0368 4479 httpwwwcstauacilmaonteaching20132014paavpaav1314bhtml Noam Rinetzky Lecture 4 Denotational Semantics Slides credit Roman Manevich Mooly Sagiv Eran ID: 260786
Download Presentation The PPT/PDF document "Program Analysis and Verification" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Program Analysis and Verification 0368-4479http://www.cs.tau.ac.il/~maon/teaching/2013-2014/paav/paav1314b.html
Noam RinetzkyLecture 4: Denotational Semantics
Slides
credit: Roman
Manevich
,
Mooly
Sagiv
,
Eran
YahavSlide2
Good mannersMobiles
2Slide3
AdminGradesFirst home assignment will be published on Tuesday(contents according to progress today)
Due lesson 6Scribes (this week)Scribes (next week)
From now on – in singles
3Slide4
What do we mean?P
syntax
semantics
P: x
7
4Slide5
Why formal semantics?Implementation-independent definition of a programming languageAutomatically generating interpreters (and some day maybe full fledged compilers)
Verification and debuggingif you don’t know what it does, how do you know its incorrect?5Slide6
Programming LanguagesSyntax “how do I write a program?”BNF“Parsing”
Semantics “What does my program mean?”…6Slide7
Program semanticsOperational: State-transformerDenotational: Mathematical objectsAxiomatic: Predicate-transformer
7Slide8
Denotational semanticsGiving mathematical models of programming languages
Meanings for program phrases (statements) defined abstractly as elements of some suitable mathematical structure.It is not necessary for the semantics to determine an implementation, but it should provide criteria for showing that an implementation is correctDana Scott 1980
8Slide9
Syntax: WhileAbstract syntax:
a ::= n | x |
a
1
+
a
2
|
a
1
a2 | a1
–
a2b
::= true
|
false
| a1
=
a
2
|
a
1
a
2 | b | b1 b2S ::= x := a | skip | S1; S2| if b then S1 else S2 | while b do S
9Slide10
Syntactic categoriesn Num
numeralsx Var program variablesa
Aexp
arithmetic expressions
b
Bexp
boolean expressions
S
Stm statements
10Slide11
Denotational semantics
A: Aexp (N)B: Bexp
(T)
S:
Stm
(
)
Defined by structural induction
A
a ,
B
b ,
Sns
S , S
sos
S
11Slide12
Semantic categoriesZ
Integers {0, 1, -1, 2, -2, …}T Truth values {ff, tt
}
State
Var
Z
Example state:
s=
[
x
5,
y
7, z0]
Lookup: s
x = 5
Update: s[
x6] = [
x6,
y7, z0]
12Slide13
Denotational Semantics
A “mathematical” semanticsS is a mathematical objectA fair amount of mathematics is
involved
Compositional
while
b
do
S
= F(
b
,
S)
Recall: More abstract and canonical than
Op. Sem.No notion of “execution”Merely definitionsNo small step vs. big
stepConcurrency is an issue
13
S
,
s
s
’,
while
b
do
S, s’ s’’while b do S, s s’’ if B b s =
ttSlide14
Denotational SemanticsDenotational
semantics is also calledFixed point semanticsMathematical semanticsScott-Strachey semanticsThe mathematical objects are called denotations
Denotation
: meaning
;
especially,
a direct specific meaning as distinct from an implied or associated
idea
Though we still maintain a
computational
intuition
14Slide15
Important featuresSyntax independence: The denotations of programs should not involve the syntax of the source language.Soundness: All observably distinct programs have distinct denotations;Full abstraction
: Two programs have the same denotations precisely when they are observationally equivalent.Compositionality15Slide16
PlanDenotational semantics of While (1st attempt)MathComplete
partial ordersMonotonicityContinuityDenotational semantics of while
16Slide17
Denotational semanticsA:
Aexp (N)B: Bexp (T)
S:
Stm
(
)
Defined by structural
induction
Compositional definition
17Slide18
Denotational semanticsA:
Aexp (N)B: Bexp (T)
S:
Stm
(
)
Defined by structural
induction
Compositional definition
18
A
a ,
B
b ,
S
ns
S , Ssos
S
Slide19
Denotational semantics of Aexp
A: Aexp (N)A
n = {(
, n) | }
A
X = {(
, X) | }
A
a
0
+a
1 = {(, n
0+n1) | (, n
0)Aa
0, (,n1)
Aa1
}
A a
0-a1 = {(, n0-n
1
) |
(
, n
0
)
A
a
0
, (
,n
1
)
A
a1}A a0a1 = {(, n0 n1) | (, n0)Aa0, (,n1)Aa1}Lemma: A a is a function19
Functions represented as sets of pairsSlide20
Denotational semantics of Aexp
with A: Aexp
(N)
A
n =
.n
A
X =
.(X)A
a0+a1 =
.(A a
0+Aa
1)
A
a0-a
1 = .(A a
0
-
A
a
1
)
A
a
0
a
1 = .(A a0 Aa1)20Functions represented as lambda expressionsSlide21
Denotational semantics of Bexp
B: Bexp (T)
B
true = {(
, true) | }
B
false = {(
, false) | }
B
a
0
=a
1 = {(, true) | & Aa0
=Aa1
}
{(, false) | &
Aa0
A
a1 }B
a
0
a
1
= {(
, true) | &
A
a
0
A
a1 } {(, false) | & Aa0Aa1 }B b = {(, T t) | , (, t) Bb} B b0b1 = {(, t0 Tt1) | , (, t0) Bb0, (, t1) Bb1 }B b0b1 = {(, t0 Tt1
) | , (, t
0
)
B
b
0
, (, t
1
)
B
b
1
}
Lemma:
B
b
is a function
21Slide22
Denotational semantics of statements?Intuition:
Running a statement s starting from a state yields another state ’Can we define S
s as a function that maps
to
‘
?
S
.:
Stm
(
)22Slide23
Denotational semantics of commands?Problem: running a statement might not yield anything if the statement does not terminate
Solution: a special element to denote a special outcome that stands for non-termination
For any set X, we write X
for X {
}
Convention:
whenever f X X
we extend f to X
X
“strictly” so that f() =
23Slide24
Denotational semantics of statements?We try:S
. : Stm (
)
S
skip
=
S
s
0
; s
1
= S s1 (S
s0
)S
if b then s0 else s
1
= if
Bb then S
s
0
else S
s
1
24Slide25
ExamplesS X:= 2; X:=1= [X
1]S if true then X:=2; X:=1 else …
=
[X
1
]
The
semantics does not care about intermediate states
So far, we did not explicitly need
25Slide26
Denotational semantics of loops?S
while b do s = ?
26Slide27
Denotational semantics of loops?
Goal: Find a function from states to states such which defines the meaning of WIntuition: while b do s
if
b then (s; while b do s) else skip
27Slide28
Denotational semantics of loops?
Goal: Find a function from states to states such which defines the meaning of WIntuition: Swhile
b do s
=
S
if
b then (s; while b do s) else skip
28Slide29
Denotational semantics of loops?
Goal: Find a function from states to states such which defines the meaning of WIntuition: Swhile
b do s
=
S
if
b then (s; while b do s) else skip
29Slide30
Denotational semantics of loops?Abbreviation W=S
while b do sSolution 1: W() = if B
b
then W(S
s
)
else
Unacceptable
solutionDefines W in terms of itselfIt not evident that a suitable W exists
It may not describe W uniquely (e.g., for while true do skip)30Slide31
Denotational semantics of loops?Goal: Find a function from states to states such which defines the meaning of W
Approach: Solve domain equation Swhile b do s
=
S
if
b then (s; while b do s) else skip
31Slide32
Introduction to Domain TheoryWe will solve the unwinding equation through a general theory of recursive equationsThink of programs as processors of streams of bits (streams of 0
’s and 1’s, possibly terminated by $)What properties can we expect?
input
output
32Slide33
MotivationLet “isone” be a function that must return
“1$” when the input string has at least a 1 and “0$” otherwiseisone(00…0$) = 0$
isone
(xx…1…$) =1$
isone
(0…0) =?
Monotonicity
: in terms of information
Output
is never retracted
More information about the input is reflected in more information about the output
How do we express monotonicity precisely?
33Slide34
MontonicityDefine a partial orderx
yA partial order is reflexive, transitive, and anti-symmetricy is a refinement of x“more precise”
For streams of bits x
y when x is a prefix of y
For programs, a typical order is:
No output (yet)
some output
34Slide35
MontonicityA set equipped with a partial order is a poset
Definition: D and E are postesA function f: D E is monotonic
if
x, y D: x
D
y
f(x)
E
f(y)
The semantics of the program ought to be a monotonic function
More information about the input leads to more information about the output
35Slide36
Montonicity ExampleConsider our
“isone” function with the prefix orderingNotation:0k is the stream with k consecutive 0’
s
0
is the infinite stream with only 0
’
s
Question (revisited): what is
isone
(0
k
)?By definition,
isone(0k$) = 0$ and isone(0k
1$) = 1$But 0k 0k$ and 0k
0 k1$“
isone” must be monotone, so:isone( 0k
) isone
( 0k$) = 0$isone
( 0k )
isone( 0k1$) = 1$Therefore, monotonicity requires that isone(0k
) is a common prefix of 0$ and 1$, namely
36Slide37
MotivationAre there other constraints on “isone”
?Define “isone” to satisfy the equationsisone()=
isone
(1s)=1$
isone
(0s)=
isone
(s)
isone
($)=0$
What about 0
?
Continuity
:
finite output depends only on finite input (no infinite lookahead)Intuition: A program that can produce observable results can do it in a finite time
37Slide38
ChainsA chain is a countable increasing sequence<xi
> = {xi X | x0 x1
… }
An
upper bound
of a set if an element
“
bigger
”
than all elements in the set
The
least upper bound
is the “smallest
” among upper bounds:xi <x
i> for all i N<xi
> y for all upper bounds y of <xi
> and it is unique if it exists
38Slide39
Complete Partial OrdersNot every poset has an upper boundwith
n and nn for all n N{1, 2} does not have an upper boundSometimes chains have no upper bound
0 1 2 …
2
1
0
The chain
0
1
2
…
does not have an upper bound
39Slide40
Complete Partial OrdersIt is convenient to work with posets where every chain (not necessarily every set) has a least upper boundA partial order P is
complete if every chain in P has a least upper bound also in P We say that P is a complete partial order (cpo)A cpo with a least (
“
bottom
”
) element
is a
pointed
cpo
(
pcpo
)
40Slide41
Examples of cpo’sAny set P with the order x
y if and only if x = y is a cpoIt is discrete or flatIf we add so that
x for all x
P, we get a flat pointed
cpo
The set N with
is a
poset
with a bottom, but not a complete one
The set N
{
} with n is a pointed cpo
The set N with is a cpo without bottomLet S be a set and P(S) denotes the set of all subsets of S ordered by set inclusionP(S) is a pointed
cpo41Slide42
Constructing cposIf D and E are pointed cpos, then so is
D × E(x, y) D×E (x’, y’) iff x
D
x
’
and
y
E
y
’
D×E
= (D
, E ) (x i
, y i ) = ( D x i ,
E y i)
42Slide43
Constructing cpos (2)If S is a set of E is a pcpos, then so is S E
m m’ iff s S: m(s) E
m
’
(s)
S
E
=
s.
E
(m , m’
) = s.m(s)
E m’(s)43Slide44
ContinuityA monotonic function maps a chain of inputs into a chain of outputs:x0
x1 … f(x0) f(x1
)
…
It is always true that:
i
<f(x
i
)>
f(
i <x
i>)Butf(i
<xi>) i <f(xi)>
is not always true
44Slide45
A Discontinuity Example
3
2
1
0
1
f(
i
<x
i
>)
i <f(x
i
)>
45Slide46
ContinuityEach f(xi) uses a “finite”
view of the inputf(<xi> ) uses an “infinite” view of the inputA function is
continuous
when
f(
<
xi>)
=
i
<f(x
i
)>The output generated using an infinite view of the input does not contain more information than all of the outputs based on finite inputs
46Slide47
ContinuityEach f(xi) uses a “finite”
view of the inputf(<xi> ) uses an “infinite” view of the inputA function is
continuous
when
f(
<
xi>)
=
i
<f(x
i
)>The output generated using an infinite view of the input does not contain more information than all of the outputs based on finite inputsScott’s
thesis: The semantics of programs can be described by a continuous functions47Slide48
Examples of Continuous Functions For the partial order ( N {
}, )The identity function is continuousid(n
i
)
=
id(
n
i
)
The constant function
“
five(n)=5” is continuousfive(
ni) =
five(ni )If isone(0
) = then isone is continuos
For a flat cpo A, any monotonic function
f: A
A
such that f is strict is continuous
Chapter 8 of the Wynskel textbook includes many more continuous functions
48Slide49
Fixed PointsSolve equation:
where W:∑ ∑
; W
=
Swhile
be do s
Alternatively, W = F(W) where:
F(
W)
= .
W(Ss
)
if
Bb
(
)=true
W(
) =
if
Bb
(
)=false
if Bb()= 49{ W(Ss ) if Bb()=true if Bb()=false if Bb()= { Slide50
Fixed Point (cont)Thus we are looking for a solution for W = F( W)
a fixed point of FTypically there are many fixed pointsWe may argue that W ought to be continuousW [∑
∑
]
Cut the number of solutions
We will see how to find the least fixed point for such an equation provided that F itself is continuous
50Slide51
Fixed Point TheoremDefine Fk =
x. F( F(… F( x)…)) (F composed k times)If D is a pointed cpo and F : D D is continuous, then
for any fixed-point x of F and k
N
F
k
(
)
x
The least of all fixed points is
k Fk
()Proof:By induction on k.Base: F
0 ( ) =
xInduction step: Fk+1
( ) = F( F
k ( ))
F( x) = xIt suffices to show that
k Fk () is a fixed-point
F(
k
F
k
(
)) =
k
F
k+1
( ) = k Fk ()51Slide52
Fixed-Points (notes)If F is continuous on a pointed cpo, we know how to find the least fixed pointAll other fixed points can be regarded as refinements of the least one
They contain more information, they are more preciseIn general, they are also more arbitrary52Slide53
Fixed-Points (notes)If F is continuous on a pointed cpo, we know how to find the least fixed pointAll other fixed points can be regarded as refinements of the least one
They contain more information, they are more preciseIn general, they are also more arbitraryThey also make less sense for our purposes
53Slide54
Denotational Semantics of While∑
is a flat pointed cpoA state has more information on non-terminationOtherwise, the states must be equal to be comparable (information-wise)We want strict functions
∑
∑
therefore
, continuous
functions
The
partial order on
∑
∑
f g iff
f(x) = or f(x) = g(x) for all x
∑
g terminates with the same state whenever f terminatesg might terminate for more inputs
54Slide55
Denotational Semantics of WhileRecall that W is a fixed point ofF:[[∑
∑]
[
∑
∑
]]
F is continuous
Thus
, we
set
S
while
b do c = F
k(
)
Least fixed pointTerminates least often of all fixed points
Agrees on terminating states with all fixed point
w
(Ss(
))
if
Bb
(
)=true
F(w
) = .
if Bb()=false if Bb()= 55{ Slide56
Denotational Semantics of WhileS skip = .
S X := exp = .[X Aexp
]
S
s
0
; s
1
=
. S s
1 (S s
0 )
S if b then s0
else s1
=
. if
Bb then S
s
0
else S
s
1
S
while b do s
= Fk() k=0, 1, … F = w. . if Bb()=true w(Ss()) else 56Slide57
Example(1)while true do skipF:[[∑
∑][∑
∑
]]
w
(Ss(
))
if
Bb
(
)=true
F
= w..
if
Bb
(
)=false
if
Bb
(
)=
Btrue
=.true
Sskip
=
.
F =
w..w()
F
0
(
)=
F
1
(
) =
F
2
(
) =
=
57
{ Slide58
Example(2)while false do sF:[[∑
∑][∑
∑
]]
Bfalse
=
.false
F =
w..
F
0
(
)=
F
1
(
) = .
F
2
(
) = .
=
.
58
w
(Ss(
))
if
Bb
(
)=true
F
= w..
if
Bb
(
)=false
if
Bb
(
)=
{ Slide59
Example(3) while x
3 do x = x -1 = Fk(
) k=0, 1, … where
F =
w.
.
if
(x)3 w
(
[x
(x) -1]) else
F
0
(
)
F
1
(
)
if
(x)3
(
[x
(x) -1]) else
if
(x)3 then
else
F
2
(
)
if
(x)3 then F
1
(
[x
(x) -1] ) else
if
(x)3 then (if [x
(x) -1] x 3 then
else
[x
(x) -1] ) else
if
(x)3 (if (x) 4 then
else
[x
(x) -1] ) else
if
(x) {3, 4} then [x
3] else
F
k
(
)
lfp(F)
if
(x) {3, 4, …k} then [x
3] else
if
(x) 3 then [x
3] else
59Slide60
Example 4 Nested Loops
P
==
Z := 0 ;
while X > 0 do (
Y := X;
while (Y>0) do
Z := Z + Y ;
Y: = Y- 1; )
X = X – 1
)
60Slide61
Example 4 Nested Loops
P
==
Z := 0 ;
while X > 0 do (
Y := X;
while (Y>0) do
Z := Z + Y ;
Y: = Y- 1; )
X = X – 1
)
sinner-loop
=
[Y
0][Z
(Z)+(Y) * ((Y)+1)/2]
if
(Y)0
if
(Y)<0
souter-loop
=
[Y
0]
[
X
0]
[Z
(Z)+(X) ((X) + 1) (1 + (2(X) + 1)/3)/4 ]
if
(X)0
if
(X)<0
sS=
[Y
0]
[
X
0]
[Z
(X) ((X) + 1) (1 + (2(X) + 1)/3)/4 ]
if
(X)0
if
(X)<0
61
{
{
{ Slide62
Equivalence of Semantics, ’:
’=Ss<s, > ’ <s, >* ’
62Slide63
Complete Partial OrdersLet (D, ) be a partial orderD is a
complete lattice if every subset has both greatest lower bounds and least upper bounds
63Slide64
Knaster-Tarski TheoremLet f: L L be a monotonic function on a complete lattice L
The least fixed point lfp(f) existslfp(f) = {x L: f(x)x}
64Slide65
Fixed PointsA monotone function f: L L where
(L, , , , , ) is a complete latticeFix(f) = { l: l L, f(l) = l}Red(f) = {l: l L, f(l) l}Ext(f) = {l: l L, l f(l)}
l
1
l
2
f(
l
1
)
f(l2 )
Tarski’s Theorem 1955: if f is monotone then:
lfp(f) = Fix(f) = Red(f) Fix(f) gfp(f) = Fix(f) = Ext(f) Fix(f)
f()
f()
f
2
()
f
2
()
Fix(f)
Ext(f)
Red(f)
gfp
(f)
lfp
(f)
65Slide66
SummaryDenotational definitions are not necessarily better than operational semantics, and they usually require more mathematical workThe mathematics may be done once and for all
The mathematics may pay off:Some of its techniques are being transferred to operational semantics.It is trivial to prove thatIf B
b
1
= B
b
2
and C
c
1 = C
c2 Then
Cwhile b1 do c1 =
Cwhile b2
do c2
compare with the operational semantics
66Slide67
SummaryDenotational semantics provides a way to declare the meaning of programs in an abstract wayside-effectsloopsRecursion
Gotosnon-determinismBut not low level concurrencyFixed point theory provides a declarative way to specify computationsMany usages
67Slide68
The End68