Naïve Set Theory » Patrick Cousot Jerome C

« Mathematical foundations: (1) Naïve set theory » Patrick Cousot Jerome C. Hunsaker Visiting Professor Massachusetts Institute of Technology Department of Aeronautics and Astronautics cousot mit edu www.mit.edu/~cousot Course 16.399: “Abstract interpretation” Georg F. Cantor http://web.mit.edu/afs/athena.mit.edu/course/16/16.399/www/ Reference [1] Cantor, G., 1932, “Gesammelte Abhandlungen mathematischen und philosohischen Inhalts”, E. Zermelo, Ed. Berlin: Springer-Verlag.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—1—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—3—[] ¨ — £££I ľ P. Cousot, 2005

Set theory –Innaïve set theory everything is a set, including the empty set ;; So any collection of objects can be re- garded as a single entity (i.e. a set) Sets –Aset is a collection of elements which are sets (but sets in sets in sets . . . cannot go for ever); – In practice one consider a universe of objects (which are not sets and called atoms) out of which are built

sets of objects, set of sets of objects, etc. x§

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—2—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—4—[] ¨ — £££I ľ P. Cousot, 2005 Membership Additional notations are as follows: def – a 2 x means that the object a belongs to/is an element P _ Q = :((:P ) ^ (:Q)) “P or Q” def of the set x P =) Q =(:P ) _ Q “P implies Q” def – a 62 x means that the object a does not belong to/is P () Q =(P =) Q) ^ (Q =) P ) “P iff 1Q” def not an element of the set x: P _ Q =(P _ Q) ^:(P ^ Q) “P exclusive or Q” def def (a 62 x) = :(a 2 x) 9x : P = :(8x :(:P )) “there exists x such that P ” def 9a 2 S : P = 9a : a 2 S ^ P def 9a1;a2;:::;an 2 S : P = 9a1 2 S : 9a2;:::;an 2 S : P def 8a 2 S : P = 8a :(a 2 S)=) P def 8a1;a2;:::;an 2 S : P = 8a1 2 S : 8a2;:::;an 2 S : P 1 if and only if

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—5—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—7—[] ¨ — £££I ľ P. Cousot, 2005

Logical symbols Comparison of sets If P , Q, . . . are logical statements about sets, then we def use the following abbreviations: x „ y = 8a :(a 2 x =) a 2 y) inclusion def – P ^ Q abbreviates “P and Q” x « y = y „ x superset def – :P abbreviates “not P ” x = y =(x „ y) ^ (y „ x) equality def – 8x : P abbreviates “forall x, P ” x 6= y = :(x = y) inequality def x  y =(x „ y) ^ (x 6= y) strict inclusion def x ff y =(x « y) ^ (x 6= y) strict superset

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—6—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—8—[] ¨ — £££I ľ P. Cousot, 2005 Operations on sets Set theoretic laws Intuition provided by Venn diagrams but better proved def (z = x [ y) = 8a :(a 2 z) , (a 2 x _ a 2 y) union formally from the definitions. def x [ x = x (z = x \ y) = 8a :(a 2 z) , (a 2 x ^ a 2 y) intersection x \ x = x def (z = x n y) = 8a :(a 2 z) , (a 2 x ^ a 62 y) difference x „ x [ y upper bound x \ y „ x lower bound x [ y = y [ x commutativity x \ y = y \ x (x „ z) ^ (y „ z)=) (x [ y) „ z lub 2 (z „ x) ^ (z „ y)=) z „ (x \ y) glb 3

2 lub: least upper bound. 3 glb: greatest lower bound

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—9—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—11—[] ¨ — £££I ľ P. Cousot, 2005

Partial order x [ (y [ z)=(x [ y) [ z associativity „ is a partial order in that: x \ (y \ z)=(x \ y) [ z x [ (y \ z)=(x [ y) \ (x [ z) distributivity x „ x reflexivity x \ (y [ z)=(x \ y) [ (x \ z) (x „ y ^ y „ x)=) (x = y) antisymetry x „ y () (x [ y)=y (x „ y) ^ (y „ z)=) (x „ z) transitivity (x \ y)=x x n y = x n (x \ y)  is a strict partial order in that: z n (z n x)=x x „ y () (z n y) „ (z n x) :(x  x) irrreflexivity x [ (z n x)=z (x  y) ^ (y  z)=) (x  z) transitivity z n (x [ y)=(z n x) \ (z n y) z n (x \ y)=(z n x) [ (z n y)

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—10—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—12—[] ¨ — £££I ľ P. Cousot, 2005 Empty set – 8a :(a 62;) Definition of the empty set – The emptyset is unique 4. – Emptyset laws: Operations on set x n;= x ;„x x n x = ; x [; = x x \ (y n x)=; x \; = ;

4 [8a:(a 62 x)] =) [(8a :(a 62 x)=) (a 62;)) ^ (8a :(a 62;)=) (a 62 x))] =) [(8a :(a 2;)=) (a 2 x)) ^ (8a :(a 2 x)=) (at 2;))] =) [;„x ^ x „;]=) [x = ;].

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—13—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—15—[] ¨ — £££I ľ P. Cousot, 2005

Notations for sets Pairs def – Definitions in extension: – ha; bi = ffag; fa; bgg 5 - ; Empty set – ha; bi1 = a first projection 6 - fag Singleton – ha; bi2 = b second projection - fa; bg Doubleton (a 6= b) – x0, x1 undefined for non-pairs - fa1;:::;ang Finite set - fa1;:::;an;:::g Infinite set – Definition in comprehension: - fa j P (a)g Examples: x [ y = fa j a 2 x _ a 2 yg ST ST S 5 def x \ y = fa j a 2 x ^ a 2 yg Other notationsS are ha;T bi:1, ha; bi#1,... Formally ha; bi1 SS= ha; bi SS= ffag; Sfa; bgg = fag = a. 6 def SFormally, ifT ha; bi = ha; bi then a = b whence ha; bi2 = S hSa; bi = Tffbgg = fSbgS= b.Otherwise x n y = fa j a 2 x ^ a 62 yg def T ha; bi 6= ha; bSi thatS is a 6= b,inwhichcaseS ha; bi2 = ( ha; bin ha; bi)= ( ffag; fa; bgg n ffag; fa; bgg)= ( fa; bgnfag)= fbg = b.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—14—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—16—[] ¨ — £££I ľ P. Cousot, 2005 Tuples Powerset def def – }(x) = fy j y „ xg powerset – ha1; :::; an+1i = hha1; :::; ani;an+1i tuple S def – y def= a x y : a x Union – ha1; :::; anii = ai i =1;:::;n projection f j9 2 2 g T def –Law: – y = fa j8x 2 y : a 2 xg Intersection 0 0 0 0 ha1; :::; ani = ha1; :::; ani,a1 = a1^:::^an = an –Laws: [ \ x [ y = fx; yg fxg = x \ [ x \ y = fx; yg ; = ; [ \ fxg = x ; = fa j trueg Universe

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—17—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—19—[] ¨ — £££I ľ P. Cousot, 2005

Cartesian product Families (indexed set of sets) def – x ˆ y = fha; bija 2 x ^ b 2 yg – x = fyi j i 2 Ig I indexing set for the elements of x S def S def – y = x – x1 ˆ :::ˆ xn+1 =(x1 ˆ :::ˆ xn) ˆ xn+1 so i2I i = fa j9i 2 I : a 2 yig x1 ˆ:::ˆxn = fha1; :::; anija1 2 x1 ^:::^an 2 xng T T n def – y def= x – x = |x ˆ :::{z ˆ x} i2I i n times = fa j8i 2 I : a 2 yig def –Laws: [ – x0 = ; 8i 2 I :(xi „ y)=) ( xi „ y) i2I \ 8i 2 I :(y „ xi)=) (y „ xi) i2I

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—18—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—20—[] ¨ — £££I ľ P. Cousot, 2005 [ [ [ Relations (xi [ yi)=( xi) [ ( yi) – r „ x unary relation on x i\2I i\2I i\2I – r „ x ˆ y binary relation (xi \ yi)=( xi) \ ( yi) i2[I i[2I i2I – r „ x1 ˆ :::ˆ xn n-ary relation (xi \ y)=( (xi) \ y – Graphical representation of a relation r on a finite set i\2I i\2I x: (xi [ y)=( (xi) [ y r i2I [ [i2I z n xi = (z n xi) › elements of the set x i\2I i\2I a b z n xi = (z n xi) ›`!› ha; bi2r i2I i2I Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—21—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—23—[] ¨ — £££I ľ P. Cousot, 2005

Notations for relations

–Ifr „ x1 ˆ :::ˆ xn then we use the notation:

def r(a ;:::;a ) = ha ; :::; a i2r Relations 1 n 1 n – In the specific case of binary relation, we also use:

def arb = ha; bi2r example: 5 » 7 r def a `! b = ha; bi2r

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—22—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—24—[] ¨ — £££I ľ P. Cousot, 2005 Properties of binary relations Let r „ x ˆ x be a binary relation on the set x – 8a 2 x :(ara) reflexive – 8a; b 2 x :(arb) () (bra) symmetric Reflexive transitive closure – 8a; b 2 x :(arb^ a 6= b)=):(bra) antisymmetric – 8a; b 2 x :(a 6= b)=) (arb_ bra) connected – 8a; b; c 2 x :(arb) ^ (brc)=) (arc) transitive

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—25—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—27—[] ¨ — £££I ľ P. Cousot, 2005

Operations on relations Reflexive transitive closure of a relation – ; empty relation Let r be a relation on x: def – r0 def= 1 powers – 1x = fha; aija 2 xg identity x def `1 def – rn+1 = rn ‹ r (= r ‹ rn) – r = fhb; aijha; bi2rg inverse S ? def n def – r = N r reflexive transitive closure – r1 ‹ r2 = fha; cij9b : ha; bi2r1 ^hb; ci2r2g Sn2 + def n composition – r = n2Nnf0g r strict transitive closure ? + – set operations r1 [ r2, r1 \ r2, r1 n r2 so r = r [ 1x

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—26—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—28—[] ¨ — £££I ľ P. Cousot, 2005 Example of relation Equational definition of the reflexive transitive closure ? ? t – t = 1x [ t ‹ t Proof.

t? [ = tn
def. t? n2N [ = t0 [ tn
isolating t0 n2Nnf0g

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—29—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—31—[] ¨ — £££I ľ P. Cousot, 2005

[ k+1 0 The reflexive transitive closure of the example relation = 1x [ t
def. t and k +1=n N ? k[2 t k = 1x [ t ‹ t
def. power k2N [ k = 1x [ t ‹ ( t )
def. ‹ k2N ? ? = 1x [ t ‹ t
def. t 

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—30—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—32—[] ¨ — £££I ľ P. Cousot, 2005 ? – If r = 1x [ t ‹ r then t „ r 0 0 Proof. - t = 1x „ 1x [ t ‹ r = r so t „ r n n+1 n -ift „ r then t = t ‹ t 6=„ t ‹ r „ 1x [ t ‹ r = r so tn+1 „ r N n Equivalences and partitions - By recurrence,S 8n 2 :(t „ r) ? n - t = n2N t „ r

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—33—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—35—[] ¨ — £££I ľ P. Cousot, 2005

– If follows that r? is the „-least solution of the equation: Equivalence relation X = 1x [ t ‹ X 7 – A binary relation r on a set x is an equivalence relation – This least solution is unique. iff it is reflexive, symmetric and transitive

Proof. -letr1 and r2 be two solutions to X = 1x[t ‹ –Examples:= equality, ”[n] equivalence modulo n>0 def X – [a]r = fb 2 x j arbg equivalence class - r1 „ r2 since r1 is the least solution N –Examples:[a]= = fag, [a]”[n] = fa + k ˆ n j k 2 g - r2 „ r1 since r2 is the least solution def – x=r = f[a]r j a 2 xg quotient of x byr - r1 = r2 by antisymmetry. –Examples:x== = ffagja 2 xg 8, 9 x=”[n] = f[0]”[n];:::;[n ` 1]”[n]g

8 which is isomorphic to x through a 7!fag. 7 „ 9 So called „-least fixpoint of F (X)=1x [ t ‹ X, written lfp F . which is isomorphic to f0;:::;n` 1g through a 7! [a]”[n].

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—34—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—36—[] ¨ — £££I ľ P. Cousot, 2005 Partition – P is a partition of x iff P is a family of disjoint sets covering x: - 8y 2 P :(y 6= ;) - 8y;z[2 P :(y 6= z)=) (y \ z = ;) Posets - x = P x x x x x x

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—37—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—39—[] ¨ — £££I ľ P. Cousot, 2005

Correspondence between partitions and Partial order relation equivalences –Arelationr on a set x is a partial order if and only if –IfP is a partition of x then it is reflexive, antisymmetric and transitive. fha; bij9y 2 P : a 2 y ^ b 2 yg is an equivalence relation –Inversely,ifr is an equivalence relation on x,then f[a]r j a 2 xg is a partition of x.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—38—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—40—[] ¨ — £££I ľ P. Cousot, 2005 Examples of partial order relations Posets – » on N –Apartially ordered set (poset for short) is a pair hx; »i – » on Z where: – „ on }(x) - x is a set def - » ia a partial order relation on x – ha; bi»2 hc; di =(a » c) ^ (b » d) component- wise/cartesian ordering –ifhx; »i is a poset and y „ x then hy; »i is also a def poset. – ha; bi»‘ hc; di =(a » c ^ a 6= c) _ (a = c ^ b » d) lexicographic ordering def – a1 :::an »a b1 :::bm = 9k :(0» k » n) ^ (k » m) ^ (a1 = b1 ^ :::ak`1 = bk`1) ^ (ak » bk) alphabetic ordering

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—41—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—43—[] ¨ — £££I ľ P. Cousot, 2005

Notations for partial order relations Hasse diagram – Partial order relations are often denoted in infix form –TheHasse diagram of a poset hx; »i is a graph with by symbols such as », v, „, —, ..., meaning: - vertices x » = fha; bija » bg -arcsha; bi whenever a » b and :(9c 2 x : av>is 6» = fha; bij:(a » b)g represented as: –Thestrict ordering is denoted <, @, , ffi, ..., mean- ... -4 -3 -2 -1 01234... ing:

< = fha; bija » b ^ a 6= bg ⊥

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—42—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—44—[] ¨ — £££I ľ P. Cousot, 2005 Encoding N with sets In set theory, natural numbers are encoded as follows: – ; 0 – f;g 1=f0g – f;; f;gg 2=f0; 1g Functions – ... – Sn = n [fng n +1=f0; 1;:::;ng – ... – w = f0; 1;:::;n;:::g = N first infinite ordinal The ordering is: def – n

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—45—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—47—[] ¨ — £££I ľ P. Cousot, 2005

Domain and range of a relation Functions Let r be a n +1-ary relation on a set x. –Ann-ary function on a set x is an (n +1)-ary relation def – dom(r) = fa j9b : ha; bi2rg domain ronxsuchthatforeverya 2 dom(r) there is at most def one b rng(r) such that a; b r: – rng(r) = fb j9b : ha; bi2rg range/codomain 2 h i2 (ha; bi2r ^ha; ci2r)=) (b = c) – Fonctional notation: One writes r(a1;:::;an)=b for ha1; :::; an;bi2r

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—46—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—48—[] ¨ — £££I ľ P. Cousot, 2005 Partial and total functions Operations on functions

def – x 7! y is the set of (total) functions f such that – f = –a . k = fha; kija 2 dom(f)g 11constant function dom(f)=x and rng(f) „ y def – 1x = fha; aija 2 xg identity function – x 7!n y is the set of (partial) functions f such that def – f ‹ g = –a . f(g(a)) function composition dom(f) „ x and rng(f) „ y.Sof(z) is undefined def whenever z 2 x n dom(f). – f — u = f \ (u ˆ rng(f)) function restriction def – f`1 = fhf(a);aija 2 dom(f)g function inverse 12

11 where k 2 rng(f). 12 a relation but in general not a function.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—49—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—51—[] ¨ — £££I ľ P. Cousot, 2005

Notations for functions The function f such that: – dom(f)=x, rng(f) „ y i.e. f 2 x 7! y – 8a 2 x : ha; e(a)i2f 10 is denoted as: Properties of functions – f(a)=e or f(a : x)=e functional notation – f = –a . e or f = –a : x . e Church’s lambda notation – f : a 2 x 7! e – fa ! b; c ! d; e ! fg denotes the function g = fha; bi; hc; di; he; fig such that g(a)=b, g(c)=d, g(e)=f, dom(g)=fa; c; eg and rng(g)=fb; d; fg.

10 e(a) is an expression depending upon variable a 2 x which result is in y.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—50—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—52—[] ¨ — £££I ľ P. Cousot, 2005 Injective/one-to-one function Bijective function – A function f 2 x 7! y is injective/one-to-one if differ- – A function is bijective iff it is both injective and sur- ent elements have different images: jective 8a; b 2 x : a 6= b =) f(a) 6= f(b) –Notation:f 2 x “ y () 8 a; b 2 x : f(a)=f(b)=) a = b – A bijective function is a bijection, also called an iso- – The following situation is excluded: morphism –Twosetsx and y are isomorphic iff there exists an a f isomorphism i 2 x “ y b f(a)=f(b) xyf

–Notation:f 2 x  y, f 2 x n y

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—53—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—55—[] ¨ — £££I ľ P. Cousot, 2005

Surjective/onto function Inverse of bijective functions – A function f 2 x 7! y is surjective/onto function if –Iff 2 x “ y is bijective then its inverse is the function all elements of its range are images of some element of f`1 defined by: their domain: f`1 = fhb; aijha; bi2fg thus: 8b 2 y : 9a 2 x : f(a)=b - f`1 2 y “ x `1 – The following situation is excluded: - f ‹ f = 1x `1 - f ‹ = 1y f f f -1 xy f x f -1 y –Notation:f 2 x 7“ y, f 2 x 7“n y

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—54—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—56—[] ¨ — £££I ľ P. Cousot, 2005 Cartesian product (revisited)

– Given a family fxi j i 2 Ig of sets, the cartesian prod- uctYof the family fxi j i 2[Ig is defined as: def xi = ff j f 2 I 7! xi ^8i 2 I : f(i) 2 xig Sequences i2I i2I –If8i 2 I : xi = x then we write: Y I x or I 7! x instead of xi i2I n –Forexamplex = |x ˆ :::{z ˆ x} n times

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—57—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—59—[] ¨ — £££I ľ P. Cousot, 2005

Characteristic functions of subsets Finite sequences –Thepowerset}(x) of a set x is isomorphic to x 7! B Given a set x: ~ def where the set of booleans is B = ftrue; falseg or f¸; tt g – x0 = f~›g where ~› 2;7! x is the empty sequence of or f0; 1g or fNO; YESg. length 0 def – The isomorphism is called the characteristic function: – x~n = f0;:::;n` 1g 7! x, finite sequences ff of length “ B c 2 }(x) (x 7! ) jffj = n.Thei-th element of ff 2 x~n is ff(i) abbreviated def c(y) = –a 2 x . a 2 y where y „ x ffi so ff[= ff0ff1 :::ffn`1 `1 B . def c (y)=–f 2 x 7! fa 2 x j f(a)=ttg – x~? = x~n finite sequences – Useful to implement subsets of a finite set by bit vec- n2N[ tors def – x+~ = x~n finite nonempty sequences n2Nnf0g

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—58—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—60—[] ¨ — £££I ľ P. Cousot, 2005 Infinite sequences Junction _: ~! def – ~›_ffand ff_~› are undefined – x = N 7! x infinite sequences ff of length jffj = ! def – ff_ff0 = ff whenever ff 2 x~! where i N : i

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—61—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—63—[] ¨ — £££I ľ P. Cousot, 2005

Operations on sequences Concatenation ´: def def – ~› ´ ff = ff ´ ~› = ff def ~! – ff ´ ff0 = ff whenever ff 2 x Set transformers 0 0 – ff0 :::ffn`1 ´ ff = ff0 :::ffn`1ff – ff ´ ff0 is often denoted ffff0 def – x ´ y = fffff0 j ff 2 x ^ ff0 2 yg . =

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—62—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—64—[] ¨ — £££I ľ P. Cousot, 2005 Image (postimage) of a set by a function/relation Dual image of a set by a function/relation

–Letr „ x ˆ y and z „ x. –Letr „ x ˆ y and z „ x. -Theimage (or postimage)ofz by r is: g def post[r]z = :post[r](:z)
informally r[z] = fb j9a 2 z : ha; bi2rg (which is also written post[r]z or even r(z)) = y n post[r](x n z)
formally –Forf 2 x 7! y and z „ x,wehave: = :fb j9a 2 (:z):ha; bi2rg def f[z] = f(z) = post[f]z = ff(a) j a 2 zg = :fb j9a : a 62 z ^ha; bi2rg f y x = fb j8a : a 2 z _ha; bi 62 rg z f f[z] = fb j8a :(ha; bi2r)=) (a 2 z)g f

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—65—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—67—[] ¨ — £££I ľ P. Cousot, 2005

Preimage of a set by a function/relation It is impossible to reach post(g r)z from x by following r –Letr „ x ˆ y and z „ y.Theinverse image (or without starting from z preimage)ofz by r is: r def r`1[z]= fa j9b 2 z : ha; bi2rg r `1 `1 = fa j9b 2 z : hb; ai2r g =post[r ]z r postg [r]z (which is also written pre[r]z or even r`1(z)) z x r –Forf 2 x 7! y and z „ u,wehave: y def f`1[z] = f`1(z) = pre[f]z = fa j f(a) 2 zg r r -1 r [z] r z x r y r

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—66—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—68—[] ¨ — £££I ľ P. Cousot, 2005 Dual preimage of a set by a function/relation Properties of [dual [inverse]] images [ [ – post[r]( x )= post[r](x ) –Letr „ x ˆ y and z „ y. i i [i2I [i2I pre[f r]z = :pre[r](:z)
informally pre[r]( xi)= pre[r](xi) = x n pre[r](y n z)
formally i\2I i\2I f f = :fa j9b 2 (:z):ha; bi2rg pre[r]( xi)= pre[r](xi) i2\I i2\I = :fa j9b : b 62 z ^ha; bi2rg g g post[r]( xi)= post[r](xi) = fa j8b : b 2 z _ha; bi 62 rg i2I i2I = fa j8b :(ha; bi2r)=) (b 2 z)g – post[r](x) „ y () x „ pre[f r](y) pre[r](x) „ y () x „ post[g r](y)

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—69—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—71—[] ¨ — £££I ľ P. Cousot, 2005

Starting from pre(f r)z from x and following r,itisim- – pre[r](x)=post[r`1](x) possible to arrive outside z (or one must reach z) post[r](x)=pre[r`1](x) r pre[f r](x)=post[g r`1](x) g 1 x r y post[r](x)=pre[f r` ](x) r –Noticethatiff 2 x “ y is bijective with inverse preg[r]z z f`1 then the two possible interpretations of f`1[z] as r f`1[z]=pre[f](z) and f`1[z]=post[f`1]z do coin- r cide since pre[f](z)=post[f`1]z.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—70—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—72—[] ¨ — £££I ľ P. Cousot, 2005 Characteristic property of wosets – hx; »i is a woset iff there is no infinite strictly decreas- ing sequence a 2 N 7! x (that is such that a0 >a1 > Induction a2 >:::).

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—73—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—75—[] ¨ — £££I ľ P. Cousot, 2005

Well-founded relation, woset Proof. 1) If hx; »i is not well-founded, their exists y „ x which is nonempty and has –Lethx; »i be a poset, and let y „ x. An element a of no minimal element. So let a0 2 y.Sincea0 is not minimal, we can find a1 2 y such that a :::>a in y then a is not minimal, 13 1 0 0 n n y is a minimal element of y iff :(9b 2 y : b:::>an >::: in y. By contraposition 15,ifhx; »i has no infinite strictly decreasing sequence set of x has a minimal element a0 >:::>an >:::then hx; »i is a woset

–Awoset hx; »i is a poset hx; »i such that the partial 2) Reciprocally, if x has an infinite strictly decreasing sequence a0 >a1 >a2 > ordering relation » is well-founded :::>an >::: then y = fa0;a1;a2;:::;an;:::g has no minimal element. By contraposition, if x hx; »i is a woset then hx; »i has no infinite strictly –Example:hN; »i, counter-example: hZ; »i 14 decreasing sequence a0 >:::>an >:::.

def 13 where as usual a

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—74—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—76—[] ¨ — £££I ľ P. Cousot, 2005 Proof by induction on a woset Proof by recurrence If hx; »i is a woset, and P „ x.Onewantstoprove For hN; »i, the structural induction principle becomes x „ P (that is property P holds for all elements of x). (writing P (n) for n 2 P that is “n has property P ”): IfonecanprovepropertyP for any element a of x N by assuming that P holds for strictly smaller elements 8n 2 :(8k :(k

V 16 P1;:::;Pn n The rule with premiss P1;:::;Pn and conclusion c is a common notation for ( i=1 Pi)=) c. c 17 and abbreviate 8k :(k

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—77—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—79—[] ¨ — £££I ľ P. Cousot, 2005

Proof. By reductio ad absurdum, assume the premiss This is equivalent to the more classical: holds but not the conclusion. So 9a0 2 x : a0 62 P .By P (0); 8n 2 N : P (n)=) P (n +1) the premiss, a0 62 P implies :(8b :(b ::: > since 8n 2 N nf0g :(8k ::: of elements of x, in contradiction with hx; »i n N : P (n)= P (n +1)). Reciprocally, if a proof is a woset. 8 2 ) has been done by (2), then by redefining P 0(n)=(8k< n : P (k)) we can prove by (3) that 8n 2 N : P 0(n) which implies the conclusion of (2), namely 8n 2 N : P (n).

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—78—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—80—[] ¨ — £££I ľ P. Cousot, 2005 Example of recursive/structural definitions Proof. 2 def 0 0 2 N (1) Define » = fhha ;bi; ha; bii j a » ag.Thenhx ˆ y; » i h(n; k)=n ˜ k can be recursively defined on as: 2 is a woset since otherwise the existence of ha0;b0i > 2 2 h(0;k)=0 ha1;b1i > ::: would imply b0 = b1 = ::: so ha0;bi– h(n; k)=k + h(n ` 1;k) when n>0 ha1;bi and ha0;bi 6= ha1;bi, . . . implies a0 >a1 >::: in contradiction with the hyposthesis that hx; »i is a Thiscanbewrittenas woset. h(n; k)=f(n; k; h — fhn0;kijn0 0

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—81—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—83—[] ¨ — £££I ľ P. Cousot, 2005

Recursive/Structural Definitions (2) Assuming that g(a0;b0) is well-defined for all ha0;b0i <2 a; b that is, by definition of 2,iffb = b0 and a0

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—82—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—84—[] ¨ — £££I ľ P. Cousot, 2005 Equipotence –Twosetsx and y are equipotent of and only if there exists a bijection b 2 x “ y 20 –Examples: - The set of even integers is equipotent to the set Z of integers (by b(n)= Cardinals 2n) - The set of odd integers is equipotent to the set Z of integers (by b(n)= 2n +1) - The set of integers Z is equipotent to the set N of natural numbers, by

def b(n) =2n ` 1 if n>0 b(n) def= `2n if n<0 b(0) def=0

20 The intuition is that “x and y have the same number of elements”.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—85—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—87—[] ¨ — £££I ľ P. Cousot, 2005

Intuition on ordinals and cardinals Properties of Equipotence st nd rd – The ordinals 1 , 2 , 1 , . . . and cardinals 1, 2, 3, . . . – Equipotence is an equivalence relation denoted ”c elements do coincide for natural numbers –Asetx is denumerable (also said countable)iffx ”c N – This is not otherwise the case. (otherwise uncountable) – For example if we consider the sets f0; 1; 2;:::g and –Asetx is finite iff 9n 2 N : x ”c fi j icardinality 18 but the 1th element does not exists in f0; 1; 2;:::g so the two sets are different as ordinals 19.

18 hence are equivalent when used as quantities for mesuring the “size”/number of elements of sets. 19 hence are different when used as positions for ranking elements of a set.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—86—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—88—[] ¨ — £££I ľ P. Cousot, 2005 Cardinality The set of all sets of naturals is uncountable – The cardinality jxj (also written Card(x))ofasetx is j}(N)j > jNj Proof. The function f N }(N) defined by f(n)= def 2 7! jxj =[x]”c fng is injective, so jNj»j}(N)j. Let s 2 N 7! N be a sequence sn;n 2 N of naturals.We i.e., intuitively, a representative of the class of all sets show that some S 2 }(N) is missing in that enumeration. with “the same number of elements” N def Define the set S = fn 2 j n 62 sng.Ifn 2 sn then – N = 21 j j @0 n 62 S and if n 62 sn then n 2 S.So8n : S 6= sn.This shows that there is no surjective mapping of N onto }(N), whence j}(N)j > jNj.

21 @ is the hebrew aleph letter.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—89—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—91—[] ¨ — £££I ľ P. Cousot, 2005

The set of all real numbers is uncountable Operations on cardinals

Proof. (Cantor) Assume that R is countable, i.e., is the – Cardinal addition m + n = jA [ Bj where m = jA], range of some infinite sequence r(n), n 2 N.Weshow n = jBj and A \ B = ; 22 that some r 2 R is missing in that enumeration. – Cardinal multiplication mˆn = jAˆBj where m = jA] (n) (n) (n) (n) and n = jBj Let a0 :a1 a2 a3 :::be the decimal expansion of r(n). n (n) – Cardinal exponentiation m = jB 7! Aj where m = jA] Let b =1if a =0and otherwise b =0.Letr be n n n and n = jBj the real number whose decimal expansion is 0:b1b2b3 :::. n 23 (n) – For example, 2 = j}(A)j where 2=jBj and m = jA] We have bn 6= an , hence 8n 2 N : r 6= r(n),foralln = 1, 2, 3, . . . , a contradiction.

22 All these definitions are independant of the choice of A and B. 23 Using the characteristic function of subsets of A into the booleans B = ftt ; ¸g. This explains the notation 2A for }(A).

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—90—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—92—[] ¨ — £££I ľ P. Cousot, 2005 Ordering on cardinals Order-preserving maps –Wewritem » n where m = jA] and n = jBj iff there – Given two posets hx; »i and hy; —i,amapf 2 x 7! y exists an injective function of A into B 24 which is order-preserving (also called monotone, iso- –Acardinalm is finite iff m < @0, otherwise it is infinite tone, ...) ifandonlyif: 8a; b 2 x :(a » b)=) (f(a) » f(b))

–Example:–x 2 Z . x +1 – Counter-example: –x 2 Z . jxj 25

24 Again this definition is independant of the choice of A and B. 25 Here jxj is the absolute value of x.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—93—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—95—[] ¨ — £££I ľ P. Cousot, 2005

Order-isomorphism –Twoposetshx; »i hy; —i are order-isomorphic iff there exists an order-preserving bijection b 2 x “ y Ordinals –Notation:hx; »i ”o hy; —i – ”o is an equivalence relation on wosets 26.

26 Not true on posets sincee symmetry is lacking.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—94—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—96—[] ¨ — £££I ľ P. Cousot, 2005 Ordinals Wosets and ordinals – The rank of hf˛ j ˛<¸g; »i is ¸ so ¸ ” f˛ j ˛<¸g – The equivalence classes [hx; »i]”o for wosets hx; »i o that is ¸ = f˛ j ˛<¸g are called the ordinals. [hx; »i]”o is called the rank (also called order-type)ofthewosethx; »i – it follows that every woset is order-isomorphic to the –WeletO be the class 27 of all ordinals woset of all ordinals less than some given ordinal ¸: [hx; »i] ”o ¸ ”o f˛ j ˛<¸g –OnO which is the quotient of wosets by ”o, ”o and ”o = do coincide (so we use =) – It follows that for any woset hx; —i there is an ordinal – the rank of f0; 1;:::;n` 1g with ordering ¸ and an indexing x‚;‚ 2f˛ j ˛<¸g such that 0 def hx; »i is order-isomorphic to hfx˛ j ˛<¸g; » i and 0 < 1 < 2 <:::is written n so 0 =[h;; ;i]”o 0 x‚ » x‹ iff ‚<‹ N def N – the rank of is writen ! so ! =[h ; »i]”o – Otherwise stated, every woset is order isomorphic to

27 It is a class but not a set because sets are not large enough to contain all ordinals. an ordinal

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—97—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—99—[] ¨ — £££I ľ P. Cousot, 2005

Ordering on ordinals – A well-founded set is ismorphic to an ordinal through an order-preserving bijection, for example: –Wehave‹ » ” whenever ‹ =[hx; »i]”o, ” =[hy; —i]”o and there exists an order-preserving injection i 2 x  y 28 –Example:0< 1 < 2 < ...

– This is the reason why ordinals are used in Manna- Pnueli proof rule for while-loops instead of arbitrary wosets in Floyd’s method.

28 This definition does not depend upon the particular choice of hx; »i and hy; —i

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡—98—[] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 100 — [] ¨ — £££I ľ P. Cousot, 2005 Operations on ordinals Successor and limit ordinal –Theaddition of ¸ =[hx; »i] and ˛ =[hy; —i] ”o ”o –Asuccessor ordinal is ¸ 2 O such that where x \ y = ; is ¸ + ˛ = [hx [ y; vi]”o with 9˛ : ¸ = ˛ +1 a v b iff (a; b 2 x ^ a » b) () 9 ˛ : ¸ = ˛ [f˛g _ (a 2 x ^ b 2 y) Otherwise it’s a limit ordinal 30. _ (a; b 2 y ^ a — y) – 0 is the first limit ordinal. ! is the first infinite limit –Intuition: ordinal. –Intuition:› = successor ordinal, = limit ordinal ......

– Addition is not commutative: ! =1+! = ! +1 30 A limit ordinal – is such that 8¸<–: 9˛ : ¸<˛<–and so for a successor ordinal ”, 9¸<”: 8˛ : 6 :(¸<˛<”).

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 101 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 103 — [] ¨ — £££I ľ P. Cousot, 2005

–Themultiplication of ¸ =[hx; »i]”o and ˛ =[hy; —i]”o Induction principal for ordinals 29 where x \ y = ; is ¸ ˆ ˛ = [hx ˆ y; » i]” . ‘ o – As a special case of structural induction, we get: –Intuition: P (0); 8˛ : P (˛)=) P (˛ +1); (8˛<–: P (˛)) =) P (–) for all limit ordinals – 8¸ : P (¸)

29 0 0 0 0 0 Recall that »‘ is the lexicographic ordering: ha; bi»‘ ha ;bi iff (a

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 102 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 104 — [] ¨ — £££I ľ P. Cousot, 2005 Properties of limit ordinals (Cont’d) Properties of limit ordinals (Cont’d)

–Thesuccessor ¸ +1(also written S¸)of¸ satisfies Assume that – is a limit ordinal, then:

¸ +1 – = f˛ j ˛<¸+1g = f‚ j ‚<–g = f˛ j ˛<¸g[f¸g = ‚ ‚<˛<–
– is a limit ordinal [f j g = ¸ [f¸g = ‚ ‚<˛ ˛<– [ff j gj g = ˛ ˛<–
since ˛ = ‚ ‚<˛  [f j g f j g = ˛ ˛<–

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 105 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 107 — [] ¨ — £££I ľ P. Cousot, 2005

Properties of limit ordinals (Cont’d) Ordinals are well-ordered by 2 – A limit ordinal – is such that if ‚<–then –If¸<˛then ˛ = f‚ j ‚<˛g so ¸ 2 ˛ 9˛ : ‚<˛<– – Reciprocally, if ¸ 2 ˛ then ˛ = f‚ j ‚<˛g implies – This is not true of ”<”+1 whence of successor ¸ 2f‚ j ‚<˛g so ¸<˛ ordinals – we conclude that ¸<˛ () ¸ 2 ˛

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 106 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 108 — [] ¨ — £££I ľ P. Cousot, 2005 Ordinals are well-ordered by “„” Transfinite inductive definitions on ordinals – g(0) = a ¸<˛ – g(˛ +1)=f(˛;g(˛)) () 8 ‚ :(‚<¸)=) (‚<˛) – g(–)=h(–; g — –) when – is a limit ordinal () 8 ‚ :(‚ 2 ¸)=) (‚ 2 ˛) is well defined and unique. () ¸ „ ˛ So ordinals are 2-transitive in that 8¸ 2 ˛ :(¸ „ ˛). Every member of an ordinal is 2-transitive.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 109 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 111 — [] ¨ — £££I ľ P. Cousot, 2005

Proof by transfinite induction on ordinals More generaly, transfinite inductive definitions on ¸ have the form: P (0); – f 2 (¸ ˆ y ˆ ((¸ ˆ y) 7! y) 7! y) 8˛ : P (˛)=) P (˛ +1); def 8– limit ordinal :(8˛<–: P (˛)) =) P (–) – d(˛;b) = f(˛;b;g — fh‚; bij‚<˛g) 8¸ : P (¸) and g 2 (¸ ˆ y) 7! y is well-defined and unique.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 110 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 112 — [] ¨ — £££I ľ P. Cousot, 2005 Totally ordered set Ordinal number (rank) of a well ordered set –Atotal order (or “totally ordered set”, or “linearly or- –Lethx; »i be a well ordered set. We define the rank dered set”) is a partial order hx; »i such that any two  2 x 7! O as follows: elements are comparable: - (a)=0Siff a the minimal element of x 8a; b 2 x :(a » b) _ (b » a) - (a)=Sb

1 0

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 113 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 115 — [] ¨ — £££I ľ P. Cousot, 2005

Well ordered set Burali-Forti Paradox O –Awell ordered set is a well-founded total order. Assume is a set. We have seen that: – totally ordered set is well ordered. 1. Every well ordered set has a unique rank; – The set of integers Z, which has no least element, is 2. Every segment of ordinals (i.e., any set of ordinals arranged in natural order which contains all the predecessors of each an example of a set that is not well ordered. of its elements) has a rank which is greater than any ordinal in the segment, and 3. The set O of all ordinals in natural order is well ordered. Then by statements (3) and (1), O has a rank, which is an ordinal ˛.Since˛ is in O, it follows that ˛<˛by (2), which is a contradiction. So the class O of ordinals is not a set 31.

31 It’s an ordinal O 2 O.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 114 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 116 — [] ¨ — £££I ľ P. Cousot, 2005 Axiomatizations Bibliography on set theory Two main Axiomatizations of naïve set theory: – Keith Devlin “The Joy of Sets, Fundamental of Contemporary Set Theory”. – Zermalo/Fraenkel 2nd edition. Undergraduate texts in mathematics. Springer- Verlag, 1993. – Bernays/Gödel – Yannis N. Moschovakis that lead to a rigourous treatment of the notion of set/class “Notes on Set Theory”. Undergraduate texts in mathematics. avoiding seeming paradoxes. Springer-Verlag, 1993. – J. Donald Monk “Introduction to set theory”. McGraw-Hill Book Compagny. International series in pure and applied mathematics. 1969. – Karel Hrbacek and Thomas Jech “Introduction to Set Theory”, Third Edition, Marcel Dekker, Inc., New York 1999.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 117 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 119 — [] ¨ — £££I ľ P. Cousot, 2005

THE END, THANK YOU

Paul I. Bernays Adolf A. Fraenkel Ernst Zermelo

My MIT web site is http://www.mit.edu/~cousot/

Thecoursewebsiteishttp://web.mit.edu/afs/athena.mit.edu/course/16/16.399/www/.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 118 — [] ¨ — £££I ľ P. Cousot, 2005 Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 120 — [] ¨ — £££I ľ P. Cousot, 2005 THE END, THANK YOU

My MIT web site is http://www.mit.edu/~cousot/

Thecoursewebsiteishttp://web.mit.edu/afs/athena.mit.edu/course/16/16.399/www/.

Course 16.399: “Abstract interpretation”, Tuesday March 1st, 2005 J¡¡¡— 120 — [] ¨ — £££I ľ P. Cousot, 2005