15-411: Dynamic Semantics Jan Ho ff mann Dynamic Semantics Static - - PowerPoint PPT Presentation

15-411: Dynamic Semantics

Jan Hoffmann

Dynamic Semantics

• Static semantics: definition of valid programs
• Dynamic semantics: definition of how programs are executed
• So far: Dynamic semantics is given in English on lab handouts
• This only works since you know how C programs should behave
• Sometimes needed to consult the reference compiler
• A description in English will always be ambiguous

➡ Need precise ways of defining the meaning of programs

Types of (Formal) Dynamic Semantics

• Denotational Semantics: Abstract and elegant.
• Each part of a program is associated with a denotation (math. object)
• For example: a procedure is associated with a mathematical function
• Axiomatic Semantics: Strongly related to program logic.
• Gives meaning to phrases using logical axioms
• The meaning is identical to the set of properties that can be proved
• Operational Semantics: Describes how programs are executed
• Related to interpretation and abstract machines
• Most popular and flexible form of semantics

Types of (Formal) Dynamic Semantics

• Denotational Semantics: Abstract and elegant.
• Each part of a program is associated with a denotation (math. object)
• For example: a procedure is associated with a mathematical function
• Axiomatic Semantics: Strongly related to program logic.
• Gives meaning to phrases using logical axioms
• The meaning is identical to the set of properties that can be proved
• Operational Semantics: Describes how programs are executed
• Related to interpretation and abstract machines
• Most popular and flexible form of semantics

Dana Scott

Types of (Formal) Dynamic Semantics

• Denotational Semantics: Abstract and elegant.
• Each part of a program is associated with a denotation (math. object)
• For example: a procedure is associated with a mathematical function
• Axiomatic Semantics: Strongly related to program logic.
• Gives meaning to phrases using logical axioms
• The meaning is identical to the set of properties that can be proved
• Operational Semantics: Describes how programs are executed
• Related to interpretation and abstract machines
• Most popular and flexible form of semantics

Dana Scott Tony Hoare

Types of (Formal) Dynamic Semantics

• Denotational Semantics: Abstract and elegant.
• Each part of a program is associated with a denotation (math. object)
• For example: a procedure is associated with a mathematical function
• Axiomatic Semantics: Strongly related to program logic.
• Gives meaning to phrases using logical axioms
• The meaning is identical to the set of properties that can be proved
• Operational Semantics: Describes how programs are executed
• Related to interpretation and abstract machines
• Most popular and flexible form of semantics

Dana Scott Tony Hoare Bob Harper

Operational Semantics

• Many different styles
• Natural semantics (or big-step semantics)
• Structural operational semantics
• Substructural operational semantics
• Abstract machine (or small-step semantics)
• We will use small-step semantics
• Very general: can describe non-termination, concurrency, …
• Low-level and elaborate

Operational Semantics

• Many different styles
• Natural semantics (or big-step semantics)
• Structural operational semantics
• Substructural operational semantics
• Abstract machine (or small-step semantics)
• We will use small-step semantics
• Very general: can describe non-termination, concurrency, …
• Low-level and elaborate

Frank Pfenning

Evaluating Expressions

Continuations

Want to model a single evaluation step

e → e0

Continuations

Want to model a single evaluation step For example: ((4 + 5) ∗ 10 + 2) → (9 ∗ 10 + 2)

e → e0

Continuations

Want to model a single evaluation step For example: ((4 + 5) ∗ 10 + 2) → (9 ∗ 10 + 2)

e → e0

How can we find the right place at which to make the step?

Continuations

Want to model a single evaluation step For example: ((4 + 5) ∗ 10 + 2) → (9 ∗ 10 + 2)

e → e0

How can we find the right place at which to make the step? Use a continuation K:

e B K

“Evaluate expression e and pass the result to K” The continuation has a ‘hole’ for the result value of e.

Continuations

Want to model a single evaluation step For example: ((4 + 5) ∗ 10 + 2) → (9 ∗ 10 + 2)

e → e0

How can we find the right place at which to make the step? Use a continuation K:

e B K

“Evaluate expression e and pass the result to K” The continuation has a ‘hole’ for the result value of e. A stack of partial computations.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant. Continuation is an addition.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant. Continuation is an addition. Continue with evaluating e2.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant. Continuation is an addition. Continue with evaluating e2. Plug the result here.

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant. Continuation is an addition. Continue with evaluating e2. Plug the result here. c2 B (c1 + _ , K) − → c B K (c = c1 + c2 mod 232)

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant. Continuation is an addition. Continue with evaluating e2. Plug the result here. Two constants c2 B (c1 + _ , K) − → c B K (c = c1 + c2 mod 232)

Evaluation Rules: Addition

e1 + e2 B K − → e1 B (_ + e2 , K)

First evaluate e1. Plug the result here.

c1 B (_ + e2 , K) − → e2 B (c1 + _ , K)

e is a constant. Continuation is an addition. Continue with evaluating e2. Plug the result here. Two constants Actual addition. c2 B (c1 + _ , K) − → c B K (c = c1 + c2 mod 232)

Evaluation Rules: Binary Operations

e1 e2 B K

• !

e1 B (_ e2 , K) B B

• B
• !

B

• c1 B (_ e2 , K)
• !

e2 B (c1 _ , K) B B B

• !

B

• c2 B (c1 _ , K)
• !

c B K (c = c1 c2 mod 232) Arithmetic operations are treated like addition Arithmetic is modulo 232 to match our x86 architecture

Evaluation Rules: Binary Operations

e1 e2 B K

• !

e1 B (_ e2 , K) B B

• B
• !

B

• c1 B (_ e2 , K)
• !

e2 B (c1 _ , K) B B B

• !

B

• c2 B (c1 _ , K)
• !

c B K (c = c1 c2 mod 232) Arithmetic operations are treated like addition Arithmetic is modulo 232 to match our x86 architecture What about effects?

Evaluation Rules: Binops with Effects

In case of an arithmetic exception: Abort the computation and
 report and error

e1 ↵ e2 B K

• !

e1 B (_ ↵ e2 , K) B B ↵ B

• !

B ↵ c1 B (_ ↵ e2 , K)

• !

e2 B (c1 ↵ _ , K) B B ↵

• !

↵ c2 B (c1 ↵ _ , K)

• !

c B K (c = c1 ↵ c2) B ↵

• !

↵ c2 B (c1 ↵ _ , K)

• !

exception(arith) (c1 ↵ c2 undefined)

There is no rule for further evaluating an exception.

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Example Evaluation

((4 + 5) ⇤ 10) + 2 B ·

• !

(4 + 5) ⇤ 10 B _ + 2

• !

(4 + 5) ⇤ 10 B _ + 2

• !

4 + 5 B _ ⇤ 10 , _ + 2

• !

4 B _ + 5 , _ ⇤ 10 , _ + 2

• !

5 B 4 + _ , _ ⇤ 10 , _ + 2

• !

9 B _ ⇤ 10 , _ + 2

• !

10 B 9 ⇤ _ , _ + 2

• !

90 B _ + 2

• !

2 B 90 + _

• !

92 B ·

Evaluation Rules: End of and Evaluation

c B ·

• !

value(c)

If we reach a constant and the empty continuation then we stop

Evaluation Rules: Boolean Expressions

True and false are also values

e1 && e2 B K

• !

e1 B (_ && e2 , K) B B B

• !

B false B (_ && e2 , K)

• !

false B K B B B

• !

B true B (_ && e2 , K)

• !

e2 B K

(We could also use 1 and 0 but distinguishing helps detect errors.)

Evaluation Rules: Boolean Expressions

True and false are also values

e1 && e2 B K

• !

e1 B (_ && e2 , K) B B B

• !

B false B (_ && e2 , K)

• !

false B K B B B

• !

B true B (_ && e2 , K)

• !

e2 B K

Notice the short- cutting. (We could also use 1 and 0 but distinguishing helps detect errors.)

Variables and Environments

How do we evaluate variable?

Variables and Environments

x B K − → ? How do we evaluate variable?

Variables and Environments

x B K − → ? How do we evaluate variable? Need to have a environment that maps variables to values

Variables and Environments

x B K − → ? How do we evaluate variable?

η ::= · | η, x 7! v

Need to have a environment that maps variables to values

Variables and Environments

x B K − → ? How do we evaluate variable?

η ::= · | η, x 7! v

Need to have a environment that maps variables to values The machine state consists now of an expression, a continuation, and an environment

Variables and Environments

x B K − → ? How do we evaluate variable?

η ::= · | η, x 7! v

Need to have a environment that maps variables to values

η ` e B K

The machine state consists now of an expression, a continuation, and an environment

Variables and Environments II

The rules we have seen so far just carry over

η ` e1 e2 B K

• !

η ` e1 B (_ e2 , K) B B

`

• B
• !

` B

• η ` c1 B (_ e2 , K)
• !

η ` e2 B (c1 _ , K) B B ` B

• !

` B

• η ` c2 B (c1 _ , K)
• !

η ` c B K (c = c1 c2 mod 232)

Variables and Environments II

The rules we have seen so far just carry over

η ` e1 e2 B K

• !

η ` e1 B (_ e2 , K) B B

`

• B
• !

` B

• η ` c1 B (_ e2 , K)
• !

η ` e2 B (c1 _ , K) B B ` B

• !

` B

• η ` c2 B (c1 _ , K)
• !

η ` c B K (c = c1 c2 mod 232)

η ` x B K

• !

η ` η(x) B K

Variables are simply looked up

Variables and Environments II

The rules we have seen so far just carry over

η ` e1 e2 B K

• !

η ` e1 B (_ e2 , K) B B

`

• B
• !

` B

• η ` c1 B (_ e2 , K)
• !

η ` e2 B (c1 _ , K) B B ` B

• !

` B

• η ` c2 B (c1 _ , K)
• !

η ` c B K (c = c1 c2 mod 232)

η ` x B K

• !

η ` η(x) B K

Variables are simply looked up We assume programs passed the semantic check and vars are always defined.

Variables and Environments II

The rules we have seen so far just carry over

η ` e1 e2 B K

• !

η ` e1 B (_ e2 , K) B B

`

• B
• !

` B

• η ` c1 B (_ e2 , K)
• !

η ` e2 B (c1 _ , K) B B ` B

• !

` B

• η ` c2 B (c1 _ , K)
• !

η ` c B K (c = c1 c2 mod 232)

η ` x B K

• !

η ` η(x) B K

Variables are simply looked up We assume programs passed the semantic check and vars are always defined. The environment never changes when evaluating expressions

Executing Statements

Executing Statements I

η ` s I K

Executions of statements don’t pass values to the continuation Statements have usually an effect on the environment Machine configurations:

Executing Statements I

η ` s I K

Executions of statements don’t pass values to the continuation Statements have usually an effect on the environment Machine configurations: Continuations contain statements.

Executing Statements I

η ` s I K

Executions of statements don’t pass values to the continuation Statements have usually an effect on the environment Machine configurations: Continuations contain statements. Sequences: η ` seq(s1, s2) I K

• !

η ` s1 I (s2 , K) ` I

• !

` I

Executing Statements I

η ` s I K

Executions of statements don’t pass values to the continuation Statements have usually an effect on the environment Machine configurations: Continuations contain statements. Sequences: η ` seq(s1, s2) I K

• !

η ` s1 I (s2 , K) ` I

• !

` I Nops: `

1 2 I

• !

`

1 I 2

η ` nop I (s , K)

• !

η ` s I K

Executing Statements I

η ` s I K

Executions of statements don’t pass values to the continuation Statements have usually an effect on the environment Machine configurations: Continuations contain statements. Sequences: η ` seq(s1, s2) I K

• !

η ` s1 I (s2 , K) ` I

• !

` I Nops: `

1 2 I

• !

`

1 I 2

η ` nop I (s , K)

• !

η ` s I K A terminating execution ends with a nop.

Executing Statements II

Interaction with expressions is straightforward Assignments:

η ` assign(x, e) I K

• !

η ` e B (assign(x, _) , K) ` B

• !

7! ` I ` I

• !

` B η ` v B (assign(x, _) , K)

• !

η[x 7! v] ` nop I K

Executing Statements II

Interaction with expressions is straightforward Assignments:

η ` assign(x, e) I K

• !

η ` e B (assign(x, _) , K) ` B

• !

7! ` I ` I

• !

` B η ` v B (assign(x, _) , K)

• !

η[x 7! v] ` nop I K

Executing Statements II

Interaction with expressions is straightforward Assignments:

η ` assign(x, e) I K

• !

η ` e B (assign(x, _) , K) ` B

• !

7! ` I ` I

• !

` B η ` v B (assign(x, _) , K)

• !

η[x 7! v] ` nop I K

Update the environment with new mapping.

Executing Statements III

Conditionals:

η ` if(e, s1, s2) I K

• !

η ` e B (if(_, s1, s2) , K) ` B

• !

` I ` I

• !

` B η ` true B (if(_, s1, s2), K)

• !

η ` s1 I K η ` false B (if( , s , s ), K)

• !

η ` s I K ` B

• !

` I η ` false B (if(_, s1, s2), K)

• !

η ` s2 I K

Executing Statements IV

Loops:

• m?

η ` while(e, s) I K

• !

Executing Statements IV

Loops:

• m?

η ` while(e, s) I K

• !

while(e, s) ⌘ if(e, seq(s, while(e, s)), nop)

Not that the following statements are equivalent:

Executing Statements IV

Loops:

• m?

η ` while(e, s) I K

• !

η ` while(e, s) I K

• !

η ` if(e, seq(s, while(e, s)), nop) I K while(e, s) ⌘ if(e, seq(s, while(e, s)), nop) Not that the following statements are equivalent:

Executing Statements IV

Loops:

• m?

η ` while(e, s) I K

• !

η ` while(e, s) I K

• !

η ` if(e, seq(s, while(e, s)), nop) I K while(e, s) ⌘ if(e, seq(s, while(e, s)), nop) Not that the following statements are equivalent:

transitions s0

• !

s1

• !

s2

• !

· · · without final states are just nop I · and except

Non-termination: We can make an infinite number of steps without reaching a final state

Executing Statements V

Assertions: η ` assert(e) I K

• !

η ` e B (assert(_), K) B I ` I

• !

` B η ` true B (assert(_), K)

• !

η ` nop I K B η ` true B (assert(_), K)

• !

η ` nop I K η ` false B (assert(_), K)

• !

exception(abort)

Executing Statements V

Assertions: η ` assert(e) I K

• !

η ` e B (assert(_), K) B I ` I

• !

` B η ` true B (assert(_), K)

• !

η ` nop I K B η ` true B (assert(_), K)

• !

η ` nop I K η ` false B (assert(_), K)

• !

exception(abort) η ` decl(x, τ, s) I K

• !

η[x 7! nothing] ` s I K Declarations:

Executing Statements V

Assertions: η ` assert(e) I K

• !

η ` e B (assert(_), K) B I ` I

• !

` B η ` true B (assert(_), K)

• !

η ` nop I K B η ` true B (assert(_), K)

• !

η ` nop I K η ` false B (assert(_), K)

• !

exception(abort) η ` decl(x, τ, s) I K

• !

η[x 7! nothing] ` s I K Declarations: If C0 had shadowing then we would have to save and restore the previous value of x.

Executing Statements V

Assertions: η ` assert(e) I K

• !

η ` e B (assert(_), K) B I ` I

• !

` B η ` true B (assert(_), K)

• !

η ` nop I K B η ` true B (assert(_), K)

• !

η ` nop I K η ` false B (assert(_), K)

• !

exception(abort) Final states:

• !

just nop I · and · · · and exception(E), caused by a failing η ` decl(x, τ, s) I K

• !

η[x 7! nothing] ` s I K Declarations: If C0 had shadowing then we would have to save and restore the previous value of x.

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Example: Infinite Loop

[x7!1] ` while(x > 0, s) I ·

• !

[x7!1] ` if(x>0, seq(s, while(x>0, s)), nop) I ·

• !

[x7!1] ` x > 0 B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` x B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 1 B _ > 0; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` 0 B 1 > _; if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` true B if(_, seq(s, while(x > 0, s)), nop)

• !

[x7!1] ` seq(s, while(x > 0, s)) I ·

• !

[x7!1] ` assign(x, x + 1)) I while(x > 0, assign(x, x + 1))

• !

[x7!1] ` x + 1 B assign(x, _)); while(x > 0, s)

• !

[x7!1] ` x B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B _ + 1; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 1 B 1 + _; assign(x, _)); while(x > 0, s)

• !

[x7!1] ` 2 B assign(x, _)); while(x > 0, s)

• !

[x7!2] ` nop I while(x > 0, s)

• !

[x7!2] ` while(x > 0, s) I · · · ·

statement while(x > 0, assign(x, x + 1)) execution, we obtion the following execution; and η = [x7!1]. execution; where s ⌘

Functions

Function Calls

What needs to happen at a function call?

Function Calls

What needs to happen at a function call?

• Evaluate the arguments in left-to-right order

Function Calls

What needs to happen at a function call?

• Evaluate the arguments in left-to-right order
• Save the environment of the caller to continue the execution after the

function call

Function Calls

What needs to happen at a function call?

• Evaluate the arguments in left-to-right order
• Save the environment of the caller to continue the execution after the

function call

• Save the continuation of the callee

Function Calls

What needs to happen at a function call?

• Evaluate the arguments in left-to-right order
• Save the environment of the caller to continue the execution after the

function call

• Save the continuation of the callee
• Execute the body in a new environment that maps the formal

parameters to the argument values

Function Calls

What needs to happen at a function call?

• Evaluate the arguments in left-to-right order
• Save the environment of the caller to continue the execution after the

function call

• Save the continuation of the callee
• Execute the body in a new environment that maps the formal

parameters to the argument values

• Pass the return value the the environment of the caller

Call Stack

We need to keep track of continuations and environment in stack frames Call stack:

S ::= · | S , hη, Ki

Call Stack

We need to keep track of continuations and environment in stack frames Call stack: Environment

S ::= · | S , hη, Ki

Call Stack

We need to keep track of continuations and environment in stack frames Call stack: Environment Continuation

S ::= · | S , hη, Ki

Call Stack

We need to keep track of continuations and environment in stack frames Call stack: Environment Continuation

S ::= · | S , hη, Ki

Configurations:

S ; η ` e B K I ` B S ; η ` s I K

Evaluation Execution

Call Stack

We need to keep track of continuations and environment in stack frames Call stack: Environment Continuation

S ::= · | S , hη, Ki

Configurations:

S ; η ` e B K I ` B S ; η ` s I K

Evaluation Execution Existing rules can be lifted to the new configurations by
 passing through the call stack

Rules for Function Calls

We only show the special case of 0 and 2 arguments

Rules for Function Calls

We only show the special case of 0 and 2 arguments n args is similar.

Rules for Function Calls

We only show the special case of 0 and 2 arguments n args is similar. S ; η ` f( ) B K

• !

(S , hη, Ki) ; · ` s I · (given that is i · ` I · (given that f is defined as f( ){s}) No arguments:

Rules for Function Calls

We only show the special case of 0 and 2 arguments n args is similar. Store callee’s stack frame S ; η ` f( ) B K

• !

(S , hη, Ki) ; · ` s I · (given that is i · ` I · (given that f is defined as f( ){s}) No arguments:

Rules for Function Calls

We only show the special case of 0 and 2 arguments n args is similar. Store callee’s stack frame Evaluate s in empty environment. S ; η ` f( ) B K

• !

(S , hη, Ki) ; · ` s I · (given that is i · ` I · (given that f is defined as f( ){s}) No arguments:

Rules for Function Calls

We only show the special case of 0 and 2 arguments n args is similar. Store callee’s stack frame Evaluate s in empty environment. S ; η ` f( ) B K

• !

(S , hη, Ki) ; · ` s I · (given that is i · ` I · (given that f is defined as f( ){s}) No arguments: S ; η ` f(e1, e2) B K

• !

S ; η ` e1 B (f(_, e2) , K) B B `

1 2 B

• !

`

1 B 2

S ; η ` c1 B (f(_, e2) , K)

• !

S ; η ` e2 B (f(c1, _) , K) B Two arguments:

Rules for Function Calls

We only show the special case of 0 and 2 arguments n args is similar.

`

1 B 2

• !

`

2 B 1

S ; η ` c2 B (f(c1, _) , K)

• !

(S , hη, Ki) ; [x1 7! c1, x2 7! c2] ` s I · (given that is defined as h i 7! 7! ` I · (given that f is defined as f(x1, x2){s})

Store callee’s stack frame Evaluate s in empty environment. S ; η ` f( ) B K

• !

(S , hη, Ki) ; · ` s I · (given that is i · ` I · (given that f is defined as f( ){s}) No arguments: S ; η ` f(e1, e2) B K

• !

S ; η ` e1 B (f(_, e2) , K) B B `

1 2 B

• !

`

1 B 2

S ; η ` c1 B (f(_, e2) , K)

• !

S ; η ` e2 B (f(c1, _) , K) B Two arguments:

Rules for Returns

Need to restore continuation and environment and pass return value

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Rules for Returns

Need to restore continuation and environment and pass return value

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Rules for Returns

Need to restore continuation and environment and pass return value

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Rules for Returns

Need to restore continuation and environment and pass return value

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Special case: returning void

S , hη0, K0i ; η ` nop I ·

• !

S ; η0 ` nothing B K0

Rules for Returns

Need to restore continuation and environment and pass return value Will only be reached by functions without return.

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Special case: returning void

S , hη0, K0i ; η ` nop I ·

• !

S ; η0 ` nothing B K0

Rules for Returns

Need to restore continuation and environment and pass return value Will only be reached by functions without return.

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Special case: returning void

S , hη0, K0i ; η ` nop I ·

• !

S ; η0 ` nothing B K0

Dummy value

Rules for Returns

Need to restore continuation and environment and pass return value Will only be reached by functions without return.

S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) B B S ; η ` return(e) I K

• !

S ; η ` e B (return( S , hη0, K0i ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0

Special case: returning void

S , hη0, K0i ; η ` nop I ·

• !

S ; η0 ` nothing B K0

Dummy value Alternative: elaborate each function that returns void with
 return(nothing) statements.

Execution of the Main Function

How can we execute a program?

Execution of the Main Function

How can we execute a program?

· ; · ` main( ) B · B (initial state) final state

Execution of the Main Function

How can we execute a program?

· ; · ` main( ) B · B (initial state) final state · · ` B · ; η ` c B ·

• !

value(c) (final state)

Statics, Dynamics, and Safety

Overview of Machine States (Configurations)

ST

• S ; η ` e B K

– Evaluating the expression e with the continuation K

• S ; η ` s I K

– Evaluating the statement s with the continuation K

• value(c)

– Final state, return a value

• exception(E)

– Final state, report an error

Overview of Machine States (Configurations)

ST

• S ; η ` e B K

– Evaluating the expression e with the continuation K

• S ; η ` s I K

– Evaluating the statement s with the continuation K

• value(c)

– Final state, return a value

• exception(E)

– Final state, report an error What do we expect from the transitions?

Overview of Machine States (Configurations)

ST

• S ; η ` e B K

– Evaluating the expression e with the continuation K

• S ; η ` s I K

– Evaluating the statement s with the continuation K

• value(c)

– Final state, return a value

• exception(E)

– Final state, report an error What do we expect from the transitions? There shouldn’t be more steps after reaching a final state

Overview of Machine States (Configurations)

ST

• S ; η ` e B K

– Evaluating the expression e with the continuation K

• S ; η ` s I K

– Evaluating the statement s with the continuation K

• value(c)

– Final state, return a value

• exception(E)

– Final state, report an error What do we expect from the transitions? There shouldn’t be more steps after reaching a final state The language should be deterministic: there at most one transition
 per state

Progress

There are many non-final states that don’t have transitions, e.g.

Progress

There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally

Progress

There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program The behavior of these states is undefined.

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program The behavior of these states is undefined. Programs that are well-defined according to the static semantics
 should be free of undefined behavior. Central relationship between static and dynamic semantics:

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program The behavior of these states is undefined. Programs that are well-defined according to the static semantics
 should be free of undefined behavior. Central relationship between static and dynamic semantics:

Theorem 1 (No undefined behavior) If a program passes all the static semantics, and ·; · ` main( )

• !

ST 1

• !

. . .

• !

ST n then either ST n is a final state or else ST n is not-stuck because there exists a state ST 0 such that ST n

• !

ST 0.

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program Well-typed programs don’t go wrong! The behavior of these states is undefined. Programs that are well-defined according to the static semantics
 should be free of undefined behavior. Central relationship between static and dynamic semantics:

Theorem 1 (No undefined behavior) If a program passes all the static semantics, and ·; · ` main( )

• !

ST 1

• !

. . .

• !

ST n then either ST n is a final state or else ST n is not-stuck because there exists a state ST 0 such that ST n

• !

ST 0.

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program Well-typed programs don’t go wrong! The behavior of these states is undefined. Programs that are well-defined according to the static semantics
 should be free of undefined behavior. Central relationship between static and dynamic semantics:

Theorem 1 (No undefined behavior) If a program passes all the static semantics, and ·; · ` main( )

• !

ST 1

• !

. . .

• !

ST n then either ST n is a final state or else ST n is not-stuck because there exists a state ST 0 such that ST n

• !

ST 0.

How to prove this?

Progress

Stuck states. There are many non-final states that don’t have transitions, e.g. transition: S; η ` 42 B (if(_, s1, s2); K) states are called stuck – it is literally and ·; · ` nop I · is what the program Well-typed programs don’t go wrong! The behavior of these states is undefined. Programs that are well-defined according to the static semantics
 should be free of undefined behavior. Central relationship between static and dynamic semantics:

Theorem 1 (No undefined behavior) If a program passes all the static semantics, and ·; · ` main( )

• !

ST 1

• !

. . .

• !

ST n then either ST n is a final state or else ST n is not-stuck because there exists a state ST 0 such that ST n

• !

ST 0.

How to prove this? 15-312 next term.

Summary I

Expressions e ::= c | e1 e2 | true | false | e1 && e2 | x | f(e1, e2) | f( ) Statements s ::= nop | seq(s1, s2) | assign(x, e) | decl(x, τ, s) | if(e, s1, s2) | while(e, s) | return(e) | assert(e) Values v ::= c | true | false | nothing Environments η ::= · | η, x 7! c Stacks S ::= · | S , hη, Ki

• Cont. frames

φ ::= _ e | c _ | _ && e | f(_, e) | f(c, _) | s | assign(x, _) | if(_, s1, s2) | return(_) | assert(_) Continuations K ::= · | φ , K Exceptions E ::= arith | abort | mem

Summary I

Expressions e ::= c | e1 e2 | true | false | e1 && e2 | x | f(e1, e2) | f( ) Statements s ::= nop | seq(s1, s2) | assign(x, e) | decl(x, τ, s) | if(e, s1, s2) | while(e, s) | return(e) | assert(e) Values v ::= c | true | false | nothing Environments η ::= · | η, x 7! c Stacks S ::= · | S , hη, Ki

• Cont. frames

φ ::= _ e | c _ | _ && e | f(_, e) | f(c, _) | s | assign(x, _) | if(_, s1, s2) | return(_) | assert(_) Continuations K ::= · | φ , K Exceptions E ::= arith | abort | mem

All ops.

Summary: Expressions

S ; η ` e1 e2 B K

• !

S ; η ` e1 B (_ e2 , K) S ; η ` c1 B (_ e2 , K)

• !

S ; η ` e2 B (c1 _ , K) S ; η ` c2 B (c1 _ , K)

• !

S ; η ` c B K (c = c1 c2) S ; η ` c2 B (c1 _ , K)

• !

exception(arith) (c1 c2 undefined) S ; η ` e1 && e2 B K

• !

S ; η ` e1 B (_ && e2 , K) S ; η ` false B (_ && e2 , K)

• !

S ; η ` false B K S ; η ` true B (_ && e2 , K)

• !

S ; η ` e2 B K S ; η ` x B K

• !

S ; η ` η(x) B K

Summary: Statements

S ; η ` nop I (s , K)

• !

S ; η ` s I K S ; η ` assign(x, e) I K

• !

S ; η ` e B (assign(x, _) , K) S ; η ` c B (assign(x, _) , K)

• !

S ; η[x 7! c] ` nop I K S ; η ` decl(x, τ, s) I K

• !

S ; η[x 7! nothing] ` s I K S ; η ` assert(e) I K

• !

S ; η ` e B (assert(_) , K) S ; η ` true B (assert(_) , K)

• !

S ; η ` nop I K S ; η ` false B (assert(_) , K)

• !

exception(abort) S ; η ` if(e, s1, s2) I K

• !

S ; η ` e B (if(_, s1, s2) , K) S ; η ` true B (if(_, s1, s2), K)

• !

S ; η ` s1 I K S ; η ` false B (if(_, s1, s2), K)

• !

S ; η ` s2 I K S ; η ` while(e, s) I K

• !

S ; η ` if(e, seq(s, while(e, s)), nop) I K

Summary: Functions

`

• !

` S ; η ` f(e1, e2) B K

• !

S ; η ` e1 B (f(_, e2) , K) S ; η ` c1 B (f(_, e2) , K)

• !

S ; η ` e2 B (f(c1, _) , K) S ; η ` c2 B (f(c1, _) , K)

• !

(S , hη, Ki) ; [x1 7! c1, x2 7! c2] ` s I · (given that f is defined as f(x1, x2){s}) S ; η ` f( ) B K

• !

(S , hη, Ki) ; · ` s I · (given that f is defined as f( ){s}) S ; η ` return(e) I K

• !

S ; η ` e B (return(_) , K) (S , hη0, K0i) ; η ` v B (return(_) , K)

• !

S ; η0 ` v B K0 · ; η ` c B (return(_) , K)

• !

value(c)