### Evaluation: the TAL-0 abstract machine - the abstract machine contains the code and data. - an evaluation step changes the state (code and data) of the abstract machine. • A register file R maps each register r to some value (integer or label) R(r). $$R ::= \{\mathsf{r1} \mapsto \nu_1, \dots, \mathsf{rk} \mapsto \nu_k\}$$ (each $\nu_i$ is a value) • For TAL-0, the only heap values are instruction sequences. $$h ::= I$$ Extensions of TAL-0 will need to consider other kinds of heap values. ullet A heap H is a partial map: H maps some labels l to heap values H(l). $H:=\{l_1\mapsto h_1,\dots l_m\mapsto h_m\}$ An abstract machine state consists of a heap, a register file and the current sequence being executed. $$M ::= (H, R, I)$$ The previous example has three instruction sequences $$I_1=\mathsf{r3}:=0; \mathsf{r2}:=\mathsf{r1}; \; \mathsf{jump \; loop}$$ $I_2=\mathsf{if}\; \mathsf{r1}\; \mathsf{jump \; done}; \mathsf{r3}:=\mathsf{r2}+\mathsf{r3}; \mathsf{r1}:=\mathsf{r1}+-1; \; \mathsf{jump \; loop}$ $I_3=\mathsf{jump \; r4}$ We have the heap $H_0 = \{\mathsf{prod} \mapsto I_1, \mathsf{loop} \mapsto I_2, \mathsf{done} \mapsto I_3\}.$ The starting state of the machine is supposed to be of the form $$M_0 = (H_0, R_0, I_1)$$ where $R_0(r1) = n$ is an integer and $R_0(r4)$ is a label. A possible execution sequence: ... ``` H_0, \{r1 \mapsto 2, r2 \mapsto 0, r3 \mapsto 0, r4 \mapsto 1\}, I_1 H_0, \{r1 \mapsto 2, \quad r2 \mapsto 0, \quad r3 \mapsto 0, \quad r4 \mapsto 1\}, r2 := r1; jump loop H_0, \{r1 \mapsto 2, \quad r2 \mapsto 2, \quad r3 \mapsto 0 \quad r4 \mapsto 1\}, jump loop H_0, \{r1 \mapsto 2, \quad r2 \mapsto 2, \quad r3 \mapsto 0 \quad r4 \mapsto 1\}, I_2 H_0, \{r1\mapsto 2, \quad r2\mapsto 2, \quad r3\mapsto 0 \quad r4\mapsto 1\}, r3:=r2+r3; r1:=r1+-1; jump loop H_0, \quad \{r1 \mapsto 2, \quad r2 \mapsto 2, \quad r3 \mapsto 2 \quad r4 \mapsto \mathsf{I}\}, \qquad \qquad \mathsf{r1} := \mathsf{r1} + -1; \; \mathsf{jump loop} H_0, \quad \{r1 \mapsto 1, \quad r2 \mapsto 2, \quad r3 \mapsto 2 \quad r4 \mapsto 1\}, jump loop H_0, \{r1 \mapsto 1, r2 \mapsto 2, r3 \mapsto 2 r4 \mapsto 1\}, H_0, \quad \{r1 \mapsto 1, \quad r2 \mapsto 2, \quad r3 \mapsto 2 \quad r4 \mapsto \mathsf{I}\}, \quad r3 := r2 + r3; \mathsf{r1} := \mathsf{r1} + -1; \; \mathsf{jump loop} H_0, \quad \{r1 \mapsto 1, \quad r2 \mapsto 2, \quad r3 \mapsto 4 \quad r4 \mapsto \mathsf{I}\}, \qquad \qquad \mathsf{r1} := \mathsf{r1} + -1; \; \mathsf{jump \; loop} H_0, \quad \{r1 \mapsto 0, \quad r2 \mapsto 2, \quad r3 \mapsto 4 \quad r4 \mapsto \mathsf{I}\}, jump loop H_0, \{r1 \mapsto 0, r2 \mapsto 2, r3 \mapsto 4 r4 \mapsto 1\}, I_2 H_0, \{r1 \mapsto 0, r2 \mapsto 2, r3 \mapsto 4 r4 \mapsto 1\}, jump r4 ``` As usual, we formalize this using evaluation rules. As usual, we formalize this using evaluation rules. $$\frac{H(\hat{R}(\nu)) = I}{(H, R, \text{ jump } \nu) \longrightarrow (H, R, I)} \text{ (E-Jump)}$$ where the lookup function $\hat{R}$ returns the value corresponding to an operand: $$\hat{R}(r) = R(r)$$ $$\hat{R}(n) = n$$ $$\hat{R}(l) = l$$ The JUMP instruction loads a new instruction sequence which should then be executed. The machine is stuck if $\hat{R}(\nu)$ is not a label, or if the label does not correspond to some instruction sequence in the heap. Otherwise, we consume one instruction from the current instruction sequence. The MOV and ADD instructions modify the register file. $$(H, R, r_d := \nu; I) \longrightarrow (H, R \oplus \{r_d \mapsto \hat{R}(\nu)\}, I)$$ (E-Mov) Otherwise, we consume one instruction from the current instruction sequence. The MOV and ADD instructions modify the register file. $$(H, R, r_d := \nu; I) \longrightarrow (H, R \oplus \{r_d \mapsto \hat{R}(\nu)\}, I)$$ (E-Mov) $$\frac{R(r_s) = n_1 \quad \hat{R}(\nu) = n_2}{(H, R, r_d := r_s + \nu; I) \longrightarrow (H, R \oplus \{r_d \mapsto n_1 + n_2\}, I)}$$ (E-Add) (The machine is stuck in the second case if $R(r_s)$ or $\hat{R}(\nu)$ is not an integer.) The conditional jump instruction either loads a new instruction sequence or just consumes one instruction. $$\frac{R(r) = 0 \qquad H(\hat{R}(\nu)) = I'}{(H, R, \text{if } r \text{ jump } \nu; I) \longrightarrow (H, R, I')} \text{(E-IfEq)}$$ The conditional jump instruction either loads a new instruction sequence or just consumes one instruction. $$\frac{R(r) = 0 \qquad H(\hat{R}(\nu)) = I'}{(H, R, \text{if } r \text{ jump } \nu; I) \longrightarrow (H, R, I')} \text{(E-IfEq)}$$ $$\frac{R(r) = n \qquad n \neq 0}{(H, R, \text{if } r \text{ jump } \nu; I) \longrightarrow (H, R, I)} \text{ (E-IfNeq)}$$ (The machine is stuck if R(r) is not an integer or, in the first case, if $\hat{R}(\nu)$ is not a label.) ``` I: r1 := 5; jump r1 ``` ``` I: r1 := 5; jump r1 ``` Define instruction sequence I = r1 := 5; jump r1 and heap $H = \{I \mapsto I\}$ . Corresponding to the above code, starting with register file $R = \{r1 \mapsto 0\}$ we have the evaluation step $$(H, \{r1 \mapsto 0\}, I) \longrightarrow (H, \{r1 \mapsto 5\}, \text{ jump r1})$$ ``` I: r1 := 5; jump r1 ``` Define instruction sequence I = r1 := 5; jump r1 and heap $H = \{I \mapsto I\}$ . Corresponding to the above code, starting with register file $R = \{r1 \mapsto 0\}$ we have the evaluation step $$(H, \{r1 \mapsto 0\}, I) \longrightarrow (H, \{r1 \mapsto 5\}, \text{ jump r1})$$ The machine is now stuck: no further evaluation step is possible because r1 stores an integer instead of a label. ``` I: r1 := 5; jump r1 ``` Define instruction sequence I = r1 := 5; jump r1 and heap $H = \{I \mapsto I\}$ . Corresponding to the above code, starting with register file $R = \{r1 \mapsto 0\}$ we have the evaluation step $$(H, \{r1 \mapsto 0\}, I) \longrightarrow (H, \{r1 \mapsto 5\}, \text{ jump r1})$$ The machine is now stuck: no further evaluation step is possible because r1 stores an integer instead of a label. Hence to filter out such bad programs, we need to introduce typing rules. Initial idea for a TAL-0 typing system: introduce two different types Int and Code for integers and labels. In the previous example, we will start with the register file type $\Gamma = \{r1 : Int\}$ . After the instruction r1 = 5 the register file type remains the same. Then the second instruction jump r1 fails to type check because $\Gamma(r1)$ is Int instead of Code. Hence the code is rejected, as desired. Initial idea for a TAL-0 typing system: introduce two different types Int and Code for integers and labels. In the previous example, we will start with the register file type $\Gamma = \{r1 : Int\}$ . After the instruction r1 = 5 the register file type remains the same. Then the second instruction jump r1 fails to type check because $\Gamma(r1)$ is Int instead of Code. Hence the code is rejected, as desired. Is this idea enough? Consider the following code: ``` l: r1 := 5; r2 := l'; jump r2 ``` Label I' points to some other instruction sequence I'. ``` I = r1 := 5; r2 := I'; \text{ jump } r2 \text{ and heap } H = \{I : I, I' \mapsto I'\}. ``` Should the above code be well-typed? After the first two instructions, the register file type will be $\{r1 : Int, r2 : Code\}$ , as it should be. Answer: depends on I'... Consider the code ``` I': jump r1; ``` Clearly the instruction sequence I' = jump r1 expects a label in r1 instead of an integer. Hence the code at I is not well-typed. #### Solution: With each instruction sequence, associate a register file type that is expected at the beginning of that instruction sequence. Secondly, enrich the notion of types. Instead of having a simple type Code for labels, we have types of the form $Code(\Gamma)$ where $\Gamma$ is a register file type. We further choose a type Top which is the super type of all types. In the previous example, the instruction sequence I' will have type ``` \{r1: \mathsf{Code}\{r1: \mathsf{Top}, r2: \mathsf{Top}\}\} ``` The instruction sequence I' expects r1 to contain label to some instruction sequence (I) which expects both registers to contain "anything". The instruction sequence I has type $\{r1 : Top, r2 : Top\}$ . After executing the first two instructions of I, the register file type becomes $\{r1: Int, r2: Code\{...\}\}$ . Hence the jump instruction doesn't type check. ``` au::= operand types \Gamma::= register file types \{ \mathsf{r1}: au_1, \dots, \mathsf{rk}: au_k \} Code(\Gamma) labels \Psi::= heap types \{ l_1: au_1, \dots, l_m: au_m \} ``` $$au::=$$ operand types $\Gamma::=$ register file types $$\{\mathsf{r1}:\tau_1,\ldots,\mathsf{rk}:\tau_k\}$$ Code $(\Gamma)$ labels $\Psi::=$ heap types $$\{l_1:\tau_1,\ldots,l_m:\tau_m\}$$ # Typing of operands The type judgment $$\Psi, \Gamma \vdash \nu : \tau$$ means: under heap type $\Psi$ and register file type $\Gamma$ , the operand $\nu$ has type $\tau$ . $$au::=$$ operand types $\Gamma::=$ register file types $$\{\mathsf{r1}:\tau_1,\ldots,\mathsf{rk}:\tau_k\}$$ Code $(\Gamma)$ labels $\Psi::=$ heap types $$\{l_1:\tau_1,\ldots,l_m:\tau_m\}$$ # Typing of operands The type judgment $$\Psi, \Gamma \vdash \nu : \tau$$ means: under heap type $\Psi$ and register file type $\Gamma$ , the operand $\nu$ has type $\tau$ . $$\Psi, \Gamma \vdash n : \mathsf{Int} \quad (\mathsf{T}\text{-}\mathsf{Int})$$ $$au::=$$ operand types $\Gamma::=$ register file types $$\{\mathsf{r1}:\tau_1,\ldots,\mathsf{rk}:\tau_k\}$$ Code $(\Gamma)$ labels $\Psi::=$ heap types $$\{l_1:\tau_1,\ldots,l_m:\tau_m\}$$ ### Typing of operands The type judgment $$\Psi, \Gamma \vdash \nu : \tau$$ means: under heap type $\Psi$ and register file type $\Gamma$ , the operand $\nu$ has type $\tau$ . $$\Psi, \Gamma \vdash n : Int \quad (T-Int)$$ $$\frac{l : \tau \in \Psi}{\Psi, \Gamma \vdash l : \tau} \quad (T-Lab)$$ $$\Psi, \Gamma \vdash r : \Gamma(r)$$ (T-Reg) $$\Psi, \Gamma \vdash r : \Gamma(r)$$ (T-Reg) $$\frac{\Psi, \Gamma \vdash \nu : \tau \qquad \tau' \sqsubseteq \tau}{\Psi, \Gamma \vdash \nu : \tau'} \text{ (T-Sub)}$$ $$\Psi, \Gamma \vdash r : \Gamma(r)$$ (T-Reg) $$\frac{\Psi, \Gamma \vdash \nu : \tau \qquad \tau' \sqsubseteq \tau}{\Psi, \Gamma \vdash \nu : \tau'} \text{ (T-Sub)}$$ where $$\tau \sqsubseteq_1 \tau$$ for every $\tau$ $$\tau \sqsubseteq_1 \mathsf{Top}$$ for every $\tau$ $$\mathsf{Code}(\Gamma_1) \sqsubseteq \mathsf{Code}(\Gamma_2) \quad \text{iff } \Gamma_1(r) \sqsubseteq_1 \Gamma_2(r) \text{ for every register } r$$ Top represents "any" type, hence can be replaced by any type. # Typing of instructions The type judgment $$\Psi \vdash \iota : \Gamma_1 \to \Gamma_2$$ means: under heap type $\Psi$ , the instruction $\iota$ modifies the register file type from $\Gamma_1$ to $\Gamma_2$ . # Typing of instructions The type judgment $$\Psi \vdash \iota : \Gamma_1 \to \Gamma_2$$ means: under heap type $\Psi$ , the instruction $\iota$ modifies the register file type from $\Gamma_1$ to $\Gamma_2$ . $$\frac{\Psi, \Gamma \vdash \nu : \tau}{\Psi \vdash r_{d} := \nu : \Gamma \to \Gamma \oplus \{r_{d} : \tau\}}$$ (T-Mov) # Typing of instructions The type judgment $$\Psi \vdash \iota : \Gamma_1 \to \Gamma_2$$ means: under heap type $\Psi$ , the instruction $\iota$ modifies the register file type from $\Gamma_1$ to $\Gamma_2$ . $$\frac{\Psi, \Gamma \vdash \nu : \tau}{\Psi \vdash r_{d} := \nu : \Gamma \to \Gamma \oplus \{r_{d} : \tau\}}$$ (T-Mov) $$\frac{\Psi, \Gamma \vdash r_s : \mathsf{Int} \qquad \Psi, \Gamma \vdash \nu : \mathsf{Int}}{\Psi \vdash r_d := r_s + \nu : \Gamma \to \Gamma \oplus \{r_d : \mathsf{Int}\}} \, (\mathsf{T}\text{-}\mathsf{Add})$$ The mov and add instructions modify the type of the destination register. $$\frac{\Psi, \Gamma \vdash r_s : \mathsf{Int} \qquad \Psi, \Gamma \vdash \nu : \mathsf{Code}(\Gamma)}{\Psi \vdash \mathsf{if} \ r_s \ \mathsf{jump} \ \nu : \Gamma \to \Gamma} \ (\mathsf{T}\text{-}\mathsf{If})$$ Both branches of the if instruction must have the same type. If the if condition fails then the next instruction is executed with register file of type $\Gamma$ . If the if condition succeeds then the jump should be to some instruction sequence which expects register file type $\Gamma$ . # Typing of instruction sequences The type judgment $$\Psi: I: \mathsf{Code}(\Gamma)$$ means: under heap type $\Psi$ , the instruction sequence I expects the register file to have type $\Gamma$ at the beginning. # Typing of instruction sequences The type judgment $$\Psi: I: \mathsf{Code}(\Gamma)$$ means: under heap type $\Psi$ , the instruction sequence I expects the register file to have type $\Gamma$ at the beginning. $$\frac{\Psi, \Gamma \vdash \nu : \mathsf{Code}(\Gamma)}{\Psi \vdash \mathsf{jump}\ \nu : \mathsf{Code}(\Gamma)} \ (\mathsf{T\text{-}Jump})$$ # Typing of instruction sequences The type judgment $$\Psi: I: \mathsf{Code}(\Gamma)$$ means: under heap type $\Psi$ , the instruction sequence I expects the register file to have type $\Gamma$ at the beginning. $$\frac{\Psi, \Gamma \vdash \nu : \mathsf{Code}(\Gamma)}{\Psi \vdash \mathsf{jump} \ \nu : \mathsf{Code}(\Gamma)} \ (\mathsf{T-Jump})$$ $$\frac{\Psi \vdash \iota : \Gamma_1 \to \Gamma_2 \qquad \Psi \vdash I : \mathsf{Code}(\Gamma_2)}{\Psi \vdash \iota ; I : \mathsf{Code}(\Gamma_1)} \text{ (T-Seq)}$$ # Typing of register files, heaps, and machine states $$\frac{\Psi, \_ \vdash R(\mathsf{r1}) : \Gamma(\mathsf{r1}) \qquad \dots \qquad \Psi, \_ \vdash R(\mathsf{rk}) : \Gamma(\mathsf{rk})}{\Psi \vdash R : \Gamma} \text{ (T-Regfile)}$$ \_ means that the register file type is irrelevant here # Typing of register files, heaps, and machine states $$\frac{\Psi, \_ \vdash R(\mathsf{r1}) : \Gamma(\mathsf{r1}) \qquad \dots \qquad \Psi, \_ \vdash R(\mathsf{rk}) : \Gamma(\mathsf{rk})}{\Psi \vdash R : \Gamma} \text{ (T-Regfile)}$$ \_ means that the register file type is irrelevant here $$\frac{\forall l \in dom(\Psi) \cdot \Psi \vdash H(l) : \Psi(l)}{\vdash H : \Psi} \text{ (T-Heap)}$$ $dom(\Psi)$ is the set of labels in the domain of $\Psi$ ## Typing of register files, heaps, and machine states $$\frac{\Psi, \_ \vdash R(\mathsf{r1}) : \Gamma(\mathsf{r1}) \qquad \dots \qquad \Psi, \_ \vdash R(\mathsf{rk}) : \Gamma(\mathsf{rk})}{\Psi \vdash R : \Gamma} \text{ (T-Regfile)}$$ \_ means that the register file type is irrelevant here $$\frac{\forall l \in dom(\Psi) \cdot \Psi \vdash \boldsymbol{H}(l) : \Psi(l)}{\vdash \boldsymbol{H} : \Psi} \text{ (T-Heap)}$$ $dom(\Psi)$ is the set of labels in the domain of $\Psi$ $$\frac{\vdash H : \Psi \qquad \Psi \vdash R : \Gamma \qquad \Psi \vdash I : \mathsf{Code}(\Gamma)}{\vdash (H, R, I)} \text{ (T-Mach)}$$ The last judgment means that (H, R, I) is a well-typed machine. ## Example $$l: \underline{r1} := l; \underline{r2} := l'; \underline{jump \ r2}$$ $l': \underline{\underline{jump \ r1}}$ We have the heap $H = \{I \mapsto I, I' \mapsto I'\}$ . $$\label{eq:Define heap type Psi} \begin{split} \text{Define heap type } \Psi = \left\{ \begin{array}{l} I: \mathsf{Code}\{\mathsf{r1}:\mathsf{Top},\mathsf{r2}:\mathsf{Top}\}, \\ I': \mathsf{Code}\{\mathsf{r1}:\Psi(\mathsf{I}),\mathsf{r2}:\mathsf{Top}\} \end{array} \right\} \end{split}$$ $$\Gamma_1 = \{ \mathsf{r1} : \mathsf{Top}, \mathsf{r2} : \mathsf{Top} \}$$ Define register file types $$\Gamma_2 = \{ \mathsf{r1} : \Psi(\mathsf{I}), \mathsf{r2} : \mathsf{Top} \}$$ $$\Gamma_3 = \{ \mathsf{r1} : \Psi(\mathsf{I}), \mathsf{r2} : \Psi(\mathsf{I}') \}$$ $$\begin{split} \frac{\textbf{I}: \mathsf{Code}\{\textbf{r1}: \mathsf{Top}, \textbf{r2}: \mathsf{Top}\} \in \Psi}{\Psi, \Gamma_1 \vdash \textbf{I}: \Psi(\textbf{I})} \, (\text{T-Lab}) \\ \frac{\Psi, \Gamma_1 \vdash \textbf{I}: \Psi(\textbf{I})}{\Psi \vdash \textbf{r1}:= \textbf{I}: \Gamma_1 \to \Gamma_2} \, (\text{T-Mov}) \end{split}$$ $$\frac{\mathsf{I} : \mathsf{Code}\{\mathsf{r1} : \mathsf{Top}, \mathsf{r2} : \mathsf{Top}\} \in \Psi}{\Psi, \Gamma_1 \vdash \mathsf{I} : \Psi(\mathsf{I})} \qquad \qquad \vdots \\ \frac{\Psi, \Gamma_1 \vdash \mathsf{I} : \Psi(\mathsf{I})}{\Psi \vdash \mathsf{r1} := \mathsf{I} : \Gamma_1 \to \Gamma_2} (\mathsf{T}\text{-Mov}) \qquad \qquad \Psi \vdash \mathsf{r2} := \mathsf{I}' : \Gamma_2 \to \Gamma_3$$ ``` \begin{split} \frac{\mathsf{I}:\mathsf{Code}\{\mathsf{r1}:\mathsf{Top},\mathsf{r2}:\mathsf{Top}\} \in \Psi}{\Psi,\Gamma_1 \vdash \mathsf{I}:\Psi(\mathsf{I})} & \qquad \vdots \\ \frac{\Psi,\Gamma_1 \vdash \mathsf{I}:\Psi(\mathsf{I})}{\Psi \vdash \mathsf{r1}:=\mathsf{I}:\Gamma_1 \to \Gamma_2} & (\mathsf{T}\text{-Mov}) & \qquad \Psi \vdash \mathsf{r2}:=\mathsf{I}':\Gamma_2 \to \Gamma_3 \\ & \qquad \frac{\Psi,\Gamma_3 \vdash \mathsf{r2}:\Psi(\mathsf{I}') \quad \mathsf{Code}(\Gamma_3) \sqsubseteq \Psi(\mathsf{I}')}{\Psi,\Gamma_3 \vdash \mathsf{r2}:\mathsf{Code}(\Gamma_3)} & (\mathsf{T}\text{-Sub}) \\ & \qquad \frac{\Psi,\Gamma_3 \vdash \mathsf{r2}:\mathsf{Code}(\Gamma_3)}{\Psi \vdash \mathsf{jump}\;\mathsf{r2}:\mathsf{Code}(\Gamma_3)} & (\mathsf{T}\text{-Jump}) \end{split} ``` $$\sqsubseteq \Psi(\mathsf{I'}) = \mathsf{Code}\{\mathsf{r1} : \Psi(\mathsf{I}), \quad \mathsf{r2} : \mathsf{Top}\}$$ because $\Psi(\mathsf{I}) \sqsubseteq_1 \Psi(\mathsf{I})$ and $\Psi(\mathsf{I'}) \sqsubseteq_1 \mathsf{Top}$ . $\mathsf{Code}(\Gamma_3) = \mathsf{Code}\{\mathsf{r1}: \Psi(\mathsf{I}), \mathsf{r2}: \Psi(\mathsf{I}')\}$ $$\begin{array}{c} \vdots \\ \underline{\Psi : \mathsf{r2} := \mathsf{l}' : \Gamma_2 \to \Gamma_3 \quad \Psi \vdash \mathsf{jump} \; \mathsf{r2} : \mathsf{Code}(\Gamma_3)} \\ \underline{\Psi \vdash \mathsf{r1} := \mathsf{l} : \Gamma_1 \to \Gamma_2 \quad \Psi \vdash \mathsf{r2} := \mathsf{l}'; \; \mathsf{jump} \; \mathsf{r2} : \mathsf{Code}(\Gamma_2)} \\ \underline{\Psi \vdash I : \mathsf{Code}(\Gamma_1)} \end{array} (\mathsf{T}\text{-Seq})$$ This proves claim 1. $$\vdots \\ \underline{\Psi \vdash \mathbf{r1} := \mathbf{l} : \Gamma_1 \to \Gamma_2} \qquad \underline{\Psi : \mathbf{r2} := \mathbf{l}' : \Gamma_2 \to \Gamma_3 \qquad \Psi \vdash \mathsf{jump} \ \mathbf{r2} : \mathsf{Code}(\Gamma_3)}_{ \Psi \vdash \mathbf{r2} := \mathbf{l}'; \ \mathsf{jump} \ \mathbf{r2} : \mathsf{Code}(\Gamma_2)}_{ (T\text{-Seq})}$$ This proves claim 1. claim 2: $$\Psi \vdash I' : \mathsf{Code}(\Gamma_2)$$ $$\frac{\Psi, \Gamma_2 \vdash \textbf{r1} : \Psi(\textbf{I}) \quad \mathsf{Code}(\Gamma_2) \sqsubseteq \Psi(\textbf{I})}{\Psi, \Gamma_2 \vdash \textbf{r1} : \mathsf{Code}(\Gamma_2)} \underbrace{(T\text{-Sub})}{\Psi \vdash \mathsf{jump r1} : \mathsf{Code}(\Gamma_2)}$$ ``` Recall that H = \{I \mapsto I, I' \mapsto I'\} and \Psi = \{I : \mathsf{Code}(\Gamma_1), I' : \mathsf{Code}(\Gamma_2)\}. \vdots \qquad \vdots \qquad \vdots \\ \Psi \vdash I : \mathsf{Code}(\Gamma_1) \qquad \Psi \vdash I' : \mathsf{Code}(\Gamma_2) \\ \vdash H : \Psi \qquad \qquad (\text{T-Heap}) ``` Recall that $$H = \{I \mapsto I, I' \mapsto I'\}$$ and $\Psi = \{I : \mathsf{Code}(\Gamma_1), I' : \mathsf{Code}(\Gamma_2)\}.$ $$\vdots \qquad \vdots \\ \Psi \vdash I : \mathsf{Code}(\Gamma_1) \qquad \Psi \vdash I' : \mathsf{Code}(\Gamma_2) \\ \vdash H : \Psi \qquad (\text{T-Heap})$$ ## Well typing of register file Suppose we want to start running the machine with the register file $$R = \{\mathsf{r1} \mapsto \mathsf{0}, \mathsf{r2} \mapsto \mathsf{0}\}$$ Recall that $$H = \{ \mathsf{I} \mapsto I, \mathsf{I'} \mapsto I' \}$$ and $\Psi = \{ \mathsf{I} : \mathsf{Code}(\Gamma_1), \mathsf{I'} : \mathsf{Code}(\Gamma_2) \}.$ $$\vdots \qquad \vdots \qquad \vdots \\ \Psi \vdash I : \mathsf{Code}(\Gamma_1) \qquad \Psi \vdash I' : \mathsf{Code}(\Gamma_2) \\ \vdash H : \Psi$$ (T-Heap) ## Well typing of register file Suppose we want to start running the machine with the register file $$R = \{\mathsf{r1} \mapsto \mathsf{0}, \mathsf{r2} \mapsto \mathsf{0}\}$$ Define register file type $\Gamma = \{r1 : Int, r2 : Int\}$ Recall that $$H = \{ \mathsf{I} \mapsto I, \mathsf{I}' \mapsto I' \}$$ and $\Psi = \{ \mathsf{I} : \mathsf{Code}(\Gamma_1), \mathsf{I}' : \mathsf{Code}(\Gamma_2) \}.$ $$\vdots \qquad \vdots \qquad \vdots \\ \Psi \vdash I : \mathsf{Code}(\Gamma_1) \qquad \Psi \vdash I' : \mathsf{Code}(\Gamma_2) \\ \vdash H : \Psi$$ (T-Heap) ## Well typing of register file Suppose we want to start running the machine with the register file $$R = \{\mathsf{r1} \mapsto \mathsf{0}, \mathsf{r2} \mapsto \mathsf{0}\}$$ Define register file type $\Gamma = \{r1 : lnt, r2 : lnt\}$ $$\frac{\overline{\Psi, \_\vdash 0 : \mathsf{Int}} \text{ (T-Int)}}{\Psi, \_\vdash 0 : \mathsf{Int}} \frac{\overline{\Psi, \_\vdash 0 : \mathsf{Int}}}{\Psi \vdash R : \Gamma} \text{ (T-Int)}$$ Suppose the initial instruction sequence we want to execute is I. We have shown that $\Psi \vdash I : \mathsf{Code}(\Gamma_1)$ (claim 1). Similarly we show $\Psi \vdash I : \mathsf{Code}(\Gamma)$ . Suppose the initial instruction sequence we want to execute is I. We have shown that $\Psi \vdash I : \mathsf{Code}(\Gamma_1)$ (claim 1). Similarly we show $\Psi \vdash I : \mathsf{Code}(\Gamma)$ . Finally, well typing of the machine $$\frac{\vdots}{\vdash \boldsymbol{H}: \Psi} \quad \begin{array}{c} \vdots \\ \Psi \vdash \boldsymbol{R}: \Gamma \\ \hline \\ \vdash (\boldsymbol{H}, \boldsymbol{R}, \boldsymbol{I}) \end{array} \end{array} (\text{T-Mach})$$ $$l1 : r1 := l2; r2 := r1 + 1; \dots$$ $$13 : r1 := 5; jump r1$$ $$l1: r1 := l2; r2 := r1 + 1; \dots$$ $$13 : r1 := 5; jump r1$$ • We haven't discussed how to check if a machine is well typed. Alternative: use proof carrying code. ``` 11 : r1 := 12; r2 := r1 + 1; \dots 13 : r1 := 5; jump r1 ``` - We haven't discussed how to check if a machine is well typed. Alternative: use proof carrying code. - It is straightforward to translate TAL-0 programs to code for some real processor. If the TAL-0 program is well-typed then the translated code will behave properly. ``` l1 : r1 := l2; r2 := r1 + 1; \dots l3 : r1 := 5; jump r1 ``` - We haven't discussed how to check if a machine is well typed. Alternative: use proof carrying code. - It is straightforward to translate TAL-0 programs to code for some real processor. If the TAL-0 program is well-typed then the translated code will behave properly. ... for that we of course need to prove type safety for TAL-0 ... # Type safety for TAL-0 "well typed machines do not get stuck" Progress: If $\vdash M$ then there is some M' such that $M \to M'$ . Preservation: If $\vdash M$ and $M \to M'$ then $\vdash M'$ .