hop operational semantics paris, february 23 rd tamara rezk indes team, inria

Hop Operational SemanticsParis, February 23rd

Tamara Rezk

Indes Team, INRIA

Hop Multi-tiers compiler

HOP multi-tiers compiler

Input: a web application written in a single homogenous language

scheme code and protocols over html (server code)

javascript (client code)SQL (server)

A precise Hop specification

• specifications are used to understand the meaning of programs

• In this lecture: a precise (mathematical) specification of the Hop programming language by means of operational semantics

Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct? (Dana Scott 1969)

Formal Semantics

• Denotational Semantics: programs are partial functions mapping initial states to final states (Strachey-Scott, domain theory)

Dana Scott, Turing Award 76

Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct?

Formal Semantics

• Axiomatic Semantics: programs are given specifications in e.g. first order logic and can be proven correct with respect to their spec. in the logic

Tony Hoare, Turing Award 80

“There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.”

Formal Semantics

• Structural Operational Semantics (also called “Transition semantics” or “small-step semantics”) Execution of a program can be foramlized as a sequence of configurations

Gordon Plotkin

Structural Operational Semantics

• Abstract grammar of the language

• Configurations and states

• Transition relation

Hop abstract grammar

(Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)

Hop semantics

We will study Hop semantics in layers: 1. Scheme subset of Hop

2. Distributed aspects of Hop (server+client)

3. Document Object Model (DOM) aspects of Hop

4. Same Origin Policy (SOP)

5. Access Control (AC) and semantics

Hop semantics

We will study Hop semantics in layers: 1. Scheme subset of Hop

2. Distributed aspects of Hop (server+client)

3. Document Object Model (DOM)aspects of Hop

4. Same Origin Policy (SOP)

5. Access Control (AC) and semantics

Hop abstract grammar

(Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)

1.Scheme abstract grammar

program or expression

e :: = x | w | (e0 e1) | (set! x e )

values

w:: = (lambda (x) e) | i | ( )

Scheme abstract grammar

program or expression

e :: = x | w | (e0 e1) | (set! x e )values

w:: = (lambda (x) e) | i | ( )

Example programs: (lambda (z) (lambda (y) (set! y z))) ((lambda (z) ((lambda (y) (set! y z)) 2)) 3)(lambda (z) ((lambda (y) (set! y z)) 2))

Structural Operational Semantics

• Abstract grammar of the language

• Configurations and states

• Transition relation

Scheme configurations

Abstract grammar:

e :: = x | w | (e0 e1) | (set! x e )w:: = (lambda (x) e) | i | ( )

Configurations are of the form: < e , μ >e expression μ environment or store, mapping variables to values

Scheme configurations

Configurations are of the form: < e , μ >e expression μ environment or store, mapping variables to values

Example of configuration:

< (set! x 3), { x 2, z 4} >

Scheme configurations

μ environment or store, mapping variables to values

In the store we will consider:

local variables (defined by lambda expressions)

global variables (already defined in the store before execution, in scheme #define )

Structural Operational Semantics

• Abstract grammar of the language

• Configurations and states

• Transition relation

The operational semantics is defined by a transition system (configurations, ).

The transition relation is defined by a set of semantics rules of the form:

constraints

_______________________

<conf0 > < conf1>

Transition relation

y not in dom(μ )_______________________

<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >

Transition relation

e :: = x | w | (e0 e1) | (set! x e )

w:: = (lambda (x) e) | i | ( )

μ (y ) = w_______________________

< y , μ > <w , μ >

Transition relation y not in dom(μ )

_______________________

<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >

Transition relation y not in dom(μ )

_______________________

<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >

Example of execution with 2 steps:<((lambda (x) x) 2), {z ->3} > < x{y/x}, {z ->3 , y -> 2} > < 2, {z ->3 , y -> 2} >

Transition relation y not in dom(μ )

_______________________

<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >

Exercise: give an execution for

<( (lambda (z) (lambda (y) y)) 2), {z -> 2}>

Transition relation y not in dom(μ )

_______________________

<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >

This rule is not enough: what happens if we want to reduce an application (e e’) where e’ is not a value?

((lambda (z) z) ((lambda (z) z) 3) )

We need to define contextual rules!!

Evaluation contextsE ::= [] | (E e) | (w E) | (set! x E)

((lambda (z) z) ((lambda (z) z) 3) )In this example:E = ((lambda (z) z) [] )

y not in dom(μ )_______________________

<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >

Evaluation contextsE ::= [] | (E e) | (w E) | (set! x E)

<((lambda (z) z) ((lambda (z) z) 3) ), {z 2} > <((lambda (z) z) y), {z 2, y 3} > <((lambda (z) z) 3), {z 2, y 3} > <((lambda (z) z) 3), {z 2, y 3, x 3} > < x, {z 2, y 3, x 3} < 3, {z 2, y 3, x 3}

y not in dom(μ )_______________________

<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >

μ (y ) = w_______________________

< E[y] , μ > <E[w] , μ >

Transition relation for Scheme subset y not in dom(μ )_______________________

<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >

x in dom(μ)_______________________

< E[(set! x w)] , μ > <E[()] , μ[x-> w] >

ExercisesFind executions for the following programs starting with store { z -> 5}

1. (set! z 3)

2. (((lambda (z) (lambda (y) (set! y z))) 2) 3)

3. ((lambda (z) ((lambda (y) (set! y z))) 2) 3)

4. (((lambda (x) (lambda (y) (set! x z))) 2) 3)

5. (set! z ((lambda (y) y) 2))

Hop semantics

We will study Hop semantics in layers: 1. Scheme subset of Hop

2. Distributed aspects of Hop (server+client)

3. Document Object Model (DOM) aspects of Hop

4. Same Origin Policy (SOP)

5. Access Control (AC) and semantics

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

E ::= [] | (E S) | (w E) | (set! x E) | (with-hop E s) | (with-hop w E)

Distribution aspects server/client

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Transition relation: service definition

INIT rule

• When a client enter a URL in a browser, the service bound to the URL will be invoked;

Bound url

New server thread

New client instance

Hop Compilation + Init and Invoke rule

46

ServerBytecode

ServerBytecode

ServerBytecode

ServerBytecode

HTML

CSS

JS

Client code

compiler

Client code

compiler

HTTP

Invoke

Access URLs

Server code

compiler

Server code

compiler

Generate

Code InjectionPrevention

Code InjectionPrevention

MashicCompilerMashic

Compiler

URL

URL

URL

URL

Transition relation: service invocation

Transition relation: service invocation

exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))) . Find a (partial) execution for s

Transition relation: service return

Transition relation: service invocation

Service return

Service return

exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))). Find an execution for sLet s be (service (z) ((lambda (y) y) 2)) . Find an execution for sLet s be (service (z) ~((lambda (y) y) 2)) . Find an execution for s

Hop semantics

We will study Hop semantics in layers: 1. Scheme subset of Hop

2. Distributed aspects of Hop (server+client)

3. Document Object Model (DOM) aspects of Hop

4. Same Origin Policy (SOP)

5. Access Control (AC) and semantics

HOP and DOM: Syntax

DOM: core Hop modified rules

Operation on DOM and contexts

HTML tags

DOM Operations

Example