Formal Semantics of Programming Languages

1
Formal Semantics of Programming Languages
Topic 5 Axiomatic Semantics
??? yhq_at_ecust.edu.cn
2
Motivation

• What do we need in order to prove that the
  program does what it supposed to do?

• Specify the required behavior
• Compare the behavior with the one obtained by the
  denotational/operational semantics
• Develop a proof system for showing that the
  program satisfies a requirement
• Mechanically use the proof system to show
  correctness
• The meaning of a program is a set of verification
  rules

3
Plan

• The basic idea
• An assertion language
• Semantics of assertions
• Proof rules
• An example
• Soundness
• Completeness

4
Example Program
S0 N 1 while ?(N101) do S S N
N N1
N101
S?1?m?100 m
5
Example Program
S0 S0 N 1 S0 ?N1 while ?(N101) do S
S N N N1 N101 ?S?1?m?100
m
6
Example Program
S0 S0 N 1 S0 ?N1 while ?(N101) do S
S N N N1 N101 ?S?1?m?100 m
7
Example Program
S0 S0 N 1 S0 ?N1 while 1 ?N ? 101
?S?1?m?N-1 m?(N101) do S S N
1 ?N lt 101 ?S?1?m?N m N
N1 N101 ?S?1?m?100 m
8
Partial Correctness

• PcQ
• P and Q are assertions(extensions of Boolean
  expressions)
• c is a command
• For all states ? which satisfies P, if the
  execution of c from state ? terminates in state
  ?, then ? satisfies Q
• truewhile true do skipfalse

9
Total Correctness

• PcQ
• P and Q are assertions(extensions of Boolean
  expressions)
• c is a command
• For all states ? which satisfies P,
• the execution of c from state ? must terminates
  in a state ?
• ? satisfies Q

10
Formalizing Partial Correctness

• ?A
• A is true in ?
• P c Q
• ??, ???. ( P ltc, ?gt? ? ) ? ? Q
• ????. (? P C c? is defined) ? C c? Q
• Convention for all A ? A
• ????. ? P ? C c? Q

11
The Assertion Language

• Extend Bexp
• Allow quantifications
• ?i
• ?i
• ?i. ki?l
• Import well known mathematical concepts
• n! n ? (n-1) ? 2 ? 1

12
The Assertion Language
Aexpv a n X i a0 a1 a0 - a1 a0 ? a1
Assn A true false a0 a1 a0 ? a1 A0 ?
A1 A0 ? A1 ?A A0 ? A1 ?i. A ?i. A
13
Example
while ?(MN) do if M ?N
then N N M else M
M - N
14
Free and Bound Variables

• An integer variable is bound when it occurs in
  the scope of a quantifier
• Otherwise it is free
• Examples ?i. ki?L (i100?77)??i.j1i3)

FV(n) FV(X) ?
FV(i) i FV(a0 a1)FV(a0-a1)FV(a0?a1 )
FV(a0) ?FV(a1)
FV(true)FV(false) ? FV(a0 a1)FV(a0 ? a1)
FV(a0) ?FV(a1) FV(A0?A1)FV(A0?A1) FV(A0?A1)
FV(A0) ?FV(A1) FV(?A)FV(A) FV(?i. A)FV(?i. A)
FV(A)? i
15
Substitution

• Visualization of an assertion A
  ---i---i----
• Consider a pure arithmetic expression
  Aa/i ---a---a---

na/i n
Xa/iX ia/i a

ja/i j (a0 a1)a/i
a0a/i a1/a/i (a0 - a1)a/i
a0a/i a1a/i (a0
? a1 )a/i a0a/i ? a1a/i
16
Substitution

• Visualization of an assertion A
  ---i---i----
• Consider a pure arithmetic expression
  Aa/i ---a---a---

truea/i true
falsea/ifalse (a0
a1)a/i (a0/a/i a1a/i) (a0?
a1)a/i (a0/a/i ? a1a/i) (A0 ? A1)a/i
(A0a/i ? A1a/i) (A0 ? A1)a/i
(A0a/i?A1a/i) (A0 ? A1)a/i
(A0a/i ? A1a/i)a/i
(?A)a/i ?(Aa/i) (?i. A)a/i ?i. A
(?j. A)a/i (?i.
Aa/i) (?i. A)a/i ?i. A
(?j. A)a/i (?i. Aa/j)
17
Location Substitution

• Visualization of an assertion A
  ---X---X----
• Consider a pure arithmetic expression
  Aa/X ---a---a---

18
Example Assertions

• i is a prime number
• i is the least common multiple of j and k

19
Semantics of Assertions

• An interpretation Iintvar ?N
• The meaning of Aexpv
• AvnI?n
• AvXI? ?(X)
• AviI? I(i)
• Ava0a1 I? Ava0I? Av a1 I?
• For all a ? Aexp states ? and Interpretations I
• Aa?AvaI?

20
Semantics of Assertions (II)

• In/i change i in I to n
• For I and ???? , define ? I A by structural
  induction
• ? I true
• ? I (a0 a1) if Ava0 I? Ava1 I?
• ? I (A ?B) if I A and I B
• I ?A if not I A
• ? I A?B if (not ? I A) or ? I B)
• ? I ?iA ? I n/i A for all n?N
• ? ? A

21
Proposition 6.4
For all b ? Bexp states ? and Interpretations I
Bb? true iff ? I b
Bb? false iff not ? I b
22
Partial Correctness Assertions

• PcQ
• P, Q ?Assn and c ?Com
• For a state ? ???and interpretation I
• ? I PcQ if (? I P ? C c? I Q)
• Validity
• When ?? ???, ? I PcQ we write
• IPcQ
• When ?? ???, and I ? I PcQ we write
• PcQ
• PcQ is valid

23
The extension of an assertion
AI ? ??? ? I A
24
Hoare Proof Rules for Partial Correctness
A skip A
Ba/X Xa B
P c0 C C c1 Q P c0c1Q
P?b c0 Q P ??b c1 Q P if b then c0 else
c1Q
I?b c I I while b
do cI??b
P ? P P c Q Q ? Q P c Q
25
Example
while X gt 0 do Y X ?Y X X 1
26
Soundness

• Every theorem obtained by the rule system is
  valid
• - P c Q ? P c Q
• The system can be implemented (HOL, LCF)
• Requires user assistance
• Proof of soundness
• Every rule preserves validity (Theorem 6.1)

27
Completeness

• Every valid theorem can be derived by the rule
  system is valid
• P c Q ? -P c Q
• But what about Gödels incompleteness?
• Relative completeness
• Assume that every math theorem is valid

28
Summary

• Axiomatic semantics provides an abstract
  semantics
• Can be used to explain programming
• Can be automated
• More effort is required to make it practical

29
Exercise 5

• (1)