C LAUS B RABRAND S EMANTICS (Q1,’05) O CT 13, 2005 C LAUS B RABRAND © 2005, University of Aarhus...

CLAUS BRABRAND SEMANTICS (Q1,’05) OCT 13, 2005

CLAUS BRABRAND

© 2005, University of Aarhus

[ [email protected] ] [ http://www.daimi.au.dk/~brabrand/ ]

SEMANTICS (Q1,’05)

WEEK 7: ”PROGRAM EQUIVALENCE AND IMPERATIVE FEATURES”

CLAUS BRABRAND © SEMANTICS (Q1,’05)[ 2 ]

OCT 13, 2005

Course Structure

Introduction [background]: Prerequisitional Math // 1 week

Part I [describe/explain/analyze]: Structural Operational Semantics // 3

weeks

Part II [compare/reason]: Concurrency and Communication (CCS) // 1 week

Part III [compare/prove/apply]: Equivalence: Bisimulation and Games // 1 week

Practice [link to real world]: Imperative Features + Sem in Practice // 1 week


OCT 13, 2005

Week 7 - Outline

Issues from week 6

Course Evaluation Program Equivalence Imperative Blocks Sketch: Various Language Extensions “The Environment-Store Model” Other Semantic Formalisms“Semantics in Practice” [at 13:15] (Peter Gorm Larsen, IHA)


OCT 13, 2005

“3x3 main issues” from week 6

Project: 1. sample solutions (which and when) ? [today] 2. how to specify an infinite trace ? [sample solutions] 3. grades (when) ? [Monday 17/10]

Exam: 4. prefer weekly hand-ins over project !!! [me+TAs too!!!] 5. size of exam: |exam| ~ |project| ? [slightly smaller] 6. more practical information ! [specific

questions?]

FYI (message from TAs): 7. “read” the project (and the exam) ! 8. “argue” vs. “prove” ! 9. Q/A session (on next Monday) !

Main Entry: 1read Pronunciation: 'rEdFunction: verbInflected Form(s): read /'red/; read·ing /'rE-di[ng]/

1a to receive or take in the sense of (as letters or symbols) especially by sight or touch

Meriam Webster(“read”)


OCT 13, 2005

Example Exam Exercise:Prove by structural induction determinism for the SOS:


COURSE EVALUATION


OCT 13, 2005

Course Evaluation

“Tilfredshedsundersøgelse”: From an Evaluation-Theoretical perspective:


OCT 13, 2005

Course Evaluation

Your e aluation is important and matters!: Gives you a chance to voice your opinion Helps improve next year’s course Helps improve my teaching (in general) Impacts (+/-) my personal employment opportunities at uni May influence larger didactic strategies for whole dept. / uni

Invariables (beyond my influence): Fixed project form (i.e., one (exam-like) project)

as opposed to weekly hand-ins (with a distributed workload)! Fixed exam form (i.e., 2-3 days “take-home”)

as opposed to 4-hr-written / oral exam Material situation

not easy to find adequate textbook (plan to write notes next year)


PROGRAM EQUIVALENCE


OCT 13, 2005

Program Equivalence ()?

Program equivalence () ?: x1FV(E2) x2FV(E1)

...

How do we know they are “equivalent” ? …and what does that mean ?

C ; nil nil ; C C

if B then C else C’ if ~B then C’ else C

(C1 ; C2) ; C3 C1 ; (C2 ; C3)

repeat C until B C ; while ~B do C

x1 := E1 ; x2 := E2 x2 := E2 ; x1 := E1

nil nil ; nil


OCT 13, 2005

Behavior and Behavioral Equivalence

Assume deterministic language L:

Def: Behavior: Partial function :

exec(C,) =

Def: Behavioral equivalence (C C’):

’ if <C,> * ’

undef otherwise e.g. nontermination,abnormal termination

exec : Com Store Store

Store: exec(C,) = exec(C’,)i.e. the two commands produce the same resulting store, ’, (but not necessarily in the same number of steps)

if both defined


OCT 13, 2005

Congruence ()

Theorem: “” is a congruence [proof omitted]

i.e., we can substitute equivalent fragments in programs!

Example (Java):

C C’ => P[C] P[C’] , for all contexts P[]

class C { D void m() { S’ for (E1 ; E2 ; E3) S0

S” }}

safe transformation

who:compiler, homo-sapiens,

combination (refactoring tools), …

why:readability, optimization, simplification, …

class C { D void m() { S’ { E1 ; while (E2) { S0

E3 ; }} S” }}

class C { D void m() { S’ [ ] S’’ }}


OCT 13, 2005

How to Prove Behavioral Equivalence?

How do we prove: (for given C, C’)? i.e.:

For derivation sequences of any length, n

C C’

,’: (<C,> * ’) (<C’,> * ’)

Store: exec(C,) = exec(C’,) if both defined

,’: (<C,> * ’) (<C’,> * ’)

,’: (<C,> * ’) (<C’,> * ’)

,’: (<C,> n ’) (<C’,> * ’)

,’: (<C,> * ’) (<C’,> n ’)


OCT 13, 2005

Induction on the Length of Derivation Seq’s

Base case: P(k=0) Prove that the property, P, holds

for all derivation sequences of length 0 (zero)

Inductive step: P(k) P(k+1) Assume P(k):

that the property holds for derivation sequences of length k

Prove P(k+1): that it holds for derivation sequences of length k+1

Then: n: P(n) Property P holds for all derivation sequences (any length)


OCT 13, 2005

…Or

How do we prove: (for given C, C’)? i.e.:

For some intermediate configuration,

C C’

,’: (<C,> * ’) (<C’,> * ’)

Store: exec(C,) = exec(C’,) if both defined

,’: (<C,> * ’) (<C’,> * ’)

,’: (<C,> * ’) (<C’,> * ’)

: (<C,> * ) (<C’,> * )

: (<C,> * ) (<C’,> * )


OCT 13, 2005

Example (Proof Structure)

Example:

Prove “” (let be given w/o assumptions):

Assume [LHS]: Show [RHS]:

Case analysis on possible derivations for [LHS]…

if B then C else C’ if ~B then C’ else C

<if B then C else C’, > * <if ~B then C’ else C, > *

for some

<if B then C else C’, > *

<if ~B then C’ else C, > *


OCT 13, 2005

Example (cont’d)

Case [B * tt]:

Then construct:

Analogous for [B * ff] Symmetric for the other direction “”

<if B then C else C’,> <C,’>C1

<B,> <tt,>B*

[IF1]

<if ~B then C’ else C,> <C,’>C1

<~B,> <ff,>B1

[IF2]

<B,> <tt,>B*

[NEG1]

proof

proof

C*

C*

’

’

proof ’

proof ’


IMPERATIVE BLOCKS


OCT 13, 2005

Semantics of Definitions

Semantics of Definitions:

[NIL]D

<nil, > D

<var x := A, > D ’[x=z][VAR]D

<A, > A* <z, ’>

<D0 ; D1, > D <D0’ ; D1, ’>[SEQ1]D

<D0, > D <D0’, ’>

<D0 ; D1, > D <D1, ’>[SEQ2]D

<D0, > D ’

extend store

Note: [Plotkin] does this differently (through env-store model); read it yourselves…


OCT 13, 2005

Semantics of Blocks

Semantics of Blocks:

[BLK1]C

<begin D ; C end, > C <begin(V,0) C end, ’><D, > D ’

[BLK2]C

<begin(V,0) C end, > C <begin(V,0) C’ end, ><C, > C <C’,’>

[BLK3]C

<begin(V,0) C end, > C (’ \ V) [0]

<C, > C ’

remember shadowed values : 0 = |V

remember set of locally defined variables : V = DV(D)

purge locally defined variables and restore old shadowed values

Def: |V := {v=(v)|vVDV()}

Def: \V := {v=(v)|vDV()\V}


OCT 13, 2005

Dynamic vs. Static Scope Rules

Example: x := 2 ;begin var x := 7 ; nilend// here: x has the value...

[BLK3]C

<begin(V,0) C end, > C (’ \ V) [0]

<C, > C ’


“Static Scope Rules”x = 2

“Dynamic Scope Rules”x = 7

restoring old shadowed values not restoring …


OCT 13, 2005

Inaccessible Val’s (Garbage Collection)

Example:

[BLK3]C

<begin(V,0) C end, > C (’ \ V) [0]

<C, > C ’


// x undefinedbegin var x := 7 ; nilend// here x is ...

“No Inaccessible Values”x isn’t in the store

(garbage collection)!

“Inaccessible Values”x is in the store

(but inaccessible)!

purging locally defined vars not purging …


LANGUAGE EXTENSIONS


OCT 13, 2005

Language Extensions

Language extensions: Simple language without variables:

E E’

Adding variables (=> environments): |- E E’ : VAR VAL

Adding assignments (=> stores): <E,> <E’,’> : VAR VAL

Adding output (=> output “tape”): <E,> <E’,’> VAL*


OCT 13, 2005

SOS Extensions (cont’d)

…more extensions: Adding stack operations (=> value stack)

<E,s> <E’,s’> s VAL*

Runtime-errors (=> error values): E errorK = Exp {errorK}

Exceptions (=> exception values): E exceptionK = Exp {exceptionK}

Adding jumps/gotos (=> labels and label map) L |- C C’ L : LABEL

COM


OCT 13, 2005


…even more extensions: Adding functions (=> function environment):

F |- E E’ F : FNAME EXP

Adding statically scoped functions: F |- E E’ F : FNAME EXP

ENV

Adding procedures (=> procedure environment): P |- C C’ P : PNAME COM

Adding statically scoped procedures: P |- C C’ P : PNAME COM

ENV


OCT 13, 2005


…still more extensions: “First class” functions (=> function values: “closures”)

|- E E’ : VAR CLOSURE

Adding call-by-refence / pointers / arrays / … (=> abstract locations / “the environment-store model”):

|- <E,> <E’,’> : VAR LOC : LOC VAL

Adding pointer arithmetic / “address-of” / …(=> phys. locations / addresses):

|- <E,> <E’,’> : VAR ADDR : ADDR VAL

…


OCT 13, 2005

Expressible / Denotable / Storeable Values

Expressible Values: Values of expressions (i.e., E = EVAL)

Denotable Values: Values of identifiers/variables (i.e. : VAR DVAL)

Storeable Values: Values in the store (i.e. : LOC SVAL)

Printable Values: Values in the output (i.e. PVAL*)


THE ENVIRONMENT-STORE MODEL


OCT 13, 2005

“The Environment-Store Model”

“The Environment-Store Model”: Introducing abstract locations:

Transitions: |- <E,> <E’,’>

x ℓ v

VAR LOC VAL

environment store

(x) ((x))x

: VAR LOC , : LOC VAL

env : doesn’t change w/ execstore: mutates with execution


OCT 13, 2005

Examples (C-like)

Pointers (for the C-hackers: :)

Static Semantics:

Dynamic Semantics:

ptr p = 0xCAFEBABE; // p LocZ 0xff is a location constant

int x = *p; // *p Z (since p LocZ)

[DER]

|- * E :

|- E : LOC

[DER2]

|- <* E,> <* E’,’>v = (ℓ)

|- <* ℓ,> <v,>v = (ℓ)

[DER1]

|- <E,> <E’,’>

#define ptr (int*)


OCT 13, 2005

Examples (cont’d)

Aliasing (similarly with call-by-reference):

Explicit allocation:

Explicit deallocation:

{ ptr p = malloc(1); // p LocZ

*p = 42; // side-effecting: ’ = [ℓ=42]} // ℓ, but is an “inaccessible reference”(!)

ptr p = ...;free(p);// (p)=ℓ, but ℓ ; aka. “dangling reference”!

ptr q = p; // location aliasing: (p) = ℓ = (q)*p = 42; // side-effecting: ’ = [ℓ=42]// now *q also has the value 42: ((q)) is 42


OTHER SEMANTIC FORMALISMS


OCT 13, 2005

Operational Semantics

Operational Semantics:

Labelled Transition System: 0 = <z=x;x=y;y=z, [x=1,y=2,z=3]> 1 = <x=y;y=z, [x=1,y=2,z=1]> 2 = <y=z, [x=2,y=2,z=1]> 3 = result = [x=2,y=1,z=1]

Variations in step-sizes (small-step, big-step, …)

The meaning of a construct is specified by the computation it induces when it is executed on a machine. In particular, it is of interest how the effect of a computation is produced.

-- [Nielson & Nielson, “Semantics with Applications”, ’93]


OCT 13, 2005

Denotational Semantics

Denotational Semantics:

Describe everything as mathematical functions: [[ z=x;(x=y;y=z)]] =

[[ x=y;y=z ]] o [[ z=x ]] =[[ y=z ]] o [[ x=y ]] o [[ z=x ]] =s.s[y=s(z)] o s.s[x=s(y)] o s.s[z=s(x)] =s.s[x=s(y),y=s(x),z=s(x)]

Loops are expressed as fixed-points of rec’sive functors i.e., functions that takes functions as arguments

Meanings are modelled by mathematical objects that represent the effect of executing the constructs. Thus, only the effect is of interest, not how it is obtained.



OCT 13, 2005

Axiomatic Semantics

Axiomatic Semantics:

Partial correctness; Command C is partially correct wrt. a pre and a post-

condition if whenever the initial state fulfils the pre-condition and the program terminates, then the final state fulfils the post-condition.

{x=a,y=b} z=x;x=y;y=z {x=b,y=a}

Specific properties of the effect of executing the constructs are expressed as assertions. Thus, there may be aspects of the executions that are ignored.


{ pre } C { post }


</ SEMANTICS >


OCT 13, 2005

Program Relationship (Example c)

Program worldModel world

ConcreteAbstract

~

P

P’

M

M’

1. P ~ P’ ?2. abstract

3. M ~ M’ ?

4. relate

5. M ~ M’ !6. concretize7. P ~ P’ !


Next week: Revision Period ; then Exam

Good Luck!

Any Questions?


OCT 13, 2005

Note

Note on Structural Induction vs. Transitive 1-Step: You have only seen structural induction in the “shape” of C for 1-

step derivations where the induction hypothesis may be used to recompose insights according to 1-step SOS rules (not: * ’)

Solution: induction in the length of the derivation sequence

C LAUS B RABRAND S EMANTICS (Q1,’05) O CT 13, 2005 C LAUS B RABRAND © 2005, University of Aarhus...

Documents

Transcript of C LAUS B RABRAND S EMANTICS (Q1,’05) O CT 13, 2005 C LAUS B RABRAND © 2005, University of Aarhus...