G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV

Similar documents
CS422 - Programming Language Design

Reasoning About Imperative Programs. COS 441 Slides 10b

Hoare Logic and Model Checking

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Semantics and Verification of Software

Denotational Semantics of Programs. : SimpleExp N.

T Reactive Systems: Temporal Logic LTL

The Assignment Axiom (Hoare)

CS 4110 Programming Languages & Logics. Lecture 16 Programming in the λ-calculus

CS 6110 Lecture 21 The Fixed-Point Theorem 8 March 2013 Lecturer: Andrew Myers. 1 Complete partial orders (CPOs) 2 Least fixed points of functions

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

Timo Latvala. February 4, 2004

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

Program verification using Hoare Logic¹

Hoare Calculus and Predicate Transformers

Program Analysis Part I : Sequential Programs

Hoare Logic: Part II

Weakest Precondition Calculus

Hoare Logic (I): Axiomatic Semantics and Program Correctness

CMSC 631 Program Analysis and Understanding Fall Abstract Interpretation

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Chapter 4: Computation tree logic

Operational Semantics

Axiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

Programming Languages and Compilers (CS 421)

Discrete Mathematics for CS Fall 2003 Wagner Lecture 3. Strong induction

CIS 500: Software Foundations

Program verification. 18 October 2017

3 Propositional Logic

CS558 Programming Languages

Dynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007

Introduction to Axiomatic Semantics

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Mathematical Foundations of Programming. Nicolai Kraus. Draft of February 15, 2018

Extensions to the Logic of All x are y: Verbs, Relative Clauses, and Only

Denotational Semantics

AAA616: Program Analysis. Lecture 3 Denotational Semantics

Designing Information Devices and Systems I Fall 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way

Hoare Logic: Reasoning About Imperative Programs

CSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.

Semantic Metatheory of SL: Mathematical Induction

Propositional Logic: Syntax

Soundness and Completeness of Axiomatic Semantics

CIS 500 Software Foundations. Midterm II. March 28, 2012

Using the Prover I: Lee Pike. June 3, NASA Langley Formal Methods Group Using the Prover I:

Designing Information Devices and Systems I Spring 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way

Relative Hilbert-Post completeness for exceptions

A brief introduction to Logic. (slides from

SEMANTICS OF PROGRAMMING LANGUAGES Course Notes MC 308

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

Introduction to Axiomatic Semantics

EDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach

CIS 500 Software Foundations. Final Exam. May 9, Answer key. Hoare Logic

Math 324 Summer 2012 Elementary Number Theory Notes on Mathematical Induction

Unary negation: T F F T

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Static Program Analysis

Advanced Topics in LP and FP

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

Model for reactive systems/software

CITS2211 Discrete Structures. Propositional Logic

CIS 500: Software Foundations. November 8, Solutions

Proving Completeness for Nested Sequent Calculi 1

Logical Agents. Knowledge based agents. Knowledge based agents. Knowledge based agents. The Wumpus World. Knowledge Bases 10/20/14

Propositional Logic. Jason Filippou UMCP. ason Filippou UMCP) Propositional Logic / 38

EE562 ARTIFICIAL INTELLIGENCE FOR ENGINEERS

Proofs. Chapter 2 P P Q Q

Section 14.1 Computability then else

Modal and temporal logic

Propositions. c D. Poole and A. Mackworth 2010 Artificial Intelligence, Lecture 5.1, Page 1

COSE212: Programming Languages. Lecture 1 Inductive Definitions (1)

A Short Introduction to Hoare Logic

(a) Definition of TMs. First Problem of URMs

Element x is R-minimal in X if y X. R(y, x).

Model Checking: An Introduction

Formal Techniques for Software Engineering: Denotational Semantics

Loop Convergence. CS 536: Science of Programming, Fall 2018

Program Verification Using Separation Logic

PHIL12A Section answers, 16 February 2011

CSE20: Discrete Mathematics

Axiomatic Verification II

Löwenheim-Skolem Theorems, Countable Approximations, and L ω. David W. Kueker (Lecture Notes, Fall 2007)

cis32-ai lecture # 18 mon-3-apr-2006

Propositional Dynamic Logic

Designing Information Devices and Systems I Fall 2018 Lecture Notes Note Introduction: Op-amps in Negative Feedback

Comp487/587 - Boolean Formulas

31.1.1Partial derivatives

CS 373: Theory of Computation. Fall 2010

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

Lecture 7. Logic. Section1: Statement Logic.

Logic: Bottom-up & Top-down proof procedures

Last Time. Inference Rules

Predicate Logic - Undecidability

LING 106. Knowledge of Meaning Lecture 3-1 Yimei Xiang Feb 6, Propositional logic

Propositional Logic: Bottom-Up Proofs

Transcription:

G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV Henrik Nilsson University of Nottingham, UK G54FOP: Lecture 17 & 18 p.1/33

These Two Lectures Revisit attempt to define denotational semantics for small imperative language Discussion of the reasons for it being inadequate Fixed point semantics Basic domain theory The Least Fixed Point Theorem G54FOP: Lecture 17 & 18 p.2/33

Recap: Imperative Language (1) Syntax of expressions: e expressions: x variable n constant number, n N true constant true false constant false not e logical negation e && e logical conjunction... G54FOP: Lecture 17 & 18 p.3/33

Recap: Imperative Language (2) e expressions:... e + e addition e - e subtraction e = e numeric equality test e < e numeric less than test G54FOP: Lecture 17 & 18 p.4/33

Recap: Imperative Language (3) Syntax of commands: c commands: skip no operation x := e assignment c ; c sequence if e then c else c conditional while e do c iteration G54FOP: Lecture 17 & 18 p.5/33

Rcp: Denotational Semantics for IL (1) We take the semantic domain to be N for simplicity. A store maps a variable name to its value: Σ = x N σ : Σ We need two semantic functions, one for expressions (no side effects), one for commands: E[ ] : e (Σ N) C[ ] : c (Σ Σ) [Not correct yet!] (Note: e (Σ N) = e Σ N etc.) G54FOP: Lecture 17 & 18 p.6/33

Rcp: Denotational Semantics for IL (2) E[ ]: some typical cases: E[x] σ = σ x E[n] σ = n E[true] σ = 1 E[false] σ = 0 E[not e] σ = { 1, if E[e] σ = 0 0, otherwise E[e 1 + e 2 ] σ = E[e 1 ] σ + E[e 1 ] σ G54FOP: Lecture 17 & 18 p.7/33

Rcp: Denotational Semantics for IL (3) First attempt: C[skip] σ = σ C[x := e] σ = [x E[e] σ]σ C[c 1 ; c 2 ] σ = C[c 2 ] (C[c 1 ] σ) C[if e then c 1 else c 2 ] σ = { C[c 1 ] σ, if E[e] σ = 1 C[c 2 ] σ, otherwise C[while e do c] σ = C[if e then (c ; while e do c) else skip] σ G54FOP: Lecture 17 & 18 p.8/33

Rcp: Denotational Semantics for IL (4) Intuition: Semantics of a command is a function mapping state (store) as it is prior to executing the command to resulting state after the command has been executed; i.e., a state transformer (Σ Σ). G54FOP: Lecture 17 & 18 p.9/33

Rcp: Denotational Semantics for IL (4) Intuition: Semantics of a command is a function mapping state (store) as it is prior to executing the command to resulting state after the command has been executed; i.e., a state transformer (Σ Σ). Any problem? G54FOP: Lecture 17 & 18 p.9/33

Rcp: Denotational Semantics for IL (4) Intuition: Semantics of a command is a function mapping state (store) as it is prior to executing the command to resulting state after the command has been executed; i.e., a state transformer (Σ Σ). Any problem? Yes: C[while e do c] σ = C[if e then (c ; while e do c) else skip] σ is not compositional and does not define a unique solution. G54FOP: Lecture 17 & 18 p.9/33

Rcp: Denotational Semantics for IL (4) Intuition: Semantics of a command is a function mapping state (store) as it is prior to executing the command to resulting state after the command has been executed; i.e., a state transformer (Σ Σ). Any problem? Yes: C[while e do c] σ = C[if e then (c ; while e do c) else skip] σ is not compositional and does not define a unique solution. (However, it is a semantic equation that should hold.) G54FOP: Lecture 17 & 18 p.9/33

The Problem (1) To see no unique solution, consider for example: c 1 = while x /= 1 do x := x - 2 C[c 1 ] σ = { C[c 1 ] ([x σ x 2]σ), if σ x 1 σ, otherwise (A) Equation (A) is satisfied by C[c 1 ] = f c1 where: { [x 1]σ, if odd(σ x) f c1 σ = σ, if even(σ x), σ arbitrary! (S) G54FOP: Lecture 17 & 18 p.10/33

The Problem (2) Verify this (was homework). Case σ x = 1: LHS (A) = C[c 1 ] σ = { C[c 1 ] = f c1 } f c1 σ = { By (S), odd(σ x) } [x 1]σ = σ = RHS (A) G54FOP: Lecture 17 & 18 p.11/33

The Problem (3) Case odd(σ x), σ x > 1: Note that then also odd(σ x 2). LHS (A) = C[c 1 ] σ = f c1 σ = { By (S), odd(σ x) } [x 1]σ = [x 1]([x σ x 2]σ) = { odd(σ x 2), By (S) } = f c1 ([x σ x 2]σ) =... G54FOP: Lecture 17 & 18 p.12/33

The Problem (4) =... = C[c 1 ] ([x σ x 2]σ) = { σ x 1 } RHS (A) G54FOP: Lecture 17 & 18 p.13/33

The Problem (5) Case even(σ x), σ x > 1: LHS (A) = C[c 1 ] σ = f c1 σ = { By (S), even(σ x) } σ = { even(σ x 2), By (S) } = f c1 ([x σ x 2]σ) = C[c 1 ] ([x σ x 2]σ) = { σ x 1 } RHS (A) G54FOP: Lecture 17 & 18 p.14/33

Solution: Fixed Point Semantics (1) How can we proceed? G54FOP: Lecture 17 & 18 p.15/33

Solution: Fixed Point Semantics (1) How can we proceed? Clue: f c1 = C[c 1 ] occurs in both the LHS and RHS of (A). The desired semantic function is the fixed point of the equation! G54FOP: Lecture 17 & 18 p.15/33

Solution: Fixed Point Semantics (1) How can we proceed? Clue: f c1 = C[c 1 ] occurs in both the LHS and RHS of (A). The desired semantic function is the fixed point of the equation! New attempt: C[while e do c] = { ) σ, if E[e] σ = 0 fix Σ Σ (λf.λσ. f (C[c] σ), otherwise G54FOP: Lecture 17 & 18 p.15/33

Solution: Fixed Point Semantics (2) (Might be easier to see if we allow a recursive formulation where the fixed point is implicit: C[while e do c] = f where { σ, if E[e] σ = 0 f σ = f (C[c] σ), otherwise However, we stick to an explicit fixed point formulation to make the semantics clear.) G54FOP: Lecture 17 & 18 p.16/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: Does this fixed point exist? G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: Does this fixed point exist? Is it unique if it does exist? G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: Does this fixed point exist? Is it unique if it does exist? We should be suspicious! Consider e.g.: C[while true do (x := x + 1)] {x 0} What could the final value of x possibly be? G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: Does this fixed point exist? Is it unique if it does exist? We should be suspicious! Consider e.g.: C[while true do (x := x + 1)] {x 0} What could the final value of x possibly be? 10? G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: Does this fixed point exist? Is it unique if it does exist? We should be suspicious! Consider e.g.: C[while true do (x := x + 1)] {x 0} What could the final value of x possibly be? 10? 1000? G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (1) Our definition of C[ ] is now compositional! But: Does this fixed point exist? Is it unique if it does exist? We should be suspicious! Consider e.g.: C[while true do (x := x + 1)] {x 0} What could the final value of x possibly be? 10? 1000?? G54FOP: Lecture 17 & 18 p.17/33

Existence and Uniqueness? (2) More generally, consider the following recursive definitions: f 1 n = (f 1 n) + 1 (1) f 2 n = f 2 n (2) G54FOP: Lecture 17 & 18 p.18/33

Existence and Uniqueness? (2) More generally, consider the following recursive definitions: f 1 n = (f 1 n) + 1 (1) f 2 n = f 2 n (2) No f 1 N N satisfies (1). G54FOP: Lecture 17 & 18 p.18/33

Existence and Uniqueness? (2) More generally, consider the following recursive definitions: f 1 n = (f 1 n) + 1 (1) f 2 n = f 2 n (2) No f 1 N N satisfies (1). All f 2 N N satisfies (2). G54FOP: Lecture 17 & 18 p.18/33

Existence and Uniqueness? (2) More generally, consider the following recursive definitions: f 1 n = (f 1 n) + 1 (1) f 2 n = f 2 n (2) No f 1 N N satisfies (1). All f 2 N N satisfies (2). So, if we are considering functions defined on sets, fixed points need not exist, and, if they do, they need not be unique! G54FOP: Lecture 17 & 18 p.18/33

Denotation for Non-termination (1) Idea: G54FOP: Lecture 17 & 18 p.19/33

Denotation for Non-termination (1) Idea: Let ( bottom ) denote non-termination (divergence) or error. G54FOP: Lecture 17 & 18 p.19/33

Denotation for Non-termination (1) Idea: Let ( bottom ) denote non-termination (divergence) or error. For a set A such that / A, let A = A { }. G54FOP: Lecture 17 & 18 p.19/33

Denotation for Non-termination (1) Idea: Let ( bottom ) denote non-termination (divergence) or error. For a set A such that / A, let A = A { }. For a function f : A B, let {, if x = f x = f x, otherwise (Called source lifting ; note: f : A B ) G54FOP: Lecture 17 & 18 p.19/33

Denotation for Non-termination (2) A function f is strict iff f =. G54FOP: Lecture 17 & 18 p.20/33

Denotation for Non-termination (2) A function f is strict iff f =. Source lifting yields a strict function. Intuitively, it ensures propagation of errors. G54FOP: Lecture 17 & 18 p.20/33

Denotation for Non-termination (2) A function f is strict iff f =. Source lifting yields a strict function. Intuitively, it ensures propagation of errors. We can now find a function satisfying (1): f 1 : N N f 1 x = f 1 satisfies (1) because + is strict (i.e., in this case, + 1 = ). G54FOP: Lecture 17 & 18 p.20/33

Denotation for Non-termination (3) G54FOP: Lecture 17 & 18 p.21/33

Denotation for Non-termination (3) Thus, by considering a mathematically richer structure than plain sets, we could find a solution to at least one fixed point equation that did not have a solution in plain set theory. G54FOP: Lecture 17 & 18 p.21/33

Denotation for Non-termination (3) Thus, by considering a mathematically richer structure than plain sets, we could find a solution to at least one fixed point equation that did not have a solution in plain set theory. This is a key idea of Domain Theory. G54FOP: Lecture 17 & 18 p.21/33

Denotation for Non-termination (3) Thus, by considering a mathematically richer structure than plain sets, we could find a solution to at least one fixed point equation that did not have a solution in plain set theory. This is a key idea of Domain Theory. However, even if we move to such a richer setting, we still don t know: - Does a fixed point equation always have a solution? - Are solutions unique if they exists? G54FOP: Lecture 17 & 18 p.21/33

Semantics for Commands Revisited But first, let us refine the meaning of commands: C[ ] : c (Σ Σ ) G54FOP: Lecture 17 & 18 p.22/33

Semantics for Commands Revisited But first, let us refine the meaning of commands: C[ ] : c (Σ Σ ) Now we can find a meaning for e.g. an infinite loop: C[while true do skip] = λσ. G54FOP: Lecture 17 & 18 p.22/33

Semantics for Commands Revisited But first, let us refine the meaning of commands: C[ ] : c (Σ Σ ) Now we can find a meaning for e.g. an infinite loop: C[while true do skip] = λσ. But we have to refine the meaning of sequencing: C[c 1 ; c 2 ] σ = (C[c 2 ] ) (C[c 1 ] σ) G54FOP: Lecture 17 & 18 p.22/33

Domains and Continuous Functions (1) G54FOP: Lecture 17 & 18 p.23/33

Domains and Continuous Functions (1) A domain D is a set with - a partial order - a least element such that every chain of elements x i D, x 0 x 1..., has a limit in D, i.e., a least upper bound, denoted x i. i=0 G54FOP: Lecture 17 & 18 p.23/33

Domains and Continuous Functions (1) A domain D is a set with - a partial order - a least element such that every chain of elements x i D, x 0 x 1..., has a limit in D, i.e., a least upper bound, denoted x i. i=0 is an information ordering: read x y as x is less informative than y. G54FOP: Lecture 17 & 18 p.23/33

Domains and Continuous Functions (2) If D satisfies all conditions for being a domain, except that it lacks a smallest element, then it is called a predomain. G54FOP: Lecture 17 & 18 p.24/33

Domains and Continuous Functions (2) If D satisfies all conditions for being a domain, except that it lacks a smallest element, then it is called a predomain. A function f is said to be continuous if it preserves limits of chains: ( ) f x i = f x i i=0 where x i is a chain. i=0 G54FOP: Lecture 17 & 18 p.24/33

Domains and Continuous Functions (3) Any function space from a (pre)domain to a domain is a domain with least element λx. ; i.e., the everywhere undefined function. G54FOP: Lecture 17 & 18 p.25/33

The Least Fixed Point Theorem If D is a domain and f : D D is a continuous function, then x = n=0 f n is the least fixed point of f; i.e., f x = x, and for all y such that f y = y, it is the case that x y. G54FOP: Lecture 17 & 18 p.26/33

The Meaning of fix D Thus we take the meaning of fix D to be as given by the Least Fixed Point Theorem. As long as D is a domain and f : D D is a continuous function, then the fixed point x exists and is unique. x = fix D f G54FOP: Lecture 17 & 18 p.27/33

Exercise (1) Consider the following definition of the factorial function: f : (N N ) (N N ) f = λg.λn.if n = 0 then 1 else n g (n 1) fac = fix N N f Note: N is a predomain and N is a domain. Thus N N is a domain. Calculate f n for n = 0, 1, 2, 3. G54FOP: Lecture 17 & 18 p.28/33

Exercise (2) Note how f n becomes a better and better approximation of the factorial function as n increases. G54FOP: Lecture 17 & 18 p.29/33

Exercise (2) Note how f n becomes a better and better approximation of the factorial function as n increases. Thus each successive approximation is more informative than the previous one (information ordering). G54FOP: Lecture 17 & 18 p.29/33

Exercise (2) Note how f n becomes a better and better approximation of the factorial function as n increases. Thus each successive approximation is more informative than the previous one (information ordering). Thus it seems plausible that the series converges to the factorial function. G54FOP: Lecture 17 & 18 p.29/33

Exercise (2) Note how f n becomes a better and better approximation of the factorial function as n increases. Thus each successive approximation is more informative than the previous one (information ordering). Thus it seems plausible that the series converges to the factorial function. And in fact, because f is continuous, it does. G54FOP: Lecture 17 & 18 p.29/33

Semantics of while Revisited (1) G54FOP: Lecture 17 & 18 p.30/33

Semantics of while Revisited (1) It can be shown that Σ Σ = x N is a predomain. G54FOP: Lecture 17 & 18 p.30/33

Semantics of while Revisited (1) It can be shown that Σ Σ = x N is a predomain. Thus Σ and Σ Σ are both domains. G54FOP: Lecture 17 & 18 p.30/33

Semantics of while Revisited (1) It can be shown that Σ is a predomain. Σ = x N Thus Σ and Σ Σ are both domains. Furthermore, it can be shown that all functions g are continuous. g (Σ Σ ) (Σ Σ ) G54FOP: Lecture 17 & 18 p.30/33

Semantics of while Revisited (2) Thus, we can define: where C[while e do c] = fix Σ Σ g g : (Σ Σ ) (Σ Σ ) { σ, if E[e] σ = 0 g = λf.λσ. f (C[c] σ), otherwise in the knowledge that the fixed point fix Σ Σ g exists and is the smallest fixed point of g. G54FOP: Lecture 17 & 18 p.31/33

Exercises Calculate g n for g from the previous slide for a few n from 0 and upwards until you have convinced yourself that you get a better and better approximation of the semantic function for a while-loop (i.e., that each successive approximation can handle one more iteration). G54FOP: Lecture 17 & 18 p.32/33

Exercises Suppose we wish to add a C/Java-like post increment operator to the expression fragment of our language: x++ The value of the expression is the current value of the variable, but as a side effect the variable is also incremented by one. How would the semantic definitions have to be restructured to accommodate this addition? In particular, what is a suitable type for the semantic function E[ ]? G54FOP: Lecture 17 & 18 p.33/33

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback