an operational and axiomatic semantics for non
play

An Operational and Axiomatic Semantics for Non-determinism and - PowerPoint PPT Presentation

May 13, 2023 •350 likes •789 views

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert Krebbers Radboud University Nijmegen January 22, 2014 @ POPL, San Diego, USA 1 / 16 What is this program supposed to do? int main() { int x; int y =

  1. An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert Krebbers Radboud University Nijmegen January 22, 2014 @ POPL, San Diego, USA 1 / 16

  2. What is this program supposed to do? int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } 2 / 16

  3. What is this program supposed to do? int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right 2 / 16

  4. What is this program supposed to do? int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order 2 / 16

  5. What is this program supposed to do? int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order This program violates the sequence point restriction ◮ due to two unsequenced writes to x ◮ resulting in undefined behavior ◮ thus both compilers are right 2 / 16

  6. Undefined behavior in C “Garbage in, garbage out” principle ◮ Programs with undefined behavior are not statically excluded ◮ Undefined behavior ⇒ all bets are off ◮ Allows compilers to omit (expensive) dynamic checks 3 / 16

  7. Undefined behavior in C “Garbage in, garbage out” principle ◮ Programs with undefined behavior are not statically excluded ◮ Undefined behavior ⇒ all bets are off ◮ Allows compilers to omit (expensive) dynamic checks A compiler independent C semantics should account for undefined behavior 3 / 16

  8. Examples ◮ Side-effects are useful in a while , for , return , . . . while ((x = getchar()) != EOF) /* do something */ 4 / 16

  9. Examples ◮ Side-effects are useful in a while , for , return , . . . while ((x = getchar()) != EOF) /* do something */ ◮ Non-determinism is subtle in innocent looking examples: *p = g (x, y, z); Here, g may change p , so the evaluation order matters 4 / 16

  10. Examples ◮ Side-effects are useful in a while , for , return , . . . while ((x = getchar()) != EOF) /* do something */ ◮ Non-determinism is subtle in innocent looking examples: *p = g (x, y, z); Here, g may change p , so the evaluation order matters ◮ Interleaving of subexpressions is possible, for example printf("a") + (printf("b") + printf("c")); may print “ bac ” 4 / 16

  11. Contribution A compiler independent small step operational, and axiomatic, semantics for non-determinism and sequence points, supporting: ◮ expressions with function calls, assignments, conditionals ◮ undefined behavior due to integer overflow ◮ parametrized by integer types ◮ dynamically allocated memory ( malloc and free ) ◮ non-local control ( return and goto ) ◮ local variables (and pointers to those) ◮ mutual recursion ◮ separation logic ◮ soundness proof fully checked by Coq 5 / 16

  12. Contribution A compiler independent small step operational, and axiomatic, semantics for non-determinism and sequence points, supporting: ◮ expressions with function calls, assignments, conditionals ◮ undefined behavior due to integer overflow ◮ parametrized by integer types ◮ dynamically allocated memory ( malloc and free ) ◮ non-local control ( return and goto ) ◮ local variables (and pointers to those) ◮ mutual recursion ◮ separation logic ◮ soundness proof fully checked by Coq 5 / 16

  13. Contribution A compiler independent small step operational, and axiomatic, semantics for non-determinism and sequence points, supporting: ◮ expressions with function calls, assignments, conditionals ◮ undefined behavior due to integer overflow ◮ parametrized by integer types ◮ dynamically allocated memory ( malloc and free ) ◮ non-local control ( return and goto ) ◮ local variables (and pointers to those) ◮ mutual recursion ◮ separation logic ◮ soundness proof fully checked by Coq 5 / 16

  14. Contribution A compiler independent small step operational, and axiomatic, semantics for non-determinism and sequence points, supporting: ◮ expressions with function calls, assignments, conditionals ◮ undefined behavior due to integer overflow ◮ parametrized by integer types ◮ dynamically allocated memory ( malloc and free ) ◮ non-local control ( return and goto ) ◮ local variables (and pointers to those) ◮ mutual recursion ◮ separation logic ◮ soundness proof fully checked by Coq 5 / 16

  15. Key idea Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } 6 / 16

  16. Key idea Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } What does this mean: ◮ Split the memory into two disjoint parts ◮ Prove that e 1 and e 2 can be executed safely in their part ◮ Now e 1 ⊚ e 2 can be executed safely in the whole memory 6 / 16

  17. Key idea Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } What does this mean: ◮ Split the memory into two disjoint parts ◮ Prove that e 1 and e 2 can be executed safely in their part ◮ Now e 1 ⊚ e 2 can be executed safely in the whole memory Disjointness ⇒ no sequence point violation 6 / 16

  18. Definition of the memory Given a set of permissions P , we define: m ∈ mem := index → fin (val × P ) b ∈ index := N v ∈ val ::= indet | int τ n | ptr b | NULL Integer types: unsigned char, signed int, . . . 7 / 16

  19. Permission systems Actual permissions contains: ◮ Locked flag to catch sequence point violations ◮ Assignment: lock memory location ◮ Sequence point: unlock memory locations ◮ A fraction (0 , 1] Q to allow sharing ◮ Block scope variable or allocated with malloc flag 8 / 16

  20. Permission systems Actual permissions contains: ◮ Locked flag to catch sequence point violations ◮ Assignment: lock memory location ◮ Sequence point: unlock memory locations ◮ A fraction (0 , 1] Q to allow sharing ◮ Block scope variable or allocated with malloc flag A permission system P abstracts from these details. ◮ ∪ , \ : P → P → P ◮ ⊥ , ⊆ : P → P → Prop ◮ kind : P → { Free , Write , Read , Locked } ◮ lock , unlock : P → P ◮ satisfying certain axioms 8 / 16

  21. Permission systems Actual permissions contains: ◮ Locked flag to catch sequence point violations ◮ Assignment: lock memory location ◮ Sequence point: unlock memory locations ◮ A fraction (0 , 1] Q to allow sharing ◮ Block scope variable or allocated with malloc flag A permission system P abstracts from these details. ◮ ∪ , \ : P → P → P ◮ ⊥ , ⊆ : P → P → Prop ◮ kind : P → { Free , Write , Read , Locked } ◮ lock , unlock : P → P ◮ satisfying certain axioms 8 / 16

  22. Permission systems Actual permissions contains: ◮ Locked flag to catch sequence point violations ◮ Assignment: lock memory location ◮ Sequence point: unlock memory locations ◮ A fraction (0 , 1] Q to allow sharing ◮ Block scope variable or allocated with malloc flag A permission system P abstracts from these details. ◮ ∪ , \ : P → P → P ◮ ⊥ , ⊆ : P → P → Prop ◮ kind : P → { Free , Write , Read , Locked } ◮ lock , unlock : P → P ◮ satisfying certain axioms 8 / 16

  23. Permission systems Actual permissions contains: ◮ Locked flag to catch sequence point violations ◮ Assignment: lock memory location ◮ Sequence point: unlock memory locations ◮ A fraction (0 , 1] Q to allow sharing ◮ Block scope variable or allocated with malloc flag A permission system P abstracts from these details. ◮ ∪ , \ : P → P → P ◮ ⊥ , ⊆ : P → P → Prop ◮ kind : P → { Free , Write , Read , Locked } ◮ lock , unlock : P → P ◮ satisfying certain axioms We lift these operations to memories index → fin (val × P ) 8 / 16

  24. The language Our language ⊚ ∈ binop ::= == | <= | + | - | * | / | % | . . . e ∈ expr ::= x i | [ v ] Ω | e 1 := e 2 | f ( � e ) | load e | alloc | free e | e 1 ⊚ e 2 | e 1 ? e 2 : e 3 | ( τ ) e s ∈ stmt ::= e | skip | goto l | return e | block c s | s 1 ; s 2 | l : s | while ( e ) s | if ( e ) s 1 else s 2 9 / 16

  25. The language Our language ⊚ ∈ binop ::= == | <= | + | - | * | / | % | . . . e ∈ expr ::= x i | [ v ] Ω | e 1 := e 2 | f ( � e ) | load e | alloc | free e | e 1 ⊚ e 2 | e 1 ? e 2 : e 3 | ( τ ) e s ∈ stmt ::= e | skip | goto l | return e | block c s | s 1 ; s 2 | l : s | while ( e ) s | if ( e ) s 1 else s 2 Values [ v ] Ω carry a set Ω of indexes (memory locations) to be unlocked at the next sequence point 9 / 16

  26. Operational semantics Head reduction for expressions ( e , m ) � h ( e ′ , m ′ ) (9 rules) 10 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSC 7101: Programming Language Structures 1 Specification Language Should be high-level

CSC 7101: Programming Language Structures 1 Specification Language Should be high-level

Operational Semantics Winskel, Ch. 2 Slonneger and Kurtz Ch 8.4, 8.5, 8.6 1 Operational vs. Axiomatic Axiomatic semantics Describes properties of program state, using first-order logic Concerned with constructing proofs for

263 views • 10 slides
9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses the semantics of a programming language by associating with the language a mathematical theory fo r p roving properties of programs written in

1.02k views • 98 slides
Operational Semantics 1 / 14 Outline What is semantics? Operational Semantics What is

Operational Semantics 1 / 14 Outline What is semantics? Operational Semantics What is

Operational Semantics 1 / 14 Outline What is semantics? Operational Semantics What is semantics? 2 / 14 What is the meaning of a program? Recall: aspects of a language syntax : the structure of its programs semantics : the meaning of

588 views • 14 slides
Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Chair of Software Engineering Trusted Components Prof. Dr. Bertrand Meyer Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see course page) Axiomatic semantics chapter in Introduction to the

628 views • 30 slides
Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and Proofs based on semantics are too detailed logical variables (e.g. n ) Restriction to certain kinds of properties partial correctness Example:

283 views • 6 slides
Other Kinds of Semantics Introduction to Operational Semantics Denotational semantics

Other Kinds of Semantics Introduction to Operational Semantics Denotational semantics

Lecture Outline COOL operational semantics Operational Semantics of Cool Motivation Notation Adapted from Lectures by Profs. Alex Aiken and George Necula (UCB) The rules CS781(Prasad) L24CG 2 CS781(Prasad) L24CG 1

320 views • 7 slides
Semantics and Verification of Software Summer Semester 2019 Lecture 11: Axiomatic Semantics of

Semantics and Verification of Software Summer Semester 2019 Lecture 11: Axiomatic Semantics of

Semantics and Verification of Software Summer Semester 2019 Lecture 11: Axiomatic Semantics of WHILE III (Completeness &amp; Total Correctness) Thomas Noll Software Modeling and Verification Group RWTH Aachen University

980 views • 58 slides
Semantics and Verification of Software Summer Semester 2019 Lecture 11: Axiomatic Semantics of

Semantics and Verification of Software Summer Semester 2019 Lecture 11: Axiomatic Semantics of

Semantics and Verification of Software Summer Semester 2019 Lecture 11: Axiomatic Semantics of WHILE III (Completeness &amp; Total Correctness) Thomas Noll Software Modeling and Verification Group RWTH Aachen University

186 views • 18 slides
Semantic Function Parsing s Denotational semantics operates on Notation

Semantic Function Parsing s Denotational semantics operates on Notation

Operational vs. denotational Operational semantics meaning of program defined by syntactic CS 611 transitions structural operational semantics: how to write a Advanced Programming Languages recursive-descent interpreter

265 views • 3 slides
TDT4205 Operational semantics 2 Once again, from the top Lexically , a language is just a

TDT4205 Operational semantics 2 Once again, from the top Lexically , a language is just a

1 Operational semantics (Extracurricular perspective, there will be no quiz questions on this) TDT4205 Operational semantics 2 Once again, from the top Lexically , a language is just a pile of units which cant be divided without

370 views • 34 slides
Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software and while ( x = 1) do ( y := x y ; x := x 1) hardware First we assign 1 to y , then we test whether facilitate reasoning about systems:

355 views • 10 slides
CSC 530 Lecture Notes Week 8 Wrap Up of Denotational Semantics Introduction to Axiomatic

CSC 530 Lecture Notes Week 8 Wrap Up of Denotational Semantics Introduction to Axiomatic

CSC530-S02-L8 Slide 1 CSC 530 Lecture Notes Week 8 Wrap Up of Denotational Semantics Introduction to Axiomatic Semantics CSC530-S02-L8 Slide 2 I. Readings: papers 23-33. II. Tennent Wrap Up A. Check out remaining sections of ch 13 (sections

836 views • 37 slides
CMSC 430 Introduction to Compilers Spring 2016 Operational Semantics Syntax vs. semantics

CMSC 430 Introduction to Compilers Spring 2016 Operational Semantics Syntax vs. semantics

CMSC 430 Introduction to Compilers Spring 2016 Operational Semantics Syntax vs. semantics Syntax = grammatical structure Semantics = underlying meaning Sentences in a language can be syntactically well- formed but semantically

649 views • 37 slides
Rule formats for bounded nondeterminism in structural operational semantics lvaro

Rule formats for bounded nondeterminism in structural operational semantics lvaro

Rule formats for bounded nondeterminism in structural operational semantics lvaro Garca-Prez Luca Aceto Anna Inglfsdttir Reykjavk University Lyngby, January 8th, 2016 1 / 11 Motivation 2 / 11 Structural operational semantics

383 views • 21 slides
Semantics Liam OConnor CSE, UNSW (and data61) Term3 2019 1 Overview Operational Semantics

Semantics Liam OConnor CSE, UNSW (and data61) Term3 2019 1 Overview Operational Semantics

Overview Operational Semantics Equivalence Proof Semantics Liam OConnor CSE, UNSW (and data61) Term3 2019 1 Overview Operational Semantics Equivalence Proof Misc The midsession exam is on at 11am, Fri 11th of October, 2019 . It should

709 views • 54 slides
Semantics of PCF and the full abstraction problem Language, Operational Semantics and Models

Semantics of PCF and the full abstraction problem Language, Operational Semantics and Models

Semantics of PCF and the full abstraction problem Language, Operational Semantics and Models Luca Paolini paolini@di.unito.it Universit` a di Torino Dipartimento di Informatica August 28th September 1st Language 2 Types . . . . . . .

801 views • 65 slides
D AMMIF Update Get the latest version of D AMMIF together with the latest release of ATSAS! ATSAS

D AMMIF Update Get the latest version of D AMMIF together with the latest release of ATSAS! ATSAS

Introduction Ab-Initio Modelling Obtaining Models Postprocessing Models D AMMIF Update Get the latest version of D AMMIF together with the latest release of ATSAS! ATSAS 2.5.0 will be available soon!

637 views • 39 slides
ML in Practice: Dealing with imbalanced data CMSC 422 M ARINE C ARPUAT marine@cs.umd.edu T

ML in Practice: Dealing with imbalanced data CMSC 422 M ARINE C ARPUAT marine@cs.umd.edu T

ML in Practice: Dealing with imbalanced data CMSC 422 M ARINE C ARPUAT marine@cs.umd.edu T opics A few practical issues CIML Chapter 4 Dealing with imbalanced data distributions Evaluation metrics (CIML 4.5) Learning with

282 views • 27 slides
You can view your nodes* *And you can view your friends, but you cant view your friends

You can view your nodes* *And you can view your friends, but you cant view your friends

You can view your nodes* *And you can view your friends, but you cant view your friends nodes.** ** Well, yeah, you can, but you need more modules. Important note! This is a beginners intro to building Views. If you are already

955 views • 67 slides
Algorithmic Bias Machine Learning An area of AI that studies how to get computers to learn

Algorithmic Bias Machine Learning An area of AI that studies how to get computers to learn

Algorithmic Bias Machine Learning An area of AI that studies how to get computers to learn from experience (e.g. data) Identify patterns from a training dataset Then generalize from these patterns and apply it to future data (that is

321 views • 3 slides
Regional Climate Model Validation and its Pitfalls Sven Kotlarski Federal Office of Meteorology

Regional Climate Model Validation and its Pitfalls Sven Kotlarski Federal Office of Meteorology

Federal Department of Home Affairs FDHA Federal Office of Meteorology and Climatology MeteoSwiss Regional Climate Model Validation and its Pitfalls Sven Kotlarski Federal Office of Meteorology and Climatology MeteoSwiss, Zurich 4 th VALUE

648 views • 45 slides
Women in Computing Women in Computing Katherine Deibel University of Washington

Women in Computing Women in Computing Katherine Deibel University of Washington

Histo story of y of Computin ing CSE P590A (UW) PP190/290-3 (UCB) CSE 290 291 (D00) Women in Computing Women in Computing Katherine Deibel University of Washington deibel@cs.washington.edu 1 An Amazing Photo An Amazing Photo

673 views • 48 slides
CS5412/LECTURE 7 Ken Birman CS5412 Spring 2019 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY

CS5412/LECTURE 7 Ken Birman CS5412 Spring 2019 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY

CS5412/LECTURE 7 Ken Birman CS5412 Spring 2019 CONSISTENT STORAGE FOR I O T CORNELL UNIVERSITY CS5412 SPRING 2019 1 CONSIDER A SMART HIGHWAY We have lots and lots of sensors deployed Cars are getting some form of guidance and if they

990 views • 52 slides
Predictive Video Retrieval A Matter of Trust Bouke Huurnink MediaMill The Team Bouke Huurnink

Predictive Video Retrieval A Matter of Trust Bouke Huurnink MediaMill The Team Bouke Huurnink

Predictive Video Retrieval A Matter of Trust Bouke Huurnink MediaMill The Team Bouke Huurnink Michiel van Liempt Jiyin He Richard van Balen Koen van de Sande FeiYan Ork de Rooij Muhammad Tahir Cees Snoek Krystian Mikolajczyk Maarten

555 views • 30 slides

More recommend