Programing Languages Semantics: Lecture #5
Page 1 of 10
Programming Languages Semantics / Mooly Sagiv, Eran Yahav
Lecture #5, 27-Mar-2003: Denotational Semantics - part 2
Notes by: Daniel Urieli
Denotational semantics (continued)
In this lecture we are going to achieve an important goal:
Proving the equivalence between the Operational Semantics and the Denotational
Semantics. The techniques we are going to use are useful beyond the frame of our
discussion and have important applications in other fields of mathematics.
Let’s remember we defined the following semantic functions by structural induction:
A: Aexp  (N)
B: Bexp  (T)
C: Com  ()
For each arithmetic expression we matched a total function that given a state returns an
integer value which is the value of the expression in that state. Similarly, for each
Boolean expression we matched a total function that given a state returns a truth value
which is the value of the Boolean expression in that state. Finally for each command we
matched a partial function that given a state returns the next state that results after
executing the command (only if it is defined on that state. It could be that the
computation never terminates, in that case the function is not defined on such states).
Notice that the denotational semantics is defined completely by structural induction. This
is in contrast with our definition of the operational semantics, where the semantics of
while b do c was defined recursively (the while loop reappears in the premise of the rule
for while derivation), and therefore when we proved properties about while we could not
use structural induction, but rather we used an induction on the computation.
Now we prove the equivalence of semantics. We first check the operational and
denotational semantics agree on the evaluation of expressions:
Lemma 5.3
For all a  Aexp
Aa = { (, n) | <a, >  n}
Proof:
Programing Languages Semantics: Lecture #5
Page 2 of 10
We prove the lemma by structural induction. We would like to prove for all arithmetic
expression aAexp the property P(a), where P(a)  def Aa = { (, n) | <a, >  n}.
The prove splits into cases according to the structure of an arithmetic expression a.
a  m:
------
 Suppose (, n)  Am. By the definition of Am we have    and n  m.
Clearly |= <m, >  m and thus <m, >  n.
 Suppose |=<m, >  n. The only possible derivation is when n  m. Clearly (, m) 
Am and so (, n)  Am.
a  X:
------
 Suppose (, n)  AX. By the definition of AX we have    and n  (X).
Clearly there is a derivation for <X, >  (X), meaning |= <X, >  n.
 Suppose there is a derivation for <X, >  n. The only possible derivation is when
n  (X). By definition, (, (X))  AX meaning (, n)  AX.
a  a0  a1 :
-----------
 Suppose (, n)  A a0  a1 . By the definition of A a0  a1  we have n = n0  n1
where (, n0 )A a0  and (, n1 ) A a1 . By the induction assumption ( P( a 0 ) and
P( a1 ) ) there is a derivation for < a0 , >  n0 and for < a1 , >  n1 . We can derive
 a0 ,   n0
 a1,  n1
< a0  a1 , >  n using the rule
(*) , since n = n0  n1 .
 a0  a1 ,   n
 Suppose there is a derivation for  a0  a1 ,   n . The last rule used in the
derivation must be the rule (*). By the induction assumption ( P( a 0 ) and P( a1 ) ) we
obtain (, n0 ) A a0  and (, n1 ) A a1 . By definition of A a0  a1  we have (,
n0  n1 ) A a0  a1 . Since n  n0  n1 we get (, n)  A a0  a1 .
The cases when a  a0  a1 and a  a0  a1 are similar to this case. Hence we get Aa = {
(, n) | <a, >  n} for all arithmetic expression, meaning the Denotational Semantics is
equivalent to the Operational Semantics on arithmetic expressions.

Next, we prove the equivalence between semantics on Boolean expressions.
Lemma 5.4
Programing Languages Semantics: Lecture #5
Page 3 of 10
For all b  Bexp
Bb = {(, t) | <b, >  t}
Proof:
Again, we will prove it using structural induction. We would like to prove for all Boolean
expression b  Bexp the property P(b), where P(b)  def Bb = {(, t) | <b, >  t}.
The prove splits into cases according to the structure of a Boolean expression b.
b  true:
---------
 Suppose (,t)  Btrue (which is Bb). By the definition of Btrue we have
t  true. We have the derivation <true, >true, which is exactly the derivation for <b,
>t.
 Suppose |= <true, >t. Then the only possible derivation is when t is true. By
definition <,true>  Btrue, meaning <,t> Btrue (which is Bb).
b  false:
---------This case is similar to the previous case.
b  a0  a1 :
------------
 Suppose (, t)  B a0  a1 . There are two possibilities:

t  true. In that case A a0  = A a1  . Let n be A a0 . It means <,n> 
A a0  and <,n>  A a1 . By lemma 5.3 (equivalence for arithmetic
expressions evaluation) we obtain there is a derivation for < a0 , > n, and for
 a0 ,   n
 a1 ,   n
< a1 , > n. We can use the rule
(*) to get the
 a0  a1 ,   true
derivation for < a0  a1 ,>true, which is <b, >t.

t  false. In that case A a0   A a1 . Let n be A a0  and m be A a1 . It
means <,n>  A a0  and <,m>  A a1 . By lemma 5.3 we obtain there are
derivations for < a0 , >n and < a1 ,>m. As we saw, n  m. We can use the
 a0 ,   n  a1 ,   m
rule
(**) to get the derivation for
 a0  a1 ,   false
< a0  a1 ,>false, which is <b, >t.
Programing Languages Semantics: Lecture #5
Page 4 of 10
 Suppose |= < a0  a1 , >t. Then the last rule used in the derivation must have been
(*) or (**).
If the last rule used in the derivation was (*), then t  true and we have derivations for
< a0 ,>n and < a1 ,>n. By lemma 5.3 we obtain (,n)  A a0  and (,n)  A a1 ,
meaning A a0  = A a1 . By the definition of B a0  a1  conclude that (, true) 
B a0  a1 , which is exactly (, t)  B a0  a1 .
If the last rule used in the derivation was (**), t  false and we have derivations for
< a0 ,>n and < a1 ,>m where n  m. By lemma 5.3 we obtain (,n)  A a0  and
(,m)  A a1 , meaning A a0   A a1 . By the definition of B a0  a1  conclude
that (, false)  B a0  a1 , which is exactly (, t)  B a0  a1 .
b  a0  a1 :
-----------the prove is similar to the previous case.
b  b0 :
---------
 Suppose (,t)  B b0 . Then t  T t0 where t 0 = B b0 . Hence (, t 0 )  B b0 .
By the induction assumption ( P( b0 ) ), there is a derivation for < b0 , >  t 0 . We can use
 b0 ,   t0
the rule
to get a derivation for < b0 , >  T t0 , which is <b,>t.
 b0 ,   T t0
 Suppose |= < b0 ,>t. The last rule of the derivation must have
 b ,   T t
been 0
. By the induction assumption ( (P( b0 ) ) we get (, T t )B b0 . By
 b0 ,   t
the definition of B b0  we obtain (, t) B b0 .
b  b0  b1 :
------------
 Suppose (,t)  B b0  b1 . Then t  t0 T t1 where (, t 0 )  B b0  and (, t1 ) 
B b1 . By the induction assumption there are derivations for < b0 ,> t 0 and
 b0 ,   t0
 b1 ,   t1
< b1 ,> t1 . We can use the rule
to complete the
 b0  b1 ,   t0 T t1
derivation of < b0  b1 ,>t.
Programing Languages Semantics: Lecture #5
Page 5 of 10
 Suppose there is a derivation for < b0  b1 ,>t. Then the last rule of the derivation
 b0,  t0
 b1 ,   t1
must have been
where t  t0 T t1 . By the induction
 b0  b1 ,   t
assumption we obtain (, t 0 )B b0  and (, t1 )B b1 . From the definition of
B b0  b1  we get (, t0 T t1 )B b0  b1 , meaning (,t)  B b0  b1 .
b  b0  b1 :
-----------The proof is similar to the previous case.

This completes the proof of lemma 5.4. We have seen that the operational semantics and
the denotational semantics are equivalent on Boolean expressions as well. Notice that
during the proof we relied on our previous proof of equivalence on arithmetic expressions
(lemma 5.3).
Now we can check that the denotational semantics of commands agrees with their
operational semantics. We will prove each direction separately. There is an interesting
point here about the definition of the denotational semantics of the while expression. We
defined it using a mathematical function ( ) . We chose the meaning of while as the
least fixed point of that function. Seemingly we could choose any other fix point, but here
we are going to see the reason for choosing the least fixed point. This will take an
important role during the proof of equivalence between the semantics (theorem 5.7).
Let’s start with the easier direction:
Lemma 5.6
For all commands c  Com and states , ’
|= <c, >  ’  < , ’>  Cc
Proof:
The proof is done through rule-induction on the operational semantics of commands.
Notice we are not using structural induction, since as we mentioned, the operational
semantics of commands is not defined by structural induction.
First we define for cCom and ,’   the property P(c, , ’)  def (,’)  Cc.
Programing Languages Semantics: Lecture #5
Page 6 of 10
Remark: Notice that here P is not defined as a property of c, as in the previous lemmas,
since it is not a structural induction on the structure of c, but an induction on the
derivation of tuples.
We would like to show that P is closed under the rules for execution of commands and if
we show it then <c, >  ’  P(c, , ’) is true for every c,  and ’.
Again, the proof splits into cases:
c  skip:
--------In that case we have |= <skip, >  ’. Obviously   ’. By the definition of Cskip
(,)Cskip and therefore P(skip, , ).
c  X:=a:
---------In that case we have |= <X:=a, >  ’. The last rule used in the derivation is the rule
 a,   m
. Therefore |=<a,>m. By lemma 5.3 we obtain (,m) 
 X : a,    [m / X ]
Aa, or m = Aa . By the definition of CX:=a, (,[m/X])  CX:=a. But
'  [m/X] and therefore (,’)  CX:=a, or P(X:=a, , ’).
c  c0 ; c1 :
---------We are given that |= < c0 ; c1 , >’. Then we know there exists ” such that
|=< c0 ,>” and |=< c1 ,”>’. By the induction assumption we have P( c0 ,,”) and
P( c1 ,”,’). By the definition of P it means (,”)C c0  and (”,’) C c1 .
Therefore (,’)  C c0  C c1 . Since C c0 ; c1   C c0  C c1 , then (,’) 
C c0 ; c1 , or P( c0 ; c1 ,,’).
c  if b then c0 else c1 :
------------------------We are given |= < if b then c0 else c1 ,>’.
There are two cases, <b,>true or <b,>false. We will prove the first case, and the
second is totally symmetric.
Programing Languages Semantics: Lecture #5
Page 7 of 10
In the first case we have |=<b,>true and |=< c0 ,>’. From lemma 5.4 we know
(,true)Bb, or Bb = true. From the induction assumption we know (,’)
C c0 . By definition of C if b then c0 else c1  we get (,’) C if b then c0 else c1 .
This proves the first case, and the proof for the other case is similar.
c  while b do c0 :
-----------------We are given |= <while b do c0 , >’. There are two cases: |=<b,>false or
|=<b,>true.
If |= <b,>false then   ’. Also, by lemma 5.4 we have (,false)Bb, or Bb =
false. Cwhile b do c0  is the least fixed point of the function ( ) . We showed that the
least fixed point of ( ) is
i () . Notice that since Bb = false (,) 1 () and
iw
i () = Cwhile b do c0  and since   ’ we get (,’) Cwhile
therefore (,)
iw
b do c0 .
Remark:
We could use weaker assumption here. We do not have to use the fact that this is the least
fixed point. The fact that it is a fixed point is enough. Notice that if Bb = false then
(,) ( ) for every  . Since  = Cwhile b do c0  is a fixed point then
(,) ( ) =  .
The other case is when |= <b,>true, |= < c0 , >” and |= <while b do c0 , ”>’.
From lemma 5.4 we know Bb = true. From the induction assumption we know that
P( c0 ,  ,  “), meaning (,”)C c0 . We also know from the induction assumption
that P(while b do c0 , ”,’), meaning (”,’) Cwhile b do c0 . From relation
composition we get (,’)  Cwhile b do c0  C c0 . Now, together with the fact that
Bb = true we can conclude that (,’)   ( Cwhile b do c0 ).
But since Cwhile b do c0  is a fixed point of  we get (,’)   ( Cwhile b do c0 )
= Cwhile b do c0 .
Hence the lemma is proved.

Again, also in the second case we didn’t use the fact that it is the least fixed point, only
the fact that it is a fixed point. The fact that it is a least fixed point will take an important
role during the proof of the opposite direction.
Notice that we could shorten the proof by relying on the fact that while b do c0 is
equivalent to if b then( c0 ; while b do c0 ) else skip and then the proof was
straightforward.
Programing Languages Semantics: Lecture #5
Page 8 of 10
The next theorem is completes the proof of equivalence between operational semantics
and denotational semantics on commands. We will prove it using structural induction,
with a use of mathematical induction in one case, which is, as you probably guessed, the
while case…
Theorem 5.7
For all commands cCom
Cc = {(,’) | <c, >’}
Proof:
The theorem is equivalent to the argument
(,’) Cc  <c, >’
lemma 5.6 proved the  direction. Now we prove the  direction.
We prove it by structural induction on commands. The prove split into cases according
the command’s type:
c  skip:
--------Suppose (,’) Cskip. Then by the definition of Cskip we get   ’. Hence there
is a derivation for <skip, >’ using the rule <skip, >.
c  X:=a:
---------Suppose (,’)  CX:=a. Then by the definition of CX:=a we have ’  [n/X]
where n = Aa. From lemma 5.3 we have a derivation for <a, >n. We can derive
 a,   n
<X:=a,> ’using the rule
.
 X : a,    [n / X ]
c  c0 ; c1 :
---------Suppose (,’)  C c0 ; c1  = C c1  C c0 . Then there exists ” such that
(,”)C c0  and (”,’)C c1 . By the induction assumption we get there are
derivations for < c0 ,>” and for < c1 ,”>’. From these two rules when can derive
< c0 ; c1 ,>’ using the operational semantics rule for c0 ; c1 .
c  if b then c0 else c1 :
---------------------------
Programing Languages Semantics: Lecture #5
Page 9 of 10
Suppose (,’)  Cif b then c0 else c1 . By the definition of Cif b then c0 else c1 
there are two cases. Either Bb = true and (,’)  C c0  or Bb = false and
(,’)  C c1 .
In the first case Bb = true and using lemma 5.4 we have a derivation for
<b,>true. From the induction assumption we get there is a derivation for
< c0 ,>’. We can now derive < if b then c0 else c1 , > ’ using the operational
semantics rule for if b then c0 else c1 with the case that b is true.
The other case is proved the same way.
c  while b do c0 :
-------------------Suppose (,’)  Cwhile b do c0  = fix(  ), where fix(  ) is the least fixed point of  .
Define  n   n ( ) . We have already seen fix(  ) can be defined constructively in the
 n . We are going to use that fact in order to show by
following special way: fix(  ) 
nw
mathematical induction that  ,  ' . ( ,  ')  n  c,    ' for all n (It would
then follow that (,’)  Cwhile b do c0   <c, >’, since if (,’)  Cwhile b
 n then there exists some n such that (,’)   n and so there
do c0   fix(  ) 
nw
would exist a derivation for <c, >’).
Notice that  0   and
 n 1 = {(,’) | Bb = true & (,’)   n C c0 }
{(,) | Bb = false}.
The base case is when n = 0: in that case  0 =  so the argument is vacuously true.
The induction step: we assume  ,  ' . ( ,  ')  n  c,    ' for some n and
try to prove it for n+1. So, (,’)   n 1 . Equivalently (,’)  ( n ) .
There are two cases: Either
(i) Bb = true and ( ,  ')  n C c0 ,or
(ii) Bb = false and ’=.
We start with the second case:
(ii) In that case from lemma 5.4 there is a derivation for <b,>false. Since  = ’ we
 b,   false
can use the ‘false rule’ of operational semantics of while (
) to
 while b do c0 ,   
get a derivation, without even using the induction assumption.
And the first case:
Programing Languages Semantics: Lecture #5
Page 10 of 10
(i) In that case we get from lemma 5.4 that there is a derivation for <b, >true(*).
Since ( ,  ')  n C c0  there exists ” such that (,”)C c0  and (”,)  n . From
the structural induction assumption we get that there is a derivation for < c0 ,>”(*).
From the mathematical induction we get that there is a derivation for <while b do
c0 ,”>’ (*). From the three (*)’s we get the derivation for <while b do c0 ,>’.

This completes the proof of Theorem 5.7, and the whole proof of equivalence between
operational semantics and denotational semantics.
We have counted on the fact that Cwhile b do c0  is the least fixed point of  , and on
the fact that being a least fixed point of an operator on sets which is determined by rule
instances it has the representation of a countable union which makes it possible to use
mathematical induction in the proof. Intuitively, the meaning of  n is exactly all the
while computations that terminates after at most n iterations, and in other words, all the
while derivations that can be derived by the operational semantics’ rules with at most n
steps. In fact we have shown equality between to sets, so of course any other set (other
fixed point in that case) cannot satisfy this equality. Had we chosen any fixed point, we
would have couples (,’)Cwhile b do c0  that cannot be derived using operational
semantics.