A Coinductive Formulation of the \coinduction Theorem" by Michael and Appel

1 Inductive Treatment of Safety In MA00] Neophytos G. Michael and Andrew W. Appel introduce machine safety for a transition relation 7 ! on the set of machine states S as follows: Safe(s) :() 8s 0 : s 7 ! s 0) 9s 00 : s 0 7 ! s 00 This expresses that a state is safe if after a nite number of transitions starting from this state there is still one more possible transition. Given an invariant Inv S, written Inv(s) for s 2 Inv, they deene the properties progress and preservation by: Prog(Inv) :() 8s: Inv(s)) 9s 0 : s 7 ! s 0 Pres(Inv) :() 8s; s 0 : Inv(s) ^ s 7 ! s 0) Inv(s 0) Prog states that an invariant enables progress if it enables a further transition step. Pres expresses that the invariant is preserved by the step relation. It is clear that a progressive and preserved invariant that holds for the initial state guarantees safety, which they state in the \coinduction theorem": Inv(s 0) Prog(Inv) Pres(Inv) Safe(s 0) Assuming progression and preservation of Inv globally, the theorem can be re-formulated as Inv(s 0) s 0 7 ! s 0 9s 00 :s 0 7 ! s 00 This is easily proven by induction on s 0 7 ! s 0 : Case s 0 = s 0 : Immediately by Prog(Inv).