What Is An Exception?

What is the Meaning of These Constant Interruptions?

Graham Hutton and Joel WrightUniversity of Nottingham

2

What Is An Exception?

Division by zero

Null pointer

Examples:

An event within a computation that causes termination in a non-

standard way

3

What Is An Interrupt?

An exception that arises from the external environement, e.g. another

computation

Terminate

Any exception

Examples:

4

This Talk

Haskell is unique in providing both full support for interrupts and a semantics for this.

But the semantics is subtle, and relies on quite considerable technical machinery.

We give a simple, formally justified, semantics for interrupts in a small language.

5

An Exceptional Language

data Expr = Val Int | Throw | Add Expr Expr | Seq Expr Expr | Catch Expr Expr

Syntax:

Semantics:

e ve can evaluate to

v

6

Sequencing:

Seq x y v

x Val n y v

Seq x y Throw

x Throw

Catch x y Val n

x Val n

Catch x y v

x Throw y v

Catch:

7

Finally, An Example

Problem: how can we ensure that evaluation of x is always succeeded by evaluation of y?

finally x y

=

8

Finally, An Example


finally x y

=

Seq x y

9

Finally, An Example


finally x y

=

Seq x y

If x produces an exception,

y is not evaluated

10

Seq (Catch x y) y

Finally, An Example


finally x y

=

11

Seq (Catch x y) y

Finally, An Example


finally x y

=

If x produces an exception, y

may be evaluated twice

12

Seq (Catch x (Seq y Throw)) y

Finally, An Example


finally x y

=

13


Finally, An Example


finally x y

=

Now has the correct

behaviour

14

Adding Interrupts

To avoid the need for concurrency, we adopt the following worst-case rule for interrupts:

x Throw

Evaluation can be interrupted at any time by replacing

the current expression by throw

15


Note:

Evaluation is now non-deterministic.

Finally no longer behaves as expected.

could be interrupted as y is about to be

evaluated

16

Controlling Interrupts

data Expr = ••• | Block Expr | Unblock Expr

Syntax:

Semantics:

e i v

e can evaluate to v in interrupt

status i

17

Key rules:

Block x i v

x B v

Unblock x i v

x U v

x U Throw

The other rules are simply modified to propogate the current interrupt status to their arguments.

18

Finally Revisited

finally x y

=


19

Block (Seq (Catch (Unblock x) (Seq y Throw)) y)

Finally Revisited

finally x y

=

20

Block (Seq (Catch (Unblock x) (Seq y Throw)) y)

Finally Revisited

finally x y

=

Modulo syntax, finally in Haskell is defined in precisely

the same way

21

Is Our Semantics Correct?

How does our high-level semantics reflect our low-level intuition about interrupts?

To address this issue, we first define a virtual machine, its semantics, and a compiler.

We explain the basic ideas informally using an example - the paper gives full details.

22

Catch (Unblock (2+3)) 4

Example

Code

23


Example

Code

24


Example

MARK [ ]

UNMARK

Code

25


Example

MARK [ ]

UNMARK

Code

26


Example

MARK [PUSH 4]

UNMARK

Code

27


Example

MARK [PUSH 4]

UNMARK

Code

28


Example

MARK [PUSH 4]SET U

RESETUNMARK

Code

29


Example

MARK [PUSH 4]SET U

RESETUNMARK

Code

30


Example

MARK [PUSH 4]SET UPUSH 2PUSH 3ADDRESETUNMARK

Code

31


Example


Code

Stack

Status

32


Example


Code

Stack

Status

B

33


Example

SET UPUSH 2PUSH 3ADDRESETUNMARK

Code

Stack

HAN [PUSH 4]

Status

B

34


Example

PUSH 2PUSH 3ADDRESETUNMARK

Code

Stack

INT BHAN [PUSH 4]

Status

U

35


Example

PUSH 3ADDRESETUNMARK

Code

Stack

VAL 2INT BHAN [PUSH 4]

Status

U

36


Example

ADDRESETUNMARK

Code

Stack

VAL 3VAL 2INT BHAN [PUSH 4]

Status

U

37


Example

ADDRESETUNMARK

Code

Stack


Status

U

interrupt!

38


Example

THROWRESETUNMARK

Code

Stack


Status

U

interrupt!

39


Example

THROWRESETUNMARK

Code

Stack

VAL 2INT BHAN [PUSH 4]

Status

U

40


Example

THROWRESETUNMARK

Code

Stack

INT BHAN [PUSH 4]

Status

U

41


Example

THROWRESETUNMARK

Code

Stack

HAN [PUSH 4]

Status

B

42


Example

PUSH 4

Code

Stack

Status

B

43


Example

Code

Stack

VAL 4

Status

B

44


Example

Code

Stack

VAL 4

Status

B

Final result

45

Compiler Correctness

We will exploit two basic notions of reachability for configurations of our virtual machine.

x can reach everything in

Y

x will reach something in

Y

x * Y

x Y

46

Theorem

{ | e i Val n }

{ | e i Throw }

*

U

Proof: approximately 10 pages of calculation, much of which requires considerable care.

comp e c i s

c i VAL n : s

i s

47

Summary

Simple semantics for interrupts, formally justified by a compiler correctness theorem.

Discovery of an error in the semantics for Haskell, concerning the delivery of interrupts.

Verification of finally, a useful high-level operator for programming with exceptions/interrupts.

48

Further Work

Mechanical verification

Bisimulation theorem

Generalising the language

Reasoning about programs

Calculating the compiler

Documents

What Is An Exception?