`)588 530 y Fn(p)664 515 y Ft(f)32 b(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])34 b Ft(^)e Fs(P)43 b Ft(g)33
b Fs(S)44 b Ft(f)32 b Fs(P)43 b Ft(g)283 704 y Fu(W)-8
b(e)33 b(can)g(no)m(w)h(apply)e(the)h(rule)f([while)1715
719 y Fn(p)1758 704 y Fu(])g(and)h(get)527 892 y Ft(`)588
907 y Fn(p)664 892 y Ft(f)f Fs(P)43 b Ft(g)33 b Fr(while)g
Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(f)33 b(:B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)283
1081 y Fu(Finally)-8 b(,)30 b(w)m(e)k(use)g(\(**\))d(together)i(with)f
([cons)1970 1096 y Fn(p)2015 1081 y Fu(])g(and)h(get)527
1270 y Ft(`)588 1285 y Fn(p)664 1270 y Ft(f)f Fs(P)43
b Ft(g)33 b Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)44 b
Ft(f)33 b Fs(Q)41 b Ft(g)283 1458 y Fu(as)33 b(required.)2902
b Fh(2)283 1750 y Fw(Exercise)37 b(6.24)49 b Fu(Pro)m(v)m(e)34
b(that)e(the)h(inference)g(system)h(for)e(the)h Fr(while)p
Fu(-language)f(extended)283 1870 y(with)27 b Fr(repeat)i
Fs(S)40 b Fr(until)28 b Fs(b)34 b Fu(as)27 b(in)g(Exercise)i(6.11)d(is)
h(complete.)41 b(\(If)28 b(not)f(y)m(ou)h(should)f(impro)m(v)m(e)283
1990 y(y)m(our)34 b(rule)e(for)g Fr(repeat)i Fs(S)44
b Fr(until)34 b Fs(b)6 b Fu(.\))1987 b Fh(2)283 2199
y Fw(Exercise)37 b(6.25)49 b Fu(*)f(Pro)m(v)m(e)h(the)f(completeness)h
(of)f(the)g(inference)h(system)g(of)f(T)-8 b(able)47
b(6.1)283 2319 y(using)31 b(the)h Fs(str)-5 b(ongest)33
b(p)-5 b(ostc)g(onditions)38 b Fu(of)30 b(Exercise)j(6.22)d(rather)h
(than)g(the)g(w)m(eak)m(est)j(lib)s(eral)283 2440 y(preconditions)f(as)
f(used)i(in)e(the)h(pro)s(of)f(of)g(Lemma)f(6.23.)1256
b Fh(2)283 2648 y Fw(Exercise)37 b(6.26)49 b Fu(De\014ne)42
b(a)g(notion)f(of)g(v)-5 b(alidit)m(y)40 b(based)j(on)f(the)h
(denotational)d(seman)m(tics)283 2768 y(of)c(Chapter)h(4)f(and)h(pro)m
(v)m(e)g(the)g(soundness)i(of)d(the)g(inference)h(system)g(of)f(T)-8
b(able)36 b(6.1)g(using)283 2889 y(this)46 b(de\014nition,)i(that)e(is)
f(without)g(using)h(the)g(equiv)-5 b(alence)46 b(b)s(et)m(w)m(een)i
(the)e(denotational)283 3009 y(seman)m(tics)33 b(and)g(the)g(op)s
(erational)d(seman)m(tics.)1648 b Fh(2)283 3218 y Fw(Exercise)37
b(6.27)49 b Fu(Use)34 b(the)f(de\014nition)f(of)g(v)-5
b(alidit)m(y)31 b(of)i(Exercise)h(6.26)e(and)h(pro)m(v)m(e)i(the)e
(com-)283 3338 y(pleteness)h(of)f(the)g(inference)g(system)g(of)f(T)-8
b(able)33 b(6.1.)1441 b Fh(2)283 3624 y Fp(Expressiv)l(eness)47
b(problems)e(\(in)g(the)h(in)l(tensional)g(approac)l(h\))283
3809 y Fu(So)34 b(far)f(w)m(e)i(ha)m(v)m(e)g(only)f(considered)g(the)g
(extensional)g(approac)m(h)g(where)h(the)f(preconditions)283
3930 y(and)23 b(p)s(ostconditions)f(of)h(the)g(form)m(ulae)e(are)i
(predicates.)41 b(In)23 b(the)g Fs(intensional)i(appr)-5
b(o)g(ach)29 b Fu(they)283 4050 y(are)j(form)m(ulae)f(of)g(some)h
(assertion)g(language)f Ft(L)p Fu(.)43 b(The)33 b(axioms)d(and)i(rules)
g(of)g(the)g(inference)283 4170 y(system)43 b(will)c(b)s(e)i(as)h(in)e
(T)-8 b(able)41 b(6.1,)i(the)f(only)f(di\013erence)h(b)s(eing)f(that)g
(the)g(preconditions)283 4291 y(and)j(p)s(ostconditions)e(are)h(form)m
(ulae)f(of)g Ft(L)h Fu(and)h(that)f(op)s(erations)f(suc)m(h)i(as)g
Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7
b Fu(])-17 b(])q(],)283 4411 y Fs(P)359 4426 y Fn(1)432
4411 y Ft(^)33 b Fs(P)607 4426 y Fn(2)679 4411 y Fu(and)g
Fs(P)945 4426 y Fn(1)1017 4411 y Ft(\))f Fs(P)1225 4426
y Fn(2)1298 4411 y Fu(are)g(op)s(erations)g(on)g(form)m(ulae)f(of)h
Ft(L)p Fu(.)430 4531 y(It)45 b(will)d(b)s(e)j(natural)f(to)h(let)f
Ft(L)g Fu(include)h(the)g(b)s(o)s(olean)e(expressions)k(of)d
Fw(While)p Fu(.)79 b(The)283 4652 y(soundness)43 b(pro)s(of)38
b(of)i(Lemma)e(6.17)h(then)i(carries)e(directly)h(o)m(v)m(er)h(to)e
(the)h(in)m(tensional)e(ap-)283 4772 y(proac)m(h.)54
b(Unfortunately)-8 b(,)36 b(this)g(is)f(not)h(the)g(case)h(for)e(the)h
(completeness)h(pro)s(of)e(of)g(Lemma)283 4893 y(6.23.)43
b(The)31 b(reason)g(is)f(that)g(the)h(predicates)g(wlp\()p
Fs(S)12 b Fu(,)30 b Fs(Q)9 b Fu(\))31 b(used)h(as)e(preconditions)g(no)
m(w)i(ha)m(v)m(e)283 5013 y(to)h(b)s(e)f(represen)m(ted)k(as)c(form)m
(ulae)f(of)h Ft(L)h Fu(and)f(that)h(this)f(ma)m(y)g(not)h(b)s(e)g(p)s
(ossible.)430 5133 y(T)-8 b(o)22 b(illustrate)e(the)j(problems)e(let)h
Fs(S)34 b Fu(b)s(e)22 b(a)g(statemen)m(t,)j(for)d(example)f(a)h(univ)m
(ersal)g(program)283 5254 y(in)j(the)g(sense)h(of)f(recursion)g(theory)
-8 b(,)27 b(that)d(has)i(an)e(undecidable)h(Halting)e(problem.)40
b(F)-8 b(urther,)283 5374 y(supp)s(ose)37 b(that)d Ft(L)g
Fu(only)h(con)m(tains)f(the)h(b)s(o)s(olean)f(expressions)i(of)e
Fw(While)p Fu(.)49 b(Finally)-8 b(,)32 b(assume)283 5494
y(that)h(there)g(is)f(a)g(form)m(ula)f Fs(b)1332 5509
y Fc(S)1415 5494 y Fu(of)i Ft(L)f Fu(suc)m(h)i(that)e(for)g(all)f
(states)i Fs(s)p eop
%%Page: 191 201
191 200 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
(system)1315 b(191)p 0 193 3473 4 v 244 515 a Ft(B)s
Fu([)-17 b([)q Fs(b)401 530 y Fc(S)452 515 y Fu(])g(])33
b Fs(s)40 b Fu(=)33 b Fw(tt)e Fu(if)h(and)h(only)f(if)f(wlp\()p
Fs(S)12 b Fu(,)32 b Fr(false)p Fu(\))i Fs(s)41 b Fu(=)32
b Fw(tt)0 720 y Fu(Then)i(also)d Ft(:)q Fs(b)568 735
y Fc(S)651 720 y Fu(is)h(a)g(form)m(ula)f(of)h Ft(L)p
Fu(.)43 b(W)-8 b(e)33 b(ha)m(v)m(e)244 925 y Ft(B)s Fu([)-17
b([)q Fs(b)401 940 y Fc(S)452 925 y Fu(])g(])33 b Fs(s)40
b Fu(=)33 b Fw(tt)e Fu(if)h(and)h(only)f(if)f(the)i(computation)e(of)h
Fs(S)45 b Fu(on)32 b Fs(s)41 b Fu(lo)s(ops)0 1130 y(and)33
b(hence)244 1335 y Ft(B)s Fu([)-17 b([)q Ft(:)p Fs(b)467
1350 y Fc(S)518 1335 y Fu(])g(])33 b Fs(s)41 b Fu(=)32
b Fw(tt)g Fu(if)f(and)i(only)f(if)f(the)i(computation)e(of)i
Fs(S)44 b Fu(on)32 b Fs(s)41 b Fu(terminates)0 1540 y(W)-8
b(e)32 b(no)m(w)h(ha)m(v)m(e)h(a)d(con)m(tradiction:)42
b(the)33 b(assumptions)f(ab)s(out)f Fs(S)44 b Fu(ensure)34
b(that)d Ft(B)t Fu([)-17 b([)q Ft(:)p Fs(b)3143 1555
y Fc(S)3194 1540 y Fu(])g(])32 b(m)m(ust)0 1660 y(b)s(e)48
b(an)g(undecidable)g(function;)56 b(on)48 b(the)g(other)h(hand)f(T)-8
b(able)48 b(1.2)g(suggests)h(an)f(ob)m(vious)0 1780 y(algorithm)27
b(for)i(ev)-5 b(aluating)29 b Ft(B)s Fu([)-17 b([)q Ft(:)p
Fs(b)1278 1795 y Fc(S)1329 1780 y Fu(])g(].)43 b(Hence)31
b(our)f(assumption)g(ab)s(out)f(the)i(existence)g(of)f
Fs(b)3422 1795 y Fc(S)0 1901 y Fu(m)m(ust)j(b)s(e)f(mistak)m(en.)44
b(Consequen)m(tly)35 b(w)m(e)e(cannot)g(mimic)d(the)j(pro)s(of)e(of)h
(Lemma)g(6.23.)146 2021 y(The)g(ob)m(vious)f(remedy)g(is)g(to)f(extend)
i Ft(L)f Fu(to)f(b)s(e)h(a)g(m)m(uc)m(h)g(more)f(p)s(o)m(w)m(erful)h
(language)f(that)0 2142 y(allo)m(ws)h(quan)m(ti\014cation)f(as)i(w)m
(ell.)43 b(A)31 b(cen)m(tral)h(concept)h(is)e(that)g
Ft(L)g Fu(m)m(ust)h(b)s(e)g Fs(expr)-5 b(essive)38 b
Fu(with)0 2262 y(resp)s(ect)28 b(to)e Fw(While)e Fu(and)j(its)f(seman)m
(tics,)i(and)e(one)h(then)g(sho)m(ws)h(that)e(T)-8 b(able)26
b(6.1)g(is)g Fs(r)-5 b(elatively)0 2383 y(c)g(omplete)40
b Fu(\(in)32 b(the)h(sense)i(of)e(Co)s(ok\).)45 b(It)33
b(is)g(b)s(ey)m(ond)h(the)g(scop)s(e)g(of)e(this)h(b)s(o)s(ok)g(to)g
(go)f(deep)s(er)0 2503 y(in)m(to)g(these)i(matters)e(but)h(w)m(e)g(pro)
m(vide)g(references)i(in)d(Chapter)h(7.)0 2838 y Fj(6.4)161
b(Extensions)52 b(of)i(the)f(axiomatic)i(system)0 3057
y Fu(In)40 b(this)g(section)g(w)m(e)h(shall)d(consider)i(t)m(w)m(o)h
(extensions)g(of)e(the)h(inference)h(system)g(for)e(par-)0
3178 y(tial)i(correctness)j(assertions.)75 b(The)43 b(\014rst)h
(extension)f(sho)m(ws)i(ho)m(w)e(the)g(approac)m(h)g(can)g(b)s(e)0
3298 y(mo)s(di\014ed)29 b(to)h(pro)m(v)m(e)i Fs(total)h(c)-5
b(orr)g(e)g(ctness)33 b(assertions)k Fu(thereb)m(y)c(allo)m(wing)28
b(us)j(to)f(reason)h(ab)s(out)0 3418 y(termination)39
b(prop)s(erties.)68 b(In)42 b(the)f(second)i(extension)f(w)m(e)g
(consider)f(ho)m(w)h(to)e(extend)j(the)0 3539 y(inference)31
b(systems)h(to)e(more)g(language)f(constructs,)k(in)c(particular)g
(recursiv)m(e)j(pro)s(cedures.)0 3950 y Fp(T)-11 b(otal)45
b(correctness)h(assertions)0 4135 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)i
(consider)g(form)m(ulae)e(of)h(the)h(form)244 4340 y
Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42
b Ft(g)0 4545 y Fu(The)34 b(idea)d(is)i(that)244 4750
y Fs(if)53 b Fu(the)33 b(precondition)f Fs(P)43 b Fu(is)32
b(ful\014lled)244 4917 y Fs(then)40 b(S)k Fu(is)32 b(guaran)m(teed)h
(to)g(terminate)e(\(as)i(recorded)g(b)m(y)h(the)f(sym)m(b)s(ol)f
Ft(+)p Fu(\))244 5085 y Fs(and)42 b Fu(the)33 b(\014nal)f(state)h(will)
d(satisfy)j(the)g(p)s(ostcondition)e Fs(Q)9 b Fu(.)0
5290 y(This)33 b(is)f(formalized)e(b)m(y)k(de\014ning)e(v)-5
b(alidit)m(y)31 b(of)h Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)45
b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(b)m(y)244 5494
y Ft(j)-17 b Fu(=)331 5509 y Fn(t)395 5494 y Ft(f)32
b Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)h Fs(Q)41
b Ft(g)p eop
%%Page: 192 202
192 201 bop 251 130 a Fw(192)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
419 V 283 2471 4 2053 v 715 528 a Fu([ass)867 543 y Fn(t)900
528 y Fu(])201 b Ft(f)33 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(])32 b Ft(g)h
Fs(x)44 b Fu(:=)32 b Fs(a)40 b Ft(f)32 b(+)h Fs(P)43
b Ft(g)715 696 y Fu([skip)913 711 y Fn(t)945 696 y Fu(])156
b Ft(f)33 b Fs(P)43 b Ft(g)32 b Fr(skip)i Ft(f)e(+)g
Fs(P)43 b Ft(g)715 988 y Fu([comp)970 1003 y Fn(t)1002
988 y Fu(])1138 901 y Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)1479
916 y Fn(1)1551 901 y Ft(f)g(+)g Fs(Q)42 b Ft(g)p Fu(,)98
b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fs(S)2366 916 y Fn(2)2438
901 y Ft(f)g(+)g Fs(R)37 b Ft(g)p 1138 964 1633 4 v 1499
1069 a(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)1839 1084 y Fn(1)1879
1069 y Fu(;)g Fs(S)2005 1084 y Fn(2)2077 1069 y Ft(f)g(+)h
Fs(R)j Ft(g)715 1327 y Fu([if)800 1342 y Fn(t)831 1327
y Fu(])1138 1240 y Ft(f)d(B)s Fu([)-17 b([)q Fs(b)6 b
Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1805
1255 y Fn(1)1877 1240 y Ft(f)g(+)g Fs(Q)42 b Ft(g)p Fu(,)130
b Ft(f)32 b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)3109 1255 y
Fn(2)3181 1240 y Ft(f)g(+)h Fs(Q)41 b Ft(g)p 1138 1303
2385 4 v 1537 1408 a(f)33 b Fs(P)42 b Ft(g)33 b Fr(if)g
Fs(b)38 b Fr(then)c Fs(S)2334 1423 y Fn(1)2406 1408 y
Fr(else)f Fs(S)2710 1423 y Fn(2)2782 1408 y Ft(f)f(+)h
Fs(Q)41 b Ft(g)715 1666 y Fu([while)965 1681 y Fn(t)996
1666 y Fu(])1412 1579 y Ft(f)32 b Fs(P)10 b Fu(\()p Fw(z)p
Fu(+)p Fw(1)p Fu(\))32 b Ft(g)h Fs(S)44 b Ft(f)32 b(+)h
Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)p 1138 1642
1605 4 v 1138 1747 a(f)h(9)p Fw(z)p Fu(.)p Fs(P)10 b
Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(while)i Fs(b)k Fr(do)33
b Fs(S)45 b Ft(f)32 b(+)g Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33
b Ft(g)1128 1880 y Fu(where)h Fs(P)10 b Fu(\()p Fw(z)p
Fu(+)p Fw(1)p Fu(\))33 b Ft(\))f(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(],)33 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33
b Ft(\))f(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])1128
2048 y(and)33 b Fw(z)f Fu(ranges)h(o)m(v)m(er)h(natural)d(n)m(um)m(b)s
(ers)j(\(that)e(is)g Fw(z)p Ft(\025)q Fw(0)p Fu(\))715
2340 y([cons)926 2355 y Fn(t)959 2340 y Fu(])1171 2253
y Ft(f)g Fs(P)1329 2217 y Fi(0)1385 2253 y Ft(g)h Fs(S)44
b Ft(f)32 b(+)h Fs(Q)1827 2217 y Fi(0)1883 2253 y Ft(g)p
1138 2317 795 4 v 1178 2421 a(f)f Fs(P)43 b Ft(g)32 b
Fs(S)45 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)2040 2340 y Fu(where)34
b Fs(P)43 b Ft(\))32 b Fs(P)2639 2304 y Fi(0)2695 2340
y Fu(and)h Fs(Q)2969 2304 y Fi(0)3025 2340 y Ft(\))f
Fs(Q)p 3753 2471 4 2053 v 283 2474 3473 4 v 966 2635
a Fu(T)-8 b(able)32 b(6.2:)43 b(Axiomatic)31 b(system)i(for)f(total)f
(correctness)283 2900 y(if)h(and)h(only)f(if)527 3074
y(for)g(all)f(states)i Fs(s)8 b Fu(,)33 b(if)e Fs(P)43
b(s)e Fu(=)32 b Fw(tt)g Fu(then)h(there)h(exists)f Fs(s)2493
3038 y Fi(0)2549 3074 y Fu(suc)m(h)h(that)742 3268 y
Fs(Q)42 b(s)907 3232 y Fi(0)963 3268 y Fu(=)32 b Fw(tt)g
Fu(and)g Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
b(!)f Fs(s)1845 3232 y Fi(0)283 3461 y Fu(The)45 b(inference)f(system)h
(for)e(total)f(correctness)j(assertions)f(is)f(v)m(ery)j(similar)40
b(to)j(that)g(for)283 3582 y(partial)24 b(correctness)29
b(assertions,)e(the)g(only)f(di\013erence)g(b)s(eing)g(that)g(the)g
(rule)g(for)g(the)g Fr(while)p Fu(-)283 3702 y(construct)k(has)e(c)m
(hanged.)43 b(The)29 b(complete)f(set)h(of)f(axioms)f(and)h(rules)g(is)
g(giv)m(en)g(in)f(T)-8 b(able)28 b(6.2.)283 3823 y(W)-8
b(e)33 b(shall)f(write)527 3996 y Ft(`)588 4011 y Fn(t)652
3996 y Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b(+)f
Fs(Q)42 b Ft(g)283 4170 y Fu(if)32 b(there)h(exists)g(an)f(inference)h
(tree)g(with)f(the)h(form)m(ula)e Ft(f)h Fs(P)43 b Ft(g)32
b Fs(S)44 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(as)h(ro)s(ot,)e(that)h
(is)283 4291 y(if)g(the)h(form)m(ula)e(is)h(pro)m(v)-5
b(ably)32 b(in)g(the)h(inference)g(system.)430 4411 y(In)39
b(the)h(rule)e([while)1184 4426 y Fn(t)1215 4411 y Fu(])h(w)m(e)h(use)g
(a)f(parameterized)f(family)f Fs(P)10 b Fu(\()p Fw(z)p
Fu(\))39 b(of)f(predicates)i(for)e(the)283 4531 y(in)m(v)-5
b(arian)m(t.)40 b(The)25 b(idea)f(is)f(that)h Fw(z)g
Fu(is)g(the)h(n)m(um)m(b)s(er)f(of)g(unfoldings)f(of)h(the)h
Fr(while)p Fu(-lo)s(op)e(that)h(will)283 4652 y(b)s(e)35
b(necessary)-8 b(.)51 b(So)34 b(if)f(the)i Fr(while)p
Fu(-lo)s(op)e(do)s(es)i(not)f(ha)m(v)m(e)h(to)f(b)s(e)h(unfolded)f(at)g
(all)e(then)j Fs(P)10 b Fu(\()p Fw(0)p Fu(\))283 4772
y(holds)32 b(and)g(it)f(m)m(ust)h(imply)e(that)h Fs(b)38
b Fu(is)32 b(false.)42 b(If)32 b(the)g Fr(while)p Fu(-lo)s(op)g(has)g
(to)f(b)s(e)i(unfolded)e Fw(z)p Fu(+)p Fw(1)283 4893
y Fu(times)e(then)g Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p
Fu(\))29 b(holds)g(and)g Fs(b)35 b Fu(m)m(ust)29 b(hold)f
Fs(b)-5 b(efor)g(e)36 b Fu(the)29 b(b)s(o)s(dy)h(of)e(the)i(lo)s(op)d
(is)i(executed;)283 5013 y(then)46 b Fs(P)10 b Fu(\()p
Fw(z)p Fu(\))45 b(will)e(hold)h Fs(afterwar)-5 b(ds)53
b Fu(so)45 b(that)g(w)m(e)h(ha)m(v)m(e)g(decreased)h(the)e(total)f(n)m
(um)m(b)s(er)h(of)283 5133 y(times)33 b(the)h(lo)s(op)e(remains)h(to)g
(b)s(e)h(unfolded.)47 b(The)34 b(precondition)f(of)g(the)h(conclusion)f
(of)g(the)283 5254 y(rule)c(expresses)i(that)e(there)g(exists)h(a)e(b)s
(ound)h(on)g(the)g(n)m(um)m(b)s(er)g(of)f(times)g(the)h(lo)s(op)e(has)i
(to)g(b)s(e)283 5374 y(unfolded)24 b(and)f(the)h(p)s(ostcondition)e
(expresses)k(that)d(when)i(the)e Fr(while)p Fu(-lo)s(op)g(has)h
(terminated)283 5494 y(then)34 b(no)e(more)g(unfoldings)f(are)i
(necessary)-8 b(.)p eop
%%Page: 193 203
193 202 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
(system)1315 b(193)p 0 193 3473 4 v 0 515 a(Example)37
b(6.28)49 b Fu(The)33 b(total)e(correctness)j(of)e(the)h(factorial)d
(statemen)m(t)i(can)h(b)s(e)g(expressed)0 636 y(b)m(y)g(the)g(follo)m
(wing)d(assertion:)244 832 y Ft(f)i Fr(x)h Fo(>)f Fr(0)h
Ft(^)g Fr(x)g Fu(=)f Fr(n)h Ft(g)244 1000 y Fr(y)g Fu(:=)f
Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p
Fr(1)p Fu(\))244 1168 y Ft(f)f(+)h Fr(y)f Fu(=)h Fr(n)p
Fu(!)43 b Ft(g)0 1364 y Fu(where)34 b Fr(y)f Fu(=)f Fr(n)p
Fu(!)44 b(is)32 b(an)g(abbreviation)g(for)g(the)h(predicate)244
1561 y Fs(P)43 b Fu(where)34 b Fs(P)42 b(s)f Fu(=)32
b(\()p Fs(s)41 b Fr(y)33 b Fu(=)f(\()p Fs(s)41 b Fr(n)p
Fu(\)!\))0 1757 y(In)i(addition)f(to)g(expressing)j(that)d(the)i
(\014nal)e(v)-5 b(alue)43 b(of)f Fr(y)i Fu(is)e(the)i(factorial)c(of)j
(the)g(initial)0 1878 y(v)-5 b(alue)31 b(of)g Fr(x)h
Fu(the)g(assertion)f(also)g(expresses)k(that)c(the)h(program)e(do)s(es)
i(indeed)g(terminate)e(on)0 1998 y(all)35 b(states)j(satisfying)e(the)h
(precondition.)56 b(The)37 b(inference)h(of)e(this)h(assertion)g(pro)s
(ceeds)h(in)0 2119 y(a)c(n)m(um)m(b)s(er)h(of)f(stages.)49
b(First)33 b(w)m(e)j(de\014ne)f(the)g(predicate)f Fs(INV)19
b Fu(\()p Fw(z)p Fu(\))34 b(that)g(is)g(going)f(to)g(b)s(e)i(the)0
2239 y(in)m(v)-5 b(arian)m(t)31 b(of)h(the)h Fr(while)p
Fu(-lo)s(op)244 2436 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32
b Fs(s)40 b Fu(=)33 b(\()p Fs(s)40 b Fr(x)33 b Fo(>)f
Fw(0)h Fu(and)g(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f
Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(=)33 b(\()p Fs(s)40
b Fr(n)p Fu(\)!)k(and)33 b Fs(s)40 b Fr(x)33 b Fu(=)f
Fw(z)h Fu(+)f Fw(1)p Fu(\))0 2632 y(W)-8 b(e)33 b(shall)e(\014rst)i
(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)42
b(Using)32 b([ass)2349 2647 y Fn(t)2381 2632 y Fu(])h(w)m(e)h(get)244
2829 y Ft(`)305 2844 y Fn(t)369 2829 y Ft(f)e Fs(INV)19
b Fu(\()p Fw(z)p Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p
Fr(1)p Fu(])33 b Ft(g)f Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p
Fr(1)g Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32
b Ft(g)0 3025 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244
3222 y Ft(`)305 3237 y Fn(t)369 3222 y Ft(f)f Fu(\()p
Fs(INV)19 b Fu(\()p Fw(z)p Fu(\)[)p Fr(x)p Ft(7!)o Fr(x)p
Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q Fr(y)p Fo(?)q
Fr(x)p Fu(])32 b Ft(g)h Fr(y)g Fu(:=)f Fr(y)h Fo(?)f
Fr(x)h Ft(f)f(+)h Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)[)p
Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])34 b Ft(g)0
3419 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)f([comp)1436
3434 y Fn(t)1468 3419 y Fu(])g(to)h(the)g(t)m(w)m(o)g(assertions)g(ab)s
(o)m(v)m(e)g(and)g(get)244 3615 y Ft(`)305 3630 y Fn(t)369
3615 y Ft(f)f Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\)[)p
Fr(x)p Ft(7!)o Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p
Ft(7!)q Fr(y)p Fo(?)q Fr(x)p Fu(])32 b Ft(g)h Fr(y)g
Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p
Ft(\000)p Fr(1)i Ft(f)e(+)g Fs(INV)19 b Fu(\()p Fw(z)p
Fu(\))32 b Ft(g)0 3812 y Fu(It)h(is)f(easy)h(to)g(v)m(erify)g(that)244
4009 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32
b Ft(\))g Fu(\()p Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)[)p
Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p
Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])0 4205 y(so)33 b(using)f(the)h(rule)f
([cons)949 4220 y Fn(t)982 4205 y Fu(])g(w)m(e)i(get)244
4402 y Ft(`)305 4417 y Fn(t)369 4402 y Ft(f)e Fs(INV)19
b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(g)g Fr(y)h
Fu(:=)g Fr(y)f Fo(?)h Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p
Ft(\000)p Fr(1)g Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(z)p
Fu(\))32 b Ft(g)0 4598 y Fu(It)h(is)f(straigh)m(tforw)m(ard)g(to)g(v)m
(erify)h(that)244 4795 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32
b Ft(\))g(:)q Fu(\()p Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\)\),)h(and)244 4963 y Fs(INV)19 b Fu(\()p Fw(z)p
Fu(+)p Fw(1)p Fu(\))32 b Ft(\))g(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))0 5159 y(Therefore)i(w)m(e)f(can)g(use)h(the)f(rule)f
([while)1546 5174 y Fn(t)1577 5159 y Fu(])g(and)h(get)269
5327 y Ft(`)330 5342 y Fn(t)394 5327 y Ft(f)f(9)p Fw(z)p
Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)g Fr(while)i
Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)g(+)f Fs(INV)19
b Fu(\()p Fw(0)p Fu(\))32 b Ft(g)0 5494 y Fu(W)-8 b(e)33
b(shall)e(no)m(w)i(apply)g(the)g(axiom)e([ass)1478 5509
y Fn(t)1510 5494 y Fu(])i(to)f(the)h(statemen)m(t)g Fr(y)g
Fu(:=)f Fr(1)h Fu(and)g(get)p eop
%%Page: 194 204
194 203 bop 251 130 a Fw(194)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Ft(`)588 530 y Fn(t)652 515 y Ft(f)33 b Fu(\()p
Ft(9)p Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)\)[)p
Fr(y)p Ft(7!)p Fr(1)p Fu(])33 b Ft(g)f Fr(y)h Fu(:=)g
Fr(1)f Ft(f)h(+)f(9)p Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p
Fw(z)p Fu(\))32 b Ft(g)283 679 y Fu(so)h(using)f([comp)913
694 y Fn(t)945 679 y Fu(])g(w)m(e)i(get)527 843 y Ft(`)588
858 y Fn(t)652 843 y Ft(f)f Fu(\()p Ft(9)p Fw(z)p Fu(.)p
Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)\)[)p Fr(y)p Ft(7!)p
Fr(1)p Fu(])33 b Ft(g)652 1011 y Fr(y)g Fu(:=)g Fr(1)p
Fu(;)f Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
Fu(\))f Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p
Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p
Fu(\))652 1178 y Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(0)p
Fu(\))32 b Ft(g)283 1342 y Fu(Clearly)g(w)m(e)i(ha)m(v)m(e)527
1506 y Fr(x)f Fo(>)g Fr(0)f Ft(^)h Fr(x)g Fu(=)f Fr(n)h
Ft(\))f Fu(\()p Ft(9)q Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p
Fw(z)p Fu(\)\)[)p Fr(y)p Ft(7!)p Fw(1)p Fu(],)33 b(and)527
1674 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 b Ft(\))h
Fr(y)f Fu(=)h Fr(n)p Fu(!)283 1838 y(so)g(applying)f(rule)g([cons)1208
1853 y Fn(t)1240 1838 y Fu(])h(w)m(e)g(get)527 2002 y
Ft(`)588 2017 y Fn(t)652 2002 y Ft(f)g Fr(x)f Fo(>)h
Fr(0)g Ft(^)g Fr(x)f Fu(=)h Fr(n)g Ft(g)652 2169 y Fr(y)g
Fu(:=)g(1;)f Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\))652 2337 y Ft(f)h(+)f Fr(y)h Fu(=)f Fr(n)p
Fu(!)44 b Ft(g)283 2501 y Fu(as)33 b(required.)2902 b
Fh(2)283 2676 y Fw(Exercise)37 b(6.29)49 b Fu(Suggest)38
b(a)f(total)f(correctness)k(inference)e(rule)f(for)g
Fr(repeat)i Fs(S)49 b Fr(until)39 b Fs(b)6 b Fu(.)283
2797 y(Y)-8 b(ou)31 b(are)g(not)g(allo)m(w)m(ed)f(to)h(rely)g(on)f(the)
i(existence)g(of)f(a)f Fr(while)p Fu(-construct)j(in)d(the)i(program-)
283 2917 y(ming)f(language.)2752 b Fh(2)p 283 3093 3473
5 v 283 3227 a Fw(Lemma)38 b(6.30)49 b Fu(The)28 b(total)f(correctness)
i(system)g(of)e(T)-8 b(able)28 b(6.2)f(is)g(sound,)j(that)e(is)f(for)g
(ev)m(ery)283 3348 y(total)32 b(correctness)i(form)m(ula)d
Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42
b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)552 3516 y Ft(`)613
3531 y Fn(t)677 3516 y Ft(f)f Fs(P)42 b Ft(g)33 b Fs(S)44
b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)33 b Fu(implies)d Ft(j)-17
b Fu(=)1843 3531 y Fn(t)1907 3516 y Ft(f)32 b Fs(P)43
b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)p
283 3636 V 283 3800 a Fw(Pro)s(of:)35 b Fu(The)c(pro)s(of)f(pro)s
(ceeds)h(b)m(y)h(induction)d(on)h(the)h(shap)s(e)g(of)f(the)g
(inference)h(tree)g(just)g(as)283 3920 y(in)h(the)h(pro)s(of)f(of)g
(Lemma)f(6.17.)283 4088 y Fw(The)j(case)g Fu([ass)893
4103 y Fn(t)925 4088 y Fu(]:)45 b(W)-8 b(e)34 b(shall)d(pro)m(v)m(e)k
(that)e(the)g(axiom)f(is)h(v)-5 b(alid,)31 b(so)j(assume)f(that)g
Fs(s)42 b Fu(is)32 b(suc)m(h)283 4208 y(that)h(\()p Fs(P)10
b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
b(])q(]\))32 b Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h(let)e
Fs(s)1789 4172 y Fi(0)1845 4208 y Fu(=)i Fs(s)8 b Fu([)p
Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q
Fs(s)8 b Fu(].)44 b(Then)34 b([ass)2950 4223 y Fn(ns)3022
4208 y Fu(])e(giv)m(es)527 4372 y Ft(h)p Fs(x)44 b Fu(:=)33
b Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1207
4336 y Fi(0)283 4536 y Fu(and)h(from)e(\()p Fs(P)10 b
Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
b(])q(]\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)f Fu(w)m(e)h(get)g
Fs(P)43 b(s)2083 4500 y Fi(0)2138 4536 y Fu(=)33 b Fw(tt)f
Fu(as)g(w)m(as)i(to)e(b)s(e)h(sho)m(wn.)283 4704 y Fw(The)g(case)g
Fu([skip)937 4719 y Fn(t)969 4704 y Fu(]:)44 b(This)33
b(case)g(is)f(immediate.)283 4871 y Fw(The)h(case)g Fu([comp)994
4886 y Fn(t)1026 4871 y Fu(]:)43 b(W)-8 b(e)33 b(assume)g(that)552
5039 y Ft(j)-17 b Fu(=)639 5054 y Fn(t)703 5039 y Ft(f)33
b Fs(P)42 b Ft(g)33 b Fs(S)1044 5054 y Fn(1)1116 5039
y Ft(f)f(+)g Fs(Q)42 b Ft(g)p Fu(,)32 b(and)1957 b(\(*\))552
5206 y Ft(j)-17 b Fu(=)639 5221 y Fn(t)703 5206 y Ft(f)33
b Fs(Q)41 b Ft(g)33 b Fs(S)1052 5221 y Fn(2)1123 5206
y Ft(f)g(+)f Fs(R)37 b Ft(g)2125 b Fu(\(**\))283 5374
y(and)26 b(w)m(e)h(ha)m(v)m(e)g(to)e(pro)m(v)m(e)i(that)f
Ft(j)-17 b Fu(=)1480 5389 y Fn(t)1538 5374 y Ft(f)25
b Fs(P)36 b Ft(g)25 b Fs(S)1857 5389 y Fn(1)1897 5374
y Fu(;)j Fs(S)2019 5389 y Fn(2)2084 5374 y Ft(f)d(+)g
Fs(R)30 b Ft(g)p Fu(.)41 b(So)26 b(let)f Fs(s)33 b Fu(b)s(e)26
b(suc)m(h)h(that)f Fs(P)43 b(s)d Fu(=)33 b Fw(tt)o Fu(.)283
5494 y(F)-8 b(rom)32 b(\(*\))g(w)m(e)h(get)g(that)f(there)i(exists)f(a)
f(state)h Fs(s)2101 5458 y Fi(0)2157 5494 y Fu(suc)m(h)h(that)e
Fs(Q)42 b(s)2753 5458 y Fi(0)2809 5494 y Fu(=)32 b Fw(tt)g
Fu(and)p eop
%%Page: 195 205
195 204 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
(system)1315 b(195)p 0 193 3473 4 v 244 515 a Ft(h)p
Fs(S)350 530 y Fn(1)389 515 y Fu(,)33 b Fs(s)8 b Ft(i)32
b(!)g Fs(s)748 479 y Fi(0)0 719 y Fu(Since)g Fs(Q)42
b(s)419 683 y Fi(0)475 719 y Fu(=)32 b Fw(tt)f Fu(w)m(e)j(get)e(from)f
(\(**\))h(that)g(there)h(exists)g(a)f(state)h Fs(s)2541
683 y Fi(00)2616 719 y Fu(suc)m(h)h(that)e Fs(R)k(s)3202
683 y Fi(00)3277 719 y Fu(=)c Fw(tt)0 839 y Fu(and)244
1042 y Ft(h)p Fs(S)350 1057 y Fn(2)389 1042 y Fu(,)h
Fs(s)497 1006 y Fi(0)520 1042 y Ft(i)f(!)g Fs(s)771 1006
y Fi(00)0 1246 y Fu(Using)g([comp)529 1261 y Fn(ns)600
1246 y Fu(])h(w)m(e)g(therefore)g(get)244 1449 y Ft(h)p
Fs(S)350 1464 y Fn(1)389 1449 y Fu(;)g Fs(S)516 1464
y Fn(2)555 1449 y Fu(,)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)914
1413 y Fi(00)0 1653 y Fu(and)h(since)g Fs(R)j(s)584 1616
y Fi(00)659 1653 y Fu(=)d Fw(tt)e Fu(w)m(e)j(ha)m(v)m(e)g(\014nished)f
(this)f(case.)0 1820 y Fw(The)h(case)g Fu([if)541 1835
y Fn(t)572 1820 y Fu(]:)43 b(Assume)34 b(that)269 1988
y Ft(j)-17 b Fu(=)356 2003 y Fn(t)420 1988 y Ft(f)32
b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
Fs(P)43 b Ft(g)32 b Fs(S)1086 2003 y Fn(1)1158 1988 y
Ft(f)g(+)h Fs(Q)42 b Ft(g)p Fu(,)32 b(and)1631 b(\(*\))269
2155 y Ft(j)-17 b Fu(=)356 2170 y Fn(t)420 2155 y Ft(f)32
b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
Fs(P)42 b Ft(g)33 b Fs(S)1153 2170 y Fn(2)1225 2155 y
Ft(f)f(+)g Fs(Q)42 b Ft(g)0 2323 y Fu(T)-8 b(o)38 b(pro)m(v)m(e)h
Ft(j)-17 b Fu(=)504 2338 y Fn(t)574 2323 y Ft(f)38 b
Fs(P)48 b Ft(g)38 b Fr(if)h Fs(b)44 b Fr(then)39 b Fs(S)1404
2338 y Fn(1)1481 2323 y Fr(else)g Fs(S)1791 2338 y Fn(2)1868
2323 y Ft(f)f(+)g Fs(Q)47 b Ft(g)38 b Fu(consider)h(a)e(state)i
Fs(s)46 b Fu(suc)m(h)40 b(that)0 2443 y Fs(P)j(s)d Fu(=)33
b Fw(tt)o Fu(.)43 b(W)-8 b(e)31 b(ha)m(v)m(e)h(t)m(w)m(o)g(cases.)44
b(If)31 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
Fs(s)39 b Fu(=)31 b Fw(tt)e Fu(then)j(\()p Ft(B)s Fu([)-17
b([)q Fs(b)6 b Fu(])-17 b(])31 b Ft(^)g Fs(P)10 b Fu(\))31
b Fs(s)39 b Fu(=)31 b Fw(tt)e Fu(and)i(from)f(\(*\))0
2564 y(w)m(e)k(get)e(that)h(there)g(is)f(a)g(state)h
Fs(s)1233 2528 y Fi(0)1289 2564 y Fu(suc)m(h)h(that)f
Fs(Q)41 b(s)1885 2528 y Fi(0)1941 2564 y Fu(=)32 b Fw(tt)g
Fu(and)244 2767 y Ft(h)p Fs(S)350 2782 y Fn(1)389 2767
y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2731 y Fi(0)0
2971 y Fu(F)-8 b(rom)31 b([if)341 2986 y Fn(ns)411 2971
y Fu(])i(w)m(e)g(then)h(get)244 3174 y Ft(h)p Fr(if)f
Fs(b)38 b Fr(then)c Fs(S)806 3189 y Fn(1)877 3174 y Fr(else)g
Fs(S)1182 3189 y Fn(2)1221 3174 y Fu(,)f Fs(s)8 b Ft(i)32
b(!)g Fs(s)1580 3138 y Fi(0)0 3377 y Fu(as)40 b(w)m(as)h(to)f(b)s(e)g
(pro)m(v)m(ed.)67 b(If)40 b Ft(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])p Fs(s)48 b Fu(=)40 b Fw(\013)h Fu(the)f(result)g(follo)
m(ws)e(in)i(a)f(similar)e(w)m(a)m(y)k(from)e(the)0 3498
y(second)34 b(assumption.)0 3665 y Fw(The)f(case)g Fu([while)706
3680 y Fn(t)737 3665 y Fu(]:)43 b(Assume)34 b(that)269
3833 y Ft(j)-17 b Fu(=)356 3848 y Fn(t)420 3833 y Ft(f)32
b Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(g)f
Fs(S)44 b Ft(f)33 b(+)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
b Ft(g)p Fu(,)1810 b(\(*\))269 4001 y Fs(P)10 b Fu(\()p
Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(\))g(B)t Fu([)-17
b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b(and)269 4168 y Fs(P)10
b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f(:B)t Fu([)-17 b([)p
Fs(b)6 b Fu(])-17 b(])0 4336 y(T)-8 b(o)31 b(pro)m(v)m(e)h
Ft(j)-17 b Fu(=)490 4351 y Fn(t)552 4336 y Ft(f)30 b(9)q
Fw(z)p Fu(.)p Fs(P)10 b Fu(\()p Fw(z)p Fu(\))30 b Ft(g)h
Fr(while)h Fs(b)k Fr(do)c Fs(S)42 b Ft(f)30 b(+)h Fs(P)10
b Fu(\()p Fw(0)p Fu(\))31 b Ft(g)f Fu(it)g(is)g(su\016cien)m(t)i(to)e
(pro)m(v)m(e)i(that)f(for)0 4456 y(all)f(natural)i(n)m(um)m(b)s(ers)h
Fw(z)319 4596 y Fu(if)e Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
b Fs(s)40 b Fu(=)33 b Fw(tt)e Fu(then)i(there)h(exists)f(a)f(state)h
Fs(s)2060 4560 y Fi(0)2116 4596 y Fu(suc)m(h)h(that)319
4764 y Fs(P)10 b Fu(\()p Fw(0)p Fu(\))32 b Fs(s)607 4727
y Fi(0)663 4764 y Fu(=)h Fw(tt)e Fu(and)i Ft(h)p Fr(while)h
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(!)g Fs(s)2053 4727 y Fi(0)3299 4681 y Fu(\(**\))0 4930
y(So)46 b(consider)g(a)f(state)h Fs(s)54 b Fu(suc)m(h)47
b(that)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))46 b Fs(s)53
b Fu(=)46 b Fw(tt)p Fu(.)82 b(The)47 b(pro)s(of)e(is)g(no)m(w)h(b)m(y)h
(n)m(umerical)0 5050 y(induction)32 b(on)g Fw(z)p Fu(.)146
5171 y(First)i(assume)i(that)f Fw(z)f Fu(=)h Fw(0)p Fu(.)51
b(The)36 b(assumption)e Fs(P)10 b Fu(\()p Fw(0)p Fu(\))35
b Ft(\))g(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])36
b(giv)m(es)f(that)g Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])q Fs(s)43 b Fu(=)0 5291 y Fw(\013)33 b Fu(and)g(from)e([while)768
5255 y Fn(\013)768 5316 y(ns)838 5291 y Fu(])i(w)m(e)h(get)244
5494 y Ft(h)p Fr(while)f Fs(b)39 b Fr(do)33 b Fs(S)12
b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)p eop
%%Page: 196 206
196 205 bop 251 130 a Fw(196)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 a Fu(Since)33 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33
b Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(this)g(pro)m(v)m(es)i(the)f(base)h
(case.)430 636 y(F)-8 b(or)27 b(the)i(induction)e(step)j(assume)f(that)
f(\(**\))g(holds)g(for)f(all)g(states)i(satisfying)e
Fs(P)10 b Fu(\()p Fw(z)p Fu(\))29 b(and)283 756 y(that)k
Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Fs(s)41
b Fu(=)32 b Fw(tt)o Fu(.)44 b(F)-8 b(rom)31 b(\(*\))h(w)m(e)i(get)e
(that)h(there)g(is)f(a)g(state)h Fs(s)2854 720 y Fi(0)2910
756 y Fu(suc)m(h)h(that)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32
b Fs(s)3624 720 y Fi(0)3680 756 y Fu(=)283 877 y Fw(tt)g
Fu(and)527 1081 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b
Ft(i)32 b(!)g Fs(s)992 1045 y Fi(0)283 1285 y Fu(The)g(n)m(umerical)d
(induction)h(h)m(yp)s(othesis)h(applied)f(to)g Fs(s)2342
1249 y Fi(0)2396 1285 y Fu(giv)m(es)h(that)f(there)i(is)e(some)g(state)
h Fs(s)3713 1249 y Fi(00)283 1406 y Fu(suc)m(h)j(that)f
Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Fs(s)1004 1370 y
Fi(00)1079 1406 y Fu(=)f Fw(tt)g Fu(and)527 1610 y Ft(h)p
Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)1248
1574 y Fi(0)1271 1610 y Ft(i)g(!)f Fs(s)1523 1574 y Fi(00)283
1815 y Fu(F)-8 b(urthermore,)30 b(the)g(assumption)f
Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))30 b Ft(\))f(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])30 b(giv)m(es)g
Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)37
b Fu(=)30 b Fw(tt)p Fu(.)41 b(W)-8 b(e)30 b(can)g(therefore)283
1935 y(apply)j([while)802 1899 y Fn(tt)802 1960 y(ns)872
1935 y Fu(])g(and)g(get)f(that)527 2139 y Ft(h)p Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(!)g Fs(s)1499 2103 y Fi(00)283 2344 y Fu(Since)h Fs(P)10
b Fu(\()p Fw(0)p Fu(\))33 b Fs(s)827 2308 y Fi(00)902
2344 y Fu(=)f Fw(tt)g Fu(this)g(completes)h(the)g(pro)s(of)e(of)h
(\(**\).)283 2511 y Fw(The)h(case)g Fu([cons)950 2526
y Fn(t)983 2511 y Fu(]:)44 b(Supp)s(ose)33 b(that)527
2716 y Ft(j)-17 b Fu(=)614 2731 y Fn(t)678 2716 y Ft(f)33
b Fs(P)837 2680 y Fi(0)893 2716 y Ft(g)f Fs(S)45 b Ft(f)32
b(+)g Fs(Q)1334 2680 y Fi(0)1390 2716 y Ft(g)p Fu(,)527
2883 y Fs(P)43 b Ft(\))32 b Fs(P)844 2847 y Fi(0)868
2883 y Fu(,)h(and)527 3051 y Fs(Q)611 3015 y Fi(0)667
3051 y Ft(\))f Fs(Q)283 3255 y Fu(T)-8 b(o)31 b(pro)m(v)m(e)h
Ft(j)-17 b Fu(=)773 3270 y Fn(t)835 3255 y Ft(f)31 b
Fs(P)41 b Ft(g)30 b Fs(S)43 b Ft(f)30 b(+)h Fs(Q)40 b
Ft(g)30 b Fu(consider)h(a)f(state)i Fs(s)38 b Fu(suc)m(h)32
b(that)f Fs(P)41 b(s)e Fu(=)30 b Fw(tt)p Fu(.)42 b(Then)32
b Fs(P)3547 3219 y Fi(0)3601 3255 y Fs(s)39 b Fu(=)283
3376 y Fw(tt)32 b Fu(and)h(there)g(is)f(a)h(state)g Fs(s)1309
3340 y Fi(0)1364 3376 y Fu(suc)m(h)h(that)f Fs(Q)1880
3340 y Fi(0)1936 3376 y Fs(s)1984 3340 y Fi(0)2040 3376
y Fu(=)f Fw(tt)g Fu(and)527 3580 y Ft(h)p Fs(S)12 b Fu(,)33
b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 3544 y Fi(0)283 3785
y Fu(Ho)m(w)m(ev)m(er,)j(w)m(e)f(also)e(ha)m(v)m(e)i(that)e
Fs(Q)42 b(s)1644 3748 y Fi(0)1700 3785 y Fu(=)32 b Fw(tt)g
Fu(and)g(this)g(pro)m(v)m(es)j(the)e(result.)638 b Fh(2)283
4098 y Fw(Exercise)37 b(6.31)49 b Fu(Sho)m(w)38 b(that)g(the)g
(inference)h(rule)e(for)g Fr(repeat)j Fs(S)49 b Fr(until)40
b Fs(b)j Fu(suggested)d(in)283 4218 y(Exercise)25 b(6.29)e(preserv)m
(es)j(v)-5 b(alidit)m(y)d(.)38 b(Argue)24 b(that)f(this)g(means)h(that)
f(the)h(en)m(tire)f(pro)s(of)g(system)283 4338 y(consisting)34
b(of)g(the)g(axioms)f(and)h(rules)g(of)g(T)-8 b(able)34
b(6.2)g(together)g(with)g(the)g(rule)g(of)f(Exercise)283
4459 y(6.29)f(is)g(sound.)2818 b Fh(2)283 4688 y Fw(Exercise)37
b(6.32)49 b Fu(*)29 b(Pro)m(v)m(e)i(that)e(the)h(inference)g(system)g
(of)f(T)-8 b(able)29 b(6.2)g(is)g(complete,)g(that)g(is)552
4856 y Ft(j)-17 b Fu(=)639 4871 y Fn(t)703 4856 y Ft(f)33
b Fs(P)42 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h Fs(Q)42
b Ft(g)32 b Fu(implies)e Ft(`)1843 4871 y Fn(t)1907 4856
y Ft(f)i Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h
Fs(Q)41 b Ft(g)1059 b Fh(2)283 5086 y Fw(Exercise)37
b(6.33)49 b Fu(*)32 b(Pro)m(v)m(e)i(that)527 5290 y(if)e
Ft(`)678 5305 y Fn(t)742 5290 y Ft(f)g Fs(P)43 b Ft(g)32
b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(then)i
Ft(`)1772 5305 y Fn(p)1848 5290 y Ft(f)f Fs(P)43 b Ft(g)32
b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 5494 y Fu(Do)s(es)33
b(the)g(con)m(v)m(erse)i(result)d(hold?)2099 b Fh(2)p
eop
%%Page: 197 207
197 206 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
(system)1315 b(197)p 0 193 3473 4 v 0 515 a Fp(Extensions)46
b(of)f(While)0 703 y Fu(W)-8 b(e)46 b(conclude)g(b)m(y)g(considering)f
(an)g(extension)h(of)f Fw(While)f Fu(with)h(non-determinism)e(and)0
823 y(\(parameterless\))32 b(pro)s(cedures.)45 b(The)34
b(syn)m(tax)g(of)e(the)h(extended)i(language)c(is)h(giv)m(en)h(b)m(y)
294 1031 y Fs(S)111 b Fu(::=)100 b Fs(x)44 b Fu(:=)33
b Fs(a)39 b Ft(j)33 b Fr(skip)g Ft(j)f Fs(S)1429 1046
y Fn(1)1501 1031 y Fu(;)h Fs(S)1628 1046 y Fn(2)1700
1031 y Ft(j)f Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2283 1046
y Fn(1)2355 1031 y Fr(else)f Fs(S)2659 1046 y Fn(2)511
1199 y Ft(j)151 b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45
b Ft(j)32 b Fs(S)1424 1214 y Fn(1)1496 1199 y Fr(or)h
Fs(S)1698 1214 y Fn(2)511 1366 y Ft(j)151 b Fr(begin)34
b(proc)f Fs(p)39 b Fr(is)33 b Fs(S)1507 1381 y Fn(1)1546
1366 y Fu(;)g Fs(S)1673 1381 y Fn(2)1744 1366 y Fr(end)h
Ft(j)e Fr(call)i Fs(p)0 1570 y Fu(Note)h(that)f(in)f
Fr(begin)j(proc)f Fs(p)41 b Fr(is)35 b Fs(S)1391 1585
y Fn(1)1430 1570 y Fu(;)g Fs(S)1559 1585 y Fn(2)1633
1570 y Fr(end)g Fu(the)g(b)s(o)s(dy)f(of)g Fs(p)40 b
Fu(is)34 b Fs(S)2609 1585 y Fn(1)2683 1570 y Fu(and)g(the)h(remainder)0
1690 y(of)d(the)h(program)e(is)h Fs(S)834 1705 y Fn(2)874
1690 y Fu(.)0 1959 y Fw(Non-determinism)0 2146 y Fu(It)41
b(is)g(straigh)m(tforw)m(ard)f(to)h(handle)g(non-determinism)e(\(in)h
(the)h(sense)i(of)e(Section)g(2.4\))f(in)0 2267 y(the)f(axiomatic)d
(approac)m(h.)61 b(The)39 b(idea)f(is)g(that)g(an)g(assertion)h(holds)f
(for)g Fs(S)2879 2282 y Fn(1)2956 2267 y Fr(or)h Fs(S)3164
2282 y Fn(2)3242 2267 y Fu(if)e(the)0 2387 y(similar)g(assertion)j
(holds)g(for)g Fs(S)1230 2402 y Fn(1)1310 2387 y Fu(as)g(w)m(ell)g(as)g
(for)g Fs(S)1994 2402 y Fn(2)2033 2387 y Fu(.)67 b(The)41
b(motiv)-5 b(ation)37 b(for)j(this)g(is)g(that)0 2507
y(when)32 b(reasoning)e(ab)s(out)h(the)g(statemen)m(t)g(w)m(e)h(ha)m(v)
m(e)h(no)d(w)m(a)m(y)j(of)d(in\015uencing)g(whether)j
Fs(S)3316 2522 y Fn(1)3386 2507 y Fu(or)0 2628 y Fs(S)67
2643 y Fn(2)139 2628 y Fu(is)f(c)m(hosen.)45 b(F)-8 b(or)32
b(partial)e(correctness)35 b(w)m(e)e(th)m(us)h(extend)g(T)-8
b(able)32 b(6.1)g(with)h(the)g(rule)244 2907 y([or)358
2922 y Fn(p)401 2907 y Fu(])536 2820 y Ft(f)f Fs(P)43
b Ft(g)32 b Fs(S)876 2835 y Fn(1)948 2820 y Ft(f)g Fs(Q)42
b Ft(g)p Fu(,)32 b Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)1597
2835 y Fn(2)1669 2820 y Ft(f)g Fs(Q)42 b Ft(g)p 536 2883
1382 4 v 759 2988 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1100
3003 y Fn(1)1171 2988 y Fr(or)g Fs(S)1373 3003 y Fn(2)1445
2988 y Ft(f)g Fs(Q)41 b Ft(g)0 3181 y Fu(F)-8 b(or)32
b(total)f(correctness)j(w)m(e)g(extend)g(T)-8 b(able)32
b(6.2)h(with)f(the)h(rule)244 3440 y([or)358 3455 y Fn(t)389
3440 y Fu(])524 3354 y Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)864
3369 y Fn(1)936 3354 y Ft(f)h(+)f Fs(Q)42 b Ft(g)p Fu(,)32
b Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)1679 3369 y Fn(2)1750
3354 y Ft(f)g(+)f Fs(Q)42 b Ft(g)p 524 3417 1569 4 v
794 3522 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1135 3537
y Fn(1)1206 3522 y Fr(or)g Fs(S)1408 3537 y Fn(2)1480
3522 y Ft(f)g(+)f Fs(Q)42 b Ft(g)0 3714 y Fu(When)31
b(dealing)d(with)h(soundness)j(and)d(completeness)i(of)e(these)i(rules)
e(one)h(m)m(ust)g(b)s(e)g(careful)0 3835 y(in)c(using)g(a)h(seman)m
(tics)g(that)g(mo)s(dels)e(\\non-deterministic)g(c)m(hoice")i(in)f(the)
h(prop)s(er)g(manner.)0 3955 y(W)-8 b(e)28 b(sa)m(w)g(in)f(Section)h
(2.4)f(that)g(this)g(is)g(the)h(case)h(for)e(structural)g(op)s
(erational)e(seman)m(tics)j(but)0 4075 y(not)23 b(for)g(natural)f
(seman)m(tics.)40 b(With)23 b(resp)s(ect)h(to)f(the)h(structural)f(op)s
(erational)e(seman)m(tics)i(one)0 4196 y(can)33 b(sho)m(w)i(that)e(the)
g(ab)s(o)m(v)m(e)i(rules)e(are)g(sound)h(and)f(that)g(the)h(resulting)e
(inference)i(systems)0 4316 y(are)29 b(complete.)42 b(If)29
b(one)h(insists)f(on)g(using)g(the)h(natural)e(seman)m(tics)h(the)h
Fr(or)p Fu(-construct)g(w)m(ould)0 4437 y(mo)s(del)35
b(a)i(kind)g(of)f(\\angelic)f(c)m(hoice")i(and)g(b)s(oth)g(rules)g(w)m
(ould)f(b)s(e)h(sound.)58 b(Ho)m(w)m(ev)m(er,)40 b(only)0
4557 y(the)33 b(partial)d(correctness)35 b(inference)e(system)h(will)c
(b)s(e)j(complete.)0 4825 y Fw(Non-recursiv)m(e)k(pro)s(cedures)0
5013 y Fu(F)-8 b(or)43 b(the)g(sak)m(e)i(of)e(simplicit)m(y)e(w)m(e)j
(shall)e(restrict)h(our)h(atten)m(tion)e(to)h(statemen)m(ts)i(with)e
(at)0 5133 y(most)33 b(one)h(pro)s(cedure)g(declaration.)45
b(F)-8 b(or)32 b(non-recursiv)m(e)j(pro)s(cedures)g(the)e(idea)g(is)g
(that)g(an)0 5254 y(assertion)k(that)g(holds)g(for)g(the)h(b)s(o)s(dy)f
(of)g(the)h(pro)s(cedure)g(also)f(holds)g(for)f(the)i(calls)e(of)h(the)
0 5374 y(pro)s(cedure.)65 b(This)40 b(motiv)-5 b(ates)38
b(extending)i(the)g(partial)e(correctness)j(inference)f(system)h(of)0
5494 y(T)-8 b(able)32 b(6.1)g(with)h(the)g(rule)p eop
%%Page: 198 208
198 207 bop 251 130 a Fw(198)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
577 a Fu([call)702 592 y Fn(p)744 577 y Fu(])992 490
y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42
b Ft(g)p 879 554 849 4 v 879 658 a(f)32 b Fs(P)43 b Ft(g)32
b Fr(call)i Fs(p)k Ft(f)33 b Fs(Q)41 b Ft(g)1802 577
y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g
Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 837 y Fu(Similarly)g(the)j
(inference)h(system)g(for)e(total)g(correctness)j(in)e(T)-8
b(able)35 b(6.2)h(can)h(b)s(e)f(extended)283 957 y(with)d(the)g(rule)
527 1194 y([call)702 1209 y Fn(t)732 1194 y Fu(])980
1108 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b(+)f
Fs(Q)42 b Ft(g)p 867 1171 942 4 v 867 1276 a(f)32 b Fs(P)43
b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 b(+)g Fs(Q)42
b Ft(g)1884 1194 y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g
Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 1454 y Fu(In)g(b)s(oth)g(cases)
h(the)f(resulting)e(inference)i(system)h(can)f(b)s(e)g(pro)m(v)m(ed)h
(sound)f(and)g(complete.)283 1712 y Fw(Recursiv)m(e)k(pro)s(cedures)283
1897 y Fu(The)46 b(ab)s(o)m(v)m(e)f(rules)g(turn)f(out)g(to)h(b)s(e)f
(insu\016cien)m(t)h(when)h(pro)s(cedures)f(are)g(allo)m(w)m(ed)f(to)g
(b)s(e)283 2018 y(recursiv)m(e:)h(in)30 b(order)i(to)f(pro)m(v)m(e)h
(an)f(assertion)g(for)g Fr(call)h Fs(p)38 b Fu(one)31
b(has)h(to)f(pro)m(v)m(e)h(the)g(assertion)283 2138 y(for)h(the)h(b)s
(o)s(dy)f(of)g(the)g(pro)s(cedure)h(and)g(this)f(implies)d(that)j(one)h
(has)f(to)g(pro)m(v)m(e)i(an)e(assertion)283 2258 y(ab)s(out)g(eac)m(h)
g(o)s(ccurrence)h(of)e Fr(call)i Fs(p)k Fu(inside)32
b(the)h(b)s(o)s(dy)g(and)f(so)h(on.)430 2379 y(Consider)d(\014rst)g
(the)g(case)g(of)f Fs(p)-5 b(artial)32 b(c)-5 b(orr)g(e)g(ctness)37
b Fu(assertions.)43 b(In)30 b(order)g(to)f(pro)m(v)m(e)i(some)283
2499 y(prop)s(ert)m(y)k Ft(f)f Fs(P)45 b Ft(g)34 b Fr(call)h
Fs(p)40 b Ft(f)34 b Fs(Q)44 b Ft(g)34 b Fu(w)m(e)h(shall)e(pro)m(v)m(e)
i(the)g(similar)c(prop)s(ert)m(y)k(for)e(the)i(b)s(o)s(dy)f(of)283
2619 y(the)39 b(pro)s(cedure)g(but)g Fs(under)g(the)h(assumption)g
(that)48 b Ft(f)37 b Fs(P)49 b Ft(g)38 b Fr(call)h Fs(p)44
b Ft(f)38 b Fs(Q)47 b Ft(g)38 b Fu(holds)g(for)f(the)283
2740 y(recursiv)m(e)d(calls)e(of)g Fs(p)6 b Fu(.)43 b(Often)33
b(this)f(is)g(expressed)k(b)m(y)d(a)f(rule)g(of)h(the)g(form)527
2996 y([call)702 2960 y Fn(rec)702 3021 y(p)795 2996
y Fu(])930 2910 y Ft(f)f Fs(P)43 b Ft(g)32 b Fr(call)i
Fs(p)k Ft(f)33 b Fs(Q)41 b Ft(g)33 b(`)1872 2925 y Fn(p)1947
2910 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b
Fs(Q)41 b Ft(g)p 930 2973 1640 4 v 1325 3078 a(f)33 b
Fs(P)42 b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 b Fs(Q)42
b Ft(g)920 3234 y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g
Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 3430 y Fu(The)49
b(premise)e(of)g(the)h(rule)f(expresses)j(that)d Ft(f)g
Fs(P)58 b Ft(g)47 b Fs(S)59 b Ft(f)48 b Fs(Q)56 b Ft(g)47
b Fu(is)g(pro)m(v)-5 b(able)47 b(under)h(the)283 3551
y(assumption)32 b(that)f Ft(f)h Fs(P)42 b Ft(g)32 b Fr(call)g
Fs(p)38 b Ft(f)32 b Fs(Q)41 b Ft(g)31 b Fu(can)h(b)s(e)g(pro)m(v)m(ed)i
(for)d(the)h(recursiv)m(e)i(calls)c(presen)m(t)283 3671
y(in)i Fs(S)12 b Fu(.)33 b(The)g(conclusion)f(expresses)k(that)c
Ft(f)h Fs(P)42 b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32
b Fs(Q)42 b Ft(g)32 b Fu(holds)g(for)g(all)f(calls)g(of)h
Fs(p)6 b Fu(.)283 3890 y Fw(Example)37 b(6.34)49 b Fu(Consider)33
b(the)g(follo)m(wing)d(statemen)m(t)527 4086 y Fr(begin)k(proc)g(fac)f
(is)g Fu(\()p Fr(if)g(x)g Fu(=)f Fr(1)h(then)h(skip)1413
4254 y(else)g Fu(\()p Fr(y)e Fu(:=)h Fr(x)p Fo(?)p Fr(y)p
Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(;)i
Fr(call)f(fac)p Fu(\)\);)816 4421 y Fr(y)g Fu(:=)f Fr(1)p
Fu(;)h Fr(call)h(fac)527 4589 y(end)283 4785 y Fu(W)-8
b(e)33 b(w)m(an)m(t)g(to)f(pro)m(v)m(e)h(that)f(the)g(\014nal)f(v)-5
b(alue)32 b(of)f Fr(y)i Fu(is)e(the)i(factorial)c(of)j(the)g(initial)d
(v)-5 b(alue)31 b(of)h Fr(x)p Fu(.)283 4906 y(W)-8 b(e)33
b(shall)f(pro)m(v)m(e)h(that)527 5102 y Ft(f)g Fr(x)f
Fo(>)h Fr(0)g Ft(^)g Fr(n)f Fu(=)h Fr(y)g Fo(?)f Fr(x)p
Fu(!)44 b Ft(g)32 b Fr(call)h(fac)h Ft(f)e Fr(y)h Fu(=)f
Fr(n)h Ft(g)283 5298 y Fu(where)h Fr(x)f Fo(>)f Fr(0)h
Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b(is)32
b(an)h(abbreviation)e(for)h(the)h(predicate)g Fs(P)43
b Fu(de\014ned)34 b(b)m(y)527 5494 y Fs(P)43 b(s)e Fu(=)32
b(\()p Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)g Fu(and)h Fs(s)41
b Fr(n)33 b Fu(=)f Fs(s)41 b Fr(y)32 b Fo(?)h Fu(\()p
Fs(s)40 b Fr(x)p Fu(\)!\))p eop
%%Page: 199 209
199 208 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
(system)1315 b(199)p 0 193 3473 4 v 0 515 a Fu(W)-8 b(e)33
b(assume)g(that)269 683 y Ft(`)330 698 y Fn(p)405 683
y Ft(f)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f Fu(=)h Fr(y)g
Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 b Fr(call)i(fac)f Ft(f)f
Fr(y)h Fu(=)f Fr(n)h Ft(g)1092 b Fu(\(*\))0 851 y(holds)32
b(for)g(the)h(recursiv)m(e)h(calls)e(of)g Fr(fac)p Fu(.)44
b(W)-8 b(e)33 b(shall)e(then)i(construct)h(a)e(pro)s(of)g(of)319
1010 y Ft(f)g Fr(x)h Fo(>)f Fr(0)h Ft(^)g Fr(n)g Fu(=)f
Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b Ft(g)319 1177 y Fr(if)33
b(x)f Fu(=)h Fr(1)g(then)g(skip)h(else)f Fu(\()p Fr(y)g
Fu(:=)g Fr(x)p Fo(?)p Fr(y)p Fu(;)f Fr(x)h Fu(:=)g Fr(x)p
Ft(\000)p Fr(1)p Fu(;)g Fr(call)h(fac)p Fu(\))319 1345
y Ft(f)e Fr(y)h Fu(=)f Fr(n)h Ft(g)3299 1178 y Fu(\(**\))0
1511 y(and,)42 b(using)e([call)664 1475 y Fn(rec)664
1536 y(p)757 1511 y Fu(])g(w)m(e)h(obtain)e(a)h(pro)s(of)f(of)h(\(*\))f
(for)h(all)e(o)s(ccurrences)k(of)d Fr(call)j(fac)p Fu(.)66
b(T)-8 b(o)0 1632 y(pro)m(v)m(e)34 b(\(**\))e(w)m(e)h(\014rst)g(use)h
(the)f(assumption)f(\(*\))g(to)g(get)244 1856 y Ft(`)305
1871 y Fn(p)381 1856 y Ft(f)g Fr(x)h Fo(>)f Fr(0)h Ft(^)g
Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32
b Fr(call)i(fac)f Ft(f)f Fr(y)h Fu(=)g Fr(n)f Ft(g)0
2080 y Fu(Then)i(w)m(e)f(apply)g([ass)819 2095 y Fn(p)863
2080 y Fu(])f(and)h([comp)1367 2095 y Fn(p)1410 2080
y Fu(])g(t)m(wice)g(and)f(get)244 2303 y Ft(`)305 2318
y Fn(p)381 2303 y Ft(f)g Fu(\(\()p Fr(x)h Fo(>)f Fr(0)h
Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!\)[)p Fr(x)p
Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q
Fr(x)p Fo(?)p Fr(y)p Fu(])h Ft(g)381 2471 y Fr(y)f Fu(:=)h
Fr(x)p Fo(?)p Fr(y)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(;)i Fr(call)f(fac)381 2639 y Ft(f)f Fr(y)h
Fu(=)f Fr(n)h Ft(g)0 2863 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)268
3030 y Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Ft(^)f
Fu(\()p Fr(x)g Fo(>)g Fr(0)g Ft(^)g Fr(n)g Fu(=)g Fr(y)g
Fo(?)f Fr(x)p Fu(!\))44 b Ft(\))31 b Fu(\(\()p Fr(x)h
Fo(>)g Fr(0)g Ft(^)g Fr(n)g Fu(=)g Fr(y)g Fo(?)g Fr(x)p
Fu(!\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p
Fr(y)p Ft(7!)q Fr(x)p Fo(?)p Fr(y)p Fu(])0 3198 y(so)h(using)f([cons)
586 3213 y Fn(p)630 3198 y Fu(])h(w)m(e)h(get)244 3422
y Ft(`)305 3437 y Fn(p)381 3422 y Ft(f)e(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))h Ft(^)g Fu(\()p Fr(x)g Fo(>)f
Fr(0)h Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!\))44
b Ft(g)381 3589 y Fr(y)32 b Fu(:=)h Fr(x)p Fo(?)p Fr(y)p
Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(;)i
Fr(call)f(fac)381 3757 y Ft(f)f Fr(y)h Fu(=)f Fr(n)h
Ft(g)0 3981 y Fu(Using)f(that)244 4205 y Fr(x)p Fu(=)p
Fr(1)h Ft(^)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f Fu(=)h
Fr(y)g Fo(?)f Fr(x)p Fu(!)44 b Ft(\))32 b Fr(y)h Fu(=)f
Fr(n)0 4429 y Fu(it)g(is)g(easy)h(to)f(pro)m(v)m(e)244
4652 y Ft(`)305 4667 y Fn(p)381 4652 y Ft(f)g Fr(x)p
Fu(=)p Fr(1)h Ft(^)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f
Fu(=)h Fr(y)g Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 b Fr(skip)i
Ft(f)e Fr(y)h Fu(=)f Fr(n)h Ft(g)0 4876 y Fu(so)g([if)205
4891 y Fn(p)247 4876 y Fu(])g(can)g(b)s(e)f(applied)g(and)g(giv)m(es)h
(a)g(pro)s(of)e(of)i(\(**\).)1361 b Fh(2)146 5133 y Fu(T)-8
b(able)31 b(6.1)g(extended)j(with)d(the)g(rule)g([call)1739
5097 y Fn(rec)1739 5158 y(p)1832 5133 y Fu(])h(can)f(b)s(e)h(pro)m(v)m
(ed)h(to)e(b)s(e)g(sound.)44 b(Ho)m(w)m(ev)m(er,)0 5254
y(in)28 b(order)i(to)e(get)i(a)e(completeness)i(result)g(the)f
(inference)h(system)g(has)f(to)g(b)s(e)h(extended)h(with)0
5374 y(additional)f(rules.)43 b(T)-8 b(o)33 b(illustrate)d(wh)m(y)k
(this)e(is)g(necessary)j(consider)e(the)g(follo)m(wing)d(v)m(ersion)0
5494 y(of)i(the)h(factorial)d(program:)p eop
%%Page: 200 210
200 209 bop 251 130 a Fw(200)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Fr(begin)34 b(proc)g(fac)f(is)g(if)g(x)p Fu(=)p
Fr(1)g(then)h(y)e Fu(:=)h Fr(1)1375 683 y(else)h Fu(\()p
Fr(x)e Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p Fu(;)h Fr(call)f(fac)p
Fu(;)h Fr(x)e Fu(:=)h Fr(x)p Fu(+)p Fr(1)p Fu(;)g Fr(y)g
Fu(:=)f Fr(x)p Fo(?)p Fr(y)p Fu(\);)816 851 y Fr(call)i(fac)527
1018 y(end)283 1223 y Fu(Assume)h(that)f(w)m(e)h(w)m(an)m(t)f(to)g(pro)
m(v)m(e)h(that)e(this)h(program)e(do)s(es)i(not)g(c)m(hange)h(the)f(v)
-5 b(alue)33 b(of)h Fr(x)p Fu(,)283 1344 y(that)f(is)552
1511 y Ft(f)g Fr(x)f Fu(=)h Fr(n)f Ft(g)h Fr(call)g(fac)h
Ft(f)e Fr(x)h Fu(=)f Fr(n)h Ft(g)1806 b Fu(\(*\))283
1679 y(In)32 b(order)g(to)g(do)f(that)h(w)m(e)g(assume)g(that)g(w)m(e)h
(ha)m(v)m(e)g(a)e(pro)s(of)g(of)g(\(*\))g(for)g(the)h(recursiv)m(e)h
(call)d(of)283 1799 y Fr(fac)c Fu(and)f(w)m(e)h(ha)m(v)m(e)g(to)f
(construct)h(a)e(pro)s(of)g(of)h(the)g(prop)s(ert)m(y)h(for)e(the)h(b)s
(o)s(dy)g(of)g(the)g(pro)s(cedure.)283 1920 y(It)33 b(seems)h(that)e
(in)g(order)g(to)h(do)f(so)h(w)m(e)h(m)m(ust)e(construct)i(a)e(pro)s
(of)g(of)527 2125 y Ft(f)h Fr(x)f Fu(=)h Fr(n)p Ft(\000)p
Fr(1)g Ft(g)g Fr(call)g(fac)h Ft(f)e Fr(x)h Fu(=)f Fr(n)p
Ft(\000)p Fr(1)i Ft(g)283 2330 y Fu(and)h(there)h(are)e(no)h(axioms)f
(and)g(rules)h(that)g(allo)m(w)e(us)i(to)g(obtain)e(suc)m(h)j(a)f(pro)s
(of)f(from)f(\(*\).)283 2451 y(Ho)m(w)m(ev)m(er,)h(w)m(e)d(shall)e(not)
h(go)f(further)i(in)m(to)e(this,)i(but)f(Chapter)h(7)f(will)e(pro)m
(vide)j(appropriate)283 2571 y(references.)430 2692 y(The)36
b(case)h(of)e Fs(total)j(c)-5 b(orr)g(e)g(ctness)44 b
Fu(is)35 b(sligh)m(tly)f(more)h(complicated)f(b)s(ecause)j(w)m(e)g(ha)m
(v)m(e)g(to)283 2812 y(b)s(ound)c(the)g(n)m(um)m(b)s(er)g(of)f
(recursiv)m(e)i(calls.)43 b(The)33 b(rule)f(adopted)h(is)527
3077 y([call)702 3041 y Fn(rec)702 3102 y(t)795 3077
y Fu(])930 2991 y Ft(f)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
b Ft(g)f Fr(call)i Fs(p)k Ft(f)32 b(+)h Fs(Q)41 b Ft(g)33
b(`)2091 3006 y Fn(t)2155 2991 y Ft(f)f Fs(P)10 b Fu(\()p
Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(g)f Fs(S)44 b Ft(f)33
b(+)f Fs(Q)42 b Ft(g)p 930 3054 2198 4 v 1429 3159 a(f)32
b(9)p Fw(z)p Fu(.)p Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
b Ft(g)f Fr(call)i Fs(p)k Ft(f)33 b(+)f Fs(Q)42 b Ft(g)920
3315 y Fu(where)34 b Ft(:)p Fs(P)10 b Fu(\()p Fw(0)p
Fu(\))33 b(holds)920 3483 y(and)f Fw(z)h Fu(ranges)g(o)m(v)m(er)g(the)g
(natural)f(n)m(um)m(b)s(ers)h(\(that)g(is)f Fw(z)p Ft(\025)p
Fw(0)p Fu(\))920 3651 y(and)g(where)i Fs(p)39 b Fu(is)32
b(de\014ned)i(b)m(y)f Fr(proc)h Fs(p)k Fr(is)33 b Fs(S)283
3856 y Fu(The)49 b(premise)e(of)f(this)h(rule)g(expresses)j(that)d(if)f
(w)m(e)i(assume)g(that)f(w)m(e)h(ha)m(v)m(e)h(a)e(pro)s(of)f(of)283
3976 y Ft(f)33 b Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 b
Ft(g)h Fr(call)g Fs(p)39 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)e
Fu(for)g(all)f(recursiv)m(e)j(calls)d(of)h Fs(p)46 b
Fu(of)40 b(depth)h(at)g(most)e Fw(z)i Fu(then)g(w)m(e)283
4097 y(can)33 b(pro)m(v)m(e)g Ft(f)f Fs(P)10 b Fu(\()p
Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(g)g Fs(S)44 b Ft(f)32
b(+)g Fs(Q)42 b Ft(g)p Fu(.)h(The)33 b(conclusion)f(expresses)j(that)d
(for)f(an)m(y)i(depth)g(of)283 4217 y(recursiv)m(e)h(calls)e(w)m(e)h
(ha)m(v)m(e)h(a)f(pro)s(of)e(of)h Ft(f)h(9)p Fw(z)p Fu(.)p
Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(call)h
Fs(p)39 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)p Fu(.)430 4338
y(The)28 b(inference)g(system)h(of)d(T)-8 b(able)28 b(6.2)f(extended)i
(with)e(the)h(rule)f([call)3023 4302 y Fn(rec)3023 4362
y(t)3116 4338 y Fu(])g(can)h(b)s(e)f(pro)m(v)m(ed)283
4458 y(to)i(b)s(e)f(sound.)43 b(If)28 b(it)g(is)g(extended)i(with)e
(additional)e(rules)i(\(as)g(discussed)j(ab)s(o)m(v)m(e\))e(it)e(can)i
(also)283 4579 y(b)s(e)k(pro)m(v)m(ed)h(to)f(b)s(e)f(complete.)283
4914 y Fj(6.5)161 b(Assertions)52 b(for)i(execution)f(time)283
5133 y Fu(A)42 b(pro)s(of)e(system)i(for)f(total)e(correctness)44
b(can)d(b)s(e)g(used)i(to)d(pro)m(v)m(e)j(that)e(a)g(program)e(do)s(es)
283 5254 y(indeed)46 b(terminate)e(but)h(it)f(do)s(es)i(not)e(sa)m(y)j
(ho)m(w)e(man)m(y)g(resources)i(it)d(needs)j(in)d(order)h(to)283
5374 y(terminate.)c(W)-8 b(e)30 b(shall)d(no)m(w)i(sho)m(w)h(ho)m(w)f
(to)g(extend)h(the)f(total)e(correctness)k(pro)s(of)d(system)h(of)283
5494 y(T)-8 b(able)33 b(6.2)f(to)g(pro)m(v)m(e)i Fs(the)h(or)-5
b(der)34 b(of)h(magnitude)f(of)h(the)g(exe)-5 b(cution)34
b(time)40 b Fu(of)32 b(a)g(statemen)m(t.)p eop
%%Page: 201 211
201 210 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
(time)1606 b(201)p 0 193 3473 4 v 146 515 a Fu(It)39
b(is)e(easy)i(to)f(giv)m(e)g(some)g(informal)d(guidelines)i(for)h(ho)m
(w)g(to)g(determine)g(the)h(order)f(of)0 636 y(magnitude)31
b(of)h(execution)i(time:)0 813 y Fw(assignmen)m(t:)49
b Fu(the)33 b(execution)g(time)e(is)h Ft(O)s Fu(\()p
Fw(1)p Fu(\),)h(that)f(is,)g(it)g(is)g(b)s(ounded)h(b)m(y)h(a)e
(constan)m(t,)0 1007 y Fw(skip:)49 b Fu(the)33 b(execution)g(time)e(is)
h Ft(O)s Fu(\()p Fw(1)p Fu(\),)0 1202 y Fw(comp)s(osition:)47
b Fu(the)35 b(execution)h(time)d(is,)i(to)f(within)g(a)g(constan)m(t)i
(factor,)f(the)g(sum)g(of)f(the)244 1322 y(execution)f(times)f(of)g
(eac)m(h)h(of)f(the)i(statemen)m(ts,)0 1517 y Fw(conditional:)47
b Fu(the)30 b(execution)h(time)d(is,)i(to)g(within)e(a)i(constan)m(t)g
(factor,)g(the)h(largest)e(of)g(the)244 1637 y(execution)k(times)f(of)g
(the)h(t)m(w)m(o)g(branc)m(hes,)i(and)0 1832 y Fw(iteration:)47
b Fu(the)30 b(execution)f(time)f(of)h(the)g(lo)s(op)f(is,)h(to)g
(within)f(a)h(constan)m(t)g(factor,)h(the)f(sum,)244
1952 y(o)m(v)m(er)34 b(all)c(iterations)h(round)i(the)g(lo)s(op,)e(of)h
(the)h(time)e(to)i(execute)h(the)f(b)s(o)s(dy)-8 b(.)0
2129 y(The)26 b(idea)f(no)m(w)h(is)f(to)f(formalize)f(these)k(rules)e
(b)m(y)h(giving)e(an)h(inference)h(system)g(for)f(reasoning)0
2250 y(ab)s(out)32 b(execution)h(times.)43 b(T)-8 b(o)33
b(do)f(so)h(w)m(e)g(shall)f(pro)s(ceed)h(in)f(three)h(stages:)145
2427 y Ft(\017)49 b Fu(\014rst)42 b(w)m(e)g(sp)s(ecify)f(the)h(exact)g
(time)e(needed)j(to)e(ev)-5 b(aluate)40 b(arithmetic)g(and)h(b)s(o)s
(olean)244 2547 y(expressions,)145 2742 y Ft(\017)49
b Fu(next)37 b(w)m(e)f(extend)h(the)g(natural)d(seman)m(tics)i(of)f
(Chapter)i(2)e(to)h(coun)m(t)g(the)g(exact)h(exe-)244
2862 y(cution)32 b(time,)f(and)145 3057 y Ft(\017)49
b Fu(\014nally)40 b(w)m(e)j(extend)g(the)g(total)d(correctness)k(pro)s
(of)d(system)h(to)g(pro)m(v)m(e)h(the)f(order)g(of)244
3177 y(magnitude)31 b(of)h(the)h(execution)h(time)d(of)h(statemen)m
(ts.)0 3354 y(Ho)m(w)m(ev)m(er,)f(b)s(efore)c(addressing)h(these)g
(issues)h(w)m(e)f(ha)m(v)m(e)h(to)e(\014x)h(a)f Fs(c)-5
b(omputational)29 b(mo)-5 b(del)p Fu(,)28 b(that)0 3475
y(is)43 b(w)m(e)i(ha)m(v)m(e)g(to)e(determine)h(ho)m(w)g(to)f(coun)m(t)
i(the)f(cost)g(of)f(the)h(v)-5 b(arious)43 b(op)s(erations.)76
b(The)0 3595 y(actual)36 b(c)m(hoice)i(is)e(not)i(so)f(imp)s(ortan)m(t)
e(but)j(for)e(the)i(sak)m(e)g(of)f(simplicit)m(y)e(w)m(e)j(ha)m(v)m(e)g
(based)g(it)0 3715 y(up)s(on)44 b(the)h(abstract)g(mac)m(hine)f(of)g
(Chapter)h(3.)79 b(The)46 b(idea)e(is)g(that)g(eac)m(h)h(instruction)f
(of)0 3836 y(the)38 b(mac)m(hine)e(tak)m(es)j(one)e(time)f(unit)h(and)g
(the)h(time)e(required)h(to)g(execute)i(an)e(arithmetic)0
3956 y(expression,)27 b(a)c(b)s(o)s(olean)f(expression)i(or)f(a)g
(statemen)m(t)h(will)d(b)s(e)j(the)g(time)e(required)h(to)g(execute)0
4077 y(the)29 b(generated)g(co)s(de.)43 b(Ho)m(w)m(ev)m(er,)32
b(no)c(kno)m(wledge)i(of)e(Chapter)h(3)f(is)g(required)i(in)d(the)i
(sequel.)0 4361 y Fp(Exact)46 b(execution)f(times)h(for)f(expressions)0
4546 y Fu(The)34 b(time)d(needed)j(to)e(ev)-5 b(aluate)32
b(an)h(arithmetic)d(expression)k(is)e(giv)m(en)h(b)m(y)g(a)g(function)
244 4723 y Ft(T)25 b(A)p Fu(:)43 b Fw(Aexp)33 b Ft(!)f
Fw(Z)0 4900 y Fu(so)24 b Ft(T)i(A)p Fu([)-17 b([)p Fs(a)7
b Fu(])-17 b(])25 b(is)f(the)h(n)m(um)m(b)s(er)f(of)g(time)f(units)h
(required)h(to)f(ev)-5 b(aluate)23 b Fs(a)32 b Fu(in)23
b(an)m(y)i(state.)41 b(Similarly)-8 b(,)0 5020 y(the)33
b(function)244 5197 y Ft(T)25 b(B)t Fu(:)43 b Fw(Bexp)33
b Ft(!)f Fw(Z)0 5374 y Fu(determines)41 b(the)f(n)m(um)m(b)s(er)h(of)f
(time)f(units)h(required)h(to)f(ev)-5 b(aluate)40 b(a)g(b)s(o)s(olean)f
(expression.)0 5494 y(These)34 b(functions)f(are)f(de\014ned)i(in)e(T)
-8 b(able)33 b(6.3.)p eop
%%Page: 202 212
202 211 bop 251 130 a Fw(202)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
419 V 283 2313 4 1894 v 715 528 a Ft(T)26 b(A)o Fu([)-17
b([)q Fs(n)7 b Fu(])-17 b(])374 b(=)100 b Fw(1)715 696
y Ft(T)26 b(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])379
b(=)100 b Fw(1)715 863 y Ft(T)26 b(A)o Fu([)-17 b([)q
Fs(a)969 878 y Fn(1)1041 863 y Fu(+)33 b Fs(a)1207 878
y Fn(2)1246 863 y Fu(])-17 b(])102 b(=)e Ft(T)25 b(A)p
Fu([)-17 b([)p Fs(a)1814 878 y Fn(1)1854 863 y Fu(])g(])33
b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 878 y Fn(2)2326
863 y Fu(])g(])33 b(+)g Fw(1)715 1031 y Ft(T)26 b(A)o
Fu([)-17 b([)q Fs(a)969 1046 y Fn(1)1041 1031 y Fo(?)33
b Fs(a)1180 1046 y Fn(2)1219 1031 y Fu(])-17 b(])129
b(=)100 b Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)1814 1046
y Fn(1)1854 1031 y Fu(])g(])33 b(+)g Ft(T)25 b(A)p Fu([)-17
b([)p Fs(a)2286 1046 y Fn(2)2326 1031 y Fu(])g(])33 b(+)g
Fw(1)715 1199 y Ft(T)26 b(A)o Fu([)-17 b([)q Fs(a)969
1214 y Fn(1)1041 1199 y Ft(\000)33 b Fs(a)1208 1214 y
Fn(2)1248 1199 y Fu(])-17 b(])100 b(=)g Ft(T)25 b(A)p
Fu([)-17 b([)p Fs(a)1814 1214 y Fn(1)1854 1199 y Fu(])g(])33
b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 1214 y Fn(2)2326
1199 y Fu(])g(])33 b(+)g Fw(1)715 1414 y Ft(T)26 b(B)s
Fu([)-17 b([)q Fr(true)p Fu(])g(])243 b(=)100 b Fw(1)715
1581 y Ft(T)26 b(B)s Fu([)-17 b([)q Fr(false)p Fu(])g(])192
b(=)100 b Fw(1)715 1749 y Ft(T)26 b(B)s Fu([)-17 b([)q
Fs(a)958 1764 y Fn(1)1030 1749 y Fu(=)33 b Fs(a)1196
1764 y Fn(2)1235 1749 y Fu(])-17 b(])113 b(=)100 b Ft(T)25
b(A)p Fu([)-17 b([)p Fs(a)1814 1764 y Fn(1)1854 1749
y Fu(])g(])33 b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286
1764 y Fn(2)2326 1749 y Fu(])g(])33 b(+)g Fw(1)715 1916
y Ft(T)26 b(B)s Fu([)-17 b([)q Fs(a)958 1931 y Fn(1)1030
1916 y Ft(\024)33 b Fs(a)1197 1931 y Fn(2)1237 1916 y
Fu(])-17 b(])111 b(=)100 b Ft(T)25 b(A)p Fu([)-17 b([)p
Fs(a)1814 1931 y Fn(1)1854 1916 y Fu(])g(])33 b(+)g Ft(T)25
b(A)p Fu([)-17 b([)p Fs(a)2286 1931 y Fn(2)2326 1916
y Fu(])g(])33 b(+)g Fw(1)715 2084 y Ft(T)26 b(B)s Fu([)-17
b([)q Ft(:)p Fs(b)6 b Fu(])-17 b(])330 b(=)100 b Ft(T)25
b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b(+)g Fw(1)715
2252 y Ft(T)26 b(B)s Fu([)-17 b([)q Fs(b)952 2267 y Fn(1)1024
2252 y Ft(^)33 b Fs(b)1174 2267 y Fn(2)1213 2252 y Fu(])-17
b(])135 b(=)100 b Ft(T)25 b(B)t Fu([)-17 b([)p Fs(b)1797
2267 y Fn(1)1837 2252 y Fu(])g(])33 b(+)f Ft(T)26 b(B)s
Fu([)-17 b([)q Fs(b)2252 2267 y Fn(2)2291 2252 y Fu(])g(])33
b(+)g Fw(1)p 3753 2313 V 283 2316 3473 4 v 987 2477 a
Fu(T)-8 b(able)32 b(6.3:)43 b(Exact)34 b(execution)f(times)f(for)g
(expressions)283 2743 y Fp(Exact)46 b(execution)g(times)g(for)f
(statemen)l(ts)283 2928 y Fu(T)-8 b(urning)25 b(to)f(the)i(execution)f
(time)e(for)i(statemen)m(ts)g(w)m(e)h(shall)e(extend)i(the)f(natural)f
(seman)m(tics)283 3049 y(of)47 b(T)-8 b(able)46 b(2.1)h(to)f(sp)s
(ecify)h(the)g(time)f(requiremen)m(ts.)87 b(This)47 b(is)f(done)h(b)m
(y)h(extending)f(the)283 3169 y(transitions)32 b(to)g(ha)m(v)m(e)i(the)
f(form)527 3345 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b
Ft(i)32 b(!)912 3309 y Fc(t)974 3345 y Fs(s)1022 3309
y Fi(0)283 3521 y Fu(meaning)k(that)h(if)e Fs(S)49 b
Fu(is)36 b(executed)j(from)d(state)h Fs(s)45 b Fu(then)37
b(it)f(will)f(terminate)g(in)h(state)i Fs(s)3539 3485
y Fi(0)3599 3521 y Fu(and)283 3642 y(exactly)d Fs(t)44
b Fu(time)33 b(units)i(will)d(b)s(e)i(required)h(for)f(this.)48
b(The)36 b(extension)f(of)f(T)-8 b(able)34 b(2.1)g(is)g(fairly)283
3762 y(straigh)m(tforw)m(ard)f(and)f(is)g(giv)m(en)h(in)f(T)-8
b(able)32 b(6.4.)283 4046 y Fp(The)45 b(inference)g(system)283
4231 y Fu(The)34 b(inference)g(system)g(for)e(pro)m(ving)h(the)h(order)
f(of)f(magnitude)g(of)h(the)g(execution)h(time)d(of)283
4351 y(statemen)m(ts)j(will)c(ha)m(v)m(e)k(assertions)f(of)f(the)h
(form)527 4527 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b
Ft(f)33 b Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)283 4704
y Fu(where)h Fs(P)51 b Fu(and)40 b Fs(Q)49 b Fu(are)41
b(predicates)f(as)h(in)e(the)i(previous)g(inference)g(systems)g(and)g
Fs(e)47 b Fu(is)40 b(an)283 4824 y(arithmetic)31 b(expression)j(\(that)
e(is)g Fs(e)40 b Ft(2)33 b Fw(Aexp)p Fu(\).)44 b(The)33
b(idea)f(is)g(that)552 4992 y Fs(if)54 b Fu(the)33 b(execution)g(of)f
Fs(S)44 b Fu(is)32 b(started)h(in)f(a)h(state)g(satisfying)e
Fs(P)552 5159 y(then)40 b Fu(it)32 b(terminates)f(in)h(a)h(state)g
(satisfying)e Fs(Q)552 5327 y(and)42 b Fu(the)33 b(required)h
(execution)f(time)e(is)h Ft(O)s Fu(\()p Fs(e)7 b Fu(\),)33
b(that)f(is)g(has)h(order)g(of)f(magnitude)g Fs(e)7 b
Fu(.)283 5494 y(So)33 b(for)f(example)p eop
%%Page: 203 213
203 212 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
(time)1606 b(203)p 0 193 3473 4 v 0 419 V 0 2490 4 2071
v 256 530 a Fu([ass)408 545 y Fn(tns)508 530 y Fu(])345
b Ft(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
b Ft(i)32 b(!)1479 494 y Fi(T)17 b(A)q Fn([)-12 b([)o
Fc(a)p Fn(])g(]+1)1811 530 y Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])256
745 y([skip)454 760 y Fn(tns)553 745 y Fu(])300 b Ft(h)o
Fr(skip)p Fu(,)34 b Fs(s)8 b Ft(i)32 b(!)1402 709 y Fn(1)1474
745 y Fs(s)256 1039 y Fu([comp)511 1054 y Fn(tns)610
1039 y Fu(])890 952 y Ft(h)o Fs(S)995 967 y Fn(1)1035
952 y Fu(,)p Fs(s)8 b Ft(i)32 b(!)1281 916 y Fc(t)1306
925 y Fd(1)1377 952 y Fs(s)1425 916 y Fi(0)1449 952 y
Fu(,)g Ft(h)p Fs(S)1614 967 y Fn(2)1653 952 y Fu(,)p
Fs(s)1728 916 y Fi(0)1752 952 y Ft(i)g(!)1923 916 y Fc(t)1948
925 y Fd(2)2019 952 y Fs(s)2067 916 y Fi(00)p 890 1016
1221 4 v 1070 1120 a Ft(h)p Fs(S)1176 1135 y Fn(1)1215
1120 y Fu(;)p Fs(S)1309 1135 y Fn(2)1349 1120 y Fu(,)g
Fs(s)8 b Ft(i)32 b(!)1627 1084 y Fc(t)1652 1093 y Fd(1)1687
1084 y Fn(+)p Fc(t)1767 1093 y Fd(2)1839 1120 y Fs(s)1887
1084 y Fi(00)256 1403 y Fu([if)353 1367 y Fn(tt)341 1428
y(tns)439 1403 y Fu(])1489 1317 y Ft(h)p Fs(S)1595 1332
y Fn(1)1634 1317 y Fu(,)p Fs(s)8 b Ft(i)33 b(!)1880 1281
y Fc(t)1942 1317 y Fs(s)1990 1281 y Fi(0)p 890 1380 1724
4 v 890 1485 a Ft(h)o Fr(if)g Fs(b)39 b Fr(then)33 b
Fs(S)1451 1500 y Fn(1)1523 1485 y Fr(else)h Fs(S)1828
1500 y Fn(2)1867 1485 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)2146
1449 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p
Fc(t)p Fn(+1)2542 1485 y Fs(s)2590 1449 y Fi(0)2688 1403
y Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fw(tt)256 1768 y Fu([if)353
1731 y Fn(\013)341 1792 y(tns)439 1768 y Fu(])1489 1681
y Ft(h)p Fs(S)1595 1696 y Fn(2)1634 1681 y Fu(,)p Fs(s)8
b Ft(i)33 b(!)1880 1645 y Fc(t)1942 1681 y Fs(s)1990
1645 y Fi(0)p 890 1744 V 890 1849 a Ft(h)o Fr(if)g Fs(b)39
b Fr(then)33 b Fs(S)1451 1864 y Fn(1)1523 1849 y Fr(else)h
Fs(S)1828 1864 y Fn(2)1867 1849 y Fu(,)f Fs(s)8 b Ft(i)32
b(!)2146 1813 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p
Fc(t)p Fn(+1)2542 1849 y Fs(s)2590 1813 y Fi(0)2688 1768
y Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
b(])p Fs(s)41 b Fu(=)32 b Fw(\013)256 2142 y Fu([while)518
2106 y Fn(tt)506 2167 y(tns)604 2142 y Fu(])890 2056
y Ft(h)o Fs(S)12 b Fu(,)p Fs(s)c Ft(i)33 b(!)1241 2020
y Fc(t)1303 2056 y Fs(s)1351 2020 y Fi(0)1375 2056 y
Fu(,)f Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b
Fu(,)33 b Fs(s)2155 2020 y Fi(0)2178 2056 y Ft(i)f(!)2349
2020 y Fc(t)2374 1996 y Fa(0)2434 2056 y Fs(s)2482 2020
y Fi(00)p 890 2119 1635 4 v 966 2224 a Ft(h)p Fr(while)i
Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
b(!)1858 2188 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p
Fc(t)p Fn(+)p Fc(t)2207 2164 y Fa(0)2230 2188 y Fn(+2)2357
2224 y Fs(s)2405 2188 y Fi(00)2599 2142 y Fu(if)32 b
Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
b Fu(=)32 b Fw(tt)256 2429 y Fu([while)518 2393 y Fn(\013)506
2454 y(tns)604 2429 y Fu(])249 b Ft(h)o Fr(while)34 b
Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32
b(!)1771 2393 y Fi(T)17 b(B)r Fn([)-12 b([)p Fc(b)p Fn(])g(])o(+3)2087
2429 y Fs(s)41 b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(\013)p 3469 2490
4 2071 v 0 2493 3473 4 v 294 2654 a Fu(T)-8 b(able)33
b(6.4:)43 b(Natural)31 b(seman)m(tics)i(for)f Fw(While)f
Fu(with)h(exact)i(execution)f(times)244 2911 y Ft(f)d
Fr(x)g Fu(=)g Fr(3)h Ft(g)f Fr(y)g Fu(:=)g Fr(1)p Fu(;)i
Fr(while)f Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
Fr(do)g Fu(\()p Fr(y)f Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)h
Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)f
Fr(1)g Ft(+)h Fr(true)g Ft(g)0 3102 y Fu(expresses)d(that)d(the)h
(execution)f(of)g(the)g(factorial)e(statemen)m(t)j(from)e(a)g(state)i
(where)g Fr(x)f Fu(has)h(the)0 3222 y(v)-5 b(alue)32
b Fw(3)h Fu(has)g(order)f(of)g(magnitude)g Fr(1)p Fu(,)h(that)f(is)g
(it)g(is)g(b)s(ounded)h(b)m(y)g(a)g(constan)m(t.)44 b(Similarly)-8
b(,)244 3413 y Ft(f)30 b Fr(x)h Fo(>)f Fu(0)g Ft(g)g
Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p
Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)f Fu(\()p Fr(y)h Fu(:=)f
Fr(y)p Fo(?)p Fr(x)p Fu(;)i Fr(x)e Fu(:=)g Fr(x)p Ft(\000)p
Fr(1)p Fu(\))i Ft(f)e Fr(x)g Ft(+)g Fr(true)i Ft(g)0
3604 y Fu(expresses)27 b(that)c(the)h(execution)g(of)f(the)h(factorial)
d(statemen)m(t)j(on)f(a)h(state)g(where)g Fr(x)g Fu(is)f(p)s(ositiv)m
(e)0 3724 y(has)33 b(order)g(of)f(magnitude)f Fr(x)p
Fu(.)146 3844 y(F)-8 b(ormally)g(,)30 b Fs(validity)41
b Fu(of)32 b(the)h(form)m(ula)e Ft(f)h Fs(P)43 b Ft(g)32
b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)32
b Fu(is)g(de\014ned)i(b)m(y)244 4035 y Ft(j)-17 b Fu(=)331
4050 y Fn(e)399 4035 y Ft(f)32 b Fs(P)43 b Ft(g)32 b
Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)0
4226 y Fu(if)31 b(and)i(only)f(if)244 4417 y(there)h(exists)h(a)e
(natural)f(n)m(um)m(b)s(er)i Fw(k)g Fu(suc)m(h)h(that)e(for)g(all)f
(states)i Fs(s)8 b Fu(,)244 4584 y(if)31 b Fs(P)43 b(s)e
Fu(=)32 b Fw(tt)g Fu(then)h(there)g(exists)h(a)e(state)h
Fs(s)1860 4548 y Fi(0)1916 4584 y Fu(and)g(a)f(n)m(um)m(b)s(er)h
Fs(t)42 b Fu(suc)m(h)34 b(that)244 4752 y Fs(Q)42 b(s)409
4716 y Fi(0)464 4752 y Fu(=)33 b Fw(tt)p Fu(,)f Ft(h)o
Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)1104 4716 y
Fc(t)1166 4752 y Fs(s)1214 4716 y Fi(0)1237 4752 y Fu(,)h(and)g
Fs(t)42 b Ft(\024)33 b Fw(k)g Fo(?)f Fu(\()p Ft(A)o Fu([)-17
b([)q Fs(e)7 b Fu(])-17 b(])q Fs(s)8 b Fu(\))0 4943 y(Note)39
b(that)g(the)h(expression)h Fs(e)46 b Fu(is)39 b(ev)-5
b(aluated)39 b(in)f(the)i(initial)35 b(state)40 b(rather)f(than)h(the)f
(\014nal)0 5063 y(state.)146 5183 y(The)26 b(axioms)d(and)i(rules)f(of)
g(the)h(inference)g(system)h(are)e(giv)m(en)h(in)e(T)-8
b(able)25 b(6.5.)40 b(Pro)m(v)-5 b(abilit)m(y)0 5304
y(of)32 b(the)h(assertion)g Ft(f)f Fs(P)43 b Ft(g)32
b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)32
b Fu(in)g(the)h(inference)g(system)h(is)e(written)244
5494 y Ft(`)305 5509 y Fn(e)373 5494 y Ft(f)g Fs(P)43
b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42
b Ft(g)p eop
%%Page: 204 214
204 213 bop 251 130 a Fw(204)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
419 V 283 3119 4 2700 v 350 528 a Fu([ass)502 543 y Fn(e)538
528 y Fu(])201 b Ft(f)33 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o
Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(])32 b Ft(g)h
Fs(x)44 b Fu(:=)32 b Fs(a)40 b Ft(f)33 b Fr(1)f Ft(+)h
Fs(P)43 b Ft(g)350 696 y Fu([skip)548 711 y Fn(e)583
696 y Fu(])156 b Ft(f)33 b Fs(P)43 b Ft(g)32 b Fr(skip)i
Ft(f)e Fr(1)h Ft(+)f Fs(P)43 b Ft(g)350 988 y Fu([comp)605
1003 y Fn(e)640 988 y Fu(])776 901 y Ft(f)33 b Fs(P)43
b Ft(^)33 b(B)s Fu([)-17 b([)q Fs(e)1225 865 y Fi(0)1225
926 y Fn(2)1264 901 y Fu(=)p Fr(u)p Fu(])g(])34 b Ft(g)e
Fs(S)1611 916 y Fn(1)1683 901 y Ft(f)g Fs(e)1817 916
y Fn(1)1889 901 y Ft(+)h Fs(Q)41 b Ft(^)33 b(B)t Fu([)-17
b([)p Fs(e)2356 916 y Fn(2)2396 901 y Ft(\024)q Fr(u)p
Fu(])g(])33 b Ft(g)p Fu(,)65 b Ft(f)32 b Fs(Q)42 b Ft(g)32
b Fs(S)3085 916 y Fn(2)3157 901 y Ft(f)g Fs(e)3291 916
y Fn(2)3364 901 y Ft(+)g Fs(R)37 b Ft(g)p 776 964 2871
4 v 1610 1069 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1951
1084 y Fn(1)1990 1069 y Fu(;)f Fs(S)2116 1084 y Fn(2)2188
1069 y Ft(f)h Fs(e)2323 1084 y Fn(1)2362 1069 y Fu(+)p
Fs(e)2490 1033 y Fi(0)2490 1094 y Fn(2)2562 1069 y Ft(+)g
Fs(R)j Ft(g)766 1202 y Fu(where)e Fr(u)f Fu(is)f(an)h(un)m(used)h
(logical)c(v)-5 b(ariable)350 1494 y([if)435 1509 y Fn(e)469
1494 y Fu(])776 1408 y Ft(f)33 b(B)s Fu([)-17 b([)q Fs(b)6
b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1443
1423 y Fn(1)1515 1408 y Ft(f)g Fs(e)40 b Ft(+)32 b Fs(Q)42
b Ft(g)p Fu(,)97 b Ft(f)33 b(:B)t Fu([)-17 b([)p Fs(b)6
b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)2799
1423 y Fn(2)2871 1408 y Ft(f)h Fs(e)39 b Ft(+)33 b Fs(Q)41
b Ft(g)p 776 1471 2522 4 v 1201 1576 a(f)33 b Fs(P)43
b Ft(g)32 b Fr(if)h Fs(b)38 b Fr(then)c Fs(S)1998 1591
y Fn(1)2070 1576 y Fr(else)f Fs(S)2374 1591 y Fn(2)2446
1576 y Ft(f)g Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)350
1833 y Fu([while)600 1848 y Fn(e)634 1833 y Fu(])776
1747 y Ft(f)33 b Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p
Fu(\))32 b Ft(^)h(B)t Fu([)-17 b([)p Fs(e)1482 1711 y
Fi(0)1534 1747 y Fu(=)p Fr(u)p Fu(])g(])33 b Ft(g)f Fs(S)44
b Ft(f)33 b Fs(e)2047 1762 y Fn(1)2119 1747 y Ft(+)f
Fs(P)10 b Fu(\()p Fr(z)p Fu(\))33 b Ft(^)g(B)t Fu([)-17
b([)p Fs(e)7 b Ft(\024)q Fr(u)p Fu(])-17 b(])34 b Ft(g)p
776 1810 2178 4 v 1021 1915 a(f)e(9)p Fw(z)p Fu(.)p Fs(P)10
b Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(while)i Fs(b)39
b Fr(do)33 b Fs(S)44 b Ft(f)32 b Fs(e)40 b Ft(+)32 b
Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Ft(g)766 2048 y Fu(where)h
Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(\))f(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g(B)s
Fu([)-17 b([)q Fs(e)7 b Ft(\025)q Fs(e)2161 2063 y Fn(1)2200
2048 y Fu(+)p Fs(e)2328 2012 y Fi(0)2352 2048 y Fu(])-17
b(])q(,)32 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f(:)q(B)s
Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g(B)s
Fu([)-17 b([)q Fr(1)p Ft(\024)p Fs(e)7 b Fu(])-17 b(])766
2216 y(and)33 b Fr(u)g Fu(is)f(an)h(un)m(used)h(logical)29
b(v)-5 b(ariable)766 2383 y(and)33 b Fw(z)f Fu(ranges)i(o)m(v)m(er)f
(natural)f(n)m(um)m(b)s(ers)h(\(that)f(is)g Fw(z)p Ft(\025)q
Fw(0)p Fu(\))350 2675 y([cons)561 2690 y Fn(e)597 2675
y Fu(])809 2589 y Ft(f)g Fs(P)967 2552 y Fi(0)1023 2589
y Ft(g)h Fs(S)44 b Ft(f)32 b Fs(e)1339 2552 y Fi(0)1396
2589 y Ft(+)g Fs(Q)1573 2552 y Fi(0)1629 2589 y Ft(g)p
776 2652 903 4 v 811 2757 a(f)h Fs(P)43 b Ft(g)32 b Fs(S)44
b Ft(f)33 b Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)766 2890
y Fu(where)34 b(\(for)e(some)h(natural)e(n)m(um)m(b)s(er)i
Fr(k)p Fu(\))g Fs(P)43 b Ft(\))32 b Fs(P)2615 2854 y
Fi(0)2671 2890 y Ft(^)h(B)s Fu([)-17 b([)q Fs(e)2928
2854 y Fi(0)2952 2890 y Ft(\024)p Fr(k)p Fo(?)p Fs(e)7
b Fu(])-17 b(])766 3058 y(and)33 b Fs(Q)1040 3021 y Fi(0)1096
3058 y Ft(\))f Fs(Q)p 3753 3119 4 2700 v 283 3122 3473
4 v 523 3282 a Fu(T)-8 b(able)33 b(6.5:)43 b(Axiomatic)30
b(system)k(for)e(order)h(of)f(magnitude)f(of)h(execution)h(time)283
3568 y(The)41 b(assignmen)m(t)f(statemen)m(t)g(and)f(the)i
Fr(skip)f Fu(statemen)m(t)g(can)g(b)s(e)g(executed)i(in)d(constan)m(t)
283 3688 y(time)32 b(and)g(therefore)i(w)m(e)f(use)h(the)f(arithmetic)d
(expression)k Fr(1)p Fu(.)430 3809 y(The)g(rule)f([comp)1082
3824 y Fn(e)1117 3809 y Fu(])h(assumes)g(that)g(w)m(e)g(ha)m(v)m(e)h
(pro)s(ofs)e(sho)m(wing)h(that)f Fs(e)3068 3824 y Fn(1)3141
3809 y Fu(and)h Fs(e)3384 3824 y Fn(2)3457 3809 y Fu(are)f(the)283
3929 y(order)38 b(of)f(magnitudes)f(of)h(the)h(execution)g(times)e(for)
h(the)h(t)m(w)m(o)g(statemen)m(ts.)58 b(Ho)m(w)m(ev)m(er,)41
b Fs(e)3716 3944 y Fn(1)283 4050 y Fu(expresses)46 b(the)e(time)d
(requiremen)m(ts)j(of)e Fs(S)1905 4065 y Fn(1)1987 4050
y Fu(relativ)m(e)h(to)f(the)h(initial)c(state)44 b(of)e
Fs(S)3382 4065 y Fn(1)3464 4050 y Fu(and)h Fs(e)3716
4065 y Fn(2)283 4170 y Fu(expresses)31 b(the)d(time)e(requiremen)m(ts)i
(relativ)m(e)f(to)g(the)h(initial)c(state)k(of)f Fs(S)2958
4185 y Fn(2)2997 4170 y Fu(.)42 b(This)28 b(means)f(that)283
4290 y(w)m(e)42 b(cannot)f(simply)e(use)j Fs(e)1312 4305
y Fn(1)1392 4290 y Fu(+)e Fs(e)1560 4305 y Fn(2)1641
4290 y Fu(as)g(the)h(time)f(requiremen)m(t)h(for)f Fs(S)2949
4305 y Fn(1)2988 4290 y Fu(;)k Fs(S)3126 4305 y Fn(2)3166
4290 y Fu(.)67 b(W)-8 b(e)41 b(ha)m(v)m(e)h(to)283 4411
y(replace)37 b Fs(e)670 4426 y Fn(2)745 4411 y Fu(with)f(an)g
(expression)i Fs(e)1636 4375 y Fi(0)1636 4435 y Fn(2)1712
4411 y Fu(suc)m(h)f(that)f Fs(e)2202 4375 y Fi(0)2202
4435 y Fn(2)2278 4411 y Fu(ev)-5 b(aluated)36 b(in)f(the)i(initial)32
b(state)37 b(of)f Fs(S)3717 4426 y Fn(1)283 4531 y Fu(will)28
b(b)s(ound)j(the)g(v)-5 b(alue)29 b(of)h Fs(e)1340 4546
y Fn(2)1410 4531 y Fu(in)f(the)i(initial)c(state)j(of)g
Fs(S)2379 4546 y Fn(2)2449 4531 y Fu(\(whic)m(h)g(is)g(the)h(\014nal)e
(state)i(of)f Fs(S)3652 4546 y Fn(1)3691 4531 y Fu(\).)283
4651 y(This)j(is)e(expressed)k(b)m(y)d(the)h(extended)h(precondition)d
(and)h(p)s(ostcondition)e(of)i Fs(S)3295 4666 y Fn(1)3366
4651 y Fu(using)f(the)283 4772 y(logical)f(v)-5 b(ariable)31
b Fr(u)p Fu(.)430 4892 y(The)43 b(rule)f([if)930 4907
y Fn(e)965 4892 y Fu(])g(is)g(fairly)f(straigh)m(tforw)m(ard)h(since)h
(the)f(time)g(required)g(for)g(the)h(test)g(is)283 5013
y(constan)m(t.)430 5133 y(In)29 b(the)g(rule)g(for)f(the)i
Fr(while)p Fu(-construct)h(w)m(e)f(assume)f(that)g(the)g(execution)h
(time)d(is)i Fs(e)3571 5148 y Fn(1)3639 5133 y Fu(for)283
5254 y(the)40 b(b)s(o)s(dy)e(and)h(is)f Fs(e)46 b Fu(for)39
b(the)g(lo)s(op)e(itself.)61 b(As)39 b(in)f(the)h(rule)f([comp)2844
5269 y Fn(e)2879 5254 y Fu(])h(w)m(e)h(cannot)f(just)g(use)283
5374 y Fs(e)335 5389 y Fn(1)413 5374 y Fu(+)e Fs(e)45
b Fu(as)38 b(the)g(total)e(time)g(required)i(b)s(ecause)h
Fs(e)2184 5389 y Fn(1)2261 5374 y Fu(refers)g(to)e(the)h(state)g(b)s
(efore)g(the)g(b)s(o)s(dy)283 5494 y(of)i(the)g(lo)s(op)f(is)h
(executed)i(and)e Fs(e)47 b Fu(to)40 b(the)g(state)h(after)f(the)g(b)s
(o)s(dy)g(is)g(executed)i(once.)66 b(W)-8 b(e)p eop
%%Page: 205 215
205 214 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
(time)1606 b(205)p 0 193 3473 4 v 0 515 a Fu(shall)31
b(therefore)i(require)g(that)f(there)i(is)e(an)g(expression)i
Fs(e)2181 479 y Fi(0)2237 515 y Fu(suc)m(h)g(that)e Fs(e)2720
479 y Fi(0)2776 515 y Fu(ev)-5 b(aluated)32 b(b)s(efore)0
636 y(the)i(b)s(o)s(dy)g(will)d(b)s(ound)j Fs(e)41 b
Fu(ev)-5 b(aluated)33 b(after)h(the)g(b)s(o)s(dy)-8 b(.)46
b(Then)35 b(it)e(m)m(ust)h(b)s(e)f(the)i(case)f(that)g
Fs(e)0 756 y Fu(satis\014es)29 b Fs(e)35 b Ft(\025)28
b Fs(e)592 771 y Fn(1)659 756 y Fu(+)g Fs(e)815 720 y
Fi(0)866 756 y Fu(b)s(ecause)i Fs(e)35 b Fu(has)28 b(to)f(b)s(ound)h
(the)h(time)d(for)h(executing)i(the)f Fr(while)p Fu(-lo)s(op)0
877 y(indep)s(enden)m(tly)36 b(of)f(the)h(n)m(um)m(b)s(er)f(of)g(times)
f(it)h(is)g(unfolded.)51 b(As)36 b(w)m(e)g(shall)e(see)i(in)f(Example)0
997 y(6.36,)45 b(this)e(corresp)s(onds)h(to)f(the)h Fs(r)-5
b(e)g(curr)g(enc)g(e)44 b(e)-5 b(quations)50 b Fu(that)43
b(often)g(ha)m(v)m(e)i(to)d(b)s(e)i(solv)m(ed)0 1117
y(when)29 b(analysing)e(the)i(execution)g(time)e(of)g(programs.)42
b(Finally)-8 b(,)26 b(the)j(rule)e([cons)2975 1132 y
Fn(e)3012 1117 y Fu(])h(should)g(b)s(e)0 1238 y(straigh)m(tforw)m(ard.)
0 1483 y Fw(Example)37 b(6.35)49 b Fu(W)-8 b(e)29 b(shall)f(no)m(w)h
(pro)m(v)m(e)i(that)e(the)g(execution)h(time)e(of)g(the)i(factorial)c
(state-)0 1604 y(men)m(t)32 b(has)g(order)h(of)e(magnitude)g
Fr(x)p Fu(.)43 b(This)32 b(can)h(b)s(e)f(expressed)j(b)m(y)e(the)f
(follo)m(wing)d(assertion:)244 1818 y Ft(f)h Fr(x)g Fo(>)g
Fr(0)h Ft(g)f Fr(y)g Fu(:=)g Fr(1)p Fu(;)i Fr(while)f
Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
Fr(y)f Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)f Fr(x)g Ft(+)h
Fr(true)g Ft(g)0 2032 y Fu(The)g(inference)g(of)f(this)g(assertion)g
(pro)s(ceeds)h(in)f(a)g(n)m(um)m(b)s(er)h(of)e(stages.)44
b(First)29 b(w)m(e)i(de\014ne)h(the)0 2153 y(predicate)h
Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))33 b(that)f(is)g(to)g(b)s(e)h(the)g
(in)m(v)-5 b(arian)m(t)31 b(of)h(the)h Fr(while)p Fu(-lo)s(op)244
2367 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Fs(s)40
b Fu(=)33 b(\()p Fs(s)40 b Fr(x)33 b Fo(>)f Fw(0)h Fu(and)g
Fs(s)40 b Fr(x)33 b Fu(=)f Fw(z)h Fu(+)f Fw(1)p Fu(\))0
2581 y(The)38 b(logical)d(v)-5 b(ariables)36 b Fr(u)974
2596 y Fn(1)1051 2581 y Fu(and)h Fr(u)1296 2596 y Fn(2)1373
2581 y Fu(are)h(used)g(for)f(the)h Fr(while)p Fu(-lo)s(op)e(and)i(the)g
(b)s(o)s(dy)f(of)g(the)0 2702 y Fr(while)p Fu(-lo)s(op,)30
b(resp)s(ectiv)m(ely)-8 b(.)43 b(W)-8 b(e)30 b(shall)e(\014rst)i
(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)41
b(Using)29 b([ass)3409 2717 y Fn(e)3445 2702 y Fu(])0
2822 y(w)m(e)34 b(get)244 3036 y Ft(`)305 3051 y Fn(e)373
3036 y Ft(f)e Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32
b Ft(^)h Fr(x)p Ft(\024)q Fr(u)1131 3051 y Fn(1)1170
3036 y Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p
Fu(])h Ft(g)e Fr(x)h Fu(:=)f Fr(x)h Ft(\000)g Fr(1)g
Ft(f)f Fr(1)h Ft(+)g Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))32
b Ft(^)h Fr(x)p Ft(\024)q Fr(u)3102 3051 y Fn(1)3174
3036 y Ft(g)0 3250 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244
3465 y Ft(`)305 3480 y Fn(e)373 3465 y Ft(f)f Fu(\(\()p
Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)q
Fr(u)1169 3480 y Fn(1)1208 3465 y Fu(\)[)p Fr(x)p Ft(7!)p
Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)p
Fr(u)1942 3480 y Fn(2)1982 3465 y Fu(\)[)p Fr(y)p Ft(7!)p
Fr(y)p Fo(?)p Fr(x)p Fu(])g Ft(g)373 3632 y Fr(y)g Fu(:=)f
Fr(y)h Fo(?)f Fr(x)373 3800 y Ft(f)g Fr(1)h Ft(+)f Fu(\()p
Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)q
Fr(u)1308 3815 y Fn(1)1347 3800 y Fu(\)[)p Fr(x)p Ft(7!)p
Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)q
Fr(u)2082 3815 y Fn(2)2154 3800 y Ft(g)0 4014 y Fu(Before)f(applying)e
(the)i(rule)f([comp)1317 4029 y Fn(e)1352 4014 y Fu(])h(w)m(e)g(ha)m(v)
m(e)h(to)e(mo)s(dify)f(the)i(precondition)f(of)g(the)h(ab)s(o)m(v)m(e)0
4135 y(assertion.)43 b(W)-8 b(e)33 b(ha)m(v)m(e)244 4349
y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b
Ft(^)h Fr(x)p Ft(\000)p Fr(1)p Fu(=)p Fr(u)1140 4364
y Fn(1)1213 4349 y Ft(^)g Fr(1)p Fu(=)p Fr(u)1490 4364
y Fn(2)244 4516 y Ft(\))f Fu(\(\()p Fs(INV)19 b Fu(\()p
Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)p Fr(u)1089 4531
y Fn(1)1129 4516 y Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p
Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)p Fr(u)1863 4531
y Fn(2)1903 4516 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(y)p Fo(?)p
Fr(x)p Fu(])0 4731 y(so)g(using)f([cons)586 4746 y Fn(e)622
4731 y Fu(])h(w)m(e)h(get)244 4945 y Ft(`)305 4960 y
Fn(e)373 4945 y Ft(f)e Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p
Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\000)p Fr(1)p Fu(=)p
Fr(u)1351 4960 y Fn(1)1424 4945 y Ft(^)g Fr(1)p Fu(=)p
Fr(u)1701 4960 y Fn(2)1773 4945 y Ft(g)373 5113 y Fr(y)g
Fu(:=)f Fr(y)h Fo(?)f Fr(x)373 5280 y Ft(f)g Fr(1)h Ft(+)f
Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h
Fr(x)p Ft(\024)q Fr(u)1308 5295 y Fn(1)1347 5280 y Fu(\)[)p
Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f
Fr(1)p Ft(\024)q Fr(u)2082 5295 y Fn(2)2154 5280 y Ft(g)0
5494 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f([comp)1073
5509 y Fn(e)1109 5494 y Fu(])g(and)h(get)p eop
%%Page: 206 216
206 215 bop 251 130 a Fw(206)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
515 a Ft(`)588 530 y Fn(e)656 515 y Ft(f)33 b Fs(INV)18
b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p
Ft(\000)p Fr(1)p Fu(=)p Fr(u)1634 530 y Fn(1)1707 515
y Ft(g)656 683 y Fr(y)g Fu(:=)g Fr(y)f Fo(?)h Fr(x)p
Fu(;)f Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p Fr(1)656 851 y
Ft(f)g Fr(1)p Fu(+)p Fr(1)g Ft(+)f Fs(INV)19 b Fu(\()p
Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)p Fr(u)1680 866
y Fn(1)1753 851 y Ft(g)283 1036 y Fu(and)g(using)f([cons)939
1051 y Fn(e)976 1036 y Fu(])g(w)m(e)i(get)527 1221 y
Ft(`)588 1236 y Fn(e)656 1221 y Ft(f)f Fs(INV)18 b Fu(\()p
Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\000)p
Fr(1)p Fu(=)p Fr(u)1634 1236 y Fn(1)1707 1221 y Ft(g)656
1389 y Fr(y)g Fu(:=)g Fr(y)f Fo(?)h Fr(x)p Fu(;)f Fr(x)h
Fu(:=)g Fr(x)p Ft(\000)p Fr(1)656 1556 y Ft(f)g Fr(1)f
Ft(+)h Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))33 b Ft(^)g Fr(x)p
Ft(\024)p Fr(u)1553 1571 y Fn(1)1626 1556 y Ft(g)283
1742 y Fu(It)g(is)f(easy)i(to)e(v)m(erify)h(that)527
1927 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32
b Ft(\))g(:)q Fu(\()p Fr(x)g Fu(=)h Fr(1)p Fu(\))f Ft(^)h
Fr(x)p Ft(\025)q Fr(1)p Fu(+\()p Fr(x)p Ft(\000)p Fr(1)p
Fu(\),)h(and)527 2095 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32
b Ft(\))h(:)p Fu(\()p Ft(:)p Fu(\()p Fr(x)g Fu(=)f Fr(1)p
Fu(\)\))h Ft(^)g Fr(1)p Ft(\024)q Fr(x)283 2280 y Fu(Therefore)h(w)m(e)
g(can)f(use)g(the)g(rule)f([while)1829 2295 y Fn(e)1864
2280 y Fu(])h(and)f(get)582 2448 y Ft(`)643 2463 y Fn(e)711
2448 y Ft(f)g(9)p Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p
Fu(\))32 b Ft(g)h Fr(while)g Ft(:)q Fu(\()p Fr(x)p Fu(=)p
Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p
Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
Fr(1)p Fu(\))i Ft(f)e Fr(x)h Ft(+)f Fs(INV)19 b Fu(\()p
Fw(0)p Fu(\))32 b Ft(g)283 2615 y Fu(W)-8 b(e)33 b(shall)f(no)m(w)h
(apply)f(the)h(axiom)e([ass)1761 2630 y Fn(e)1797 2615
y Fu(])i(to)f(the)h(statemen)m(t)g Fr(y)g Fu(:=)g Fr(1)f
Fu(and)h(get)527 2801 y Ft(`)588 2816 y Fn(e)656 2801
y Ft(f)g Fu(\()p Ft(9)p Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p
Fw(z)p Fu(\))33 b Ft(^)g Fr(1)p Ft(\024)p Fr(u)1546 2816
y Fn(3)1586 2801 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(1)p Fu(])g
Ft(g)f Fr(y)h Fu(:=)f Fr(1)h Ft(f)g Fr(1)f Ft(+)h(9)p
Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h
Fr(1)p Ft(\024)p Fr(u)3327 2816 y Fn(3)3400 2801 y Ft(g)283
2986 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)527 3171 y Fr(x)p
Fo(>)p Fr(0)g Ft(^)g Fr(1)p Fu(=)p Fr(u)1015 3186 y Fn(3)1088
3171 y Ft(\))f Fu(\()p Ft(9)p Fw(z)p Fu(.)p Fs(INV)19
b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(1)p Ft(\024)p Fr(u)2027
3186 y Fn(3)2067 3171 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(1)p
Fu(])283 3356 y(so)g(using)f([cons)869 3371 y Fn(e)906
3356 y Fu(])h(w)m(e)g(get)527 3542 y Ft(`)588 3557 y
Fn(e)656 3542 y Ft(f)g Fr(x)p Fo(>)p Fr(0)g Ft(^)f Fr(1)p
Fu(=)p Fr(u)1226 3557 y Fn(3)1299 3542 y Ft(g)g Fr(y)h
Fu(:=)f Fr(1)h Ft(f)g Fr(1)f Ft(+)h(9)p Fw(z)p Fu(.)p
Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(1)p Ft(\024)p
Fr(u)2713 3557 y Fn(3)2786 3542 y Ft(g)283 3727 y Fu(The)h(rule)e
([comp)934 3742 y Fn(e)969 3727 y Fu(])h(no)m(w)g(giv)m(es)527
3912 y Ft(`)588 3927 y Fn(e)656 3912 y Ft(f)g Fr(x)p
Fo(>)p Fr(0)g Ft(g)656 4080 y Fr(y)g Fu(:=)g Fr(1)p Fu(;)f
Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e
Fr(do)i Fu(\()p Fr(y)e Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g
Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p Fu(\))656 4248
y Ft(f)g Fr(1)p Fu(+)p Fr(x)g Ft(+)f Fs(INV)19 b Fu(\()p
Fw(0)p Fu(\))32 b Ft(g)283 4433 y Fu(Clearly)g(w)m(e)i(ha)m(v)m(e)527
4618 y Fr(x)p Fo(>)p Fu(0)f Ft(\))f Fr(1)p Fu(+)p Fr(x)h
Ft(\024)g Fw(2)p Fo(?)p Fr(x)p Fu(,)g(and)527 4786 y
Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 b Ft(\))h Fr(true)283
4971 y Fu(so)g(applying)f(rule)g([cons)1208 4986 y Fn(e)1244
4971 y Fu(])h(w)m(e)g(get)527 5156 y Ft(`)588 5171 y
Fn(e)656 5156 y Ft(f)g Fr(x)f Fo(>)h Fu(0)f Ft(g)656
5324 y Fr(y)h Fu(:=)g Fr(1)p Fu(;)f Fr(while)i Ft(:)q
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e Fr(do)i Fu(\()p
Fr(y)e Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)f Fu(:=)h
Fr(x)p Ft(\000)p Fr(1)p Fu(\))656 5492 y Ft(f)g Fr(x)f
Ft(+)h Fr(true)g Ft(g)p eop
%%Page: 207 217
207 216 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
(time)1606 b(207)p 0 193 3473 4 v 0 515 a Fu(as)33 b(required.)2902
b Fh(2)0 760 y Fw(Example)37 b(6.36)49 b Fu(Assume)31
b(no)m(w)h(that)f(w)m(e)h(w)m(an)m(t)f(to)g(determine)f(an)h
(arithmetic)e(expression)0 881 y Fs(e)52 896 y Fn(fac)177
881 y Fu(suc)m(h)34 b(that)244 1096 y Ft(`)305 1111 y
Fn(e)373 1096 y Ft(f)e Fr(x)h Fo(>)f Fu(0)h Ft(g)373
1263 y Fr(y)g Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p
Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
Fr(x)p Ft(\000)p Fr(1)p Fu(\))373 1431 y Ft(f)g Fs(e)507
1446 y Fn(fac)632 1431 y Ft(+)h Fr(true)g Ft(g)0 1646
y Fu(In)f(other)h(w)m(ords)g(w)m(e)g(w)m(an)m(t)g(to)e(determine)h(the)
h(order)f(of)f(magnitude)g(of)h(the)g(time)f(required)0
1767 y(to)44 b(execute)j(the)e(factorial)d(statemen)m(t.)81
b(W)-8 b(e)45 b(can)g(then)g(attempt)f(constructing)h(a)f(pro)s(of)0
1887 y(of)36 b(the)g(ab)s(o)m(v)m(e)i(assertion)e(using)g(the)g
(inference)h(system)h(of)d(T)-8 b(able)36 b(6.5)g(with)g
Fs(e)2974 1902 y Fn(fac)3103 1887 y Fu(b)s(eing)f(an)0
2007 y(unsp)s(eci\014ed)45 b(arithmetic)c(expression.)77
b(The)45 b(v)-5 b(arious)42 b(side)i(conditions)e(of)h(the)h(rules)g
(will)0 2128 y(then)32 b(sp)s(ecify)g(a)g(set)g(of)f(\(in\)equations)g
(that)h(ha)m(v)m(e)h(to)e(b)s(e)h(ful\014lled)d(b)m(y)k
Fs(e)2698 2143 y Fn(fac)2822 2128 y Fu(in)e(order)h(for)f(the)0
2248 y(pro)s(of)h(to)g(exist.)146 2371 y(W)-8 b(e)43
b(shall)e(\014rst)i(consider)f(the)h(b)s(o)s(dy)f(of)g(the)h(lo)s(op.)
71 b(V)-8 b(ery)43 b(m)m(uc)m(h)g(as)g(in)e(the)i(previous)0
2491 y(example)32 b(w)m(e)i(get)244 2707 y Ft(`)305 2722
y Fn(e)373 2707 y Ft(f)e Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p
Fw(1)p Fu(\))32 b Ft(^)h Fs(e)7 b Fu([)p Fr(x)p Ft(7!)p
Fr(x)p Ft(\000)p Fr(1)p Fu(]=)p Fr(u)1608 2722 y Fn(1)1681
2707 y Ft(g)373 2874 y Fr(y)33 b Fu(:=)f Fr(y)h Fo(?)f
Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)373
3042 y Ft(f)g Fr(1)h Ft(+)f Fs(INV)19 b Fu(\()p Fw(z)p
Fu(\))32 b Ft(^)h Fs(e)7 b Ft(\024)q Fr(u)1271 3057 y
Fn(1)1343 3042 y Ft(g)0 3257 y Fu(where)34 b Fs(e)39
b Fu(is)32 b(the)h(execution)g(time)e(of)h(the)h Fr(while)p
Fu(-construct.)45 b(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)0
3377 y([while)250 3392 y Fn(e)285 3377 y Fu(])f(if)g
Fs(e)40 b Fu(ful\014ls)31 b(the)i(conditions)319 3542
y Fs(INV)18 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b
Ft(\))g Fs(e)7 b Ft(\025)q Fr(1)p Fu(+)p Fs(e)g Fu([)p
Fr(x)p Ft(7!)q Fr(x)p Ft(\000)p Fr(1)p Fu(])319 3710
y Fs(INV)18 b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f Fr(1)p
Ft(\024)q Fs(e)3348 3627 y Fu(\(*\))0 3871 y(and)h(w)m(e)g(will)e(get)
297 4038 y Ft(`)358 4053 y Fn(e)426 4038 y Ft(f)i(9)p
Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)g
Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h
Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(\))g Ft(f)f
Fs(e)40 b Ft(+)33 b Fs(INV)18 b Fu(\()p Fw(0)p Fu(\))33
b Ft(g)0 4206 y Fu(The)h(requiremen)m(t)e(\(*\))h(corresp)s(onds)h(to)e
(the)h(recurrence)h(equation)244 4421 y Fs(T)13 b Fu(\()p
Fr(x)p Fu(\))33 b(=)f Fr(1)h Fu(+)f Fs(T)13 b Fu(\()p
Fr(x)p Ft(\000)p Fr(1)p Fu(\))244 4589 y Fs(T)g Fu(\()p
Fr(1)p Fu(\))33 b(=)f Fr(1)0 4804 y Fu(obtained)d(b)m(y)i(the)f
(standard)g(tec)m(hniques)i(from)d(execution)h(time)f(analysis.)42
b(If)29 b(w)m(e)i(tak)m(e)g Fs(e)37 b Fu(to)0 4924 y(b)s(e)e
Fr(x)g Fu(then)g(\(*\))g(is)f(ful\014lled.)48 b(The)35
b(remainder)f(of)g(the)i(pro)s(of)d(is)i(v)m(ery)h(m)m(uc)m(h)f(as)g
(in)f(Exercise)0 5045 y(6.35)e(and)h(w)m(e)g(get)g(that)f
Fs(e)965 5060 y Fn(fac)1090 5045 y Fu(m)m(ust)h(satisfy)244
5260 y Fr(x)g Fo(>)f Fr(0)h Ft(\))f Fr(x)p Fu(+)p Fr(1)h
Ft(\024)g Fw(k)p Fo(?)p Fs(e)1133 5275 y Fn(fac)1258
5260 y Fu(for)f(some)g(constan)m(t)i Fw(k)0 5475 y Fu(so)f
Fs(e)172 5490 y Fn(fac)297 5475 y Fu(ma)m(y)f(b)s(e)h(tak)m(en)h(to)e
(b)s(e)h Fr(x)p Fu(.)2161 b Fh(2)p eop
%%Page: 208 218
208 217 bop 251 130 a Fw(208)1567 b(6)112 b(Axiomatic)35
b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
515 a(Exercise)37 b(6.37)49 b Fu(Mo)s(dify)24 b(the)i(pro)s(of)e(of)g
(Lemma)g(6.30)g(to)h(sho)m(w)h(that)f(the)g(inference)h(system)283
636 y(of)33 b(T)-8 b(able)32 b(6.5)g(is)g(sound.)2487
b Fh(2)283 864 y Fw(Exercise)37 b(6.38)49 b Fu(**)43
b(Suggest)h(an)f(alternativ)m(e)f(rule)h(for)g Fr(while)i
Fs(b)k Fr(do)44 b Fs(S)55 b Fu(that)43 b(expresses)283
984 y(that)33 b(its)g(execution)h(time,)e(neglecting)g(constan)m(t)i
(factors,)g(is)e(the)i(pro)s(duct)f(of)g(the)g(n)m(um)m(b)s(er)283
1105 y(of)f(times)f(the)i(lo)s(op)d(is)i(executed)i(and)e(the)h
(maximal)28 b(execution)33 b(time)e(for)g(the)i(b)s(o)s(dy)f(of)f(the)
283 1225 y(lo)s(op.)3188 b Fh(2)283 1454 y Fw(Exercise)37
b(6.39)49 b Fu(Suggest)e(an)f(inference)h(rule)f(for)g
Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85
b(Y)-8 b(ou)47 b(are)f(not)283 1574 y(allo)m(w)m(ed)32
b(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g Fr(while)p
Fu(-construct)i(in)e(the)h(language.)427 b Fh(2)p eop
%%Page: 209 219
209 218 bop 0 1180 a Fv(Chapter)78 b(7)0 1595 y(F)-19
b(urther)78 b(Reading)0 2047 y Fu(In)23 b(this)f(b)s(o)s(ok)g(w)m(e)i
(ha)m(v)m(e)g(co)m(v)m(ered)h(the)e(basic)f(ingredien)m(ts)h(in)f
(three)h(approac)m(hes)h(to)e(seman)m(tics:)145 2233
y Ft(\017)49 b Fu(op)s(erational)30 b(seman)m(tics,)145
2430 y Ft(\017)49 b Fu(denotational)30 b(seman)m(tics,)j(and)145
2628 y Ft(\017)49 b Fu(axiomatic)30 b(seman)m(tics.)0
2813 y(W)-8 b(e)39 b(ha)m(v)m(e)i(concen)m(trated)g(on)e(a)f(rather)i
(simple)d(language)h(of)h Fr(while)p Fu(-programs)g(and)g(ha)m(v)m(e)0
2934 y(studied)d(the)h(underlying)e(theories)h(and)g(the)h(formal)c
(relationships)i(b)s(et)m(w)m(een)j(the)e(v)-5 b(arious)0
3054 y(approac)m(hes.)83 b(The)47 b(p)s(o)m(w)m(er)f(of)f(the)h(three)g
(approac)m(hes)h(ha)m(v)m(e)g(b)s(een)f(illustrated)e(b)m(y)i(v)-5
b(ari-)0 3174 y(ous)33 b(extensions)i(of)d Fw(While)p
Fu(:)43 b(non-determinism,)31 b(parallelism,)e(recursiv)m(e)35
b(pro)s(cedures)f(and)0 3295 y(exceptions.)146 3415 y(W)-8
b(e)24 b(b)s(eliev)m(e)f(that)g(formal)e(seman)m(tics)i(is)g(an)g(imp)s
(ortan)m(t)f(to)s(ol)f(for)i(reasoning)g(ab)s(out)f(man)m(y)0
3536 y(asp)s(ects)27 b(of)d(the)i(b)s(eha)m(viour)f(of)g(programs)g
(and)g(programming)d(languages.)41 b(T)-8 b(o)25 b(supp)s(ort)h(this)0
3656 y(b)s(elief)31 b(w)m(e)j(ha)m(v)m(e)g(giv)m(en)e(three)i
(examples,)e(one)h(for)f(eac)m(h)i(approac)m(h)f(to)f(seman)m(tics:)145
3842 y Ft(\017)49 b Fu(a)32 b(simple)f(compiler,)145
4039 y Ft(\017)49 b Fu(a)32 b(static)g(program)f(analysis,)h(and)145
4236 y Ft(\017)49 b Fu(an)32 b(inference)i(system)f(for)f(execution)h
(time.)0 4422 y(In)g(conclusion)e(w)m(e)j(shall)d(pro)m(vide)h(a)g(few)
h(p)s(oin)m(ters)f(to)g(the)h(literature)e(\(mainly)f(textb)s(o)s
(oks\))0 4542 y(where)h(a)e(more)g(comprehensiv)m(e)i(treatmen)m(t)e
(of)g(language)f(features)j(or)e(theoretical)f(asp)s(ects)0
4663 y(ma)m(y)38 b(b)s(e)h(found.)61 b(W)-8 b(e)38 b(do)h(not)f
(reference)i(the)e(v)-5 b(ast)39 b(n)m(um)m(b)s(er)g(of)f(researc)m(h)h
(publications)e(in)0 4783 y(the)c(area)f(but)h(rely)g(on)f(the)h
(references)i(in)d(the)h(b)s(o)s(oks)f(men)m(tioned.)0
5069 y Fp(Op)t(erational)46 b(seman)l(tics)0 5254 y Fs(Structur)-5
b(al)38 b(op)-5 b(er)g(ational)35 b(semantics)42 b Fu(w)m(as)35
b(in)m(tro)s(duced)g(b)m(y)g(Gordon)f(Plotkin)g(in)f([14].)49
b(This)0 5374 y(is)29 b(a)h(standard)g(reference)h(and)f(co)m(v)m(ers)i
(a)e(n)m(um)m(b)s(er)g(of)f(features)i(from)d(imp)s(erativ)m(e)g(and)i
(func-)0 5494 y(tional)36 b(languages)h(whereas)j(features)f(from)e
(parallel)e(languages)j(are)g(co)m(v)m(ered)i(in)d([15].)60
b(A)1663 5849 y(209)p eop
%%Page: 210 220
210 219 bop 251 130 a Fw(210)2326 b(7)112 b(F)-9 b(urther)37
b(Reading)p 251 193 3473 4 v 283 515 a Fu(more)42 b(in)m(tro)s(ductory)
g(treatmen)m(t)g(of)g(structural)g(op)s(erational)e(seman)m(tics)i(is)g
(giv)m(en)g(in)g([9].)283 636 y Fs(Natur)-5 b(al)38 b(semantics)j
Fu(is)34 b(deriv)m(ed)i(from)d(structural)h(op)s(erational)e(seman)m
(tics)j(and)f(the)h(basic)283 756 y(ideas)e(are)f(presen)m(ted)j(in)d
([6])h(for)f(a)g(functional)f(language.)430 879 y(Although)36
b(w)m(e)i(ha)m(v)m(e)h(co)m(v)m(ered)g(man)m(y)e(of)g(the)h(essen)m
(tial)f(ideas)g(b)s(ehind)g(op)s(erational)e(se-)283
1000 y(man)m(tics)d(w)m(e)i(should)e(lik)m(e)g(to)h(men)m(tion)e(three)
i(tec)m(hniques)i(that)d(ha)m(v)m(e)i(had)f(to)f(b)s(e)h(omitted.)430
1123 y(A)45 b(tec)m(hnique)h(that)f(is)g(often)g(used)h(when)g(sp)s
(ecifying)e(a)h(structural)g(op)s(erational)e(se-)283
1243 y(man)m(tics)d(is)g(to)f(extend)j(the)e(syn)m(tactic)h(comp)s
(onen)m(t)f(of)g(the)g(con\014gurations)g(with)g(sp)s(ecial)283
1364 y(notation)j(for)f(recording)h Fs(p)-5 b(artial)5
b(ly)45 b(pr)-5 b(o)g(c)g(esse)g(d)44 b(c)-5 b(onstructs)p
Fu(.)76 b(The)45 b(inference)f(system)g(will)283 1484
y(then)34 b(con)m(tain)f(axioms)g(and)g(rules)g(that)h(handle)f(these)h
(\\extended")h(con\014gurations.)46 b(This)283 1604 y(tec)m(hnique)c
(ma)m(y)f(b)s(e)g(used)g(to)g(sp)s(ecify)g(a)f(structural)g(op)s
(erational)e(seman)m(tics)j(of)f(the)h(lan-)283 1725
y(guages)k Fw(Blo)s(c)m(k)e Fu(and)h Fw(Pro)s(c)g Fu(in)f(Section)h
(2.5)g(and)h(to)f(sp)s(ecify)g(a)g(structural)g(op)s(erational)283
1845 y(seman)m(tics)33 b(of)f(expressions.)430 1968 y(Both)j(kinds)h
(of)f(op)s(erational)e(seman)m(tics)i(can)h(easily)e(b)s(e)i(extended)h
(to)e(cop)s(e)h(explicitly)283 2089 y(with)i Fs(dynamic)h(err)-5
b(ors)46 b Fu(\(as)38 b(e.g.)59 b(division)37 b(b)m(y)h(zero\).)60
b(The)39 b(idea)e(is)h(to)f(extend)i(the)g(set)f(of)283
2209 y(con\014gurations)43 b(with)f(sp)s(ecial)g
(error-con\014gurations)g(and)g(then)i(augmen)m(t)e(the)h(inference)283
2329 y(system)34 b(with)e(extra)h(axioms)f(and)g(rules)h(for)f(ho)m(w)h
(to)f(handle)h(these)h(con\014gurations.)430 2453 y(Often)h(programs)g
(ha)m(v)m(e)h(to)f(ful\014l)f(certain)h(conditions)f(in)g(order)i(to)f
(b)s(e)g Fs(static)-5 b(al)5 b(ly)38 b(wel)5 b(l-)283
2573 y(forme)-5 b(d)61 b Fu(and)52 b(hence)h(preclude)f(certain)f
(dynamic)g(errors.)101 b(These)53 b(conditions)e(can)h(b)s(e)283
2693 y(form)m(ulated)39 b(using)g(inductiv)m(ely)g(de\014ned)i
(predicates)g(and)e(ma)m(y)h(b)s(e)g(in)m(tegrated)f(with)g(the)283
2814 y(op)s(erational)31 b(seman)m(tics.)283 3120 y Fp(Pro)l(v)-7
b(ably)46 b(correct)f(implemen)l(tation)283 3310 y Fu(The)35
b Fs(c)-5 b(orr)g(e)g(ctness)34 b(of)i(the)f(implementation)k
Fu(of)33 b(Chapter)h(3)f(w)m(as)h(a)f(relativ)m(ely)f(simple)g(pro)s
(of)283 3430 y(b)s(ecause)f(it)c(w)m(as)j(based)f(on)g(an)g(abstract)g
(mac)m(hine)f(designed)h(for)f(the)h(purp)s(ose.)43 b(In)29
b(general,)283 3551 y(when)49 b(more)e(realistic)e(mac)m(hines)j(or)f
(larger)f(languages)h(are)g(considered,)53 b(pro)s(ofs)47
b(easily)283 3671 y(b)s(ecome)42 b(un)m(wieldy)f(and)h(p)s(erhaps)g
(for)e(this)h(reason)h(there)g(is)e(no)i(ideal)d(textb)s(o)s(ok)j(in)e
(this)283 3792 y(area.)50 b(W)-8 b(e)35 b(therefore)h(only)e(reference)
i(t)m(w)m(o)g(researc)m(h)g(pap)s(ers:)48 b([7])35 b(for)f(an)h
(approac)m(h)g(based)283 3912 y(on)e(natural)e(seman)m(tics)i(and)g
([13)o(])g(for)f(an)h(approac)m(h)g(based)g(on)g(denotational)d(seman)m
(tics.)283 4218 y Fp(Denotational)48 b(seman)l(tics)283
4408 y Fu(A)43 b(general)e(in)m(tro)s(duction)g(to)h
Fs(denotational)g(semantics)50 b Fu(\(as)42 b(dev)m(elop)s(ed)h(b)m(y)g
(C.)f(Strac)m(hey)283 4529 y(and)32 b(D.)f(Scott\))g(ma)m(y)g(b)s(e)h
(found)f(in)g([16].)43 b(It)31 b(co)m(v)m(ers)i(denotational)d(seman)m
(tics)h(for)g(\(mainly\))283 4649 y(imp)s(erativ)m(e)43
b(languages)g(and)g(co)m(v)m(ers)j(the)e(fundamen)m(tals)f(of)h(domain)
d(theory)k(\(including)283 4769 y(re\015exiv)m(e)38 b(domains\).)52
b(Another)36 b(go)s(o)s(d)f(reference)j(for)d(imp)s(erativ)m(e)f
(languages)i(is)f([8])h(but)g(it)283 4890 y(do)s(es)j(not)f(co)m(v)m
(er)h(the)f(domain)e(theory)-8 b(.)60 b(W)-8 b(e)39 b(should)f(also)e
(men)m(tion)h(a)h(classic)g(in)f(the)h(\014eld)283 5010
y([17])29 b(ev)m(en)i(though)f(the)f(domain)f(theory)i(is)e(based)j(on)
e(the)h(\(b)m(y)g(no)m(w)g(obsolete\))f(approac)m(h)g(of)283
5131 y(complete)j(lattices.)430 5254 y(W)-8 b(e)28 b(ha)m(v)m(e)h
(restricted)f(the)g(treatmen)m(t)g(of)f(domain)g(theory)h(to)f(what)h
(is)g(needed)h(for)e(sp)s(eci-)283 5374 y(fying)g(the)h(denotational)d
(seman)m(tics)j(of)f(the)g Fr(while)p Fu(-language.)42
b(The)28 b(b)s(ene\014t)g(of)f(this)g(is)g(that)283 5494
y(w)m(e)34 b(can)f(restrict)f(ourselv)m(es)i(to)e(partial)e(functions)i
(b)s(et)m(w)m(een)j(states)e(and)g(thereb)m(y)h(obtain)d(a)p
eop
%%Page: 211 221
211 220 bop 3304 130 a Fw(211)p 0 193 3473 4 v 0 515
a Fu(relativ)m(ely)28 b(simple)f(theoretical)g(dev)m(elopmen)m(t.)43
b(The)30 b(dra)m(wbac)m(k)h(is)d(that)g(it)g(b)s(ecomes)h(rather)0
636 y(cum)m(b)s(ersome)34 b(to)g(v)m(erify)g(the)h(existence)g(of)f
(seman)m(tic)f(sp)s(eci\014cations)h(for)g(other)g(languages)0
756 y(\(as)f(evidenced)h(in)e(Section)g(4.5\).)146 877
y(The)38 b(traditional)33 b(solution)h(is)i(to)g(dev)m(elop)h(a)f
Fs(meta-language)42 b Fu(for)36 b(expressing)i(denota-)0
997 y(tional)22 b(de\014nitions.)40 b(The)26 b(theoretical)d
(foundation)g(of)h(this)g(language)g(will)e(then)j(ensure)h(that)0
1117 y(the)36 b(seman)m(tic)g(functions)g(do)g(exist)h(as)f(long)f(as)h
(one)g(only)g(uses)h(domains)e(and)h(op)s(erations)0
1238 y(from)d(the)h(meta-language.)46 b(The)35 b(b)s(ene\014t)g(of)f
(this)g(is)f(ob)m(vious;)i(the)g(dra)m(wbac)m(k)h(is)d(that)h(one)0
1358 y(has)k(to)g(pro)m(v)m(e)h(a)f(fair)e(amoun)m(t)i(of)f(results)h
(but)h(the)f(e\013orts)g(are)g(greatly)f(rew)m(arded)j(in)d(the)0
1478 y(long)31 b(run.)44 b(Both)33 b([16)o(])g(and)g([17)o(])g(con)m
(tain)f(suc)m(h)i(a)e(dev)m(elopmen)m(t.)146 1599 y(The)45
b(denotational)c(approac)m(h)j(can)g(handle)g Fs(ab)-5
b(ortion)50 b Fu(and)44 b Fs(non-determinism)49 b Fu(using)0
1719 y(a)43 b(kind)g(of)g(p)s(o)m(w)m(ersets)i(called)d(p)s(o)m(w)m
(er-domains.)75 b(Certain)43 b(kinds)h(of)e Fs(p)-5 b(ar)g(al)5
b(lelism)50 b Fu(can)43 b(b)s(e)0 1840 y(handled)33 b(as)g(w)m(ell)f
(but)h(for)f(man)m(y)h(purp)s(oses)h(it)e(is)g(b)s(etter)h(to)g(use)h
(a)e(structural)h(op)s(erational)0 1960 y(seman)m(tics)g(instead.)0
2249 y Fp(Static)46 b(program)f(analysis)0 2434 y Fu(A)29
b(selection)g(of)g Fs(static)j(pr)-5 b(o)g(gr)g(am)30
b(analysis)37 b Fu(tec)m(hniques)31 b(for)e(imp)s(erativ)m(e)e
(languages)i(\(as)g(w)m(ell)0 2554 y(as)h(tec)m(hniques)i(for)d
(implemen)m(tations)e(on)j(realistic)e(mac)m(hines\))i(is)f(giv)m(en)h
(in)f([3];)i(but)f(unfor-)0 2674 y(tunately)-8 b(,)30
b(no)g(considerations)f(of)g(correctness)j(are)d(giv)m(en.)43
b(T)-8 b(reatmen)m(ts)30 b(of)g(correctness)h(are)0 2795
y(often)i(based)g(on)g(abstract)f(in)m(terpretation)g(and)h([1])f(surv)
m(eys)j(a)e(n)m(um)m(b)s(er)g(of)f(approac)m(hes.)0 3084
y Fp(Axiomatic)46 b(program)f(v)l(eri\014cation)0 3268
y Fu(A)g(general)g(in)m(tro)s(duction)f(to)g Fs(pr)-5
b(o)g(gr)g(am)46 b(veri\014c)-5 b(ation)p Fu(,)47 b(and)f(in)e
(particular)f Fs(axiomatic)j(se-)0 3389 y(mantics)i Fu(ma)m(y)41
b(b)s(e)g(found)f(in)g([11].)68 b(The)42 b(presen)m(tation)f(co)m(v)m
(ers)h(a)f(\015o)m(w)m(c)m(hart)h(language,)g(a)0 3509
y Fr(while)p Fu(-language)35 b(and)h(a)f(\(\014rst)h(order\))g
(functional)e(language)g(and)i(also)e(includes)i(a)f(study)0
3629 y(of)30 b(expressiv)m(eness)k(\(as)c(needed)i(for)d(the)i(in)m
(tensional)d(approac)m(h)j(to)f(axiomatic)d(seman)m(tics\).)0
3750 y(Man)m(y)32 b(b)s(o)s(oks,)g(including)e([10)o(],)i(dev)m(elop)g
(axiomatic)d(program)h(v)m(eri\014cation)h(together)h(with)0
3870 y(practically)k(motiv)-5 b(ated)36 b(examples.)60
b(A)38 b(go)s(o)s(d)f(in)m(tro)s(duction)g(to)g(the)i(analysis)e(of)h
Fs(r)-5 b(esour)g(c)g(e)0 3991 y(r)g(e)g(quir)g(ements)47
b Fu(of)39 b(programs)f(is)h([2])h(and)f(the)h(form)m(ulation)c(as)k
(formal)d(inference)j(systems)0 4111 y(ma)m(y)32 b(b)s(e)g(found)g(in)f
([12].)43 b(W)-8 b(e)32 b(should)g(also)f(men)m(tion)g(a)h(classic)f
([5])h(that)g(studies)g(soundness)0 4231 y(and)37 b(completeness)h
(prop)s(erties)f(with)f(resp)s(ect)j(to)d(a)h(denotational)e(seman)m
(tics.)57 b(Rules)37 b(for)0 4352 y(pro)s(cedures)d(ma)m(y)e(b)s(e)h
(found)g(in)f([4)o(].)146 4472 y(W)-8 b(e)32 b(should)f(p)s(oin)m(t)f
(out)h(that)g(w)m(e)h(ha)m(v)m(e)h(used)f(the)g(extensional)f(approac)m
(h)g(to)g(sp)s(ecifying)0 4592 y(the)49 b(assertions)f(of)g(the)h
(inference)f(systems.)92 b(This)49 b(allo)m(ws)e(us)h(to)g(concen)m
(trate)i(on)e(the)0 4713 y Fs(formulation)39 b Fu(of)31
b(the)h(inference)h(systems)g(without)e(ha)m(ving)h(to)f(w)m(orry)i(ab)
s(out)e(the)h Fs(existenc)-5 b(e)0 4833 y Fu(of)29 b(the)h(assertions)h
(in)e(an)g(explicit)g(assertion)g(language.)42 b(Ho)m(w)m(ev)m(er,)32
b(it)d(is)g(more)g(common)g(to)0 4954 y(use)34 b(the)f(in)m(tensional)e
(approac)m(h)i(as)f(is)g(done)h(in)f([11].)p eop
%%Page: 212 222
212 221 bop 251 130 a Fw(212)2326 b(7)112 b(F)-9 b(urther)37
b(Reading)p 251 193 3473 4 v eop
%%Page: 213 223
213 222 bop 0 1216 a Fv(App)6 b(endix)77 b(A)0 1668 y(Review)g(of)h
(Notation)0 2157 y Fu(W)-8 b(e)33 b(use)h(the)f(follo)m(wing)c
(notation:)319 2316 y Ft(9)644 b Fu(there)33 b(exists)319
2484 y Ft(8)644 b Fu(for)32 b(all)319 2652 y Ft(f)g Fs(x)44
b Ft(j)32 b Fo(:)17 b(:)g(:)p Fs(x)12 b Fo(:)17 b(:)g(:)32
b Ft(g)99 b Fu(the)33 b(set)g(of)g(those)g Fs(x)44 b
Fu(suc)m(h)34 b(that)e Fo(:)17 b(:)g(:)p Fs(x)12 b Fo(:)17
b(:)g(:)32 b Fu(holds)319 2819 y Fs(x)44 b Ft(2)33 b
Fs(X)439 b(x)44 b Fu(is)33 b(a)f(mem)m(b)s(er)g(of)g(the)h(set)g
Fs(X)319 2987 y(X)48 b Ft(\022)33 b Fs(Y)397 b Fu(set)33
b Fs(X)49 b Fu(is)32 b(con)m(tained)h(in)f(set)h Fs(Y)319
3155 y(X)48 b Ft([)33 b Fs(Y)408 b Ft(f)32 b Fs(z)45
b Ft(j)32 b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(or)32 b Fs(z)12
b Ft(2)q Fs(Y)52 b Ft(g)32 b Fu(\(union\))319 3322 y
Fs(X)48 b Ft(\\)33 b Fs(Y)408 b Ft(f)32 b Fs(z)45 b Ft(j)32
b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(and)33 b Fs(z)12 b Ft(2)p
Fs(Y)52 b Ft(g)33 b Fu(\(in)m(tersection\))319 3490 y
Fs(X)48 b Ft(n)33 b Fs(Y)424 b Ft(f)32 b Fs(z)45 b Ft(j)32
b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(and)33 b Fs(z)12 b Ft(62)p
Fs(Y)52 b Ft(g)33 b Fu(\(set)g(di\013erence\))319 3657
y Fs(X)48 b Ft(\002)33 b Fs(Y)397 b Ft(f)32 b(h)p Fs(x)12
b Fu(,)33 b Fs(y)9 b Ft(i)32 b(j)g Fs(x)12 b Ft(2)p Fs(X)49
b Fu(and)33 b Fs(y)9 b Ft(2)p Fs(Y)52 b Ft(g)33 b Fu(\(Cartesian)f(pro)
s(duct\))319 3825 y Ft(P)8 b Fu(\()p Fs(X)16 b Fu(\))458
b Ft(f)32 b Fs(Z)47 b Ft(j)32 b Fs(Z)47 b Ft(\022)33
b Fs(X)49 b Ft(g)32 b Fu(\(p)s(o)m(w)m(erset\))319 3926
y Fg(S)388 3993 y Ft(Y)563 b(f)32 b Fs(y)42 b Ft(j)32
b(9)q Fs(Y)19 b Ft(2)q(Y)7 b Fu(:)44 b Fs(y)9 b Ft(2)p
Fs(Y)53 b Ft(g)32 b Fu(\(so)h(that)2306 3926 y Fg(S)2375
3993 y Ft(f)f Fs(Y)2549 4008 y Fn(1)2589 3993 y Fu(,)g
Fs(Y)2740 4008 y Fn(2)2812 3993 y Ft(g)g Fu(=)h Fs(Y)3094
4008 y Fn(1)3134 3993 y Ft([)p Fs(Y)3292 4008 y Fn(2)3331
3993 y Fu(\))319 4160 y Ft(;)649 b Fu(the)33 b(empt)m(y)g(set)319
4328 y Fw(T)621 b Ft(f)32 b Fw(tt)p Fu(,)g Fw(\013)h
Ft(g)f Fu(\(truth)h(v)-5 b(alues)33 b Fw(tt)e Fu(\(true\))i(and)g
Fw(\013)g Fu(\(false\)\))319 4496 y Fw(N)611 b Ft(f)32
b Fw(0)p Fu(,)h Fw(1)p Fu(,)g Fw(2)p Fu(,)f Fo(:)17 b(:)g(:)32
b Ft(g)h Fu(\(natural)e(n)m(um)m(b)s(ers\))319 4663 y
Fw(Z)631 b Ft(f)32 b Fo(:)17 b(:)g(:)p Fu(,)33 b({)p
Fw(2)p Fu(,)f({)p Fw(1)p Fu(,)g Fw(0)p Fu(,)h Fw(1)p
Fu(,)g Fw(2)p Fu(,)f Fo(:)17 b(:)g(:)32 b Ft(g)h Fu(\(in)m(tegers\))319
4831 y Fs(f)20 b Fu(:)p Fs(X)c Ft(!)p Fs(Y)362 b(f)54
b Fu(is)32 b(a)g(total)f(function)h(from)f Fs(X)49 b
Fu(to)32 b Fs(Y)319 4998 y(X)16 b Ft(!)o Fs(Y)440 b Ft(f)32
b Fs(f)54 b Ft(j)32 b Fs(f)21 b Fu(:)p Fs(X)16 b Ft(!)p
Fs(Y)52 b Ft(g)319 5166 y Fs(f)20 b Fu(:)p Fs(X)c Fo(,)-17
b Ft(!)q Fs(Y)351 b(f)54 b Fu(is)32 b(a)g(partial)e(function)i(from)g
Fs(X)48 b Fu(to)33 b Fs(Y)319 5334 y(X)16 b Fo(,)-17
b Ft(!)p Fs(Y)429 b Ft(f)32 b Fs(f)54 b Ft(j)32 b Fs(f)21
b Fu(:)p Fs(X)16 b Fo(,)-17 b Ft(!)p Fs(Y)53 b Ft(g)0
5494 y Fu(In)41 b(addition)e(to)h(this)g(w)m(e)i(ha)m(v)m(e)g(sp)s
(ecial)e(notations)g(for)g(functions,)i(relations,)g(predicates)1663
5849 y(213)p eop
%%Page: 214 224
214 223 bop 251 130 a Fw(214)2151 b(A)112 b(Review)36
b(of)i(Notation)p 251 193 3473 4 v 283 515 a Fu(and)33
b(transition)e(systems.)283 797 y Fp(F)-11 b(unctions)283
981 y Fu(The)34 b(e\013ect)f(of)g(a)f(function)g Fs(f)21
b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)52 b Fu(is)32 b(expressed)j(b)m(y)f(its)
e Fs(gr)-5 b(aph)p Fu(:)527 1141 y(graph\()p Fs(f)21
b Fu(\))33 b(=)f Ft(f)g(h)p Fs(x)12 b Fu(,)32 b Fs(y)9
b Ft(i2)q Fs(X)16 b Ft(\002)p Fs(Y)52 b Ft(j)33 b Fs(f)53
b(x)44 b Fu(=)33 b Fs(y)41 b Ft(g)283 1300 y Fu(whic)m(h)23
b(is)e(merely)g(an)h(elemen)m(t)g(of)f Ft(P)9 b Fu(\()p
Fs(X)16 b Ft(\002)p Fs(Y)k Fu(\).)i(The)h(graph)e(of)h
Fs(f)42 b Fu(has)23 b(the)f(follo)m(wing)d(prop)s(erties)429
1460 y Ft(\017)48 b(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b
Ft(i2)q Fu(graph\()p Fs(f)20 b Fu(\))33 b(and)g Ft(h)o
Fs(x)12 b Fu(,)33 b Fs(y)1648 1423 y Fi(0)1671 1460 y
Ft(i2)p Fu(graph\()p Fs(f)21 b Fu(\))32 b(imply)f Fs(y)42
b Fu(=)32 b Fs(y)2706 1423 y Fi(0)2729 1460 y Fu(,)h(and)429
1648 y Ft(\017)48 b(8)q Fs(x)12 b Ft(2)p Fs(X)k Fu(:)33
b Ft(9)p Fs(y)9 b Ft(2)q Fs(Y)19 b Fu(:)33 b Ft(h)p Fs(x)12
b Fu(,)32 b Fs(y)9 b Ft(i2)33 b Fu(graph\()p Fs(f)20
b Fu(\))283 1808 y(This)38 b(expresses)i(the)e(single-v)-5
b(aluedness)37 b(of)g Fs(f)58 b Fu(and)37 b(the)h(totalit)m(y)d(of)i
Fs(f)21 b Fu(.)57 b(W)-8 b(e)38 b(sa)m(y)g(that)f Fs(f)58
b Fu(is)283 1928 y Fs(inje)-5 b(ctive)40 b Fu(if)31 b
Fs(f)53 b(x)45 b Fu(=)32 b Fs(f)54 b(x)1186 1892 y Fi(0)1241
1928 y Fu(implies)30 b(that)j Fs(x)44 b Fu(=)32 b Fs(x)2038
1892 y Fi(0)2062 1928 y Fu(.)430 2049 y(A)h Fs(p)-5 b(artial)43
b Fu(function)32 b Fs(g)9 b Fu(:)p Fs(X)16 b Fo(,)-17
b Ft(!)p Fs(Y)53 b Fu(is)33 b(a)f(function)h(from)f(a)g(subset)j
Fs(X)2901 2064 y Fc(g)2974 2049 y Fu(of)e Fs(X)49 b Fu(to)33
b Fs(Y)19 b Fu(,)34 b(that)e(is)283 2169 y Fs(g)9 b Fu(:)p
Fs(X)452 2184 y Fc(g)492 2169 y Ft(!)p Fs(Y)20 b Fu(.)32
b(Again)g(one)h(ma)m(y)f(de\014ne)527 2328 y(graph\()p
Fs(g)9 b Fu(\))32 b(=)h Ft(f)f(h)p Fs(x)12 b Fu(,)32
b Fs(y)9 b Ft(i2)p Fs(X)16 b Ft(\002)q Fs(Y)52 b Ft(j)32
b Fs(g)41 b(x)k Fu(=)32 b Fs(y)42 b Fu(and)32 b Fs(x)12
b Ft(2)q Fu(X)2549 2343 y Fc(g)2621 2328 y Ft(g)283 2488
y Fu(but)32 b(no)m(w)f(only)g(an)g(analogue)f(of)g(the)h(single-v)-5
b(aluedness)31 b(prop)s(ert)m(y)h(ab)s(o)m(v)m(e)g(is)e(satis\014ed.)43
b(W)-8 b(e)283 2608 y(shall)33 b(write)h Fs(g)43 b(x)j
Fu(=)34 b Fs(y)43 b Fu(whenev)m(er)36 b Ft(h)p Fs(x)12
b Fu(,)34 b Fs(y)9 b Ft(i2)q Fu(graph\()p Fs(g)g Fu(\))33
b(and)h Fs(g)43 b(x)j Fu(=)34 b(undef)p 2778 2621 236
4 v 35 w(whenev)m(er)i Fs(x)12 b Ft(62)q Fs(X)3689 2623
y Fc(g)3729 2608 y Fu(,)283 2729 y(that)38 b(is)g(whenev)m(er)i
Ft(:)q(9)p Fs(y)9 b Ft(2)p Fs(Y)20 b Fu(:)38 b Ft(h)p
Fs(x)12 b Fu(,)39 b Fs(y)9 b Ft(i2)p Fu(graph\()p Fs(g)g
Fu(\).)59 b(T)-8 b(o)38 b(distinguish)f(b)s(et)m(w)m(een)j(a)e
(function)f Fs(f)283 2849 y Fu(and)26 b(a)f(partial)e(function)i
Fs(g)34 b Fu(one)25 b(often)g(calls)g Fs(f)46 b Fu(a)25
b Fs(total)36 b Fu(function.)k(W)-8 b(e)26 b(shall)e(view)h(the)h
(partial)283 2969 y(functions)33 b(as)g(encompassing)f(the)h(total)e
(functions.)430 3090 y(F)-8 b(or)32 b(total)f(functions)h
Fs(f)1309 3105 y Fn(1)1381 3090 y Fu(and)h Fs(f)1622
3105 y Fn(2)1694 3090 y Fu(w)m(e)g(de\014ne)h(their)e(comp)s(osition)e
Fs(f)2948 3105 y Fn(2)2988 3090 y Ft(\016)o Fs(f)3088
3105 y Fn(1)3160 3090 y Fu(b)m(y)527 3249 y(\()p Fs(f)616
3264 y Fn(2)656 3249 y Ft(\016)o Fs(f)756 3264 y Fn(1)796
3249 y Fu(\))i Fs(x)45 b Fu(=)32 b Fs(f)1115 3264 y Fn(2)1154
3249 y Fu(\()p Fs(f)1243 3264 y Fn(1)1315 3249 y Fs(x)12
b Fu(\))283 3408 y(\(Note)43 b(that)g(the)g(opp)s(osite)f(order)h(is)f
(sometimes)f(used)j(in)e(the)h(literature.\))72 b(F)-8
b(or)42 b(partial)283 3529 y(functions)33 b Fs(g)758
3544 y Fn(1)830 3529 y Fu(and)f Fs(g)1073 3544 y Fn(2)1145
3529 y Fu(w)m(e)h(de\014ne)h Fs(g)1624 3544 y Fn(2)1663
3529 y Ft(\016)p Fs(g)1767 3544 y Fn(1)1839 3529 y Fu(similarly:)602
3688 y(\()p Fs(g)694 3703 y Fn(2)733 3688 y Ft(\016)p
Fs(g)837 3703 y Fn(1)876 3688 y Fu(\))e Fs(x)45 b Fu(=)32
b Fs(z)295 b Fu(if)32 b(there)h(exists)g Fs(y)42 b Fu(suc)m(h)34
b(that)e Fs(g)2661 3703 y Fn(1)2733 3688 y Fs(x)44 b
Fu(=)33 b Fs(y)41 b Fu(and)33 b Fs(g)3263 3703 y Fn(2)3334
3688 y Fs(y)42 b Fu(=)32 b Fs(z)602 3856 y Fu(\()p Fs(g)694
3871 y Fn(2)733 3856 y Ft(\016)p Fs(g)837 3871 y Fn(1)876
3856 y Fu(\))g Fs(x)45 b Fu(=)32 b(undef)p 1144 3869
V 100 w(if)g Fs(g)1623 3871 y Fn(1)1694 3856 y Fs(x)45
b Fu(=)32 b(undef)p 1892 3869 V 33 w(or)1479 4023 y(if)g(there)h
(exists)g Fs(y)42 b Fu(suc)m(h)34 b(that)e Fs(g)2661
4038 y Fn(1)2733 4023 y Fs(x)44 b Fu(=)33 b Fs(y)1479
4191 y Fu(but)g Fs(g)1712 4206 y Fn(2)1784 4191 y Fs(y)41
b Fu(=)33 b(undef)p 1981 4204 V 283 4352 a(The)h(iden)m(tit)m(y)e
(function)g(id:)p Fs(X)16 b Ft(!)p Fs(X)48 b Fu(is)32
b(de\014ned)i(b)m(y)527 4511 y(id)e Fs(x)44 b Fu(=)33
b Fs(x)283 4671 y Fu(Finally)-8 b(,)28 b(if)h Fs(f)21
b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)k Fu(,)29 b Fs(x)12 b
Ft(2)q Fs(X)46 b Fu(and)30 b Fs(y)9 b Ft(2)p Fs(Y)50
b Fu(then)30 b(the)h(function)e Fs(f)21 b Fu([)p Fs(x)12
b Ft(7!)p Fs(y)d Fu(]:)p Fs(X)16 b Ft(!)p Fs(Y)49 b Fu(is)30
b(de\014ned)h(b)m(y)527 5013 y Fs(f)21 b Fu([)p Fs(x)12
b Ft(7!)p Fs(y)d Fu(])32 b Fs(x)934 4977 y Fi(0)990 5013
y Fu(=)1098 4838 y Fg(8)1098 4913 y(<)1098 5062 y(:)1214
4928 y Fs(y)199 b Fu(if)32 b Fs(x)44 b Fu(=)32 b Fs(x)1804
4892 y Fi(0)1214 5096 y Fs(f)53 b(x)1354 5059 y Fi(0)1460
5096 y Fu(otherwise)283 5254 y(A)33 b(similar)c(notation)j(ma)m(y)g(b)s
(e)h(used)g(when)h Fs(f)54 b Fu(is)32 b(a)g(partial)e(function.)430
5374 y(The)25 b(function)e Fs(f)45 b Fu(is)24 b(of)g
Fs(or)-5 b(der)26 b(of)h(magnitude)k(g)9 b Fu(,)25 b(written)f
Ft(O)s Fu(\()p Fs(g)9 b Fu(\),)26 b(if)d(there)h(exists)h(a)f(natural)
283 5494 y(n)m(um)m(b)s(er)33 b Fw(k)g Fu(suc)m(h)h(that)e
Ft(8)q Fs(x)12 b Fu(.)43 b Fs(f)54 b(x)44 b Ft(\024)33
b Fw(k)g Fo(?)f Fu(\()p Fs(g)41 b(x)12 b Fu(\).)p eop
%%Page: 215 225
215 224 bop 3304 130 a Fw(215)p 0 193 3473 4 v 0 515
a Fp(Relations)0 700 y Fu(A)32 b Fs(r)-5 b(elation)34
b(fr)-5 b(om)39 b(X)49 b(to)38 b(Y)52 b Fu(is)31 b(a)h(subset)i(of)e
Fs(X)16 b Ft(\002)p Fs(Y)52 b Fu(\(that)32 b(is)g(an)g(elemen)m(t)g(of)
f Ft(P)9 b Fu(\()p Fs(X)16 b Ft(\002)q Fs(Y)j Fu(\)\).)32
b(A)0 820 y(relation)27 b Fs(on)36 b(X)44 b Fu(is)29
b(a)f(subset)j(of)d Fs(X)16 b Ft(\002)p Fs(X)g Fu(.)29
b(If)g Fs(f)21 b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)48 b Fu(or)29
b Fs(f)21 b Fu(:)p Fs(X)16 b Fo(,)-17 b Ft(!)p Fs(Y)48
b Fu(then)30 b(the)f(graph)g(of)f Fs(f)49 b Fu(is)29
b(a)0 941 y(relation.)46 b(\(Sometimes)32 b(a)i(function)g(is)f(iden)m
(ti\014ed)h(with)f(its)h(graph)g(but)g(w)m(e)h(shall)d(k)m(eep)k(the)0
1061 y(distinction.\))42 b(The)33 b Fs(identity)i(r)-5
b(elation)40 b Fu(on)32 b Fs(X)49 b Fu(is)32 b(the)h(relation)244
1253 y(I)279 1268 y Fc(X)379 1253 y Fu(=)f Ft(f)h(h)o
Fs(x)12 b Fu(,)33 b Fs(x)12 b Ft(i)32 b(j)g Fs(x)12 b
Ft(2)p Fs(X)49 b Ft(g)0 1445 y Fu(from)38 b Fs(X)56 b
Fu(to)40 b Fs(X)16 b Fu(.)40 b(When)g Fs(X)56 b Fu(is)40
b(clear)f(from)f(the)i(con)m(text)h(w)m(e)g(shall)e(omit)e(the)j
(subscript)h Fs(X)0 1565 y Fu(and)33 b(simply)e(write)h(I.)146
1686 y(If)37 b Fs(R)323 1701 y Fn(1)362 1686 y Ft(\022)q
Fs(X)16 b Ft(\002)p Fs(Y)56 b Fu(and)37 b Fs(R)1002 1701
y Fn(2)1041 1686 y Ft(\022)q Fs(Y)19 b Ft(\002)q Fs(Z)50
b Fu(the)37 b Fs(c)-5 b(omp)g(osition)42 b Fu(of)36 b
Fs(R)2304 1701 y Fn(1)2380 1686 y Fu(follo)m(w)m(ed)f(b)m(y)j
Fs(R)2975 1701 y Fn(2)3014 1686 y Fu(,)g(whic)m(h)e(w)m(e)0
1806 y(denote)d(b)m(y)h Fs(R)525 1821 y Fn(1)564 1806
y Ft(\005)o Fs(R)689 1821 y Fn(2)729 1806 y Fu(,)e(is)g(de\014ned)i(b)m
(y)244 1998 y Fs(R)319 2013 y Fn(1)358 1998 y Ft(\005)o
Fs(R)483 2013 y Fn(2)555 1998 y Fu(=)f Ft(f)f(h)p Fs(x)12
b Fu(,)32 b Fs(z)12 b Ft(i)32 b(j)h(9)p Fs(y)9 b Ft(2)p
Fs(Y)20 b Fu(:)33 b Ft(h)o Fs(x)12 b Fu(,)33 b Fs(y)9
b Ft(i2)p Fs(R)1805 2013 y Fn(1)1877 1998 y Fu(and)33
b Ft(h)p Fs(y)9 b Fu(,)32 b Fs(z)12 b Ft(i2)p Fs(R)2453
2013 y Fn(2)2525 1998 y Ft(g)0 2189 y Fu(Note)33 b(that)f(the)h(order)g
(of)f(comp)s(osition)e(di\013ers)j(from)e(that)h(used)i(for)e
(functions,)244 2381 y(graph\()p Fs(f)577 2396 y Fn(2)616
2381 y Ft(\016)p Fs(f)717 2396 y Fn(1)756 2381 y Fu(\))h(=)f(graph\()p
Fs(f)1268 2396 y Fn(1)1307 2381 y Fu(\))h Ft(\005)e Fu(graph\()p
Fs(f)1793 2396 y Fn(2)1832 2381 y Fu(\))0 2573 y(and)i(that)f(w)m(e)i
(ha)m(v)m(e)g(the)f(equation)244 2765 y(I)g Ft(\005)e
Fs(R)37 b Fu(=)32 b Fs(R)37 b Ft(\005)31 b Fu(I)i(=)f
Fs(R)146 2956 y Fu(If)37 b Fs(R)j Fu(is)c(a)g(relation)e(on)i
Fs(X)52 b Fu(then)37 b(the)g Fs(r)-5 b(e\015exive)38
b(tr)-5 b(ansitive)38 b(closur)-5 b(e)43 b Fu(is)36 b(the)h(relation)d
Fs(R)3433 2920 y Fi(\003)0 3077 y Fu(on)e Fs(X)49 b Fu(de\014ned)34
b(b)m(y)244 3269 y Fs(R)319 3232 y Fi(\003)391 3269 y
Fu(=)e Ft(f)h(h)o Fs(x)12 b Fu(,)33 b Fs(x)794 3232 y
Fi(0)817 3269 y Ft(i)f(j)g(9)q Fu(n)p Ft(\025)p Fu(1:)44
b Ft(9)p Fs(x)1367 3284 y Fn(1)1406 3269 y Fu(,)33 b
Fo(:)17 b(:)g(:)o Fu(,)33 b Fs(x)1697 3284 y Fn(n)1740
3269 y Fu(:)44 b Fs(x)g Fu(=)32 b Fs(x)2065 3284 y Fn(1)2137
3269 y Fu(and)h Fs(x)2384 3232 y Fi(0)2439 3269 y Fu(=)g
Fs(x)2605 3284 y Fn(n)948 3436 y Fu(and)g Ft(8)p Fu(i)p
Fo(<)p Fu(n:)43 b Ft(h)p Fs(x)1517 3451 y Fn(i)1540 3436
y Fu(,)33 b Fs(x)1657 3451 y Fn(i+1)1771 3436 y Ft(i)o(2)q
Fs(R)j Ft(g)0 3628 y Fu(Note)g(that)g(b)m(y)h(taking)e(n=1)h(and)g
Fs(x)12 b Fu(=)p Fs(x)1495 3592 y Fi(0)1517 3628 y Fu(=)p
Fs(x)1650 3643 y Fn(1)1725 3628 y Fu(it)35 b(follo)m(ws)g(that)h(I)p
Ft(\022)p Fs(R)2552 3592 y Fi(\003)2592 3628 y Fu(.)54
b(In)36 b(a)g(similar)c(w)m(a)m(y)37 b(it)0 3748 y(follo)m(ws)31
b(that)i Fs(R)t Ft(\022)p Fs(R)759 3712 y Fi(\003)799
3748 y Fu(.)43 b(Finally)-8 b(,)30 b(w)m(e)k(de\014ne)244
3940 y Fs(R)319 3904 y Fn(+)411 3940 y Fu(=)e Fs(R)37
b Ft(\005)31 b Fs(R)784 3904 y Fi(\003)0 4132 y Fu(and)i(observ)m(e)h
(that)e Fs(R)37 b Ft(\022)c Fs(R)1041 4096 y Fn(+)1133
4132 y Ft(\022)g Fs(R)1318 4096 y Fi(\003)1357 4132 y
Fu(.)0 4419 y Fp(Predicates)0 4603 y Fu(A)h Fs(pr)-5
b(e)g(dic)g(ate)41 b Fu(on)34 b Fs(X)51 b Fu(is)33 b(a)h(function)g
(from)f Fs(X)50 b Fu(to)34 b Fw(T)p Fu(.)g(If)g Fs(p)6
b Fu(:)p Fs(X)16 b Ft(!)p Fw(T)34 b Fu(is)g(a)g(predicate)g(on)h
Fs(X)16 b Fu(,)34 b(the)0 4724 y(relation)d(I)393 4739
y Fc(p)465 4724 y Fu(on)i Fs(X)48 b Fu(is)32 b(de\014ned)i(b)m(y)244
4916 y(I)279 4931 y Fc(p)351 4916 y Fu(=)f Ft(f)f(h)p
Fs(x)12 b Fu(,)32 b Fs(x)12 b Ft(i)32 b(j)g Fs(x)12 b
Ft(2)q Fs(X)48 b Fu(and)33 b Fs(p)38 b(x)45 b Fu(=)32
b Fw(tt)g Ft(g)0 5107 y Fu(Note)h(that)f(I)482 5122 y
Fc(p)554 5107 y Ft(\022)h Fu(I)g(and)g(that)244 5299
y(I)279 5314 y Fc(p)351 5299 y Ft(\005)f Fs(R)k Fu(=)d
Ft(f)f(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i)32 b(j)h
Fs(p)38 b(x)44 b Fu(=)33 b Fw(tt)e Fu(and)i Ft(h)p Fs(x)12
b Fu(,)32 b Fs(y)9 b Ft(i2)q Fs(R)36 b Ft(g)244 5467
y Fs(R)h Ft(\005)31 b Fu(I)469 5482 y Fc(q)540 5467 y
Fu(=)h Ft(f)g(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i)33
b(j)f(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i2)p Fs(R)37
b Fu(and)c Fs(q)41 b(y)g Fu(=)33 b Fw(tt)e Ft(g)p eop
%%Page: 216 226
216 225 bop 251 130 a Fw(216)2151 b(A)112 b(Review)36
b(of)i(Notation)p 251 193 3473 4 v 283 515 a Fp(T)-11
b(ransition)46 b(systems)283 700 y Fu(A)33 b Fs(tr)-5
b(ansition)35 b(system)40 b Fu(is)32 b(a)g(triple)f(of)h(the)h(form)527
904 y(\(\000,T,)g Fh(\003)q Fu(\))283 1107 y(where)h(\000)e(is)g(a)g
(set)h(of)f Fs(c)-5 b(on\014gur)g(ations)p Fu(,)31 b(T)i(is)f(a)g
(subset)i(of)e(\000)g(called)f(the)i Fs(terminal)42 b
Fu(\(or)32 b Fs(\014nal)p Fu(\))283 1227 y(con\014gurations)68
b(and)34 b Fh(\003)h Fu(is)f(a)f(relation)g(on)h(\000)f(called)g(a)h
Fs(tr)-5 b(ansition)36 b(r)-5 b(elation)p Fu(.)48 b(The)35
b(relation)283 1348 y Fh(\003)e Fu(m)m(ust)g(satisfy)527
1551 y Ft(8)q Fo(\015)5 b Ft(2)p Fu(T:)33 b Ft(8)q Fo(\015)947
1515 y Fi(0)970 1551 y Ft(2)p Fu(\000:)44 b Ft(:)p Fu(\()p
Fo(\015)5 b Fh(\003)q Fo(\015)1462 1515 y Fi(0)1485 1551
y Fu(\))283 1754 y(An)m(y)32 b(con\014guration)e Fo(\015)36
b Fu(in)30 b(\000)p Ft(n)p Fu(T)h(suc)m(h)h(that)f(the)g(transition)e
Fo(\015)5 b Fh(\003)q Fo(\015)2717 1718 y Fi(0)2771 1754
y Fu(holds)31 b(for)f(no)h Fo(\015)3362 1718 y Fi(0)3416
1754 y Fu(is)f(called)283 1875 y Fs(stuck)p Fu(.)p eop
%%Page: 217 227
217 226 bop 0 1180 a Fv(App)6 b(endix)77 b(B)0 1595 y(In)-6
b(tro)6 b(duction)78 b(to)g(Miranda)0 1844 y(Implemen)-6
b(tations)0 2296 y Fu(In)43 b(this)e(app)s(endix)i(w)m(e)g(giv)m(e)f
(the)h(basic)f(de\014nitions)g(needed)h(to)f(implemen)m(t)e(the)j(v)-5
b(arious)0 2417 y(seman)m(tic)30 b(de\014nitions)g(in)g
Fw(Miranda)p Fu(.)44 b(Essen)m(tially)-8 b(,)30 b(this)g(amoun)m(ts)h
(to)f(an)h(implemen)m(tation)0 2537 y(of)h(the)h(material)d(of)i
(Chapter)h(1.)0 2870 y Fj(B.1)161 b(Abstract)52 b(syn)l(tax)0
3089 y Fu(F)-8 b(or)43 b Fw(Num)h Fu(w)m(e)h(c)m(ho)s(ose)h(the)e
(primitiv)m(e)e(t)m(yp)s(e)k Fr(num)f Fu(of)e Fw(Miranda)p
Fu(.)80 b(F)-8 b(or)43 b Fw(V)-9 b(ar)44 b Fu(w)m(e)i(c)m(ho)s(ose)0
3209 y(strings)32 b(of)h(c)m(haracters)g(and)g(so)g(de\014ne)h(the)f(t)
m(yp)s(e)g(synon)m(ym:)0 3413 y Fr(>)103 b(var)52 b(==)g([char])0
3616 y Fu(F)-8 b(or)30 b(eac)m(h)h(of)f(the)h(syn)m(tactic)g
(categories)f Fw(Aexp)p Fu(,)i Fw(Bexp)e Fu(and)h Fw(Stm)e
Fu(w)m(e)j(de\014ne)g(an)e(algebraic)0 3736 y(data)47
b(t)m(yp)s(e)h(taking)f(in)m(to)f(accoun)m(t)i(the)g(v)-5
b(arious)46 b(p)s(ossibilities)f(men)m(tioned)i(b)m(y)h(the)g(BNF)0
3857 y(syn)m(tax)34 b(of)e(Section)h(1.2:)0 4060 y Fr(>)103
b(aexp)52 b(::=)g(N)g(num)g(|)f(V)h(var)g(|)f(Add)i(aexp)f(aexp)g(|)0
4228 y(>)564 b(Mult)53 b(aexp)f(aexp)g(|)g(Sub)g(aexp)g(aexp)0
4443 y(>)103 b(bexp)52 b(::=)g(TRUE)h(|)e(FALSE)i(|)e(Eq)h(aexp)g(aexp)
h(|)e(Le)h(aexp)g(aexp)h(|)0 4610 y(>)564 b(Neg)52 b(bexp)h(|)e(And)h
(bexp)h(bexp)0 4825 y(>)103 b(stm)g(::=)52 b(Ass)g(var)g(aexp)h(|)e
(Skip)i(|)e(Comp)h(stm)g(stm)h(|)0 4993 y(>)564 b(If)52
b(bexp)g(stm)g(stm)g(|)g(While)h(bexp)f(stm)0 5221 y
Fw(Example)37 b(B.1)48 b Fu(The)34 b(factorial)c(statemen)m(t)j(of)f
(Exercise)i(1.1)e(is)g(represen)m(ted)j(b)m(y)1663 5849
y(217)p eop
%%Page: 218 228
218 227 bop 251 130 a Fw(218)1049 b(B)111 b(In)m(tro)s(duction)37
b(to)g(Miranda)h(Implemen)m(tations)p 251 193 3473 4
v 283 515 a Fr(>)103 b(factorial)54 b(=)d(Comp)i(\(Ass)f("y")g(\(N)g
(1\)\))283 683 y(>)975 b(\(While)53 b(\(Neg)f(\(Eq)g(\(V)g("x"\))g(\(N)
g(1\)\)\))283 851 y(>)1077 b(\(Comp)53 b(\(Ass)f("y")g(\(Mult)h(\(V)f
("y"\))g(\(V)g("x"\)\)\))283 1018 y(>)1385 b(\(Ass)52
b("x")g(\(Sub)h(\(V)e("x"\))i(\(N)f(1\)\)\)\)\))283 1251
y Fu(Note)41 b(that)f(this)g(is)g(a)h(represen)m(tation)g(of)f(the)h
Fs(abstr)-5 b(act)42 b(syntax)52 b Fu(of)40 b(the)h(statemen)m(t.)67
b(One)283 1371 y(ma)m(y)33 b(b)s(e)g(in)m(terested)g(in)f(a)g(parser)i
(that)e(w)m(ould)g(translate)g(the)h(more)f(readable)g(form)527
1578 y Fr(y)52 b(:=)g(1;)f(while)i Ft(:)p Fr(\(x)f(=)g(1\))g(do)f(\(y)h
(:=)g(y)g(*)f(x;)h(x)f(:=)h(x)g Ft(\000)f Fr(1\))283
1785 y Fu(in)m(to)26 b(the)g(ab)s(o)m(v)m(e)h(represen)m(tation.)42
b(Ho)m(w)m(ev)m(er,)29 b(w)m(e)e(shall)d(refrain)h(from)g(undertaking)h
(the)g(task)283 1905 y(of)33 b(implemen)m(ting)c(a)k(parser)g(as)g(w)m
(e)g(are)g(mainly)d(concerned)k(with)f(seman)m(tics.)439
b Fh(2)283 2138 y Fw(Exercise)37 b(B.2)48 b Fu(Sp)s(ecify)22
b(an)g(elemen)m(t)f(of)h Fr(stm)g Fu(that)g(represen)m(ts)i(the)e
(statemen)m(t)g(constructed)283 2258 y(in)32 b(Exercise)i(1.2)e(for)g
(computing)g Fs(n)40 b Fu(to)32 b(the)h(p)s(o)m(w)m(er)g(of)f
Fs(m)7 b Fu(.)1220 b Fh(2)283 2595 y Fj(B.2)161 b(Ev)-9
b(aluation)55 b(of)f(expressions)283 2815 y Fu(W)-8 b(e)47
b(shall)d(\014rst)i(b)s(e)g(concerned)i(with)d(the)h(represen)m(tation)
h(of)e(v)-5 b(alues)46 b(and)g(states.)84 b(The)283 2936
y(natural)28 b(n)m(um)m(b)s(ers)i Fw(Z)f Fu(will)d(b)s(e)j(represen)m
(ted)j(b)m(y)d(the)h(t)m(yp)s(e)f Fr(num)h Fu(meaning)d(that)i(the)g
(seman)m(tic)283 3056 y(function)37 b Ft(N)51 b Fu(b)s(ecomes)37
b(trivial.)54 b(The)38 b(truth)f(v)-5 b(alues)36 b Fw(T)h
Fu(will)e(b)s(e)i(represen)m(ted)i(b)m(y)f(the)f(t)m(yp)s(e)283
3176 y Fr(bool)d Fu(of)e(b)s(o)s(oleans.)43 b(So)32 b(w)m(e)i(de\014ne)
g(the)f(t)m(yp)s(e)g(synon)m(yms:)283 3384 y Fr(>)103
b(z)52 b(==)g(num)283 3551 y(>)103 b(t)52 b(==)g(bool)283
3758 y Fu(The)32 b(set)f Fw(State)f Fu(is)g(de\014ned)i(as)f(the)g(set)
g(of)f(functions)g(from)f(v)-5 b(ariables)30 b(to)g(natural)f(n)m(um)m
(b)s(ers)283 3878 y(so)k(w)m(e)h(de\014ne:)283 4086 y
Fr(>)103 b(state)53 b(==)f(var)g(->)g(z)283 4319 y Fw(Example)37
b(B.3)49 b Fu(The)38 b(state)g Fr(s)p 1468 4319 31 4
v 37 w(init)g Fu(that)f(maps)g(all)e(v)-5 b(ariables)36
b(except)j Fr(x)f Fu(to)e Fw(0)i Fu(and)f(that)283 4439
y(maps)c Fr(x)g Fu(to)f Fw(3)g Fu(can)h(b)s(e)g(de\014ned)h(b)m(y)283
4647 y Fr(>)103 b(s)p 494 4647 V 37 w(init)53 b("x")f(=)f(3)283
4814 y(>)103 b(s)p 494 4814 V 37 w(init)53 b(y)154 b(=)51
b(0)283 5021 y Fu(Note)32 b(that)g(w)m(e)g(encapsulate)g(the)g(sp)s
(eci\014c)h(v)-5 b(ariable)29 b(name)j Fr(x)f Fu(in)g(quotes)i(whereas)
g Fr(y)f Fu(can)g(b)s(e)283 5141 y(an)m(y)i(v)-5 b(ariable.)2851
b Fh(2)430 5374 y Fu(The)35 b(functions)g Ft(A)f Fu(and)g
Ft(B)k Fu(will)32 b(b)s(e)j(called)e Fr(a)p 2119 5374
V 37 w(val)i Fu(and)g Fr(b)p 2587 5374 V 37 w(val)g Fu(in)f(the)h
(implemen)m(tation)283 5494 y(and)e(they)h(are)e(de\014ned)i(b)m(y)g
(directly)e(translating)e(T)-8 b(ables)33 b(1.1)f(and)h(1.2)f(in)m(to)g
Fw(Miranda)p Fu(:)p eop
%%Page: 219 229
219 228 bop 0 130 a Fw(B.2)112 b(Ev)-6 b(aluation)36
b(of)i(expressions)1787 b(219)p 0 193 3473 4 v 0 515
a Fr(>)103 b(a)p 211 515 31 4 v 37 w(val)52 b(::)g(aexp)g(->)g(state)h
(->)e(z)0 683 y(>)103 b(b)p 211 683 V 37 w(val)52 b(::)g(bexp)g(->)g
(state)h(->)e(t)0 898 y(>)103 b(a)p 211 898 V 37 w(val)52
b(\(N)g(n\))g(s)410 b(=)52 b(n)0 1065 y(>)103 b(a)p 211
1065 V 37 w(val)52 b(\(V)g(x\))g(s)410 b(=)52 b(s)f(x)0
1233 y(>)103 b(a)p 211 1233 V 37 w(val)52 b(\(Add)g(a1)g(a2\))g(s)103
b(=)52 b(\(a)p 1427 1233 V 37 w(val)g(a1)g(s\))g(+)f(\(a)p
2181 1233 V 38 w(val)h(a2)g(s\))0 1401 y(>)103 b(a)p
211 1401 V 37 w(val)52 b(\(Mult)h(a1)e(a2\))h(s)g(=)g(\(a)p
1427 1401 V 37 w(val)g(a1)g(s\))g(*)f(\(a)p 2181 1401
V 38 w(val)h(a2)g(s\))0 1568 y(>)103 b(a)p 211 1568 V
37 w(val)52 b(\(Sub)g(a1)g(a2\))g(s)103 b(=)52 b(\(a)p
1427 1568 V 37 w(val)g(a1)g(s\))g(-)f(\(a)p 2181 1568
V 38 w(val)h(a2)g(s\))0 1783 y(>)103 b(b)p 211 1783 V
37 w(val)52 b(TRUE)g(s)462 b(=)52 b(True)0 1951 y(>)103
b(b)p 211 1951 V 37 w(val)52 b(FALSE)h(s)410 b(=)52 b(False)0
2118 y(>)103 b(b)p 211 2118 V 37 w(val)52 b(\(Eq)g(a1)g(a2\))g(s)154
b(=)52 b(True,)103 b(if)p 1677 2131 103 4 v 52 w(a)p
1888 2118 31 4 v 37 w(val)52 b(a1)g(s)g(=)f(a)p 2540
2118 V 38 w(val)h(a2)f(s)0 2286 y(>)1179 b(=)52 b(False,)h(if)p
1692 2299 103 4 v 52 w(a)p 1903 2286 31 4 v 37 w(val)f(a1)g(s)f(~=)h(a)
p 2606 2286 V 37 w(val)g(a2)g(s)0 2454 y(>)103 b(b)p
211 2454 V 37 w(val)52 b(\(Le)g(a1)g(a2\))g(s)154 b(=)52
b(True,)103 b(if)p 1677 2467 103 4 v 52 w(a)p 1888 2454
31 4 v 37 w(val)52 b(a1)g(s)g(<=)g(a)p 2592 2454 V 37
w(val)g(a2)g(s)0 2621 y(>)1179 b(=)52 b(False,)h(if)p
1692 2634 103 4 v 52 w(a)p 1903 2621 31 4 v 37 w(val)f(a1)g(s)f(>)h(a)p
2555 2621 V 37 w(val)g(a2)g(s)0 2789 y(>)103 b(b)p 211
2789 V 37 w(val)52 b(\(Neg)g(b\))g(s)308 b(=)52 b(True,)103
b(if)p 1677 2802 103 4 v 52 w(b)p 1888 2789 31 4 v 37
w(val)52 b(b)g(s)g(=)f(False)0 2957 y(>)1179 b(=)52 b(False,)h(if)p
1692 2970 103 4 v 52 w(b)p 1903 2957 31 4 v 37 w(val)f(b)f(s)h(=)f
(True)0 3124 y(>)103 b(b)p 211 3124 V 37 w(val)52 b(\(And)g(b1)g(b2\))g
(s)103 b(=)52 b(True,)103 b(if)p 1677 3137 103 4 v 52
w(b)p 1888 3124 31 4 v 37 w(val)52 b(b1)g(s)g(=)f(True)i(&)0
3292 y(>)1795 b(b)p 1903 3292 V 37 w(val)52 b(b2)g(s)f(=)h(True)0
3459 y(>)1179 b(=)52 b(False,)h(if)p 1692 3472 103 4
v 52 w(b)p 1903 3459 31 4 v 37 w(val)f(b1)g(s)f(=)h(False)g(\\/)0
3627 y(>)1795 b(b)p 1903 3627 V 37 w(val)52 b(b2)g(s)f(=)h(False)0
3831 y Fw(Exercise)36 b(B.4)49 b Fu(Construct)37 b(an)f(algebraic)f
(data)g(t)m(yp)s(e)i(for)f(the)g(binary)g(n)m(umerals)g(consid-)0
3952 y(ered)46 b(in)e(Section)h(1.3.)81 b(De\014ne)45
b(a)g(function)f Fr(n)p 1796 3952 V 38 w(val)h Fu(that)g(asso)s(ciates)
h(a)e(n)m(um)m(b)s(er)i(\(in)e(the)0 4072 y(decimal)31
b(system\))i(to)f(eac)m(h)i(n)m(umeral.)1968 b Fh(2)0
4276 y Fw(Exercise)36 b(B.5)49 b Fu(De\014ne)33 b(functions)0
4461 y Fr(>)103 b(fv)p 262 4461 V 37 w(aexp)53 b(::)e(aexp)i(->)e
([var])0 4629 y(>)103 b(fv)p 262 4629 V 37 w(bexp)53
b(::)e(bexp)i(->)e([var])0 4814 y Fu(computing)35 b(the)i(set)g(of)f
(free)h(v)-5 b(ariables)35 b(o)s(ccurring)h(in)g(an)g(expression.)56
b(Ensure)38 b(that)e(eac)m(h)0 4935 y(v)-5 b(ariable)31
b(o)s(ccurs)i(at)f(most)g(once)i(in)d(the)i(resulting)f(lists.)1270
b Fh(2)0 5139 y Fw(Exercise)36 b(B.6)49 b Fu(De\014ne)33
b(functions)0 5324 y Fr(>)103 b(subst)p 415 5324 V 38
w(aexp)52 b(::)g(aexp)g(->)g(var)g(->)g(aexp)g(->)g(aexp)0
5492 y(>)103 b(subst)p 415 5492 V 38 w(bexp)52 b(::)g(bexp)g(->)g(var)g
(->)g(aexp)g(->)g(bexp)p eop
%%Page: 220 230
220 229 bop 251 130 a Fw(220)1049 b(B)111 b(In)m(tro)s(duction)37
b(to)g(Miranda)h(Implemen)m(tations)p 251 193 3473 4
v 283 515 a Fu(implemen)m(ting)f(the)i(substitution)g(op)s(erations,)h
(that)f(is)g Fr(subst)p 2718 515 31 4 v 38 w(aexp)h Fs(a)46
b(y)i(a)3242 530 y Fn(0)3321 515 y Fu(constructs)283
636 y Fs(a)7 b Fu([)p Fs(y)i Ft(7!)q Fs(a)581 651 y Fn(0)620
636 y Fu(])33 b(and)g Fr(subst)p 1131 636 V 38 w(bexp)g
Fs(b)39 b(y)i(a)1629 651 y Fn(0)1702 636 y Fu(constructs)34
b Fs(b)6 b Fu([)p Fs(y)j Ft(7!)o Fs(a)2459 651 y Fn(0)2499
636 y Fu(].)1128 b Fh(2)p eop
%%Page: 221 231
221 230 bop 0 1182 a Fv(App)6 b(endix)77 b(C)0 1599 y(Op)6
b(erational)77 b(Seman)-6 b(tics)77 b(in)0 1848 y(Miranda)0
2303 y Fu(In)41 b(this)f(app)s(endix)g(w)m(e)i(implemen)m(t)c(the)j
(natural)e(seman)m(tics)i(and)f(the)h(structural)f(op)s(era-)0
2423 y(tional)23 b(seman)m(tics)j(of)f(Chapter)h(2)f(in)g
Fw(Miranda)h Fu(and)f(sho)m(w)i(ho)m(w)f(similar)c(tec)m(hniques)27
b(can)f(b)s(e)0 2544 y(used)h(to)f(implemen)m(t)f(an)h(in)m(terpreter)h
(for)e(the)i(abstract)g(mac)m(hine)e(and)i(the)f(co)s(de)h(generation)0
2664 y(of)32 b(Chapter)h(3.)146 2787 y(W)-8 b(e)30 b(shall)d(need)k
(the)e(de\014nitions)g(from)e(App)s(endix)j(B)f(so)g(w)m(e)h(b)s(egin)f
(b)m(y)h(including)d(these:)0 3005 y Fr(>)103 b(\045include)p
154 3027 411 4 v 53 w("appB")0 3220 y Fu(In)46 b(Chapter)g(2)f(w)m(e)i
(distinguish)d(b)s(et)m(w)m(een)j(t)m(w)m(o)f(kinds)g(of)f
(con\014gurations,)k(in)m(termediate)0 3340 y(con\014gurations)44
b(and)g(\014nal)f(con\014gurations.)77 b(This)45 b(is)e(captured)i(b)m
(y)g(the)f(algebraic)f(data)0 3461 y(t)m(yp)s(e:)0 3677
y Fr(>)103 b(config)53 b(::=)f(Inter)g(stm)g(state)h(|)f(Final)g(state)
0 3892 y Fu(In)34 b(the)g(next)g(section)g(w)m(e)g(shall)e(sho)m(w)j
(ho)m(w)f(the)g(natural)f(seman)m(tics)g(can)h(b)s(e)g(implemen)m(ted)0
4012 y(and)f(after)f(that)g(w)m(e)i(shall)d(turn)i(to)f(the)h
(structural)g(op)s(erational)d(seman)m(tics.)0 4358 y
Fj(C.1)160 b(Natural)56 b(seman)l(tics)0 4582 y Fu(Corresp)s(onding)22
b(to)g(the)h(relation)e Ft(!)h Fu(in)f(Section)i(2.1)e(w)m(e)j(shall)d
(in)m(tro)s(duce)h(a)g(function)g Fr(ns)p 3287 4582 31
4 v 38 w(stm)0 4702 y Fu(of)32 b(t)m(yp)s(e)0 4919 y
Fr(>)103 b(ns)p 262 4919 V 37 w(stm)52 b(::)g(config)h(->)f(config)0
5133 y Fu(The)45 b(argumen)m(t)f(of)g(this)g(function)g(corresp)s(onds)
h(to)f(the)h(left-hand)e(side)h(of)g Ft(!)g Fu(whereas)0
5254 y(the)c(result)g(pro)s(duced)g(will)e(corresp)s(ond)i(to)f(the)i
(righ)m(t-hand)d(side)i(of)f(the)h(relation.)63 b(This)0
5374 y(is)45 b(p)s(ossible)g(b)s(ecause)i(Theorem)f(2.9)f(sho)m(ws)j
(that)d(the)h(relation)e(is)h(deterministic.)81 b(The)0
5494 y(de\014nition)32 b(of)g Fr(ns)p 653 5494 V 37 w(stm)h
Fu(follo)m(ws)f(closely)g(the)h(de\014nition)e(of)i Ft(!)f
Fu(in)f(T)-8 b(able)33 b(2.1:)1663 5849 y(221)p eop
%%Page: 222 232
222 231 bop 251 130 a Fw(222)1420 b(C)112 b(Op)s(erational)37
b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283
515 a Fr(>)103 b(ns)p 545 515 31 4 v 38 w(stm)52 b(\(Inter)h(\(Ass)f(x)
f(a\))h(s\))283 683 y(>)411 b(=)51 b(Final)i(\(update)g(s)f(x)f(\(a)p
1878 683 V 38 w(val)h(a)f(s\)\))283 851 y(>)513 b(where)p
847 864 257 4 v 283 1018 a(>)g(update)53 b(s)f(x)f(v)h(y)f(=)h(v,)g(if)
p 1873 1031 103 4 v 52 w(x)f(=)h(y)283 1186 y(>)1282
b(=)52 b(s)f(y,)h(otherwise)p 1975 1199 462 4 v 283 1401
a(>)103 b(ns)p 545 1401 31 4 v 38 w(stm)52 b(\(Inter)h(\(Skip\))f(s\))g
(=)g(Final)g(s)283 1616 y(>)103 b(ns)p 545 1616 V 38
w(stm)52 b(\(Inter)h(\(Comp)f(ss1)g(ss2\))h(s\))283 1783
y(>)411 b(=)51 b(Final)i(s'')283 1951 y(>)513 b(where)p
847 1964 257 4 v 283 2118 a(>)g(Final)53 b(s')f(=)f(ns)p
1519 2118 31 4 v 38 w(stm)h(\(Inter)h(ss1)f(s\))283 2286
y(>)513 b(Final)53 b(s'')f(=)g(ns)p 1571 2286 V 37 w(stm)g(\(Inter)h
(ss2)f(s'\))283 2501 y(>)103 b(ns)p 545 2501 V 38 w(stm)52
b(\(Inter)h(\(If)f(b)f(ss1)h(ss2\))h(s\))283 2669 y(>)411
b(=)51 b(Final)i(s',)f(if)p 1360 2682 103 4 v 52 w(b)p
1571 2669 31 4 v 37 w(val)g(b)g(s)283 2836 y(>)513 b(where)p
847 2849 257 4 v 283 3004 a(>)g(Final)53 b(s')f(=)f(ns)p
1519 3004 31 4 v 38 w(stm)h(\(Inter)h(ss1)f(s\))283 3219
y(>)103 b(ns)p 545 3219 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)h
(ss2\))h(s\))283 3386 y(>)411 b(=)51 b(Final)i(s',)f(if)p
1360 3399 103 4 v 52 w(~b)p 1622 3386 31 4 v 37 w(val)g(b)g(s)283
3554 y(>)513 b(where)p 847 3567 257 4 v 283 3722 a(>)g(Final)53
b(s')f(=)f(ns)p 1519 3722 31 4 v 38 w(stm)h(\(Inter)h(ss2)f(s\))283
3936 y(>)103 b(ns)p 545 3936 V 38 w(stm)52 b(\(Inter)h(\(While)f(b)g
(ss\))g(s\))283 4104 y(>)411 b(=)51 b(Final)i(s'',)f(if)p
1411 4117 103 4 v 52 w(b)p 1622 4104 31 4 v 37 w(val)g(b)g(s)283
4272 y(>)513 b(where)p 847 4285 257 4 v 283 4439 a(>)g(Final)53
b(s')f(=)f(ns)p 1519 4439 31 4 v 38 w(stm)h(\(Inter)h(ss)e(s\))283
4607 y(>)513 b(Final)53 b(s'')f(=)g(ns)p 1571 4607 V
37 w(stm)g(\(Inter)h(\(While)g(b)e(ss\))h(s'\))283 4822
y(>)103 b(ns)p 545 4822 V 38 w(stm)52 b(\(Inter)h(\(While)f(b)g(ss\))g
(s\))283 4989 y(>)411 b(=)51 b(Final)i(s,)f(if)p 1309
5002 103 4 v 52 w(~b)p 1571 4989 31 4 v 37 w(val)g(b)g(s)283
5193 y Fu(Note)33 b(that)g(in)e(the)i(axiom)e(for)h(assignmen)m(t)h
Fr(update)h Fs(s)40 b(x)45 b(v)e Fu(corresp)s(onds)34
b(to)e Fs(s)8 b Fu([)p Fs(x)k Ft(7!)p Fs(v)f Fu(].)430
5313 y(The)33 b(seman)m(tic)g(function)f Ft(S)1484 5328
y Fn(ns)1588 5313 y Fu(can)h(no)m(w)g(b)s(e)g(de\014ned)h(b)m(y)p
eop
%%Page: 223 233
223 232 bop 0 130 a Fw(C.2)112 b(Structural)37 b(op)s(erational)f
(seman)m(tics)1425 b(223)p 0 193 3473 4 v 0 515 a Fr(>)52
b(s)p 160 515 31 4 v 37 w(ns)g(ss)f(s)h(=)f(s')0 683
y(>)667 b(where)p 718 696 257 4 v 0 851 a(>)g(Final)52
b(s')g(=)g(ns)p 1390 851 31 4 v 37 w(stm)g(\(Inter)h(ss)f(s\))0
1095 y Fw(Example)37 b(C.1)48 b Fu(W)-8 b(e)42 b(can)g(execute)h(the)f
(factorial)d(statemen)m(t)j(\(see)g(Example)f(B.1\))h(from)0
1216 y(the)36 b(state)g Fr(s)p 470 1216 V 37 w(init)h
Fu(mapping)d Fr(x)h Fu(to)h Fw(3)f Fu(and)h(all)d(other)j(v)-5
b(ariables)34 b(to)h Fw(0)h Fu(\(see)g(Example)f(B.3\).)0
1336 y(The)f(\014nal)d(state)i Fr(s)p 713 1336 V 37 w(fac)h
Fu(is)e(obtained)g(as)h(follo)m(ws:)0 1553 y Fr(>)52
b(s)p 160 1553 V 37 w(fac)g(=)f(s)p 555 1553 V 37 w(ns)h(factorial)i(s)
p 1310 1553 V 37 w(init)0 1768 y Fu(T)-8 b(o)33 b(get)f(the)h(\014nal)f
(v)-5 b(alue)32 b(of)g Fr(y)h Fu(w)m(e)g(ev)-5 b(aluate)33
b Fr(s)p 1721 1768 V 37 w(fac)52 b("y")p Fu(.)1261 b
Fh(2)0 2013 y Fw(Exercise)36 b(C.2)49 b Fu(Extend)44
b(the)e(de\014nition)f(of)h Fr(stm)g Fu(and)h Fr(ns)p
2254 2013 V 37 w(stm)g Fu(to)e(include)h(the)g Fr(repeat)p
Fu(-)0 2133 y(construct.)2976 b Fh(2)0 2378 y Fw(Exercise)36
b(C.3)49 b Fu(De\014ne)31 b(an)f(algebraic)f(data)h(t)m(yp)s(e)h
Fr(deriv)p 2201 2378 V 38 w(tree)g Fu(represen)m(ting)h(the)f(deriv)-5
b(a-)0 2498 y(tion)39 b(trees)h(of)f(the)i(natural)d(seman)m(tics.)65
b(Construct)41 b(a)e(v)-5 b(arian)m(t)39 b(of)g(the)h(function)g
Fr(s)p 3221 2498 V 37 w(ns)g Fu(of)0 2619 y(t)m(yp)s(e)244
2834 y Fr(s)p 301 2834 V 37 w(ns)52 b(::)g(stm)g(->)g(state)g(->)g
(deriv)p 1721 2834 V 38 w(tree)0 3049 y Fu(that)26 b(constructs)j(the)e
Fs(derivation)h(tr)-5 b(e)g(e)34 b Fu(for)27 b(a)f(giv)m(en)h(statemen)
m(t)g(and)g(state)g(rather)f(than)h(just)0 3169 y(the)33
b(\014nal)f(state.)44 b(Apply)32 b(the)h(function)f(to)h(some)f
(example)g(statemen)m(ts.)663 b Fh(2)0 3516 y Fj(C.2)160
b(Structural)54 b(op)t(erational)h(seman)l(tics)0 3740
y Fu(When)25 b(sp)s(ecifying)f(the)h(structural)g(op)s(erational)d
(seman)m(tics)i(w)m(e)i(shall)d(need)j(to)e(test)h(whether)0
3860 y Ft(\))41 b Fu(pro)s(duces)i(an)e(in)m(termediate)g
(con\014guration)g(or)g(a)g(\014nal)g(con\014guration.)70
b(So)41 b(w)m(e)i(shall)0 3981 y(in)m(tro)s(duce)33 b(the)g(function)f
Fr(is)p 1092 3981 V 37 w(Final)i Fu(de\014ned)g(b)m(y:)0
4198 y Fr(>)103 b(is)p 262 4198 V 37 w(Final)53 b(\(Inter)g(ss)e(s\))h
(=)g(False)0 4366 y(>)103 b(is)p 262 4366 V 37 w(Final)53
b(\(Final)g(s\))e(=)h(True)0 4581 y Fu(Corresp)s(onding)33
b(to)f(the)h(relation)d Ft(\))j Fu(w)m(e)g(de\014ne)h(the)f(function)f
Fr(sos)p 2565 4581 V 38 w(stm)h Fu(of)f(t)m(yp)s(e:)0
4798 y Fr(>)103 b(sos)p 313 4798 V 38 w(stm)52 b(::)f(config)i(->)f
(config)0 5013 y Fu(As)26 b(in)e(the)i(previous)g(section)f(the)h
(argumen)m(t)f(of)g(this)g(function)g(will)e(corresp)s(ond)j(to)f(the)h
(con-)0 5133 y(\014guration)i(on)h(the)g(left-hand)f(side)h(of)f(the)i
(relation)d Ft(\))h Fu(and)h(the)h(result)e(will)f(corresp)s(ond)j(to)0
5254 y(the)g(righ)m(t-hand)f(side.)43 b(Again)28 b(this)i(implemen)m
(tation)c(tec)m(hnique)31 b(is)f(only)f(p)s(ossible)g(b)s(ecause)0
5374 y(the)38 b(seman)m(tics)g(is)g(deterministic)e(\(Exercise)j
(2.22\).)59 b(The)39 b(de\014nition)e(of)g Fr(sos)p 2961
5374 V 38 w(stm)i Fu(follo)m(ws)0 5494 y(T)-8 b(able)32
b(2.2)g(closely:)p eop
%%Page: 224 234
224 233 bop 251 130 a Fw(224)1420 b(C)112 b(Op)s(erational)37
b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283
515 a Fr(>)103 b(sos)p 596 515 31 4 v 38 w(stm)52 b(\(Inter)h(\(Ass)f
(x)g(a\))g(s\))283 683 y(>)462 b(=)52 b(Final)g(\(update)h(s)f(x)f(\(a)
p 1929 683 V 38 w(val)h(a)f(s\)\))283 851 y(>)565 b(where)p
899 864 257 4 v 283 1018 a(>)g(update)53 b(s)e(x)h(v)f(y)h(=)f(v,)h(if)
p 1924 1031 103 4 v 52 w(x)f(=)h(y)283 1186 y(>)1334
b(=)51 b(s)h(y,)g(otherwise)p 2027 1199 462 4 v 283 1401
a(>)103 b(sos)p 596 1401 31 4 v 38 w(stm)52 b(\(Inter)h(Skip)f(s\))g(=)
g(Final)g(s)283 1616 y(>)103 b(sos)p 596 1616 V 38 w(stm)52
b(\(Inter)h(\(Comp)f(ss1)h(ss2\))f(s\))283 1783 y(>)462
b(=)52 b(Inter)g(\(Comp)h(ss1')f(ss2\))h(s',)283 1951
y(>)821 b(if)p 1155 1964 103 4 v 52 w(~is)p 1468 1951
31 4 v 37 w(Final\(sos)p 1964 1951 V 40 w(stm)52 b(\(Inter)h(ss1)f
(s\)\))283 2118 y(>)565 b(where)p 899 2131 257 4 v 283
2286 a(>)g(Inter)52 b(ss1')h(s')e(=)h(sos)p 1878 2286
31 4 v 38 w(stm)g(\(Inter)h(ss1)f(s\))283 2501 y(>)103
b(sos)p 596 2501 V 38 w(stm)52 b(\(Inter)h(\(Comp)f(ss1)h(ss2\))f(s\))
283 2669 y(>)462 b(=)52 b(Inter)g(ss2)g(s',)283 2836
y(>)821 b(if)p 1155 2849 103 4 v 52 w(is)p 1417 2836
31 4 v 37 w(Final\(sos)p 1913 2836 V 40 w(stm)52 b(\(Inter)g(ss1)h
(s\)\))283 3004 y(>)565 b(where)p 899 3017 257 4 v 283
3171 a(>)g(Final)52 b(s')g(=)g(sos)p 1622 3171 31 4 v
37 w(stm)g(\(Inter)h(ss1)f(s\))283 3386 y(>)103 b(sos)p
596 3386 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)i(ss2\))f(s\))283
3554 y(>)462 b(=)52 b(Inter)g(ss1)g(s,)g(if)p 1565 3567
103 4 v 52 w(b)p 1776 3554 31 4 v 37 w(val)g(b)g(s)283
3769 y(>)103 b(sos)p 596 3769 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)
i(ss2\))f(s\))283 3936 y(>)462 b(=)52 b(Inter)g(ss2)g(s,)g(if)p
1565 3949 103 4 v 52 w(~b)p 1827 3936 31 4 v 37 w(val)g(b)g(s)283
4151 y(>)103 b(sos)p 596 4151 V 38 w(stm)52 b(\(Inter)h(\(While)g(b)e
(ss\))h(s\))283 4319 y(>)462 b(=)52 b(Inter)g(\(If)g(b)g(\(Comp)g(ss)g
(\(While)h(b)f(ss\)\))g(Skip\))h(s)283 4479 y Fu(The)48
b(function)f Fr(sos)p 1054 4479 V 38 w(stm)g Fu(implemen)m(ts)f(one)h
(step)h(of)f(the)g(computation.)85 b(The)48 b(function)283
4599 y Fr(deriv)p 544 4599 V 39 w(seq)31 b Fu(de\014ned)g(b)s(elo)m(w)f
(will)e(determine)i(the)h(complete)f(deriv)-5 b(ation)28
b(sequence)33 b(\()p Fs(even)f(if)283 4719 y(it)k(is)e(in\014nite!)12
b Fu(\).)283 4879 y Fr(>)103 b(deriv)p 698 4879 V 39
w(seq)52 b(\(Inter)g(ss)g(s\))283 5047 y(>)462 b(=)52
b(\(Inter)h(ss)e(s\))h(:)g(\(deriv)p 1980 5047 V 38 w(seq)g(\(sos)p
2427 5047 V 38 w(stm)g(\(Inter)h(ss)f(s\)\)\))283 5214
y(>)103 b(deriv)p 698 5214 V 39 w(seq)52 b(\(Final)g(s\))g(=)g([Final)h
(s])283 5374 y Fu(The)37 b(seman)m(tic)e(function)g Ft(S)1347
5389 y Fn(sos)1478 5374 y Fu(can)g(no)m(w)i(b)s(e)e(de\014ned)i(b)m(y)g
(the)f Fw(Miranda)g Fu(function)f Fr(s)p 3544 5374 V
37 w(sos)p Fu(:)p eop
%%Page: 225 235
225 234 bop 0 130 a Fw(C.3)112 b(Extensions)37 b(of)h(While)2038
b(225)p 0 193 3473 4 v 0 515 a Fr(>)103 b(s)p 211 515
31 4 v 37 w(sos)52 b(ss)g(s)f(=)h(s')0 683 y(>)769 b(where)p
820 696 257 4 v 0 851 a(>)g(Final)53 b(s')f(=)f(last)i(\(deriv)p
1953 851 31 4 v 38 w(seq)f(\(Inter)h(ss)f(s\)\))0 1091
y Fw(Example)37 b(C.4)48 b Fu(The)30 b(deriv)-5 b(ation)27
b(sequence)k(obtained)d(b)m(y)i(executing)f(the)g(factorial)d(state-)0
1211 y(men)m(t)33 b(on)f(the)h(state)g Fr(s)p 846 1211
V 37 w(init)h Fu(of)e(Example)g(B.3)g(can)h(no)m(w)h(b)s(e)e(obtained)g
(as)h(follo)m(ws:)0 1424 y Fr(>)103 b(fac)p 313 1424
V 38 w(seq)52 b(=)f(deriv)p 913 1424 V 38 w(seq)h(\(Inter)h(factorial)h
(s)p 2079 1424 V 37 w(init\))0 1634 y Fu(W)-8 b(e)28
b(ma)m(y)g(w)m(an)m(t)g(to)f(insp)s(ect)h(this)g(in)f(more)g(detail)f
(and)h(in)g(particular)f(w)m(e)j(ma)m(y)e(b)s(e)h(in)m(terested)0
1755 y(in)47 b(the)i(v)-5 b(alues)48 b(of)g(the)h(v)-5
b(ariables)47 b Fr(x)h Fu(and)h Fr(y)f Fu(in)g(the)g(v)-5
b(arious)48 b(in)m(termediate)f(states.)91 b(T)-8 b(o)0
1875 y(facilitate)30 b(this)i(w)m(e)i(use)f(the)g(function)0
2087 y Fr(>)103 b(show)p 364 2087 V 38 w(seq)52 b(fv)g(l)f(=)h(lay)g
(\(map)g(show)p 1631 2087 V 38 w(config)h(l\))0 2255
y(>)923 b(where)p 974 2268 257 4 v 0 2423 a(>)g(show)p
1184 2423 31 4 v 38 w(config)53 b(\(Final)g(s\))f(=)0
2590 y(>)1026 b("final)52 b(state:\\n"++lay)j(\(map)e(\(show)p
2722 2590 V 38 w(val)f(s\))g(fv\))0 2758 y(>)923 b(show)p
1184 2758 V 38 w(config)53 b(\(Inter)g(ss)f(s\))f(=)0
2926 y(>)1026 b(show)p 1077 2939 206 4 v 52 w(ss++"\\n"++lay)55
b(\(map)d(\(show)p 2568 2926 31 4 v 38 w(val)g(s\))g(fv\))0
3093 y(>)923 b(show)p 1184 3093 V 38 w(val)52 b(s)g(x)f(=)h(")f
(s\("++x++"\)="++shownum)57 b(\(s)52 b(x\))0 3304 y Fu(The)31
b(function)f(call)f Fr(show)p 965 3304 V 38 w(seq)52
b(["x","y"])i(fac)p 1874 3304 V 38 w(seq)31 b Fu(will)d(for)i(eac)m(h)i
(con\014guration)d(in)h(the)0 3424 y(deriv)-5 b(ation)34
b(sequence)k Fr(fac)p 1027 3424 V 38 w(seq)e Fu(list)e(the)i(statemen)m
(t)g(part)f(and)g(the)h(v)-5 b(alues)35 b(of)g Fr(x)h
Fu(and)g Fr(y)f Fu(in)0 3545 y(the)e(state)g(part.)146
3667 y(The)h(\014nal)e(state)h(of)f(the)h(deriv)-5 b(ation)31
b(sequence)k(can)e(b)s(e)g(obtained)f(from)0 3879 y Fr(>)52
b(s)p 160 3879 V 37 w(fac')g(=)g(s)p 607 3879 V 37 w(sos)g(factorial)h
(s)p 1412 3879 V 38 w(init)0 4090 y Fu(and)33 b(the)g(v)-5
b(alue)32 b(obtained)g(for)g Fr(y)h Fu(is)f(obtained)g(b)m(y)h
(executing)g Fr(s)p 2371 4090 V 38 w(fac')52 b("y")p
Fu(.)559 b Fh(2)0 4329 y Fw(Exercise)36 b(C.5)49 b Fu(Extend)39
b(the)e(de\014nition)f(of)g Fr(stm)i Fu(and)f Fr(sos)p
2274 4329 V 38 w(stm)g Fu(to)g(include)f(the)h Fr(repeat)p
Fu(-)0 4449 y(construct.)2976 b Fh(2)0 4791 y Fj(C.3)160
b(Extensions)53 b(of)h(While)0 5013 y Fu(The)30 b(implemen)m(tation)c
(of)j(the)g(natural)f(seman)m(tics)i(of)e Fw(While)g
Fu(in)g(Section)h(C.1)h(will)c(no)m(w)k(b)s(e)0 5133
y(extended)35 b(to)e(the)h(pro)s(cedure)g(language)e
Fw(Pro)s(c)h Fu(of)g(Section)g(2.5.)45 b(Rather)33 b(than)h(presen)m
(ting)0 5254 y(a)j(fully)e(w)m(ork)m(ed)k(out)e(implemen)m(tation)d(w)m
(e)k(shall)e(giv)m(e)h(detailed)f(instructions)g(for)h(ho)m(w)h(to)0
5374 y(construct)e(it.)48 b(W)-8 b(e)35 b(shall)e(pa)m(y)i(sp)s(ecial)f
(atten)m(tion)g(to)g(the)h(seman)m(tics)g(of)f Fw(Pro)s(c)g
Fu(with)g(static)0 5494 y(scop)s(e)f(rules)g(for)f(v)-5
b(ariables)31 b(as)i(w)m(ell)f(as)h(pro)s(cedures.)p
eop
%%Page: 226 236
226 235 bop 251 130 a Fw(226)1420 b(C)112 b(Op)s(erational)37
b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283
515 a(Exercise)g(C.6)49 b Fu(The)37 b(\014rst)f(step)h(will)d(b)s(e)i
(to)g(de\014ne)h(the)f(datat)m(yp)s(es)i(needed)f(to)f(represen)m(t)283
636 y(the)d(syn)m(tax)i(and)d(the)h(seman)m(tics)g(of)f
Fw(Pro)s(c)p Fu(.)429 844 y Ft(\017)48 b Fu(Extend)40
b(the)e(algebraic)e(data)h(t)m(yp)s(e)i Fr(stm)f Fu(with)f(the)h(new)h
(forms)e(of)g(statemen)m(ts)i(and)527 964 y(de\014ne)44
b(algebraic)d(data)i(t)m(yp)s(es)h Fr(dec)p 1901 964
31 4 v 38 w(V)e Fu(and)h Fr(dec)p 2385 964 V 38 w(P)g
Fu(for)f(v)-5 b(ariable)41 b(declarations)h(and)527 1085
y(pro)s(cedure)34 b(declarations.)429 1293 y Ft(\017)48
b Fu(De\014ne)30 b(the)g(algebraic)d(t)m(yp)s(e)j Fr(loc)g
Fu(to)f(b)s(e)h Fr(num)g Fu(suc)m(h)g(that)f(lo)s(cations)f(will)e(b)s
(e)k(n)m(um)m(b)s(ers.)527 1413 y(De\014ne)j(the)g(function)742
1621 y Fr(new)52 b(::)g(loc)g(->)g(loc)527 1829 y Fu(suc)m(h)34
b(that)f Fr(new)g Fu(incremen)m(ts)g(its)f(argumen)m(t)g(b)m(y)i(one.)
429 2037 y Ft(\017)48 b Fu(De\014ne)36 b(algebraic)e(t)m(yp)s(es)j
Fr(env)p 1667 2037 V 38 w(V)e Fu(and)h Fr(env)p 2137
2037 V 38 w(P)f Fu(corresp)s(onding)h(to)f Fw(En)m(v)3199
2052 y Fn(V)3292 2037 y Fu(and)h Fw(En)m(v)3677 2052
y Fn(P)3729 2037 y Fu(.)527 2158 y(De\014ne)d(the)g(function)742
2366 y Fr(upd)p 901 2366 V 38 w(P)51 b(::)h(\(dec)p 1399
2366 V 38 w(P,)g(env)p 1744 2366 V 37 w(V,)g(env)p 2088
2366 V 38 w(P\))g(->)g(env)p 2587 2366 V 37 w(P)527 2574
y Fu(corresp)s(onding)33 b(to)f(up)s(d)1438 2589 y Fn(P)1490
2574 y Fu(.)429 2782 y Ft(\017)48 b Fu(Finally)-8 b(,)37
b(w)m(e)j(need)f(a)f(t)m(yp)s(e)i Fr(store)f Fu(corresp)s(onding)g(to)f
Fw(Store)p Fu(.)60 b(There)40 b(are)e(at)g(least)527
2902 y(three)c(p)s(ossibilities:)40 b(One)33 b(p)s(ossibilit)m(y)e(is)h
(to)g(de\014ne)742 3110 y Fr(loc')52 b(::=)g(Loc)g(loc)g
Ft(j)f Fr(Next)742 3278 y(store)i(==)e(loc')i(->)e(z)527
3486 y Fu(as)34 b(this)f(will)e(corresp)s(ond)j(closely)e(to)h(the)h
(de\014nition)e(of)h Fw(Store)p Fu(.)45 b(Alternativ)m(ely)-8
b(,)33 b(one)527 3606 y(ma)m(y)e(iden)m(tify)g(the)g(sp)s(ecial)f(tok)m
(en)i(`next')h(with)d(lo)s(cation)f Fw(0)i Fu(and)g(then)h(simply)e
(de\014ne)742 3814 y Fr(store)53 b(==)e(loc)h(->)g(z)527
4022 y Fu(The)34 b(third)e(p)s(ossibilit)m(y)e(is)i(to)g(de\014ne)742
4230 y Fr(store)53 b(==)e(\(loc)i(->)e(z,)h(loc\))527
4439 y Fu(where)34 b(the)f(second)h(comp)s(onen)m(t)f(corresp)s(onds)h
(to)e(the)h(v)-5 b(alue)32 b(of)g(`next'.)527 4603 y(Cho)s(ose)i(a)e
(metho)s(d)g(that)g(seems)i(appropriate)d(to)i(y)m(ou.)1066
b Fh(2)283 4838 y Fw(Exercise)37 b(C.7)49 b Fu(Finally)33
b(w)m(e)j(turn)g(to)m(w)m(ards)h(the)f(transition)e(systems.)54
b(W)-8 b(e)36 b(b)s(egin)e(b)m(y)j(im-)283 4958 y(plemen)m(ting)32
b(the)h(transition)e(system)i(for)f(v)-5 b(ariable)31
b(declarations:)429 5166 y Ft(\017)48 b Fu(De\014ne)34
b(an)f(algebraic)f(data)h(t)m(yp)s(e)h Fr(config)p 2134
5166 V 38 w(D)g Fu(for)e(the)i(con\014gurations)f(of)f(the)i(transi-)
527 5286 y(tion)e(system)h(for)f(v)-5 b(ariable)31 b(declarations.)429
5494 y Ft(\017)48 b Fu(Then)34 b(de\014ne)g(a)e(function)p
eop
%%Page: 227 237
227 236 bop 0 130 a Fw(C.4)112 b(Pro)m(v)-6 b(ably)37
b(correct)f(implemen)m(tation)1405 b(227)p 0 193 3473
4 v 458 515 a Fr(ns)p 566 515 31 4 v 38 w(dec)p 757 515
V 38 w(V)51 b(::)h(config)p 1357 515 V 38 w(D)g(->)g(config)p
1958 515 V 38 w(D)244 717 y Fu(corresp)s(onding)32 b(to)h(the)g
(relation)d Ft(!)1615 732 y Fn(D)1673 717 y Fu(.)0 915
y(No)m(w)j(w)m(e)h(turn)f(to)f(the)h(transition)e(relation)f(for)i
(statemen)m(ts:)145 1114 y Ft(\017)49 b Fu(De\014ne)33
b(an)f(algebraic)f(data)h(t)m(yp)s(e)h Fr(config)p 1846
1114 V 39 w(P)f Fu(corresp)s(onding)h(to)f(the)h(con\014gurations)244
1234 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(sto)6 b Ft(i)32
b Fu(and)h Fs(sto)39 b Fu(of)32 b(the)h(transition)e(system.)145
1436 y Ft(\017)49 b Fu(Next)33 b(de\014ne)h(a)e(function)458
1637 y Fr(ns)p 566 1637 V 38 w(stm)52 b(::)g(\(env)p
1167 1637 V 38 w(V,)g(env)p 1512 1637 V 37 w(P\))g(->)g(config)p
2163 1637 V 38 w(P)g(->)g(config)p 2764 1637 V 38 w(P)244
1839 y Fu(corresp)s(onding)32 b(to)h(the)g(transition)e(relation)f
Ft(!)p Fu(.)0 2037 y(Finally)g(de\014ne)k(a)e(function)244
2236 y Fr(s)p 301 2236 V 37 w(ns)52 b(::)g(stm)g(->)g(store)g(->)g
(store)0 2434 y Fu(that)28 b(calls)g Fr(ns)p 529 2434
V 37 w(stm)i Fu(with)e(appropriately)g(initialized)c(en)m(vironmen)m
(ts.)44 b(Use)29 b(the)g(function)f(on)0 2554 y(v)-5
b(arious)35 b(example)g(statemen)m(ts)i(in)d(order)i(to)f(ensure)i
(that)f(the)g(implemen)m(tation)c(w)m(orks)37 b(as)0
2675 y(in)m(tended.)3006 b Fh(2)0 2896 y Fw(Exercise)36
b(C.8)49 b Fu(Mo)s(dify)37 b(the)g(implemen)m(tation)d(ab)s(o)m(v)m(e)k
(to)f(use)h(dynamic)f(scop)s(e)h(rules)f(for)0 3017 y(v)-5
b(ariable)31 b(declarations)g(as)i(w)m(ell)f(as)h(pro)s(cedure)g
(declarations.)1062 b Fh(2)146 3238 y Fu(It)33 b(is)g(more)f
(problematic)f(to)i(extend)i(the)e(implemen)m(tation)d(to)j(handle)f
(the)i(constructs)0 3359 y(of)e(Section)h(2.4:)0 3580
y Fw(Exercise)j(C.9)49 b Fu(Discuss)26 b(ho)m(w)f(to)g(extend)h(the)f
(implemen)m(tation)d(of)i(the)h(natural)f(seman)m(tics)0
3700 y(in)32 b(Section)g(C.1)h(to)f(incorp)s(orate)g(the)h(constructs)h
(considered)f(in)f(Section)h(2.4.)407 b Fh(2)0 3922 y
Fw(Exercise)36 b(C.10)49 b Fu(Discuss)28 b(ho)m(w)h(to)e(extend)i(the)g
(implemen)m(tation)24 b(of)j(the)h(structural)g(op)s(er-)0
4042 y(ational)21 b(seman)m(tics)j(of)f(Section)g(C.2)h(to)g(incorp)s
(orate)e(the)i(constructs)h(considered)g(in)e(Section)0
4163 y(2.4.)3246 b Fh(2)0 4495 y Fj(C.4)160 b(Pro)l(v)-9
b(ably)55 b(correct)d(implemen)l(tation)0 4714 y Fu(Rather)32
b(than)g(presen)m(ting)g(a)g(fully)e(w)m(ork)m(ed)k(out)d
Fw(Miranda)i Fu(script)e(w)m(e)i(shall)e(pro)m(vide)h(exer-)0
4834 y(cises)h(sho)m(wing)g(ho)m(w)g(to)g(dev)m(elop)g(an)f(implemen)m
(tation)e(corresp)s(onding)i(to)g(Chapter)i(3.)0 5055
y Fw(Exercise)i(C.11)49 b Fu(W)-8 b(e)38 b(need)h(some)f(data)f(t)m(yp)
s(es)j(to)d(represen)m(t)j(the)e(con\014gurations)g(of)f(the)0
5176 y(mac)m(hine:)145 5374 y Ft(\017)49 b Fu(De\014ne)27
b(an)g(algebraic)e(data)h(t)m(yp)s(e)h Fr(am)p 1613 5374
V 38 w(ins)g Fu(for)f(represen)m(ting)i(instructions)e(and)h(de\014ne)
244 5494 y(the)33 b(t)m(yp)s(e)g(synon)m(ym)p eop
%%Page: 228 238
228 237 bop 251 130 a Fw(228)1420 b(C)112 b(Op)s(erational)37
b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 742
515 a Fr(am)p 850 515 31 4 v 37 w(code)53 b(==)f([am)p
1451 515 V 37 w(ins])527 712 y Fu(for)32 b(represen)m(ting)i(co)s(de.)
429 909 y Ft(\017)48 b Fu(De\014ne)34 b(an)g(algebraic)d(data)i(t)m(yp)
s(e)i Fr(stack)p 2084 909 V 38 w(values)g Fu(represen)m(ting)f(the)g
(elemen)m(ts)g(that)527 1029 y(ma)m(y)f(b)s(e)f(on)h(the)g(ev)-5
b(aluation)31 b(stac)m(k)j(and)e(de\014ne)i(the)f(t)m(yp)s(e)h(synon)m
(ym)742 1226 y Fr(stack)53 b(==)e([stack)p 1515 1226
V 39 w(values])429 1423 y Ft(\017)d Fu(De\014ne)33 b(a)g(t)m(yp)s(e)g
Fr(storage)i Fu(represen)m(ting)e(the)g(storage.)283
1606 y(Finally)d(de\014ne)527 1790 y Fr(am)p 635 1790
V 38 w(config)53 b(==)e(\(am)p 1338 1790 V 38 w(code,)i(stack,)g
(storage\))283 1974 y Fu(for)32 b(the)i(con\014gurations)e(of)g
Fw(AM)p Fu(.)2122 b Fh(2)283 2175 y Fw(Exercise)37 b(C.12)49
b Fu(W)-8 b(e)38 b(can)g(then)g(turn)g(to)g(the)g(seman)m(tics)g(of)g
(the)g(mac)m(hine)f(instructions.)283 2296 y(F)-8 b(or)32
b(this)g(w)m(e)i(pro)s(ceed)f(in)f(three)i(stages:)429
2479 y Ft(\017)48 b Fu(First)32 b(de\014ne)i(a)e(function)g
Fr(am)p 1618 2479 V 38 w(step)h Fu(of)f(t)m(yp)s(e)742
2676 y Fr(am)p 850 2676 V 37 w(step)53 b(::)f(am)p 1400
2676 V 37 w(config)h(->)f(am)p 2052 2676 V 37 w(config)527
2873 y Fu(implemen)m(ting)30 b(T)-8 b(able)32 b(3.1.)429
3070 y Ft(\017)48 b Fu(W)-8 b(e)32 b(shall)d(also)h(b)s(e)h(in)m
(terested)h(in)e(the)h(computation)f(sequences)k(of)c
Fw(AM)h Fu(so)g(de\014ne)h(a)527 3190 y(function)742
3387 y Fr(am)p 850 3387 V 37 w(comp)p 1091 3387 V 38
w(seq)52 b(::)g(am)p 1590 3387 V 38 w(code)g(->)g(storage)h(->)f([am)p
2755 3387 V 37 w(config])527 3584 y Fu(that)28 b(giv)m(en)g(a)f
(sequence)k(of)c(instructions)g(and)h(an)g(initial)c(storage)j(will)f
(construct)i(the)527 3704 y(corresp)s(onding)33 b(computation)e
(sequence.)429 3901 y Ft(\017)48 b Fu(Finally)26 b(de\014ne)k(a)e
(function)g Fr(run)h Fu(corresp)s(onding)g(to)f(the)h(function)f
Ft(M)g Fu(of)g(Chapter)h(3.)283 4084 y(This)37 b(pro)m(vides)h(us)f
(with)f(an)h(in)m(terpreter)g(for)f Fw(AM)p Fu(.)h(What)f(happ)s(ens)i
(if)d(w)m(e)j(en)m(ter)g(a)e(stuc)m(k)283 4205 y(con\014guration?)2793
b Fh(2)283 4407 y Fw(Exercise)37 b(C.13)49 b Fu(Finally)-8
b(,)30 b(w)m(e)j(implemen)m(t)e(the)i(co)s(de)g(generation)f
(functions:)429 4590 y Ft(\017)48 b Fu(De\014ne)33 b(functions)g
(corresp)s(onding)f(to)h Ft(C)6 b(A)p Fu(,)32 b Ft(C)6
b(B)36 b Fu(and)d Ft(C)6 b(S)i Fu(.)429 4787 y Ft(\017)48
b Fu(De\014ne)33 b(a)g(function)f Fr(am)p 1401 4787 V
37 w(stm)i Fu(corresp)s(onding)e(to)g(the)h(function)f
Ft(S)2982 4802 y Fn(am)3080 4787 y Fu(.)283 4970 y(Apply)f(the)g
(construction)f(to)g(a)h(couple)f(of)g(examples)g(to)g(v)m(erify)h
(that)f(ev)m(erything)i(w)m(orks)g(as)283 5091 y(exp)s(ected.)2999
b Fh(2)283 5293 y Fw(Exercise)37 b(C.14)49 b Fu(Mo)s(dify)31
b(the)i(implemen)m(tation)c(to)j(use)h(the)g(abstract)f(mac)m(hine)g
Fw(AM)3606 5308 y Fn(2)3677 5293 y Fu(of)283 5413 y(Exercises)j(3.8)d
(and)h(3.17)f(rather)g(than)h Fw(AM)p Fu(.)1684 b Fh(2)p
eop
%%Page: 229 239
229 238 bop 0 1181 a Fv(App)6 b(endix)77 b(D)0 1598 y(Denotational)h
(Seman)-6 b(tics)77 b(in)0 1847 y(Miranda)0 2301 y Fu(In)40
b(this)e(app)s(endix)i(w)m(e)g(implemen)m(t)d(the)j(denotational)d
(seman)m(tics)j(of)e(Chapter)i(4)f(in)g Fw(Mi-)0 2422
y(randa)50 b Fu(and)f(sho)m(w)h(ho)m(w)f(similar)c(tec)m(hniques)51
b(can)e(b)s(e)g(used)h(to)e(implemen)m(t)f(the)i(static)0
2542 y(program)31 b(analysis)h(of)g(Chapter)i(5.)146
2664 y(W)-8 b(e)30 b(shall)d(need)k(the)e(de\014nitions)g(from)e(App)s
(endix)j(B)f(so)g(w)m(e)h(b)s(egin)f(b)m(y)h(including)d(these:)0
2881 y Fr(>)52 b(\045include)p 103 2902 411 4 v 53 w("appB")0
3224 y Fj(D.1)161 b(Direct)53 b(st)l(yle)g(seman)l(tics)0
3447 y Fu(In)28 b(the)h(implemen)m(tation)c(w)m(e)k(shall)d(rely)i(on)g
(some)g(of)f(the)i(built-in)c(functions)j(of)g Fw(Miranda)p
Fu(.)0 3567 y(In)44 b(particular,)h Fr(id)g Fu(is)e(the)i(iden)m(tit)m
(y)e(function)h(and)g(`.')77 b(is)44 b(function)f(comp)s(osition.)75
b(The)0 3687 y(auxiliary)30 b(function)j Fr(cond)g Fu(is)f(de\014ned)i
(b)m(y)0 3901 y Fr(>)52 b(cond)g(\(p,)g(g1,)g(g2\))g(s)g(=)f(g1)h(s,)g
(if)p 1487 3914 103 4 v 52 w(p)f(s)0 4069 y(>)1026 b(=)51
b(g2)h(s,)g(if)p 1487 4082 V 52 w(~p)f(s)0 4281 y Fu(The)33
b(theoretical)d(foundation)h(of)g Fw(Miranda)h Fu(is)f(closely)g
(related)h(to)f(the)h(theory)g(dev)m(elop)s(ed)0 4402
y(in)45 b(Chapter)j(4)d(\(although)h(it)f(is)h(outside)g(the)g(scop)s
(e)h(of)f(this)g(b)s(o)s(ok)g(to)g(go)g(further)g(in)m(to)0
4522 y(this\).)71 b(One)42 b(of)f(the)h(consequences)k(of)41
b(this)h(is)f(that)g(the)i(\014xed)g(p)s(oin)m(t)e(op)s(eration)f(can)i
(b)s(e)0 4642 y(implemen)m(ted)31 b(in)h(a)g(v)m(ery)i(simple)d(w)m(a)m
(y:)0 4856 y Fr(>)52 b(fix)g(ff)f(=)h(ff)g(\(fix)g(ff\))0
5068 y Fu(The)34 b(function)e Ft(S)650 5083 y Fn(ds)754
5068 y Fu(can)h(no)m(w)g(b)s(e)g(implemen)m(ted)e(b)m(y)j(the)f
(function)0 5282 y Fr(>)52 b(s)p 160 5282 31 4 v 37 w(ds)g(::)f(stm)h
(->)g(state)h(->)f(state)0 5494 y Fu(A)33 b(straigh)m(tforw)m(ard)f
(rewriting)f(of)h(T)-8 b(able)32 b(4.1)h(giv)m(es:)1663
5849 y(229)p eop
%%Page: 230 240
230 239 bop 251 130 a Fw(230)1363 b(D)112 b(Denotational)36
b(Seman)m(tics)h(in)g(Miranda)p 251 193 3473 4 v 283
515 a Fr(>)52 b(s)p 443 515 31 4 v 37 w(ds)g(\(Ass)g(x)g(a\))g(s)f(=)h
(update)h(s)e(\(a)p 1915 515 V 38 w(val)h(a)f(s\))h(x)283
683 y(>)1026 b(where)p 1360 696 257 4 v 283 851 a(>)g(update)53
b(s)e(v)h(x)g(y)f(=)h(v,)f(if)p 2385 864 103 4 v 52 w(x)h(=)f(y)283
1018 y(>)1795 b(=)52 b(s)f(y,)h(otherwise)p 2488 1031
462 4 v 283 1233 a(>)g(s)p 443 1233 31 4 v 37 w(ds)g(Skip)g(=)g(id)283
1448 y(>)g(s)p 443 1448 V 37 w(ds)g(\(Comp)h(ss1)f(ss2\))g(=)f(\(s)p
1607 1448 V 38 w(ds)h(ss2\))g(.)g(\(s)p 2260 1448 V 37
w(ds)g(ss1\))283 1663 y(>)g(s)p 443 1663 V 37 w(ds)g(\(If)g(b)g(ss1)g
(ss2\))g(=)f(cond)i(\(b)p 1864 1663 V 37 w(val)f(b,)g(s)p
2311 1663 V 37 w(ds)g(ss1,)g(s)p 2809 1663 V 38 w(ds)f(ss2\))283
1878 y(>)h(s)p 443 1878 V 37 w(ds)g(\(While)h(b)e(ss\))h(=)g(fix)g(ff)
283 2045 y(>)1077 b(where)p 1411 2058 257 4 v 283 2213
a(>)g(ff)52 b(g)g(=)f(cond)i(\(b)p 2135 2213 31 4 v 37
w(val)f(b,)g(g)f(.)h(s)p 2787 2213 V 37 w(ds)g(ss,)g(id\))283
2400 y Fw(Example)37 b(D.1)49 b Fu(Returning)34 b(to)h(the)g(factorial)
e(statemen)m(t)i(w)m(e)h(can)g(apply)e(its)h(denotation)283
2521 y(to)e(the)g(initial)c(state)k Fr(s)p 1149 2521
V 37 w(init)g Fu(as)g(follo)m(ws:)283 2688 y Fr(>)52
b(s)p 443 2688 V 37 w(final)h(=)e(s)p 941 2688 V 37 w(ds)h(factorial)i
(s)p 1696 2688 V 37 w(init)1750 b Fh(2)283 2876 y Fw(Exercise)37
b(D.2)49 b Fu(W)-8 b(e)41 b(ma)m(y)g(b)s(e)g(in)m(terested)h(in)f(the)g
(v)-5 b(arious)40 b(iterands)h(of)g(the)g(\014xed)i(p)s(oin)m(t.)283
2996 y(Rewrite)24 b(the)g(seman)m(tic)f(equations)h(ab)s(o)m(v)m(e)g
(so)g(that)f(eac)m(h)h(\014xed)h(p)s(oin)m(t)d(is)h(unfolded)h(at)f
(most)g(n)283 3117 y(times)28 b(where)h(n)f(is)g(an)g(additional)d
(parameter)j(to)f(the)i(functions.)42 b(Giv)m(e)28 b(examples)g(sho)m
(wing)283 3237 y(that)j(if)f(the)i(v)-5 b(alue)30 b(of)h(n)g(is)g
(su\016cien)m(tly)h(large)d(then)j(w)m(e)g(get)f(the)h(same)f(result)g
(as)g(ab)s(o)m(v)m(e.)76 b Fh(2)283 3425 y Fw(Exercise)37
b(D.3)49 b Fu(Extend)34 b(the)f(de\014nition)e(ab)s(o)m(v)m(e)j(to)e
(handle)g(the)h Fr(repeat)p Fu(-construct.)152 b Fh(2)283
3752 y Fj(D.2)161 b(Extensions)53 b(of)g(While)283 3971
y Fu(It)34 b(is)e(fairly)f(straigh)m(tforw)m(ard)i(to)g(extend)h(the)g
(implemen)m(tation)c(to)j(handle)f(the)i(pro)s(cedure)283
4091 y(language)e(and)h(the)g(exception)g(language)e(of)h(Section)h
(4.5.)283 4279 y Fw(Exercise)k(D.4)49 b Fu(Mo)s(dify)33
b(the)h(ab)s(o)m(v)m(e)g(implemen)m(tation)d(to)i(use)i(en)m(vironmen)m
(ts)f(and)g(stores)283 4399 y(and)c(extend)g(it)f(to)f(implemen)m(t)g
(the)h(seman)m(tics)h(of)e(the)i(language)e Fw(Pro)s(c)g
Fu(of)h(Section)g(4.5.)74 b Fh(2)283 4587 y Fw(Exercise)37
b(D.5)49 b Fu(Mo)s(dify)27 b(the)i(ab)s(o)m(v)m(e)g(implemen)m(tation)d
(to)i(use)h(con)m(tin)m(uations)f(and)g(extend)283 4707
y(it)k(to)g(handle)h(the)g(language)e Fw(Exc)h Fu(of)g(Section)h(4.5.)
1472 b Fh(2)283 5035 y Fj(D.3)161 b(Static)54 b(program)f(analysis)283
5254 y Fu(Rather)30 b(than)g(presen)m(ting)g(a)f(fully)f(w)m(ork)m(ed)k
(out)d Fw(Miranda)h Fu(script)g(p)s(erforming)d(the)j(dep)s(en-)283
5374 y(dency)44 b(analysis)d(w)m(e)i(shall)d(pro)m(vide)i(a)g(rather)g
(detailed)e(list)h(of)g(instructions)g(for)h(ho)m(w)g(to)283
5494 y(dev)m(elop)34 b(suc)m(h)g(an)e(implemen)m(tation.)p
eop
%%Page: 231 241
231 240 bop 0 130 a Fw(D.3)112 b(Static)36 b(program)i(analysis)1864
b(231)p 0 193 3473 4 v 0 515 a(Exercise)36 b(D.6)49 b
Fu(The)43 b(\014rst)f(step)h(will)c(b)s(e)j(to)f(implemen)m(t)f(the)i
(complete)f(lattices)g Fw(P)g Fu(and)0 636 y Fw(PState)32
b Fu(and)h(the)g(op)s(erations)f(on)g(them:)145 839 y
Ft(\017)49 b Fu(De\014ne)31 b(an)f(algebraic)f(data)h(t)m(yp)s(e)i
Fr(property)h Fu(represen)m(ting)e(the)g(set)g Fw(P)f
Fu(of)g(prop)s(erties)244 960 y(and)j(de\014ne)g(a)g(function)f
Fr(p)p 1236 960 31 4 v 37 w(lub)h Fu(corresp)s(onding)g(to)f
Ft(t)2265 975 y Fn(P)2317 960 y Fu(.)145 1163 y Ft(\017)49
b Fu(De\014ne)g(a)f(t)m(yp)s(e)h(synon)m(ym)h Fr(pstate)g
Fu(represen)m(ting)f(the)g(prop)s(ert)m(y)g(states.)92
b(De\014ne)244 1283 y(the)42 b(sp)s(ecial)f(prop)s(ert)m(y)i(states)f
Fb(init)g Fu(and)g Fb(lost)p Fu(.)72 b(De\014ne)42 b(a)g(function)f
Fr(pstate)p 3286 1283 V 39 w(lub)244 1404 y Fu(corresp)s(onding)32
b(to)h Ft(t)1056 1419 y Fn(PS)1147 1404 y Fu(.)2224 b
Fh(2)0 1632 y Fw(Exercise)36 b(D.7)49 b Fu(W)-8 b(e)33
b(can)f(then)h(turn)f(to)g(the)g(seman)m(tic)g(equations)g(de\014ning)g
(the)h(analysis:)145 1835 y Ft(\017)49 b Fu(De\014ne)33
b(the)g(functions)458 2039 y Fr(p)p 515 2039 V 38 w(aexp)52
b(::)g(aexp)g(->)g(pstate)h(->)f(property)244 2242 y
Fu(corresp)s(onding)32 b(to)h Ft(P)8 b(A)32 b Fu(and)458
2446 y Fr(p)p 515 2446 V 38 w(bexp)52 b(::)g(bexp)g(->)g(pstate)h(->)f
(property)244 2649 y Fu(corresp)s(onding)32 b(to)h Ft(P)8
b(B)t Fu(.)145 2852 y Ft(\017)49 b Fu(De\014ne)33 b(the)g(auxiliary)d
(function)j Fr(cond)p 1713 2852 V 37 w(P)g Fu(corresp)s(onding)g(to)f
(cond)2774 2867 y Fn(P)2827 2852 y Fu(.)145 3056 y Ft(\017)49
b Fu(De\014ne)33 b(the)g(function)458 3259 y Fr(p)p 515
3259 V 38 w(stm)52 b(::)g(stm)g(->)f(pstate)i(->)f(pstate)244
3463 y Fu(corresp)s(onding)36 b(to)g Ft(P)8 b(S)45 b
Fu(of)36 b(T)-8 b(able)36 b(5.2.)54 b(\(Y)-8 b(ou)37
b(ma)m(y)f(use)h(the)g(results)g(of)f(Section)g(5.4)244
3583 y(for)c(this.\))2782 b Fh(2)0 3811 y Fw(Exercise)36
b(D.8)49 b Fu(Implemen)m(t)35 b(the)h(algorithm)c(of)j(Section)h(5.2)f
(and)h(apply)f(the)h(implemen-)0 3932 y(tation)31 b(to)h(a)h(couple)f
(of)g(examples)h(to)f(v)m(erify)h(that)f(ev)m(erything)i(w)m(orks)g(as)
f(exp)s(ected.)198 b Fh(2)p eop
%%Page: 232 242
232 241 bop 251 130 a Fw(232)1363 b(D)112 b(Denotational)36
b(Seman)m(tics)h(in)g(Miranda)p 251 193 3473 4 v eop
%%Page: 233 243
233 242 bop 0 1180 a Fv(Bibliograph)-6 b(y)49 1632 y
Fu([1])49 b(S.)40 b(Abramsky)-8 b(,)42 b(C.)f(Hankin:)58
b Fs(A)n(bstr)-5 b(act)41 b(Interpr)-5 b(etation)41 b(of)h(De)-5
b(clar)g(ative)40 b(L)-5 b(anguages)p Fu(,)201 1752 y(Ellis)30
b(Horw)m(o)s(o)s(d)i(\(1987\).)49 1950 y([2])49 b(A.)39
b(V.)g(Aho,)i(J.)f(E.)f(Hop)s(croft,)i(J.)e(D.)g(Ullman:)54
b Fs(Data)41 b(Structur)-5 b(es)42 b(and)e(A)n(lgorithms)p
Fu(,)201 2071 y(Addison{W)-8 b(esley)33 b(\(1982\).)49
2269 y([3])49 b(A.)39 b(V.)g(Aho,)i(R.)e(Sethi,)i(J.)f(D.)e(Ullman:)55
b Fs(Compilers:)g(Principles,)42 b(T)-7 b(e)i(chniques)39
b(and)201 2389 y(T)-7 b(o)i(ols)p Fu(,)31 b(Addison{W)-8
b(esley)33 b(\(1986\).)49 2587 y([4])49 b(K.)33 b(R.)g(Apt:)45
b Fs(T)-7 b(en)35 b(Y)-7 b(e)i(ars)35 b(of)g(Ho)-5 b(ar)g(e's)36
b(L)-5 b(o)g(gic:)45 b(A)36 b(Survey)g(|)f(Part)h(1)p
Fu(,)e(A)m(CM)g(T)-8 b(oplas)33 b Fw(3)201 2707 y Fu(4)f(\(1981\).)49
2905 y([5])49 b(J.)25 b(W.)h(de)h(Bakk)m(er:)41 b Fs(Mathematic)-5
b(al)28 b(The)-5 b(ory)28 b(of)h(Pr)-5 b(o)g(gr)g(am)28
b(Corr)-5 b(e)g(ctness)p Fu(,)26 b(Pren)m(tice-Hall)201
3026 y(\(1980\).)49 3224 y([6])49 b(D.)36 b(Cl)m(\023)-46
b(emen)m(t,)38 b(J.)g(Desp)s(eyroux,)h(T.)f(Desp)s(eyroux,)i(G.)d
(Kahn:)52 b(A)37 b(simple)f(applicativ)m(e)201 3344 y(language:)57
b(Mini-ML,)39 b Fs(Pr)-5 b(o)g(c)g(e)g(e)g(dings)41 b(of)h(the)g(1986)f
(A)n(CM)h(Confer)-5 b(enc)g(e)41 b(on)g(Lisp)h(and)201
3464 y(F)-7 b(unctional)33 b(Pr)-5 b(o)g(gr)g(amming)31
b Fu(\(1986\).)49 3662 y([7])49 b(J.)i(Desp)s(eyroux:)83
b(Pro)s(of)51 b(of)h(translation)d(in)i(natural)g(seman)m(tics,)57
b Fs(Pr)-5 b(o)g(c)g(e)g(e)g(dings)51 b(of)201 3783 y(Symp)-5
b(osium)37 b(on)g(L)-5 b(o)g(gic)37 b(in)h(Computer)f(Scienc)-5
b(e)p Fu(,)36 b(Cam)m(bridge,)g(Massac)m(h)m(usetts,)k(USA)201
3903 y(\(1986\).)49 4101 y([8])49 b(M.)33 b(J.)g(C.)g(Gordon:)43
b Fs(The)35 b(Denotational)f(Description)g(of)h(Pr)-5
b(o)g(gr)g(amming)33 b(L)-5 b(anguages,)201 4221 y(A)n(n)34
b(Intr)-5 b(o)g(duction)p Fu(,)32 b(Springer-V)-8 b(erlag)31
b(\(1979\).)49 4419 y([9])49 b(M.)c(Hennessy:)71 b Fs(The)46
b(Semantics)f(of)h(Pr)-5 b(o)g(gr)g(amming)45 b(L)-5
b(anguages:)67 b(A)n(n)46 b(Elementary)201 4540 y(Intr)-5
b(o)g(duction)34 b(using)g(Structur)-5 b(al)36 b(Op)-5
b(er)g(ational)34 b(Semantics)p Fu(,)d(Wiley)h(\(1991\).)0
4738 y([10])49 b(C.)g(B.)g(Jones:)77 b Fs(Softwar)-5
b(e)50 b(Development:)73 b(A)50 b(R)n(igor)-5 b(ous)49
b(Appr)-5 b(o)g(ach)p Fu(,)53 b(Pren)m(tice-Hall)201
4858 y(\(1980\).)0 5056 y([11])c(J.)54 b(Lo)s(ec)m(kx,)62
b(K.)54 b(Sieb)s(er:)88 b Fs(The)54 b(F)-7 b(oundations)54
b(of)h(Pr)-5 b(o)g(gr)g(am)54 b(V)-7 b(eri\014c)i(ation)p
Fu(,)59 b(Wiley{)201 5176 y(T)-8 b(eubner)34 b(Series)f(in)e(Computer)i
(Science)g(\(1984\).)0 5374 y([12])49 b(H.)34 b(R.)h(Nielson:)47
b(A)35 b(Hoare-lik)m(e)f(pro)s(of)f(system)j(for)e(run-time)g(analysis)
g(of)g(programs,)201 5494 y Fs(Scienc)-5 b(e)33 b(of)i(Computer)f(Pr)-5
b(o)g(gr)g(amming)p Fu(,)32 b(v)m(ol)g(9)g(\(1987\).)1663
5849 y(233)p eop
%%Page: 234 244
234 243 bop 251 130 a Fw(234)2676 b(Bibliograph)m(y)p
251 193 3473 4 v 283 515 a Fu([13])49 b(F.)29 b(Nielson,)g(H.)g(R.)h
(Nielson:)40 b(Tw)m(o-lev)m(el)30 b(seman)m(tics)f(and)h(co)s(de)f
(generation,)g Fs(The)-5 b(or)g(et-)484 636 y(ic)g(al)34
b(Computer)h(Scienc)-5 b(e)p Fu(,)31 b(v)m(ol)h(56)h(\(1988\).)283
839 y([14])49 b(G.)22 b(D.)f(Plotkin:)38 b Fs(A)25 b(Structur)-5
b(al)27 b(appr)-5 b(o)g(ach)24 b(to)h(Op)-5 b(er)g(ational)25
b(Semantics)p Fu(,)e(Lecture)g(notes,)484 960 y(D)m(AIMI)33
b(FN-19,)f(Aarh)m(us)h(Univ)m(ersit)m(y)-8 b(,)33 b(Denmark)f(\(1981,)g
(reprin)m(ted)h(1991\).)283 1163 y([15])49 b(G.)34 b(D.)f(Plotkin:)45
b(An)35 b(op)s(erational)c(seman)m(tics)k(for)e(CSP)-8
b(,)35 b(in:)46 b Fs(F)-7 b(ormal)34 b(Description)h(of)484
1283 y(Pr)-5 b(o)g(gr)g(amming)28 b(Conc)-5 b(epts)29
b(II)p Fu(,)d(Pro)s(ceedings)i(of)e(TC-2)h(W)-8 b(ork.)28
b(Conf.)f(\(ed.)g(D.)g(Bj\034rner\),)484 1404 y(North{Holland)k
(\(1982\).)283 1607 y([16])49 b(D.)32 b(A.)h(Sc)m(hmidt:)44
b Fs(Denotational)33 b(Semantics:)44 b(a)35 b(Metho)-5
b(dolo)g(gy)35 b(for)g(L)-5 b(anguage)34 b(Devel-)484
1727 y(opment)p Fu(,)e(Allyn)f(&)i(Bacon,)g(Inc.)g(\(1986\).)283
1931 y([17])49 b(J.)42 b(E.)h(Sto)m(y:)63 b Fs(Denotational)42
b(Semantics:)62 b(The)43 b(Sc)-5 b(ott{Str)g(achey)43
b(Appr)-5 b(o)g(ach)43 b(to)h(Pr)-5 b(o-)484 2051 y(gr)g(amming)34
b(L)-5 b(anguage)34 b(The)-5 b(ory)p Fu(,)32 b(MIT)i(Press)g(\(1977\).)
p eop
%%Page: 235 245
235 244 bop 0 974 a Fv(Index)77 b(of)h(Sym)-6 b(b)6 b(ols)0
1446 y Fu(\()p Fw(P)p Fu(,)32 b Ft(v)251 1461 y Fn(P)304
1446 y Fu(\),)g(136)0 1567 y(\()p Fw(PState)p Fu(,)g
Ft(v)506 1582 y Fn(PS)598 1567 y Fu(\),)h(140)0 1687
y(\()p Fw(PState)f Ft(!)g Fw(PState)p Fu(,)g Ft(v)p Fu(\),)i(148)0
1807 y(\()p Fw(State)f Fo(,)-17 b Ft(!)32 b Fw(State)p
Fu(,)h Ft(v)p Fu(\),)g(93)0 1928 y(\()p Fs(D)9 b Fu(,)33
b Ft(v)258 1943 y Fc(D)322 1928 y Fu(\),)g(95)0 2124
y Ft(\001)17 b(\001)g(\001)n Fu([)p Ft(\001)g(\001)g(\001)o(7\000)-17
b(!\001)17 b(\001)g(\001)n Fu(],)33 b(51)0 2244 y Ft(\001)17
b(\001)g(\001)n Fu([)p Ft(\001)g(\001)g(\001)o(7!\001)g(\001)g(\001)m
Fu(],)33 b(16,)f(17,)g(177,)g(214)0 2365 y Ft(\001)17
b(\001)g(\001)n(\021)33 b(\001)17 b(\001)g(\001)n Fu(rel)p
342 2378 109 4 v 32 w Ft(\001)g(\001)g(\001)o Fu(,)32
b(137,)g(138)0 2485 y Ft(\001)17 b(\001)g(\001)n(`)33
b(\001)17 b(\001)g(\001)n(!)32 b(\001)17 b(\001)g(\001)n
Fu(,)33 b(54,)f(58)0 2605 y Ft(\016)p Fu(,)g(214)0 2726
y Ft(\005)p Fu(,)f(215)0 2846 y Fo(,)-17 b Ft(!)p Fu(,)33
b(213)0 2966 y Ft(!)p Fu(,)f(213)0 3087 y Fh(\003)p Fu(,)h(64)0
3207 y Ft(\))p Fu(,)f(32)0 3328 y Ft(!)p Fu(,)g(20)0
3448 y Ft(!)100 3412 y Fc(t)129 3448 y Fu(,)h(202)0 3568
y Ft(!)100 3583 y Fc(D)164 3568 y Fu(,)f(51,)g(58)0 3689
y Ft(!)100 3704 y Fn(Aexp)264 3689 y Fu(,)h(31)0 3809
y Ft(!)100 3824 y Fn(Bexp)262 3809 y Fu(,)f(32)0 3930
y Ft(t)p Fu(,)h(136)0 3983 y Fg(F)69 4050 y Fu(,)g(97,)f(99,)g(136,)g
(140,)g(148)0 4170 y Ft(?)p Fu(,)h(95)0 4291 y Ft(v)p
Fu(,)g(95,)f(136,)g(140,)g(148)0 4411 y Ft(w)p Fu(,)h(95)0
4531 y Ft(`)p Fu(,)f(180,)g(192,)g(203)0 4652 y Ft(j)-17
b Fu(=,)33 b(184,)e(191,)h(203)0 4772 y Ft(:)p Fu(,)h(177)0
4893 y Ft(_)p Fu(,)g(177)0 5013 y Ft(^)p Fu(,)g(177)0
5133 y Ft(\))p Fu(,)f(177)0 5254 y Ft(f)g Fs(P)43 b Ft(g)33
b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)p Fu(,)32 b(176)0
5374 y Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h
Fs(Q)41 b Ft(g)p Fu(,)33 b(191)0 5494 y Ft(f)f Fs(P)43
b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42
b Ft(g)p Fu(,)33 b(202)1882 1446 y Fs(f)1932 1410 y Fn(n)1976
1446 y Fu(,)f(104)1882 1567 y Fs(R)1957 1531 y Fi(\003)1996
1567 y Fu(,)h(215)1882 1688 y Fs(R)1957 1652 y Fn(+)2016
1688 y Fu(,)f(215)1882 1899 y Ft(A)o Fu(,)h(12)1882 2020
y Ft(B)s Fu(,)g(14)1882 2141 y Ft(C)6 b(A)o Fu(,)33 b(70)1882
2262 y Ft(C)6 b(B)s Fu(,)33 b(70)1882 2383 y Ft(C)6 b(S)i
Fu(,)32 b(71)1882 2504 y Ft(D)1961 2467 y Fn(P)1961 2528
y(ds)2032 2504 y Fu(,)h(121)1882 2624 y Ft(D)1961 2588
y Fn(V)1961 2649 y(ds)2032 2624 y Fu(,)g(120)1882 2745
y Ft(M)o Fu(,)g(68)1882 2866 y Ft(N)14 b Fu(,)33 b(9)1882
2987 y Ft(O)s Fu(\()p Fs(g)9 b Fu(\),)32 b(214)1882 3108
y Ft(P)8 b Fu(,)33 b(213)1882 3229 y Ft(P)8 b(A)p Fu(,)32
b(142)1882 3349 y Ft(P)8 b(A)2039 3364 y Fc(X)2106 3349
y Fu(,)33 b(161)1882 3470 y Ft(P)8 b(B)s Fu(,)33 b(142)1882
3591 y Ft(P)8 b(B)2027 3606 y Fc(X)2095 3591 y Fu(,)32
b(161)1882 3712 y Ft(P)8 b(S)g Fu(,)32 b(144)1882 3833
y Ft(P)8 b(S)2027 3848 y Fc(X)2094 3833 y Fu(,)33 b(161)1882
3954 y Ft(S)1949 3969 y Fn(am)2048 3954 y Fu(,)f(72)1882
4075 y Ft(S)1949 4090 y Fn(cs)2013 4075 y Fu(,)g(130)1882
4195 y Ft(S)1949 4159 y Fi(0)1949 4220 y Fn(cs)2013 4195
y Fu(,)g(128)1882 4316 y Ft(S)1949 4331 y Fn(ds)2021
4316 y Fu(,)g(85,)g(122)1882 4437 y Ft(S)1949 4401 y
Fi(0)1949 4462 y Fn(ds)2021 4437 y Fu(,)g(119)1882 4558
y Ft(S)1949 4573 y Fn(ns)2021 4558 y Fu(,)g(31)1882 4679
y Ft(S)1949 4694 y Fn(sos)2044 4679 y Fu(,)h(39)1882
4800 y Ft(T)25 b(A)p Fu(,)32 b(201)1882 4920 y Ft(T)25
b(B)t Fu(,)32 b(201)1882 5132 y Fw(AM)p Fu(,)g(63)1882
5253 y Fw(Aexp)p Fu(,)g(7)1882 5374 y Fw(Aexp)2139 5389
y Fc(X)2206 5374 y Fu(,)h(161)1882 5494 y Fw(Bexp)p Fu(,)f(7)1663
5849 y(235)p eop
%%Page: 236 246
236 245 bop 251 130 a Fw(236)2454 b(Index)38 b(of)g(Sym)m(b)s(ols)p
251 193 3473 4 v 283 515 a(Bexp)535 530 y Fc(X)603 515
y Fu(,)33 b(161)283 636 y Fw(Blo)s(c)m(k)p Fu(,)f(51)283
756 y Fw(Co)s(de)p Fu(,)i(64)283 877 y Fw(Con)m(t)p Fu(,)f(127)283
997 y Fw(Dec)470 1012 y Fn(P)522 997 y Fu(,)g(53,)f(117)283
1117 y Fw(Dec)470 1132 y Fn(V)528 1117 y Fu(,)h(51,)f(117)283
1238 y Fw(En)m(v)475 1253 y Fn(E)527 1238 y Fu(,)h(130)283
1358 y Fw(En)m(v)475 1373 y Fn(P)527 1358 y Fu(,)g(54,)f(56,)g(58,)h
(121)283 1478 y Fw(En)m(v)475 1493 y Fn(V)533 1478 y
Fu(,)g(57,)f(118)283 1599 y Fw(Exc)p Fu(,)h(126)283 1719
y Fw(Exception)p Fu(,)f(126)283 1840 y Fw(\013)p Fu(,)h(213)283
1960 y Fw(Lo)s(c)p Fu(,)g(57,)g(118)283 2080 y Fw(N)p
Fu(,)g(213)283 2201 y Fw(Num)p Fu(,)f(7)283 2321 y Fw(P)p
Fu(,)h(136)283 2441 y Fw(PState)p Fu(,)g(137)283 2562
y Fw(Pname)p Fu(,)g(53,)f(117)283 2682 y Fw(Pro)s(c)p
Fu(,)g(52,)h(117)283 2803 y Fw(Stac)m(k)p Fu(,)g(64)283
2923 y Fw(State)p Fu(,)g(12)283 3043 y Fw(State)538 3058
y Fc(X)606 3043 y Fu(,)g(161)283 3164 y Fw(Stm)p Fu(,)f(7)283
3284 y Fw(Stm)483 3299 y Fc(X)550 3284 y Fu(,)h(161)283
3405 y Fw(Store)p Fu(,)g(57,)f(118)283 3525 y Fw(T)p
Fu(,)h(213)283 3645 y Fw(tt)p Fu(,)f(213)283 3766 y Fw(V)-9
b(ar)p Fu(,)33 b(7)283 3886 y Fw(While)p Fu(,)f(6)283
4006 y Fw(Z)p Fu(,)i(213)283 4210 y Fs(a)7 b Fu(,)33
b(7)283 4330 y Fs(b)6 b Fu(,)33 b(7)283 4451 y Fs(c)6
b Fu(,)33 b(64,)f(127)283 4571 y Fs(D)366 4586 y Fc(P)425
4571 y Fu(,)h(53,)f(117)283 4691 y Fs(D)366 4706 y Fc(V)427
4691 y Fu(,)h(51,)f(117)283 4812 y Fs(e)7 b Fu(,)33 b(64,)g(126)283
4932 y Fs(env)439 4947 y Fc(E)498 4932 y Fu(,)g(130)283
5053 y Fs(env)439 5068 y Fc(P)497 5053 y Fu(,)g(54,)f(121)2165
515 y Fs(env)2321 530 y Fc(V)2381 515 y Fu(,)h(57,)f(118)2165
636 y Fs(n)7 b Fu(,)33 b(7)2165 756 y Fs(P)10 b Fu(,)33
b(176)2165 877 y Fs(p)6 b Fu(,)33 b(53,)f(117,)g(136)2165
997 y Fs(ps)8 b Fu(,)32 b(137)2165 1117 y Fs(S)12 b Fu(,)32
b(7)2165 1238 y Fs(s)8 b Fu(,)33 b(12)2165 1358 y Fs(sto)6
b Fu(,)33 b(57,)f(118)2165 1478 y Fs(Q)9 b Fu(,)33 b(176)2165
1599 y Fs(x)12 b Fu(,)32 b(7)2165 1802 y Fb(d)p Fu(?,)h(135,)f(136)2165
1923 y Fb(init)p Fu(,)h(141)2165 2043 y Fb(init)2345
2058 y Fc(X)2413 2043 y Fu(,)f(163)2165 2163 y Fb(lost)p
Fu(,)h(141)2165 2284 y Fb(ok)p Fu(,)g(135)2165 2487 y(cond,)g(87,)f
(119)2165 2608 y(cond)2365 2623 y Fn(P)2418 2608 y Fu(,)g(145)2165
2728 y(D)m(V,)h(51)2165 2848 y(extend)2448 2863 y Fc(X)2517
2848 y Fu(,)f(161)2165 2969 y(FIX,)h(88,)f(97,)g(104,)g(146)2165
3089 y(FV,)g(15,)h(16,)f(160)2165 3209 y(graph,)g(214)2165
3330 y(I,)h(215)2165 3450 y(I)2200 3465 y Fc(p)2240 3450
y Fu(,)f(215)2165 3571 y(I)2200 3586 y Fc(X)2268 3571
y Fu(,)g(215)2165 3691 y(id,)g(214)2165 3811 y(lo)s(okup,)g(118)2165
3932 y(new,)i(57,)e(118)2165 4052 y(next,)i(57,)e(118)2165
4172 y(OK,)g(137)2165 4293 y(on-trac)m(k,)h(137)2165
4413 y(up)s(d)2330 4428 y Fn(P)2382 4413 y Fu(,)g(54,)f(56,)g(58)2165
4534 y(wlp,)g(186)2165 4737 y(rel)p 2165 4750 109 4 v
-1 w(,)h(136{138)2165 4857 y(undef)p 2165 4870 236 4
v 1 w(,)f(214)p eop
%%Page: 237 247
237 246 bop 0 974 a Fv(Index)0 1406 y Fr(abort)p Fu(-construct,)35
b(44)0 1529 y(abstract)e(mac)m(hine,)f(63)0 1653 y(abstract)h(syn)m
(tax,)h(7)0 1776 y(additiv)m(e)e(function,)g(163)0 1900
y(admissible)f(predicate,)h(173)0 2023 y(an)m(ti-symmetric)f(relation,)
f(95)0 2146 y(arithmetic)g(expression,)k(7)166 2270 y(analysis,)e(142)
166 2393 y(execution)h(time,)f(201)166 2517 y(seman)m(tics,)h(12)166
2640 y(translation,)e(70)0 2763 y Fr(assert)p Fu(-construct,)k(46)0
2887 y(assertion,)e(175)0 3010 y(axiom,)e(20)0 3133 y(axiomatic)f
(seman)m(tics,)j(178)0 3390 y(basis)g(elemen)m(t,)f(7)0
3513 y Fr(begin)p Fu(-construct,)j(51,)d(117,)g(126)0
3637 y(bisim)m(ulation)d(relation,)i(81)0 3760 y(b)s(o)s(olean)g
(expression,)j(7)166 3884 y(analysis,)e(142)166 4007
y(execution)h(time,)f(201)166 4130 y(seman)m(tics,)h(14)166
4254 y(translation,)e(70)0 4510 y Fr(call)p Fu(-construct,)j(53,)f
(117,)e(197)0 4634 y(call-b)m(y-v)-5 b(alue)30 b(parameter,)i(60,)h
(126)0 4757 y(ccp)s(o,)g(99)0 4881 y(c)m(hain,)g(97)0
5004 y(c)m(hain)40 b(complete)f(partially)e(ordered)k(set,)332
5124 y(99)0 5248 y(co)s(de)33 b(generation,)f(69)0 5371
y(complete)g(lattice,)f(99)0 5494 y(completeness,)i(183)2048
1406 y(of)21 b(partial)e(correctness)24 b(inference)e(sys-)2214
1526 y(tem,)32 b(187)2048 1648 y(of)i(total)g(correctness)k(inference)d
(sys-)2214 1768 y(tem,)d(196)1882 1890 y(comp)s(osite)f(elemen)m(t,)h
(7)1882 2011 y(comp)s(ositional)d(de\014nition,)i(11)1882
2133 y(computation)g(sequence,)k(66)1882 2254 y(concrete)e(syn)m(tax,)i
(7)1882 2376 y(con\014guration,)c(216)2048 2497 y(\014nal,)g(216)2048
2619 y(stuc)m(k,)j(216)2048 2740 y(terminal,)c(216)1882
2862 y(constan)m(t)j(propagation,)e(133)1882 2983 y(con)m(tin)m
(uation,)g(127)1882 3105 y(con)m(tin)m(uation)g(st)m(yle)i(seman)m
(tics,)g(127)1882 3226 y(con)m(tin)m(uous)g(function,)f(103)1882
3348 y(correct)h(implemen)m(tation,)c(73)1882 3571 y(declared)j(v)-5
b(ariable,)31 b(51)1882 3692 y(denotational)f(seman)m(tics,)j(85)2048
3814 y(con)m(tin)m(uation)e(st)m(yle,)i(127)2048 3935
y(direct)f(st)m(yle,)h(85)1882 4057 y(dep)s(endency)i(analysis,)d(134)
1882 4178 y(deriv)-5 b(ation)30 b(sequence,)36 b(33)1882
4300 y(deriv)-5 b(ation)30 b(tree,)k(22)1882 4421 y(detection)e(of)g
(signs)h(analysis,)f(133)1882 4543 y(deterministic)e(seman)m(tics,)j
(28,)f(38,)h(68)1882 4664 y(direct)f(st)m(yle)h(seman)m(tics,)g(85)1882
4786 y(dubious,)f(135)1882 4907 y(dynamic)f(scop)s(e,)j(53)1882
5130 y(equiv)-5 b(alence)32 b(relation,)f(141)1882 5252
y(ev)-5 b(aluation)30 b(stac)m(k,)k(64)1882 5373 y(exception,)f(126)
1882 5494 y(exception)g(en)m(vironmen)m(t,)g(130)1663
5849 y(237)p eop
%%Page: 238 248
238 247 bop 251 130 a Fw(238)3028 b(Index)p 251 193 3473
4 v 283 515 a Fu(expressiv)m(eness,)37 b(191)283 636
y(extensional)c(approac)m(h,)g(177)283 837 y(\014xed)h(p)s(oin)m(t,)e
(87)450 957 y(least,)g(97,)g(104)450 1078 y(requiremen)m(ts,)h(92,)f
(97)283 1198 y(\014xed)i(p)s(oin)m(t)e(induction,)g(173)283
1319 y(\014xed)i(p)s(oin)m(t)e(theory)-8 b(,)33 b(106)283
1439 y(\015o)m(w)h(of)e(con)m(trol,)g(137)283 1559 y
Fr(for)p Fu(-construct,)26 b(28,)d(36,)h(43,)f(72,)h(111,)f(117,)616
1680 y(151,)31 b(182)283 1800 y(free)i(v)-5 b(ariable,)31
b(15,)i(16,)f(160)283 1920 y(function)h(comp)s(osition,)d(214)283
2041 y(functional)h(dep)s(endency)-8 b(,)35 b(134)283
2242 y(graph)e(of)f(a)g(function,)g(214)283 2443 y Fr(handle)p
Fu(-construct,)j(126)283 2645 y(iden)m(tit)m(y)e(function,)f(214)283
2765 y(iden)m(tit)m(y)h(relation,)e(215)283 2886 y(induction,)h(10)450
3006 y(\014xed)h(p)s(oin)m(t,)f(173)450 3126 y(on)38
b(the)h(length)e(of)h(computation)f(se-)616 3247 y(quences,)e(67)450
3367 y(on)21 b(the)h(length)g(of)f(deriv)-5 b(ation)20
b(sequences,)616 3487 y(37)450 3608 y(on)42 b(the)h(shap)s(e)g(of)f
(deriv)-5 b(ation)41 b(trees,)616 3728 y(28)450 3849
y(on)52 b(the)g(shap)s(e)h(of)f(inference)h(trees,)616
3969 y(183)450 4089 y(structural,)32 b(11)283 4210 y(inference)i
(system,)f(178)450 4330 y(for)f(execution)h(time,)e(200)450
4451 y(for)h(partial)e(correctness,)35 b(178)450 4571
y(for)d(total)f(correctness,)j(191)283 4691 y(inference)g(tree,)f(180)
283 4812 y(injectiv)m(e)g(function,)f(214)283 4932 y(input)h(v)-5
b(ariable,)31 b(134)283 5052 y(instructions,)i(64)283
5173 y(in)m(tensional)e(approac)m(h,)j(177,)e(190)283
5293 y(in)m(v)-5 b(arian)m(t,)32 b(179,)g(192)283 5494
y(Kripk)m(e-relation,)f(141)2165 515 y(least)h(elemen)m(t,)h(95)2165
636 y(least)f(\014xed)i(p)s(oin)m(t,)e(97,)g(104)2165
758 y(least)g(upp)s(er)h(b)s(ound,)g(97)2165 879 y(lo)s(cal)d(v)-5
b(ariable,)31 b(51)2165 1000 y(lo)s(cation,)f(57,)i(118)2165
1121 y(logical)d(v)-5 b(ariable,)31 b(176)2165 1242 y(lo)s(oping)f
(computation)h(sequence,)36 b(66)2165 1363 y(lo)s(oping)30
b(execution,)j(25,)g(36)2165 1579 y(monotone)f(function,)g(100)2165
1700 y(m)m(utual)f(recursiv)m(e)j(pro)s(cedure,)g(60)2165
1916 y(natural)d(seman)m(tics,)i(20)2165 2037 y(non-determinism,)d(46,)
j(197)2165 2158 y(non-recursiv)m(e)h(pro)s(cedure,)f(56,)f(122,)g(197)
2165 2279 y(n)m(um)m(b)s(er,)h(9)2165 2400 y(n)m(umeral,)f(7,)g(11)2165
2616 y Fr(or)p Fu(-construct,)i(46,)e(197)2165 2737 y(order)h(of)f
(magnitude,)f(214)2165 2858 y(order)d(of)g(magnitude)f(of)h(execution)h
(time,)2497 2979 y(200)2165 3100 y(ordering,)j(93)2331
3221 y(an)m(ti-symmetry)-8 b(,)32 b(95)2331 3342 y(on)h
Fw(P)p Fu(,)f(136)2331 3463 y(on)h Fw(PState)p Fu(,)f(140)2331
3584 y(on)h Fw(PState)f Ft(!)g Fw(PState)p Fu(,)g(148)2331
3705 y(on)h Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p
Fu(,)f(93)2331 3826 y(re\015exivit)m(y)-8 b(,)33 b(95,)f(141)2331
3947 y(symmetry)-8 b(,)33 b(141)2331 4068 y(transitivit)m(y)-8
b(,)31 b(95,)h(141)2165 4190 y(output)h(v)-5 b(ariable,)31
b(134)2165 4405 y Fr(par)p Fu(-construct,)j(48)2165 4526
y(parallelism,)29 b(48)2165 4648 y(parameterized)j(relation,)f(141)2165
4769 y(partial)f(correctness,)35 b(169,)d(175)2331 4890
y(axiomatic)e(seman)m(tics,)j(178)2331 5011 y(denotational)e(seman)m
(tics,)i(172)2331 5132 y(natural)e(seman)m(tics,)i(169)2331
5253 y(structural)45 b(op)s(erational)e(seman)m(tics,)2497
5373 y(172)2165 5494 y(partial)30 b(function,)i(213)p
eop
%%Page: 239 249
239 248 bop 0 130 a Fw(Index)3028 b(239)p 0 193 3473
4 v 0 515 a Fu(partially)30 b(ordered)j(set,)h(95)0 636
y(p)s(ostcondition,)d(176)0 756 y(precondition,)h(176)0
877 y(predicate,)h(215)0 997 y Fr(proc)p Fu(-construct,)h(53,)f(117,)e
(197)0 1117 y(pro)s(cedure)j(declaration,)d(53,)h(117,)g(121)0
1238 y(pro)s(cedure)23 b(en)m(vironmen)m(t,)h(54,)g(56,)f(58,)g(121)0
1358 y(pro)s(cedure)34 b(name,)e(53,)g(117)0 1478 y(program)f(v)-5
b(ariable,)31 b(176)0 1599 y(prop)s(ert)m(y)-8 b(,)33
b(135)0 1719 y(prop)s(ert)m(y)g(state,)g(137)166 1840
y(improp)s(er,)e(138)166 1960 y(prop)s(er,)i(138)0 2080
y Fr(protect)p Fu(-construct,)i(50)0 2201 y(pro)m(v)-5
b(abilit)m(y)d(,)31 b(180)166 2321 y(in)21 b(execution)h(time)f
(inference)h(system,)332 2441 y(203)166 2562 y(in)f(partial)f
(correctness)j(inference)g(sys-)332 2682 y(tem,)32 b(180)166
2803 y(in)i(total)f(correctness)k(inference)e(sys-)332
2923 y(tem,)d(192)0 3043 y(pro)m(v)-5 b(ably)32 b(equiv)-5
b(alence,)33 b(182)0 3246 y Fr(raise)p Fu(-construct,)i(126)0
3366 y Fr(random)p Fu(-construct,)g(48)0 3486 y(recurrence)f(equation,)
f(205,)f(207)0 3607 y(recursiv)m(e)i(pro)s(cedure,)g(54,)e(56,)g(125,)g
(198)0 3727 y(re\015exiv)m(e)i(ordering,)e(141)0 3848
y(re\015exiv)m(e)i(relation,)d(95)0 3968 y(re\015exiv)m(e)j(transitiv)m
(e)e(closure,)h(215)0 4088 y(relation,)e(215)0 4209 y(relation)g(comp)s
(osition,)f(215)0 4329 y Fr(repeat)p Fu(-construct,)43
b(28,)e(30,)f(36,)h(39,)f(43,)332 4450 y(72,)24 b(81,)f(111,)g(112,)h
(117,)f(129,)g(151,)332 4570 y(160,)43 b(182,)g(183,)g(186,)g(190,)h
(194,)332 4690 y(196,)32 b(208)0 4811 y(rule,)g(20)0
4931 y(rule)g(of)g(consequence,)k(180)0 5133 y(safet)m(y)e(of)e(static)
g(analysis,)g(153,)g(159)0 5254 y(seman)m(tic)g(clause,)h(9)0
5374 y(seman)m(tic)f(equation,)h(9)0 5494 y(seman)m(tic)f(equiv)-5
b(alence,)33 b(26,)f(39,)h(112)1882 515 y(seman)m(tic)f(function,)g(9)
1882 638 y(soundness,)i(183)2048 760 y(of)21 b(execution)h(time)f
(inference)h(system,)2214 880 y(208)2048 1003 y(of)f(partial)e
(correctness)24 b(inference)e(sys-)2214 1123 y(tem,)32
b(184)2048 1245 y(of)i(total)g(correctness)k(inference)d(sys-)2214
1366 y(tem,)d(194)1882 1488 y(state,)h(12)1882 1610 y(statemen)m(t,)g
(7)2048 1732 y(analysis,)f(144)2048 1855 y(execution)h(time,)e(202)2048
1977 y(seman)m(tics,)h(31,)h(39,)f(85)2048 2099 y(translation,)e(71)
1882 2221 y(static)i(scop)s(e,)h(53,)f(117)1882 2344
y(storage,)g(64)1882 2466 y(store,)h(57,)f(118)1882 2588
y(strict)g(function,)g(103)1882 2710 y(strongest)h(p)s(ostcondition,)e
(187,)h(190)1882 2833 y(structural)g(induction,)g(11)1882
2955 y(structural)g(op)s(erational)e(seman)m(tics,)j(32)1882
3077 y(stuc)m(k)h(con\014guration,)e(216)1882 3199 y(substitution,)g
(16,)g(17,)g(51)1882 3322 y(symmetric)f(ordering,)h(141)1882
3558 y(terminating)19 b(computation)h(sequence,)27 b(66)1882
3680 y(terminating)j(execution,)j(25,)f(36)1882 3803
y(total)f(correctness,)j(169)2048 3925 y(axiomatic)c(seman)m(tics,)j
(191)1882 4047 y(total)e(function,)h(213)1882 4169 y(transition)e
(relation,)h(216)1882 4292 y(transition)f(system,)k(216)1882
4414 y(transitiv)m(e)e(ordering,)f(141)1882 4536 y(transitiv)m(e)h
(relation,)e(95)1882 4773 y(upp)s(er)j(b)s(ound,)f(97)1882
5009 y(v)-5 b(alidit)m(y)d(,)30 b(184)2048 5131 y(in)21
b(execution)h(time)e(inference)j(system,)2214 5252 y(203)2048
5374 y(in)e(partial)e(correctness)24 b(inference)e(sys-)2214
5494 y(tem,)32 b(184)p eop
%%Page: 240 250
240 249 bop 251 130 a Fw(240)3028 b(Index)p 251 193 3473
4 v 450 515 a Fu(in)33 b(total)g(correctness)k(inference)e(sys-)616
636 y(tem,)d(191)283 756 y Fr(var)p Fu(-construct,)j(51,)d(117)283
877 y(v)-5 b(ariable,)31 b(7)283 997 y(v)-5 b(ariable)31
b(declaration,)g(51,)i(117,)e(120)283 1117 y(v)-5 b(ariable)31
b(en)m(vironmen)m(t,)i(57,)f(118)283 1321 y(w)m(eak)m(est)j(lib)s(eral)
30 b(precondition,)i(187)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF