In this section, we prove preservation of some semantic properties under program approximation (Theorem 4.6.3). The result basically states that a programSand a programSapproximatingS, when both start running from the same initial state, compute the same transfinite sequence of values of relevant variables.
The proof idea is transfinite induction using Lemmas 4.6.1 and 4.6.2.
Lemma 4.6.1. Letψ ∈ STListAConf → 1 +AConf be a transfinitely sound escaping intuitive operator with∝ > ωω. LetD = (def∨,ref)be a data flow approximation system for it. Let(S,rel)be a relevance system of a finite program S w.r.t. Dand let S approximate S on base S and Dwith isomorphism ·. Let l = Tψ(S)(i) and l = Tψ(S)(i)for some states i, i. Take ordinals o,o such that conf(l(o)) = hp | si,conf(l(o)) = hp | si for a program point p and statess, ssuch that s
relp = s
relp. Letπ be the least ordinal greater thano such that pp(l(π)) ∈S; denote q = pp(l(π)). Then there exists the least ordinalπ greater thanosatisfyingpp(l(π)) =q; thereby, both following conditions hold:
1. pp(l(̺))∈Sfor no̺witho < ̺ < π,
2. valX(l(π)) = valX(l(π))for everyX ∈relq.
Proof. Letrbe the immediate postdominator ofpinTCFG. Letx = pp(l(o+ 1)) and y = pp(l(o+ 1)). Note thatx 6 r and y 6 r (Lemma 2.2.5(ii)), the latter giving alsoy 6r. Asp∈S, Definition 4.5.2(ii) together with soundness gives
y= pp(nextψ(l(o))) = pp(nextψhp |si) = pp(nextψhp|si) . (4.4) Lemma 4.5.6(i) and Proposition 4.5.3(i) together imply x 6 q. Ifr 6 q then, by transitivity, y 6 q. Ifr 66 q then applying Lemma 4.5.6(ii) and Proposition 4.5.3(i) together givesp depq. Asq ∈S, the latter impliesp ∈Sandref(p,q) ⊆ relp. Hences
ref(p,q) =s
ref(p,q)by assumptions. Thuspp(nextψhp |si) 6qiff pp(nextψhp | si) 6 q by Definition 4.4.3 and soundness. Using Eq. 4.4, we obtainx6qiffy 6q. Thusy 6q also in this case.
Letπbe the least ordinal greater thanosuch thatpp(l(π)) =q (the computation drop(o+ 1)lreachesqsince it starts fromyandy 6q). Letσbe the least ordinal greater thanosuch thatpp(l(σ)) ∈ S; denote s = pp(l(σ)). Thenσ 6 π since q∈S.
Lemma 4.5.6(i) now impliesy 6s. Ifr 6s then, by transitivity,x 6s. Ifr 66s then applying Lemma 4.5.6(ii) givesp dep s. Ass ∈ S which is equivalent to s ∈S, the latter givesp ∈S andref(p,s) ⊆relp. Hences
ref(p,s) =s
ref(p,s)by
assumptions. Thuspp(nextψhp |si)6s iffpp(nextψhp |si) 6s by Definition 4.4.3 and soundness. Using Eq. 4.4, we obtainx 6s iffy 6s. Thusx 6s also in this case.
Altogether, we have got that bothq ands are common non-strict postdominators ofxandy. So eitherq 6sors 6q(Theorem 2.2.6). Asqoccurs indrop(o+ 1)l not later thans, Lemma 4.3.11 impliesq 6 s. Henceq 6s and Lemma 4.3.11 givesπ 6σ. Consequently,σ =πgiving alsos =q. This proves the first part of the lemma.
To prove the second part, choose X ∈ relq arbitrarily. Assumptions enable pp(l(̺)) ∈ S for no ̺ with o < ̺ < π. By the first part, pp(l(̺)) ∈ S for no ̺ with o < ̺ < π. Lemma 4.5.5(i) together with Proposition 4.5.3(i) give X∈rel(pp(l(o+ 1))) = relx. Denotee = arc(l(o+ 1)).
Consider the caseX ∈ def∨e. By Definition 4.5.2(i), X ∈ relx givesp ∈ S and ref(e, X) ⊆ relp. Sos
ref(e,X) = s
ref(e,X) by assumptions. By soundness, Definition 4.4.3, and Definition 4.5.2(ii),
valX(l(o+ 1)) = valX(nextψ(l(o))) = valX(nextψhp |si)
= valX(nextψhp|si) = valX(nextψhp |si)
= valX(nextψhp|si) = valX(nextψ(l(o)))
= valX(l(o+ 1)) . By Lemma 4.5.5(i) and Proposition 4.5.3(i),
valX(l(π)) = valX(l(o+ 1)) and valX(l(π)) = valX(l(o+ 1)) . Consequently,valX(l(π)) = valX(l(π)).
IfX /∈ def∨e then, by Lemma 4.5.5(ii) and Proposition 4.5.3(i),valX(l(π)) = valX(l(o))andvalX(l(π)) = valX(l(o))wherebyX∈relp. The latter implies valX(l(o)) = valX(l(o))by assumptions. Hence the claim follows. ⊓⊔ Lemma 4.6.2. Letψ∈STListAConf →1 +AConf be a regular intuitive limit operator and letDbe a data flow approximation system for it. Let(S,rel) be a relevance system for a regular programS w.r.t.D and let S approximate S on baseS and Dwith isomorphism ·. Letl = Tψ(S)(i) and l = Tψ(S)(i) for some statesi,i. Letλ > 1be a selfish ordinal. For each ordinal ξ < λ, let oξ,oξ be ordinals less than|l|and|l|, respectively. Denotehpξ |sξi= conf(l(oξ))for each ξ < λ. Assume the following:
1. pp(l(o0))∈S,pp(l(o0))∈S;
2. for everyξwith0< ξ < λ,oξis the least ordinal greater than any ordinal oηwithη < ξsuch thatpp(l(oξ))∈S;
3. for everyξwith0< ξ < λ,oξis the least ordinal greater than any ordinal q= pp(l(π)). Then there exists the least ordinalπgreater than any ofoξfor which pp(l(π)) =q; thereby, both following conditions hold:
1. pp(l(̺))∈Sfor no̺ < πgreater than any ofoξ; 2. valX(l(π)) = valX(l(π))for everyX ∈relq.
Proof. Letτbe the least ordinal greater than any ofoξand letτbe the least ordinal greater than any ofoξ. Letτ =α+γandτ =α+γ be principal representations.
Asα < τ, there exists the least ordinalζ such thatoζ > α. Analogously, let ζ be the least ordinal such thatoζ > α. Asλis selfish, there areλmany ordinals oξ > αand as many ordinals oξ > α. Hencedropα l visits at leastλprogram points inS, the first of them beingpp(l(oζ)). Analogously,dropα lvisits at least λprogram points inS, the first of them beingpp(l(oζ)).
Lett = pp(l(τ)) and t˜ = pp(l(τ)). We claim that t˜ = t. For proving it, sup-pose the contrary, i.e. t˜ 6= t. As the semantics is regular, t postdominates ev-ery program point inloop (takeτ l)andt˜ postdominates every program point in loop takeτ l
. As S is finite and every non-empty final part of takeτ l visits program points ofS, there is at least one program points ∈ loop (takeτ l)∩S.
By assumptions, s ∈ loop takeτ l
. So, in particular, s < t ands <t˜. Hence t andt˜ are common postdominators ofs. Ast 6= ˜t, eithert < t˜ ort˜ < t must hold (Theorem 2.2.6). Suppose the former; the proof continues analogously in the other case.
By regularity,t˜ is the immediate postdominator of a program pointy looping in takeτ l(see also Corollary 2.2.10(ii)). For arbitraryη < τ, there is a subcomputa-tion ofdropη(takeτ l)driving control fromstosthroughy; find a corresponding walkwη fromstos throughysatisfying Lemma 4.3.4.
Let wη be the last program point on the part of wη starting with y such that y 6wη. Then the program points passed through by the part ofwstarting with the last occurrence ofwη do not postdominatewη since otherwise they would post-dominateycontradicting the choice ofwη. Therefore all these program points are transitively control dependent onwη (Theorem 2.3.5). In particular, wη dep∗ s.
As s ∈ S, we have also wη ∈ S. AsS is finite, we have an unbounded set of ordinalsηfor whichwηis the same, say,v. Sov ∈loop takeτ l
∩Simplying
v ∈ loop (takeτ l) ∩S. Hence y 6 v < t < t, a contradiction since˜ t˜ was supposed to be the immediate postdominator ofy.
Consequently,t˜=t.
Asτ 6 π, there is a walk from t toq according to Lemma 4.3.4. Thust 6 q (Theorem 2.3.8). Letπ be the least ordinal greater than or equal to τ such that pp(l(π)) =q(the computationdropτ lreachesqsince it starts fromtandt6q).
Letσbe the least ordinal greater than or equal toτ such thatpp(l(σ))∈S; denote s = pp(l(σ)). Thenσ6πsinceq ∈S.
We have alsot 6s (Theorem 2.3.8). So eitherq 6s ors 6q (Theorem 2.2.6).
As the first visit ofqoccurs not later than the first visit ofs bydropτ l, Lemma 4.3.11 impliesq 6s. Thusq6sand Lemma 4.3.11 givesπ 6σ. Consequently, σ=πgiving alsos =q. This proves the first part of the lemma.
To prove the second part, chooseX ∈ relq arbitrarily. Letx = s(arc(l(τ))) ∈ loop (takeτ l). By Lemma 4.3.12,xis transitively control depended on by every program point inloop (takeτ l). As there are program points ofSamong them, it follows thatx ∈S. Thusx ∈ loop takeγ(dropα l)
. AstcfgS andtcfgSare isomorphic, there is a transfinite arcefromxtot. By regularity, the looptakeτ l is escaped from usinge.
Ift = q thenX ∈ relt; if t 6= q then τ < π, t ∈/ S and Lemma 4.5.5(ii) to-gether with Proposition 4.5.3(i) also imply X ∈ relt. HenceX ∈ relx since relt ⊆relxby Definition 4.5.2(i). Thus by assumptions,sξ
{X} =sξ
{X}for ev-ery ordinalξ < λsuch thatpξ=x. This covers all places wheretakeγ(dropα l) visitsx andtakeγ(dropα l)visitsx. This means
map(valX)(filter(at{x})(dropomax(ζ,ζ)(takeτ l)))
= map(valX)(filter(at{x})(dropomax(ζ,ζ)(takeτ l))) .
Lemma 4.3.10(iii) givesvalX(l(τ)) = valX(l(τ)). AsX ∈relq, using Lemma 4.5.5(ii) together with Proposition 4.5.3(i) gives valX(l(τ)) = valX(l(π)) and valX(l(τ)) = valX(l(π)). Hence the desired claim follows. ⊓⊔ Theorem 4.6.3. Letψ ∈ STListAConf → 1 +AConf be an regular intuitive limit operator with ∝ > ωω and D be a data flow approximation system for it. Let (S,rel) be a relevance system for a regular program S w.r.t. D and let S approximate S on base S and Dwith isomorphism ·. Letl = Tψ(S)(s) and l = Tψ(S)(s) for somes ∈ State. Denote m = filter(atS)l,m = filter(atS)l.
Then S is regular, map(pp ; ·)m = map ppm and, for every ξ < |m| and X∈rel(pp(m(ξ))), the equalityvalX(m(ξ)) = valX(m(ξ))holds.
Proof. S is regular asS is regular and the conditions of program regularity are stated in terms of transfinite control flow graphs and preserved by isomorphism.
Let(oξ : ξ < |m|) be the increasing family of all ordinals indexing the compo-nents oflsatisfying atS; then m(ξ) =l(oξ)for everyξ < |m|. Analogously, let (oη : η < |m|) be the increasing family of all ordinals indexing the components oflsatisfyingatS. Denotepξ= pp(m(ξ)).
We start with showing by transfinite induction on ξ that pp(l(oξ)) = pξ and valX(l(oξ)) = valX(l(oξ))for everyX∈relpξ. assumptions about program points and states at oαth step hold by induction hy-pothesis.
Ifγ >1, apply Lemma 4.6.2 foroη ←oα+ηandoη ←oα+ηfor everyη < γ,π ← oξ. The required assumptions hold due to construction and induction hypothesis.
It remains to show|m|= |m|. By Theorem 4.3.8,|l| <∝. By Lemma 4.3.3(vi), computation lends atf. By Definition 4.5.2(i), f ∈ S. So there is aζ such that pp(m(ζ)) = pζ = f. By the proof so far,pp(m(ζ)) = pp(l(oζ)) = f = f. Thus
|m|=|m|=ζ+ 1. ⊓⊔
The assumption of Lemma 4.6.2 and Theorem 4.6.3 thatψis a limit operator (in the sense of Definition 3.4.1(i)) is mandatory as shown by Example 4.6.4.
Example 4.6.4. Consider the following transformation: a relevance system in the original program w.r.t. naturally defined def-sets and ref-sets. It can be obtained by computing the slice w.r.t. criterion{(6,i)} in the traditional way of relevant sets.
The transfinite control flow graphs of these two programs are clearly isomorphic;
the isomorphism is reflected by the numeration of program points. The second program differs from the first by the first statement only. As the set of variables assigned is the same, the second program qualifies as an approximation of the first on baseS.
The different value assigned to x involves a significant difference between the lengths of run of these programs. The first program works forω+ω+ 1steps (the inner infinite loop is executed during the first execution of the body of the outer loop and skipped afterwards) while the second program works forω+ 1 steps only (the inner infinite loop is always skipped).
The principal representation ofω+ωisω+ωwhile the principal representation ofωis0 +ω. Hence the state of variables at the final configuration of the run of the first program (where the computation reaches after entirely running the outer loop) is determined by the sequence of intermediate states occurring when control passes through 2, exclusive of the first passing as the latter remains inside the first ωsteps. The state of variables at the final configuration of the run of the second program is determined by the sequence of all intermediate states occurring when control passes through 2.
In the first sequence, variableiobtains values1,2,3, . . .; in the second sequence, it obtains values0,1,2,3, . . .. Ifψwere not a limit operator, the limit state given by ψ might be different on these two sequences and hence the transformation would not be correct, Theorem 4.6.3 would not hold. ⊓⊔ Example 4.6.4 implies also that the correctness of standard algorithms for program slicing w.r.t. transfinite semantics (studied in Sect. 4.8) holds generally only if the semantics is corecursive. This conclusion may be done at least for semantics whose definition is grounded on principal representations of ordinals.
One may argue, relying on Example 4.6.4, that the way in which the principal representation splits the computation process is unnatural because this splitting does not respect the computation intervals corresponding to the composite (i.e.
non-atomic) statements. For languages with structured control flow, one may for-sake principal representations and ground on the syntax structure only (like in our recent paper [11]). In the theory developed in this thesis, we wanted to keep the theory abstracted from language details, therefore we had to ground on some other mechanism of structuring computation processes. If limits of processes are always defined via limit operators then this choice makes no essential difference.