Programming Languages (CS 550) Lecture 9 Summary I ntroduction to Formal Semantics

1

Programming Languages (CS 550)

Lecture 9 SummaryIntroduction to Formal Semantics

Jeremy R. Johnson

2

ThemeThis lecture introduces three techniques for

formally specifying the semantics of programming languages: operational semantics (formal machine model), denotational semantics, and axiomatic semantics.

So far we have extensively used operational semantics (meta-circular interpreter and interpreters built using other languages), the approaches outlined are related but more mathematical.

3

OutlineOperational Semantics

Reduction machineProlog implementation

Denotational SemanticsTranslating programs to mathematical functionsScheme implementation

Axiomatic SemanticsSpecificationsPredicate transformersCorrectness proofs

4

Mini Language Syntax 1. < program > → < stmt-list> 2. < stmt-list> → < stmt > ; < stmt-list > | < stmt > 3. < stmt > → < assign-stmt > | < if-stmt > | < while-stmt > 4. < assign-stmt > → < identifier > := < expr > 5. < if-stmt > → if < expr > then < stmt-list > else < stmt-list > fi 6. < while-stmt > → while < expr > do < stmt-list > od 7. < expr > → < expr > + < term > | < expr > - < term > | < term > 8. < term > → < term > * < factor > | < factor > 9. < factor > → ( < expr > ) | < number > | < identifier > 10. < number > → < number > < digit > | < digit > 11. < digit > → 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 12. < identifier > → < identifier > < letter > | < letter > 13. < letter > → a | b | c | ... | z

5

EnvironmentsLet an Environment be a map from indentifiers to

values = integers undefinedMini language programs can be thought of as a

map from an initial Environment to a final Environment (assuming it terminates)

The initial environment maps all identifiers to an undefined

Each statement is defined in terms of what it does to the current environment (another mapping)

6

Semantics of Mini Language Statements

1. Env: Identifier → Integer Union {undef} 2. (Env and {I = n})(J) = n if J=I, Env(J) otherwise 3. Env_0 = undef for all I 4. for if-stmt, if expr evaluates to value greater than

0, then evaluate stmt-list after then, else evaluate stmt-list after else

5. for while-stmt, as long as expr evaluates to a value greater than 0, stmt-list is repeatedly executed and expr evaluated.

7

Example Mini Language Program

1. n := 0 - 5; 2. if n then i := n else i := 0 - n fi; 3. fact := 1; 4. while i do fact := fact * i; i := i - 1 od

What is the final environment?

8

Operational SemanticsDefine language by describing its actions in

terms of operations of an actual or hypothetical machine. Need precise description of machineProgram Control Store

Reduction machineReduce program to a semantic “value”Reduction rules (logical inference rules)

9

Operational Semantics of Mini Language Expressions

(1) ‘0’ 0,…, ‘9’ 9(2) V’0’ 10*V,…,V’9’ 10*V+9(3) V1 ‘+’ V2 V1 + V2

(4) V1 ‘+’ V2 V1 + V2

(5) V1 ‘*’ V2 V1 * V2

10

Mini Language Expressions

(7) E E1 _____________________________________________________________________

E ‘+’ E2 E1 ‘+’ E2

(8) E E1 _____________________________________________________________________

E ‘-’ E2 E1 ‘-’ E2

(9) E E1 _____________________________________________________________________

E ‘*’ E2 E1 ‘*’ E2

11

Mini Language Expressions

(10) E E1 _____________________________________________________________________

V ‘+’ E V ‘+’ E1

(11) E E1 ____________________________________________________________________

V ‘-’ E V ‘-’ E1

(12) E E1 ____________________________________________________________________

V ‘*’ E V ‘*’ E1

(14) E E1, E1 E2 [transitive closure] _____________________________________________________________________

E E2

12

Implementation in Prolog% reduce_all(times(plus(2,3),minus(5,1)),V).% V = 20 ?

reduce(plus(E,E2),plus(E1,E2)) :- reduce(E,E1).reduce(minus(E,E2),minus(E1,E2)) :- reduce(E,E1).reduce(times(E,E2),times(E1,E2)) :- reduce(E,E1).

reduce(plus(V,E),plus(V,E1)) :- reduce(E,E1).reduce(minus(V,E),minus(V,E1)) :- reduce(E,E1).reduce(times(V,E),times(V,E1)) :- reduce(E,E1).

reduce(plus(V1,V2),R) :- integer(V1), integer(V2), !, R is V1+V2.reduce(minus(V1,V2),R) :- integer(V1), integer(V2), !, R is V1-V2.reduce(times(V1,V2),R) :- integer(V1), integer(V2), !, R is V1*V2.

reduce_all(V,V) :- integer(V), !.reduce_all(E,E2) :- reduce(E,E1), reduce_all(E1,E2).

13

Environments and Assignment

(7) <E | Env> <E1| Env> ______________________________________________________________________________________________________________________________

<E ‘+’ E2 | Env> < E1 ‘+’ E2 | Env>

(15) Env(I) = V ____________________________________________________________________________

<I | Env> <V | Env>

14

Environments and Assignment

(16) <I ‘:=’ V | Env> Env & {I = V}

(17) <E | Env> <E1 | Env> ______________________________________________________________________________________________________________________

<I ‘:=’ E | Env> <I ‘:=’ E1 | Env> (18) <S | Env> Env1 ______________________________________________________________________________________________

<S ‘;’ L | Env> <L | Env1> (19) L < L | Env0>

15

Implementation in PrologConfigurations

<E | Env> Config(E,Env)

Environments[value(I1,v1),...,value(In,vn)]

Predicate to lookup values Lookup(Env,I,V)

16

Implementation in PrologConfigurations

<E | Env> Config(E,Env)

Environments[value(I1,v1),...,value(In,vn)]

Predicate to lookup values Lookup(Env,I,V)

lookup([value(I,V)|_],I,V).lookup([_|Es],I,V) :- lookup(Es,I,V), !.

17

Implementation in Prolog% reduce_value(config(times(plus(x,3),minus(5,y)),[value(x,2),value(y,1)]),V).% V = config(20,[value(x,2),value(y,1)]) ?

reduce(config(plus(E,E2),Env),config(plus(E1,E2),Env)) :- reduce(config(E,Env),config(E1,Env)).

reduce(config(I,Env),config(V,Env)) :- atom(I), lookup(Env,I,V).

reduce_all(config(V,Env),config(V,Env)) :- integer(V), !.reduce_all(config(E,Env),config(E2,Env)) :- reduce(config(E,Env),config(E1,Env)),

reduce_all(config(E1,Env),config(E2,Env)).

reduce_value(config(E,Env),V) :- reduce_all(config(E,Env),config(V,Env)).

18

If Statements(20) <E | Env> <E1| Env> __________________________________________________________________________________________________________________________________

<‘if’ E ‘then’ L1 ‘else’ L2 ‘fi’ | Env> <‘if’ E1 ‘then’ L1 ‘else’ L2 ‘fi’ | Env>

(21) V > 0 ______________________________________________________________________________________________________________________________

<‘if’ V ‘then’ L1 ‘else’ L2 ‘fi’ | Env> < L1|Env>

(22) V 0 _____________________________________________________________________

<‘if’ V ‘then’ L1 ‘else’ L2 ‘fi’ | Env> < L2|Env>

19

While Statements

(23) <E | Env> <V| Env>, V 0 ________________________________________________________________________________________________________________

<‘while’ E ‘do’ L ‘od’|Env> Env

(24) <E | Env> <V| Env>, V > 0 _____________________________________________________________________________________________________________

<‘while’ E ‘do’ L ‘od’|Env> <L;‘while’ E ‘do’ L ‘od’|Env>

20

Implementation in Prolog% Test cases:% reduce_exp_all(config(plus(times(2,5),minus(2,5)),[]),V).% V = config(7,[])% reduce_exp_all(config(plus(times(x,5),minus(2,y)),[value(x,2),value(y,5)]),V).% V = config(7,[value(x,2),value(y,5)])% reduce_all(config(seq(assign(x,3),assign(y,4)),[]),Env).% Env = [value(x,3),value(y,4)]% reduce(config(if(3,assign(x,3),assign(x,4)),[]),Env).% Env = [value(x,3)]% reduce(config(if(0,assign(x,3),assign(x,4)),[]),Env).% Env = [value(x,4)]% reduce_all(config(if(n,assign(i,0),assign(i,1)),[value(n,3)]),Env).% Env = [value(n,3),value(i,0)]

21

Implementation in Prolog% reduce_all(config(while(x,assign(x,minus(x,1))),[value(x,3)]),Env).% Env = [value(x,0)]% reduce_all(config(% seq(assign(n,minus(0,3)),% seq(if(n,assign(i,n),assign(i,minus(0,n))),% seq(assign(fact,1),% while(i,seq(assign(fact,times(fact,i)),assign(i,minus(i,1)))))))% ,[]),Env).% Env = [value(n,-3),value(i,0),value(fact,6)]

22

Denotational SemanticsUse functions to describe semantics of a

programming language. Associate semantic value to syntactically

correct constructMap syntactic domain to semantic domainVal: Expression IntegerVal(2 + 3*4) = 1414 “denotes” the value of the expression 2+3*4

P: Program (Input Output)Program Input Output [right associate]

23

Denotational Semantics of Mini Language (Expressions)

E: Expression Environment Integer

E[[E1 ‘+’ E2]](Env) = E[[E1]](Env) + E[[E2]](Env)

E[[E1 ‘-’ E2]](Env) = E[[E1]](Env) - E[[E2]](Env)

E[[E1 ‘*’ E2]](Env) = E[[E1]](Env) * E[[E2]](Env)

E[[I]](Env) = Env(I)E[[N]](Env) = N

24

Implementation in Scheme

(define (exprE expr) (cond ((number? expr) (numE expr))

((ident? expr) (identE expr))((plus? expr) (plusE expr))((minus? expr) (minusE expr))((times? expr) (timesE expr))(else (error "illegal expression"))))

(define (env exp) (if (eq? exp 'x) 3 'undef))

((exprE '(+ 2 x)) env);Value: 5

(define (numE expr) (lambda (env) expr))

(define (identE expr) (lambda (env) (env expr)))

(define (plusE expr) (lambda (env) (let ((expr1 (cadr expr)) (expr2 (caddr

expr))) (+ ((exprE expr1) env) ((exprE expr2)

env)))))

25

Denotational Semantics of Mini Language (Expressions)

P: Program EnvironmentP[[L]] = L[[L]](Env0)

L: Statement-list Environment EnvironmentL[[L1 ‘;’ L2]] = L[[L1]] L[[L2]] L[[S]] = S[[S]]

26

Implementation in Scheme(define (progP prog) (if (stmt-list? prog) (stmt-listL prog) (error "illegal program")))

(define (stmt-listL stmt-list) (let ((first-stmt (car stmt-list)) (remaining-stmts (cdr stmt-list))) (if (null? remaining-stmts)

(stmtS first-stmt)(compose (stmt-listL remaining-stmts) (stmtS first-stmt)))))

(define (compose f g) (lambda (x) (f (g x))))

27

Denotational Semantics of Mini Language (Statements)

S: Statement Environment EnvironmentS[[I ‘:=’ E]](Env) = Env & {I = E[[E]](Env)} S[[‘if’ E ‘then’ L1 ‘else’ L2]](Env) =

if E[[E]](Env) > 0 then L[[L1]](Env) else L[[L2]](Env)

S[[‘while’ E ‘do’ L od’]](Env) = if E[[E]](Env) 0 then Env else S[[‘while’ E ‘do’ L od’]](L[[L]](Env))

28

Implementation in Scheme(define (stmtS stmt) (cond ((assign-stmt? stmt) (assignS stmt))

((if-stmt? stmt) (ifS stmt))((while-stmt? stmt) (whileS stmt))(else (error "illegal statement"))))

(define (assignS stmt) (let ((ident (cadr stmt)) (expr (caddr stmt))) (lambda (env) (lambda (var)

(if (eq? var ident) ((exprE expr) env) (env var))))))

29

Implementation in Scheme(define (ifS stmt) (let ((expr (cadr stmt)) (S1 (caddr stmt)) (S2 (cadddr stmt))) (lambda (env)

(if (> ((exprE expr) env) 0) ((stmt-listL S1) env) ((stmt-listL S2) env)))))

(define (whileS stmt) (let ((expr (cadr stmt)) (S (caddr stmt))) (lambda (env) (if (<= ((exprE expr) env) 0)

env ((whileS stmt) ((stmt-listL S) env))))))

30

Implementation in Scheme(define prog '((assign n (- 0 5)) (if n

((assign i n)) ((assign i (- 0 n)))) (assign fact 1) (while i

((assign fact (* fact i)) (assign i (- i 1))))))

(define env0 (lambda (ident) 'undef))

(env0 'x);Value: undef

(define envf ((progP prog) env0));Value: envf

(envf 'n);Value: -5

(envf 'i);Value: 0

(envf 'fact);Value: 120

31

Axiomatic SemanticsDescribe semantics of language constructs

by their effect on assertions about the data manipulated by the program. Pre and post conditions

{x = A} x := x + 1 {x = A+1} {y 0} x := 1/y {x = 1/y}

Program specifications { n ≥ 0, 1 i n, a[i] = A[i]} sort-program

{sorted(a) and permutation(a,A)}Correctness Proofs

32

Weakest PreconditionGiven Q, Lots of preconditions P such

that{P}C{Q}{x = 3}x := x + 1{x > 0}{x ≥ 3}x := x + 1{x > 0}…{x > -1}x := x + 1{x > 0}

Weakest (or most general) preconditionwp(C,Q){P}C{Q} iff P wp(C,Q)

33

Properties of wpLaw of the Excluded miracle

wp(C,false) = falseDistributivity of Conjunction

wp(C,P and Q) = wp(C,P) and wp(C,Q)Law of Monotonicity

If Q R then wp(C,Q) wp(C,R)Distributivity of Disjunction

wp(C,P) or wp(C,Q) wp(C,P or Q)Equal if C is deterministic

34

Axiomatic Semantics of Mini Language

Semantics of C is the functionwp(C,_) from assertions to assertionsPredicate transformer

Statement-listwp(L1;L2,Q) = wp(L1,wp(L2,Q))

Assignment Statementswp(I := E,Q) = Q[E/I]wp(x:=x+1,x>0) = (x+1 > 0) = (x > -1)wp(x:=x+1,x=A) = (x+1 = A_ = (x = A-1)

35

Axiomatic Semantics of Mini Language

If Statementswp(if E the L1 else L2 fi,Q) = (E > 0

wp(L1,Q)) and (E 0 wp(L2,Q))

wp(if x then x := 1 else x := -1,x=1)(x > 0 1=1) and (x 0 -1=1) true and (x > 0) x > 0

36

Axiomatic Semantics of Mini Language

While StatementsHi(while E do L od,Q), while executes i

iterations and terminates satisfying Q

H0(while E do L od,Q) = (E 0 Q)Hi+1(while E do L od,Q) = (E > 0 wp(L,Hi(while

E do L od,Q)

wp(while E do L od,Q) = i, Hi(while E do L od,Q)

37

Correctness ProofsLoop Invariants

while E do L odFind W such that W wp(while…,Q)

W and (E > 0) wp(L,W) W and (E 0) Q P W

If while loop terminates , W wp(while…,Q)Proves {P}while E do L od{Q}

38

Correctness ProofsLoop invariant (fact = (i+1)n, i≥0)

{n > 0}i := n;fact := 1;while i do

fact := fact*i; i := i-1;

od

39

Correctness ProofsW = (fact = (i+1)n, i≥0)

wp(fact := fact*i,i:=i-1,W)= wp(fact := fact*i,wp(i:=i-1,W))= wp(fact := fact*i,fact=((i-1)+1)n, i-1≥0)= wp(fact := fact*i,fact=in, i-1≥0)= (fact*i=in, i-1≥0) = (fact = (i+1)n, i-

1≥0)

W and i > 0 wp(L,W)W and i 0 fact = n!n > 0 wp(i:=n,fact := 1,W) = (n ≥ 0)