DESCRIPCIÓN DEL ÁREA OBJETO DE ESTUDIO

exec(comphbmihval m(

rec

r: val b r)di"d)

we must split variable m into two variables, say m and e. Thus we get exec(comphbmihval e(

rec

r: val b r)di"d) .

If we did not change anything else in the formula, we should get the strengthened specication

8bmed : b j ?^m j ?)

comphbmi j ?^

exec(comphbmihval e(

rec

r: val b r)di"d)v

exec(comphbmi"comphbmid) .

When strengthening a specication, we must always be careful not to strengthen it too much. In our case, the strengthened specication must

still be satisable by some functioncomp. The strengthened specica- tion implies that the value of every expressione is less than or equal to the result of executing program comphbmi. Certainly, this condition

is not satisable by any comp.

Hence we must make the right hand side of the inequation dependent on e. Can we simply replace comphbmi by comphbei in the third

argument of exec? We know about the machine architecture that the program counter (third component of the machine state) is a postx of the entire program (rst component of the machine state). Thus comphbeiwould have to be a postx ofcomphbmifor every expression

e. Obviously, this requirement again is not satisable by any compiler comp.

Therefore it seems reasonable to restrict the specication to thosee, for whichcomphbei is a postx of comphbmi. Originally, the generaliza-

tion was intended for those e that are subterms of m. But we cannot expect that the code of each subterme of m will be a postx of the code of m. Therefore we only require that comphbei is the beginning of a

postx. Let us formalize the postx relation on assembler programs by the predicate  :

p q ,9r : rp q

Thus we get

8bmed : b j ?^m j ?)

comphbmi j ?^

(8pc : comphbeipc comphbmi)

exec(comphbmihval e(

rec

r: val b r)dipcd)v

exec(comphbmi"comphbeipcd))

as a new candidate for a generalized specication.

Is this specication still too strong? Let e be a subterm of m. Code that is generated for e will, in general, depend on the position at which e occurs in m: if e occurs several times in m, and its code contains some labelled statement, then the labels must be di erent for all occurrences ofe. Since comphbeidoes not depend onm, and thus does not depend

on the position ofe in m, the code for e cannot be generated by comp. Therefore we introduce a function

cexp : ExpLabel!Asp ,

which compiles expressions, using only labels that are determined by its second argument.

We base the functioncomp on cexp in the following way:

(Prog)

8bm : b j ?^m j ?)

comphbmi hjump(main)ihlab(body)i

cexp(bh0i)hreturnihlab(main)i

cexp(mh1i)^

cexp(bh0i) j ?^cexp(mh1i) j ?

Now we can formulate the generalized specication by making use of cexp. Since it seems too restrictive to assume an empty stack whenever a compiled expression is executed, we further generalize the specica- tion to arbitrary stacks s:

(Cexp)

8bmdepcls : b j ?^m j ?)

(cexp(el)pc  comphbmi)

exec(comphbmihval e(

rec

r: val b r)dispcd)v

exec(comphbmiscexp(el)pcd))

In order that specication

(Exec)

is implied, we require as a third property

(JumpMain)

8bmd : b j ?^m j ?)

exec(comphbmi"cexp(mh1i)d)v

exec(comphbmi"comphbmid)

Conjunction of

(Prog)

,

(Cexp)

and

(JumpMain)

implies specica- tion

(Exec)

.

Fixed point induction.

Now we carry out the xed point induction of analysis 2 for the generalized specication

(Cexp)

.

According to analysis 2, we do xed point induction on

rec

r. Let us rst address the base case, and the inductive step thereafter.

Base case.

Analogously to the base case in analysis 2, we get the following base case for the generalization

(Cexp)

:

8bmdepcls : b j ?^m j ?)

(cexp(el)pc  comphbmi)

exec(comphbmihval e?dispcd)v

exec(comphbmiscexp(el)pcd))

As planned in analysis 2, this formula is rened by xed point induction on val. Since the base case is trivial, we immediately turn to the inductive step.

Inductive step.

The inductive step instantiates to

8v : (8bmdepcls : b j ?^m j ?) (cexp(el)pc  comphbmi) exec(comphbmihv e?dispcd) v exec(comphbmiscexp(el)pcd))) ) (8bmdepcls : b j ?^m j ?) (cexp(el)pc  comphbmi)

exec(comphbmih(val v)e?dispcd)v

exec(comphbmiscexp(el)pcd))) .

Assume that the induction hypothesis holds.

The denition of val suggests a case distinction one:

If e cst(c) (with c j ?), the conclusion is implied by 8bmdpcls : b j ?^m j ?)

(cexp(cst(c)l)pc comphbmi)

exec(comphbmihcispcd) v

exec(comphbmiscexp(cst(c)l)pcd)) .

Looking at the machine instructions, we immediately nd the following explicit condition oncexp, which implies the preceeding formula:

(Cst)

8cl : c j ?^l j ?)

cexp(cst(c)l) hpush(c)i

If e x, the conclusion is equivalent to 8bmdpcls : b j ?^m j ?)

(cexp(xl)pc  comphbmi)

exec(comphbmihdispcd)v

exec(comphbmiscexp(xl)pcd)) .

This formula is implied by the following explicit condition on cexp, which is again suggested by the machine instructions:

(X)

8l : l j ?)cexp(xl) hpushAi

If e if(e

0e1e2) (with e0e1e2

j ?), the conclusion is equiv-

alent to 8bmdpcls : b j ?^m j ?) (cexp(if(e0e1e2)l) pc  comphbmi) exec(comphbmi h

if

test(v e 0 ?d)

then

v e 1 ?d

else

v e 2 ?d



i spcd) v exec(comphbmiscexp(if(e 0e1e2)l) pcd)) .

Looking at the machine instructions, we immediately nd the following explicit condition on cexp:

(If)

8e 0e1e2l : e0 j ?^e 1 j ?^e 2 j ?^l j ?) cexp(if(e0e1e2)l) cexp(e0l h0i)hcjump(l)icexp(e 2l h2i) hjump(lh3i)ihlab(l)icexp(e

1l

h1i) hlab(lh3i)i

This formula implies the preceeding one by induction hypothesis, but an additional property is needed: we must assure that the labels l and lh3i, to which the generated code may branch, do

not occur in preceeding program parts. Therefore we require that no label is dened twice in a program:

(Lab)

8bm : b j ?^m j ?)8pqrlk :

comphbmi phlab(l)iqhlab(k)ir)

l j k
Ife app(ge 0) (withg j f, g j ?, ande 0 j ?), the conclusion is equivalent to 8bmdpcls : b j ?^m j ?) (cexp(app(ge0)l) pc  comphbmi) exec(comphbmihcfct(g)(v e 0 ?d)ispcd)v exec(comphbmiscexp(app(ge 0)l) pcd)) .

The machine instructions together with the induction hypothesis again suggest an explicit condition on cexp, which implies the preceeding formula:

(App)

8ge 0l : g j f ^g j ?^e 0 j ?^l j ?) cexp(app(ge0)l) cexp(e0l h0i)happcfct(g)i
If e app(fe 0) (withe0

(End of inductive step.)

In document Colonización de taludes artificiales por medio de la vegetación natural (página 98-101)