Compilation 0368-3133 2014/15a Lecture 8 IR for Procedure calls + Optimizations Noam Rinetzky 1.
Noam Rinetzky Lecture 3: Program Semantics
description
Transcript of Noam Rinetzky Lecture 3: Program Semantics
![Page 1: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/1.jpg)
Program Analysis and Verification
0368-4479http://www.cs.tau.ac.il/~maon/teaching/2013-2014/paav/paav1314b.html
Noam Rinetzky
Lecture 3: Program Semantics
Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav
![Page 2: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/2.jpg)
2
Good manners
• Mobiles
![Page 3: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/3.jpg)
3
Admin
• Grades– First home assignment will be published on Tuesday.
• Due lesson 5
Scribes (this week)? Scribes (next week)
![Page 4: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/4.jpg)
4
Today
• Operational semantics– Advanced features
• Traces semantics
• Denotational Semantics
![Page 5: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/5.jpg)
5
What do we mean?
שלום
syntax semantics
![Page 6: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/6.jpg)
6
What do we mean?
Psyntax semantics
P: x7
![Page 7: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/7.jpg)
7
Why formal semantics?
• Implementation-independent definition of a programming language
• Automatically generating interpreters (and some day maybe full fledged compilers)
• Verification and debugging– if you don’t know what it does, how do you know
its incorrect?
![Page 8: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/8.jpg)
8
Programming Languages
• Syntax • “how do I write a program?”
– BNF– “Parsing”
• Semantics • “What does my program mean?”
– …
![Page 9: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/9.jpg)
9
Program semantics
• State-transformer– Set-of-states transformer– Trace transformer
• Predicate-transformer• Functions• …
![Page 10: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/10.jpg)
10
What semantics do we want?
• Captures the aspects of computations we care about– “adequate”
• Hides irrelevant details– “fully abstract”
• Compositional
![Page 11: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/11.jpg)
11
A simple imperative language: WhileAbstract syntax:
a ::= n | x | a1 + a2 | a1 a2 | a1 – a2
b ::= true | false| a1 = a2 | a1 a2 | b | b1 b2
S ::= x := a | skip | S1; S2| if b then S1 else S2
| while b do S
![Page 12: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/12.jpg)
12
Syntactic categories
n Num numeralsx Var program variablesa Aexp arithmetic expressionsb Bexp boolean expressionsS Stm statements
![Page 13: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/13.jpg)
13
Semantic categories
Z Integers {0, 1, -1, 2, -2, …}TTruth values {ff, tt}State Var Z
Example state: s=[x5, y7, z0]Lookup: s x = 5Update: s[x6] = [x6, y7, z0]
![Page 14: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/14.jpg)
14
Semantics of expressions
• Arithmetic expressions are side-effect free– Semantic function A Aexp : State Z– Defined by induction on the syntax tree
A n s = nA x s = s xA a1 + a2 s = A a1 s + A a2 sA a1 - a2 s = A a1 s - A a2 sA a1 * a2 s = A a1 s A a2 s A (a1) s = A a1 s --- not neededA - a s = 0 - A a1 s
– Compositional– Properties can be proved by structural induction
• Similarly for Boolean expressions
![Page 15: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/15.jpg)
Operational Semantics
(Recap)
![Page 16: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/16.jpg)
Operational Semantics
The meaning of a program in the language is explained in terms of a hypothetical computer which performs the set of actions which constitute the elaboration of that program.
[Algol68, Section 2]
![Page 17: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/17.jpg)
Operational Semantics
It is all very well to aim for a more ‘abstract’ and a ‘cleaner’ approach to semantics, but if the plan is to be any good, the operational aspects cannot be completely ignored.
[Scott70]
![Page 18: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/18.jpg)
18
Operational semantics
• Concerned with how to execute programs– How statements modify state– Define transition relation between configurations
• Two flavors– Structural operational semantics: describes how
the individual steps of a computations take place• So-called “small-step” semantics
– Natural semantics: describes how the overall results of executions are obtained• So-called “big-step” semantics
![Page 19: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/19.jpg)
19
Structural operating semantics (SOS)
• aka “Small-step semantics”
S, s S’, s’
first step
![Page 20: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/20.jpg)
20
Structural operational semantics• Developed by Gordon Plotkin [TR 1981]• Configurations: has one of two forms:
S, s Statement S is about to execute on state ss Terminal (final) state
• Transitions S, s = S’, s’ Execution of S from s is not completed and
remaining computation proceeds from intermediate configuration
= s’ Execution of S from s has terminated and the final state is s’
• S, s is stuck if there is no such that S, s
first step
![Page 21: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/21.jpg)
21
Structural semantics for While x:=a, s s[xAas][asssos]
skip, s s[skipsos]
S1, s S1’, s’ S1; S2, s S1’; S2, s’ [comp1
sos]
if b then S1 else S2, s S1, s if B b s = tt[ifttsos]
if b then S1 else S2, s S2, s if B b s = ff[ifffsos]
S1, s s’ S1; S2, s S2, s’ [comp2
sos]
![Page 22: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/22.jpg)
22
Derivation sequences• A derivation sequence of a statement S starting in state s is either• A finite sequence 0, 1, 2 …, k such that
1. 0 = S, s2. i i+1
3. k is either stuck configuration or a final state
• An infinite sequence 0, 1, 2, … such that1. 0 = S, s2. i i+1
• Notations:– 0 k k 0 derives k in k steps– 0 * 0 derives in a finite number of steps
![Page 23: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/23.jpg)
23
Natural operating semantics (NS)
• aka “Large-step semantics”
S, s s’
all steps
![Page 24: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/24.jpg)
24
Natural operating semantics
• Developed by Gilles Kahn [STACS 1987]• Configurations
S, s Statement S is about to execute on state ss Terminal (final) state
• TransitionsS, s s’ Execution of S from s will terminate
with the result state s’– Ignores non-terminating computations
![Page 25: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/25.jpg)
25
Natural operating semantics
• defined by rules of the form
• The meaning of compound statements is defined using the meaning immediate constituent statements
S1, s1 s1’, … , Sn, sn sn’
S, s s’
if…
premise
conclusion
side condition
![Page 26: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/26.jpg)
26
Natural semantics for While x := a, s s[x Aas][assns]
skip, s s[skipns]
S1, s s’, S2, s’ s’’S1; S2, s s’’ [compns]
S1, s s’ if b then S1 else S2, s s’
if B b s = tt[ifttns]
S2, s s’ if b then S1 else S2, s s’
if B b s = ff[ifffns]
axioms
![Page 27: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/27.jpg)
27
Derivation trees
• Using axioms and rules to derive a transition S, s s’ gives a derivation tree– Root: S, s s’– Leaves: axioms– Internal nodes: conclusions of rules• Immediate children: matching rule premises
![Page 28: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/28.jpg)
28
Evaluation via derivation sequences
• For any While statement S and state s it is always possible to find at least one derivation sequence from S, s– Apply axioms and rules forever or until a terminal
or stuck configuration is reached• Proposition: there are no stuck configurations
in While
![Page 29: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/29.jpg)
29
The semantic function Ssos
• The meaning of a statement S is defined as a partial function from State to State
Ssos: Stm (State State)
• Examples:Ssos skip s = sSsos x:=1 s = s [x 1]Ssos while true do skip s = undefined
Ssos S s = s’ if S, s * s’ undefined otherwise
S: What a statement S means to the context: P[S]• S1 = x:=x+2• S2 = x:=x+1 ; x:=x+1• P[S] = z:=x; S; y:=x;
![Page 30: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/30.jpg)
30
The semantic function Sns
• The meaning of a statement S is defined as a partial function from State to State
Sns: Stm (State State)
• Examples:Sns skips = sSns x:=1s = s [x 1]Sns while true do skips = undefined
Sns S s = s’ if S, s s’ undefined otherwise
![Page 31: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/31.jpg)
31
An equivalence result
• S1 and S2 are semantically equivalent if for all s and s’ S1, s s’ if and only if S2, s s’– Same semantics
• SOS and NS– For every statement in While Sns S = Ssos S– Proof in pages 40-43
![Page 32: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/32.jpg)
32
While in WHILE
![Page 33: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/33.jpg)
33
Semantic equivalence
• S1 and S2 are semantically equivalent if for all s and s’ S1, s s’ if and only if S2, s s’
• Simple examplewhile b do Sis semantically equivalent to:if b then (S; while b do S) else skip– Read proof in pages 26-27
![Page 34: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/34.jpg)
34
Structural semantics for while
while b do S, s if b then
S; while b do S) else
skip, s
[whilesos]
![Page 35: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/35.jpg)
35
Natural semantics for While
S, s s’, while b do S, s’ s’’while b do S, s s’’
if B b s = tt[whilettns]
while b do S, s s if B b s = ff[whileffns]
Non-compositional
![Page 36: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/36.jpg)
Comparing semanticsStructuralsemantics
Naturalsemantics
Statement
abortabort; S
skip; S
if x = 0 then abort else y := y / x
• The natural semantics cannot describe looping executions‒ Every execution is represented by a finite derivation tree
• The structural operational semantics can describe both• Looping executions have infinite derivation sequences
• Every step in the derivation sequence is justified by a finite derivation tree
• Terminating executions have a finite one
![Page 37: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/37.jpg)
37
What is a semantics good for?
• Allows to “evaluate” a program
• Properties of programming language semantics holds for all programs …
![Page 38: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/38.jpg)
38
What is a semantics good for?
• Allows to “evaluate” a program
• Properties of programming language semantics holds for all programs …
• NS: more abstract– Fewer rules, top-down interpreter, simpler proofs
• SOS: more “accurate”– Order of evaluation, non-termination
![Page 39: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/39.jpg)
Operational Semantics
(paceR)
![Page 40: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/40.jpg)
Operational Semantics
(Extended language)
![Page 41: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/41.jpg)
41
Language Extensions
• abort statement (like C’s exit w/o return value)• Non-determinism• Parallelism• Local Variables• Procedures– Static Scope– Dynamic scope
![Page 42: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/42.jpg)
42
While + abort
• Abstract syntaxS ::= x := a | skip | S1; S2
| if b then S1 else S2
| while b do S| abort
• Abort terminates the execution– In “skip; S” the statement S executes– In “abort; S” the statement S should never execute
• Natural semantics rules: …?• Structural semantics rules: …?
![Page 43: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/43.jpg)
Comparing semanticsStructuralsemantics
Naturalsemantics
Statement
abortabort; S
skip; S
while true do skipif x = 0 then abort else y := y / x
• The natural semantics cannot distinguish between looping and abnormal termination‒ Unless we add a special error state
• The structural operational semantics can distinguish• looping is reflected by infinite derivations and abnormal
termination is reflected by stuck configuration
![Page 44: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/44.jpg)
44
While + non-determinism
• Abstract syntaxS ::= x := a | skip | S1; S2
| if b then S1 else S2
| while b do S| S1 or S2
• Either S1 is executed or S2 is executed• Example: x:=1 or (x:=2; x:=x+2)– Possible outcomes for x: 1 and 4
![Page 45: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/45.jpg)
45
While + non-determinism:natural semantics
S1, s s’S1 or S2, s s’[or1
ns]
S2, s s’S1 or S2, s s’[or2
ns]
![Page 46: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/46.jpg)
46
While + non-determinism:structural semantics
?[or1sos]
?[or2sos]
![Page 47: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/47.jpg)
47
While + non-determinism
• What about the definitions of the semantic functions?– Sns S1 or S2 s
– Ssos S1 or S2 s
![Page 48: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/48.jpg)
Comparing semanticsStructuralsemantics
Naturalsemantics
Statement
x:=1 or (x:=2; x:=x+2)
(while true do skip) or (x:=2; x:=x+2)
• In the natural semantics non-determinism will suppress non-termination (looping) if possible
• In the structural operational semantics non-determinism does not suppress non-terminating statements
![Page 49: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/49.jpg)
49
While + parallelism
Abstract syntaxS ::= x := a | skip | S1; S2| if b then S1 else S2
| while b do S| S1 S2
• All the interleaving of S1 and S2 are executed• Example: x:=1 (x:=2; x:=x+2)– Possible outcomes for x: 1, 3, 4
![Page 50: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/50.jpg)
50
While + parallelism:structural semantics
S1, s S1’, s’ S1S2, s S1’S2, s’ [par1
sos]
S1, s s’ S1S2, s S2, s’ [par2
sos]
S2, s S2’, s’ S1S2, s S1S2’, s’ [par3
sos]
S2, s s’ S1S2, s S1, s’ [par4
sos]
![Page 51: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/51.jpg)
51
While + parallelism:natural semantics
Challenge problem:Give a formal proof that this is in fact impossible.
Idea: try to prove on a restricted version of While without loops/conditions
![Page 52: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/52.jpg)
52
Example: derivation sequencesof a parallel statement
x:=1 (x:=2; x:=x+2), s
![Page 53: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/53.jpg)
53
While + Local Variables
• S ::= …| Let x := a in S
![Page 54: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/54.jpg)
54
Conclusion
• In the structural operational semantics we concentrate on small steps so interleaving of computations can be easily expressed
• In the natural semantics immediate constituent is an atomic entity so we cannot express interleaving of computations
![Page 55: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/55.jpg)
55
While + memory
Abstract syntaxS ::= x := a | skip | S1; S2| if b then S1 else S2
| while b do S| x := malloc(a)| x := [y]|[x] := y
State : Var Z State : Stack HeapStack : Var ZHeap : Z Z
Integers as memory addresses
![Page 56: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/56.jpg)
56
From states to traces
![Page 57: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/57.jpg)
57
Trace semantics
• Low-level (conceptual) semantics• Add program counter (pc) with states– = State + pc
• The meaning of a program is a relation Stm
• Execution is a finite/infinite sequence of states• A useful concept in defining static analysis as
we will see later
![Page 58: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/58.jpg)
58
Example
1: y := 1;
while 2: (x=1) do (
3: y := y * x;
4: x := x - 1
)
5:
![Page 59: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/59.jpg)
59
Traces1: y := 1;
while 2: (x=1) do (
3: y := y * x;
4: x := x - 1
)
5:
{x2,y3},1 [y:=1] {x2,y1},2 [(x=1)] {x2,y1},3 [y:=y*x] {x2,y2},4 [x:=x-1] {x1,y2},2 [(x=1)] {x1,y2},5
{x3,y3},1 [y:=1] {x3,y1},2 [(x=1)] {x3,y1},3 [y:=y*x] {x3,y3},4 [x:=x-1] {x2,y3},2 [(x=1)] {x2,y3},3 [y:=y*x] {x2,y6},4 [x:=x-1] {x1,y6},2 [(x=1)] {x1,y6},5
…
Set of traces is infinite therefore trace semantics is incomputable in general
![Page 60: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/60.jpg)
60
Operational semantics summary• SOS is powerful enough to describe imperative
programs– Can define the set of traces– Can represent program counter implicitly– Handle goto statements and other non-trivial control
constructs (e.g., exceptions)• Natural operational semantics is an abstraction• Different semantics may be used to justify different
behaviors• Thinking in concrete semantics is essential for a
analysis writer
![Page 61: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/61.jpg)
Denotational Semantics
Based on a lecture by Martin Abadi
![Page 62: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/62.jpg)
62
Denotational Semantics• A “mathematical” semantics– S is a mathematical object– A fair amount of mathematics is involved
• Compositional• More abstract and canonical than Op. Sem.– No notion of “execution”
• Merely definitions– No small step vs. big step
![Page 63: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/63.jpg)
63
Denotational Semantics• Denotational semantics is also called– Fixed point semantics– Mathematical semantics– Scott-Strachey semantics
![Page 64: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/64.jpg)
64
Plan
• Denotational semantics of While (1st attempt)• Math– Complete partial orders– Montonicity– Continuity
• Denotational semantics of While
![Page 65: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/65.jpg)
65
Denotational semantics• A: Aexp (N)• B: Bexp (T)• S: Stm ()• Defined by structural induction
![Page 66: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/66.jpg)
66
Denotational semantics• A: Aexp (N)• B: Bexp (T)• S: Stm ()• Defined by structural induction
A a , B b , Sns S , Ssos S
![Page 67: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/67.jpg)
67
Denotational semantics of Aexp• A: Aexp (N)• A n = {(, n) | }• A X = {(, X) | }• A a0+a1 = {(, n0+n1) | (, n0)Aa0, (,n1)Aa1}• A a0-a1 = {(, n0-n1) | (, n0)Aa0, (,n1)Aa1}• A a0a1 = {(, n0 n1) | (, n0)Aa0, (,n1)Aa1}
Lemma: A a is a functionFunctions represented as sets of pairs
![Page 68: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/68.jpg)
68
Denotational semantics of Aexp with
• A: Aexp (N)• A n = .n• A X = .(X)• A a0+a1 = .(A a0+Aa1)• A a0-a1 = .(A a0-Aa1)• A a0a1 = .(A a0 Aa1)
![Page 69: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/69.jpg)
69
Denotational semantics of Bexp• B: Bexp (T)• B true = {(, true) | }• B false = {(, false) | }• B a0=a1 = {(, true) | & Aa0=Aa1 }
{(, false) | & Aa0Aa1 }• B a0a1 = {(, true) | & Aa0 Aa1 }
{(, false) | & Aa0Aa1 }• B b = {(, T t) | , (, t) Bb} • B b0b1 = {(, t0 Tt1) | , (, t0) Bb0, (, t1) Bb1 }• B b0b1 = {(, t0 Tt1) | , (, t0) Bb0, (, t1) Bb1 }
Lemma: Bb is a function
![Page 70: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/70.jpg)
70
Denotational semantics of statements?
• Intuition:–Running a statement s starting from a
state yields another state ’• Can we define S s as a function
that maps to ‘ ? –S .: Stm ( )
![Page 71: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/71.jpg)
71
Denotational semantics of commands?
• Problem: running a statement might not yield anything if the statement does not terminate
• We introduce the special element to denote a special outcome that stands for non-termination
• For any set X, we write X for X {}
• Convention:– whenever f X X we extend f to X X
“strictly” so that f() =
![Page 72: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/72.jpg)
72
Denotational semantics of statements?
• We try:– S . : Stm ( )
• S skip=
• S s0 ; s1 = S s1 (S s0 )
• S if b then s0 else s1 =
if Bb then S s0 else S s1
![Page 73: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/73.jpg)
73
Examples
• S X:= 2; X:=1= [X1]• S if true then X:=2; X:=1 else … = [X1] • The semantics does not care about
intermediate states• So far, we did not explicitly need
![Page 74: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/74.jpg)
74
Denotational semantics of loops?
• S while b do s = ?
![Page 75: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/75.jpg)
75
Denotational semantics of statements?• Abbreviation W=S while b do s• Idea: we rely on the equivalence
while b do s if b then (s; while b do s) else skip
• We may try using unwinding equationW() = if Bb then W(Ss ) else
• Unacceptable solution– Defines W in terms of itself– It not evident that a suitable W exists– It may not describe W uniquely
(e.g., for while true do skip)
![Page 76: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/76.jpg)
76
Introduction to Domain Theory
• We will solve the unwinding equation through a general theory of recursive equations
• Think of programs as processors of streams of bits (streams of 0’s and 1’s, possibly terminated by $)What properties can we expect?
input output
![Page 77: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/77.jpg)
77
Motivation• Let “isone” be a function that must return “1$” when
the input string has at least a 1 and “0$” otherwise– isone(00…0$) = 0$– isone(xx…1…$) =1$– isone(0…0) =?
• Monotonicity : Output is never retracted– More information about the input is reflected in
more information about the output• How do we express monotonicity precisely?
![Page 78: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/78.jpg)
78
Montonicity
• Define a partial orderx y– A partial order is reflexive, transitive, and anti-symmetric– y is a refinement of x
• “more precise”
• For streams of bits x y when x is a prefix of y• For programs, a typical order is:– No output (yet) some output
![Page 79: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/79.jpg)
79
Montonicity
• A set equipped with a partial order is a poset• Definition: – D and E are postes– A function f: D E is monotonic if
x, y D: x D y f(x) E f(y) – The semantics of the program ought to be a
monotonic function• More information about the input leads to more
information about the output
![Page 80: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/80.jpg)
80
Montonicity Example• Consider our “isone” function with the prefix
ordering• Notation:– 0k is the stream with k consecutive 0’s– 0 is the infinite stream with only 0’s
• Question (revisited): what is isone(0k )?– By definition, isone(0k$) = 0$ and isone(0k1$) = 1$– But 0k 0k$ and 0k 0 k1$– “isone” must be monotone, so:
• isone( 0k ) isone( 0k$) = 0$• isone( 0k ) isone( 0k1$) = 1$
– Therefore, monotonicity requires that isone(0k ) is a common prefix of 0$ and 1$, namely
![Page 81: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/81.jpg)
81
Motivation• Are there other constraints on “isone”?• Define “isone” to satisfy the equations– isone()=– isone(1s)=1$– isone(0s)=isone(s)– isone($)=0$
• What about 0?• Continuity: finite output depends only on finite input
(no infinite lookahead)
![Page 82: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/82.jpg)
82
Chains• A chain is a countable increasing sequence
<xi> = {xi X | x0 x1 … }• An upper bound of a set if an element “bigger” than
all elements in the set• The least upper bound is the “smallest” among upper
bounds:– xi <xi> for all i N– <xi> y for all upper bounds y of <xi>
and it is unique if it exists
![Page 83: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/83.jpg)
83
Complete Partial Orders
• Not every poset has an upper bound– with n and nn for all n N– {1, 2} does not have an upper bound
• Sometimes chains have no upper bound
0 1 2…
210
The chain 0 12…
does not have an upper bound
![Page 84: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/84.jpg)
84
Complete Partial Orders• It is convenient to work with posets where every
chain (not necessarily every set) has a least upper bound
• A partial order P is complete if every chain in P has a least upper bound also in P
• We say that P is a complete partial order (cpo)• A cpo with a least (“bottom”) element is a pointed
cpo (pcpo)
![Page 85: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/85.jpg)
85
Examples of cpo’s• Any set P with the order
x y if and only if x = y is a cpoIt is discrete or flat
• If we add so that x for all x P, we get a flat pointed cpo• The set N with is a poset with a bottom, but not a complete
one• The set N { } with n is a pointed cpo• The set N with is a cpo without bottom• Let S be a set and P(S) denotes the set of all subsets of S
ordered by set inclusion– P(S) is a pointed cpo
![Page 86: Noam Rinetzky Lecture 3: Program Semantics](https://reader030.fdocuments.net/reader030/viewer/2022033101/56816150550346895dd0d9a5/html5/thumbnails/86.jpg)
86
The End