context free grammars in JavaMOP CS 119 a property can be seen as - - PowerPoint PPT Presentation

context free grammars in javamop
SMART_READER_LITE
LIVE PREVIEW

context free grammars in JavaMOP CS 119 a property can be seen as - - PowerPoint PPT Presentation

Nov 24, 2023 366 likes •956 views

context free grammars in JavaMOP CS 119 a property can be seen as a language defined by a grammar 2 http://fsl.cs.uiuc.edu/index.php/Special:CFGPlugin 3 Instances of MOP MOP JavaMOP BusMOP HardwareMOP logic plugins MOP CFG

slide-1
SLIDE 1

context free grammars in JavaMOP

CS 119

a property can be seen as a language defined by a grammar

slide-2
SLIDE 2

2

slide-3
SLIDE 3

3

http://fsl.cs.uiuc.edu/index.php/Special:CFGPlugin

slide-4
SLIDE 4

4 ERE LTL ptLTL ptCaRet logic plugins

… …

JavaMOP BusMOP

MOP

CFG languages

Instances of MOP

MOP JavaMOP BusMOP HardwareMOP …

today

slide-5
SLIDE 5

5

the 4 elements

context free languages pushdown Automata

(theoretical concept)

context free grammars parsers

slide-6
SLIDE 6

6

Chomsky’s language hierarchy

http://en.wikipedia.org/wiki/Chomsky_hierarchy

slide-7
SLIDE 7

7

context free languages and pushdown automata

$ l l l l

q1 q2 q3 q4

S ! ² | lSr ²

² ! push($) l ! push(l) r top()=l ! pop() ² top()=$ ! pop() r top()=l ! pop()

ln rn input: llll rrrr

example

slide-8
SLIDE 8

8

CFL parsers

  • top-down parser

– expands non-terminals into RH-sides

  • bottom-up parser

– reduces RH-sides to non-terminals – LALR(1) ½ LR(1) ½ DCFL ½ CFL S ! Ax ! ax ax ! Ax ! S S ! Ax A ! a A ! b

example grammar: JavaMOP

Consider the term: ax

slide-9
SLIDE 9

9

structure of a table-driven bottom-up parser

  • an input buffer
  • a stack of states visited
  • an action-table giving a

grammar rule to apply given the current state and current terminal in input buffer

  • a goto-table describing

which new state it should go to

slide-10
SLIDE 10

10

actions

  • Shift - push token onto stack
  • Reduce - remove handle from stack and push
  • n corresponding nonterminal
  • Accept - recognize sentence when stack

contains only the distinguished symbol and input is empty

  • Error - happens when none of the above is

possible; means original input was not a sentence!

slide-11
SLIDE 11

11

abstract algorithm

  • start with an empty stack
  • a "shift" action corresponds to pushing

the current input symbol onto the stack

  • a "reduce" action occurs when we have

a handle on top of the stack. To perform the reduction, we pop the handle off the stack and replace it with the terminal on the LHS of the corresponding rule.

slide-12
SLIDE 12

12

the lock/release example

S ! lock S release S ! epsilon specification SHIFT lock lock lock release release release () SHIFT lock lock release release release (lock) SHIFT lock release release release (lock lock) SHIFT release release release (lock lock lock) RED(S) release release (lock lock lock release) SHIFT release release (lock lock S) RED(S) release (lock lock S release) SHIFT release (lock S) RED(S) (lock S release) ACC (S)

slide-13
SLIDE 13

13

expressions example

slide-14
SLIDE 14

14

recall structure of a table-driven bottom-up parser

slide-15
SLIDE 15

15

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input JavaMOP

slide-16
SLIDE 16

16

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 JavaMOP

slide-17
SLIDE 17

17

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 2 JavaMOP

slide-18
SLIDE 18

18

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 2 2 JavaMOP

slide-19
SLIDE 19

19

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 2 2 5 JavaMOP

slide-20
SLIDE 20

20

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 2 2 5 1 2 7 JavaMOP

slide-21
SLIDE 21

21

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 2 7 9 JavaMOP

slide-22
SLIDE 22

22

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 2 7 9 1 6 JavaMOP

slide-23
SLIDE 23

23

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 6 8 JavaMOP

slide-24
SLIDE 24

24

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 6 8 3 JavaMOP

slide-25
SLIDE 25

25

event lock event release productions : S -> lock S release | epsilon specification lock lock lock release release release $ input 1 6 8 3 JavaMOP

slide-26
SLIDE 26

26

JavaMOP algorithm

1 6 8

slide-27
SLIDE 27

27

properties of Java library APIs properties of Java library APIs

R1: There should be no two calls to next() without a call to hasNext() in between,

  • n the same iterator.
slide-28
SLIDE 28

28

class class Test { public public static tatic void

  • id main(String[] args) {

Vector<Integer> v1 = new ew Vector(); Vector<Integer> v2 = new ew Vector(); v1.add(1); v1.add(3); v2.add(5); v2.add(7); Iterator it1 = v1.iterator(); Iterator it2 = v2.iterator(); int int sum = 0; if if(it2.hasNext()) sum += (Integer)it2.next(); if if(it1.hasNext()) sum += (Integer)it2.next(); System.out.println(”sum(v2) = " + sum); } } should have been: if if(it2 it2.hasNext())

an example an example

unguarded call: it2 it2.next()

)

slide-29
SLIDE 29

29

recall the recall the regular expression specification egular expression specification

partial, matching against suffix trace /*@ partial centralized scope = global logic = ERE HasNext(Iterator i) { event hasnext<i> : end(call(* i.hasNext())); event next<i> : begin(call(* i.next())); formula : next next } validation handler{ System.err.println("*** call hasNext() before next()"); } @*/ validation (not violation)

slide-30
SLIDE 30

30

CFG Property in FG Property in JavaMOP avaMOP (trying to (trying to replicate the RE solution) eplicate the RE solution)

/*@ partial centralized scope = global logic = CFG HasNext(Iterator i) { event hasnext<i> : end(call(* i.hasNext())); event next<i> : begin(call(* i.next())); productions : Pattern -> next next } validation handler{ System.err.println("*** call hasNext() before next()"); } @*/ in this case we can write the same spec more or less

slide-31
SLIDE 31

31

(hasNext hasNext* next)* which was slightly too strong, but let’s try to emulate it i) total trace semantics ii)looking for violation recall recall this other regular expression his other regular expression

slide-32
SLIDE 32

32

CFG Property in CFG Property in JavaMOP avaMOP

/*@ centralized scope = global logic = CFG HasNext(Iterator i){ event hasnext<i> : end(call(* i.hasNext())); event next<i> : begin(call(* i.next())); productions : Iterate -> hasnext HasnextStar next Iterate | epsilon, HasnextStar -> hasnext HasnextStar | epsilon } violation handler{ System.err.println("*** call hasNext() before next()"); } @*/ no longer partial

slide-33
SLIDE 33

33

DEMO ON SLIDES

slide-34
SLIDE 34

34

slide-35
SLIDE 35

35

slide-36
SLIDE 36

36

slide-37
SLIDE 37

37

slide-38
SLIDE 38

38

slide-39
SLIDE 39

39

slide-40
SLIDE 40

40

slide-41
SLIDE 41

41

slide-42
SLIDE 42

42

slide-43
SLIDE 43

43

END OF DEMO ON SLIDES

slide-44
SLIDE 44

44

CFG Property in CFG Property in JavaMOP avaMOP as a state machine as a state machine

/*@ centralized scope = global logic = CFG HasNext(Iterator i) { event hasnext<i> : end(call(* i.hasNext())); event next<i> : begin(call(* i.next())); productions : Iterate -> hasnext HasnextStar next Iterate | epsilon, HasnextStar -> hasnext HasnextStar | epsilon } violation handler{ System.err.println("*** call hasNext() before next()"); } @*/

State0 -> hasnext State1 , State1 -> hasnext State1 | next State0

state machine like notation

epsilon needed | epsilon

slide-45
SLIDE 45

45

class class Test { public public static tatic void

  • id main(String[] args) {

Vector<Integer> v1 = new ew Vector(); Vector<Integer> v2 = new ew Vector(); v1.add(1); v1.add(3); v2.add(5); v2.add(7); Iterator it1 = v1.iterator(); Iterator it2 = v2.iterator(); int int sum = 0; if if(it1.hasNext()) sum += (Integer)it2.next(); if if(it1.hasNext()) sum += (Integer)it2.next(); System.out.println(”sum(v2) = " + sum); } } change from: if if(it2 it2.hasNext()) to: if if(it1 it1.hasNext())

suppose we changed the example suppose we changed the example

program still has the same error! does our latest spec still catch the error?

slide-46
SLIDE 46

46

no: CFG property no: CFG property will not catch error ill not catch error

the monitor generating event is hasnext since it occurs first (and not next!!)

Since only

  • peration
  • n it2 is next,

a monitor is not created.

/*@ centralized scope = global logic = CFG HasNext(Iterator i) { event hasnext<i> : end(call(* i.hasNext())); event next<i> : begin(call(* i.next())); productions : Iterate -> hasnext HasnextStar next Iterate | epsilon, HasnextStar -> hasnext HasnextStar | epsilon } violation handler{ System.err.println("*** call hasNext() before next()"); } @*/

slide-47
SLIDE 47

47

CFG validation & violation

  • CFG:

– makes most sense together with validation – because the monitor generating events in a CFG are the first ones appearing (in JavaMOP). – does not work well when searching for violation since one here potentially looks for event sequences that do not follow the grammar.

  • ERE:

– makes sense with violation as well as validation – because all events (with maximum number of parameters) are monitor generating.

slide-48
SLIDE 48

48

properties of Java library APIs properties of Java library APIs

R2: An enumeration should not be propagated after the underlying vector has been changed.

slide-49
SLIDE 49

49

CFG specification CFG specification

/*@ partial centralized scope = global logic = CFG SafeEnum (Vector v, Enumeration+ e) { event create<e, v> : end(call(Enumeration v.elements())) with (e); event updatesource<v> : end(call(* v.add*(..))) \/ … \/ end(call(* v.set*(..))); event next<e> : begin(call(Object e.nextElement())); productions : S -> create NextStar updatesource UpdateStar next, NextStar -> next NextStar | epsilon, UpdateStar -> updatesource UpdateStar | epsilon } validation handler { System.out.println("the collection is changed during iteration!"); } @*/ works the same with or without the ‘partial’ keyword.

slide-50
SLIDE 50

50

<v,e> v1 v2 e1 e2 e3 <v> <e> e1 e2 e3 v1 v2

create next update

events: events: create<v,e> update<v> next<e> monitor creation event One index per parameter set. Weak references.

indexing works as for regular expressions

slide-51
SLIDE 51

51

  • ur non-regular property

lock lock lock unlock unlock unlock

lockn unlockn

R4: locks can be taken in a nested manner, but should be released in reverse order.

slide-52
SLIDE 52

52

stack of lock histories

Data = LockHist-stack LockHist = Set | Bag | Stack

public interface LockHist { public void lock(Lock l); public boolean unlock(Lock l); public boolean isEmpty(); public void clear(); }

Data = Level ! LockHist 3 4 7

L1 L2 L6 L7 L5 L3

slide-53
SLIDE 53

53

an example

void start() { a(); } void a() { l1.lock(); l2.lock(); l1.unlock(); l2.unlock(); l3.lock(); }

/*@

centralized scope = global logic = CFG SafeLock(Lock l) { event lock<l> : begin(call(* l.lock())); event unlock<l> : begin(call(* l.unlock())); productions: S -> lock S unlock S | epsilon } violation handler{ System.out.println("*** Unsafe lock order!"); } @*/ does this spec catch any errors? NO!

slide-54
SLIDE 54

54

another example

void start() { a(); } void a() { l1.lock(); l2.lock(); l1.unlock(); l2.unlock(); l2.unlock(); }

/*@

centralized scope = global logic = CFG SafeLock(Lock l) { event lock<l> : begin(call(* l.lock())); event unlock<l> : begin(call(* l.unlock())); productions: S -> lock S unlock S | epsilon } violation handler{ System.out.println("*** Unsafe lock order!"); } @*/ does this one? YES! l2 unlocked twice

slide-55
SLIDE 55

55 void start() { a(); } void a() { l1.lock(); l1.lock(); l1.unlock(); l1.unlock(); l1.lock(); b(); } void b() { l1.unlock(); }

/*@ scope = global logic = CFG SafeLock(Lock l) { event lock<l> : begin(call(* l.lock())); event unlock<l> : begin(call(* l.unlock())); event begin : begin(call(* Test*.*(..))); event end : end(call(* Test*.*(..))); productions: S -> begin S end S | lock S unlock S | epsilon } violation handler{ System.out.println("Unsafe lock operation found!"); } @*/

Within one method invocation, locks should be acquired and released correctly (all taken locks should be released as many times as taken)

error

Error #0: javamop.MoPException: monitor should start with events that have all the parameters!

slide-56
SLIDE 56

56 void start() { a(); } void a() { l1.lock(); l1.lock(); l1.unlock(); l1.unlock(); l1.lock(); b(); } void b() { l1.unlock(); }

Within one method invocation, locks should be acquired and released correctly (all taken locks should be released as many times as taken)

error

/*@ centralized scope = global logic = CFG SafeLock(Lock l) { event lock<l> : begin(call(* l.lock())); event unlock<l> : begin(call(* l.unlock())); event begin : begin(call(* Test*.*(..))); event end : end(call(* Test*.*(..))); productions: S -> epsilon | S lock M unlock A, M -> epsilon | M begin M end | M lock M unlock, A -> epsilon | A begin | A end } violation handler{ System.out.println("Unsafe lock operation found!"); } @*/

slide-57
SLIDE 57

57

end