Theories of Programming Languages Assignment 5

Similar documents
Lectures on Separation Logic. Lecture 2: Foundations

Program Verification Using Separation Logic

A Short Introduction to Hoare Logic

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)

CSE 505, Fall 2009, Midterm Examination 5 November Please do not turn the page until everyone is ready.

Concurrent separation logic and operational semantics

Separation Logic and the Mashup Isolation Problem

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

Universität Augsburg

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ.

Completeness of Pointer Program Verification by Separation Logic

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Recent developments in concurrent program logics

A Brief History of Shared memory C M U

0.1 Random useful facts. 0.2 Language Definition

CSE 505, Fall 2005, Midterm Examination 8 November Please do not turn the page until everyone is ready.

Separation Logic and the Mashup Isolation Problem

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications

Axiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs

Collecting garbage concurrently (but correctly)

Local Rely-Guarantee Reasoning

Separation Logic and Graphical Models

CS558 Programming Languages

Program verification. 18 October 2017

Hoare Logic: Part II

Chapter 3. Specifications. 3.1 Hoare Triples. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Views: Compositional Reasoning for Concurrent Programs

Programming Languages and Compilers (CS 421)

Local Rely-Guarantee Reasoning

Shared-Variable Concurrency

Simply Typed Lambda Calculus

Hoare Logic and Model Checking

Problem Sheet 1: Axiomatic Semantics

Relational Parametricity and Separation Logic. Hongseok Yang, Queen Mary, Univ. of London Lars Birkedal, IT Univ. of Copenhagen

AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions

Separation and Information Hiding

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC)

A semantics for concurrent separation logic

Reasoning About Imperative Programs. COS 441 Slides 10b

Predicate Logic. x. x + 0 = x. Predicate logic over integer expressions: a language of logical assertions, for example. Why discuss predicate logic?

(2) (15pts) Using Prolog, implement a type-checker for the following small subset of System F:

Roy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK

Hoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples

CSE 505, Fall 2008, Midterm Examination 29 October Please do not turn the page until everyone is ready.

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Automata-Theoretic Model Checking of Reactive Systems

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC)

Hoare Examples & Proof Theory. COS 441 Slides 11

Trace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University

Program Analysis and Verification

Floyd-Hoare Style Program Verification

G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV

CIS 500 Software Foundations. Final Exam. May 9, Answer key. Hoare Logic

Proofs of Correctness: Introduction to Axiomatic Verification

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

CIS (More Propositional Calculus - 6 points)

States and Actions: An Automata-theoretic Model of Objects

Introduction to Axiomatic Semantics

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

CS 4110 Programming Languages & Logics. Lecture 16 Programming in the λ-calculus

Flow Interfaces Compositional Abstractions of Concurrent Data Structures. Siddharth Krishna, Dennis Shasha, and Thomas Wies

Hoare Calculus and Predicate Transformers

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

Local Reasoning for Storable Locks and Threads

A Monadic Analysis of Information Flow Security with Mutable State

Foundations of Computation

Lecture 2: Axiomatic semantics

Reasoning about Optimistic Concurrency Using a Program Logic for History (Extended Version)

Computability and Complexity Results for a Spatial Assertion Language for Data Structures

Computer Science and State Machines

Probabilistic Program Analysis

Tutorial on Semantics Part I

Program Analysis Part I : Sequential Programs

Structuring the verification of heap-manipulating programs

micromodels of software declarative modelling and analysis with Alloy lecture 4: a case study MIT Lab for Computer Science Marktoberdorf, August 2002

Spring 2014 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

From Separation Logic to Systems Software

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

λ S : A Lambda Calculus with Side-effects

Lecture Notes: Program Analysis Correctness

Verifying Concurrent Memory Reclamation Algorithms with Grace

The Assignment Axiom (Hoare)

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

An Introduction to Logical Relations Proving Program Properties Using Logical Relations

Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group

Abstraction and Refinement for Local Reasoning

Verification and Validation

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Hoare Logic: Reasoning About Imperative Programs

Verified Characteristic Formulae for CakeML. Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 18, 2017

Introduction to Permission-Based Program Logics Part II Concurrent Programs

Technical Report. Deny-guarantee reasoning. Mike Dodds, Xinyu Feng, Matthew Parkinson, Viktor Vafeiadis. Number 736. January Computer Laboratory

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

CS477 Formal Software Dev Methods

Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Compositional Verification of Termination-Preserving Refinement of Concurrent Programs (Technical Report)

Denotational Semantics of Programs. : SimpleExp N.

Transcription:

Theories of Programming Languages Assignment 5 December 17, 2012 1. Lambda-Calculus (see Fig. 1 for initions of = β, normal order evaluation and eager evaluation). (a) Let Ω = ((λx. x x) (λx. x x)), and M = (λx. λy. x x) Ω. i. Give the normal order evaluation sequence of M. ii. Does the eager evaluation of M terminate? If yes, give the whole evaluation sequence. Otherwise, give the first two steps of the evaluation and briefly explain why it does not terminate. (b) Let A = λx.λy.y(xxy), Θ = A A, and Y = λf.(λx.f(xx))(λx.f(xx)). i. (*) Show that for all F we have Θ F = β F (Θ F ); ii. Show that for all F we have Y F = β F (Y F ). 2. Below is the IMP language we have learned in class. (intexp) e ::= n x -e e+e e-e... where n represents natural numbers (boolexp) b ::= true false e=e e < e e < e... b b b b b... (comm) c ::= x := e skip c ; c if b then c else c while b do c Fill in the preconditions for the following specifications to make them valid. The preconditions should be as weak as possible. Then prove that the completed specifications could be derived from the Hoare-logic rules (see Fig. 2 in the appendix). In each step of your proof, you must show which rule is applied. You only need to select one from (a) and (b) below. (c) is required. (a) {?} while true do skip {true} (b) [? ] while true do skip [true] (c) (*) [? ] while (a > b) do (b := b + 1; y := x y) [y = x a ] 1

3. We extend the IMP language above with the following new commands, and get a new language IMP h. Selected rules for the operational semantics are given in the appendix (Fig. 3). (comm) c ::=... x := [e] [e] := e x := cons(e, e) dispose(e) repeat c until b (a) Let s 0 = {x 100, y 110} and h 0 =. Give two different execution sequences for the following command. One leads to a final heap containing a memory cell with value 3, and the other leads to a heap containing a memory cell with value 5. x := cons(3, 5) ; if (x = y) then dispose(y) else dispose(x + 1) (b) Give the operational semantics for the repeat command. (c) (*) We want a new instruction x := sbrk4, which allocates 4 consequtive memory cells with initial value 0. Different from cons, the starting address of the new memory cells will be max(dom(h)) + 1 if h, and 100 otherwise. Give the operational semantics for x := sbrk4. 4. Separation Logic. (a) The following two assertions are not valid (see Fig. 4 for assertion semantics). For each of them, find instantiations of p, q (and r), and the corresponding states in which the assertions are false. i. p r q r (p q) r; ii. (*) (p (p q)) q (b) We use SafeMono(c) and Frame(c) to represent c has safety monotonicity and the frame property, respectively. Their initions are given in the appendix (Fig. 4). i. Give a formal inition of SafeMono(c) using the predicate logic language (i.e. do not use any words of natural languages). You could use Safe(c, (s, h)) to represent c is safe at (s, h). ii. Let c be x := cons(e 1, e 2 ). Prove Frame(c) holds. iii. Is Frame(sbrk4) true? If yes, prove it; otherwise, explain why. Here sbrk4 is the command desribed in Problem 3 above. iv. (*) In the appendix (Fig. 4) we give another version of the frame property, i.e. Frm(c). Let c be x := cons(e 1, e 2 ). Is Frm(c) true? If yes, prove it; otherwise, explain why. 5. Let Γ =, c 0 = (y := [x + 1]), c 0 = (y := [x]), and c 1 = (z := [x]). (a) Fill in the preconditions of the judgment below. i. Γ {?}(c 0 c 1 ){(x m, n) y = n z = m} 2

ii. Γ {?}(c 0 c 1 ){(x m, n) y = m z = m} (b) (*) Concurrent separation logic does not allow simultaneous access of the same memory location, even if both access are read operations (like c 0 c 1 above). To support simultaneous read, we introduce fractional permissions e π n in the appendix (Fig. 5). To write a memory cell at location e, we need a full permission e 1 (which can be written as e ). To read, we only need e π for any 0 < π 1. i. Give the separation logic rules for (x := [e]), ([e] := e ) and c 1 c 2. For (x := [e]), assume x is not free in e. ii. Fill in the precondition of the judgment below Γ {?} (c 0 c 1 ) {(x 0.5 m) y = m z = m}. A Auxiliary Definitions (λx.m) N = β M[N/x] (β) M = β M M N = β M N (c1) N = β N M N = β M N (c2) M = β M λx.m = β λx.m (c3) (λx.m) N N M[N/x] (β-n) M n M M N n M N (nc1) (λx.m) (λy.n) E M[(λy.N)/x] (β-e) M E M M N E M N (ec1) N E N (λx.m) N E (λx.m) N (ec2) Figure 1: beta-equivalence, normal order evaluation, and eager evaluation 3

{p[e/x]}x := e{p} (as) {p}c 1{q} {q}c 2{r} {p}c 1 ; c 2{r} (sq) {p}skip{p} (sk) {p }c{q } p p q q {p}c{q} (csq) {i b}c{i} {i}while b do c{i b} (whp) [ i b e = x 0 ]c[ i e < x 0 ] i b e 0 (wht) [ i ]while b do c[ i b ] where x 0 is not free in c, e, b and i. {p 1} c {q 1} {p 2} c {q 2} {p 1 p 2} c {q 1 q 2} (disj) Figure 2: Selected Hoare Logic rules for IMP (all the rules for partial correctness except the whp rule could also be used for total correctness) (store) s Var Z (locs) l N (heap) h locs fin Z (state) σ store heap where fin means a set of partial functions whose domains are finite. {l, l + 1} dom(h) = s = s{x l} h = h{l e 1 s, l+1 e 2 s} (x := cons(e 1, e 2 ), (s, h)) (skip, (s, h )) l = e s l dom(h) h = h \ {l} (x := dispose(e), (s, h)) (skip, (s, h )) (c 1, σ) (c 1, σ ) (c 1 ; c 2, σ) (c 1 ; c 2, σ ) (skip ; c, σ) (c, σ) b s = true (if b then c 1 else c 2, (s, h)) (c 1, (s, h)) b s = false (if b then c 1 else c 2, (s, h)) (c 2, (s, h)) (while b do c, σ) (if b then (while b do c) else skip, σ Figure 3: Operational semantics for IMP h (only some selected rules are shown) 4

Semantics of separaiton logic assertions: h 1 h 2 = dom(h 1 ) dom(h 2 ) = h 1 h 2 = h 1 h 2 (s, h) = e e iff h = {(l, n)}, where e s = l, and e s = n (s, h) = p 1 p 2 iff there exist h 1, h 2 such that h 1 h 2, h = h 1 h 2, (s, h 1) = p 1, and (s, h 2) = p 2 (s, h) = p q iff for all h, if h h and (s, h ) = p, then (s, h h) = q SafeMono(c) iff for all h, h 0, h 1 and s, if h = h 0 h 1, h 0 h 1, and c is safe at (s, h 0), then c is safe at (s, h). Frame(c) iff for all h, h 0, h 1, s, h and s, if h = h 0 h 1, h 0 h 1, (c, (s, h)) (skip, (s, h )), and c is safe at (s, h 0 ), then there exists h 0 such that (c, (s, h 0 )) (skip, (s, h 0)), h 0 h 1, and h = h 0 h 1. Frm(c) iff for all h 0, h 1, s, h 0 and s, if h 0 h 1, (c, (s, h 0 )) (skip, (s, h 0)), then h 0 h 1 and (c, (s, h 0 h 1 )) (skip, (s, h 0 h 1 )). x not free in e Γ {e n}x := [e]{e x} Γ {e }[e] := e {e e } Γ {p 1 } c 1 {q 1 } Γ {p 2 } c 2 {q 2 } Γ {p 1 p 2 } c 1 c 2 {q 1 q 2 } c 1 (or c 2 ) does not update free variables in p 2 (or p 1 ), q 2 (or q 1 ), and Γ Figure 4: Separation Logic Assertions and Selected Rules (perm) π (0, 1] h 1 h 2 h 1 h 2 (heap) h locs fin Z perm = l (dom(h 1) dom(h 2)), n 1, π 1, n 2, π 2. h 1(l) = (n 1, π 1) h 2(l) = (n 2, π 2) (n 1 =n 2) (π 1+π 2 1) = λl. h 1 (l) l (dom(h 1 ) dom(h 2 )) h 2 (l) l (dom(h 2 ) dom(h 1 )) (n, π) exist π 1, π 2 such that h 1 (l) = (n, π 1 ), h 2 (l) = (n, π 2 ), π = π 1 + π 2, and π (0, 1] unined otherwise (s, h) = e π e iff h = {(l, (n, π))}, where e s = l, and e s = n (s, h) = p 1 p 2 iff there exist h 1, h 2 such that h 1 h 2, h = h 1 h 2, (s, h 1) = p 1, and (s, h 2) = p 2 Figure 5: Fractional Permissions: States and Assertions 5

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback