1 / 56

Spring 2014 Program Analysis and Verification Lecture 2: Operational Semantics I

Learn about formal semantics in programming and how it aids in defining program behavior accurately and ensuring correctness through various abstraction levels and analysis methods.

awhitley
Download Presentation

Spring 2014 Program Analysis and Verification Lecture 2: Operational Semantics I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spring 2014Program Analysis and Verification Lecture 2: Operational Semantics I Roman Manevich Ben-Gurion University

  2. Syllabus

  3. http://www.daimi.au.dk/~bra8130/Wiley_book/wiley.html

  4. Today What is semantics and what is it useful for? Natural operational semantics pages 19-32 Structural operational semantics pages 32-50

  5. What is formal semantics? “Formal semantics is concerned with rigorously specifying the meaning, or behavior, of programs, pieces of hardware, etc.” / page 1

  6. What is formal semantics? • “This theory allows a program to be manipulated like a formula –that is to say, its properties can be calculated.”GérardHuet & Philippe Flajolet homageto Gilles Kahn

  7. Why formal semantics? • Implementation-independent definition of a programming language • Automatically generating interpreters (and some day maybe full fledged compilers) • Verification and debugging • if you don’t know what it does, how do you know its incorrect?

  8. Levels of abstractions and applications Static Analysis(abstract semantics)  Program Semantics  Assembly-level Semantics(Small-step)

  9. Semantic description methods Today Next lecture Not in this course Used for verification Concepts that will be introduced even later • Operational semantics • Natural semantics (big step) [G. Kahn] • Structural semantics (small step) [G. Plotkin] • Denotational semantics [D. Scott, C. Strachy] • Axiomatic semantics [C. A. R. Hoare, R. Floyd] • Trace semantics • Collecting semantics • [Instrumented semantics]

  10. The while language

  11. Syntactic categories n Num numerals x Var program variables a Aexp arithmetic expressions b Bexp boolean expressions S Stm statements

  12. A simple imperative language: While Concrete syntax: a ::= n | x | a1+a2 | a1a2 | a1–a2 b ::=true|false|a1=a2|a1a2|b|b1b2 S::=x:=a | skip | S1;S2| ifbthenS1elseS2 | whilebdoS

  13. Exercise: draw a derivation tree y:=1; while (x=1) do (y:=y*x; x:=x-1) S S ; S

  14. Concrete syntax may be ambiguous z:=x; x:=y; y:=z S S S ; S S ; S z := a S ; S S ; S y := a x y := a x := a x := a z := a z z y y x z:=x; (x:=y; y:=z) (z:=x; x:=y); y:=z

  15. A simple imperative language: While n a b l r Abstract syntax: Notation: n[la,rb] – a node labeled with n and two children l and r. The children may be labeled to indicate their role for easier reading a ::= n | x | + [a1, a2] |  [a1, a2] | –[a1, a2] b ::=true|false|=[a1, a2] |[ a1, a2] | [b] |[b1, b2] S::=:=[x,a] | skip | ;[S1,S2]| if[b, S1then, S2else] | while[bcondition,Sbody]

  16. Exercise: draw an AST y:=1; while (x=1) do (y:=y*x; x:=x-1) ; := while

  17. Semantic values

  18. Semantic categories ZIntegers {0, 1, -1, 2, -2, …} T Truth values {ff, tt} StateVar Z Example state:  =[x5, y7, z0] Lookup: x = 5 Update: [x6] = [x6, y7, z0]

  19. Example state manipulations [x1, y7, z16] y = [x1, y7, z16] t = [x1, y7, z16][x5] = [x1, y7, z16][x5] x = [x1, y7, z16][x5] y =

  20. Semantics of expressions

  21. Semantics of arithmetic expressions • Arithmetic expressions are side-effect free • Semantic functionA  Aexp  : State Z • Defined by induction on the syntax tree A  n   = n A  x   =  x A  a1 + a2   = A  a1   + A  a2   A  a1 - a2   = A  a1   - A  a2   A  a1*a2   = A  a1  A  a2   A  (a1)   = A  a1   --- not needed A  - a  = 0 - A  a1   • Compositional • Properties can be proved by structural induction

  22. Arithmetic expression exercise Suppose  x = 3 Evaluate A x+1 

  23. Semantics of boolean expressions • Boolean expressions are side-effect free • Semantic functionB  Bexp  : State T • Defined by induction on the syntax tree B  true   = tt B  false   = ff B  a1 = a2  = B  a1a2   = B  b1b2   = B   b   =

  24. Operational semantics

  25. Operational semantics • Concerned with how to execute programs • How statements modify state • Define transition relation between configurations • Two flavors • Natural semantics: describes how the overallresults of executions are obtained • So-called “big-step” semantics • Structural operational semantics: describes how the individual steps of a computations take place • So-called “small-step” semantics

  26. Big Step (natural)Semantics S,  ’ By Luke (personally authorized right to use this image), via Mighty Optical Illusions

  27. Natural operating semantics • Developed by Gilles Kahn [STACS 1987] • Configurations S,  Statement S is about to execute on state   Terminal (final) state • Transitions S,  ’ Execution of S from  will terminate with the result state ’ • Ignores non-terminating computations

  28. Natural operating semantics side condition premise conclusion S1, 1 1’, … , Sn, n n’ S,  ’ if…  defined by rules of the form The meaning of compound statements is defined using the meaning immediate constituent statements

  29. Natural semantics for While x := a,  [x Aa] [assns] axioms skip,  [skipns] S1, ’, S2, ’’’S1; S2,   ’’ [compns] S1, ’ if bthenS1elseS2, ’ S2, ’ if bthenS1elseS2, ’ • if B b  = tt • if B b  = ff [ifttns] [ifffns]

  30. Natural semantics for While Non-compositional S,   ’, while bdoS, ’’’while bdoS, ’’ while bdoS,  • if B b  = ff • if B b  = tt [whilettns] [whileffns]

  31. Executing the semantics

  32. Example • 0[x1] • x:=x+1, 0 • skip, 00 skip, 00, x:=x+1, 0 0[x1]skip; x:=x+1, 00[x1]  x:=x+1, 00[x1]ifx=0 then x:=x+1 else skip, 00[x1] Let  0 be the state which assigns zero to all program variables

  33. Derivation trees • Using axioms and rules to derive a transition S,  ’ gives a derivation tree • Root: S,  ’ • Leaves: axioms • Internal nodes: conclusions of rules • Immediate children: matching rule premises

  34. Derivation tree example 1 [assns] [assns] • z:=x, 01 • x:=y, 12 [compns] [assns] • (z:=x; x:=y), 02 • y:=z, 23 [compns] • (z:=x; x:=y); y:=z, 03 Assume 0=[x5, y7, z0]1=[x5, y7, z5]2=[x7, y7, z5]3=[x7, y5, z5]

  35. Derivation tree example 1 [assns] [assns] • z:=x, 01 • x:=y, 12 [compns] [assns] • (z:=x; x:=y), 02 • y:=z, 23 [compns] • (z:=x; x:=y); y:=z, 03 Assume 0=[x5, y7, z0]1=[x5, y7, z5]2=[x7, y7, z5]3=[x7, y5, z5]

  36. Top-down evaluation via derivation trees • Given a statement S and an input state find an output state ’ such that S, ’ • Start with the root and repeatedly apply rules until the axioms are reached • Inspect different alternatives in order • In While ’ and the derivation tree is unique

  37. Top-down evaluation example [assns] [assns] x:=x-1, [y 2]   y:=y*x, [y 1]   [y 2] [y 2][x1] [compns] [whileffns] y:=y*x; x:=x-1, [y 1]   [y 2][x1] W, [y 2][x1]  [y 2, x 1] [assns] [whilettns] y:=1,   [y 1] W, [y 1]  [y 2, x 1] [compns] y:=1; while (x=1) do (y:=y*x; x:=x-1),   [y 2][x1] Factorial program with x = 2 Shorthand: W=while (x=1) do (y:=y*x; x:=x-1)

  38. Properties of natural semantics

  39. Program termination • Given a statement S and input  • Sterminates on s if there exists a state ’ such that S,  ’ • S loops on s if there is no state ’ such thatS,  ’ • Given a statement S • Salways terminates iffor every input state , S terminates on  • Salways loops iffor every input state , S loops on 

  40. Semantic equivalence • S1 and S2 are semantically equivalent if for all  and ’ S1,  ’ if and only if S2,  ’ • Simple examplewhilebdoSis semantically equivalent to:ifbthen (S; whilebdoS) else skip • Read proof in pages 26-27

  41. Properties of natural semantics • Equivalence of program constructs • skip; skip is semantically equivalent to skip • ((S1; S2); S3) is semantically equivalent to(S1; (S2; S3)) • (x:=5; y:=x*8) is semantically equivalent to (x:=5; y:=40)

  42. Equivalence of (S1; S2); S3 and S1; (S2; S3)

  43. Equivalence of (S1; S2); S3 and S1; (S2; S3) Assume (S1; S2); S3,    ’ then the following unique derivation tree exists: S1, s  1, S2, 1  12 (S1; S2),   12, S3, 12  ’ (S1; S2); S3,   ’ Using the rule applications above, we can construct the following derivation tree: S2, 1  12, S3, 12  ’ S1,   1, (S2; S3), 12  ’ (S1; S2); S3,   ’ And vice versa.

  44. Deterministic semantics for While single node #nodes>1 • Theorem: for all statements S and states 1, 2 if S,  1and S,  2 then 1= 2 • The proof uses induction on the shape of derivation trees (pages 29-30) • Prove that the property holds for all simple derivation trees by showing it holds for axioms • Prove that the property holds for all composite trees: • For each rule assume that the property holds for its premises (induction hypothesis) and prove it holds for the conclusion of the rule

  45. The semantic function Sns ’ if S,  ’undefined else SnsS  = • The meaning of a statement S is defined as a partial function from State to StateSns: Stm (State State) • Examples: Snsskip =  Snsx:=1 = [x 1] Snswhile true do skip = undefined

  46. Small Step Semantics S,   first step By Astronaut David R. Scott, Apollo 15 commander. [Public domain], via Wikimedia Commons

  47. Structural operational semantics first step • Developed by Gordon Plotkin • Configurations:  has one of two forms: S,  Statement S is about to execute on state   Terminal (final) state • Transitions S,   • = S’, ’ Execution of S from  is not completed and remaining computation proceeds from intermediate configuration  • = ’ Execution of S from  has terminatedand the final state is ’ • S,  is stuck if there is no  such that S,  

  48. Structural semantics for While x:=a, [xAa] [asssos] skip,  [skipsos] S1, S1’, ’ S1; S2, S1’; S2, ’ S1, ’ S1; S2, S2, ’ [comp1sos] [comp2sos] When does this happen? if bthenS1elseS2, S2,  if bthenS1elseS2, S1,  • if B b  = tt • if B b  = ff [ifttsos] [ifffsos]

  49. Structural semantics for While while bdoS,  ifbthenS; while bdoS) else skip,  [whilesos]

  50. Executing structural operational semantics

More Related