semantics extensions of imp programming language › homepage › teaching › svhol14 › ...7....
TRANSCRIPT
7. Programming Language Semantics 7.0
Chapter 7
Programming LanguageSemantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 331
7. Programming Language Semantics 7.0
Overview of Chapter
7. Programming Language Semantics7.1 Introduction7.2 Big-step semantics
Basic concepts of big-step semanticsFormalization of big-step semantics
7.3 Small-step semanticsSmall-step semantics of IMPProving properties of the semanticsExtensions of IMP
7.4 Denotational semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 332
7. Programming Language Semantics 7.1 Introduction
Section 7.1
Introduction
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 333
7. Programming Language Semantics 7.1 Introduction
Motivation
Why studying language semantics?
• Understanding the details and construction of programming andmodeling languages
• Foundation for language processing tools (compilers, optimizers,interpreters,...)
• Verifying type systems
• Development of new language abstractions and software concepts
• Reasoning about software
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 334
7. Programming Language Semantics 7.1 Introduction
Material
Literature
• Glynn Winskel:The Formal Semantics of Programming Languages: An Introduction
• Benjamin C. Pierce et al.:Software Foundations (www.cis.upenn.edu/~bcpierce/sf/)
AcknowledgementThanks to Prof. Peter Müller for the slides.
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 335
7. Programming Language Semantics 7.1 Introduction
General aspects
Degree of formalization:
• Informal semantics in language reports
• Formalization to support proof tools and as quality control
Goals here:
• Learn distinction between operational and denotational semantics
• Learn about the formalization of operational semantics
• Understand the relationship between programming languagesemantics and transition systems
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 336
7. Programming Language Semantics 7.1 Introduction
Why Formal Semantics?� Programming language design
- Formal verification of language properties- Reveal ambiguities- Support for standardization
� Implementation of programming languages- Compilers- Interpreters- Portability
� Reasoning about programs- Formal verification of program properties- Extended static checking
Peter Muller—Semantics of Programming Languages, SS04 – p.7©Peter Müller 337
7. Programming Language Semantics 7.1 Introduction
Language Properties� Type safety:In each execution state, a variable of type T holds avalue of T or a subtype of T
� Very important question for language designers� Example:If String is a subtype of Object, should String[] bea subtype of Object[]?
Peter Muller—Semantics of Programming Languages, SS04 – p.8©Peter Müller 338
7. Programming Language Semantics 7.1 Introduction
Language Properties� Type safety:In each execution state, a variable of type T holds avalue of T or a subtype of T
� Very important question for language designers� Example:If String is a subtype of Object, should String[] bea subtype of Object[]?
void m(Object[] oa) {oa[0]=new Integer(5);
}
String[] sa=new String[10];m(sa);String s = sa[0];
Peter Muller—Semantics of Programming Languages, SS04 – p.8©Peter Müller 339
7. Programming Language Semantics 7.1 Introduction
Language Definition
Dynamic Semantics
Static Semantics
Syntax
� State of a program execution� Transformation of states
� Type rules� Name resolution
� Syntax rules, defined bygrammar
Peter Muller—Semantics of Programming Languages, SS04 – p.12©Peter Müller 340
7. Programming Language Semantics 7.1 Introduction
Compilation and Execution
Execution
Semantic Analysis,Type Checking
Scanning, Parsing
Abstract Syntax Tree
Annotated Abstract Syntax Tree
Peter Muller—Semantics of Programming Languages, SS04 – p.13©Peter Müller 341
7. Programming Language Semantics 7.1 Introduction
Three Kinds of Semantics� Operational semantics
- Describes execution on an abstract machine- Describes how the effect is achieved
� Denotational semantics- Programs are regarded as functions in a
mathematical domain- Describes only the effect, not how it is obtained
� Axiomatic semantics- Specifies properties of the effect of executing a
program are expressed- Some aspects of the computation may be ignored
Peter Muller—Semantics of Programming Languages, SS04 – p.14©Peter Müller 342
7. Programming Language Semantics 7.1 Introduction
Operational Semantics
y := 1;while not(x=1) do ( y := x*y; x := x-1 )
� “First we assign 1 to y, then we test whether x is 1 ornot. If it is then we stop and otherwise we update yto be the product of x and the previous value of yand then we decrement x by 1. Now we test whetherthe new value of x is 1 or not. . . ”
� Two kinds of operational semantics- Natural Semantics- Structural Operational Semantics
Peter Muller—Semantics of Programming Languages, SS04 – p.15©Peter Müller 343
7. Programming Language Semantics 7.1 Introduction
Denotational Semantics
y := 1;while not(x=1) do ( y := x*y; x := x-1 )
� “The program computes a partial function from statesto states: the final state will be equal to the initialstate except that the value of x will be 1 and thevalue of y will be equal to the factorial of the value ofx in the initial state”
� Two kinds of denotational semantics- Direct Style Semantics- Continuation Style Semantics
Peter Muller—Semantics of Programming Languages, SS04 – p.16©Peter Müller 344
7. Programming Language Semantics 7.1 Introduction
Axiomatic Semantics
y := 1;while not(x=1) do ( y := x*y; x := x-1 )
� “If x= n holds before the program is executed theny= n! will hold when the execution terminates (if itterminates)”
� Two kinds of axiomatic semantics- Partial correctness- Total correctness
Peter Muller—Semantics of Programming Languages, SS04 – p.17©Peter Müller 345
7. Programming Language Semantics 7.1 Introduction
Abstraction
Concrete language implementation
Operational semantics
Denotational semantics
Axiomatic semantics
Abstract descrption
Peter Muller—Semantics of Programming Languages, SS04 – p.18©Peter Müller 346
7. Programming Language Semantics 7.1 Introduction
Selection Criteria� Constructs of theprogramming language- Imperative- Functional- Concurrent- Object-oriented- Non-deterministic- Etc.
� Application of thesemantics- Understanding the
language- Program verification- Prototyping- Compiler
construction- Program analysis- Etc.
Peter Muller—Semantics of Programming Languages, SS04 – p.19©Peter Müller 347
7. Programming Language Semantics 7.1 Introduction
The Language IMP� Expressions
- Boolean and arithmetic expressions- No side-effects in expressions
� Variables- All variables range over integers- All variables are initialized- No global variables
� IMP does not include- Heap allocation and pointers- Variable declarations- Procedures- Concurrency
Peter Muller—Semantics of Programming Languages, SS04 – p.30©Peter Müller 348
7. Programming Language Semantics 7.1 Introduction
Syntax of IMP: Characters and Tokens
Characters
Letter = ’A’ . . . ’Z’ | ’a’ . . . ’z’Digit = ’0’ | ’1’ | ’2’ | ’3’ | ’4’ | ’5’ | ’6’ | ’7’ | ’8’ | ’9’
Tokens
Ident = Letter { Letter | Digit }Integer = Digit { Digit }Var = Ident
Peter Muller—Semantics of Programming Languages, SS04 – p.31©Peter Müller 349
7. Programming Language Semantics 7.1 Introduction
Syntax of IMP: ExpressionsArithmetic expressions
Aexp = Aexp Op Aexp | Var | IntegerOp = ’+’ | ’-’ | ’*’ | ’/’ | ’mod’
Boolean expressions
Bexp = Bexp ’or’ Bexp | Bexp ’and’ Bexp| ’not’ Bexp | Aexp RelOp Aexp
RelOp = ’=’ | ’#’ | ’<’ | ’<=’ | ’>’ | ’>=’
Peter Muller—Semantics of Programming Languages, SS04 – p.32©Peter Müller 350
7. Programming Language Semantics 7.1 Introduction
Syntax of IMP: Statemens
Stm = ’skip’| Var ’:=’ Aexp| Stm ’;’ Stm| ’if’ Bexp ’then’ Stm ’else’ Stm ’end’| ’while’ Bexp ’do’ Stm ’end’
Peter Muller—Semantics of Programming Languages, SS04 – p.33©Peter Müller 351
7. Programming Language Semantics 7.1 Introduction
Notation
Meta-variables (written in italic font)
x, y, z for variables (Var)e, e′, e1, e2 for arithmetic expressions (Aexp)b, b1, b2 for boolean expressions (Bexp)s, s′, s1, s2 for statements (Stm)
Keywords are written in typewriter font
Peter Muller—Semantics of Programming Languages, SS04 – p.34©Peter Müller 352
7. Programming Language Semantics 7.1 Introduction
Syntax of IMP: Example
res := 1;while n > 1 dores := res * n;n := n - 1
end
Peter Muller—Semantics of Programming Languages, SS04 – p.35©Peter Müller 353
7. Programming Language Semantics 7.1 Introduction
Semantic Categories
Syntactic category: Integer Semantic category: Val = Z
101 - 5
101 - 101
� Semantic functions map elements of syntacticcategories to elements of semantic categories
� To define the semantics of IMP, we need semanticfunctions for- Arithmetic expressions (syntactic category Aexp)- Boolean expressions (syntactic category Bexp)- Statements (syntactic category Stm)
Peter Muller—Semantics of Programming Languages, SS04 – p.37©Peter Müller 354
7. Programming Language Semantics 7.1 Introduction
States
x+1 - ??
� The meaning of an expression depends on thevalues bound to the variables that occur in it
� A state associates a value to each variable
State : Var → Val
� We represent a state σ as a finite function
σ = {x1 7→ v1, x2 7→ v2, . . . , xn 7→ vn}where x1, x2, . . . , xn are different elements of Var andv1, v2, . . . , vn are elements of Val.
Peter Muller—Semantics of Programming Languages, SS04 – p.38©Peter Müller 355
7. Programming Language Semantics 7.1 Introduction
Semantics of Arithmetic Expressions
The semantic function
A : Aexp → State → Val
maps an arithmetic expression e and a state σ to a valueA[[e]]σ
A[[x]]σ = σ(x)
A[[i]]σ = i for i ∈ ZA[[e1 op e2]]σ = A[[e1]]σ op A[[e2]]σ for op ∈ Op
op is the operation Val × Val → Val corresponding to op
Peter Muller—Semantics of Programming Languages, SS04 – p.39©Peter Müller 356
7. Programming Language Semantics 7.1 Introduction
Semantics of Boolean Expressions
The semantic function
B : Bexp → State → Bool
maps a boolean expression b and a state σ to a truthvalue B[[b]]σ
B[[e1 op e2]]σ =
{tt if A[[e1]]σ op A[[e2]]σ
ff otherwise
op ∈ RelOp and op is the relation Val × Val correspondingto op
Peter Muller—Semantics of Programming Languages, SS04 – p.40©Peter Müller 357
7. Programming Language Semantics 7.1 Introduction
Boolean Expressions (cont’d)
B[[b1 or b2]]σ =
{tt if B[[b1]]σ = tt or B[[b2]]σ = tt
ff otherwise
B[[b1 and b2]]σ =
{tt if B[[b1]]σ = tt and B[[b2]]σ = tt
ff otherwise
B[[not b]]σ =
{tt if B[[b]]σ = ff
ff otherwise
Peter Muller—Semantics of Programming Languages, SS04 – p.41©Peter Müller 358
7. Programming Language Semantics 7.1 Introduction
Operational Semantics of Statements� Evaluation of an expression in a state yields a value
x + 2 * y
A : Aexp → State → Val
� Execution of a statement modifies the state
x := 2 * y
� Operational semantics describe how the state ismodified during the execution of a statement
Peter Muller—Semantics of Programming Languages, SS04 – p.57©Peter Müller 359
7. Programming Language Semantics 7.1 Introduction
Big-Step and Small-Step Semantics� Big-step semantics describe how the overall resultsof the executions are obtained
- Natural semantics
� Small-step semantics describe how the individualsteps of the computations take place
- Structural operational semantics- Abstract state machines
Peter Muller—Semantics of Programming Languages, SS04 – p.58©Peter Müller 360
7. Programming Language Semantics 7.1 Introduction
Transition Systems� A transition system is a tuple (Γ, T,B)
- Γ: a set of configurations- T : a set of terminal configurations, T ⊆ Γ
- B: a transition relation, B⊆ Γ × Γ
� Example: Finite automaton
Γ = {〈w, S〉 | w ∈ {a, b, c}∗, S ∈ {1, 2, 3, 4}}T = {〈ε, S〉 | S ∈ {1, 2, 3, 4}}B = {(〈aw, 1〉 → 〈w, 2〉), (〈aw, 1〉 → 〈w, 3〉),
(〈bw, 2〉 → 〈w, 4〉), (〈cw, 3〉 → 〈w, 4〉)}
a b
c
2
3
41
a
Peter Muller—Semantics of Programming Languages, SS04 – p.60©Peter Müller 361
7. Programming Language Semantics 7.2 Big-step semantics
Section 7.2
Big-step semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 362
7. Programming Language Semantics 7.2 Big-step semantics
Big-step semantics
Introductory remarks:
• Big-step semantics relates prestates of statement executions topoststates
• Often called natural semantics, because it abstracts fromintermediate states
Overview:
• Basic concepts of big-step semantics
• Formalization of big-step semantics in Isabelle/HOL
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 363
7. Programming Language Semantics 7.2 Big-step semantics
Subsection 7.2.1
Basic concepts of big-step semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 364
7. Programming Language Semantics 7.2 Big-step semantics
Transitions in Natural Semantics� Two types of configurations for operational semantics
1. 〈s, σ〉, which represents that the statement s is to beexecuted in state σ
2. σ, which represents a terminal state� The transition relation → describes how executionstake place- Typical transition: 〈s, σ〉 → σ′
- Example: 〈skip, σ〉 → σ
Γ = {〈s, σ〉 | s ∈ Stm, σ ∈ State} ∪ State
T = State
→⊆ {〈s, σ〉 | s ∈ Stm, σ ∈ State} × State
Peter Muller—Semantics of Programming Languages, SS04 – p.61©Peter Müller 365
7. Programming Language Semantics 7.2 Big-step semantics
Rules� Transition relation is specified by rules
ϕ1, . . . , ϕnψ
if Condition
where ϕ1, . . . , ϕn and ψ are transitions� Meaning of the rule
If Condition and ϕ1, . . . , ϕn then ψ
� Terminology- ϕ1, . . . , ϕn are called premises- ψ is called conclusion- A rule without premises is called axiom
Peter Muller—Semantics of Programming Languages, SS04 – p.62©Peter Müller 366
7. Programming Language Semantics 7.2 Big-step semantics
Notation� Updating States: σ[y 7→ v] is the function that
- overrides the association of y in σ by y 7→ v or- adds the new association y 7→ v to σ
(σ[y 7→ v])(x) =
{v if x = y
σ(x) if x 6= y
Peter Muller—Semantics of Programming Languages, SS04 – p.63©Peter Müller 367
7. Programming Language Semantics 7.2 Big-step semantics
Natural Semantics of IMP� skip does not modify the state
〈skip, σ〉 → σ
� x:=e assigns the value of e to variable e
〈x:=e, σ〉 → σ[x 7→ A[[e]]σ]
� Sequential composition s1;s2- First, s1 is executed in state σ, leading to σ′
- Then s2 is executed in state σ′
〈s1, σ〉 → σ′, 〈s2, σ′〉 → σ′′
〈s1;s2, σ〉 → σ′′
Peter Muller—Semantics of Programming Languages, SS04 – p.64©Peter Müller 368
7. Programming Language Semantics 7.2 Big-step semantics
Natural Semantics of IMP (cont’d)� Conditional statement if b then s1 else s2 end
- If b holds, s1 is executed- If b does not hold, s2 is executed
〈s1, σ〉 → σ′
〈if b then s1 else s2 end, σ〉 → σ′ if B[[b]]σ = tt
〈s2, σ〉 → σ′
〈if b then s1 else s2 end, σ〉 → σ′ ifB[[b]]σ = ff
Peter Muller—Semantics of Programming Languages, SS04 – p.65©Peter Müller 369
7. Programming Language Semantics 7.2 Big-step semantics
Natural Semantics of IMP (cont’d)� Loop statement while b do s end
- If b holds, s is executed once, leading to state σ ′
- Then the whole while-statement is executed again σ ′
〈s, σ〉 → σ′, 〈while b do s end, σ′〉 → σ′′
〈while b do s end, σ〉 → σ′′ if B[[b]]σ = tt
- If b does not hold, the while-statement does not modify thestate
〈while b do s end, σ〉 → σif B[[b]]σ = ff
Peter Muller—Semantics of Programming Languages, SS04 – p.66©Peter Müller 370
7. Programming Language Semantics 7.2 Big-step semantics
Rule Instantiations� Rules are actually rule schemes
- Meta-variables stand for arbitrary variables, expressions,statements, states, etc.
- To apply rules, they have to be instantiated by selectingparticular variables, expressions, statements, states, etc.
� Assignment rule scheme
〈x:=e, σ〉 → σ[x 7→ A[[e]]σ]
� Assignment rule instance
〈v:=v+1, {v 7→ 3}〉 → {v 7→ 4}
Peter Muller—Semantics of Programming Languages, SS04 – p.67©Peter Müller 371
7. Programming Language Semantics 7.2 Big-step semantics
Derivations: Example� What is the final state if statement
z:=x; x:=y; y:=z
is executed in state {x 7→ 5,y 7→ 7,z 7→ 0}(abbreviated by [5, 7, 0])?
〈z:=x, [5, 7, 0]〉 → [5, 7, 5], 〈x:=y, [5, 7, 5]〉 → [7, 7, 5]〈z:=x; x:=y, [5, 7, 0]〉 → [7, 7, 5]
,
〈y:=z, [7, 7, 5]〉 → [7, 5, 5]〈z:=x; x:=y; y:=z, [5, 7, 0]〉 → [7, 5, 5]
Peter Muller—Semantics of Programming Languages, SS04 – p.68©Peter Müller 372
7. Programming Language Semantics 7.2 Big-step semantics
Derivation Trees� Rule instances can be combined to derive atransition 〈s, σ〉 → σ′
� The result is a derivation tree- The root is the transition 〈s, σ〉 → σ′
- The leaves are axiom instances- The internal nodes are conclusions of rule instances and
have the corresponding premises as immediate children
� The conditions of all instantiated rules must besatisfied
� There can be several derivations for one transition(non-deterministic semantics)
Peter Muller—Semantics of Programming Languages, SS04 – p.69©Peter Müller 373
7. Programming Language Semantics 7.2 Big-step semantics
Termination� The execution of a statement s in state σ
- terminates iff there is a state σ′ such that 〈s, σ〉 → σ′
- loops iff there is no state σ′ such that 〈s, σ〉 → σ′
� A statement s- always terminates if the execution in a state σ terminates
for all choices of σ- always loops if the execution in a state σ loops for all
choices of σ
Peter Muller—Semantics of Programming Languages, SS04 – p.70©Peter Müller 374
7. Programming Language Semantics 7.2 Big-step semantics
Semantic Equivalence� Definition
Two statements s1 and s2 are semanticallyequivalent (denoted by s1 ≡ s2) if the follow-ing property holds for all states σ, σ ′:
〈s1, σ〉 → σ′ ⇔ 〈s2, σ〉 → σ′
� Example
while b do s end ≡if b then s; while b do s end
Peter Muller—Semantics of Programming Languages, SS04 – p.72©Peter Müller 375
7. Programming Language Semantics 7.2 Big-step semantics
Subsection 7.2.2
Formalization of big-step semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 376
7. Programming Language Semantics 7.2 Big-step semantics
Big-step semantics in Isabelle/HOL
Approach
• Formalize the abstract syntax of the language by a recursive datatype
• Formalize the big-step semantics as an inductive predicate
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 377
7. Programming Language Semantics 7.2 Big-step semantics
Arithmetic expressions
datatype var = V nat (".v_" 90)
datatype aexp = Plus aexp aexp (infixr ".+." 30)| Minus aexp aexp (infixr ".-." 30)| Mult aexp aexp (infixr ".*." 50)| Div aexp aexp (infixr "./." 50)| Mod aexp aexp (infixr ".%." 50)| Var var ("′_" 90)| Const int ("′_" 90)
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 378
7. Programming Language Semantics 7.2 Big-step semantics
Boolean expressions
datatype bexp = Or bexp bexp (infixr ".|." 20)| And bexp bexp (infixr ".&." 20)| Not bexp (".!_" 80)| Eq aexp aexp (infixr ".=." 10)| Less aexp aexp (infixr ".<." 10)| Leq aexp aexp (infixr ".<=." 10)
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 379
7. Programming Language Semantics 7.2 Big-step semantics
commands/statements
datatype com =Skip ("SKIP")
| Assign var aexp ("_:==_" [60, 60] 20)| Semi com com ("_; _" [60, 60] 10)| Cond bexp com com ("IF _ THEN _ ELSE _ END" 60)| While bexp com ("WHILE _ DO _ END" 60)
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 380
7. Programming Language Semantics 7.2 Big-step semantics
Evaluation of arithmetic expressions
type_synonym state = "var ⇒ int"
primrec aeval :: "aexp ⇒ state ⇒ int" where"aeval (Plus la ra) s = ((aeval la s) + (aeval ra s))"
| "aeval (Minus la ra) s = ((aeval la s) - (aeval ra s))"| "aeval (Mult la ra) s = ((aeval la s) * (aeval ra s))"| "aeval (Div la ra) s = ((aeval la s)div(aeval ra s))"| "aeval (Mod la ra) s = ((aeval la s)mod(aeval ra s))"| "aeval (Var v) s = (s v)"| "aeval (Const i) s = i"
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 381
7. Programming Language Semantics 7.2 Big-step semantics
Evaluation of boolean expressions
primrec beval :: "bexp ⇒ state ⇒ bool" where"beval (Or lb rb) s = ((beval lb s) ∨ (beval rb s))"
| "beval (And lb rb) s = ((beval lb s) ∧ (beval rb s))"| "beval (Not be) s = (¬ (beval be s))"| "beval (Eq la ra) s = ((aeval la s) = (aeval ra s))"| "beval (Less la ra) s = ((aeval la s) < (aeval ra s))"| "beval (Leq la ra) s = ((aeval la s) ≤ (aeval ra s))"
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 382
7. Programming Language Semantics 7.2 Big-step semantics
Operational semantics
inductive exec :: "state ⇒ com ⇒ state ⇒ bool"("_/ -_→/ _" [50,0,50] 50) where
Skip: "s -SKIP→ s"| Assign: "s -(v:== ae)→ s(v:= aeval ae s)"
| Semi: "~ s0 -c1→ s1; s1 -c2→ s2 �=⇒ s0 -c1;c2→ s2"
| IfT: "~ beval b s ; s -c1→ t �=⇒ s -IF b THEN c1 ELSE c2 END→ t"
| IfF: "~ ¬(beval b s); s -c2→ t �=⇒ s -IF b THEN c1 ELSE c2 END→ t"
| WhileF: "¬(beval b s) =⇒ s -WHILE b DO c END→ s"| WhileT: "~ beval b s; s-c→t; t -WHILE b DO c END→ u �
=⇒ s -WHILE b DO c END→ u"
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 383
7. Programming Language Semantics 7.2 Big-step semantics
Some properties
lemma [iff]: "(s -c;d→ u) = (∃t. s -c→ t ∧ t -d→ u)"
lemma [iff]: "(s -IF be THEN c ELSE d END→ t) =(s -if beval be s then c else d → t)"
lemma unfold_while:"(s -WHILE b DO c END→ u) =(s -IF b THEN c; WHILE b DO c END ELSE SKIP END→ u)"
lemma while_rule:"~ s -WHILE b DO c END→ t; P s;∀s s’. P s ∧ (beval b s) ∧ s -c→ s’ −→ P s’�
=⇒ P t ∧ ¬(beval b t)"
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 384
7. Programming Language Semantics 7.2 Big-step semantics
Formalization of semantics and verification
Remarks
• Inductive definition of the “semantics judgement” leads to a semanticpredicate satisfying the least fixpoint of the semantical rules
• The operational semantics can be directly used for programverification (Why do we need a programming logic? (cf. Chapter 8))
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 385
7. Programming Language Semantics 7.3 Small-step semantics
Section 7.3
Small-step semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 386
7. Programming Language Semantics 7.3 Small-step semantics
Overview
7.3.1 Small-step semantics of IMP
7.3.2 Proving properties of the semantics
7.3.3 Extensions of IMP
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 387
7. Programming Language Semantics 7.3 Small-step semantics
Subsection 7.3.1
Small-step semantics of IMP
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 388
7. Programming Language Semantics 7.3 Small-step semantics
Structural Operational Semantics� The emphasis is on the individual steps of theexecution- Execution of assignments- Execution of tests
� Describing small steps of the execution allows one toexpress the order of execution of individual steps- Interleaving computations- Evaluation order for expressions (not shown in the course)
� Describing always the next small step allows one toexpress properties of looping programs
Peter Muller—Semantics of Programming Languages, SS04 – p.100©Peter Müller 389
7. Programming Language Semantics 7.3 Small-step semantics
Transitions in SOS� The configurations are the same as for naturalsemantics
� The transition relation →1 can have two forms� 〈s, σ〉 →1 〈s′, σ′〉: the execution of s from σ is notcompleted and the remaining computation isexpressed by the intermediate configuration 〈s′, σ′〉
� 〈s, σ〉 →1 σ′: the execution of s from σ hasterminated and the final state is σ′
� A transition 〈s, σ〉 →1 γ describes the first step ofthe execution of s from σ
Peter Muller—Semantics of Programming Languages, SS04 – p.101©Peter Müller 390
7. Programming Language Semantics 7.3 Small-step semantics
Transition System
Γ = {〈s, σ〉 | s ∈ Stm, σ ∈ State} ∪ State
T = State
→1⊆ {〈s, σ〉 | s ∈ Stm, σ ∈ State} × Γ
� We say that 〈s, σ〉 is stuck if there is no γ such that〈s, σ〉 →1 γ
Peter Muller—Semantics of Programming Languages, SS04 – p.102©Peter Müller 391
7. Programming Language Semantics 7.3 Small-step semantics
SOS of IMP� skip does not modify the state
〈skip, σ〉 →1 σ
� x:=e assigns the value of e to variable x
〈x:=e, σ〉 →1 σ[x 7→ A[[e]]σ]
� skip and assignment require only one step� Rules are analogous to natural semantics
〈skip, σ〉 → σ
〈x:=e, σ〉 → σ[x 7→ A[[e]]σ]
Peter Muller—Semantics of Programming Languages, SS04 – p.103©Peter Müller 392
7. Programming Language Semantics 7.3 Small-step semantics
SOS of IMP: Sequential Composition� Sequential composition s1;s2� First step of executing s1;s2 is the first step ofexecuting s1
� s1 is executed in one step〈s1, σ〉 →1 σ′
〈s1;s2, σ〉 →1 〈s2, σ′〉
� s1 is executed in several steps〈s1, σ〉 →1 〈s′1, σ′〉
〈s1;s2, σ〉 →1 〈s′1;s2, σ′〉
Peter Muller—Semantics of Programming Languages, SS04 – p.104©Peter Müller 393
7. Programming Language Semantics 7.3 Small-step semantics
SOS of IMP: Conditional Statement
� The first step of executing if b then s1 else s2 endis to determine the outcome of the test and therebywhich branch to select
〈if b then s1 else s2 end, σ〉 →1 〈s1, σ〉 if B[[b]]σ = tt
〈if b then s1 else s2 end, σ〉 →1 〈s2, σ〉 ifB[[b]]σ = ff
Peter Muller—Semantics of Programming Languages, SS04 – p.105©Peter Müller 394
7. Programming Language Semantics 7.3 Small-step semantics
Alternative for Conditional Statement� The first step of executing if b then s1 else s2 endis the first step of the branch determined by theoutcome of the test
〈s1, σ〉 →1 σ′
〈if b then s1 else s2 end, σ〉 →1 σ′ if B[[b]]σ = tt
〈s1, σ〉 →1 〈s′1, σ′〉〈if b then s1 else s2 end, σ〉 →1 〈s′1, σ′〉 if B[[b]]σ = tt
and two similar rules for B[[b]]σ = ff
� Alternatives are equivalent for IMP� Choice is important for languages with parallelexecution
Peter Muller—Semantics of Programming Languages, SS04 – p.106©Peter Müller 395
7. Programming Language Semantics 7.3 Small-step semantics
SOS of IMP: Loop Statement
� The first step is to unrole the loop
〈while b do s end, σ〉 →1
〈if b then s;while b do s end else skip end, σ〉
� Recall that while b do s end andif b then s;while b do s end else skip end aresemantically equivalent in the natural semantics
Peter Muller—Semantics of Programming Languages, SS04 – p.107©Peter Müller 396
7. Programming Language Semantics 7.3 Small-step semantics
Alternatives for Loop Statement� The first step is to decide the outcome of the test andthereby whether to unrole the body of the loop or toterminate
〈while b do s end, σ〉 →1 〈s;while b do s end, σ〉if B[[b]]σ = tt
〈while b do s end, σ〉 →1 σ if B[[b]]σ = ff
� Or combine with the alternative semantics of theconditional statement
� Alternatives are equivalent for IMP
Peter Muller—Semantics of Programming Languages, SS04 – p.108©Peter Müller 397
7. Programming Language Semantics 7.3 Small-step semantics
Derivation Sequences� A derivation sequence of a statement s starting instate σ is a sequence γ0, γ1, γ2, . . . , where- γ0 = 〈s, σ〉
- γi →1 γi+1 for 0 ≤ i
� A derivation sequence is either finite or infinite- Finite derivation sequences end with a configuration that is
either a terminal configuration or a stuck configuration� Notation
- γ0 →i1 γi indicates that there are i steps in the execution
from γ0 to γi
- γ0 →∗1 γi indicates that there is a finite number of steps in
the execution from γ0 to γi
- γ0 →i1 γi and γ0 →
∗1 γi need not be derivation sequences
Peter Muller—Semantics of Programming Languages, SS04 – p.109©Peter Müller 398
7. Programming Language Semantics 7.3 Small-step semantics
Derivation Sequences: Example� What is the final state if statement
z:=x; x:=y; y:=z
is executed in state {x 7→ 5,y 7→ 7,z 7→ 0}?
〈z:=x; x:=y; y:=z, {x 7→ 5,y 7→ 7,z 7→ 0}〉
→1 〈x:=y; y:=z, {x 7→ 5,y 7→ 7,z 7→ 5}〉
→1 〈y:=z, {x 7→ 7,y 7→ 7,z 7→ 5}〉
→1 {x 7→ 7,y 7→ 5,z 7→ 5}
Peter Muller—Semantics of Programming Languages, SS04 – p.110©Peter Müller 399
7. Programming Language Semantics 7.3 Small-step semantics
Derivation Trees� Derivation trees explain why transitions take place� For the first step
〈z:=x; x:=y; y:=z, σ〉 →1 〈x:=y; y:=z, σ[z 7→ 5]〉
the derivation tree is
〈z:=x, σ〉 →1 σ[z 7→ 5]〈z:=x; x:=y, σ〉 →1 〈x:=y, σ[z 7→ 5]〉
〈z:=x; x:=y; y:=z, σ〉 →1 〈x:=y; y:=z, σ[z 7→ 5]〉
� z:=x; ( x:=y; y:=z ) would lead to a simplertree with only one rule application
Peter Muller—Semantics of Programming Languages, SS04 – p.111©Peter Müller 400
7. Programming Language Semantics 7.3 Small-step semantics
Derivation Sequences and Trees� Natural (big-step) semantics
- The execution of a statement (sequence) is described byone big transition
- The big transition can be seen as trivial derivationsequence with exactly one transition
- The derivation tree explains why this transition takes place� Structural operational (small-step) semantics
- The execution of a statement (sequence) is described byone or more transitions
- Derivation sequences are important- Derivation trees justify each individual step in a derivation
sequence
Peter Muller—Semantics of Programming Languages, SS04 – p.112©Peter Müller 401
7. Programming Language Semantics 7.3 Small-step semantics
Termination� The execution of a statement s in state σ
- terminates iff there is a finite derivation sequence startingwith 〈s, σ〉
- loops iff there is an infinite derivation sequence startingwith 〈s, σ〉
� The execution of a statement s in state σ
- terminates successfully if 〈s, σ〉 →∗1 σ′
- In IMP, an execution terminates successfully iff itterminates (no stuck configurations)
Peter Muller—Semantics of Programming Languages, SS04 – p.113©Peter Müller 402
7. Programming Language Semantics 7.3 Small-step semantics
Subsection 7.3.2
Proving properties of the semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 403
7. Programming Language Semantics 7.3 Small-step semantics
Induction on Derivations
Induction on the length of derivation sequences
1. Induction base: Prove that the property holds for allderivation sequences of length 0
2. Induction step: Prove that the property holds for allother derivation sequences:
� Induction hypothesis: Assume that the property holds forall derivation sequences of length at most k
� Prove that it also holds for derivation sequences of lengthk + 1
Induction on the length of derivation sequences is an ap-
plication of strong mathematical induction.
Peter Muller—Semantics of Programming Languages, SS04 – p.115©Peter Müller 404
7. Programming Language Semantics 7.3 Small-step semantics
Using Induction on Derivations� The induction step is often done by inspecting either
- the structure of the syntactic element or- the derivation tree validating the first transition of the
derivation sequence
� Lemma
〈s1;s2, σ〉 →k1 σ′′ ⇒
∃σ′, k1, k2 : 〈s1, σ〉 →k11 σ′ ∧ 〈s2, σ′〉 →k2
1 σ′′∧k1 + k2 = k
Peter Muller—Semantics of Programming Languages, SS04 – p.116©Peter Müller 405
7. Programming Language Semantics 7.3 Small-step semantics
Proof� Proof by induction on k, that is, by induction on thelength of the derivation sequence for〈s1;s2, σ〉 →k
1 σ′′
� Induction base: k = 0: There is no derivationsequence of length 0 for 〈s1;s2, σ〉 →k
1 σ′′
� Induction step
- We assume that the lemma holds for k ≤ m
- We prove that the lemma holds for m + 1
- The derivation sequence〈s1;s2, σ〉 →
m+11 σ′′ can be written as
〈s1;s2, σ〉 →1 γ →m1 σ′′ for some configuration γ
Peter Muller—Semantics of Programming Languages, SS04 – p.117©Peter Müller 406
7. Programming Language Semantics 7.3 Small-step semantics
Induction Step� 〈s1;s2, σ〉 →1 γ →m
1 σ′′
� Consider the two rules that could lead to thetransition 〈s1;s2, σ〉 →1 γ
� Case 1〈s1, σ〉 →1 σ′
〈s1;s2, σ〉 →1 〈s2, σ′〉
� Case 2〈s1, σ〉 →1 〈s′1, σ′〉
〈s1;s2, σ〉 →1 〈s′1;s2, σ′〉
Peter Muller—Semantics of Programming Languages, SS04 – p.118©Peter Müller 407
7. Programming Language Semantics 7.3 Small-step semantics
Induction Step: Case 1� From〈s1;s2, σ〉 →1 γ →m
1 σ′′ and 〈s1;s2, σ〉 →1 〈s2, σ′〉we conclude 〈s2, σ′〉 →m
1 σ′′
� The required result follows by choosing k1 = 1 andk2 = m
Peter Muller—Semantics of Programming Languages, SS04 – p.119©Peter Müller 408
7. Programming Language Semantics 7.3 Small-step semantics
Induction Step: Case 2� From〈s1;s2, σ〉 →1 γ →m
1 σ′′ and 〈s1;s2, σ〉 →1 〈s′1;s2, σ′〉
we conclude 〈s′1;s2, σ′〉 →m
1 σ′′
� By applying the induction hypothesis, we get∃σ0, l1, l2 : 〈s′1, σ′〉 →l1
1 σ0∧〈s2, σ0〉 →l21 σ′′∧ l1+ l2 = m
� From〈s1, σ〉 →1 〈s′1, σ′〉 and 〈s′1, σ′〉 →l1
1 σ0
we get 〈s1, σ〉 →l1+11 σ0
� By〈s2, σ0〉 →l2
1 σ′′ and (l1 + 1) + l2 = m + 1we have proved the required result
Peter Muller—Semantics of Programming Languages, SS04 – p.120©Peter Müller 409
7. Programming Language Semantics 7.3 Small-step semantics
Semantic Equivalence
Two statements s1 and s2 are semantically equivalentif for all states σ:
� 〈s1, σ〉 →∗1 γ iff 〈s2, σ〉 →∗
1 γ, whenever γ is aconfiguration that is either stuck or terminal, and
� there is an infinite derivation sequence starting in〈s1, σ〉 iff there is one starting in 〈s2, σ〉
Note: In the first case, the length of the two derivation
sequences may be different
Peter Muller—Semantics of Programming Languages, SS04 – p.121©Peter Müller 410
7. Programming Language Semantics 7.3 Small-step semantics
Determinism
Lemma: The structural operational semantics of IMP isdeterministic. That is, for all s,σ,γ, and γ ′ we have that
〈s, σ〉 →1 γ ∧ 〈s, σ〉 →1 γ′ ⇒ γ = γ′
� The proof runs by induction on the shape of thederivation tree for the transition 〈s, σ〉 →1 γ
Corollary: There is exactly one derivation sequencestarting in configuration 〈s, σ〉
� The proof runs by induction on the length of thederivation sequence
Peter Muller—Semantics of Programming Languages, SS04 – p.122©Peter Müller 411
7. Programming Language Semantics 7.3 Small-step semantics
Subsection 7.3.3
Extensions of IMP
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 412
7. Programming Language Semantics 7.3 Small-step semantics
Extensions of IMP
• Local variable declarations
• Statement “abort”
• Non-determinism
• Parallelism
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 413
7. Programming Language Semantics 7.3 Small-step semantics
Local Variable Declarations� Local variable declaration var x:=e in s end� The small steps are
1. Assign e to x
2. Execute s
3. Restore the initial value of x
(necessary if x exists in the enclosing scope)
� Problem: There is no history of states that could beused to restore the value of x
� Idea: Represent states as execution stacks
Peter Muller—Semantics of Programming Languages, SS04 – p.124©Peter Müller 414
7. Programming Language Semantics 7.3 Small-step semantics
Modelling Execution Stacks� We model execution stacks by providing a mapping
Var → Val for each scope
State : stack of(Var → Val)
� Assignment and lookuphave to determine thehighest stack element inwhich a variable is defined
� Example: σ(x) = 3x 1, y 2
x 3
z 4
Peter Muller—Semantics of Programming Languages, SS04 – p.125©Peter Müller 415
7. Programming Language Semantics 7.3 Small-step semantics
SOS for Variable Declarations� The small steps are
1. Create new scope and assign e to x in this scope2. Execute s
3. Restore the initial value of x using a return statement
〈var x:=e in s end, σ〉 →1
〈s;return, push({x 7→ A[[e]]σ}, σ)〉
〈return, σ〉 →1 pop(σ)
� Similar techniques can be used for procedure calls
Peter Muller—Semantics of Programming Languages, SS04 – p.126©Peter Müller 416
7. Programming Language Semantics 7.3 Small-step semantics
Abortion� Statement abort stops the execution of thecomplete program
� Abortion is modeled by ensuring that theconfigurations 〈abort, σ〉 are stuck
� There is no additional rule for abort in the structuraloperational semantics
� abort and skip are not semantically equivalent- 〈abort, σ〉 is the only derivation sequence for abort
starting is s
- 〈skip, σ〉 →1 σ is the only derivation sequence for skipstarting is s
Peter Muller—Semantics of Programming Languages, SS04 – p.127©Peter Müller 417
7. Programming Language Semantics 7.3 Small-step semantics
Abortion: Observations� abort and while true do skip end are notsemantically equivalent:
〈while true do skip end, σ〉 →1
〈if true then skip;while true do skip end end, σ〉 →1
〈skip;while true do skip end〉 →1
〈while true do skip end, σ〉
� In a structural operational semantics,- looping is reflected by infinite derivation sequences- abnormal termination by finite derivation sequences
ending in a stuck configuration
Peter Muller—Semantics of Programming Languages, SS04 – p.128©Peter Müller 418
7. Programming Language Semantics 7.3 Small-step semantics
Non-determinism� For the statement s1 s2 either s1 or s2 isnon-deterministically chosen to be executed
� The statement
x:=1 x:=2; x:=x+2
could result in a state in which x has the value 1 or 4� Rules
〈s1 s2, σ〉 →1 〈s1, σ〉 〈s1 s2, σ〉 →1 〈s2, σ〉
Peter Muller—Semantics of Programming Languages, SS04 – p.129©Peter Müller 419
7. Programming Language Semantics 7.3 Small-step semantics
Non-determinism: Observations� There are two derivation sequences
- 〈x:=1 x:=2; x:=x+2, σ〉 →∗1 σ[x 7→ 1]
- 〈x:=1 x:=2; x:=x+2, σ〉 →∗1 σ[x 7→ 4]
� There are also two derivation sequences for〈while true do skip end x:=2; x:=x+2, σ〉- an finite derivation sequence leading to σ[x 7→ 4]
- an infinite derivation sequence
� A structural operational semantics can choose the”wrong” branch of a non-deterministic choice
� In a structural operational semanticsnon-determinism does not suppress looping
Peter Muller—Semantics of Programming Languages, SS04 – p.130©Peter Müller 420
7. Programming Language Semantics 7.3 Small-step semantics
Parallelism� For the statement s1 par s2 both statements s1 ands2 are executed, but execution can be interleaved
〈s1, σ〉 →1 〈s′1, σ′〉〈s1 par s2, σ〉 →1 〈s′1 par s2, σ
′〉〈s1, σ〉 →1 σ′
〈s1 par s2, σ〉 →1 〈s2, σ′〉〈s2, σ〉 →1 〈s′2, σ′〉
〈s1 par s2, σ〉 →1 〈s1 par s′2, σ′〉
〈s2, σ〉 →1 σ′
〈s1 par s2, σ〉 →1 〈s1, σ′〉
Peter Muller—Semantics of Programming Languages, SS04 – p.131©Peter Müller 421
7. Programming Language Semantics 7.3 Small-step semantics
Example: Interleaving� The statement
x:=1 par x:=2; x:=x+2
could result in a state in which x has the value 4, 1,or 3- Execute x:=1, then x:=2, and then x:=x+2
- Execute x:=2, then x:=x+2, and then x:=1
- Execute x:=2, then x:=1, and then x:=x+2
� In a structural operational semantics we can easilyexpress interleaving of computations
Peter Muller—Semantics of Programming Languages, SS04 – p.132©Peter Müller 422
7. Programming Language Semantics 7.3 Small-step semantics
Example: Derivation Sequences〈x:=1 par x:=2; x:=x+2, σ〉 →1 〈x:=2; x:=x+2, σ[x 7→ 1]〉
→1 〈x:=x+2, σ[x 7→ 2]〉
→1 σ[x 7→ 4]
〈x:=1 par x:=2; x:=x+2, σ〉 →1 〈x:=1 par x:=x+2, σ[x 7→ 2]〉
→1 〈x:=1, σ[x 7→ 4]〉
→1 σ[x 7→ 1]
〈x:=1 par x:=2; x:=x+2, σ〉 →1 〈x:=1 par x:=x+2, σ[x 7→ 2]〉
→1 〈x:=x+2, σ[x 7→ 1]〉
→1 σ[x 7→ 3]
Peter Muller—Semantics of Programming Languages, SS04 – p.133©Peter Müller 423
7. Programming Language Semantics 7.3 Small-step semantics
Comparison: SummaryNatural Semantics
� Local variable declarationsand procedures can bemodeled easily
� No distinction betweenabortion and looping
� Non-determinismsuppresses looping (ifpossible)
� Parallelism cannot bemodeled
Structural Operational Semantics
� Local variable declarationsand procedures requiremodeling the execution stack
� Distinction between abortionand looping
� Non-determinism does notsuppress looping
� Parallelism can be modeled
Peter Muller—Semantics of Programming Languages, SS04 – p.134©Peter Müller 424
7. Programming Language Semantics 7.4 Denotational semantics
Section 7.4
Denotational semantics
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 425
7. Programming Language Semantics 7.4 Denotational semantics
Motivation
Goals of a semantics definition
• Semantics defines observational behavior
• Semantics defines an equivalence relation on programs:When are two programs considered to be equal?
• Semantics should also provide semantics of program parts:E.g.: When can a Java class be used for another class?
• Semantics should be defined compositional
ObservationsOperational semantics:
• often not sufficiently abstract and non-compositional
• often unclear how to handle program parts
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 426
7. Programming Language Semantics 7.4 Denotational semantics
package cells;
public interface Val{}
public class Cell {private Val vatt;public void set(Val v){
vatt = v;}public Val get() {
return vatt;}
}
package cells;
public interface Val {}
public class Cell {private Val v1, v2;private boolean f;public void set(Val v) {f = !f ;if (f) v1 = v;else v2 = v;
}public Val get() {return f ? v1 : v2;
}public Val getPrevious() {return f ? v2 : v1;
}}
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 427
7. Programming Language Semantics 7.4 Denotational semantics
Approach� Denotational semantics describes the effect of acomputation
� A semantic function is defined for each syntacticconstruct- maps syntactic construct to a mathematical object, often a
function- the mathematical object describes the effect of executing
the syntactic construct
Peter Muller—Semantics of Programming Languages, SS04 – p.195©Peter Müller 428
7. Programming Language Semantics 7.4 Denotational semantics
Compositionality� In denotational semantics, semantic functions aredefined compositionally
� There is a semantic clause for each of the basiselements of the syntactic category
� For each method of constructing a compositeelement (in the syntactic category) there is asemantic clause defined in terms of the semanticfunction applied to the immediate constituents ofthe composite element
Peter Muller—Semantics of Programming Languages, SS04 – p.196©Peter Müller 429
7. Programming Language Semantics 7.4 Denotational semantics
Examples� The semantic functions A : Aexp → State → Val andB : Bexp → State → Bool are denotational definitions
A[[x]]σ = σ(x)
A[[i]]σ = i for i ∈ ZA[[e1 op e2]]σ = A[[e1]]σ op A[[e2]]σ for op ∈ Op
B[[e1 op e2]]σ =
{tt if A[[e1]]σ op A[[e2]]σ
ff otherwise
Peter Muller—Semantics of Programming Languages, SS04 – p.197©Peter Müller 430
7. Programming Language Semantics 7.4 Denotational semantics
Counterexamples� The semantic functions SNS and SSOS are notdenotational definitions because they are not definedcompositionally
SNS : Stm → (State ↪→ State)
SNS[[s]]σ =
σ′ if 〈s, σ〉 → σ′
undefined otherwise
SSOS : Stm → (State ↪→ State)
SSOS[[s]]σ =
σ′ if 〈s, σ〉 →∗1 σ′
undefined otherwise
Peter Muller—Semantics of Programming Languages, SS04 – p.198©Peter Müller 431
7. Programming Language Semantics 7.4 Denotational semantics
Semantic Functions
� The effect of executing a statement is described bythe partial function SDS
SDS : Stm → (State ↪→ State)
� Partiality is needed to model non-termination
� The effects of evaluating expressions is defined bythe functions A and B
Peter Muller—Semantics of Programming Languages, SS04 – p.200©Peter Müller 432
7. Programming Language Semantics 7.4 Denotational semantics
Direct Style Semantics of IMP� skip does not modify the state
SDS[[skip]] = id
id : State → State
id(σ) = σ
� x:=e assigns the value of e to variable x
SDS[[x:=e]]σ = σ[x 7→ A[[e]]σ]
Peter Muller—Semantics of Programming Languages, SS04 – p.201©Peter Müller 433
7. Programming Language Semantics 7.4 Denotational semantics
Direct Style Semantics of IMP (cont’d)� Sequential composition s1;s2
SDS[[s1;s2]] = SDS[[s2]] ◦ SDS[[s1]]
� Function composition ◦ is defined in a strict way- If one of the functions is undefined on the given argument
then the composition is undefined
(f ◦ g)σ =
f(g(σ)) if g(σ) 6= undefined
and f(g(σ)) 6= undefined
undefined otherwise
Peter Muller—Semantics of Programming Languages, SS04 – p.202©Peter Müller 434
7. Programming Language Semantics 7.4 Denotational semantics
Direct Style Semantics of IMP (cont’d)� Conditional statement if b then s1 else s2 end
SDS[[if b then s1 else s2 end]] =cond(B[[b]],SDS[[s1]],SDS[[s2]])
� The function cond- takes the semantic functions for the condition and the two
statements- when supplied with a state selects the second or third
argument depending on the first
cond : (State → Bool)× (State ↪→ State)× (State ↪→ State) →
(State ↪→ State)
Peter Muller—Semantics of Programming Languages, SS04 – p.203©Peter Müller 435
7. Programming Language Semantics 7.4 Denotational semantics
Definition of cond
cond : (State → Bool)× (State ↪→ State)× (State ↪→ State)
→ (State ↪→ State)
cond(b, f, g)σ =
f(σ) if b(σ) = tt
and f(σ) 6= undefined
g(σ) if b(σ) = ff
and g(σ) 6= undefined
undefined otherwise
Peter Muller—Semantics of Programming Languages, SS04 – p.204©Peter Müller 436
7. Programming Language Semantics 7.4 Denotational semantics
Semantics of Loop: Observations� Defining the semantics of while is difficult� The semantics of while b do s end must be equal toif b then s;while b do s end else skip end
� This requirement yields:
SDS[[while b do s end]] =cond(B[[b]],SDS[[while b do s end]] ◦ SDS[[s]], id)
� We cannot use this equation as a definition becauseit is not compositional
Peter Muller—Semantics of Programming Languages, SS04 – p.205©Peter Müller 437
7. Programming Language Semantics 7.4 Denotational semantics
Functionals and Fixed Points
SDS[[while b do s end]] =cond(B[[b]],SDS[[while b do s end]] ◦ SDS[[s]], id)
� The above equation has the form g = F (g)- g = SDS[[while b do s end]]
- F (g) = cond(B[[b]], g ◦ SDS [[s]], id)
� F is a functional (a function from functions tofunctions)
� SDS[[while b do s end]] is a fixed point of thefunctional F
Peter Muller—Semantics of Programming Languages, SS04 – p.206©Peter Müller 438
7. Programming Language Semantics 7.4 Denotational semantics
Fixed Points: Examples� x is a fixed point of function f if f(x) = x holds
� Consider a function f : N → N- f(x) = x + 1 does not have a fixed point- f(x) = 0 has exactly one fixed point, 0
- f(x) = x2 has two fixed points, 0 and 1
- f(x) = x has an infinite number of fixed points
Peter Muller—Semantics of Programming Languages, SS04 – p.207©Peter Müller 439
7. Programming Language Semantics 7.4 Denotational semantics
Direct Style Semantics of IMP: Loops� Loop statement while b do s end
SDS[[while b do s end]] = FIX F
where F (g) = cond(B[[b]], g ◦ SDS[[s]], id)
� We write FIX F to denote the fixed point of thefunctional F :
FIX : ((State ↪→ State) → (State ↪→ State))
→ (State ↪→ State)
� This defintion of SDS[[while b do s end]] iscompositional
Peter Muller—Semantics of Programming Languages, SS04 – p.208©Peter Müller 440
7. Programming Language Semantics 7.4 Denotational semantics
Example� Consider the statement
while x # 0 do skip end
� The functional for this loop is defined by
F ′(g)σ = cond(B[[x#0]], g ◦ SDS[[skip]], id)σ
= cond(B[[x#0]], g ◦ id , id)σ
= cond(B[[x#0]], g, id)σ
=
{g(σ) if σ(x) 6= 0
σ if σ(x) = 0
Peter Muller—Semantics of Programming Languages, SS04 – p.209©Peter Müller 441
7. Programming Language Semantics 7.4 Denotational semantics
Example (cont’d)
� The function
g1(σ) =
{undefined if σ(x) 6= 0
σ if σ(x) = 0
is a fixed point of F ′
� The function g2(σ) = undefined is not a fixed point forF ′
Peter Muller—Semantics of Programming Languages, SS04 – p.210©Peter Müller 442
7. Programming Language Semantics 7.4 Denotational semantics
Well-Definedness
SDS[[while b do s end]] = FIX F
where F (g) = cond(B[[b]], g ◦ SDS[[s]], id)
� The function SDS[[while b do s end]] is well-definedif FIXF defines a unique fixed point for thefunctional F
- There are functionals that have more than one fixed point- There are functionals that have no fixed point at all
Peter Muller—Semantics of Programming Languages, SS04 – p.211©Peter Müller 443
7. Programming Language Semantics 7.4 Denotational semantics
Examples� F ′ from the previous example has more than onefixed point
F ′(g)σ =
g(σ) if σ(x) 6= 0
σ otherwise
- Every function g′ : State ↪→ State with g′(σ) = σ if σ(x) = 0 isa fixed point for F ′
� The functional F1 has no fixed point if g1 6= g2
F1(g) =
g1 if g = g2
g2 otherwise
Peter Muller—Semantics of Programming Languages, SS04 – p.212©Peter Müller 444
7. Programming Language Semantics 7.4 Denotational semantics
Fixed point theory for functions
Strict functionsLet D⊥ =def D ∪ {⊥} with ⊥ < D.A function f :: D⊥ ⇒ D⊥ is called strict iff f(⊥) = ⊥.
Complete partial order (CPO)Let D =def D⊥ ⇒ D⊥ be the set of all strict functions from D⊥ to D⊥ andf � g if f(x) = g(x) or f(x) = ⊥ .(D,�) is a pointed complete partial order (i.e., every chain in D has aleast upper bound and D has a least element)
Continuous functionsLet D be a CPO; a monotonic function F :: D ⇒ D is continuous iff forevery chain X in D:F(∨
X) =∨ {F(x) | x ∈ X }
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 445
7. Programming Language Semantics 7.4 Denotational semantics
Fixed point theorem
Fixed point theoremIf (D,�) is a pointed CPO andF :: D ⇒ D is continuous, then∨ {F i(⊥) | i ≥ 0 } is a fixed point of F
RemarksDenotational semantics for imperative programs
• are based on fixed point theory for function domains
• allow for compositional definitions and related proof techniques
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 446