The Complexity of Abstract Machines BeniaminoAccattoli INRIA&LIX,E´colePolytechnique [email protected] Thel -calculusisapeculiarcomputationalmodelwhosedefinitiondoesnotcomewithanotionof machine.Unsurprisingly,implementationsofthel -calculushavebeenstudiedfordecades.Abstract machinesareimplementationsschemaforfixedevaluationstrategiesthatareacompromisebetween theoryandpractice:theyareconcreteenoughtoprovideanotionofmachineandabstractenoughto avoidthemanyintricaciesofactualimplementations. Thereisanextensiveliteratureaboutabstract machines for the l -calculus, and yet—quite mysteriously—the efficiency of these machines with respecttothestrategythattheyimplementhasalmostneverbeenstudied. This paper providesan unusual introductionto abstract machines, based on the complexityof their overhead with respect to the length of the implemented strategies. It is conceived to be a tutorial,focusingonthecasestudyofimplementingtheweakhead(call-by-name)strategy,andyet itisanoriginalre-elaborationofknownresults. Moreover,someoftheobservationcontainedhere neverappearedinprintbefore. 1 Cost Models & Size-Explosion Thel -calculusisanundeniablyelegantcomputationalmodel. Itsdefinitionisgivenbythreeconstructors and only one computational rule, and yet it is Turing-complete. A charming feature is that it does not restonanynotionofmachineorautomaton. Thecatch,however,isthatitscostmodelarefarfrombeing evident. What should be taken as time and space measures for the l -calculus? The natural answers are the number of computational steps (for time) and the maximum size of the terms involved in a computation (for space). Everyone having played with the l -calculus would immediately point out a problem: the l -calculus is a nondeterministic system where the number of steps depends much on the evaluation strategy, so much that some strategies may diverge when others provide a result (but fortunatelytheresult,ifany,doesnotdependonthestrategy). Whilethisiscertainlyanissuetoaddress, itisnottheseriousone. Thebigdealiscalledsize-explosion, anditaffectsallevaluation strategies. Size-Explosion. There are families of terms where the size of the n-th term is linear in n, evaluation takes a linear number of steps, but the size of the result is exponential in n. Therefore, the number of steps does not even account for the time to write down the result, and thus at first sight it does not look asareasonable costmodel. Let’sseeexamples. Thesimplestoneisavariation overthefamouslooping l -termW :=(l x.xx)(l x.xx) →b W →b .... InW thereisaninfinitesequenceofduplications. Inthefirstsize-explodingfamilythereisasequenceof nnestedduplications. Wedefineboththefamily{tn}n∈N ofsize-explodingtermsandthefamily{un}n∈N ofresultsoftheevaluation t := y u := y 0 0 t := (l x.xx)t u := u u n+1 n n+1 n n Weuse|t|forthesizeofaterm,i.e. thenumberofsymbolstowriteit,andsaythatatermisneutral ifitisnormalanditisnotanabstraction. H.Cirstea,S.Escobar(Eds.):ThirdInternationalWorkshoponRewriting (cid:13)c B.Accattoli TechniquesforProgramTransformationsandEvaluation(WPTE’16). Thisworkislicensedunderthe EPTCS235,2017,pp.1–15,doi:10.4204/EPTCS.235.1 CreativeCommonsAttributionLicense. 2 TheComplexityofAbstractMachines Proposition 1.1(OpenandRightmost-Innermost Size-Explosion). Letn∈N. Thent →n u ,moreover n b n |t |=O(n),|u |=W (2n),andu isneutral. n n n Proof. By induction on n. The base case is immediate. The inductive case: t = (l x.xx)t →n n+1 n b (l x.xx)un →b unun =un+1, where the first sequence is obtained by the i.h. The bounds on the sizes areimmediate,aswellasthefactthatu isneutral. n+1 Strategy-Independent Size-Explosion. The example relies on rightmost-innermost evaluation (i.e. the strategy that repeatedly selects the rightmost-innermost b -redex) and open terms (the free variable t =y). Infact,evaluatingthesamefamilyinaleftmost-outermost waywouldproduceanexponentially 0 long evaluation sequence. One maythen believe that size-explosion is aby-product of a clumsy choice fortheevaluation strategy. Unfortunately, thisisnotthecase. Itisnothardtomodifytheexampleasto makeitstrategy-independent, anditisalsoeasytogetridofopenterms. Lettheidentity combinator be I:=l z.z(itcaninfactbereplacedbyanyclosedabstraction). Define r :=l x.l y.(yxx) p :=I 1 0 r :=l x.(r (l y.(yxx))) p :=l y.(yp p ) n+1 n n+1 n n The size-exploding family is {rnI}n∈N, i.e. it is obtained by applying rn to the identity I = p0. The statementwearegoingtoproveisinfactmoregeneral, aboutr p instead ofjustr I,inordertoobtain n m n asimpleinductiveproof. Proposition1.2(ClosedandStrategy-Independent Size-Explosion). Letn>0. Thenr p →n p ,and n m b n+m inparticular r I→n p . Moreover, |r I|=O(n),|p |=W (2n),r I isclosed, and p isnormal. n b n n n n n Proof. Byinductiononn. Thebasecase: r1pm=l x.l y.(yxx)pm →b (l y.(ypmpm))= pm+1. Theinduc- tivecase: rn+1pm =l x.(rn(l y.(yxx)))pm →b rn(l y.(ypmpm))=rnpm+1→bn pn+m+1,wherethesecond sequence isobtainedbythei.h. Therestofthestatement isimmediate. The family {rnI}n∈N is interesting because no matter how one looks at it, it always explodes: if evaluation isweak (i.e. itdoes notgo under abstraction) there is only one possible derivation tonormal form and if it is strong (i.e. unrestricted) all derivations have the same length (and are permutatively equivalent). Toourknowledgethisfamilyneverappearedinprintbefore. l 2 The -Calculus is Reasonable, Indeed Surprisingly, theisolation andthe systematic study ofthesize-explosion problem isquite recent—there is no trace of it in the classic books on the l -calculus, nor in any course notes we are aware of. Its essence, nonetheless, has been widespread folklore for a long time: in practice, functional languages neverimplementfullb -reduction, considered acostlyoperation, andtheoretically thel -calculusisusu- allyconsidered amodelnotsuitedforcomplexity analyses. A way out of the issue of cost models for the l -calculus, at first sight, is to take the time and space required for the execution of a l -term in a fixed implementation. There is however no canonical implementation. The design of an implementation in fact rests on a number of choices. Consequently, there are a number of different but more or less equivalent machines taking a different number of steps and using different amounts of space to evaluate a term. Fixing one of them would be arbitrary, and, mostimportantly, wouldbetraythemachine-independent spiritofthel -calculus. B.Accattoli 3 Micro-StepOperationalSemantics. Luckily,thesize-explosionproblemcanbesolvedinamachine- independent way. Somewhat counterintuitively, in fact, the number of b -steps can be taken as a rea- sonable cost model. The basic idea is simple: one has to step out of the l -calculus, by switching to a different setting thatmimicsb -reduction withoutliterally doingit,acting oncompactrepresentations of termstoavoid size-explosion. Essentially, thereciperequires fouringredients: 1. Statics: l -termsarerefinedwithaformofsharingofsubterms; 2. Dynamics: evaluationhastomanipulatetermswithsharingviamicro-operations; 3. Cost: thesemicro-stepoperations haveconstant cost; 4. Result: micro-evaluation stopsonasharedrepresentation oftheresult. The recipe leaves also some space for improvisation: l -calculus can infact be enriched withfirst-class sharing in various ways. Mainly, there are three approaches: abstract machines, explicit substitutions, and graph rewriting. They differ in the details but not in the essence—they can be grouped together underthesloganmicro-step operational semantics. ReasonableStrategies. Anevaluation strategy → forthel -calculus isreasonable ifthereisamicro- step operational semantics M mimicking → and such that the number of micro-steps to evaluate aterm t is polynomial in the number of →-steps to evaluate t (and in the size of t, we will come back to this point later on). If a strategy → is reasonable then its length is a reasonable cost model, despite size- explosion: the idea is that the l -calculus is kept as an abstract model, easy to define and reason about, while complexity-concerned evaluation is meant to be performed at the more sophisticated micro-step level,wheretheexplosion cannothappen. Ofcourse,thedesignofareasonablemicro-stepoperationalsemanticsdependsmuchonthestrategy and the chosen flavor of micro-steps semantics, and it can be far from easy. For weak strategies—used to model functional programming languages—reasonable micro-steps semantics are based on a simple formofsharing. ThefirstresultaboutreasonablestrategieswasobtainedbyBlellochandGreinerin1995 [11]andconcerns indeed aweakstrategy, namelythecall-by-value one. Atthemicro-step levelitrelies onabstractmachines. Similarresultswerethenprovedagain,independently, bySands,Gustavsson, and Moran in 2002 [13]and by DalLago and Martini in 2006 [12]. Forstrong strategies—at workin proof assistantengines—quitemoreeffortandcarearerequired. Asophisticatedsecond-levelofsharing,called useful sharing, is necessary to obtain reasonable micro-step semantics for strong evaluation. The first such semantics has been introduced by Accattoli and Dal Lago in 2014 [10] for the leftmost-outermost strategy, anditsstudyisstillongoing [7,2]. The Complexity of Abstract Machines. To sum up, various techniques, among which abstract ma- chines, canbeusedtoprovethatthenumberofb -stepsisareasonable timecostmodel,i.e. ametricfor time complexity. The study can then be reversed, exploring how to use this metric to study the relative complexity of abstract machines, that is, the complexity of the overhead of the machine with respect to the number of b -steps. Such a study leads to a new quantitative theory of abstract machines, where machines can be compared and the value of different design choices can be measured. The rest of the paper provides a gentle introduction to the basic concepts of the new complexity-aware theory of ab- stract machines being developed bytheauthor injoint works[3,6,4,7,2]withDamianoMazza, Pablo Barenbaum, and Claudio Sacerdoti Coen, and resting on tools and concepts developed beforehand in collaborations withDeliaKesner[9]andUgoDalLago[8],aswellasKesnerplusEduardoBonelliand CarlosLombardi[5]. 4 TheComplexityofAbstractMachines CaseStudy: WeakHeadStrategy. Thepaper focuses onacasestudy, theweakhead (call-by-name) strategy, also known asweak head reduction (weuse reduction and strategy as synonymous, and prefer strategy), anddefinedasfollows: (l x.t)u→wht{x(cid:0)u} (rootb) trt →→wwhhuur (@l) (1) Thisisprobably the simplest possible evaluation strategy. Ofcourse, itisdeterministic. Letusmention two other ways of defining it, as they will be useful in the sequel. First, the given inductive definition canbeunfoldedintoasinglesyntheticrule(l x.t)ur ...r → t{x(cid:0)u}r ...r . Second,thestrategycan 1 k wh 1 k be given via evaluation contexts: define E :=h·i|Er and define → as Eh(l x.t)ui → Eht{x(cid:0)u}i wh wh (whereEhtiistheoperation ofpluggingt inthecontextE,consisting inreplacing theholeh·iwitht). Sometimes, tostress themodularity ofthe reasoning, wewillabstract the weakhead strategy into a generic strategy→. Last,aderivation isapossiblyemptysequence ofrewritingsteps. 3 Introducing Abstract Machines Tasks of Abstract Machines. An abstract machine is an implementation schema for an evaluation strategy→ withsufficientlyatomicoperationsandwithouttoomanydetails. Amachinefor→ accounts for3tasks: 1. Search: searching for→-redexes; 2. Substitution: replace meta-levelsubstitution withanapproximation basedonsharing; 3. Names: takecareofa -equivalence. Dissecting Abstract Machines. To guide the reader through the different concepts to design and an- alyze abstract machines, the next two subsections describe in detail two toy machines that address in isolationthefirsttwomentionedtasks,searchandsubstitution. TheywillthenbemergedintotheMilner AbstractMachine(MAM).InSect.7wewillanalyzethecomplexityoftheMAM.Next,wewilladdress namesanddescribe theKrivineAbstractMachine,andquickly studyitscomplexity. AbstractMachinesGlossary. • Anabstract machineMisgivenbystates, noteds,andtransitions betweenthem,noted ; • Astate isgiven by thecode under evaluation plus some data-structures to implement search and substitution, andtotakecareofnames; • Thecodeunder evaluation, aswellastheother pieces ofcode scattered inthedata-structures, are l -termsnotconsidered moduloa -equivalence; • Codesareover-lined, tostressthedifferenttreatmentofa -equivalence; • Acodet iswell-named ifxmayoccuronlyinu(ifatall)foreverysub-code l x.uoft; • Astatesisinitialifitscodeiswell-namedanditsdata-structures areempty; • Therefore, there is a bijection ·◦ (up to a ) between terms and initial states, called compilation, sendingatermt ontheinitialstatet◦ onawell-namedcodea -equivalent tot; • Anexecutionisa(potentiallyempty)sequenceoftransitionss′ ∗sfromaninitialstates′obtained bycompiling a(ninitial) termt ; 0 B.Accattoli 5 • Astatesisreachableifitcanbeobtained astheendstateofanexecution; • Astatesisfinalifitisreachable andnotransitions applytos. • A machine comes with a map · from states to terms, called decoding, that on initial states is the inverse(uptoa )ofcompilation; • AmachineMhasasetofb -transitionsthataremeanttobemappedtob -redexes(andwhosename involves b )bythedecoding, whiletheremaining overhead transitions aremappedonequalities; • Weuse|r |forthelengthofanexecution r ,and|r |b forthenumberofb -transitions inr . Implementations. Foreverymachine onehastoprovethatitcorrectly implements thestrategy itwas conceived for. Our notion, tuned towards complexity analyses, requires a perfect match between the numberofb -stepsofthestrategyandthenumberofb -transitions ofthemachineexecution. Definition3.1(MachineImplementation). AmachineMimplementsastrategy→onl -termswhengiven al -termt thefollowingholds 1. ExecutionstoDerivations: foranyM-execution r :t◦ ∗Msthereexistsa→-derivation d:t →∗s. 2. DerivationstoExecutions: forevery→-derivationd:t→∗whuthereexistsaM-executionr :t◦ ∗Ms suchthats=u. 3. b -Matching: inbothpreviouspointsthenumber|r |b ofb -transitionsinr isexactlythelength|d| ofthederivation d,i.e. |d|=|r |b . Note that if a machine implements a strategy than the two are weakly bisimilar, where weakness is givenbythefactthatoverhead transitions donothaveanequivalent onthecalculus (hence their name). Letuspointout, moreover, thattheb -matching requirement inournotion ofimplementation isunusual butperfectly reasonable, asallabstract machinesweareawareofdosatisfyit. 4 The Searching Abstract Machine Strategiesareusuallyspecifiedthroughinductiverulesasthosein(1). Theinductiverulesincorporatein thedefinitionthesearchforthenextredextoreduce. Abstractmachinesmakesuchasearchexplicitand actually ensuretworelatedsubtasks: 1. Storethecurrentevaluation contextinappropriate data-structures. 2. Searchincrementally, exploiting previoussearches. For weak head reduction the search mechanism is basic. The data structure is simply a stack p storing thearguments ofthecurrentheadsubterm. SearchingAbstractMachine. Thesearchingabstractmachine(SearchingAM)inFig.1hastwocom- ponents, the code in evaluation position and the argument stack. Themachine has only twotransitions, corresponding to the rules in (1), one b -transition ( rb ) dealing with b -redexes in evaluation position andoneoverheadtransition ( )addingatermontheargumentstack. Compilationofa(well-named) @l term t into a machine state simply sends t to the initial state (t,e ). The decoding given in Fig. 1 is defined inductively on the structure of states. It can equivalently be given contextually, by associating anevaluation context tothedatastructures—in ourcasesending theargument stack p toacontext p by settinge :=h·i,u::p :=p hh·iui,and(t,p ):=p hti. Itisusefultohavebothdefinitionssincesometimes oneismoreconvenient thantheother. 6 TheComplexityofAbstractMachines Stacks p := e |t ::p Decoding (t,e ) := t Compilation t◦ := (t,e ) (t,u::p ) := (tu,p ) Code Stack Trans. Code Stack tu p t u::p @l l x.t u::p rb t{x(cid:0)u} p Figure1: SearchingAbstractMachine(Searching AM). Implementation. WenowshowtheimplementationtheoremfortheSearchingAMwithrespecttothe weak head strategy. Despite the simplicity of the machine, we provide a quite accurate account of the proof ofthetheorem, tobetakenasamodular recipe. Theproofs oftheotherimplementation theorems inthepaperwillthenbeomittedastheyfollowexactlythesamestructure, mutatismutandis. Theexecutions-to-derivations partoftheimplementationtheoremalwaysrestsonalemmaaboutthe decoding oftransitions, thatinourcasetakesthefollowingform. Lemma4.1(Transitions Decoding). LetsbeaSearchingAMstate. 1. b -Transition: ifs rb s′ thens→b s′. 2. OverheadTransition: ifs s′ thens=s′. @l Proof. Thefirstpointismoreeasilyprovedusingthecontextual definitionofdecoding. 1. s=(l x.t,u::p )=u::p hl x.ti=p h(l x.t)ui→b p ht{x(cid:0)u}i=s′. 2. s′=(t,u::p )=(tu,p )=s. Transitions decoding extends to a projection of executions to derivations (via a straightforward in- ductiononthelengthoftheexecution), asrequiredbytheimplementation theorem. Forthederivations- to-executions part ofthe theorem, weproceed similarly, by firstproving that single weak head steps are simulated by the Searching AM and then extending the simulation to derivations via an easy induction. Thereisasubtlety, however,because, ifdonenaively,one-step simulations donotcompose. Letusexplainthepoint. Givenastept →whuthereexistsastatessuchthatt◦ ∗@l rb sands=u, asexpected. Thisproperty, however, cannot beiterated tobuild amany-steps simulation, because s=u doesnotimplys=u◦,i.e. singeneralisnotthecompilationofu. Tomakethingswork,thesimulationof t → ushouldnotstartfromt◦ butfromastates′ suchthats′=t. Now,theproofofthestepsimulation wh lemmawejustdescribed reliesonthefollowingthreeproperties: Lemma4.2(BricksforStepSimulation). 1. VanishingTransitions Terminate: terminates; @l 2. Determinism: theSearchingAMisdeterministic; 3. Progress: finalSearching AMstatesdecodeto→ -normalterms. wh Proof. Termination: @l-sequences are bound by the size of the code. Determinism: rb and @l clearly donotoverlap andcanbeapplied inaunique way. Progress: finalstates havetheform(l x.t,e ) and(x,p ),thatbothdecodeto→ -normalforms. wh B.Accattoli 7 Environments E := e |[x(cid:0)t]::E Decoding (t,e ) := t Compilation t◦ := (t,e ) (t,[x(cid:0)u]::E) := (t{x(cid:0)u},E) Code Env Trans Code Env (l x.t)ur1...rk E db tr1...rk [x(cid:0)u]::E xr ...r E ::[x(cid:0)t]::E′ ta r ...r E ::[x(cid:0)t]::E′ 1 k var 1 k a wheret denotest whereboundnameshavebeenfreshlyrenamed. Figure2: Micro-Substituting AbstractMachine(MicroAM). Lemma4.3(One-StepSimulation). LetsbeaSearchingAMstate. Ifs→ uthenthereexistsastates′ wh suchthats ∗@l rb s′ ands′=u. Proof. Let nf (s) be the normal form of s with respect to , that exists and is unique by termi- @l @l nation of (Lemma 4.2.1) and determinism of the machine (Lemma 4.2.2). Since is mapped @l @l on identities (Lemma 4.1.2) one has nf (s) =s. By hypothesis s → -reduces, so that by progress @l wh (Lemma 4.2.3) nf@l(s) cannot be final. Then nf@l(s) rb s′, and nf@l(s)=s→wh s′ by the one-step simulation lemma(Lemma4.1.1). Bydeterminism of→ ,oneobtains s′=u. wh Finally, weobtaintheimplementation theorem. Theorem4.4. TheSearchingAMimplementstheweakheadstrategy. Proof. Executions toDerivations: byinduction onthelength |r |ofr usingLemma4.1. Derivations to Executions: byinduction onthelength|d|ofd usingLemma4.3andnotingthatt◦=t. 5 The Micro-Substituting Abstract Machine DecomposingMeta-LevelSubstitution. Thesecondtaskofabstractmachinesistoreplacemeta-level substitutiont{x(cid:0)u}withmicro-stepsubstitutionondemand,i.e. aparsimoniousapproximationofmeta- levelsubstitution basedon: 1. Sharing: whenab -redex(l x.t)uisinevaluationpositionitisfiredbutthemeta-levelsubstitution t{x(cid:0)u}isdelayed,byintroducinganannotation[x(cid:0)u]inadata-structurefordelayedsubstitutions calledenvironment; 2. Micro-StepSubstitution: variableoccurrences arereplacedoneatatime; 3. Substitution on Demand: replacement of a variable occurrence happens only when it ends up in evaluation position—variable occurrences that do not end in evaluation position are never substi- tuted. The purpose of this section is to illustrate this process in isolation via the study of a toy machine, the Micro-Substituting AbstractMachine(MicroAM)inFig.2,forgetting aboutthesearchforredexes. 8 TheComplexityofAbstractMachines Environments. We are going to treat environments in an unusual way: the literature mostly deals with local environments, to be discussed in Sect. 9, while here we prefer to first address the simpler notion of global environment, but to ease the terminology we will simply call them environments. So, an environment E is a list of entries of the form [x(cid:0)u]. Each entry denotes the delayed substitution of u for x. In a state (t,E′ ::[x(cid:0)u]::E′′) the scope of x is given byt and E′, as it is stated by forthcoming Lemma 5.1. The (global) environment models a store. As it is standard in the literature, it is a list, but the list structure is only used to obtain a simple decoding and a handy delimitation of the scope of its entries. These properties are useful to develop the meta-theory of abstract machines, but keep in mind that(global) environments arenotmeanttobeimplemented aslists. Code. The code under evaluation is now a l -term hr ...r expressed as a head h (that is either a b - 1 k redex (l x.t)u or a variable x) applied to k arguments—it is a by-product of the fact that the Micro AM doesnotaddresssearch. Transitions. Therearetwotransitions: • Delaying b : transition db removes the b -redex (l x.t)u but does not execute the expected sub- stitution {x(cid:0)u}, it rather delays it, adding [x(cid:0)u] to the environment. It is the b -transition of the MicroAM. • Micro-Substitution OnDemand: ifthe head ofthe code is avariable x and there isan entry [x(cid:0)t] intheenvironmentthentransition replacesthatoccurrenceofx—andonlythatoccurrence— var with a copy of t. It is necessary to rename the new copy of t (into a well-named term) to avoid nameclashes. Itistheoverheadtransition oftheMicroAM. Implementation. Compilation sendsa(well-named) termt totheinitialstate(t,e ),asfortheSearch- ingAM(butnowtheemptydata-structure istheenvironment). Thedecodingsimplyappliesthedelayed substitutions intheenvironment totheterm,considering themasmeta-levelsubstitutions. The implementation of weak head reduction → by the Micro AM can be shown using the recipe wh given for the Searching AM, and it is therefore omitted. The only difference is in the proof that the overheadtransition terminates,thatisbasedonadifferentargument. Wespellitoutbecauseitwill var beusefulalsolateronforcomplexityanalyses. Itrequiresthefollowinginvariantofmachineexecutions: Lemma5.1(NameInvariant). Lets=(t,E)beaMicroAMreachablestate. 1. Abstractions: ifl x.uisasubterm oft orofanycodeinE thenxmayoccuronlyinu; 2. Environment: ifE =E′::[x(cid:0)u]::E′′ thenxisfreshwithrespecttouandE′′. Proof. Byinduction on thelength ofthe execution r leading tos. Ifr isempty then sisinitial and the statement holds because t is well-named by hypothesis. If r is non-empty then it follows from the i.h. andthefactthattransitions preservetheinvariant, asanimmediateinspection shows. Lemma5.2(Micro-SubstitutionTerminates). terminatesinatmost|E|steps(onreachablestates). var Proof. Considera transitioncopyingufromtheenvironmentE′::[x(cid:0)u]::E′′. Ifthenexttransition var isagain ,thentheheadofuisavariableyandthetransition copiesfromanentryinE′′ because by var Lemma5.1 y cannot be bound by the entries in E′. Then the number of consecutive transitions is var boundbyE (thatisnotextended by ). var Theorem5.3. TheMicroAMimplementstheweakheadstrategy. B.Accattoli 9 Environments E := e |[x(cid:0)t]::E Decoding (t,e ,e ) := t Stacks p := e |t ::p (t,u::p ,E) := (tu,p ,E) Compilation t◦ := (t,e ,e ) (t,e ,[x(cid:0)u]::E) := (t{x(cid:0)u},e ,E) Code Stack Env Trans Code Stack Env tu p E t u::p E @l l x.t u::p E rb t p [x(cid:0)u]::E x p E ::[x(cid:0)t]::E′ ta p E ::[x(cid:0)t]::E′ var a wheret denotest whereboundnameshavebeenfreshlyrenamed. Figure3: MilnerAbstractMachine(MAM). 6 Search + Micro-Substitution = Milner Abstract Machine TheSearchingAMandtheMicroAMcanbemergedtogetherintotheMilnerAbstractMachine(MAM), defined in Fig. 3. The MAMhas both an argument stack and an environment. Themachine has one b - transition rb inherited from theSearching AM,andtwooverhead transitions, @l inherited from the the Searching AM and inherited from the Micro AM.Note that in the code now is simply a var var variable, because theargumentsaresupposed tobestoredintheargument stack. For the implementation theorem once again the only delicate point is to prove that the overhead transitions terminate. As for the Micro AM one needs a name invariant. A termination measure can thenbedefinedeasilybymixingthesizeofthecodes(needed for )andthesizeoftheenvironment @l (needed for ), and it is omitted here, because it will be exhaustively studied for the complexity var analysis oftheMAM.Therefore, weobtainthat: Theorem6.1. TheMAMimplementstheweakheadstrategy. 7 Introducing Complexity Analyses Thecomplexity analysisofabstractmachinesisthestudyoftheasymptoticbehavior oftheiroverhead. Parameters for Complexity Analyses. Letusreason abstractly, byconsidering ageneric strategy → in the l -calculus and a given machine M implementing →. By the derivations-to-executions part of the implementation (Definition 3.1), given a derivation d :t0 →n u there is a shortest execution r :t0◦ M s such that s = u. Determining the complexity of M amounts to bound the complexity of a concrete implementation ofr ,sayonaRAMmodel,asafunctionoftwofundamental parameters: 1. Input: thesize|t |oftheinitialtermt ofthederivation d; 0 0 2. Strategythelengthn=|d|ofthederivationd,thatcoincideswiththenumber|r |b ofb -transitions inr bytheb -matchingrequirement forimplementations. Notethatournotionofimplementationallowstoforgetaboutthestrategywhilestudyingthecomplexity of the machine, because the twofundamental parameters are internalized: the input issimply the initial codeandthelengthofthestrategyissimplythenumberofb -transitions. 10 TheComplexityofAbstractMachines TypesofMachines. Theboundontheoverheadofthemachineisthenusedtoclassifyit,asfollows. Definition7.1. LetManabstractmachineimplementing astrategy →. Then • Misreasonable ifthecomplexity ofMispolynomial intheinput|t0|andthestrategy |r |b ; • Misunreasonable ifitisnotreasonable; • Misefficientifitislinearinboththeinputandthestrategy(wesometimessaythatitisbilinear). RecipeforComplexityAnalyses. Theestimationofthecomplexityofamachineusuallytakes3steps: 1. Number of Transitions: bound the length of the execution r simulating the derivation d, usually havingaboundoneverykindoftransition ofM. 2. Cost of Single Transitions: bound the cost of concretely implementing a single transition of M— differentkindoftransitions usuallyhavedifferent costs. Hereitisusuallynecessary togobeyond theabstract level,makingsome(high-level) assumption onhowcodesanddata-structure arecon- cretelyrepresented (ourcasestudywillprovideexamples). 3. Complexity of the Overhead: obtain the total bound by composing the first two points, that is, by takingthenumberofeachkindoftransition timesthecostofimplementing it,andsummingover allkindsoftransitions. 8 The Complexity of the MAM In this section we provide the complexity analysis of the MAM, from which analyses of the Searching andMicroAMeasilyfollow. TheCrucialSubtermInvariant. Theanalysis isbasedonthefollowingsubterm invariant. Lemma8.1(Subterm Invariant). Letr :t◦ (u,p ,E)be aMAMexecution. Thenuand any code 0 MAM inp andE aresubtermsoft . 0 NotethattheMAMcopiescodeonlyintransition ,whereitcopiesacodefromtheenvironment var E. Therefore, thesubterm invariant boundsthesizeofthesubtermsduplicated alongtheexecution. Letusbeprecise about subterms: forus, uisasubterm oft ifitdoessouptovariable names, both 0 free and bound (and so the distinction between terms and codes is irrelevant). More precisely: define t− as t in which all variables (including those appearing in binders) are replaced by a fixed symbol ∗. Then,wewillconsiderutobeasubtermoft wheneveru− isasubtermoft− intheusualsense. Thekey property ensuredbythisdefinitionisthatthesize|u|ofuisbounded by|t|. Proof. Byinduction onthelength ofr . Thebasecaseisimmediate andtheinductive one followsfrom thei.h. andtheimmediatefactthatthetransitions preserve theinvariant. Thesubterm invariant iscrucial, fortworelated reasons. First,itlinearly relates thecost ofduplica- tions to the size of the input, enabling complexity analyses. With respect to the length of the strategy, then, micro-step operations have constant cost, as required by the recipe for micro-step operational se- manticsinSect.2. Second,itimpliesthatsize-explosion hasbeencircumvented: duplications arelinear, andsothesize ofthestatecangrowatmostlinearly withthenumber ofsteps, i.e. itcannot explode. In particular, wealsoobtainthecompactrepresentation oftheresultsrequired bytherecipe.