Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.
-
Upload
ashlynn-bennett -
Category
Documents
-
view
213 -
download
0
Transcript of Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.
![Page 1: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/1.jpg)
Hop Operational SemanticsParis, February 23rd
Tamara Rezk
Indes Team, INRIA
![Page 2: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/2.jpg)
Hop Multi-tiers compiler
HOP multi-tiers compiler
Input: a web application written in a single homogenous language
scheme code and protocols over html (server code)
javascript (client code)SQL (server)
![Page 3: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/3.jpg)
A precise Hop specification
• specifications are used to understand the meaning of programs
• In this lecture: a precise (mathematical) specification of the Hop programming language by means of operational semantics
Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct? (Dana Scott 1969)
![Page 4: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/4.jpg)
Formal Semantics
• Denotational Semantics: programs are partial functions mapping initial states to final states (Strachey-Scott, domain theory)
Dana Scott, Turing Award 76
Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct?
![Page 5: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/5.jpg)
Formal Semantics
• Axiomatic Semantics: programs are given specifications in e.g. first order logic and can be proven correct with respect to their spec. in the logic
Tony Hoare, Turing Award 80
“There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.”
![Page 6: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/6.jpg)
Formal Semantics
• Structural Operational Semantics (also called “Transition semantics” or “small-step semantics”) Execution of a program can be foramlized as a sequence of configurations
Gordon Plotkin
![Page 7: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/7.jpg)
Structural Operational Semantics
• Abstract grammar of the language
• Configurations and states
• Transition relation
![Page 8: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/8.jpg)
Hop abstract grammar
(Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)
![Page 9: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/9.jpg)
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM) aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
![Page 10: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/10.jpg)
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM)aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
![Page 11: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/11.jpg)
Hop abstract grammar
(Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)
![Page 12: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/12.jpg)
1.Scheme abstract grammar
program or expression
e :: = x | w | (e0 e1) | (set! x e )
values
w:: = (lambda (x) e) | i | ( )
![Page 13: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/13.jpg)
Scheme abstract grammar
program or expression
e :: = x | w | (e0 e1) | (set! x e )values
w:: = (lambda (x) e) | i | ( )
Example programs: (lambda (z) (lambda (y) (set! y z))) ((lambda (z) ((lambda (y) (set! y z)) 2)) 3)(lambda (z) ((lambda (y) (set! y z)) 2))
![Page 14: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/14.jpg)
Structural Operational Semantics
• Abstract grammar of the language
• Configurations and states
• Transition relation
![Page 15: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/15.jpg)
Scheme configurations
Abstract grammar:
e :: = x | w | (e0 e1) | (set! x e )w:: = (lambda (x) e) | i | ( )
Configurations are of the form: < e , μ >e expression μ environment or store, mapping variables to values
![Page 16: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/16.jpg)
Scheme configurations
Configurations are of the form: < e , μ >e expression μ environment or store, mapping variables to values
Example of configuration:
< (set! x 3), { x 2, z 4} >
![Page 17: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/17.jpg)
Scheme configurations
μ environment or store, mapping variables to values
In the store we will consider:
local variables (defined by lambda expressions)
global variables (already defined in the store before execution, in scheme #define )
![Page 18: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/18.jpg)
Structural Operational Semantics
• Abstract grammar of the language
• Configurations and states
• Transition relation
![Page 19: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/19.jpg)
The operational semantics is defined by a transition system (configurations, ).
The transition relation is defined by a set of semantics rules of the form:
constraints
_______________________
<conf0 > < conf1>
Transition relation
![Page 20: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/20.jpg)
y not in dom(μ )_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Transition relation
e :: = x | w | (e0 e1) | (set! x e )
w:: = (lambda (x) e) | i | ( )
![Page 21: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/21.jpg)
μ (y ) = w_______________________
< y , μ > <w , μ >
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
![Page 22: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/22.jpg)
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Example of execution with 2 steps:<((lambda (x) x) 2), {z ->3} > < x{y/x}, {z ->3 , y -> 2} > < 2, {z ->3 , y -> 2} >
![Page 23: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/23.jpg)
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Exercise: give an execution for
<( (lambda (z) (lambda (y) y)) 2), {z -> 2}>
![Page 24: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/24.jpg)
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
This rule is not enough: what happens if we want to reduce an application (e e’) where e’ is not a value?
((lambda (z) z) ((lambda (z) z) 3) )
We need to define contextual rules!!
![Page 25: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/25.jpg)
Evaluation contextsE ::= [] | (E e) | (w E) | (set! x E)
((lambda (z) z) ((lambda (z) z) 3) )In this example:E = ((lambda (z) z) [] )
y not in dom(μ )_______________________
<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >
![Page 26: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/26.jpg)
Evaluation contextsE ::= [] | (E e) | (w E) | (set! x E)
<((lambda (z) z) ((lambda (z) z) 3) ), {z 2} > <((lambda (z) z) y), {z 2, y 3} > <((lambda (z) z) 3), {z 2, y 3} > <((lambda (z) z) 3), {z 2, y 3, x 3} > < x, {z 2, y 3, x 3} < 3, {z 2, y 3, x 3}
y not in dom(μ )_______________________
<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >
![Page 27: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/27.jpg)
μ (y ) = w_______________________
< E[y] , μ > <E[w] , μ >
Transition relation for Scheme subset y not in dom(μ )_______________________
<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >
x in dom(μ)_______________________
< E[(set! x w)] , μ > <E[()] , μ[x-> w] >
![Page 28: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/28.jpg)
ExercisesFind executions for the following programs starting with store { z -> 5}
1. (set! z 3)
2. (((lambda (z) (lambda (y) (set! y z))) 2) 3)
3. ((lambda (z) ((lambda (y) (set! y z))) 2) 3)
4. (((lambda (x) (lambda (y) (set! x z))) 2) 3)
5. (set! z ((lambda (y) y) 2))
![Page 29: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/29.jpg)
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM) aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
![Page 30: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/30.jpg)
Hop distribution: Abstract grammar
![Page 31: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/31.jpg)
Hop distribution: Abstract grammar
![Page 32: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/32.jpg)
Hop distribution: Abstract grammar
![Page 33: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/33.jpg)
Hop distribution: Abstract grammar
![Page 34: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/34.jpg)
Hop distribution: Abstract grammar
![Page 35: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/35.jpg)
Hop distribution: Abstract grammar
E ::= [] | (E S) | (w E) | (set! x E) | (with-hop E s) | (with-hop w E)
![Page 36: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/36.jpg)
Distribution aspects server/client
![Page 37: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/37.jpg)
Core Hop configuration
![Page 38: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/38.jpg)
Core Hop configuration
![Page 39: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/39.jpg)
Core Hop configuration
![Page 40: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/40.jpg)
Core Hop configuration
![Page 41: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/41.jpg)
Core Hop configuration
![Page 42: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/42.jpg)
Core Hop configuration
![Page 43: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/43.jpg)
Core Hop configuration
![Page 44: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/44.jpg)
Transition relation: service definition
![Page 45: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/45.jpg)
INIT rule
• When a client enter a URL in a browser, the service bound to the URL will be invoked;
Bound url
New server thread
New client instance
![Page 46: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/46.jpg)
Hop Compilation + Init and Invoke rule
46
ServerBytecode
ServerBytecode
ServerBytecode
ServerBytecode
HTML
CSS
JS
Client code
compiler
Client code
compiler
HTTP
Invoke
Access URLs
Server code
compiler
Server code
compiler
Generate
Code InjectionPrevention
Code InjectionPrevention
MashicCompilerMashic
Compiler
URL
URL
URL
URL
![Page 47: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/47.jpg)
Transition relation: service invocation
![Page 48: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/48.jpg)
Transition relation: service invocation
exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))) . Find a (partial) execution for s
![Page 49: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/49.jpg)
Transition relation: service return
![Page 50: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/50.jpg)
Transition relation: service invocation
![Page 51: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/51.jpg)
Service return
![Page 52: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/52.jpg)
Service return
exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))). Find an execution for sLet s be (service (z) ((lambda (y) y) 2)) . Find an execution for sLet s be (service (z) ~((lambda (y) y) 2)) . Find an execution for s
![Page 53: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/53.jpg)
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM) aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
![Page 54: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/54.jpg)
![Page 55: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/55.jpg)
HOP and DOM: Syntax
![Page 56: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/56.jpg)
DOM: core Hop modified rules
![Page 57: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/57.jpg)
Operation on DOM and contexts
![Page 58: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/58.jpg)
![Page 59: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/59.jpg)
HTML tags
![Page 60: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/60.jpg)
DOM Operations
![Page 61: Hop Operational Semantics Paris, February 23 rd Tamara Rezk Indes Team, INRIA.](https://reader035.fdocuments.us/reader035/viewer/2022062721/56649f1f5503460f94c37067/html5/thumbnails/61.jpg)
Example