semantics with applications [1ex] @let@token 2a. natural...

Semantics with Applications

2a. Natural Semantics

Hanne Riis Nielson, Flemming Nielson

(thanks to Henrik Pilegaard)

[SwA] Hanne Riis Nielson, Flemming NielsonSemantics with Applications: An AppetizerSpringer, 2007

1 / 38

Natural Semantics of StatementsReading material: Sections 2.0 and 2.1 of SwA

2 / 38

Specifying the Natural Semantics of Statements

I Natural semantics (NS): Given a statement and a state in which ithas to be executed, what is the resulting state (if it exists)

I Therefore the transition relation is written as follows, where S ∈ Stmand s, s ′ ∈ State:

〈S , s〉 → s ′

I We have two kinds of configurations:

〈S , s〉 statement S is to be executed from state ss representing a terminal (final) state

I Example:

〈if x ≤ 1 then x := 2 else skip, [x 7→ 0]〉 →

[x 7→ 2]

3 / 38


I Natural semantics (NS): Given a statement and a state in which ithas to be executed, what is the resulting state (if it exists)

I Therefore the transition relation is written as follows, where S ∈ Stmand s, s ′ ∈ State:

〈S , s〉 → s ′

I We have two kinds of configurations:

〈S , s〉 statement S is to be executed from state ss representing a terminal (final) state

I Example:

〈if x ≤ 1 then x := 2 else skip, [x 7→ 0]〉 → [x 7→ 2]

4 / 38

Natural semantics for While

5 / 38

The Axiom for Assignment

I The axiom [assns] says: the result of executing x := a in state s is thestate s updated such that x gets the value of a

I Recall: Value of a in state s computed by semantic function A[[a]]s

I [assns] is an “axiom schema” because x , a, s are meta-variables whichcan be instantiated to particular variables, arithmetic expressions, andstates

Assume x is instantiated to y, a to z + 1, and s0 = [y 7→ 1, z 7→ 2]An instance of [assns]:

〈x := a, s〉 → s[x 7→ A[[a]]s]

6 / 38






〈y := a, s〉 → s[y 7→ A[[a]]s]

7 / 38






〈y := z + 1, s〉 → s[y 7→ A[[z + 1]]s]

8 / 38






〈y := z + 1, s0〉 → s0[y 7→ A[[z + 1]]s0]

9 / 38

The Axiom for Skip

I The axiom [skipns] says: the result of executing skip in state s issimply the state s – i.e. no effect

Assume s is instantiated to s0 = [y 7→ 1, z 7→ 2]An instance of [skipns]:

〈skip, s〉 → s

10 / 38

The Axiom for Skip

I The axiom [skipns] says: the result of executing skip in state s issimply the state s – i.e. no effect

Assume s is instantiated to s0 = [y 7→ 1, z 7→ 2]An instance of [skipns]:

〈skip, s0〉 → s0

11 / 38

The Rule for Composition

I The rule [compns] says:the result of executing S1; S2 in a state s is obtained by firstexecuting S1 in s. In the resulting state s ′ we are then to execute S2to obtain the overall resulting state s ′′

12 / 38


I The definition of → is given by rules of the following form:

premises :

conclusion :

〈S1, s1〉 → s ′1 ... 〈Sn, sn〉 → s ′n〈S , s〉 → s ′

if ... : side condition

I S1, . . . ,Sn are the immediate constituents of S (or constructed fromthem)

I The notation with the solid line (above: premises, below: conclusion)

I We read it as “if the premises have been obtained (and in additionthe side condition allows the application of the rule), then theconclusion holds”

I A rule without premises is called an axiom (and we omit the solid line)

13 / 38

Building a Derivation Tree

I Result of executing skip; y := z + 1 in state s0 = [y 7→ 1, z 7→ 2]?

I skip; y := z + 1 has the form S1;S2: use the [compns] rule!

I Instantiate:

S1 = skip and S2 = y := z + 1 and s = s0

I Derive the premises:

I 〈skip, s0〉 → s0 is an instance of [skipns]

I 〈y := z + 1, s0〉 → s0[y 7→ 3] is an instance of [assns]

[compns]

[skipns]

〈S1, s〉 → s ′

[assns]

〈S2, s ′〉 → s ′′

s0[y 7→ 3]

〈S1;S2, s〉 → s ′′

s0[y 7→ 3]

14 / 38




I Instantiate: S1 = skip

and S2 = y := z + 1 and s = s0




[compns]

[skipns]

〈skip, s〉 → s ′

[assns]

〈S2, s ′〉 → s ′′

s0[y 7→ 3]

〈skip;S2, s〉 → s ′′

s0[y 7→ 3]

15 / 38




I Instantiate: S1 = skip and S2 = y := z + 1

and s = s0




[compns]

[skipns]

〈skip, s〉 → s ′

[assns]

〈y := z + 1, s ′〉 → s ′′

s0[y 7→ 3]

〈skip; y := z + 1, s〉 → s ′′

s0[y 7→ 3]

16 / 38




I Instantiate: S1 = skip and S2 = y := z + 1 and s = s0




[compns]

[skipns]

〈skip, s0〉 → s ′

[assns]

〈y := z + 1, s ′〉 → s ′′

s0[y 7→ 3]

〈skip; y := z + 1, s0〉 → s ′′

s0[y 7→ 3]

17 / 38





I Derive the premises:I 〈skip, s0〉 → s0 is an instance of [skipns]


[compns]

[skipns]〈skip, s0〉 → s0

[assns]

〈y := z + 1, s0〉 → s ′′

s0[y 7→ 3]

〈skip; y := z + 1, s0〉 → s ′′

s0[y 7→ 3]

18 / 38





I Derive the premises:I 〈skip, s0〉 → s0 is an instance of [skipns]


[compns]

[skipns]〈skip, s0〉 → s0[assns]〈y := z + 1, s0〉 → s0[y 7→ 3]

〈skip; y := z + 1, s0〉 → s0[y 7→ 3]

19 / 38

Derivation Trees

I When deriving a transition 〈S , s〉 → s ′, we build a derivation treeI The root of the tree is 〈S , s〉 → s ′

I The leaves of the tree are axioms

I The internal nodes are conclusions of instantiated rules

I To build a derivation tree, weI Start from the root

I Find out which rule is applicable, depending on the shape of thestatement and the side conditions

I Recursively build derivation trees for each of the premises of the rule,until leaves (axioms) are reached

20 / 38

The Rules for the if-Construct

I There are two rules: which one to apply depends on the side condition

I If B[[b]]s = tt, then we can apply rule [ifttns] which says that the resultis the resulting state when executing S1 (the ’then’-branch)

I If B[[b]]s = ff, then we can apply rule [ifffns] which says that the resultis the resulting state when executing S2 (the ’else’-branch)

21 / 38

The Rules for the while-Construct

I Again, two rules

I If B[[b]]s = tt, then we can apply rule [whilettns] which says

I first execute the body of the loop once

I then continue executing the loop from the state obtained

I If B[[b]]s = ff, then we can apply rule [whileffns] which says that the

execution terminates

Remark: In [whilettns], we specify the meaning of the while-construct using

the meaning of the very same construct – not a compositional definition!

22 / 38

Try It Out 1

I Notation: sij x = i and sij y = j , e.g. s30 = [x 7→ 3, y 7→ 0]

I Build a derivation tree for

〈y := 1; while ¬(x = 1) do (y := y ? x; x := x− 1), s30〉 → s

23 / 38

Try It Out 1

I Notation: sij x = i and sij y = j , e.g. s30 = [x 7→ 3, y 7→ 0]

I Build a derivation tree for

〈y := 1; while ¬(x = 1) do (y := y ? x; x := x− 1), s30〉 → s

24 / 38

Try It Out 2

Let S denote

n := 2; sum := 0; i := 1; while i ≤ n do (sum := sum + i ; i := i + 1)

Does the following hold?

〈S , [n 7→ −1, sum 7→ 15, i 7→ 26]〉 → [n 7→ 6, sum 7→ 3, i 7→ 7]

25 / 38

Termination and Looping

I We say that the execution of S from state sI terminates if and only if there is a state s ′ such that 〈S , s〉 → s ′

I loops if and only if there is no state s ′ such that 〈S , s〉 → s ′

I We say that a statement always terminates if its execution terminatesfor all choices of s

I Similarly we say that a statement always loops if its execution loopsfor all choices of s

26 / 38

Semantic Equivalence

I Having formally defined the semantics of a language allows us toargue about statements and their properties

DefinitionTwo statements S1 and S2 are semantically equivalent if for all states sand s ′

〈S1, s〉 → s ′ if and only if 〈S2, s〉 → s ′

27 / 38

Semantic Equivalence

Lemma (2.5)

The statement

while b do S (∗)

is semantically equivalent to

if b then (S ; while b do S) else skip (∗∗)

I The definition of semantic equivalence amounts to a bi-implication

I The proof therefore has two directions (“if and only if”):I “⇒” Two subcases: [whilett

ns] or [whileffns]

I “⇐” Two subcases: [ifttns] or [ifffns]

28 / 38

29 / 38

Induction on the Shape of Derivation Trees

I In the proof of the previous lemma we were inspecting the structureof the derivation tree for certain transitions

I This can be generalized to the following proof technique:

I Prove that the property holds for all the axioms

I Prove that the property holds for all other rules :I Assume that the property holds for its premises (this is called the

induction hypothesis, sometimes abbreviated IH)

I Prove that it holds for the conclusion (provided the side conditions aresatisfied)

30 / 38

Determinism

DefinitionThe natural semantics is deterministic if for all statements S and states s,s ′, and s ′′ we have that

〈S , s〉 → s ′ and 〈S , s〉 → s ′′ imply s ′ = s ′′

I This means that for every statement S and initial state s we canuniquely determine a final state s ′ (if the execution of S terminates)

Theorem (2.9)

The Natural Semantics of the While language is deterministic.

Proof: By induction on the shape of derivation trees.

31 / 38

32 / 38

33 / 38

34 / 38

35 / 38

Compositional Definitions

I Note: The previous theorem could not have been proved usingstructural induction!

I Reason: The semantics is not defined compositionally, as we notedearlier: in [whilett

ns], we specify the meaning of the while-constructusing the meaning of the very same construct

I This is why we had to introduce another proof principle, induction onthe shape of derivation trees, which is a kind of structural inductionfor derivation trees (base case: prove for simple trees, induction step:assumption for all the constituents (subtrees), then prove for thecomposite tree)

36 / 38

The Semantic Function for Statements

I The meaning of statements can be summarised as a partial functionfrom State to State

Sns : Stm→ (State ↪→ State)

I Partial function: not necessarily defined for all elements of the domain

I Definition:

Sns [[S ]]s =

{s ′ if 〈S , s〉 → s ′

undef otherwise

I Why do we need partiality? Because of non-terminating statementssuch as while true do skip

37 / 38

Summary

I Natural semantics of statements

I Proof technique: Induction on the shape of derivation trees

Exercise Class

I Exercises 2.3, 2.4, 2.6, 2.11, 2.12 from SwA.

38 / 38

semantics with applications [1ex] @let@token 2a. natural...

Documents