1

Semantics Q1 2007

SEMANTICS (Q1,’07)Week 7

Jacob AndersenPhD student

andersen@daimi.au.dk

2

Semantics Q1 2007

News…• Exam:

– Time and Place (final): Oct. 31st 9.00-13.00 in Benjamin bld.

– Curriculum: On the webpage (schedule)– Materials: SOS chapter 1-3, CCS chapter 1-3, Note on SI– Lecture slides

» A service to you to ease note-taking (alternative: whiteboard-only lectures)

» Price (for you to “pay”): I may require that you use things at the exam, that are only introduced on the slides.

– Exercises and hand-ins (including TA feedback)» Competences developed and trained through exercises.» Many points illustrated best by practical experience.

• Sample Solution to 2005 Miniproject

3

Semantics Q1 2007

Week 7 - Outline• Exam• Bisimulation• Course Evaluation• SOS Implementation (Interpretation)• Program Equivalence• Imperative Blocks• The Environment-Store Model• Other Semantic Formalisms

4

Semantics Q1 2007

Exam 1st page

Evaluating your competences, i.e.

– new problems which you have not seen before.

– Hidden “traps” or insights

– … to avoid pattern-matching.

– Don’t Panic!

A solution without explanations / motivations is useless!!

– Matches (at most) the “describe” competence.

– If the solution is wrong it cannot be “rescued” by a good explanation.

5

Semantics Q1 2007

BISIMULATION

6

Semantics Q1 2007

Def: A Strong Bisimulation• Let (Proc, Act, ) be a LTS

• Def: a bin. rel. R Proc Proc is a strong bisimulation iff whenever (s,t) R : aAct :

• if s s’ then t t’ for some t’ such that (s’,t’) R• if t t’ then s s’ for some s’ such that (s’,t’) R

• Note:• 1. Definition on LTS (not necessarily wrt. processes)• 2. Definition relative to a (SOS) semantics (via LTS)

a

a

a

a

a

Intuition: “Only equate as consistently allowed by the semantics”

7

Semantics Q1 2007

Def: Strongly Bisimilar (~)• A Strong Bisimulation:

• Def: a bin. rel. R Proc Proc is a strong bisimulation iff whenever (s,t) R : aAct :

• if s s’ then t t’ for some t’ such that (s’,t’) R• if t t’ then s s’ for some s’ such that (s’,t’) R

• The Strong Bisimilarity relation (~):

• Def: two (processes) s and t are strongly bisimilar( s ~ t ) iff strong bisimulation R : (s,t) R .

• i.e.

a

a

a

a

‘~’ := {R | R is a strong bisimulation }

8

Semantics Q1 2007

How to Prove Strong Bisimilarity ?

• How to prove strong bisimilarity for two processes ?

• i.e. ?:

• Exhibit a (any) bisimulation R , for which:•

– By definition we get that:» since ‘~’ was the largest bisimulation

• How to disprove strong bisimilarity?• Strong bisimulation game

(s,t) R ‘~’

(s,t) R

s ~ t

9

Semantics Q1 2007

Example Proof of Bisimilarity• Example:

• Buffer (capacity 1):

• Buffer (capacity 2):• Show that:

A0 =def in . A1

A1 =def out . A0

B0 =def in . B1

B1 =def in . B2 + out . B0

B2 =def out . B1B0 ~ A0|A0

B0

B1

B2

A0|A0

A1|A0 A0|A1

A1|A1

R = { (B0 , A0|A0) , (B1 , A1|A0) , (B1 , A0|A1) , (B2 , A1|A1) }

10

Semantics Q1 2007

Other Properties of (~)• The following properties hold P, Q, R:

• P+Q ~ Q+P // ‘+’ commutative •(P+Q)+R ~ P+(Q+R) // ‘+’ associative• P|Q ~ Q|P // ‘|’ commutative•(P|Q)|R ~ P|(Q|R) // ‘|’ associative• P+0 ~ P // ‘0’ neutral wrt. ‘+’• P|0 ~ P // ‘0’ neutral wrt. ‘|’•...

• Live exercise:• Prove one of these properties

11

Semantics Q1 2007

Summary: Strong Bisimilarity (~)• Properties of (~):

• an equivalence relation:» reflexive, symmetric, and transitive

• the largest strong bisimulation:» for proving bisimilarity (exhibit a bisimulation)

• strong bisimulation game:» for proving non-bisimilarity (winning attack strategy)

• a congruence:» P ~ Q => C[P] ~ C[Q]

• obeys the following algebraic laws:» ‘+’ and ‘|’ commutative, associative, and ‘0’ neutrality, …

12

Semantics Q1 2007

Summary: Weak Bisimilarity ()• Properties of ():

• an equivalence relation:» reflexive, symmetric, and transitive

• the largest weak bisimulation:» for proving bisimilarity (exhibit a bisimulation)

• weak bisimulation game:» for proving non-bisimilarity (winning attack strategy)

• not a congruence:» P Q => C[P] C[Q]

• obeys the following algebraic laws:» ‘+’ and ‘|’ commutative, associative, and ‘0’ neutrality, …

• abstracts away from internal tau-actions

13

Semantics Q1 2007

():“Fair Abstraction from Divergence”• Consider:

•A =def a.0 + .B

•B =def b.0 + .A– Note that:

» A B a.0 + b.0 !!!

• ..and even:•Div =def .Div

» 0 Div !!!

• Intuition: “Fair Abstraction from Divergence”: “assumes processes (eventually) escape from loops”

14

Semantics Q1 2007

COURSE EVALUATION

15

Semantics Q1 2007

Course Evaluation

• Your e aluation matters!:» Gives you a chance to voice your opinion» Helps improve next year’s course» Helps improve my teaching (in general)» May influence larger didactic strategies for

whole dept. / uni

• Why two evaluations?» Compulsory in order to get valid results.

16

Semantics Q1 2007

SOS Implementation

Example: L implementation in SML

17

Semantics Q1 2007

Representation of Exp/BExp/Comtype number = inttype variable = stringtype truthvalue = bool

datatype exp = Number of number | Variable of variable | Add of exp * exp | Sub of exp * exp | Mul of exp * exp

datatype bexp= Truthvalue of truthvalue | Eq of exp * exp | Or of bexp * bexp | Not of bexp

datatype com = Skip | Assign of variable * exp | Seq of com * com | If of bexp * com * com | While of bexp * com

18

Semantics Q1 2007

Representation of Storetype store = (variable * number) list

fun update s v n = let val s' = List.filter (fn (v', _) => v <> v') s in (v, n) :: s' end

fun lookup s v = let val pair = List.find (fn (v', _) => v = v') s fun match (SOME (_, n)) = n | match NONE = raise (Fail "Stuck!") in match pair end

19

Semantics Q1 2007

Small-step semantics for Expfun smallStepExp (Variable var, store) (* Var *) = let val n = lookup store var in (Number n, store) end

| smallStepExp (Add (Number m, Number m'), store) (* Sum3 *) = let val n = m + m' in (Number n, store) end

| smallStepExp (Add (Number m, e1), store) (* Sum2 *) = let val (e1', _) = smallStepExp (e1, store) in (Add (Number m, e1'), store) end

| smallStepExp (Add (e0, e1), store) (* Sum1 *) = let val (e0', _) = smallStepExp (e0, store) in (Add (e0', e1), store) end

20

Semantics Q1 2007

Pretty Printing Expfun prettyExp (Number n) = print (Int.toString n) | prettyExp (Variable var) = print var | prettyExp (Add (e1, e2)) = ( prettyExp e1; print " + "; prettyExp e2 ) | prettyExp (Sub (e1, e2)) = ( prettyExp e1; print " - "; prettyExp e2 ) | prettyExp (Mul (e1, e2)) = ( prettyExp e1; print " * "; prettyExp e2 )

fun prettyBExp ... =...

fun prettyCom ... = ...

21

Semantics Q1 2007

PROGRAM EQUIVALENCE

22

Semantics Q1 2007

Program Equivalence ()?• Program equivalence () ?:

• • • • • • xFV(E2) yFV(E1)

• ...

• How do we know they are “equivalent” ?• …and what does that mean ?

C ; nil nil ; C C

if B then C else C’ if ~B then C’ else C

(C1 ; C2) ; C3 C1 ; (C2 ; C3)

repeat C until B C ; while ~B do C

x := E1 ; y := E2 y := E2 ; x := E1

nil nil ; nil

23

Semantics Q1 2007

Behavior and Behavioral Equivalence

• Assume deterministic language L:

• Def: Behavior:• Partial function:

•exec(C,) =

• Def: Behavioral equivalence (C C’):•

’ if <C,> * ’

undef otherwise e.g. nontermination,abnormal termination

exec : Com Store Store

Store: exec(C,) = exec(C’,)i.e. the two commands produce the same resulting store, ’, (but not necessarily in the same number of steps)

if both defined

24

Semantics Q1 2007

Congruence ()

• Theorem: “” is a congruence [proof omitted]

» i.e., we can substitute equivalent fragments in programs!

• Example (Java):

C C’ => P[C] P[C’] , for all contexts P[]

class C { D void m() { S’ for (E1 ; E2 ; E3) S0

S” }}

safe transformation

who:compiler, homo-sapiens,

combination (refactoring tools), …

why:readability, optimization, simplification, …

class C { D void m() { S’ { E1 ; while (E2) { S0

E3 ; }} S” }}

class C { D void m() { S’ [ ] S’’ }}

25

Semantics Q1 2007

How to Prove Behavioral Equivalence?

• How do we prove: (for given C, C’)?• i.e.:

•

•

•

» For derivation sequences of any length, n

C C’

,’: (<C,> * ’) (<C’,> * ’)

Store: exec(C,) = exec(C’,) if both defined

,’: (<C,> * ’) (<C’,> * ’)

,’: (<C,> * ’) (<C’,> * ’)

,’: (<C,> n ’) (<C’,> * ’)

,’: (<C,> * ’) (<C’,> n ’)

26

Semantics Q1 2007

Induction on the Length of Derivation Seq’s

• Base case: P(k=1)• Prove that the property, P, holds

» for all derivation sequences of length 1 (one)

• Inductive step: P(k) P(k+1)• Assume P(k):

» that the property holds for derivation sequences of length k

• Prove P(k+1):» that it holds for derivation sequences of length k+1

• Then: n1: P(n)» Property P holds for all derivation sequences (any length)

27

Semantics Q1 2007

…Or

• How do we prove: (for given C, C’)?• i.e.:

•

•

•

» For some intermediate configuration,

C C’

,’: (<C,> * ’) (<C’,> * ’)

Store: exec(C,) = exec(C’,) if both defined

,’: (<C,> * ’) (<C’,> * ’)

,’: (<C,> * ’) (<C’,> * ’)

: (<C,> * ) (<C’,> * )

: (<C,> * ) (<C’,> * )

28

Semantics Q1 2007

Example (Proof Structure)• Example:

•

• Prove “” (let be given w/o assumptions):•

• Assume [LHS]:• show [RHS]:

» Case analysis on possible derivations for [LHS]…

if B then C else C’ if ~B then C’ else C

<if B then C else C’, > * <if ~B then C’ else C, > *

for some

<if B then C else C’, > *

<if ~B then C’ else C, > *

29

Semantics Q1 2007

Example (cont’d)• Case [B * tt]:

• Then construct:

» Analogous for [B * ff]» Symmetric for the other direction “”

<if B then C else C’,> <C,’>C1

<B,> <tt,>B*

[IF1]

<if ~B then C’ else C,> <C,’>C1

<~B,> <ff,>B1

[IF2]

<B,> <tt,>B*

[NEG1]

proof

proof

C*

C*

’

’

proof ’

proof ’

30

Semantics Q1 2007

IMPERATIVE BLOCKS

31

Semantics Q1 2007

Blocks• Consider the language ABCD:

•

•

•

•

• Example:

A ::= z | v | A0 + A1 | A0 - A1 | A0 A1

B ::= b | ~ B | B0 or B1 | A0 = A1

C ::= nil | x := A | if B then C else C’ | while B do C | begin D ; C end // local block

D ::= nil | var x := A | D0 ; D1 // local defs.

if (~ (x = y))then begin var t := x ; x := y ; y := t end else nil

32

Semantics Q1 2007

Semantics of Definitions• Semantics of Definitions:

•

•

•

•

[NIL]D

<nil, > D

<var x := A, > D ’[x=n][VAR]D

<A, > A* <n, ’>

<D0 ; D1, > D <D0’ ; D1, ’>[SEQ1]D

<D0, > D <D0’, ’>

<D0 ; D1, > D <D1, ’>[SEQ2]D

<D0, > D ’

extend store

Note: [Plotkin] does this differently (through env-store model); read it yourselves…

33

Semantics Q1 2007

Semantics of Blocks• SOS for Blocks:

–

–

–

[BLK1]C

<begin D ; C end, > C <begin(V,0) C end, ’><D, > D* ’

[BLK2]C

<begin(V,0) C end, > C <begin(V,0) C’ end, ’><C, > C <C’,’>

[BLK3]C

<begin(V,0) C end, > C (’ \ V) [0]

<C, > C ’

remember values of shadowed variables : 0= |V

remember set of locally defined variables : V=DV(D)

purge locally defined variables and restore old shadowed values

34

Semantics Q1 2007

Dynamic vs. Static Scope Rules–

• Example: x := 2 ;begin var x := 7 ; nilend// here: x has the value...

[BLK3]C

<begin(V,0) C end, > C (’ \ V) [0]

<C, > C ’

purge locally defined variables and restore old shadowed values

“Static Scope Rules”x = 2

“Dynamic Scope Rules”x = 7

restoring old shadowed values not restoring …

35

Semantics Q1 2007

Inaccessible Val’s (Garbage Collection)

–

• Example:

[BLK3]C

<begin(V,0) C end, > C (’ \ V) [0]

<C, > C ’

purge locally defined variables and restore old shadowed values

// x undefinedbegin var x := 7 ; nilend// here x is ...

“No Inaccessible Values”x isn’t in the store

(garbage collection)!

“Inaccessible Values”x is in the store

(but inaccessible)!

purging locally defined vars not purging …

36

Semantics Q1 2007

THE ENVIRONMENT-STORE

MODEL

37

Semantics Q1 2007

“The Environment-Store Model”• “The Environment-Store Model”:

• Introducing abstract locations:

• Transitions: |- <E,> <E’,’>

x ℓ v

VAR LOC VAL

environment store

(x) ((x))x

: VAR LOC , : LOC VAL

env : doesn’t change w/ execstore: mutates with execution

38

Semantics Q1 2007

Examples (Pointers)• Pointers

•

• Static Semantics:•

• Dynamic Semantics:

ptr p = 0xCAFEBABE;// (p) LocZ a location const

int x = *p; // *p Z (since (p) LocZ)

[DER]

|- * E :

|- E : LOC

[DER2]

|- <* E,> <* E’,’> |- <* ℓ,> <n,>n = (ℓ)

[DER1]

|- <E,> <E’,’>

#define ptr (int*)(for the C-hackers: :)

"DER" for (pointer) dereference

39

Semantics Q1 2007

Examples (cont’d)• Aliasing (similarly with call-by-reference):

–

• Explicit allocation:–

• Explicit deallocation:–

{ ptr p = allocate(1); // (p) = ℓfresh ℓfresh LocZ

*p = 42; // side-effecting: ’ = [ℓfresh=42]} // ℓfresh Dm()

ptr p = ...;free(p);// (p)=ℓ, but ℓDm(); “dangling reference”!

ptr q = p; // location aliasing: (q) = ℓ = (p)*p = 42; // side-effecting: ’ = [ℓ=42]// now *q also has the value 42: ((q)) is 42

40

Semantics Q1 2007

OTHER SEMANTIC FORMALISMS

41

Semantics Q1 2007

Operational Semantics• Operational Semantics:

• Labelled Transition System:0 = <z=x;x=y;y=z, [x=1,y=2,z=3]> 1 = <x=y;y=z, [x=1,y=2,z=1]> 2 = <y=z, [x=2,y=2,z=1]> 3 = result = [x=2,y=1,z=1]

• Variations in step-sizes (small-step, big-step, …)

The meaning of a construct is specified by the computation it induces when it is executed on a machine. In particular, it is of interest how the effect of a computation is produced.

-- [Nielson & Nielson, “Semantics with Applications”, ’93]

42

Semantics Q1 2007

Operational Semantics (cont’d)• Example: Modular SOS

– Using “Generalized LTS”– Essentially: Neighbouring labels must be “composable”.– Configurations does not contain stores or anything else

but the program state. Stores, environments, I/O etc. are embedded in the labels, e.g.:

– In this case labels are composable iff the second store component in a label is equal to the first store component in the subsequent label.

x := e -X-> x := e’e –X-> e’

x := n –(σ,σ’)-> nilσ’=σ[n/x]

[ASS1]

[ASS2]

43

Semantics Q1 2007

Denotational Semantics• Denotational Semantics:

• Describe everything as mathematical functions:» [[ z=x;(x=y;y=z)]] =

[[ x=y;y=z ]] o [[ z=x ]] =[[ y=z ]] o [[ x=y ]] o [[ z=x ]] =s.s[y=s(z)] o s.s[x=s(y)] o s.s[z=s(x)] =s.s[x=s(y),y=s(x),z=s(x)]

– Ex. R5RS (Revised5 Report on the Alg. Lang. Scheme)

– Loops expressed as fixed-points of rec’sive functors» i.e., functions that takes functions as arguments

Meanings are modelled by mathematical objects that represent the effect of executing the constructs. Thus, only the effect is of interest, not how it is obtained.

-- [Nielson & Nielson, “Semantics with Applications”, ’93]

44

Semantics Q1 2007

Axiomatic Semantics• Axiomatic Semantics:

• Partial correctness; – Command C is partially correct wrt. a pre and a post-

condition if whenever the initial state fulfils the pre-condition and the program terminates, then the final state fulfils the post-condition.

– {x=1,y=2} z=x;x=y;y=z {x=2,y=1}

Specific properties of the effect of executing the constructs are expressed as assertions. Thus, there may be aspects of the executions that are ignored.

-- [Nielson & Nielson, “Semantics with Applications”, ’93]

{ pre } C { post }

{P} C;C’ {R}{P} C {Q} {Q} C’ {R}

{P} while B do C {¬B∧P}{B∧P} C {P}

45

Semantics Q1 2007

</ SEMANTICS >

46

Semantics Q1 2007

Next week: Revision Period; then Exam

Good Luck!

Any Questions?