Summary

• Behavioral equivalence
• Properties on behavioral equivalence
• Program transformations

Program equivalence

• A framework to compare "equivalent" programs, notation $P \equiv Q$
• The notion of equivalent is generic
• Program equivalence can be used to reason about correctness of algorithms
• Program equivalence can be used to reason about the correctness of program transformations

Examples:

• compilable programs
• programs that produce the same output
• programs that perform the same assignments
• programs that read the same variables

Usual equivalence properties

• Reflexive: $P \equiv P$
• Symmetric: $P \equiv Q \implies Q \equiv P$
• Transitive: $P \equiv Q \implies Q \equiv R \implies P \equiv R$
• Congruence: $P\equiv Q \implies \mathcal{C}(P) \equiv \mathcal{C}(Q)$ where $\mathcal{C}: \mathcal{P} \rightarrow \mathcal{P}$ is known as a context, a program with a "whole" that is filled with the input program, outputting a "complete" program; it is expected that the input occurs in the output.

Syntactic equivalence

If two programs are textually equal (are the same syntactic term), then we say that the two programs are syntactically equivalent.

Example: APlus (ANum 3) (ANum 0) is syntactically equivalent to APlus (ANum 3) (ANum 0).

Behavioral equivalence

If two programs start from an initial state and reach the same final state, then we say that the two programs are behaviorally equivalent.

Example:

X:=3;; WHILE 1<=X DO Y:=Y+1;; X:=X-1 END

is behaviorally equivalent to

X:=0 ;; Y:=3

Behavioral equivalence

For arithmetic expressions $a_1 \equiv a_2$, e.g., $x - x$ $\equiv$ 0:

Exercise: skip

Prove that

Theorem skip_left: forall c,
  cequiv <{skip; c}> c.

Exercise: if

If $b \equiv \top$, then $\mathtt{if}\ b\ \mathtt{then}\ c_1\ \mathtt{else}\ c_2\ \mathtt{end} \equiv c_1$.

Theorem if_true: forall b c1 c2,
  bequiv b <{true}>  ->
  cequiv
    <{ if b then c1 else c2 end }>
    c1.

What could $b$ in $b \equiv \top$ be? For instance, the following statement holds. (By using lemmas Nat.add_0_r, Nat.eqb_refl.)

Require Import PeanoNat.
Goal forall x, bequiv (x + x = 2 * x) BTrue.

Exercise: while

Theorem: If $b \equiv \bot$, then $\mathtt{while}\ b\ \mathtt{do}\ c\ \mathtt{end} \equiv \mathtt{skip}$.

Theorem: If $b \equiv \top$, then for all $s$ and $s'$, we have $\neg s =\!\!\![ \mathtt{while}\ b\ \mathtt{do}\ c\ \mathtt{end} ]\!\!\!\Rightarrow s'$.

Theorem: $\mathtt{while}\ b\ \mathtt{do}\ c\ \mathtt{end} \equiv \mathtt{if}\ b\ \mathtt{then}\ c ; \mathtt{while}\ b\ \mathtt{do}\ c\ \mathtt{end}\ \mathtt{else}\ \mathtt{skip}\ \mathtt{end}$.

Properties of equivalences

An equivalence relation is:

• reflexive
• symmetric
• transitive

Show that aquiv, bequiv, and cequiv each is an equivalence relation.

Lemma refl_cequiv : forall (c : com), cequiv c c.
Lemma sym_cequiv : forall (c1 c2 : com), cequiv c1 c2 -> cequiv c2 c1.
Lemma trans_cequiv : forall (c1 c2 c3 : com), cequiv c1 c2 -> cequiv c2 c3 -> cequiv c1 c3.

$\equiv$ is a congruence

Generally a congruence can be described as

For commands this corresponds to proving

Congruence example

Program equivalence

Example congruence_example:
  cequiv
    (* Program 1: *)
    <{ X := 0;
       if (X = 0)
       then Y := 0
       else Y := 42 end }>
    (* Program 2: *)
    <{ X := 0;
       if (X = 0)
       then Y := X - X
       else Y := 42 end }>.

Sound transformations

• We can specify the notion of a transformation that is sound
• Example: source-to-source compiler, code optimizer.

Definition atrans_sound (atrans : aexp -> aexp) : Prop :=
  forall (a : aexp),
    aequiv a (atrans a).
Definition btrans_sound (btrans : bexp -> bexp) : Prop :=
  forall (b : bexp),
    bequiv b (btrans b).
Definition ctrans_sound (ctrans : com -> com) : Prop :=
  forall (c : com),
    cequiv c (ctrans c).