1 Programming Languages (CS 550) Lecture 9 Summary Introduction to Formal Semantics Jeremy R....
39
1 Programming Languages (CS 550) Lecture 9 Summary Introduction to Formal Semantics Jeremy R. Johnson
-
Upload
willa-gaines -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Programming Languages (CS 550) Lecture 9 Summary Introduction to Formal Semantics Jeremy R....
1
Programming Languages (CS 550)
Lecture 9 SummaryIntroduction to Formal Semantics
Jeremy R. Johnson
2
Theme
This lecture introduces three techniques for formally specifying the semantics of programming languages: operational semantics (formal machine model), denotational semantics, and axiomatic semantics.
So far we have extensively used operational semantics (meta-circular interpreter and interpreters built using other languages), the approaches outlined are related but more mathematical.
3
Outline
Operational SemanticsReduction machineProlog implementation
Denotational SemanticsTranslating programs to mathematical functionsScheme implementation
Axiomatic SemanticsSpecificationsPredicate transformersCorrectness proofs
4
Mini Language Syntax
1. < program > → < stmt-list>
2. < stmt-list> → < stmt > ; < stmt-list > | < stmt >
3. < stmt > → < assign-stmt > | < if-stmt > | < while-stmt >
4. < assign-stmt > → < identifier > := < expr >
5. < if-stmt > → if < expr > then < stmt-list > else < stmt-list > fi
6. < while-stmt > → while < expr > do < stmt-list > od
7. < expr > → < expr > + < term > | < expr > - < term > | < term >
8. < term > → < term > * < factor > | < factor >
9. < factor > → ( < expr > ) | < number > | < identifier >
10. < number > → < number > < digit > | < digit >
11. < digit > → 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
12. < identifier > → < identifier > < letter > | < letter >
13. < letter > → a | b | c | ... | z
5
Environments
Let an Environment be a map from indentifiers to values = integers undefined
Mini language programs can be thought of as a map from an initial Environment to a final Environment (assuming it terminates)
The initial environment maps all identifiers to an undefined
Each statement is defined in terms of what it does to the current environment (another mapping)
6
Semantics of Mini Language Statements
1. Env: Identifier → Integer Union {undef}
2. (Env and {I = n})(J) = n if J=I, Env(J) otherwise
3. Env_0 = undef for all I
4. for if-stmt, if expr evaluates to value greater than 0, then evaluate stmt-list after then, else evaluate stmt-list after else
5. for while-stmt, as long as expr evaluates to a value greater than 0, stmt-list is repeatedly executed and expr evaluated.
7
Example Mini Language Program
1. n := 0 - 5;
2. if n then i := n else i := 0 - n fi;
3. fact := 1;
4. while i do fact := fact * i; i := i - 1 od
What is the final environment?
8
Operational Semantics
Define language by describing its actions in terms of operations of an actual or hypothetical machine. Need precise description of machineProgram Control Store
Reduction machineReduce program to a semantic “value”Reduction rules (logical inference rules)
9
Operational Semantics of Mini Language Expressions
(1) ‘0’ 0,…, ‘9’ 9(2) V’0’ 10*V,…,V’9’ 10*V+9
(3) V1 ‘+’ V2 V1 + V2
(4) V1 ‘+’ V2 V1 + V2
(5) V1 ‘*’ V2 V1 * V2
10
Mini Language Expressions
(7) E E1 _____________________________________________________________________
E ‘+’ E2 E1 ‘+’ E2
(8) E E1 _____________________________________________________________________
E ‘-’ E2 E1 ‘-’ E2
(9) E E1 _____________________________________________________________________
E ‘*’ E2 E1 ‘*’ E2
11
Mini Language Expressions
(10) E E1 _____________________________________________________________________
V ‘+’ E V ‘+’ E1
(11) E E1 ____________________________________________________________________
V ‘-’ E V ‘-’ E1
(12) E E1 ____________________________________________________________________
V ‘*’ E V ‘*’ E1
(14) E E1, E1 E2 [transitive closure] _____________________________________________________________________
E E2
12
Implementation in Prolog% reduce_all(times(plus(2,3),minus(5,1)),V).
% V = 20 ?
reduce(plus(E,E2),plus(E1,E2)) :- reduce(E,E1).
reduce(minus(E,E2),minus(E1,E2)) :- reduce(E,E1).
reduce(times(E,E2),times(E1,E2)) :- reduce(E,E1).
reduce(plus(V,E),plus(V,E1)) :- reduce(E,E1).
reduce(minus(V,E),minus(V,E1)) :- reduce(E,E1).
reduce(times(V,E),times(V,E1)) :- reduce(E,E1).
reduce(plus(V1,V2),R) :- integer(V1), integer(V2), !, R is V1+V2.
reduce(minus(V1,V2),R) :- integer(V1), integer(V2), !, R is V1-V2.
reduce(times(V1,V2),R) :- integer(V1), integer(V2), !, R is V1*V2.
reduce_all(V,V) :- integer(V), !.
reduce_all(E,E2) :- reduce(E,E1), reduce_all(E1,E2).
13
Environments and Assignment
(7) <E | Env> <E1| Env> ______________________________________________________________________________________________________________________________
<E ‘+’ E2 | Env> < E1 ‘+’ E2 | Env>
(15) Env(I) = V ____________________________________________________________________________
<I | Env> <V | Env>
14
Environments and Assignment
(16) <I ‘:=’ V | Env> Env & {I = V}
(17) <E | Env> <E1 | Env> ______________________________________________________________________________________________________________________
<I ‘:=’ E | Env> <I ‘:=’ E1 | Env>
(18) <S | Env> Env1 ______________________________________________________________________________________________
<S ‘;’ L | Env> <L | Env1>
(19) L < L | Env0>
15
Implementation in Prolog
Configurations<E | Env> Config(E,Env)
Environments[value(I1,v1),...,value(In,vn)]
Predicate to lookup values Lookup(Env,I,V)
16
Implementation in Prolog
Configurations<E | Env> Config(E,Env)
Environments[value(I1,v1),...,value(In,vn)]
Predicate to lookup values Lookup(Env,I,V)
lookup([value(I,V)|_],I,V).
lookup([_|Es],I,V) :- lookup(Es,I,V), !.
17
Implementation in Prolog
% reduce_value(config(times(plus(x,3),minus(5,y)),[value(x,2),value(y,1)]),V).
% V = config(20,[value(x,2),value(y,1)]) ?
reduce(config(plus(E,E2),Env),config(plus(E1,E2),Env)) :-
reduce(config(E,Env),config(E1,Env)).
reduce(config(I,Env),config(V,Env)) :- atom(I), lookup(Env,I,V).
reduce_all(config(V,Env),config(V,Env)) :- integer(V), !.
reduce_all(config(E,Env),config(E2,Env)) :-
reduce(config(E,Env),config(E1,Env)), reduce_all(config(E1,Env),config(E2,Env)).
reduce_value(config(E,Env),V) :- reduce_all(config(E,Env),config(V,Env)).
18
If Statements
(20) <E | Env> <E1| Env> __________________________________________________________________________________________________________________________________
<‘if’ E ‘then’ L1 ‘else’ L2 ‘fi’ | Env> <‘if’ E1 ‘then’ L1 ‘else’ L2 ‘fi’ | Env>
(21) V > 0 ______________________________________________________________________________________________________________________________
<‘if’ V ‘then’ L1 ‘else’ L2 ‘fi’ | Env> < L1|Env>
(22) V 0 _____________________________________________________________________
<‘if’ V ‘then’ L1 ‘else’ L2 ‘fi’ | Env> < L2|Env>
19
While Statements
(23) <E | Env> <V| Env>, V 0 ________________________________________________________________________________________________________________
<‘while’ E ‘do’ L ‘od’|Env> Env
(24) <E | Env> <V| Env>, V > 0 _____________________________________________________________________________________________________________
<‘while’ E ‘do’ L ‘od’|Env> <L;‘while’ E ‘do’ L ‘od’|Env>
20
Implementation in Prolog% Test cases:
% reduce_exp_all(config(plus(times(2,5),minus(2,5)),[]),V).
% V = config(7,[])
% reduce_exp_all(config(plus(times(x,5),minus(2,y)),[value(x,2),value(y,5)]),V).
% V = config(7,[value(x,2),value(y,5)])
% reduce_all(config(seq(assign(x,3),assign(y,4)),[]),Env).
% Env = [value(x,3),value(y,4)]
% reduce(config(if(3,assign(x,3),assign(x,4)),[]),Env).
% Env = [value(x,3)]
% reduce(config(if(0,assign(x,3),assign(x,4)),[]),Env).
% Env = [value(x,4)]
% reduce_all(config(if(n,assign(i,0),assign(i,1)),[value(n,3)]),Env).
% Env = [value(n,3),value(i,0)]
21
Implementation in Prolog% reduce_all(config(while(x,assign(x,minus(x,1))),[value(x,3)]),Env).
% Env = [value(x,0)]
% reduce_all(config(
% seq(assign(n,minus(0,3)),
% seq(if(n,assign(i,n),assign(i,minus(0,n))),
% seq(assign(fact,1),
% while(i,seq(assign(fact,times(fact,i)),assign(i,minus(i,1)))))))
% ,[]),Env).
% Env = [value(n,-3),value(i,0),value(fact,6)]
22
Denotational Semantics
Use functions to describe semantics of a programming language. Associate semantic value to syntactically
correct constructMap syntactic domain to semantic domainVal: Expression IntegerVal(2 + 3*4) = 1414 “denotes” the value of the expression 2+3*4
P: Program (Input Output)Program Input Output [right associate]
23
Denotational Semantics of Mini Language (Expressions)
E: Expression Environment Integer
E[[E1 ‘+’ E2]](Env) = E[[E1]](Env) + E[[E2]](Env)
E[[E1 ‘-’ E2]](Env) = E[[E1]](Env) - E[[E2]](Env)
E[[E1 ‘*’ E2]](Env) = E[[E1]](Env) * E[[E2]](Env)
E[[I]](Env) = Env(I)E[[N]](Env) = N
24
Implementation in Scheme
(define (exprE expr)
(cond ((number? expr) (numE expr))
((ident? expr) (identE expr))
((plus? expr) (plusE expr))
((minus? expr) (minusE expr))
((times? expr) (timesE expr))
(else (error "illegal expression"))))
(define (env exp)
(if (eq? exp 'x) 3 'undef))
((exprE '(+ 2 x)) env)
;Value: 5
(define (numE expr)
(lambda (env) expr))
(define (identE expr)
(lambda (env) (env expr)))
(define (plusE expr)
(lambda (env)
(let ((expr1 (cadr expr)) (expr2 (caddr expr)))
(+ ((exprE expr1) env) ((exprE expr2) env)))))
25
Denotational Semantics of Mini Language (Expressions)
P: Program EnvironmentP[[L]] = L[[L]](Env0)
L: Statement-list Environment EnvironmentL[[L1 ‘;’ L2]] = L[[L1]] L[[L2]]
L[[S]] = S[[S]]
26
Implementation in Scheme(define (progP prog)
(if (stmt-list? prog)
(stmt-listL prog)
(error "illegal program")))
(define (stmt-listL stmt-list)
(let ((first-stmt (car stmt-list)) (remaining-stmts (cdr stmt-list)))
(if (null? remaining-stmts)
(stmtS first-stmt)
(compose (stmt-listL remaining-stmts) (stmtS first-stmt)))))
(define (compose f g)
(lambda (x)
(f (g x))))
27
Denotational Semantics of Mini Language (Statements)
S: Statement Environment EnvironmentS[[I ‘:=’ E]](Env) = Env & {I = E[[E]](Env)} S[[‘if’ E ‘then’ L1 ‘else’ L2]](Env) =
if E[[E]](Env) > 0 then L[[L1]](Env) else L[[L2]](Env)
S[[‘while’ E ‘do’ L od’]](Env) = if E[[E]](Env) 0 then Env else S[[‘while’ E ‘do’ L od’]](L[[L]](Env))
28
Implementation in Scheme(define (stmtS stmt)
(cond ((assign-stmt? stmt) (assignS stmt))
((if-stmt? stmt) (ifS stmt))
((while-stmt? stmt) (whileS stmt))
(else (error "illegal statement"))))
(define (assignS stmt)
(let ((ident (cadr stmt)) (expr (caddr stmt)))
(lambda (env)
(lambda (var)
(if (eq? var ident) ((exprE expr) env) (env var))))))
29
Implementation in Scheme(define (ifS stmt)
(let ((expr (cadr stmt)) (S1 (caddr stmt)) (S2 (cadddr stmt)))
(lambda (env)
(if (> ((exprE expr) env) 0)
((stmt-listL S1) env)
((stmt-listL S2) env)))))
(define (whileS stmt)
(let ((expr (cadr stmt)) (S (caddr stmt)))
(lambda (env)
(if (<= ((exprE expr) env) 0)
env
((whileS stmt) ((stmt-listL S) env))))))
30
Implementation in Scheme(define prog
'((assign n (- 0 5))
(if n
((assign i n))
((assign i (- 0 n))))
(assign fact 1)
(while i
((assign fact (* fact i))
(assign i (- i 1))))))
(define env0 (lambda (ident) 'undef))
(env0 'x);Value: undef
(define envf ((progP prog) env0));Value: envf
(envf 'n);Value: -5
(envf 'i);Value: 0
(envf 'fact);Value: 120
31
Axiomatic Semantics
Describe semantics of language constructs by their effect on assertions about the data manipulated by the program. Pre and post conditions
{x = A} x := x + 1 {x = A+1} {y 0} x := 1/y {x = 1/y}
Program specifications { n ≥ 0, 1 i n, a[i] = A[i]} sort-program {sorted(a)
and permutation(a,A)}
Correctness Proofs
32
Weakest Precondition
Given Q, Lots of preconditions P such that{P}C{Q}{x = 3}x := x + 1{x > 0}{x ≥ 3}x := x + 1{x > 0}…{x > -1}x := x + 1{x > 0}
Weakest (or most general) preconditionwp(C,Q){P}C{Q} iff P wp(C,Q)
33
Properties of wp
Law of the Excluded miraclewp(C,false) = false
Distributivity of Conjunctionwp(C,P and Q) = wp(C,P) and wp(C,Q)
Law of MonotonicityIf Q R then wp(C,Q) wp(C,R)
Distributivity of Disjunctionwp(C,P) or wp(C,Q) wp(C,P or Q)Equal if C is deterministic
34
Axiomatic Semantics of Mini Language
Semantics of C is the functionwp(C,_) from assertions to assertionsPredicate transformer
Statement-listwp(L1;L2,Q) = wp(L1,wp(L2,Q))
Assignment Statementswp(I := E,Q) = Q[E/I]wp(x:=x+1,x>0) = (x+1 > 0) = (x > -1)wp(x:=x+1,x=A) = (x+1 = A_ = (x = A-1)
35
Axiomatic Semantics of Mini Language
If Statementswp(if E the L1 else L2 fi,Q) = (E > 0
wp(L1,Q)) and (E 0 wp(L2,Q))
wp(if x then x := 1 else x := -1,x=1)(x > 0 1=1) and (x 0 -1=1) true and (x > 0) x > 0
36
Axiomatic Semantics of Mini Language
While StatementsHi(while E do L od,Q), while executes i
iterations and terminates satisfying Q
H0(while E do L od,Q) = (E 0 Q)
Hi+1(while E do L od,Q) = (E > 0 wp(L,Hi(while E do L od,Q)
wp(while E do L od,Q) = i, Hi(while E do L od,Q)
37
Correctness Proofs
Loop Invariantswhile E do L odFind W such that W wp(while…,Q)
W and (E > 0) wp(L,W) W and (E 0) Q P W
If while loop terminates , W wp(while…,Q)Proves {P}while E do L od{Q}
38
Correctness Proofs
Loop invariant (fact = (i+1)n, i≥0){n > 0}i := n;fact := 1;while i do
fact := fact*i; i := i-1;
od
39
Correctness Proofs
W = (fact = (i+1)n, i≥0)wp(fact := fact*i,i:=i-1,W)= wp(fact := fact*i,wp(i:=i-1,W))= wp(fact := fact*i,fact=((i-1)+1)n, i-1≥0)= wp(fact := fact*i,fact=in, i-1≥0)= (fact*i=in, i-1≥0) = (fact = (i+1)n, i-1≥0)
W and i > 0 wp(L,W)W and i 0 fact = n!n > 0 wp(i:=n,fact := 1,W) = (n ≥ 0)
