The following is a calculational style proof that the transfer functions in the Very Busy (VB) expression analysis are monotone. We assume label consistency throughout. As an instance of a monotone framework, the VB analysis is (L, Funs, F, E, i, f_.) where: L = (Powerset(Aexp*), \bigcap), so the join operator is set intersection and the approximation ordering \sqsubseteq is \supseteq (superset containment). F = flow^R(S*), so this is a backwards analysis E = {}, so the initial value for the final nodes is the empty set i = final(S*), since this is a backwards analysis f_. determines the entry information for each node from the exit information (since this is a backwards analysis), and is defined by f_.(l)(Lexit) = (Lexit \ killVB(B^l)) \cup genVB(B^l) where B^l \in blocks(S*) and killVB and genVB are defined as follows: killVB: Blocks* -> Powerset(Aexp*) killVB([x:= a]^l) = {a' \in Aexp* | x \in FV(a')} killVB([skip]^l) = {} killVB([b]^l) = {} genVB: Blocks* -> Powerset(Aexp*) genVB([x:= a]^l) = Aexp(a) genVB([skip]^l) = {} genVB([b]^l) = Aexp(b) Thus we can define the three different kinds of transfer functions as follows. Case 1: the label l is for an assignment statement, [x := a]^l. For this case we have: f_.(l)(Lexit) = {by definition of f_. for assignment statement blocks} (Lexit \ killVB([x := a]^l)) \cup genVB([x := a]^l) = {by definition of killVB} (Lexit \ {a' \in Aexp* | x \in FV(a')}) \cup genVB([x := a]^l) = {by definition of genVB} (Lexit \ {a' \in Aexp* | x \in FV(a')}) \cup Aexp(a) Case 2: the label l is for a skip statement, [skip]^l. For this case we have f_.(l)(Lexit) = {by definition of f_. for assignment statement blocks} (Lexit \ killVB([skip]^l)) \cup genVB([skip]^l) = {by definition of killVB} (Lexit \ {}) \cup genVB([skip]^l) = {by set theory} Lexit \cup genVB([skip]^l) = {by definition of genVB} Lexit \cup {} = {by set theory} Lexit Case 3: the label l is for a conditional expression, [b]^l. For this case we have f_.(l)(Lexit) = {by definition of f_. for conditional expression blocks} (Lexit \ killVB([b]^l)) \cup genVB([b]^l) = {by definition of killVB} (Lexit \ {}) \cup genVB([b]^l) = {by set theory} Lexit \cup genVB([b]^l) = {by definition of genVB} Lexit \cup Aexp(b) Recall that the definition of a monotone function is the following. Def: f is a monotone function on (L, \sqsubseteq) iff for all L0 and L1, L0 \sqsubseteq L1 ==> f(L0) \sqsubseteq f(L1). The following lemmas about set theory will be helpful. Lemma 1: Suppose X, Y, and Z are sets. Then (X \ Z) \supseteq (Y \ Z) <== X \supseteq Y. Proof: Let X, Y, and Z be given. We calculate starting from the more complex side. (X\Z) \supseteq (Y\Z) = {by def of \supseteq} (forall e :: e \in (Y\Z) ==> e \in (X\Z)) = {by def of set subtraction (\), twice} (forall e :: ((e \in Y) /\ !(e \in Z)) ==> ((e \in X) /\ !(e \in Z))) <== {by predicate calculus} (forall e :: e \in Y ==> e \in X) = {by def of \supseteq} X \supseteq Y (end of lemma 1's proof) Lemma 2: Suppose X, Y, and Z are sets. Then (X \cup Z) \supseteq (Y \cup Z) <== X \supseteq Y. Proof: Let X, Y, and Z be given. We calculate starting from the more complex side. (X \cup Z) \supseteq (Y \cup Z) = {by def of \supseteq} (forall e :: (e \in (Y \cup Z)) ==> (e \in (X \cup Z))) = {by def of \cup} (forall e :: ((e \in Y) \/ (e \in Z)) ==> ((e \in X) \/ (e \in Z))) = {by def of implication} (forall e :: !((e \in Y) \/ (e \in Z)) \/ ((e \in X) \/ (e \in Z))) = {by DeMorgan's Laws} (forall e :: (!(e \in Y) /\ !(e \in Z)) \/ ((e \in X) \/ (e \in Z))) = {by disjunction distributes over conjunction} (forall e :: ((!(e \in Y) \/ (e \in Z)) /\ (!(e \in Z) \/ (e \in Z))) \/ ((e \in X))) = {by !A \/ A == true} (forall e :: ((!(e \in Y) \/ (e \in Z)) /\ true) \/ ((e \in X))) = {by A /\ true == true} (forall e :: !(e \in Y) \/ (e \in X) \/ (e \in Z)) = {by def of implication} (forall e :: (e \in Y) ==> (e \in X) \/ (e \in Z)) <== {by predicate calculus (weakening)} (forall e :: (e \in Y) ==> (e \in X)) = {by def of \supseteq} X \supseteq Y (end of lemma 2's proof) With all that background and the two lemmas, we can now state and prove the main theorem. Theorem: Each of the transfer functions in the VB analysis for the WHILE language are monotone. Proof: There are three cases, one for each kind of block. For each case we must show that in this case f_.(l) is monotone, meaning for all L0, L1, L0 \sqsubseteq L1 ==> f_.(l)(L0) \sqsubseteq f_.(l)(L1). Case 1: for assignment blocks of the form [x := a]^l, f_.(l)(Lexit) = (Lexit \ {a' \in Aexp* | x \in FV(a')}) \cup Aexp(a) So assume that L0 \sqsubseteq L1, which by definition of \sqsubseteq for this property space means that L0 \supseteq L1. We show that f_.(l)(L0) \sqsubseteq f_.(l)(L1) by the following calculation. f_.(l)(L0) \sqsubseteq f_.(l)(L1) = {by definition of \sqsubseteq for this property space} f_.(l)(L0) \supseteq f_.(l)(L1) = {by definition of f_.(l) for this case, twice} (L0 \ {a' \in Aexp* | x \in FV(a')}) \cup Aexp(a) \supseteq (L1 \ {a' \in Aexp* | x \in FV(a')}) \cup Aexp(a) <== {by Lemma 1 below, with L0 for X, L1 for Y, and {a' \in Aexp* |...} for Z} (L0 \cup Aexp(a)) \supseteq (L1 \cup Aexp(a)) <== {by Lemma 2 below, with L0 for X, L1 for Y, and Aexp(a) for Z} L0 \supseteq L1 = {by definition of \sqsubseteq for this property space} L0 \sqsubseteq L1 Case 2: for skip blocks of the form [skip]^l In this case f_.(l)(Lexit) = Lexit. So we calculate as follows. f_.(l)(L0) \sqsubseteq f_.(l)(L1) = {by definition of \sqsubseteq for this property space} f_.(l)(L0) \supseteq f_.(l)(L1) = {by definition of f_.(l) for this case, twice} L0 \supseteq L1 = {by definition of \sqsubseteq for this property space} L0 \sqsubseteq L1 Case 3: for boolean conditional expression blocks of the form [b]^l In this case f_.(l)(Lexit) = Lexit \cup Aexp(b). So we calculate as follows. f_.(l)(L0) \sqsubseteq f_.(l)(L1) = {by definition of \sqsubseteq for this property space} f_.(l)(L0) \supseteq f_.(l)(L1) = {by definition of f_.(l) for this case, twice} (L0 \cup Aexp(b)) \supseteq (L1 \cup Aexp(b)) <== {by Lemma 2, with L0 for X, L1 for Y, and Aexp(b) for Z} L0 \supseteq L1 = {by definition of \sqsubseteq for this property space} L0 \sqsubseteq L1 QED