hop operational semantics paris, february 23 rd tamara rezk indes team, inria
TRANSCRIPT
Hop Operational SemanticsParis, February 23rd
Tamara Rezk
Indes Team, INRIA
Hop Multi-tiers compiler
HOP multi-tiers compiler
Input: a web application written in a single homogenous language
scheme code and protocols over html (server code)
javascript (client code)SQL (server)
A precise Hop specification
• specifications are used to understand the meaning of programs
• In this lecture: a precise (mathematical) specification of the Hop programming language by means of operational semantics
Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct? (Dana Scott 1969)
Formal Semantics
• Denotational Semantics: programs are partial functions mapping initial states to final states (Strachey-Scott, domain theory)
Dana Scott, Turing Award 76
Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct?
Formal Semantics
• Axiomatic Semantics: programs are given specifications in e.g. first order logic and can be proven correct with respect to their spec. in the logic
Tony Hoare, Turing Award 80
“There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.”
Formal Semantics
• Structural Operational Semantics (also called “Transition semantics” or “small-step semantics”) Execution of a program can be foramlized as a sequence of configurations
Gordon Plotkin
Structural Operational Semantics
• Abstract grammar of the language
• Configurations and states
• Transition relation
Hop abstract grammar
(Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM) aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM)aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
Hop abstract grammar
(Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)
1.Scheme abstract grammar
program or expression
e :: = x | w | (e0 e1) | (set! x e )
values
w:: = (lambda (x) e) | i | ( )
Scheme abstract grammar
program or expression
e :: = x | w | (e0 e1) | (set! x e )values
w:: = (lambda (x) e) | i | ( )
Example programs: (lambda (z) (lambda (y) (set! y z))) ((lambda (z) ((lambda (y) (set! y z)) 2)) 3)(lambda (z) ((lambda (y) (set! y z)) 2))
Structural Operational Semantics
• Abstract grammar of the language
• Configurations and states
• Transition relation
Scheme configurations
Abstract grammar:
e :: = x | w | (e0 e1) | (set! x e )w:: = (lambda (x) e) | i | ( )
Configurations are of the form: < e , μ >e expression μ environment or store, mapping variables to values
Scheme configurations
Configurations are of the form: < e , μ >e expression μ environment or store, mapping variables to values
Example of configuration:
< (set! x 3), { x 2, z 4} >
Scheme configurations
μ environment or store, mapping variables to values
In the store we will consider:
local variables (defined by lambda expressions)
global variables (already defined in the store before execution, in scheme #define )
Structural Operational Semantics
• Abstract grammar of the language
• Configurations and states
• Transition relation
The operational semantics is defined by a transition system (configurations, ).
The transition relation is defined by a set of semantics rules of the form:
constraints
_______________________
<conf0 > < conf1>
Transition relation
y not in dom(μ )_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Transition relation
e :: = x | w | (e0 e1) | (set! x e )
w:: = (lambda (x) e) | i | ( )
μ (y ) = w_______________________
< y , μ > <w , μ >
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Example of execution with 2 steps:<((lambda (x) x) 2), {z ->3} > < x{y/x}, {z ->3 , y -> 2} > < 2, {z ->3 , y -> 2} >
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
Exercise: give an execution for
<( (lambda (z) (lambda (y) y)) 2), {z -> 2}>
Transition relation y not in dom(μ )
_______________________
<((lambda (x) e) w), μ > < e{y/x}, μ U {y -> w} >
This rule is not enough: what happens if we want to reduce an application (e e’) where e’ is not a value?
((lambda (z) z) ((lambda (z) z) 3) )
We need to define contextual rules!!
Evaluation contextsE ::= [] | (E e) | (w E) | (set! x E)
((lambda (z) z) ((lambda (z) z) 3) )In this example:E = ((lambda (z) z) [] )
y not in dom(μ )_______________________
<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >
Evaluation contextsE ::= [] | (E e) | (w E) | (set! x E)
<((lambda (z) z) ((lambda (z) z) 3) ), {z 2} > <((lambda (z) z) y), {z 2, y 3} > <((lambda (z) z) 3), {z 2, y 3} > <((lambda (z) z) 3), {z 2, y 3, x 3} > < x, {z 2, y 3, x 3} < 3, {z 2, y 3, x 3}
y not in dom(μ )_______________________
<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >
μ (y ) = w_______________________
< E[y] , μ > <E[w] , μ >
Transition relation for Scheme subset y not in dom(μ )_______________________
<E[((lambda (x) e) w)], μ > < E[e{y/x}], μ U {y -> w} >
x in dom(μ)_______________________
< E[(set! x w)] , μ > <E[()] , μ[x-> w] >
ExercisesFind executions for the following programs starting with store { z -> 5}
1. (set! z 3)
2. (((lambda (z) (lambda (y) (set! y z))) 2) 3)
3. ((lambda (z) ((lambda (y) (set! y z))) 2) 3)
4. (((lambda (x) (lambda (y) (set! x z))) 2) 3)
5. (set! z ((lambda (y) y) 2))
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM) aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
Hop distribution: Abstract grammar
Hop distribution: Abstract grammar
Hop distribution: Abstract grammar
Hop distribution: Abstract grammar
Hop distribution: Abstract grammar
Hop distribution: Abstract grammar
E ::= [] | (E S) | (w E) | (set! x E) | (with-hop E s) | (with-hop w E)
Distribution aspects server/client
Core Hop configuration
Core Hop configuration
Core Hop configuration
Core Hop configuration
Core Hop configuration
Core Hop configuration
Core Hop configuration
Transition relation: service definition
INIT rule
• When a client enter a URL in a browser, the service bound to the URL will be invoked;
Bound url
New server thread
New client instance
Hop Compilation + Init and Invoke rule
46
ServerBytecode
ServerBytecode
ServerBytecode
ServerBytecode
HTML
CSS
JS
Client code
compiler
Client code
compiler
HTTP
Invoke
Access URLs
Server code
compiler
Server code
compiler
Generate
Code InjectionPrevention
Code InjectionPrevention
MashicCompilerMashic
Compiler
URL
URL
URL
URL
Transition relation: service invocation
Transition relation: service invocation
exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))) . Find a (partial) execution for s
Transition relation: service return
Transition relation: service invocation
Service return
Service return
exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))). Find an execution for sLet s be (service (z) ((lambda (y) y) 2)) . Find an execution for sLet s be (service (z) ~((lambda (y) y) 2)) . Find an execution for s
Hop semantics
We will study Hop semantics in layers: 1. Scheme subset of Hop
2. Distributed aspects of Hop (server+client)
3. Document Object Model (DOM) aspects of Hop
4. Same Origin Policy (SOP)
5. Access Control (AC) and semantics
HOP and DOM: Syntax
DOM: core Hop modified rules
Operation on DOM and contexts
HTML tags
DOM Operations
Example