860 likes | 983 Views
Program Analysis and Verification 0368- 4479 http://www.cs.tau.ac.il/~maon/teaching/2013-2014/paav/paav1314b.html. Noam Rinetzky Lecture 3: Program Semantics. Slides credit: Roman Manevich , Mooly Sagiv , Eran Yahav. Good manners. Mobiles. Admin. Grades
E N D
Program Analysis and Verification 0368-4479http://www.cs.tau.ac.il/~maon/teaching/2013-2014/paav/paav1314b.html Noam Rinetzky Lecture 3: Program Semantics Slides credit: Roman Manevich, MoolySagiv, EranYahav
Good manners • Mobiles
Admin • Grades • First home assignment will be published on Tuesday. • Due lesson 5 • Scribes (this week) • Scribes (next week)
Today • Operational semantics • Advanced features • Traces semantics • Denotational Semantics
What do we mean? שלום syntax semantics
What do we mean? P P: x7 syntax semantics
Why formal semantics? • Implementation-independent definition of a programming language • Automatically generating interpreters (and some day maybe full fledged compilers) • Verification and debugging • if you don’t know what it does, how do you know its incorrect?
Programming Languages • Syntax • “how do I write a program?” • BNF • “Parsing” • Semantics • “What does my program mean?” • …
Program semantics • State-transformer • Set-of-states transformer • Trace transformer • Predicate-transformer • Functions • …
What semantics do we want? • Captures the aspects of computations we care about • “adequate” • Hides irrelevant details • “fully abstract” • Compositional
A simple imperative language: While Abstract syntax: a ::= n | x | a1+a2 | a1a2 | a1–a2 b ::=true|false|a1=a2|a1a2|b|b1b2 S::=x:=a | skip | S1;S2| ifbthenS1elseS2 | whilebdoS
Syntactic categories n Num numerals x Var program variables a Aexp arithmetic expressions b Bexp boolean expressions S Stm statements
Semantic categories ZIntegers {0, 1, -1, 2, -2, …} T Truth values {ff, tt} StateVar Z Example state: s=[x5, y7, z0] Lookup: s x = 5 Update: s[x6] = [x6, y7, z0]
Semantics of expressions • Arithmetic expressions are side-effect free • Semantic functionA Aexp : State Z • Defined by induction on the syntax tree A n s = n A x s = s x A a1 + a2 s = A a1 s + A a2 s A a1 - a2 s = A a1 s - A a2 s A a1*a2 s = A a1 s A a2 s A (a1) s = A a1 s --- not needed A - a s = 0 - A a1 s • Compositional • Properties can be proved by structural induction • Similarly for Boolean expressions
Operational Semantics (Recap)
Operational Semantics The meaning of a program in the language is explained in terms of a hypothetical computer which performs the set of actions which constitute the elaboration of that program. [Algol68, Section 2]
Operational Semantics It is all very well to aim for a more ‘abstract’ and a ‘cleaner’ approach to semantics, but if the plan is to be any good, the operational aspects cannot be completely ignored. [Scott70]
Operational semantics • Concerned with how to execute programs • How statements modify state • Define transition relation between configurations • Two flavors • Structural operational semantics: describes how the individual steps of a computations take place • So-called “small-step” semantics • Natural semantics: describes how the overallresults of executions are obtained • So-called “big-step” semantics
Structural operating semantics (SOS) S, s S’, s’ first step • aka “Small-step semantics”
Structural operational semantics first step • Developed by Gordon Plotkin [TR 1981] • Configurations: has one of two forms: S, s Statement S is about to execute on state s s Terminal (final) state • Transitions S, s • = S’, s’ Execution of S from s is not completed and remaining computation proceeds from intermediate configuration • = s’ Execution of S from s has terminated and the final state is s’ • S, s is stuck if there is no such that S, s
Structural semantics for While x:=a, ss[xAas] [asssos] skip, ss [skipsos] S1, sS1’, s’ S1; S2, sS1’; S2, s’ S1, ss’ S1; S2, sS2, s’ [comp1sos] [comp2sos] if bthenS1elseS2, sS1, s if bthenS1elseS2, sS2, s • if B b s = tt • if B b s = ff [ifttsos] [ifffsos]
Derivation sequences • A derivation sequence of a statement S starting in state s is either • A finite sequence 0, 1, 2 …, k such that • 0 = S, s • i i+1 • k is either stuck configuration or a final state • An infinitesequence 0, 1, 2, … such that • 0 = S, s • i i+1 • Notations: • 0 k k 0 derives k in k steps • 0 * 0 derives in a finite number of steps
Natural operating semantics (NS) S, s s’ all steps • aka “Large-step semantics”
Natural operating semantics • Developed by Gilles Kahn [STACS 1987] • Configurations S, s Statement S is about to execute on state s s Terminal (final) state • Transitions S, s s’ Execution of S from s will terminate with the result state s’ • Ignores non-terminating computations
Natural operating semantics side condition premise conclusion S1, s1 s1’, … , Sn, sn sn’ S, s s’ if… defined by rules of the form The meaning of compound statements is defined using the meaning immediate constituent statements
Natural semantics for While x := a, ss[x Aas] [assns] axioms skip, ss [skipns] S1, ss’, S2, s’s’’S1; S2, s s’’ [compns] S1, ss’ if bthenS1elseS2, ss’ S2, ss’ if bthenS1elseS2, ss’ • if B b s = tt • if B b s = ff [ifttns] [ifffns]
Derivation trees • Using axioms and rules to derive a transition S, s s’ gives a derivation tree • Root: S, s s’ • Leaves: axioms • Internal nodes: conclusions of rules • Immediate children: matching rule premises
Evaluation via derivation sequences • For any While statement S and state s it is always possible to find at least one derivation sequence from S, s • Apply axioms and rules forever or until a terminal or stuck configuration is reached • Proposition: there are no stuck configurations in While
The semantic function Ssos • S: What a statement S means to the context: P[S] • S1 = x:=x+2 • S2= x:=x+1 ; x:=x+1 • P[S] = z:=x; S; y:=x; s’ if S, s* s’undefined otherwise SsosS s = • The meaning of a statement S is defined as a partial function from State to StateSsos: Stm (State State) • Examples: Ssosskip s = s Ssosx:=1 s = s [x 1] Ssoswhile true do skip s = undefined
The semantic function Sns s’ if S, s s’undefined otherwise SnsS s = • The meaning of a statement S is defined as a partial function from State to StateSns: Stm (State State) • Examples: Snsskips = s Snsx:=1s = s [x 1] Snswhile true do skips = undefined
An equivalence result • S1 and S2 are semantically equivalent if for all s and s’ S1, s s’ if and only if S2, s s’ • Same semantics • SOS and NS • For every statement in WhileSnsS = SsosS • Proof in pages 40-43
Semantic equivalence • S1 and S2 are semantically equivalent if for all s and s’ S1, s s’ if and only if S2, s s’ • Simple examplewhilebdoSis semantically equivalent to:ifbthen (S; whilebdoS) else skip • Read proof in pages 26-27
Structural semantics for while while bdoS, s ifbthenS; while bdoS) else skip, s [whilesos]
Natural semantics for While Non-compositional S, s s’, while bdoS, s’s’’while bdoS, ss’’ while bdoS, ss • if B b s = ff • if B b s = tt [whilettns] [whileffns]
Comparing semantics • The natural semantics cannot describe looping executions • Every execution is represented by a finite derivation tree • The structural operational semantics can describe both • Looping executions have infinite derivation sequences • Every step in the derivation sequence is justified by a finite derivation tree • Terminating executions have a finite one
What is a semanticsgood for? • Allows to “evaluate” a program • Properties of programming language semantics holds for all programs …
What is a semanticsgood for? • Allows to “evaluate” a program • Properties of programming language semantics holds for all programs … • NS: more abstract • Fewer rules, top-down interpreter, simpler proofs • SOS: more “accurate” • Order of evaluation, non-termination
Operational Semantics (paceR)
Operational Semantics (Extended language)
Language Extensions • abort statement (like C’s exit w/o return value) • Non-determinism • Parallelism • Local Variables • Procedures • Static Scope • Dynamic scope
While + abort • Abstract syntax S::=x:=a | skip | S1; S2| ifbthenS1elseS2 | whilebdoS|abort • Abort terminates the execution • In “skip; S” the statement S executes • In “abort; S” the statement S should never execute • Natural semantics rules: …? • Structural semantics rules: …?
Comparing semantics • The natural semantics cannot distinguish between looping and abnormal termination • Unless we add a special error state • The structural operational semantics can distinguish • looping is reflected by infinite derivations and abnormal termination is reflected by stuck configuration
While + non-determinism • Abstract syntax S::=x:=a | skip | S1; S2| ifbthenS1elseS2 | whilebdoS|S1orS2 • Either S1 is executed or S2 is executed • Example: x:=1 or (x:=2; x:=x+2) • Possible outcomes for x: 1 and 4
While + non-determinism:natural semantics S1, s s’S1orS2, s s’ S2, s s’S1orS2, s s’ [or1ns] [or2ns]
While + non-determinism:structural semantics [or1sos] [or2sos] ? ?
While + non-determinism • What about the definitions of the semantic functions? • Sns S1orS2 s • Ssos S1orS2 s
Comparing semantics • In the natural semantics non-determinism will suppress non-termination (looping) if possible • In the structural operational semantics non-determinism does not suppress non-terminating statements
While + parallelism Abstract syntaxS::=x := a | skip | S1; S2| ifbthenS1elseS2 | whilebdoS|S1S2 • All the interleaving of S1 and S2 are executed • Example: x:=1 (x:=2; x:=x+2) • Possible outcomes for x: 1, 3, 4
While + parallelism:structural semantics S1, sS1’, s’ S1S2, sS1’S2, s’ S1, ss’S1S2, sS2, s’ S2, sS2’, s’ S1S2, sS1S2’, s’ S2, ss’S1S2, sS1, s’ [par1sos] [par2sos] [par3sos] [par4sos]