Concurrent Programming Languages and Semantic Analyses Manfred - PowerPoint PPT Presentation

Concurrent Programming Languages and Semantic Analyses Manfred Schmidt-Schauss Goethe-Universit¨ at Frankfurt, Institut f¨ ur Informatik, Germany RTA/TLCA 14 16. July 2014 Based on joint work with David Sabel 1

Concurrency of Programming and Languages Computation Semantics/Correctness standard deterministic non-standard concurrent very complex random nondeterministic impossible? chaotic (Internet) 2/52

Main Parts Diagrams and correctness of transformations Concurrency, non-determinism and contextual semantics Correctness of a concurrent implementation

Main Parts Introduction Diagrams and correctness of transformations contextual equivalence, diagrams, correctness proofs, meta-rewriting sequences, automation LR (a deterministic calculus) Concurrency, non-determinism and contextual semantics may and should convergence and contextual equivalences, conservativity CHF (a concurrent calculus) Correctness of a concurrent implementation a complex real-world calculus: showing correctness using operational methods CSHF (concurrent implementation of software transactional memory)

Alternative semantics approaches, also under concurrency denotational semantics translations into pi-calculus or other models simulation / bisimulation logical approaches observational semantics / contextual semantics

Semantics Principles? Question? Is there a best / standard semantics? 5/52

Semantics Principles? Question? Is there a best / standard semantics? Yes for deterministic programming languages 5/52

Semantics Principles? Question? Is there a best / standard semantics? Yes for deterministic programming languages No for non-deterministic and/or concurrent programming languages 5/52

Semantics Principles? Question? Is there a best / standard semantics? Yes for deterministic programming languages No for non-deterministic and/or concurrent programming languages But there are good choices 5/52

Contextual Semantics of Programming Languages e 1 ≤ e 2 iff ∀ C : C [ e 1 ] ↓ = ⇒ C [ e 2 ] ↓ e 1 ∼ e 2 iff e 1 ≤ e 2 and e 2 ≤ e 1 Where: e i expressions resp. programs C contexts: programs with a hole e ↓ e reduces to a successful program reduction: a fixed-strategy-rewriting of programs. ≤ contextual approximation ∼ contextual equivalence Morris’ contextual equivalence (thesis, 1968) 6/52

Contextual Semantics of Programming Languages e 1 ≤ may e 2 iff ∀ C : C [ e 1 ] ↓ may = ⇒ C [ e 2 ] ↓ may e 1 ∼ may e 2 iff e 1 ≤ may e 2 and e 2 ≤ may e 1 Where: e i expressions resp. programs C contexts: programs with a hole e ↓ may e may reduce to a successful program (may-convergence) reduction: a fixed-strategy-rewriting of programs. ≤ may contextual approximation ∼ may contextual equivalence Morris’ contextual equivalence (thesis, 1968) 6/52

Examples Q1: True �∼ False ? 7/52

Examples Q1: True �∼ False ? One context suffices: C [ . ] = if [.] then ⊥ else True 7/52

Examples Q1: True �∼ False ? One context suffices: C [ . ] = if [.] then ⊥ else True Q2: mapStandard ∼ mapWeird? 7/52

Examples Q1: True �∼ False ? One context suffices: C [ . ] = if [.] then ⊥ else True Q2: mapStandard ∼ mapWeird? TODO: check infinitely many programs P[.] whether P [ mapStandard ] ↓ ⇐ ⇒ P [ mapWeird ] ↓ ? 7/52

Examples Q1: True �∼ False ? One context suffices: C [ . ] = if [.] then ⊥ else True Q2: mapStandard ∼ mapWeird? TODO: check infinitely many programs P[.] whether P [ mapStandard ] ↓ ⇐ ⇒ P [ mapWeird ] ↓ ? Q3: λx. ⊥ ∼ ⊥ ? 7/52

Examples Q1: True �∼ False ? One context suffices: C [ . ] = if [.] then ⊥ else True Q2: mapStandard ∼ mapWeird? TODO: check infinitely many programs P[.] whether P [ mapStandard ] ↓ ⇐ ⇒ P [ mapWeird ] ↓ ? Q3: λx. ⊥ ∼ ⊥ ? No: ( λx. ⊥ ) ↓ , but ⊥ ↑ Abramsky: The lazy lambda calculus, 1990 7/52

Remarks Remarks on Alternative Approaches 8/52

Denotational Semantics [ [ . ] ] : L → D adequate: [ [ e 1 ] ] = [ [ e 2 ] ] = ⇒ e 1 ∼ e 2 9/52

Denotational Semantics [ [ . ] ] : L → D adequate: [ [ e 1 ] ] = [ [ e 2 ] ] = ⇒ e 1 ∼ e 2 in general not fully abstract: e 1 ∼ e 2 but [ [ e 1 ] ] � = [ [ e 2 ] ] is possible. (usual argument: “parallel-or” is available in denotation, but not the language.) 9/52

A Connection to Confluence et.al. Let → be the (compatible) reduction, i.e. permitted in all contexts. s Let − → be the (standard) reduction, i.e. under a strategy. s Definition: → is standardizing, iff − s, ∗ e ∗ − → success implies e − − → success . 10/52

A Connection to Confluence et.al. Let → be the (compatible) reduction, i.e. permitted in all contexts. s Let − → be the (standard) reduction, i.e. under a strategy. s Definition: − → is standardizing, iff s, ∗ e ∗ − → success implies e − − → success . s Proposition If − → is confluent, − → is standardizing, and { success } remains stable under reduction, ∗ then ← → is sound for contextual equivalence ∼ . 10/52

A Connection to Confluence et.al. Let → be the (compatible) reduction, i.e. permitted in all contexts. s Let − → be the (standard) reduction, i.e. under a strategy. s Definition: − → is standardizing, iff s, ∗ e ∗ → success implies e − − − → success . s Proposition If − → is confluent, → is standardizing, − and { success } remains stable under reduction, ∗ then ← → is sound for contextual equivalence ∼ . However ∗ ∗ In general ← → ⊂ ∼ : ( ∼ is coarser than ← → . ) confluence = ⇒ determinism s In general − → is nonterminating. 10/52

Diagrams and Correctness of Transformations Calculus LR

LR (core-language of Haskell) A pure (untyped) functional language with letrec, case, constructors, seq. call-by-need (deterministic) reduction. contextual equivalence based on may-convergence

Calculus LR Call-by-need reduction in LR (rules, a selection): (lbeta) ( λx.e 1 ) e 2 → ( letrec x = e 2 in e 1 ) (cp-in) ( letrec x 1 = v S , { x i = x i − 1 } m i =2 , Env in C [ x V m ]) → ( letrec x 1 = v, { x i = x i − 1 } m i =2 , Env in C [ v ]) where v is an abstraction (llet) consists of two reduction rules: (llet-in) ( letrec Env 1 in ( letrec Env 2 in r ) S ) → ( letrec Env 1 , Env 2 in r ) (llet-e) ( letrec Env 1 , x = ( letrec Env 2 in s x ) S in r ) → ( letrec Env 1 , Env 2 , x = s x in r ) S., Sch¨ utz, Sabel: Safety of N¨ ocker’s strictness analysis. JFP 2008 13/52

Context Lemmas Context Lemma in LR If for all reduction contexts R : R [ s ] ↓ = ⇒ R [ t ] ↓ , then s ≤ may t . Where reduction contexts are contexts around the redexes; (under the normal-order reduction strategy) 14/52

Context Lemmas Context Lemma in LR If for all reduction contexts R : R [ s ] ↓ = ⇒ R [ t ] ↓ , then s ≤ may t . Where reduction contexts are contexts around the redexes; (under the normal-order reduction strategy) Context Lemma in LR; a weaker variant; better suited for computing diagrams in LR If for all surface contexts S : S [ s ] ↓ = ⇒ S [ t ] ↓ , then s ≤ may t Where surface contexts are contexts where the hole is not in an abstraction. 14/52

� � � � � � � � � � Correctness Proofs using Diagrams Forking diagrams for (llet) wrt. S -contexts; a complete set i S ,llet � i S ,llet � i S ,llet � · · · · · · n,a n,a n,a ( n,lll ) + n,a ( n,lll ) + i S ,llet � · · · · i S ,llet � · · i S ,llet � · · n,a · ( n,lll ) + ( n,lll ) + n,a i S ,llet � · · n,llet � · 15/52

� � � � � � � � � � � � Correctness Proofs using Diagrams Purpose: a proof of llet Forking diagrams for (llet) − − → ⊆ ≤ . i S ,llet · · i S ,llet i S ,llet i S ,llet i S ,llet · · · · · · · · n,a � n,a � n,a ( n,lll ) + ( n,lll ) + · n,a � ( n,lll ) + n,a n,a � · ( n,lll ) + � · · i S ,llet · i S ,llet · · n,llet � · Proof of e ↓ ∧ e S, llet , ∗ → e ′ = ⇒ e ′ ↓ : − − − − − 16/52

� � � � � � � � � � � � Correctness Proofs using Diagrams Purpose: a proof of llet Forking diagrams for (llet) − − → ⊆ ≤ . i S ,llet · · i S ,llet i S ,llet · · i S ,llet i S ,llet · · · · · · n,a � n,a � n,a ( n,lll ) + ( n,lll ) + n,a � ( n,lll ) + · n,a n,a � · ( n,lll ) + � · · i S ,llet · i S ,llet · · n,llet � · Proof of e ↓ ∧ e S, llet , ∗ → e ′ = ⇒ e ′ ↓ : − − − − − i S ,llet � e ′ e n � · n,a � · . . . · n,a � e WHNF 16/52