programming language theory formal semantics
DESCRIPTION
Programming Language Theory Formal Semantics. Leif Grönqvist The national Graduate School of Language Technology (GSLT) MSI. Contents. Leif’s three parts of the course: Functional programming Logical programming Similar ways of thinking, but different from the imperative way - PowerPoint PPT PresentationTRANSCRIPT
Dec 16. 2003 Formal Semantics 1
Programming Language TheoryFormal Semantics
Leif Grönqvist•The national Graduate School of Language Technology (GSLT)
•MSI
Dec 16. 2003 Formal Semantics 2
Contents
Leif’s three parts of the course:
• Functional programming
• Logical programming
Similar ways of thinking, but different from the imperative way
• Formal semantics
Dec 16. 2003 Formal Semantics 3
Formal Semantics?
• You have seen informal semantics (meaning) earlier in the course
• Most languages don’t have a complete formal specification
• Why defining a formal specification?– Possibility to make proofs of programs– The compiler may be validated– Easier to build a compiler!
• No agreed standard to describe semantics
Dec 16. 2003 Formal Semantics 4
Principal methods• Operational semantics
– Define the language by describing its actions as operations of a machine
– The machine has to be precisely defined
• Denotational semantics– Uses mathematical functions on programs– Programs are translated into functions– Standard mathematical theory of functions is used
• Axiomatic semantics– Uses mathematical logic– Pre and post conditions– Aimed specifically at correctness proofs
Dec 16. 2003 Formal Semantics 5
Principal methods, cont.
• The three methods are based on BNF-rules (Backus-Naur Form)
• Syntax described in BNF – semantics is the rest, i.e. – Static types (could be syntax)– Semantic rules
• Important properties for the semantics:– Completeness: all correct programs will get semantics– Consistence: one program -> one unique description– Independence: should be minimal
Dec 16. 2003 Formal Semantics 6
A small example language
expr expr + term | expr - term | term
term term * factor | factor
factor ( expr ) | number
number number digit | digit
digit 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Example: 4 * (50 - 3)
Dec 16. 2003 Formal Semantics 7
Expand the example
• Let’s add variables, statements, and assignments:
factor ( expr ) | number | identifierprogram stmtListstmtList stmt ; stmtList | stmtstmt identifier := expridentifier identifier letter | letterletter a | b | c | … | z
Dec 16. 2003 Formal Semantics 8
Example of a programa := 2 + 3 ;b := a * 4 ;a := b - 5 ;• Will result in: b=20 and a=15• {b=20, a=15} represents the semantics of this
program– A function from the set of identifiers to integers– We will call this function an environment
Env (I) = 15 if I = a20 if I = bundef otherwise
Dec 16. 2003 Formal Semantics 9
Operations on environments
Env : Identifier Integer {undef}• Lookup: Env (I)• Adding: Env & {I = n}• The empty environment:
Env0(I) = undef for all I
• More complex environments include pointers, aliases, scope information
Dec 16. 2003 Formal Semantics 10
Expand a little bit more
• Let’s add if and while statements:
stmt assignStmt | ifStmt | whileStmtassignStmt identitfier := exprifStmt if expr then stmtList else stmtList fiwhileStmt while expr do stmtList od
• Expressions are True if the value > 0
Dec 16. 2003 Formal Semantics 11
An example
n := 0 - 5 ;if n then i := n else i := 0 - n fi ;f := 1 ;while i do
f := f * i ;i := i - 1
od• The semantics is {n=5, i=0, f=120}
Dec 16. 2003 Formal Semantics 12
An abstract syntax
• A simplified version of the syntax• Useful, since the parsing already done• The program is correct• To make it more compact we use:P: Program L: Statement listS: Statement E: ExpressionN: Number D: DigitI: Identifier A: Letter
Dec 16. 2003 Formal Semantics 13
The abstract syntax
P L
L L1 ; L2 | S
S I := E | if E then L1 else L2 fi | while E do L od
E E1 + E2 | E1 - E2 | E1 * E2 | ( E1 ) | N
N N1 D | D
D 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
I I1 A | A
A a | b | c | … | z
Dec 16. 2003 Formal Semantics 14
Abstract syntax, cont.
• Semantic rules are defined for each right-hand side in terms of the semantics for their parts
• Note that the indexes on the letters are important
• Important to distinguish between + and the ordinary +
• A rule will tell us to replace + by + later
Dec 16. 2003 Formal Semantics 15
Operational semantics
• Describes how a program is to be executed on a known machine
• If the machine is a computer, the operational semantics is a translator (compiler) from the language to machine code for the computer
• Fortran and C has been defined this way• The machine could also be an abstract machine,
simple enough to be understood and simulated by hand
Dec 16. 2003 Formal Semantics 16
A reduction machine
• Our example language may be translated to semantic values using reduction rules:
( 3 + 4 ) * 5 (add the numbers)(7) * 5 (drop parentheses)7 * 5 (multiply the numbers)35
• The rules are similar to logical inference rules
Dec 16. 2003 Formal Semantics 17
Logical inference rules
• The rules are written in the form:– premise
conclusion
• For example: a + b = c
b + a = c
a b, b c
a c
Dec 16. 2003 Formal Semantics 18
Logical inference rules, cont.
• If we don’t have a premise, the rule is called an axiom:
a + 0 = a
• Often written as: a + 0 = a
Dec 16. 2003 Formal Semantics 19
Reduction rules: arithmetics
• We have the following abstract semantics:
E E1 + E2 | E1 - E2 | E1 * E2 | ( E1 ) | N
N N1 D | DD 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9E: Expression, N: Number, D: Digit
• This may look complicated but we have to give the semantics somewhere
Dec 16. 2003 Formal Semantics 20
Reduction rules, cont.• First all the digits (axioms)
0 0, 1 1, …, 9 9 (rule 1)
• Numbers (rule 2):
V0 10*V, V1 10*V+1,…, V9 10*V+9
• And the operations (rule 3-6):
V1 + V2 V1 + V2 V1 - V2 V1 - V2
V1 * V2 V1 * V2 ( V ) V
Dec 16. 2003 Formal Semantics 21
Reduction rules, expressions
• Expressions may be reduced in steps if they contain of two expression with an operator between (rule 7-9)
E E1
E + E2 E1 + E2
E E1
E - E2 E1 - E2
E E1
E * E2 E1 * E2
Dec 16. 2003 Formal Semantics 22
Reduction rules, cont.
• If the left side of an operator has evaluated to a value, then evaluate the right side (rule 10-12):
E E1
V + E V + E1
E E1
V - E V - E1
E E1
V * E V * E1
Dec 16. 2003 Formal Semantics 23
Reduction rules, cont.
• Reduce the expression inside parentheses:
(rule 13)
• Transitivity – expressions may be evaluated in steps
(rule 14)
E E1
( E ) ( E1 )
E E1, E1 E2
E E2
Dec 16. 2003 Formal Semantics 24
Example of a reduction
• We start with the expression: 2 * (3 + 4) – 5 (rule 1, 7)2 * (3 + 4) – 5 (rule 1, 10)2 * (3 + 4) – 5 (rule 3)2 * (7) – 5 (rule 1, 12)2 * 7 – 5 (rule 5)14 – 5 (rule 11, 1)14 – 5 (rule 4)9
Dec 16. 2003 Formal Semantics 25
Adding environments
• Recall the rest of the abstract syntax:P LL L1 ; L2 | SS I := E | if E then L1 else L2 fi | while E do L odE E1 + E2 | E1 - E2 | E1 * E2 | ( E1 ) | NP: Program L: Statement listS: Statement E: Expression• We have to add an environment:
Env : Identifier Integer {undef}• It has to be updated in the reduction rules
Dec 16. 2003 Formal Semantics 26
Environments, cont.
• <E | Env> indicates that E evaluates in the environment Env
• Most rules do not change Env:
• If Env changes, we have a side effect
<E | Env> <E1 | Env> <E - E2 | Env> <E1 - E2 | Env>
Dec 16. 2003 Formal Semantics 27
Environments, cont.
• If I has the value V (rule 15):
• A rule for assignment (rule 16):
<I := V | Env> < | Env & {I = V}>
• Expressions in assignments (rule 17):
Env (I) = V <I | Env> <V | Env>
<E | Env> <E1 | Env> <I := E | Env> < | := E1 | Env>
Dec 16. 2003 Formal Semantics 28
Environments, cont.
• A statement sequence (rule 18):
• A program needs an empty environment (rule 19):
L <L | Env0>
<S | Env> < | Env1 > <S ; L | Env> < L | Env1>
Dec 16. 2003 Formal Semantics 29
A small example
• The program:
a := 2 + 3 ;
b := a * 4 ;
a := b - 5 ;
• Rule 19 gives:
a := 2 + 3 ; b := a * 4 ; a := b - 5 ;
< a := 2 + 3 ; b := a * 4 ; a := b - 5 | Env0>
Dec 16. 2003 Formal Semantics 30
Example, cont.
• Rules 3 gives:
< a := 2 + 3 | Env0> < a := 5 | Env0> • And rule 16, 17:
< a := 5 | Env0> < | Env0 & {a=5}> {a=5}• Rule 18:
< a := 2 + 3 ; b := a * 4 ; a := b - 5 | Env0>
<b := a * 4 ; a := b - 5 | {a=5} >
Dec 16. 2003 Formal Semantics 31
Example, cont.
• Rule 15, 9, 5, 16, 17:
<b := a * 4 | {a=5} > <b := 5 * 4 | {a=5} > <b := 20 | {a=5}> <| {a=5} & {b=20}> <| {a=5, b=20}• Rule 18:
<b := a * 4 ; a := b - 5 | {a=5} > <a := b – 5 | {a=5, b=20}>• And then:<a := b – 5 | {a=5, b=20}> <a := 15 | {a=5, b=20}> {a=5, b=20} & {a=15} = {a=15, b=20}
Dec 16. 2003 Formal Semantics 32
if and while statements
• Recall the abstract syntax:
S I := E | if E then L1 else L2 fi | while E do L od
I: Identifier L: Statement list
S: Statement E: Expression
• We need three rules for the if statement:
Dec 16. 2003 Formal Semantics 33
The if statement<E | Env> <E1 | Env>
<if E then L1 else L2 fi | Env>
<if E then L1 else L2 fi | Env>
V > 0
<if V then L1 else L2 fi | Env> <L1 | Env>
V ≤ 0
<if V then L1 else L2 fi | Env> <L2 | Env>
Dec 16. 2003 Formal Semantics 34
The while statement
<E | Env> <V | Env>, V ≤ 0
<while E do L od | Env> Env
<E | Env> <V | Env>, V > 0
<while E do L od | Env> <L ; while E do L od | Env>
• Note that the second rule is recursive!
Dec 16. 2003 Formal Semantics 35
A while example
i := 3; f := 1 ;while i do
f := f * i ;i := i - 1
od
<f := f * i | {i=3, f=1}> <f := 1 * 3 | {i=3, f=1}> <f := 3 | {i=3, f=1}> {i=3, f=3} and<i := i - 1 | {i=3, f=3}> {i=2, f=3}
Dec 16. 2003 Formal Semantics 36
A while example, cont.
< while i do f := f * i ; i := i - 1 od | {i=3, f=1}> <f := f * i ; i := i - 1 ; while i do f := f * i ; i := i - 1 od | {i=3, f=1}> <i := i - 1 ; while i do f := f * i ; i := i - 1 od | {i=3, f=3}> <while i do f := f * i ; i := i - 1 od | {i=2, f=3}> <f := f * i ; i := i - 1 ; while i do f := f * i ; i := i - 1 od | {i=2, f=3}> <i := i - 1 ; while i do f := f * i ; i := i - 1 od | {i=2, f=6}> <while i do f := f * i ; i := i - 1 od | {i=1, f=6}> <f := f * i ; i := i - 1 ; while i do f := f * i ; i := i - 1 od | {i=1, f=6}> <while i do f := f * i ; i := i - 1 od | {i=0, f=6}> {i=0, f=6}• And we are finally done!
Dec 16. 2003 Formal Semantics 37
Implementing operational semantics
• An “executable specification”• Gives us an interpreter• Now we can test the language before we implement a
real compiler• Easily done in Prolog!• 3 * (4 + 5) is represented as the fact:
times(3, plus(4, 5)).• a := 2 + 3 ; b:= a * 4 ; a := b - 5 becomes:
seq (assign (a, plus(2, 3)), seq (assign (b, times (a, 4)), assign (a, sub (b, 5)))).
• This is actually a tree
Dec 16. 2003 Formal Semantics 38
Implementing operational semantics, cont.
• Reduction rule #3 could look like:reduce (plus(V1, V2), R) :-
integer(V1), integer(V2), !, R in V1 + V2.• Rule #7 becomes:
reduce (plus (E, E2), plus (E1, E2)) :- reduce (E, E1).• Lookup in an environment (rule 15):reduce (config (I, Env), config (V, Env)) :-
atom (I), !, lookup (Env, I, V).• Update an environment (rule 16):reduce (config (assign (I, V), Env), Env1) :-
integer (V), !, update (Env, value (I, V), Env1).
Dec 16. 2003 Formal Semantics 39
Denotational semantics
• Now we will use functions to describe the semantics:Val: Expression Integer
• So Val (2 + 3 * 4) should be 14• Val maps a syntactic domain (the set of correct
arithmetic expressions) to a semantic domain (the set of integers)
• We need more function to cover the example language:P: Program (Input Output)
• Syntactic domain: The set of correct programs• Semantic domain: The set of functions that gives us the
correct answer from the possible inputs
Dec 16. 2003 Formal Semantics 40
Denotational semantics, cont.
• We need three parts– Definitions of the syntactic domains– Definitions of the semantic domains– Definitions of the semantic functions
• The syntactic domain looks almost like the abstract syntax:N N D | DD 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9N: Number, D: Digit
Dec 16. 2003 Formal Semantics 41
The Semantic domain
• A set that contains all answers to possible inputs• For the numbers, it’s just {0, 1, …}• The integers with its operations could look like:
Domain v: Integer = {…, -2, -1, 0, 1, 2, …}
Operations:
+ : Integer x Integer Integer
- : Integer x Integer Integer
* : Integer x Integer Integer
Dec 16. 2003 Formal Semantics 42
The Semantic function
• For each syntactic domain we need a semantic function, for example:
D: Digit Integer (defined by:)D[[0]] = 0, D[[1]] = 1, …, D[[9]] = 9
N: Number IntegerN[[ND]] = 10 * N[[N]] + N[[D]]N[[D]] = D[[D]]
Dec 16. 2003 Formal Semantics 43
Some more parts from the example
• The semantic functions for the arithmetics:E: Expression Integer
E[[E1 + E2]] = E[[E1]] + E[[E2]]
E[[E1 * E2]] = E[[E1]] * E[[E2]]E[[( E )]] = E[[E]]E[[N]] = N[[N]]etc.
• The complete example in section 13.3.4-13.3.5
Dec 16. 2003 Formal Semantics 44
Environments
• The environments forms a new semantic domainDomain Env: Environment =
Identifier Integer {undef}• And expressions:
E: Expression (Environment Integer┴• The identifier rule:E[[I]] (Env) = Env (I)
Dec 16. 2003 Formal Semantics 45
Statements
• Recall the syntactic domain:
S I := E | if E then L1 else L2 fi | while E do L odL: Statement list, S: Statement , E: Expression• And the semantic domain is:
S: Statement Environment Environment• The semantic function for the if-statement:
S [[if E then L1 else L2 fi]] (Env) =if E [[E]] (Env) > 0 then
L[[L1]](Env) else L[[L2]](Env)
Dec 16. 2003 Formal Semantics 46
Implementation• Denotational semantics fits very well into a functional
programming language• The abstract syntax may look like:data Expr = Val Int | Ident String | Plus Expr Expr | Minus
Expr Expr | Times Expr Expr• If we have implemented the environment with lookup and
insert the evaluation function may look like:exprE :: Expr -> Environment -> IntexprE (Plus e1 e2) env = (exprE e1 env) + (exprE e2 env)exprE (Minus e1 e2) env = (exprE e1 env) - (exprE e2 env)exprE (Times e1 e2) env = (exprE e1 env) * (exprE e2 env)exprE (Val n) env = nexprE (Ident a) env = lookup env a
Dec 16. 2003 Formal Semantics 47
Axiomatic semantics
• The basis for mathematical proofs of programs
• We define what should be true before and after the program is evaluated (sometimes called assertions):x := x + 1
• Precondition: {x = A}• Postcondition: {x = A+1}• This example works fine for all values A
Dec 16. 2003 Formal Semantics 48
Axiomatic semantics, cont.
• We have to make sure that A0{A0, y=A}x := 1 / y{x = 1 / y}• A sort example:{n≥1, if 1 ≤ i ≤ n then a [i] = A [i]}sort-program{sorted (a), permutation (a, A)}
Dec 16. 2003 Formal Semantics 49
Assertions
• Some languages have support for assertions, in C for example:
#include <assert.h>…assert (y != 0)x = 1/y;…• If y is 0 the program halts without executing the illegal
division:Assertion failed at test.c line 27: y != 0Exiting due to signal SIGABRT• Throwing exceptions in Java also works
Dec 16. 2003 Formal Semantics 50
The weakest precondition
• If we think of a program and its pre/post conditions as: {P} C {Q}
• Then the weakest precondition (wp) is the one that is:– Strong enough as a precondition– Not stronger than any of the other possible
preconditions• Example: for C= 1/y, y>0 or y<0 is enough but
y0 is weaker, and strong enough• One way to describe {P} C {Q} is:
{P} C {Q} iff P wp (C, Q)
Dec 16. 2003 Formal Semantics 51
Examples and properties of wp
• Some examples to get the idea:wp (“x:=1/y”, {x=1/y}) = {y0}wp (“x:=x+1”, {x=A}) = {x=A-1}• Some properties of wp:
– Law of excluded miracle: wp (C, false) = false– Distributive laws:
wp (C, P and Q) = wp (C, P) and wp (C, Q)wp (C, P) or wp (C, Q) wp (C, P or Q)
– Law of monotonicity: if Q R then wp (C, P) wp (C, R)
Dec 16. 2003 Formal Semantics 52
Use of wp in proofs
• So if we want to prove the correctness of a program C according to {P} C {Q}
• We have to prove that P wp (C, Q)
• Very difficult for most programs!
• Useful if correctness is extremely important and difficult to test, example:– The micro code in a processor– Programs in space crafts, power plants, etc.