Functional Programming

1
(No Transcript)
2
What Is An Exception?
An event within a computation that causes
termination in a non-standard way
Examples

• Division by zero
• Null pointer

3
What Is An Interrupt?
An exception that arises from the external
environement, e.g. another computation
Examples

• Terminate
• Any exception

4
This Talk

• Haskell is unique in providing both full support
  for interrupts and a semantics for this.
• But the semantics is subtle, and relies on quite
  considerable technical machinery.
• We give a simple, formally justified, semantics
  for interrupts in a small language.

5
An Exceptional Language
Syntax
data Expr Val Int Throw
Add Expr Expr Seq Expr Expr
Catch Expr Expr
Semantics
e can evaluate to v
e ? v
6
Sequencing
Catch
7
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
finally x y

8
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
finally x y

Seq x y
9
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
finally x y

If x produces an exception, y is not evaluated
Seq x y
10
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
finally x y

Seq (Catch x y) y
11
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
If x produces an exception, y may be evaluated
twice
finally x y

Seq (Catch x y) y
12
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
finally x y

Seq (Catch x (Seq y Throw)) y
13
Finally, An Example
Problem how can we ensure that evaluation of x
is always succeeded by evaluation of y?
finally x y
Now has the correct behaviour

Seq (Catch x (Seq y Throw)) y
14
Adding Interrupts
To avoid the need for concurrency, we adopt the
following worst-case rule for interrupts
Evaluation can be interrupted at any time by
replacing the current expression by throw
15
Note

• Evaluation is now non-deterministic.
• Finally no longer behaves as expected.

Seq (Catch x (Seq y Throw)) y
could be interrupted as y is about to be evaluated
16
Controlling Interrupts
Syntax
data Expr Block Expr
Unblock Expr
Semantics
e can evaluate to v in interrupt status i
e ?i v
17
Key rules
The other rules are simply modified to propogate
the current interrupt status to their arguments.
18
Finally Revisited
finally x y

Seq (Catch x (Seq y Throw)) y
19
Finally Revisited
finally x y

Block (Seq (Catch (Unblock x) (Seq y Throw)) y)
20
Finally Revisited
finally x y

Block (Seq (Catch (Unblock x) (Seq y Throw)) y)
Modulo syntax, finally in Haskell is defined in
precisely the same way
21
Is Our Semantics Correct?

• How does our high-level semantics reflect our
  low-level intuition about interrupts?
• To address this issue, we first define a virtual
  machine, its semantics, and a compiler.
• We explain the basic ideas informally using an
  example - the paper gives full details.

22
Example
Catch (Unblock (23)) 4
Code
23
Example
Catch (Unblock (23)) 4
Code
24
Example
Catch (Unblock (23)) 4
Code
MARK UNMARK
25
Example
Catch (Unblock (23)) 4
Code
MARK UNMARK
26
Example
Catch (Unblock (23)) 4
Code
MARK PUSH 4 UNMARK
27
Example
Catch (Unblock (23)) 4
Code
MARK PUSH 4 UNMARK
28
Example
Catch (Unblock (23)) 4
Code
MARK PUSH 4 SET U RESET UNMARK
29
Example
Catch (Unblock (23)) 4
Code
MARK PUSH 4 SET U RESET UNMARK
30
Example
Catch (Unblock (23)) 4
Code
MARK PUSH 4 SET U PUSH 2 PUSH 3 ADD RESET UNMARK
31
Example
Catch (Unblock (23)) 4
Code
Stack
Status
MARK PUSH 4 SET U PUSH 2 PUSH 3 ADD RESET UNMARK

32
Example
Catch (Unblock (23)) 4
Code
Stack
Status
MARK PUSH 4 SET U PUSH 2 PUSH 3 ADD RESET UNMARK
B
33
Example
Catch (Unblock (23)) 4
Code
Stack
Status
SET U PUSH 2 PUSH 3 ADD RESET UNMARK
HAN PUSH 4
B
34
Example
Catch (Unblock (23)) 4
Code
Stack
Status
PUSH 2 PUSH 3 ADD RESET UNMARK
INT B HAN PUSH 4
U
35
Example
Catch (Unblock (23)) 4
Code
Stack
Status
PUSH 3 ADD RESET UNMARK
VAL 2 INT B HAN PUSH 4
U
36
Example
Catch (Unblock (23)) 4
Code
Stack
Status
ADD RESET UNMARK
VAL 3 VAL 2 INT B HAN PUSH 4
U
37
Example
Catch (Unblock (23)) 4
Code
Stack
Status
ADD RESET UNMARK
VAL 3 VAL 2 INT B HAN PUSH 4
U
interrupt!
38
Example
Catch (Unblock (23)) 4
Code
Stack
Status
THROW RESET UNMARK
VAL 3 VAL 2 INT B HAN PUSH 4
U
interrupt!
39
Example
Catch (Unblock (23)) 4
Code
Stack
Status
THROW RESET UNMARK
VAL 2 INT B HAN PUSH 4
U
40
Example
Catch (Unblock (23)) 4
Code
Stack
Status
THROW RESET UNMARK
INT B HAN PUSH 4
U
41
Example
Catch (Unblock (23)) 4
Code
Stack
Status
THROW RESET UNMARK
HAN PUSH 4
B
42
Example
Catch (Unblock (23)) 4
Code
Stack
Status
PUSH 4
B
43
Example
Catch (Unblock (23)) 4
Code
Stack
Status
VAL 4
B
44
Example
Catch (Unblock (23)) 4
Code
Stack
Status
VAL 4
B
Final result
45
Compiler Correctness
We will exploit two basic notions of reachability
for configurations of our virtual machine.
x Y
x can reach everything in Y
x Y
x will reach something in Y
46
Theorem
comp e c i s
U
e ?i Val n
c i VAL n s
e ?i Throw
i s
Proof approximately 10 pages of calculation,
much of which requires considerable care.
47
Summary

• Simple semantics for interrupts, formally
  justified by a compiler correctness theorem.
• Discovery of an error in the semantics for
  Haskell, concerning the delivery of interrupts.
• Verification of finally, a useful high-level
  operator for programming with exceptions/interrupt
  s.

48
Further Work

• Mechanical verification
• Bisimulation theorem
• Generalising the language
• Reasoning about programs
• Calculating the compiler