Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Midlands Graduate School, University of Birmingham, April 2008 1'
&
$
%
Operational Semantics
Abstract Machines
and
Correctness
Roy L. Crole
University of Leicester, UK
Midlands Graduate School, University of Birmingham, April 2008 2'
&
$
%
Introduction
By the end of this introduction, you should be able to
ďż˝ briefly explain the meaning of syntax and semantics;
ďż˝ give a snap-shot overview of the course;
ďż˝ explain what inductively defined sets are; and
ďż˝ do simple rule inductions.
Midlands Graduate School, University of Birmingham, April 2008 3'
&
$
%
Whatâs Next? Background
ďż˝ What is a Programming Language?
ďż˝ What is Syntax?
ďż˝ What is Semantics?
Midlands Graduate School, University of Birmingham, April 2008 4'
&
$
%
Some Answers
ďż˝ Programming Languages are formal languages used to
âcommunicateâ with a âcomputerâ.
ďż˝ Programming languages may be âlow levelâ. They give
direct instructions to the processor (instruction set
architecture).
ďż˝ Or âhigh levelâ. The instructions are indirectâbeing
(eg) compiled for the processorâbut much closer to
concepts understood by the user (Java, C++, . . . ).
Midlands Graduate School, University of Birmingham, April 2008 5'
&
$
%
ďż˝ Syntax refers to particular arrangements of âwords
and lettersâ eg David hit the ball or
if t > 2 then H = Off.
ďż˝ A grammar is a set of rules which can be used to
specify how syntax is created.
ďż˝ Examples can be seen in automata theory, or
programming manuals.
ďż˝ Theories of syntax and grammars can be
developedâideas are used in compiler construction.
Midlands Graduate School, University of Birmingham, April 2008 6'
&
$
%
ďż˝ Semantics is the study of âmeaningâ.
ďż˝ In particular, syntax can be given meaning. The word
run can mean
⢠execution of a computer program,
⢠spread of ink on paper, . . .
ďż˝ Programming language syntax can be given a
semanticsâat least in theory!. We need this to write
meaningful programs . . .
Midlands Graduate School, University of Birmingham, April 2008 7'
&
$
%
Semantic descriptions are often informal. Consider
while (expression) command ;
adapted from Kernighan and Ritchie 1978/1988, p 224:
The command is executed repeatedly so long as the value
of the expression remains unequal to 0; the expression must
have arithmetic or pointer type. The execution of the (test)
expression, including all side effects, occurs before each
execution of the command.
We want to be more precise, more succinct.
Midlands Graduate School, University of Birmingham, April 2008 8'
&
$
%
Top Level view of Course
ďż˝ Define syntax for programs P and types Ď ;
ďż˝ (define type assignments P : : Ď );
ďż˝ define operational semantics looking like
(P , s) â (V , sâ˛) P âV ;
ďż˝ and compile P and V to abstract machine instructions
P 7â [[P]] and V 7â (|V |)
ďż˝ Then prove correctness: P âV iff [[P]] 7âât (|V|)
Midlands Graduate School, University of Birmingham, April 2008 9'
&
$
%
Whatâs Next? Inductively Defined Sets
ďż˝ Specify inductively defined sets; programs, types etc
will be defined this way. BNF grammars are a form of
inductive definition; abstract syntax trees are also defined
inductively.
ďż˝ Define Rule Induction; properties of programs will be
proved using this. It is important.
Midlands Graduate School, University of Birmingham, April 2008 10'
&
$
%
Example Inductive Definition
Let Var be a set of propositional variables. Then the set Prpn
of propositions of propositional logic is inductively defined
by the rules
[P â Var] (A)P
Ď Ď(â§)
Ďâ§Ď
Ď Ď(â¨)
Ďâ¨Ď
Ď Ď(â)
Ď â Ď
Ď(ÂŹ)
ÂŹĎ
Each proposition is created by a deduction . . .
Midlands Graduate School, University of Birmingham, April 2008 11'
&
$
%
Inductively Defined Sets in General
ďż˝ Given a set of rules, a deduction is a finite tree such
that
â each leaf node label c occurs as a base rule
(â ,c) â R
â for any non-leaf node label c, if H is the set of
children of c then (H,c) â R is an inductive rule.
ďż˝ The set I inductively defined by R consists of those
elements e which have a deduction with root node e. One
may prove âe â I. Ď(e) for a property Ď(e) by rule
induction. See the notes . . .
Midlands Graduate School, University of Birmingham, April 2008 12'
&
$
%
Example of Rule Induction
Consider the set of trees T defined inductively by
[n â Z]n
T1 T2
+(T1,T2)
Let L(T ) be the number of leaves in T , and N(T ) be the
number of +-nodes of T . We prove (see board)
âT â T . L(T ) = N(T )+1
where the functions L,N:T â N are defined recursively by
⢠L(n) = 1 and L(+(T1,T2)) = L(T1)+L(T2)
⢠N(n) = 0 and N(+(T1,T2)) = N(T1)+N(T2)+1
Midlands Graduate School, University of Birmingham, April 2008 13'
&
$
%
Chapter 1
By the end of this chapter, you should be able to
ďż˝ describe the programs (syntax) of a simple
imperative language called IMP;
ďż˝ give a type system to IMP and derive types;
ďż˝ explain the idea of evaluation relations;
ďż˝ derive example evaluations.
Midlands Graduate School, University of Birmingham, April 2008 14'
&
$
%
Whatâs Next? Types and Expressions
ďż˝ We define the types and expressions of IMP .
ďż˝ We give an inductive definition of a formal type
system.
Midlands Graduate School, University of Birmingham, April 2008 15'
&
$
%
Program Expressions and Types for IMP
The program expressions are given (inductively) by
P ::= c constant
| l memory location
| P iop PⲠinteger operator
| P bop PⲠboolean operator
| l :=PⲠassignment
| P ; PⲠsequencing
| if P then PⲠelse Pâ˛â˛ conditional
| while P do PⲠwhile loop
Midlands Graduate School, University of Birmingham, April 2008 16'
&
$
%
ďż˝ The types of the language IMP are given by the
grammar
Ď ::= int | bool | cmd
ďż˝ A location environment L is a finite set of (location,
type) pairs, with type being just int or bool:
L = l1 : : int, . . . , ln : : int, ln+1 : : bool, . . . , lm : : bool
ďż˝ Given L , then any P whose locations all appear in L
can (sometimes) be assigned a type; we write P : : Ď to
indicate this, and define such type assignments
inductively.
Midlands Graduate School, University of Birmingham, April 2008 17'
&
$
%
[any n â Z]n : : int T : : bool F : : bool
[l : : int â L ]l : : int
P1 : : int P2 : : int[ bop â BOpr]
P1 bop P2 : : bool
skip : : cmd
l : : Ď P : : Ď
l :=P : : cmd
P1 : : bool P2 : : cmd P3 : : cmd
if P1 then P2 else P3 : : cmd
P1 : : bool P2 : : cmd
while P1 do P2 : : cmd
Midlands Graduate School, University of Birmingham, April 2008 18'
&
$
%
Example: Deduction of a Type Assignment
l : : int 5 : : int
l ⼠5 : : bool D2
D3 D4
l := lâ1 ; lⲠ:= lⲠâ l : : cmd
if l ⼠5 then lⲠ:=1 else (l := l+1 ; lⲠ:= lⲠâ l) : : cmd
Midlands Graduate School, University of Birmingham, April 2008 19'
&
$
%
Whatâs Next? An Evaluation Relation
ďż˝ We define a notion of state.
ďż˝ We define an evaluation relation for IMP .
ďż˝ We look at an example.
Midlands Graduate School, University of Birmingham, April 2008 20'
&
$
%
States
ďż˝ A state s is a finite partial function Loc â ZâŞB.
ďż˝ For example s = ăl1 7â 4, l2 7â T, l3 7â 21ă
ďż˝ There is a state denoted by s{l7âc} : Loc â ZâŞB which
is the partial function
(s{l7âc})(lâ˛)def=
c if lⲠ= l
s(lâ˛) otherwise
ďż˝ We say that state s is updated at l by c.
Midlands Graduate School, University of Birmingham, April 2008 21'
&
$
%
An Evaluation Relation
Consider the following evaluation relationship
( lⲠ:=T ; l :=4+1 , ăă ) â ( skip , ălⲠ7â T, l 7â 5ă )
The idea is
Starting program â final result
We describe an operational semantics which has assertions
which look like
(P , s) â (c , s) and (P , s1) â (skip , s2)
Midlands Graduate School, University of Birmingham, April 2008 22'
&
$
%
[ provided l â domain of s]âLOC
(l , s) â (s(l) , s)
(P1 , s) â (n1 , s) (P2 , s) â (n2 , s)âOP
(P1 op P2 , s) â (n1 op n2 , s)
(P , s) â (c , s)âASS
(l :=P , s) â (skip , s{l7âc})
(P1 , s1) â (skip , s2) (P2 , s2) â (skip , s3)âSEQ
(P1 ; P2 , s1) â (skip , s3)
Midlands Graduate School, University of Birmingham, April 2008 23'
&
$
%
(P , s1) â (F , s1) (P2 , s1) â (skip , s2)âCOND2
(if P then P1 else P2 , s1) â (skip , s2)
(P1 , s1) â (T , s1) (P2 , s1) â (skip , s2) (while P1 do P2 , s2) â (skip , s3)
(while P1 do P2 , s1) â (skip , s3)
(P1 , s) â (F , s)âLOOP2
(while P1 do P2 , s) â (skip , s)
Midlands Graduate School, University of Birmingham, April 2008 24'
&
$
%
Example Evaluations
We derive deductions for
((3+2)â6, s) â (30, s)
and
(while l = 1 do l := lâ1, ăl 7â 1ă) â (skip , ăl 7â 0ă)
Midlands Graduate School, University of Birmingham, April 2008 25'
&
$
%
Chapter 2
By the end of this chapter you should be able to
ďż˝ describe the âcompiledâ CSS machine, which
executes compiled IMP programs;
ďż˝ show how to compile to CSS instruction
sequences;
ďż˝ give some example executions.
Midlands Graduate School, University of Birmingham, April 2008 26'
&
$
%
Motivating the CSS Machine
An operational semantics gives a useful model of IMPâwe
seek a more direct, âcomputationalâ method for evaluating
configurations. If P âe V, how do we âmechanically
produceâ V from P?
P ⥠P0 7â P1 7â P2 7â . . . 7â Pn âĄV
âMechanically produceâ can be made precise using a
relation P 7ââ PⲠdefined by rules with no hypotheses.
n+m 7ââ m+n
Midlands Graduate School, University of Birmingham, April 2008 27'
&
$
%
P0 7â P1 7â P2 7â P3 7â P4 . . . 7âV
Re-Write Rules (Abstract Machine)
deduction tree
P âe
ďż˝
-
V
Evaluation Semantics
Midlands Graduate School, University of Birmingham, April 2008 28'
&
$
%
An Example
Let s(l) = 6. Execute 10â l on the CSS machine.
First, compile the program.
[[10â l]] = FETCH(l) : PUSH(10) : OP(â)
Then
FETCH(l) : PUSH(10) : OP(â) â s
7ââ PUSH(10) : OP(â) 6 s
7ââ OP(â) 10: 6 s
7ââ â 4 s
Midlands Graduate School, University of Birmingham, April 2008 29'
&
$
%
Defining the CSS Machine
ďż˝ A CSS code C is a list:
C ::= â | ins : C
ins ::= PUSH(c) | FETCH(l) | OP(op) | SKIP
| STO(l) | BR(C,C) | LOOP(C,C)
The objects ins are CSS instructions. We will overload : to
denote append; and write Ξ for Ξ : â (ditto below).
ďż˝ A stack S is produced by the grammar
S ::= â | c : S
Midlands Graduate School, University of Birmingham, April 2008 30'
&
$
%
ďż˝ A CSS configuration is a triple (C,S,s).
ďż˝ A CSS re-write takes the form
(C1 , S1 , s1) 7ââ (C2 , S2 , s2)
and re-writes are specified inductively by rules with no
hypotheses (such rules are often called axioms)
R(C1 , S1 , s1) 7ââ (C2 , S2 , s2)
ďż˝ Note that the CSS re-writes are deterministic.
Midlands Graduate School, University of Birmingham, April 2008 31'
&
$
%
PUSH(c) : C S s 7ââ C c : S s
FETCH(l) : C S s 7ââ C s(l) : S s
OP( op ) : C n1 : n2 : S s 7ââ C n1 op n2 : S s
STO(l) : C c : S s 7ââ C S s{l7âc}
BR(C1,C2) : C F : S s 7ââ C2 : C S s
LOOP(C1,C2) : C S s 7ââ
C1 : BR(C2 : LOOP(C1,C2),SKIP) : C S s
Midlands Graduate School, University of Birmingham, April 2008 32'
&
$
%
[[c]]def= PUSH(c)
[[l]]def= FETCH(l)
[[P1 op P2]]def= [[P2]] : [[P1]] : OP(op)
[[l := P]]def= [[P]] : STO(l)
[[skip]]def= SKIP
[[P1 ; P2]]def= [[P1]] : [[P2]]
[[if P then P1 else P2]]def= [[P]] : BR([[P1]], [[P2]])
[[while P1 do P2]]def= LOOP([[P1]], [[P2]])
Midlands Graduate School, University of Birmingham, April 2008 33'
&
$
%
Chapter 3
By the end of this chapter you should be able to
ďż˝ describe the âinterpretedâ CSS machine,
which executes IMP programs;
ďż˝ explain the outline of a proof of correctness;
ďż˝ explain some of the results required for
establishing correctness, and the proofs of these
results.
Midlands Graduate School, University of Birmingham, April 2008 34'
&
$
%
Architecture of the Machine
ďż˝ A CSS code C is a list of instructions which is produced
by the following grammars:
C ::= â | ins : C ins ::= P | op | STO(l) | BR(P1,P2)
We will overload : to denote append; and write Ξ for
Ξ : â (ditto below).
ďż˝ A stack S is produced by the grammar
S ::= â | c : S
Midlands Graduate School, University of Birmingham, April 2008 35'
&
$
%
n : C S s 7ââ C n : S s
P1 op P2 : C S s 7ââ P2 : P1 : op : C S s
op : C n1 : n2 : S s 7ââ C n1 op n2 : S s
l :=P : C S s 7ââ P : STO(l) : C S s
STO(l) : C n : S s 7ââ C S s{l7ân}
while P1 do P2 : C S s 7ââ
P1 : BR((P2 ; while P1 do P2),skip) : C S s
Midlands Graduate School, University of Birmingham, April 2008 36'
&
$
%
A Correctness Theorem
For all n â Z, b â B, P1 : : int, P2 : : bool, P3 : : cmd and
s,s1,s2 â States we have
(P1 , s) â (n , s) iff P1 â s 7âât â n s
(P2 , s) â (b , s) iff P2 â s 7âât â b s
(P3 , s1) â (skip , s2) iff P3 â s1 7âât â â s2
where 7âât denotes the transitive closure of 7ââ.
Midlands Graduate School, University of Birmingham, April 2008 37'
&
$
%
Proof Method
ďż˝ =âonlyif by Rule Induction for â.
ďż˝ â=if by Mathematical Induction on k. Recall Îş 7âât Îşâ˛
iff (â k ⼠1)(Îş 7ââk Îşâ˛), where for k ⼠1, Îş 7ââk κⲠmeans
that(â1⤠i ⤠k)(âÎşi)(Îş 7ââ Îş1 7ââ . . . 7ââ Îşk = Îşâ˛)
Then note if the 2 are configurations with Ξ parameters
(âΞ)( (âk)(2 7ââk2) implies 2 â 2 )
âĄ
(âk)(âΞ) (2 7ââk2 implies 2 â 2)
︸ ︡︡ ︸
Ď(k)
Midlands Graduate School, University of Birmingham, April 2008 38'
&
$
%
Code and Stack Extension
For all k â N, and for all appropriate codes, stacks and
states,
C1 S1 s1 7ââk C2 S2 s2
implies
C1 : C3 S1 : S3 s1 7ââk C2 : C3 S2 : S3 s2
where 7ââ0 is reflexive closure of 7ââ.
Midlands Graduate School, University of Birmingham, April 2008 39'
&
$
%
Code Splitting
For all k â N, and for all appropriate codes, stacks and
states, if
C1 : C2 S s 7ââkâ Sâ˛â˛ sâ˛â˛
then there is a stack and state SⲠand sâ˛, and k1,k2 â N for
which
C1 S s 7ââk1 â SⲠsâ˛
C2 SⲠsⲠ7ââk2 â Sâ˛â˛ sâ˛â˛
where k1 + k2 = k.
Midlands Graduate School, University of Birmingham, April 2008 40'
&
$
%
Typing and Termination Yields Values
For all k â N, and for all appropriate codes, stacks, states,
P : : int and P S s 7ââkâ SⲠsⲠimplies
s = sⲠand SⲠ= n : S some n â Z
and P â s 7ââkâ n s
and similarly for Booleans.
Midlands Graduate School, University of Birmingham, April 2008 41'
&
$
%
Proving the Theorem
(=âonlyif ): Rule Induction for â
(Case â OP1): The inductive hypotheses are
P1 â s 7ââtâ n1 s P2 â s 7âât
â n2 s
Then
P1 op P2 â s 7ââ P2 : P1 : op â s
7âât P1 : op n2 s ⥠P1 : op n2 s
7âât op n1 : n2 s
7ââ â n1 op n2 s
Midlands Graduate School, University of Birmingham, April 2008 42'
&
$
%
(â=if ): We prove by induction for all k, for all P : : int,n,s,
P â s 7ââk â n s implies (P , s) â (n , s)︸ ︡︡ ︸
Ď(k)
(Proof of âk0 â N, Ď(k)kâ¤k0 implies Ď(k0 +1)): Suppose that
for some arbitrary k0, P : : int, n and s
P â s 7ââk0+1â n s (â)
and then we prove (P , s) â (n , s) by considering cases on P.
Midlands Graduate School, University of Birmingham, April 2008 43'
&
$
%
(Case P is P1 op P2): Suppose that
P1 op P2 â s 7ââk0+1â n s
and so
P2 : P1 : op â s 7ââk0 â n s .
Using splitting and termination we have, noting P2 : : int,
that
P2 â s 7ââk1 â n2 s
P1 : op n2 s 7ââk2 â n s
where k1 + k2 = k0,
Midlands Graduate School, University of Birmingham, April 2008 44'
&
$
%
and repeating for the latter re-write we get
P1 n2 s 7ââk21 â n1 : n2 s
op n1 : n2 s 7ââk22 â n s (1)
where k21+ k22 = k2. So as k1 ⤠k0, by induction we deduce
that (P2 , s) â (n2 , s), and from termination that
P1 â s 7ââk21 â n1 s .
Also, as k21 ⤠k0, we have inductively that (P1 , s) â (n1 , s)
and hence
(P1 op P2 , s) â (n1 op n2 , s).
But from determinism and (1) we see that n1 op n2 = n and
we are done.
Midlands Graduate School, University of Birmingham, April 2008 45'
&
$
%
Chapter 4
By the end of this chapter you should be able to
ďż˝ describe the expressions and type system of a
language with higher order functions;
ďż˝ explain how to write simple programs;
ďż˝ specify an eager evaluation relation;
ďż˝ prove properties such as determinism.
Midlands Graduate School, University of Birmingham, April 2008 46'
&
$
%
Whatâs Next? Expressions and Types for FUN
ďż˝ Define the expression syntax and type system.
Midlands Graduate School, University of Birmingham, April 2008 47'
&
$
%
Examples of FUN Declarations
g :: Int -> Int -> Int
g x y = x+y
l1 :: [Int]l1 = 5:(6:(8:(4:(nil))))
h :: Inth = hd (5:6:8:4:nil)
length :: [Bool] -> Int
length l = if elist(l) then 0 else (1 + length t)
Midlands Graduate School, University of Birmingham, April 2008 48'
&
$
%
FUN Types
ďż˝ The types of FUNe are
Ď ::= int | bool | Ď â Ď | [Ď]
ďż˝ We shall write
Ď1 â Ď2 â Ď3 â . . . â Ďn â Ď
for
Ď1 â (Ď2 â (Ď3 â ( . . . â (Ďn â Ď) . . .))).
Thus for example Ď1 â Ď2 â Ď3 means Ď1 â (Ď2 â Ď3).
Midlands Graduate School, University of Birmingham, April 2008 49'
&
$
%
FUN Expressions
The expressions are
E ::= x variables
| c constants
| K constant identifier
| F function identifier
| E1 E2 function application
| tl(E) tail of list
| E1 : E2 cons for lists
| elist(E) Boolean test for empty list
Bracketing conventions apply . . .
Midlands Graduate School, University of Birmingham, April 2008 50'
&
$
%
Whatâs Next? A Formal FUN Type System
ďż˝ Show how to declare the types of variables and
identifiers.
ďż˝ Give some examples.
ďż˝ Define a type assignment system.
Midlands Graduate School, University of Birmingham, April 2008 51'
&
$
%
Contexts (Variable Environments)
ďż˝ When we write a FUN program, we shall declare the
types of variables, for example
x : : int,y : : bool,z : : bool
ďż˝ A context, variables assumed distinct, takes the form
Î = x1 : : Ď1, . . . ,xn : : Ďn.
Midlands Graduate School, University of Birmingham, April 2008 52'
&
$
%
Identifier Environments
ďż˝ When we write a FUN program, we want to declare the
types of constants and functions.
ďż˝ A simple example of an identifier environment is
K : : bool, map : : (int â int) â [int] â [int], suc : : int â int
ďż˝ An identifier type looks like Ď1 â Ď2 â Ď3 â . . . â Ďa â Ďwhere a ⼠0 and Ď is NOT a function type.
ďż˝ An identifier environment looks like
I = I1 : : Κ1, . . . , Im : : Κm.
Midlands Graduate School, University of Birmingham, April 2008 53'
&
$
%
Example Type Assignments
ďż˝ With the previous identifier environment
x : : int,y : : int,z : : int ⢠mapsuc(x : y : z : nilint) : : [int]
ďż˝ We have
â ⢠if T then hd(2 : nilint) else hd(4 : 6 : nilint) : : int
Midlands Graduate School, University of Birmingham, April 2008 54'
&
$
%
Inductively Defining Type Assignments
Start with an identifier environment I and a context Î.
Then
( where x : : Ď â Î) : : VAR
Π⢠x : : Ď: : INT
Π⢠n : : int
Π⢠E1 : : int Π⢠E2 : : int: : OP1
Π⢠E1 iop E2 : : int
Midlands Graduate School, University of Birmingham, April 2008 55'
&
$
%
Π⢠E1 : : Ď2 â Ď1 Π⢠E2 : : Ď2: : AP
Π⢠E1 E2 : : Ď1
( where I : : Κ â I ) : : IDR
Π⢠I : : Κ
: : NIL
Π⢠nilĎ : : [Ď]
Π⢠E1 : : Ď Î â˘ E2 : : [Ď]: : CONS
Π⢠E1 : E2 : : [Ď]
Midlands Graduate School, University of Birmingham, April 2008 56'
&
$
%
Whatâs Next? Function Declarations and Programs
ďż˝ Show how to code up functions.
ďż˝ Define what makes up a FUN program.
ďż˝ Give some examples.
Midlands Graduate School, University of Birmingham, April 2008 57'
&
$
%
Introducing Function Declarations
ďż˝ To declare plus can write plus x y = x+ y.
ďż˝ To declare fac
fac x = if x == 1 then 1 else xâ fac(xâ1)
ďż˝ And to declare that true denotes T we write true = T.
ďż˝ In FUNe , can specify (recursive) declarations
K = E Fx = EⲠG x y = Eâ˛â˛ . . .
Midlands Graduate School, University of Birmingham, April 2008 58'
&
$
%
An Example Declaration
Let I = I1 : : [int] â int â int, I2 : : int â int, I3 : : bool. Then
an example of an identifier declaration decI is
I1 l y = hd(tl(tl(l)))+ I2 ydef= EI1
I2x = xâ xdef= EI2
I3 = Tdef= EI3
I4 u v w = u+ v+wdef= EI4
Midlands Graduate School, University of Birmingham, April 2008 59'
&
$
%
An Example Program
Let I = F : : int â int â int,K : : int. Then an identifier
declaration decI is
F x y = x+7â ydef= EF
K = 10
An example of a program is decI in F 8 1⤠K . Note that
â ⢠F 8 1⤠K : : bool
and
x : : int,y : : int︸ ︡︡ ︸
ÎF
⢠x+7â y : : int︸︡︡︸
ĎF
and â ⢠K : : int
Midlands Graduate School, University of Birmingham, April 2008 60'
&
$
%
Defining Programs
A program in FUNe is a judgement of the form
decI in P
where decI is a given identifier declaration and the
program expression P satisfies a type assignment of the
form
â ⢠P : : Ď (written P : : Ď)
and â F~x = EF â decI
ÎF ⢠EF : : ĎF
Midlands Graduate School, University of Birmingham, April 2008 61'
&
$
%
Whatâs Next? Values and the Evaluation Relation
ďż˝ Look at the notion of evaluation order.
ďż˝ Define values, which are the results of eager program
executions.
ďż˝ Define an eager evaluation semantics: P âe V.
ďż˝ Give some examples.
Midlands Graduate School, University of Birmingham, April 2008 62'
&
$
%
Evaluation Orders
ďż˝ The operational semantics of FUNe says when a
program P evaluates to a value V. It is like the IMP
evaluation semantics.
ďż˝ Write this in general as P âe V, and examples are
3+4+10âe 17 hd(2 : nilint) âe 2
Midlands Graduate School, University of Birmingham, April 2008 63'
&
$
%
ďż˝ Let F x y = x+ y. We would expect F (2â3) (4â5) âe 26.
ďż˝ We could
⢠evaluate 2â3 to get value 6 yielding F 6 (4â5),
⢠then evaluate 4â5 to get value 20 yielding F 6 20.
ďż˝ We then call the function to get 6+20, which evaluates to
26. This is call-by-value or eager evaluation.
ďż˝ Or the function could be called first yielding (2â3)+(4â5)
and then we continue to get 6+(4â5) and 6+20 and 26. This
is called call-by-name or lazy evaluation.
Midlands Graduate School, University of Birmingham, April 2008 64'
&
$
%
Defining and Explaining (Eager) Values
ďż˝ Let decI be an identifier declaration, with typical typing
F : : Ď1 â Ď2 â Ď3 â . . . â Ďa â Ď
Informally a is the maximum number of inputs taken by F. A
value expression is any expression V produced by
V ::= c | nilĎ | F ~V | V : V
where ~V abbreviates V1 V2 . . . Vkâ1 Vk and 0⤠k < a.
ďż˝ Note also that k is strictly less than a, and that if a = 1 then
F ~V denotes F.
Midlands Graduate School, University of Birmingham, April 2008 65'
&
$
%
ďż˝ A value is any value expression for which decI in V
is a valid FUNe program.
ďż˝ Suppose that F : : int â int â int â int and that P1 âe 2
and P2 âe 5 and P3 â
e 7 with Pi not values. Then
P V
F
F P1 F 2
F 2 P2 F 2 5
P V
F 2 5 P3
F 2 5 7 14
F P1 P2 P3 14
Midlands Graduate School, University of Birmingham, April 2008 66'
&
$
%
The Evaluation Relation
âeVAL
V âe V
P1 âe m P2 â
e nâe
OP
P1 op P2 âe m op n
P1 âe T P2 â
e Vâe
COND1if P1 then P2 else P3 â
e V
Midlands Graduate School, University of Birmingham, April 2008 67'
&
$
%
P1 âe F ~V P2 â
e V2 F ~V V2 âe V
where either P1 or P2 is not a valueâeAP
P1 P2 âe V
EF[V1, . . . ,Va/x1, . . . ,xa] âe V
[F~x = EF declared in decI ] âeFID
FV1 . . .Va âe V
EK âe V[K = EK declared in decI ] âeCID
K âe V
Midlands Graduate School, University of Birmingham, April 2008 68'
&
$
%
P âe V : V â˛
âeHD
hd(P) âe V
P âe V : V â˛
âeTL
tl(P) âe V â˛
P1 âe V P2 â
e V â˛
âeCONS
P1 : P2 âe V : V â˛
P âe nilĎâeELIST1
elist(P) âe T
P âe V : V â˛
âeELIST2elist(P) âe F
Midlands Graduate School, University of Birmingham, April 2008 69'
&
$
%
Examples of Evaluations
Suppose that decI is
G x = xâ2
K = 3
VAL
G âe G
VAL
3âe 3CID
K âe 3
VAL
3âe 3VAL
2âe 2OP
(xâ2)[3/x] = 3â2âe 6FID
G 3âe 6AP
G K âe 6
Midlands Graduate School, University of Birmingham, April 2008 70'
&
$
%
We can prove that
F 2 3 (4+1) âe 10
where F x y z = x+ y+ z as follows:
âeVAL
F 2 3âe F 2 3
4âe 4 1âe 1
4+1âe 5 Tâe
AP
F 2 3 (4+1) âe 10
Midlands Graduate School, University of Birmingham, April 2008 71'
&
$
%
where T is the tree
2âe 2 3âe 3
2+3âe 5 5âe 5
2+3+5âe 10==========================
(x+ y+ z)[2,3,5/x,y,z] âe 10âe
FID
F 2 3 5âe 10
Midlands Graduate School, University of Birmingham, April 2008 72'
&
$
%
Whatâs Next? FUN Properties of Eager Evaluation
ďż˝ Explain and define determinism.
ďż˝ Explain and define subject reduction, that is,
preservation of types during program execution.
Midlands Graduate School, University of Birmingham, April 2008 73'
&
$
%
Properties of FUN
ďż˝ The evaluation relation for FUNe is deterministic.
More precisely, for all P, V1 and V2, if
P âe V1 and P âe V2
then V1 = V2. (Thus âe is a partial function.)
ďż˝ Evaluating a program decI in P does not alter its
type. More precisely,
(â ⢠P : : Ď and P âe V) implies â ⢠V : : Ď
for any P, V, Ď and decI . The conservation of type during
program evaluation is called subject reduction.
Midlands Graduate School, University of Birmingham, April 2008 74'
&
$
%
Chapter 5
By the end of this chapter you should be able to
ďż˝ describe the SECD machine, which executes
compiled FUNe programs; here the expressions
Exp are defined by E ::= x | n | F | E E;
ďż˝ show how to compile to SECD instruction
sequences;
ďż˝ write down example executions.
Midlands Graduate School, University of Birmingham, April 2008 75'
&
$
%
Architecture of the Machine
ďż˝ The SECD machine consists of rules for transforming SECD
configurations (S,E,C,D).
ďż˝ The non-empty stack S is generated by
S ::=n
â|
Sl . . .S1
cloF
â
� Each node occurs at a level ⼠1.
ďż˝ A stack S has a height the maximum level of any cloF , or 0
otherwize.
Midlands Graduate School, University of Birmingham, April 2008 76'
&
$
%
ďż˝ If the (unique) left-most closure node cloF at level Îąexists, call it the Îą-prescribed node, and write Îą S.
ďż˝ For any stack Îą S of height ⼠1 there is a sub-stack Sâ˛
of shape
Sl . . . S1
�cloF
â
Midlands Graduate School, University of Birmingham, April 2008 77'
&
$
%
Given any other stack Sl+1 there is a stack Sâ˛â˛
Sl+1 Sl . . . S1
�cloF
â
ďż˝ Write Sl+1âS for S with SⲠreplaced by Sâ˛â˛.
Midlands Graduate School, University of Birmingham, April 2008 78'
&
$
%
ďż˝ The environment E takes the form
x1 =?S1 : . . . : xn =?Sn.
ďż˝ The value of each ? is determined by the form of an Si.
ďż˝ If Si isn
âthen ? is 0; if Si is
cloF
âthen ? is 1; in any
other case, ? is Av 1.
Midlands Graduate School, University of Birmingham, April 2008 79'
&
$
%
ďż˝ A SECD code C is a list which is produced by the
following grammars:
ins ::= x | n | F | APP
C ::= â | ins : C
ďż˝ A typical dump looks like
(S1,E1,C1,(S2,E2,C2, . . .(Sn,En,Cn,â) . . .))
� We will overload : to denote append; and write Ξ for
Ξ : â.
Midlands Graduate School, University of Birmingham, April 2008 80'
&
$
%
We define a compilation function [[â]]:Exp â SECDcodes
which takes an SECD expression and turns it into code.
ďż˝ [[x]]def= x
ďż˝ [[n]]def= n
ďż˝ [[F ]]def= F
ďż˝ [[E1 E2]]def= [[E1]] : [[E2]] : APP
Midlands Graduate School, University of Birmingham, April 2008 81'
&
$
%
There is a representation of program values as stacks, given
by
ďż˝ (|n|)def=
n
â
ďż˝
(|F V1 . . .Vk|)def=
(|Vk|) . . . (|V1|)
cloF
â
= (|Vk|)â . . .â (|V1|)âcloF
â
ďż˝ Recall k < a with a the arity of F.
Midlands Graduate School, University of Birmingham, April 2008 82'
&
$
%
The Re-writes
A number is pushed onto the stack (the initial stack can be
of any status):
S [Av ]Îą S
E E
C n : C
D D
num7ââ
S Îąn
ââS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 83'
&
$
%
A function is pushed onto the stack (the initial stack can be
of any status):
S [Av ]Îą S
E E
C F : C
D D
fn7ââ
S ι+1�cloF
ââS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 84'
&
$
%
A variableâs value is pushed onto the stack, provided that the
environment E contains x = ?T ⥠[Av ]δ T (where δ is 0 or 1).
Note that by definition, the status of T determines the status
of the re-written stack:
S [Av ]Îą S
E E
C x : C
D D
var7ââ
S [Av ]δ+Îą T âS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 85'
&
$
%
An APP command creates an application value, type 0:
S Îą
Sk . . .S1
�cloF
â
âS
E E
C APP : C
D D
cav07ââ
S Av Îą
Sk . . .S1
�cloF
â
âS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 86'
&
$
%
An APP command creates an application value, type 1:
S Îą
�cloH
âSkâ1 . . .S1
cloF
â
âS
E E
C APP : C
D D
cav17ââ
S Av Îąâ1
cloH
âSkâ1 . . .S1
�cloF
â
âS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 87'
&
$
%
An APP command produces an application value from anapplication value:
S Av Îą
Sk . . .S1
�cloF
â
Sâ˛kâ˛â1 . . .Sâ˛1
cloG
â
âS
E E
C APP : C
D D
avtav7ââ
S Av Îąâ1
Sk . . .S1
cloF
â
Sâ˛kâ˛â1 . . .Sâ˛1
�cloG
â
âS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 88'
&
$
%
An APP command calls a function, type 0:
S Îą
Sa . . .S1
�cloF
â
âS
E E
C APP : C
D D
call07ââ
S â
E xa = ?Sa : . . . : x1 = ?S1 : E
C [[EF ]]
D (Îąâ1 S,E,C,D)
Midlands Graduate School, University of Birmingham, April 2008 89'
&
$
%
An APP command calls a function, type 1:
S Îą
�cloH
âSaâ1 . . .S1
cloF
â
âS
E E
C APP : C
D D
call17ââ
S â
E xa =?Sa : . . . : x1 =?S1 : E
C [[EF ]]
D (Îąâ2 S,E,C,D)
Midlands Graduate School, University of Birmingham, April 2008 90'
&
$
%
An APP command calls a function, type 2:
S Av Îą
Sk . . .S1
�cloF
â
Sâ˛aâ1 . . .Sâ˛1
cloG
â
âS
E E
C APP : C
D D
call27ââ
S â
E xa =?Sâ˛a : . . . : x1 =?Sâ˛1 : E
C [[EG]]
D (Îąâ2 S,E,C,D)
Midlands Graduate School, University of Birmingham, April 2008 91'
&
$
%
Restore, where the final status is determined by the initial
status:
S [Av ]β T
E E â˛
C â
D (Îą S,E,C,D)
res7ââ
S [Av ]Îą+β T âS
E E
C C
D D
Midlands Graduate School, University of Birmingham, April 2008 92'
&
$
%
Suppose that K, N and MN are functions which are also
values, and thatF x y = x
L u v = u
I a b = b
H z = L (M N) zThen
(F (H 4)) (I 2 K) âe M N. Note that
[[(F (H 4)) (I 2 K)]] =
(11.def= F) : H : 4 : APP : APP : I : 2 : APP : K : APP : (APP
def= 1.)
and
[[L (M N) z]]def= 7.
def= L : M : N : APP : APP : z : APP
def= 1.
Mid
lan
ds
Gra
du
ate
Sch
ool,
Un
iversity
of
Birm
ingh
am
,A
pril
20
08
93
'&
$%
S0
â
Eâ
C11.
Dâ
nu
m/fn
7ââ
3
S2
4â
�cloH
â
cloF
â
Eâ
C8.
âĄAPP
:7.
Dâ
Midlands Graduate School, University of Birmingham, April 2008 94'
&
$
%
call07ââ
S 0 â
E E Ⲡdef= z = 0
4
â
C [[L (M N) z]]
D Ξ def= (1
cloF
â,â,7.,â)
fn7ââ
3
S 3
�cloN
â
cloM
â
cloL
â
E E â˛
C 4.
D Ξ
Midlands Graduate School, University of Birmingham, April 2008 95'
&
$
%
cav17ââ
S Av 2
cloN
â
�cloM
â
cloL
â
E E â˛
C 3.
D Ξ
avtav7ââ
S Av 1
cloN
â
cloM
â
�cloL
â
E E â˛
C 2.
D Ξ
Midlands Graduate School, University of Birmingham, April 2008 96'
&
$
%
Chapter 6
By the end of this chapter you should be able to
ďż˝ explain the outline of a proof of correctness;
ďż˝ explain some of the results required for
establishing correctness, and the proofs of these
results.
Midlands Graduate School, University of Birmingham, April 2008 97'
&
$
%
A Correctness Theorem
For all programs decI in P for which â ⢠P : : Ď we have
P âe V iff
S â
E â
C [[P]]
D â
7âât
S (|V|)
E â
C â
D â
Midlands Graduate School, University of Birmingham, April 2008 98'
&
$
%
Code and Stack Extension
For any stacks, environments, codes, and dumps, if C1 is
non-empty
Mdef=
S S1
E E
C C1
D D
7ââk
S S2
E E
C C2
D D
def= Mâ˛
implies
Mdef=
S S1âS3
E E
C C1 : C3
D D
7ââk
S S2âS3
E E
C C2 : C3
D D
def= Mâ˛
Midlands Graduate School, University of Birmingham, April 2008 99'
&
$
%
ďż˝ Need to prove âlemma plusâ: if D ⥠(Sâ˛,E â˛,Câ˛,Dâ˛) we
can also similarly arbitrarily extend any of the stacks and
codes in D (say to D).
ďż˝ We use induction on k. Suppose lemma plus is true
âk ⤠k0. Must prove we can extend any re-write
M 7ââk0+1 MⲠto M 7ââk0+1 Mâ˛. By determinism, we have
M 7ââ1 Mâ˛â˛ 7ââk0 Mâ˛.
ďż˝ If no function call during M 7ââ1 Mâ˛â˛, trivial to extend
to get M 7ââ1 Mâ˛â˛. And by induction, Mâ˛â˛ 7ââk0 Mâ˛.
Midlands Graduate School, University of Birmingham, April 2008 100'
&
$
%
If there is a function call, there are k1 and k2 such that
Mdef=
S T âS
E E
C APP : C
D D
7ââ1
S â
E E â˛
C [[EF ]]
D (S,E,C,D)
7ââk1
S Sâ˛â˛
E E â˛â˛
C Câ˛â˛
D (S,E,C,D)
res7ââ
1
S Sâ˛â˛âS
E E
C C
D D
7ââk2 Mâ˛
where there are no function calls in the k2 re-writes.
Midlands Graduate School, University of Birmingham, April 2008 101'
&
$
%
By induction, we have
Mâ˛â˛ def=
S â
E E â˛
C [[EF ]]
D (SâS3,E,C : C3,D)
7ââk1
S Sâ˛â˛
E E â˛â˛
C Câ˛â˛
D (SâS3,E,C : C3,D)
It is easy to see that M 7ââ Mâ˛â˛, and obviously
S Sâ˛â˛
E E â˛â˛
C Câ˛â˛
D (SâS3,E,C : C3,D)
7ââ1
S Sâ˛â˛âSâS3
E E
C C : C3
D D
Midlands Graduate School, University of Birmingham, April 2008 102'
&
$
%
If k2 = 0 then we are done.
If k2 ⼠1 then we can similarly extend the stack and code of
the final k2 ⼠1 transitions by induction
S Sâ˛â˛âSâS3
E E
C C : C3
D D
7ââ1 Mâ˛.
and we are also done.
Midlands Graduate School, University of Birmingham, April 2008 103'
&
$
%
Code Splitting
For any stacks, environments, codes, and dumps, if C1 and
C2 are non-empty then
S S
E E
C C1 : C2
D D
7ââk
S Sâ˛â˛
E E
C â
D D
implies that
Midlands Graduate School, University of Birmingham, April 2008 104'
&
$
%
S S
E E
C C1
D D
7ââk1
S Sâ˛
E E
C â
D D
and
S Sâ˛
E E
C C2
D D
7ââk2
S Sâ˛â˛
E E
C â
D D
where k = k1+ k2.
Midlands Graduate School, University of Birmingham, April 2008 105'
&
$
%
Program Code Factors Through Value Code
For any well typed FUNe program decI in P where P : : Ď
and P âe V,
S S
E E
C [[P]]
D D
7ââk
S S
E E
C â
D D
implies (âk ⤠k)
S S
E E
C [[V]]
D D
7ââk
S S
E E
C â
D D
with equality only if P is a value (and hence equal to V).
Midlands Graduate School, University of Birmingham, April 2008 106'
&
$
%
Proving the Theorem
(â=if ): We shall prove that if P : : Ď then
S S
E â
C [[P]]
D â
7ââk
S Sâ˛
E â
C â
D â
implies (âV) SⲠ= (|V|)âS and P âe V
from which the required result follows. Induction on k. If P
is a number or a function the result is trivial. Else P has the
form P1P2.
Midlands Graduate School, University of Birmingham, April 2008 107'
&
$
%
Suppose that
S S
E â
C [[P1]] : [[P2]] : APP
D â
7ââk0+1
S Sâ˛
E â
C â
D â
Then appealing to splitting and the induction hypothesis,
we get
Midlands Graduate School, University of Birmingham, April 2008 108'
&
$
%
S S
E â
C [[P1]]
D â
7ââk1
S (|F ~V |)âS
E â
C â
D â
and
S (|F ~V |)âS
E â
C [[P2]] : APP
D â
7ââk2
S Sâ˛
E â
C â
D â
where P1 âe F ~V .
Midlands Graduate School, University of Birmingham, April 2008 109'
&
$
%
Appealing to splitting again, and by induction,
S (|F ~V |)âS
E â
C [[P2]]
D â
7ââk21
S (|V2|)â (|F ~V |)âS
E â
C â
D â
and
S (|V2|)â (|F ~V |)âS
E â
C APP
D â
7ââk22
S Sâ˛
E â
C â
D â
where P2 âe V2.
Midlands Graduate School, University of Birmingham, April 2008 110'
&
$
%
By factorization on P1 and P2, and extension we have (check!)
S S
E â
C [[F ~V V2]]
D â
7ââk1+k21
S (|V2|)â (|F ~V |)âS
E â
C APP
D â
7ââk22
S Sâ˛
E â
C â
D â
and so if P1 P2 is not a value then
k1 + k21+ k22 < k0 +1
and by induction SⲠ= (|V|)âS for some V where F ~V V2 âe V.
Hence P1 P2 âe V as required.
If P1 P2 is a value, refer to part (=âonlyif ) of the proof, case âeVAL