Formal Semantics of Programming Languages

虞慧群yhq@ecust.edu.cn

Topic 6: Advanced Issues

Motivation Specifying the semantics of real programming

languages is more difficult than IMP…

Language Features

o Higher order types

o Dynamic memory allocation

o Pointers

o Procedures and recursion

o Parameter passing

o Concurrency

Plan

Handling memory allocation (Ex 2) A simple parallel construct Guarded commands Concurrency with communication

Abstract Syntax for IMP++ L

X | L.car | L.cdr Aexp

a ::= n | L | cons(a, a) | nil | a0 + a1 | a0 – a1 | a0 a1

Bexp b ::= true | false | a0 = a1 | a0 a1 | b | b0 b1

| b0 b1

Com c ::= skip | L := a | c0 ; c1 | if b then c0 else c1

| while b do c

Extending the semantic domain

States cannot be mapping from variables to values Need a way to represent “sharing” Two level stores

= (env, store) env : Loc Val store=(Cells, car, cdr) car: Cells Val, cdr: Cells Val Val = Cells {nil} N

Extending the semantic relation

expressions <a, > 1 <a’, > What is the intermediate result of computing L-

value? (((X).cdr).car) Allow location expressions a cells

cons expressions modify the store

Expression rules (1) <n, > 1 <n, >

<nil, > 1 <nil, > <X, (e , s)> 1 <e(X), (e, s)> <L, (e, s) > 1 <L’, (e, s)> <L.sel, (e, s) > 1 <L’.sel, (e, s)> , sel {car, cdr}

s=(cells, car, cdr) and c cells, sel {car, cdr} and sel(c)=c’ <c.sel, (e, s) > 1 <c’, (e, s)>

Expression rules (2) <a0, > 1 <a0’, ’> <cons(a0, a1), > 1 <cons(a0’, a1), ’>

<a1, (e, s) > 1 <a1’, (e, s’)> s=(cells, car, cdr), c0Val <cons(c0+a1), (e, s)> 1 <cons(c0, a1’), (e, s’)>

s=(cells, car, cdr), ccells, c0, c1 Val<cons(c0, c1), (e, s) > 1 <c, (e, cells{c}, car[c0/c], cdr[c1/c])>

Boolean expressions(1)<t, > 1 <t, >, t {true, false}

<a0, > 1 <a0’, ’> <a0=a1, > 1 <a0’, ’>

<a1, (e, s)> 1 <a1’, (e, s’)>, s=(cells, car, cdr), c0Val <c0=a1, (e, s) > 1 <c0=a1’, (e, s’)>

s=(cells, car, cdr),c0, c1 Val, c0=c1<c0=c1, (e, s) > 1 <true, (e, s)>

s=(cells, car, cdr),c0, c1 Val, c0≠c1<c0=c1, (e, s) > 1 <false, (e, s)>

Commands(1)<skip, > 1 <a, (e, s) > 1 <a’, (e, s’)> X Loc

<X:=a, (e, s)> 1 <X:=a’, (e, s’)>

<X := c, (e, s) > 1 <(e[c/X], s)>, X Loc, cVal <a0, (e, s) > 1 <a0’,(e, s)>

<a0.car := a1, (e, s) >1 <a0’.car:=a1, (e, s)>

<a1, (e, s)> 1 <a1’, (e, s’)> s=(cells, car, cdr), c cells <c.car := a1, (e, s) >1 <(c.car :=a1’, (e, s’)>

s=(cells, car, cdr), c0 cells, c1 Val <c0.car := c1, (e, s) >1 <(e, (cells, car[c1/c0], cdr)

Commands (2)

<c0, > 1<c’0, ’> <c’0; c1, > 1<c’0;c1, ’>

<c0, > 1’, <c1, ’> 1’’ <c0; c1, > 1’’

<b, >1<true, ’>, <c0, ’> 1’’ <if b then c0 else c1, >1’’

<b, >1<false, ’>, <c1, ’> 1’’ <if b then c0 else c1, >1’’

<while b do c1, >1 <if b then (c1; while b do c) else skip, >

A Simple Parallel Construct

c0 || c1 Execute co and c1 in parallel (X := 1 || (X:=2 ; X := X + 1))

Natural Operational Semantics Small step rules

<c, > 1 <c’, >

Parallelism Introduces (Demonic) Nondeterminism

(X := 0 || X := 1);

if X = 0 then c0 else c1

Guarded Commands Com

c ::= skip | abort | X := a | c0 ; c1

| if gc fi | do gc od

GC gc ::= b c | gc0 gc1

if

X Y MAX := X

Y X MAX := Y

fi

do

X >Y X := X - Y

Y >X Y := Y - X

od

Rules for commands<skip, > 1 <a, > n <X:=a, > 1 [n/X] <c0, > 1 ’ <c0, > 1 <c’0, ’><c0;c1, >1 <c1, ’> <c0;c1, >1 <c’0; c1, ’>

<gc, > 1 <c, ’> <if gc fi, >1 <c, ’>

<gc, > 1 fail <gc, > 1 <c, ’><do gc od, >1 <do gc od, >1 <c’; do gc od, ’>

Rules for guarded commands<b, > true <bc, > 1 <c, > <gc0, > 1 <c, ’> <gc1, > 1 <c, ’><gc0gc1, >1 <c, ’> <gc0gc1, >1 <c, ’>

<b, > 1 false <gc0, > 1 fail <gc1, > 1 fail<bc, >1 fail <gc0 gc1, >1 fail

Example

do

X >Y X := X - Y

Y >X Y := Y - X

od

Communicating processes

Languages for modeling distributed systems CSP, Occam, Ada? Hoare, Milner

Support Parallelism Non-determinism Synchronization via communication

? X ! a

Communication Processes

Channel names , , Chan Input expression ? X where X Loc Output expressions ! A where a Aexp Commands

c::= skip | abort | X := a | ? X | ! A | c0 ; c1 |if gc fi | do gc od | c0 || c1 | c

Guarded commands gc ::= b c | b ? X c | b ! a c|

gc0 gc1

Examples

do (true ? X ! X) od

do (true ? X ! X) od ||

do (true ? Y ! Y) od ||

Examples

if (true ? X c0)

(true ? Y c1)

fi

if (true ? X; c0)

(true ? Y ;c1)

fi

Formal semantics

Need a way to model communication events <?X; c , >

Label transitions {? n | Chan & n N}

{! n | Chan & n N}

Conventions in formal semantics

Empty command * *; c c; * c || * * || c c * ; * (* ) *

1

=? n =! n =

Rules for commands<skip, > <a, > n <X:=a, > [n/X]

< ? X ; c, > ?n <c, [n/X]>

<a, > n < ! e ; c, > !n <c, >

<c0, > <c’0, ’>

<c0;c1, > <c’0; c1, ’>

Rules for commands(2)<gc, > fail <gc, > <c, ’><do gc od, > <do gc od, >

<c’; do gc od, ’>

<c0, > <c’0, ’> <c1 , > <c’1, ’><c0 || c1, > <c’0 || c1, ’> < c0 || c1, >

<c0 || c’1, ’>

<c0, > ?n <c’0, ’> <c1 , > !n <c’1, ><c0 || c1, > <c’0 || c’1, ’>

<c0, > ?n <c’0, ’> <c1 , > !n <c’1, ><c0 || c1, > <c’0 || c’1, ’>

Rules for commands(3)

<c, > <c’, ’><c , > <c , ’>

provided that ?n

and !n

Rules for guarded commands(1)

<b, > true <b, > false <bc, > <c, > <bc, > fail

<b, > false <b, > false <b ?X c, > fail <b !e c, > fail

<gc0, > fail <gc1, > fail <gc0 gc1, > fail

Rules for guarded commands(2)

<b, > true < b ?Xc, ?n <c, [n/X]>

<b, > true, <a, >n <b !a c, > !n <c, >

<gc0, > <c, ’> <gc1, > <c, ’><gc0gc1, > <c, ’> <gc0gc1, > <c, ’>

Uncovered

Calculus for Communicating Systems (CCS) A specification language The modal -calculus Local model checking

Summary

Writing a small step semantics for a real programming language is non-trivial

Small step semantics can model Nondeterminism Concurrency Failures

Guarded command is a powerful language construct

Exercise 6

(1)