Soundness of Algorithm W 1 - Environment Snapshot 3:

Environment Snapshot 3:

3.5 Soundness of Algorithm W 1

As a second step in the proof of correctness of algorithm

W

¹, we now show that the process of incrementally rening the compilation environment eventually terminates and when it does, it exactly corresponds to the compilation environment obtained when the complete program is available.

As noted in section 3.1.3, we stop further compilation only when all the assumption checks collected during various calls to

W

¹ are passed successfully by the existing property-values in the current compilation environment. The assumption checks play an important role here in guaranteeing that only a sound compilation environment is acceptable, otherwise the process of incremental renement continues. Termination is shown by proving that the assumptions checks are eventually passed by some environment.

22Technically, the domain ofTEi^,1 will have to be restricted to that ofTE_previn order to compare the two, but we will ignore this for clarity.

(a): Form of Final Call Graph. (b): Set of Identiers in an SCC.

Figure 3.10: Proving the Soundness of SCC Computation.

3.5.1 Soundness of SCC Computation

First, we prove that the SCC environment is computed correctly. Since no property assumptions are collected for the SCC property, no assumption checks are necessary and no requests for recompilations are possible. So we only have to show that each top-level identier

x

is assigned its nal strongly connected component

SCC

_tx automatically after some number of calls to

W

¹ without any assumption checks or recompilations.

Lemma 3.9

In the sequence of SCC environments SE⁰

;:::;

SEi

;:::

generated from the various calls to

W

¹, there exists an environment SEf (and every environment after that) such that SEf(

x

) = SEt(

x

) for each

x

X

Proof:

We prove this by structural induction on the call graph of the whole program

G

t(refer gure 3.10 (a)).

Case1: Consider a leaf of the call graph

G

t which is a single identier

x

The complete SCC for

x

SCC

_tx = ^f

x

^g, is computed the very rst time

x

is type-checked, say at the

i

-th call. Due to assumption 2, this happens at least once. Once computed, it never changes from that value since it can only monotonically increase in size (lemma 3.5) but has already reached its maximum (lemma 3.6). So we can designate SE to be any SCC environment with

f i

since SE (

x

) =

x

= SE (

x

) trivially.

Case2: Consider a leaf of the call graph

G

twhich is a group of mutually recursive identiers.

Suppose an identier

x

from this group is type-checked at some

i

-th call, updating the SCC of all

z

k ²

SCC

_ix to

SCC

_ix in the environment SEi.

From lemma 3.6,

SCC

_ix

SCC

_tx. If

SCC

_ix =

SCC

_tx then our job is already done and we can designate SEf to be any SCC environment with

f

i

SCC

_ix ⁶=

SCC

_tx then let

y

represent one of the identiers in

SCC

_tx that are not present in

SCC

_ix (refer gure 3.10 (b)). There must be at least one such

y

²(

SCC

_tx^,

SCC

_ix) that has not been compiled even once when

SCC

_ix is computed, so that the edges coming out of the node

y

are not yet visible in the intermediate call graph

G

i. Otherwise, each such

y

will have to be present in

SCC

_ix contradicting our assumption that

SCC

_ix⁶=

SCC

_tx.

Now using assumption 2, every node in

G

tmust be type-checked at least once, so let

w

²(

SCC

_tx^,

SCC

_ix) be the last of all such nodes appearing at some

j

-th call (

j > i

At that time, all nodes in

SCC

_tx as well as all their edges are visible in the call graph

G

j. Hence

SCC

_jw, the SCC of

w

at the

j

-th call, must contain all these identiers, i.e.,

SCC

_jw=

SCC

_tx=

SCC

_tw. Moreover, the SCC property for all

z

k ²

SCC

_jw gets updated to

SCC

_jw=

SCC

_txin the latest environment SEj. Thus, the nal SCC are computed at the

j

-th call and we can designate SEf to be any SCC environment with

f

j

Case3: Consider an internal node of the call graph

G

t which is a single identier

x

. Let Poly_tx denote the set of all identiers that

x

directly calls in

G

t, and

m

be the number of elements in Poly_tx.

Just like in case 1, the complete SCC for

x

SCC

_tx = ^f

x

^g, is computed the very rst time it is type-checked, say at the

i

-th call. By inductive assumption, for each

z

k ²Poly_tx there exists an SCC environment SEf_k such that SEf_k(

z

k) = SEt(

z

k). So we can designate SEf to be any SCC environment with

f

max(

i;f

;:::;f

m).

Case4: We can easily compose the cases 2 and 3 above and designate SEf to be any SCC environment that is computed after all the nodes in the group of mutually recursive identiers have become visible and all the nodes that any of them calls have also been assigned their nal SCC values.

The above proof relies heavily on assumption 2 and the fact that we update the SCC value of all the identiers

z

k ²

SCC

_ixtogether during the

i

-th call to

W

¹. We will later examine another strategy where the assumption 2 is explicitly enforced by means of an end-of-program test and is no longer the user's responsibility. Alternate strategies are also possible that update the properties of only the current binding being type-checked but ensure that the latest information is always propagated to other the nodes in the same SCC. Detailed analysis of these strategies is beyond the scope of this thesis.

Note that operationally there is no way to distinguish among the various cases of the above lemma in the incremental system. Many identiers, out of a set of mutually recursive ones, may start out being singleton, until some other identier becomes visible that links them all together.

The incremental system does not examine or update the SCC properties of the complete call graph at once²³. Nevertheless, the lemma guarantees that by simply ensuring that all the identiers in the call graph

G

t have been compiled at least once, all of them will eventually compute their complete SCC correctly. In fact, the nal SCC will be computed as soon as all the identiers have been compiled at least once, as shown in the next lemma.

Lemma 3.10

If SEn is the SCC environment obtained after the

n

-th call to

W

¹ when all the identiers

x

X

have been compiled at least once, then SEn= SEt.

Proof:

It can be easily seen that in each case of lemma 3.9, we can choose SEf to be SEn as

dened above. ²

The above lemma ensures that if we have type-checked each top-level denition in our program once then we already have the desired nal SCC environment without the need to recompile any of the denitions.

3.5.2 Soundness of Type Computation

Now, we show the correctness of the type environment computation. Here we will use the upper bound assumption checks to show that the type environment that passes all these checks is cor-rect with respect to the complete program. We will use the lemmas established in section 3.3.2 in the proof.

23Indeed, if we were given the complete call graph together, there would be no need to have an incremental

Lemma 3.11

In the sequence of type environments TE⁰

;:::;

TEi

;:::

generated from the var-ious calls to

W

¹, there exists an environment TEf (and every environment after that) that passes all the upper bound type assumptions (M) for all the top-level identiers,i.e.,

x

X;

⁸(

z

^7!

_iz)²

M

;

TEf(

z

)

_iz

Dans le document An Incremental Type Inference System for the Programming Language Id (Page 85-89)