«Specification and Abstraction of Semantics» 1. Souvenir, Souvenir. Neil D. Jones. Contents. A Tribute Workshop and Festival to Honor Neil D.

Size: px

Start display at page:

Download "«Specification and Abstraction of Semantics» 1. Souvenir, Souvenir. Neil D. Jones. Contents. A Tribute Workshop and Festival to Honor Neil D."

Derek Lyons
5 years ago
Views:

«Specification and Abstraction of Semantics» Patrick Cousot Radhia Cousot École normale supérieure CNRS & École polytechnique 45 rue d Ulm Route de Saclay 7530 Paris cedex 05, France 9118 Palaiseau

1 «Specification and Abstraction of Semantics» Patrick Cousot Radhia Cousot École normale supérieure CNRS & École polytechnique 45 rue d Ulm Route de Saclay 7530 Paris cedex 05, France 9118 Palaiseau Cedex, France Patrick.Cousot@ens.fr Radhia.Cousot@polytechnique.fr Contents Souvenir, Souvenir... 3 Specification and abstraction of semantics Motivation... 9 Bi-inductive structural definitions Example: semantics of the eager -calculus Abstraction Conclusion A Tribute Workshop and Festival to Honor Neil D. Jones Datalogisk Institut, Københavns Universitet, København, Denmark 5 6 August, 007 Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, 007 ľ P. Cousot & R. Cousot Neil D. Jones 1. Souvenir, Souvenir An explorer of automatic semantics-based program manipulation Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

A Long Common Professional Interest and Collaboration Semantique I; Semantique II; Atlantique; Daedalus; Many more shared events Århus workshop

Cousot & R. Cousot Tribute to Neil, København, August 5 th, 007 6 ľ P. Cousot & R. Cousot Happy Souvenirs.

2 A Long Common Professional Interest and Collaboration Semantique I; Semantique II; Atlantique; Daedalus; Many more shared events Århus workshop in 81,... POPL 97 in Paris,... POPL 04 in Venice... Decision to start Astrée... VMCAI 009 Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Happy Souvenirs. Specification and abstraction of semantics Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

3 Motivation Motivation We look for a formalism to specify abstract program semantics from definitional semantics... to static program analysis algorithms - coping with termination & non-termination, - handling the many dierent styles of presentations found in the literature (rules, fixpoint, equations, constraints,... ) in a uniform way A simple generalization of inductive definitions from sets to posets seems adequate. Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot On the importance of defining both finite and infinite behaviors Example of the choice operator E 1 j E where: E 1 =) a E =) b termination or E 1 =)?E =)? non-termination Thefinite behavior of E 1 j E is: a j b =) a a j b =) b : But for the case?j?=)?, the infinite behaviors of E 1 j E depend on the choice method: Non-deter- Parallel Eager Mixed left- Mixed rightministic to-right to-left?jb =) b?jb =) b?jb =) b?jb =)??jb =)??jb =)??jb =)? a j?=) a a j?=) a a j?=) a a j?=)? a j?=)? a j?=)? a j?=)? Nondeterministic: an internal choice is made initially to evaluate E 1 or to evaluate E ; Parallel: evaluate E 1 and E concurrently, with an unspecified scheduling, and return the first available result a or b; Mixed left-to-right: evaluate E 1 and then either return its result a or evaluate E and return its result b; Mixed right-to-left: evaluate E and then either return its result b or evaluate E 1 and return its result a; Eager: evaluate both E 1 and E and return either results if both terminate. Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

4 Inductive definitions Bi-inductive Structural Definitions Over-simplified for the presentation! Set-theoretic [Acz77] Order-theoretic h}(u); i hd; vi universe P c R (P }(U);cU) P R (P; C D) rules C n F (X), c 9 P o c R: P X F (X), G nc 9 P o c R: P v X transformer lfp F }(U) lfp v F D fixpoint def. `least X : F (X) =X v`least X : F (X) =X equational def. `least X : F (X) X v`least X : F (X) v X constraint def. n X o n X o X U^c F (X) X D c F (X) rules Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Inductive definitions Set-theoretic [Acz77] Order-theoretic h}(u); i hd; vi universe P c R (P }(U);cU) P R (P; C D) rules C n F (X), c 9 P o c R: P X F (X), G nc 9 P o c R: P v X transformer Semantics of the Eager -calculus lfp F }(U) lfp v F D fixpoint def. `least X : F (X) =X v`least X : F (X) =X equational def. `least X : F (X) X v`least X : F (X) v X constraint def. n X o n X o X U^c F (X) X D c F (X) rules Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

5 Syntax of the Eager -calculus Syntax x; y; z;::: X variables c C constants (X \ C =?) c ::= 0 j 1 j ::: v V v ::= c j λ x. a values e E errors e ::= cajea a; a 0 ; a 1 ;:::;b;;::: T terms a ::= x j v j aa 0 Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Example I: Finite Computation Trace Semantics function argument ((λ x. xx) (λ y. y)) ((λ z. z)0)! evaluate function ((λ y. y) (λ y. y)) ((λ z. z)0)! evaluate function, cont d (λ y. y) ((λ z. z) 0)! evaluate argument (λ y. y) 0! apply function to argument 0 a value! Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

6 Example II: Infinite Computation function argument (λ x. xx) (λ x. xx)! apply function to argument (λ x. xx) (λ x. xx)! apply function to argument (λ x. xx) (λ x. xx)! apply function to argument ::: non termination! Example III: Erroneous Computation function argument ((λ x. xx)((λ z. z) 0)) ((λ y. y)0)! evaluate argument ((λ x. xx)((λ z. z) 0)) 0! evaluate function ((λ x. xx) 0) 0! evaluate function, cont d (0 0) 0 a runtime error! Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, 007 ľ P. Cousot & R. Cousot Finite, Infinite and Erroneous Trace Semantics Traces s(t) Error T? (resp. T +, T!, T / and T 1 ) be the set of finite (resp. nonempty finite, infinite, finite or infinite, and nonempty finite or infinite) sequences of terms is the empty sequence = =. jj N [f!g is the length of T /. j j =0. If T + then jj > 0 and = 0 1 ::: jj`1. If T! then jj =! and = 0 ::: n ::: t Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

7 Operations on Traces (Cont d) Fora T and T 1,wedefinea@ to be 0 T 1 such that 8i <jj : i 0 = a i Operations on Traces (Cont d) Similarly for a T and T is 0 where 8i <jj : i 0 = i a = i... = i... a@ = a 0 a 1 a a 3... a = 0 a 1 a a 3 a... i a... Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Finite and Infinite Trace Semantics ~S The Computational Lattice Given S; T }(T 1 ), we define S +, S \ T + finite traces S!, S \ T! infinite traces S v T, S + T + ^ S! «T! computational order h}(t 1 ); v; T! ; T + ; t; ui is a complete lattice Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

8 Bifinitary Trace Semantics ~S of the Eager -calculus 1 a[x v] ~S v ~S; v V v; v V (λ x. a) v a[x v] ~S Fixpoint big-step maximal trace semantics The bifinitary trace semantics is ~S = lfp v ~F where ~F }(T 1 ) 7! }(T 1 ) is ~S! a@ ~S v; a V v ~S + ; (a v) 0 ~S (a@) (a v) 0 ~S v; v; a V ~F (S), fv T 1 j v Vg[ f(λ x. a) v a[x v] j v V ^ a[x v] Sg[ f@b j S! g[ f(@b) (v b) 0 j 6= ^ v S + ^ v V ^ (v b) 0 Sg[ fa@ j a V ^ S! g[ f(a@) (a v) 0 j a; v V ^ 6= ^ v S + ^ (a v) 0 Sg : ~S v v ~S + ; (v b) 0 ~S (@b) (v b) 0 ~S v; v V 1 Note: a[x b] is the capture-avoiding substitution of b for all free occurences of x within a. WeletFV(a) be the free variables of a. We define the call-by-value semantics of closed terms (without free variables) T, fa T j FV(a) =?g. Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Trace Semantics Relational Semantics Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

9 Relational Semantics = (Trace Semantics) Relational Semantics Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Abstraction to the Bifinitary Relational Semantics of the Eager -calculus remember the input/output behaviors, forget about the intermediate computation steps (T ) ( 0 1 ::: n ) ( 0 ::: n :::) def = f () j T g def = 0 =) n def = 0 =)? Bifinitary Relational Semantics of the Eager -calculus v =) v; v V a =)? ab=)? v b =)? v; a V ab=)? a[x v] =) r v; (λ x. a) v =) r v V; r V [f?g a =) v; vb=) r ab=) r v; v V; r V [f?g b =) v; av=) r ab=) r v; a V; v V; r V [f?g: Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

10 On the computational ordering v For the bifinitary trace semantics ~S, we could replace the computational ordering v by «(thus taking greatest fixpoints for ); Impossible for the bifinitary relational semantics! Counter-example: the greatest fixpoint starts by assuming that we have the terminating execution Natural Semantics (λ x. xx)(λ x. xx)=) (λ x. xx)(λ x. xx) a[x v] =) r then the call rule v; v V; r V [f?g will (λ x. a) v =) r preserve this invalid hypothesis! Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Natural Semantics = (Relational Semantics) Abstraction to the Natural Big-Step Semantics of the Eager -calculus remember the finite input/output behaviors, forget about non-termination (T ) def = [ f () j T g ( 0 =) n ) def = f 0 =) n g ( 0 =)?) def =? Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

11 Natural Big-Step Semantics of the Eager -calculus [Kah88] v =) v; v V a[x v] =) r ; v V; r V (λ x. a) v =) r a =) v; vb=) r ; v V; r V ab=) r Transition Semantics b =) v; ab=) r av=) r ; a V; v V; r V : Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot s(t) Transition Semantics = (Trace Semantics) Abstraction to the Transition Semantics of the Eager -calculus remember execution steps, forget about their sequencing (T ) def = [ f () j T g ( 0 1 ::: n ) def = f i `A i+1 j 0 6 i ^ i<ng Error t ( 0 ::: n :::) def = f i `A i+1 j i > 0g Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

12 Transition Semantics of the Eager -calculus [Plo81] Approximation ((λ x. a) v) `A a[x v] a 0 `A a 1 a 0 b `A a 1 b b 0 `A b 1 vb 0 `A vb 1 : ((λ x. xx)((λ z. z) 0)) (λ y. y)! ((λ x. xx) 0) (λ y. y)! (0 0) (λ y. y) an error! Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Abstraction Kleenian abstraction hd; v;?; ti, hd ] ; v ] ;? ] ; t ] i dcpos F D7! D, F ] D ] 7!D ] monotone D7! D ] strict and continuous on chains of D F = F ], commutation condition =) (lfp v F )=lfp v] F ] OK for abstracting finite behaviors, not infinite ones Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

13 Tarskian abstraction hd; v;?; ti, hd ] ; v ] ;? ] ; t ] i dcpos F D7! D, F ] D ] 7!D ] monotone D7! D ] preserves meets F ] v ] F, semi-commutation condition 8y D ] :(F ] (y) v ] y)=) (9x D: (x) =y ^ F (x) v x =) (lfp v F )=lfp v] F ] Conclusion OK for abstracting infinite behaviors, not finite ones ) abstract by parts. Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Conclusion Bothfinite and infinite semantics are needed in static analysis (such as strictness, [Myc80]), typing [Cou97, Ler06], etc; Such static analyzes must be proved correct with respect to a semantics chosen at an various level of abstraction (small-step/big-step trace/relational/natural semantics); Static analyzes use various equivalent presentations (fixpoints, equational, constraints and inference rules) The bifinite extension of SOS might satisfy these needs. THE END, THANK YOU Neil, for such a long friendship and cooperation Best wishes for your new constraintless research career Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

14 Bibliography [Acz77] P. Aczel. An introduction to inductive definitions. In J. Barwise, editor, Handbook of Mathematical Logic, volume90ofstudies in Logic and the Foundations of Mathematics, pages Elsevier, [Cou97] P. Cousot. Types as abstract interpretations, invited paper. In 4 th POPL, pages , Paris, FR, Jan ACM Press. [Kah88] G. Kahn. Natural semantics. In K. Fuchi and M. Nivat, editors, Programming of Future Generation Computers, pages Elsevier, [Ler06] X. Leroy. Coinductive big-step operational semantics. In P. Sestoft, editor, Proc. 15 th ESOP 006, Vienna, AT, LNCS 394, pages Springer, 7 8 Mar [Myc80] A. Mycroft. The theory and practice of transforming call-by-need into call-by-value. In B. Robinet, editor, Proc. 4 th Int. Symp. on Programming, Paris, FR, 4 Apr. 1980, LNCS 83, pages Springer, [Plo81] G.D. Plotkin. A structural approach to operational semantics. Technical Report DAIMI FN-19, Aarhus University, DK, Sep Tribute to Neil, København, August 5 th, ľ P. Cousot & R. Cousot

Bi-inductive Structural Semantics

SOS 2007 Bi-inductive Structural Semantics (Extended Abstract) Patrick Cousot 1 Département d informatique, École normale supérieure, 45 rue d Ulm, 75230 Paris cedex 05, France Radhia Cousot 2 CNRS & École