PhD Thesis Rewriting is a natural environment to formally define the - - PowerPoint PPT Presentation

K: A Rewriting Approach to Concurrent

Programming Language Design and Semantics

—PhD Thesis Defense— Traian Florin S

, erb˘

anut

, ˘

a

University of Illinois at Urbana-Champaign

Thesis advisor: Grigore Ros

, u

Committee members: Thomas Ball Darko Marinov José Meseguer Madhusudan Parthasarathy

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 1 / 39

Introduction

PhD Thesis

Rewriting is a natural environment to formally define the semantics of real-life concurrent programming languages and to test and analyze programs written in those languages.

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 2 / 39

Introduction

Motivation: pervasive computing

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 3 / 39

Introduction

Challenges in PL design and analysis

PLs need to be designed, updated, and extended C# and CIL; new Java memory model, Scheme R6RS, C1X Concurrency must become the norm “External” non-determinism makes traditional testing difficult Concurrency and communication (scheduler specific) Under-specification for optimization purposes (compiler specific) Executable formal definitions can help Design and maintain mathematical definitions of languages Easily test and analyze language updates or extensions Explore and/or abstract nondeterministic executions

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 4 / 39

Introduction Contributions

Outline and Contributions

This dissertation re-affirms

1

Rewriting logic (RWL) as a powerful meta-logical framework for PL

Executable, with generic and efficient tool support

This dissertation proposes

2

K: the most comprehensive PL definitional framework based on RWL

Expressive, concurrent, modular, intuitive

3

A true concurrency with resource sharing semantics for K

4

K-Maude as a tool mechanizing the representation of K in RWL

Execute, explore, analyze K definitions

Demo: exploring concurrency in K-Maude Defining dataraces and verifying datarace freeness Experimenting with relaxed memory models (x86-TSO)

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 5 / 39

Introduction

My research

Rewriting & Programming languages 2010: J.LAP , J. AIHC, WRLA; 2009: J. Inf.&Comp., RV; 2008: WADT; 2007: SOS; 2006: RTA, WRLA. Specifying and verifying concurrency 2010: J.LAP; 2008: ICSE, WMC. Foundations 2009: J. TCS; 2006: J. Fund. Inf., FOSSACS; 2004: J. TCS. Collaborators Feng Chen, Camelia Chira, Chucky Ellison, Regina Frei, Mark Hills, Giovanna Di Marzo Serugendo, José Meseguer, Andrei Popescu, Grigore Ros

, u, Wolfram Schulte, Virgil Nicolae S , erb˘

anut

, ˘

a, Gheorghe S

, tef˘

anescu.

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 6 / 39

Rewriting logic semantics project

Rewriting logic semantics project

[Meseguer, Ros

, u, 2004, 2006, 2007]

Goal Advance the use of rewriting logic for defining programming languages, and for executing and analyzing programs written in them. Some people involved in the Rewriting Logic Semantics Project Wolfgang Ahrendt, Musab Al-Turki, Marcelo d’Amorim, Irina M. As˘ avoae, Mihai As˘ avoae, Eyvind W. Axelsen, Christiano Braga, Illiano Cervesato, Fabricio Chalub, Feng Chen, Manuel Clavel, Chucky Ellison, Azadeh Farzan, Alejandra Garrido, Mark Hills, Michael Ilseman, Einar Broch Johnsen, Ralph Johnson, Michael Katelman, Laurentiu Leustean, Dorel Lucanu, Narciso Martí-Oliet, Patrick Meredith, Elena Naum, Olaf Owe, Stefan Reich, Andreas Roth, Juan Santa-Cruz, Ralf Sasse, Wolfram Schulte, Koushik Sen, Andrei S

, tef˘

anescu, Mark-Oliver Stehr, Carolyn Talcott, Prasanna Thati, Ram Prasad Venkatesan, Alberto Verdejo

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 7 / 39

Rewriting logic semantics project

Why is RWL good for programming languages?

Executability: definitions are interpreters Concurrency: the norm rather than the exception Equational abstraction: collapse state space through equations Generic tools (built around the Maude system):

Execution, tracing and debugging State space exploration LTL model checker Inductive theorem prover

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 8 / 39

Rewriting logic semantics project

Guidelines for defining programming languages in RWL

Represent the state of a running program as a configuration term Represent rules of execution as rewrite rules and equations

Equations express structural changes and irrelevant steps Rewrite rules express relevant computational steps (transitions)

Execution: transition-sequence between equivalence classes of states State space: transition system

amenable to exploration and model checking

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 9 / 39

Rewriting logic semantics project

Guidelines for defining programming languages in RWL

Represent the state of a running program as a configuration term Represent rules of execution as rewrite rules and equations

Equations express structural changes and irrelevant steps Rewrite rules express relevant computational steps (transitions)

Execution: transition-sequence between equivalence classes of states State space: transition system

amenable to exploration and model checking

This sounds great! But. . . we need methodologies.

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 9 / 39

Rewriting logic semantics project From PL definitional frameworks to methodologies within RLS

PL definitional frameworks become RWL methodologies

[S

, erb˘

anut

, ˘

a, Ros

, u, Meseguer, 2007]

Programming language definitional styles can be faithfully captured as a particular definitional methodologies within RWL. (based on prior work by

[Meseguer, 1992] [[Marti-Oliet, Meseguer,1993]] [Meseguer, Braga, 2004])

Rewriting Logic

Big-Step SOS Modular SOS The Chemical Abstract Machine (CHAM) Reduction Semantics with Evaluation Contexts Small-Step SOS

Best of both worlds Write definitions using your favorite PL framework style and notation Execute and analyze them through their RWL representation

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 10 / 39

Rewriting logic semantics project From PL definitional frameworks to methodologies within RLS

Existing definitional frameworks at a closer look

Can existing styles define (and execute) real programming languages? No, but their combined strengths might be able to. Shortcomings Hard to deal with control (except for evaluation contexts)

break/continue, exceptions, halt, call/cc

Modularity issues (except for Modular SOS)

Adding new features require changing unrelated rules

Lack of semantics for true concurrency (except for CHAM)

Big-Step captures only the set of all possible results of computation Approaches based on reduction only give interleaving semantics

Tedious to find next redex (except for evaluation contexts)

• ne has to write essentially the same descent rules for each construct

Inefficient for direct use as interpreters (except for Big-Step SOS)

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 11 / 39

Rewriting logic semantics project From PL definitional frameworks to methodologies within RLS

Towards an ideal PL definitional framework Rewriting Logic

Big-Step SOS Modular SOS The Chemical Abstract Machine (CHAM) Reduction Semantics with Evaluation Contexts Small-Step SOS Ideal PL definitional framework?

Goal: search for an ideal definitional framework based on RWL At least as expressive as Reduction with Evaluation Contexts At least as modular as Modular SOS At least as concurrent as the CHAM

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 12 / 39

The K Framework

The K Framework Rewriting Logic

Big-Step SOS Modular SOS The Chemical Abstract Machine (CHAM) Reduction Semantics with Evaluation Contexts Small-Step SOS The K Semantic Framework

The K framework

K technique: for expressive, modular, versatile, and clear PL definitions K rewriting: more concurrent than regular rewriting

Representable in RWL for execution, testing and analysis purposes

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 13 / 39

The K Framework K in a nutshell

K in a nutshell

Komputations

Sequences of tasks, including syntax Capture the sequential fragment of programming languages Syntax annotations specify order of evaluation

Konfigurations

Multisets (bags) of nested cells High potential for concurrency and modularity

K rules

Specify only what needed, precisely identify what changes More concise, modular, and concurrent than regular rewrite rules

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 14 / 39

The K Framework K in a nutshell

Running example: KernelC

A subset of the C programming language Functions Memory allocation Pointer arithmetic Input/Output

void arrCpy(int ∗ a, int ∗ b) { while (∗ a ++ = ∗ b ++) {} }

Extended with concurrency features Thread creation Lock-based synchronization Thread join

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 15 / 39

The K Framework K in a nutshell

Running example: KernelC

Module KERNELC-SYNTAX imports PL-ID+PL-INT PointerId ::= Id | * PointerId [strict] Exp ::= Int | PointerId | DeclId | * Exp [ditto] | Exp + Exp [strict] | Exp - Exp [strict] | Exp == Exp [strict] | Exp != Exp [strict] | Exp <= Exp [strict] | ! Exp | Exp && Exp | Exp || Exp | Exp ? Exp : Exp | Exp = Exp [strict(2)] | printf("%d;", Exp ) [strict] | scanf("%d", Exp ) [strict] | & Id | Id ( List{Exp} ) [strict(2)] | Id () | Exp ++ | NULL | free( Exp ) [strict] | (int*)malloc( Exp *sizeof(int)) [strict] | Exp [ Exp ] | spawn Exp | acquire( Exp ) [strict] | release( Exp ) [strict] | join( Exp ) [strict] StmtList ::= Stmt | StmtList StmtList List{Bottom} ::= Bottom | () | List{Bottom} , List{Bottom} [id: () strict hybrid assoc] List{PointerId} ::= PointerId | List{Bottom} | List{PointerId} , List{PointerId} [id: () ditto assoc] List{DeclId} ::= DeclId | List{Bottom} | List{DeclId} , List{DeclId} [id: () ditto assoc] List{Exp} ::= Exp | List{PointerId} | List{DeclId} | List{Exp} , List{Exp} [id: () ditto assoc] DeclId ::= int Exp | void PointerId Stmt ::= Exp ; [strict] | {} | { StmtList } | if( Exp ) Stmt | if( Exp ) Stmt else Stmt [strict(1)] | while( Exp ) Stmt | DeclId List{DeclId} { StmtList } | DeclId List{DeclId} { StmtList return Exp ;} | #include< StmtList > Id ::= main Pgm ::= #include<stdio.h>#include<stdlib.h> StmtList end module Module KERNELC-DESUGARED-SYNTAX imports KERNELC-SYNTAX macro: ! E = E ? 0 : 1 macro: E1 && E2 = E1 ? E2 : 0 macro: E1 || E2 = E1 ? 1 : E2 macro: if( E ) St = if( E ) St else {} macro: NULL = 0 macro: I () = I ( () ) macro: DI L { Sts } = DI L { Sts return 0 ;} macro: void PI = int PI macro: int * PI = int PI macro: #include< Sts > = Sts macro: E1 [ E2 ] = * E1 + E2 macro: int * PI = E = int PI = E macro: E ++ = E = E + 1 end module

end module Module KERNELC-SEMANTICS imports PL-CONVERSION+K+KERNELC-DESUGARED-SYNTAX KResult ::= List{Val} K ::= List{Exp} | List{PointerId} | List{DeclId} | StmtList | Pgm | String | restore( Map ) Exp ::= Val List{Exp} ::= List{Val} Val ::= Int | & Id | void List{Val} ::= Val | List{Val} , List{Val} [id: () ditto assoc] List{K} ::= Nat .. Nat initial configuration:

• K

k

• Map

env id thread* threads

• Map

locks

• Set

cthreads

• Map

funs

• List

in “”

• ut
• Map

mem

• Map

ptr 1 next T “” result K rules: context: * = — rule: I1 == I2 Bool2Int ( I1 ==Int I2 ) rule: I1 != I2 Bool2Int ( I1 !=Int I2 ) rule: I1 + I2 I1 +Int I2 rule: I1 - I2 I1 -Int I2 rule: I1 <= I2 Bool2Int ( I1 ≤Int I2 ) rule: ? : if( ) else rule: if( I ) — else St St when I ==Int 0 rule: if( I ) St else — St when notBool I ==Int 0 rule: V ; • rule: X V k X → V env rule: X = V V k X → — V env rule: while( E ) St if( E ) { St while( E ) St } else {} k rule: printf("%d;", I ) void k S S +String Int2String ( I ) +String “;”

• ut

rule: scanf("%d", N ) void k N → — I mem I

• in

rule: scanf("%d", & X ) void k X → — I env I

• in

rule: #include<stdio.h>#include<stdlib.h> Sts Sts rule: { Sts } Sts rule: {} • rule: St Sts St Sts rule: * N V k N → V mem rule: * N = V V k N → — V mem rule: int X Xl { Sts return E ;}

• k
• X → int X Xl { Sts return E ;}

funs rule:             X ( Vl ) Sts E restore( Env ) k Env eraseKLabel ( int , Xl ) → Vl env X → int X Xl { Sts return E ;} funs             context: int — = rule: int X k

• X → 0

env rule: int X = V V k

• X → V

env rule: V restore( Env )

• k

— Env env rule:               (int*)malloc( N *sizeof(int)) N k

• N → N

ptr

• N .. N +Nat N → 0

mem N N +Nat N next               rule: free( N ) void k N → N

• ptr

Mem Mem [⊥ / N .. N +Nat N ] mem context: spawn — ( ) rule: spawn X ( Vl ) N k N N +Nat 1 next

• X ( Vl )

k N id thread rule: V k N id thread

• N

cthreads rule: join( N ) k N cthreads rule: acquire( N ) void k N id N → -Int 1 N locks rule: release( N ) void k N id N → N

• Int 1

locks rule: acquire( N ) void k N id Locks

• N → N

locks when notBool N in keys Locks rule: N1 .. N1 •List{K} rule: N1 .. sNat N N , , N1 .. N end module

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 15 / 39

The K Framework K in a nutshell

Configurations—the running state of a program

Nested multisets (bags) of labeled cells

containing lists, sets, bags, maps and computations

Initial configuration for KernelC

• K

k

• Map

env id thread* threads

• Map

locks

• Set

cthreads

• Map

funs

• List

in

• List
• ut
• Map

mem

• Map

ptr 1 next T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 16 / 39

The K Framework K in a nutshell

K computations and K syntax

Computations Extend PL syntax with a “task sequentialization” operation

t1 t2 . . . tn, where ti are computational tasks

Computational tasks: pieces of syntax (with holes), closures, . . . Mostly under the hood, via intuitive PL syntax annotations

K Syntax: BNF syntax annotated with strictness

Exp ::= Id

| * Exp

[strict]

| Exp = Exp

[strict(2)] Stmt ::= Exp ; [strict]

| Stmt Stmt

[seqstrict]

* ERed ⇋

ERed * E = ERed

⇋

ERed E = ERed ;

⇋

ERed ; SRed S

⇋

SRed S

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 17 / 39

The K Framework K in a nutshell

Heating syntax through strictness rules

Computation t = * x ; * x = * y ; * y = t ;

K Syntax: BNF syntax annotated with strictness

Exp ::= Id

| * Exp

[strict]

| Exp = Exp

[strict(2)] Stmt ::= Exp ; [strict]

| Stmt Stmt

[seqstrict]

* ERed ⇋

ERed * E = ERed

⇋

ERed E = ERed ;

⇋

ERed ; SRed S

⇋

SRed S

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 17 / 39

The K Framework K in a nutshell

Heating syntax through strictness rules

Computation t = * x ;

• * x = * y ; * y = t ;

K Syntax: BNF syntax annotated with strictness

Exp ::= Id

| * Exp

[strict]

| Exp = Exp

[strict(2)] Stmt ::= Exp ; [strict]

| Stmt Stmt

[seqstrict]

* ERed ⇋

ERed * E = ERed

⇋

ERed E = ERed ;

⇋

ERed ; SRed S

⇋

SRed S

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 17 / 39

The K Framework K in a nutshell

Heating syntax through strictness rules

Computation t = * x

• ;
• * x = * y ; * y = t ;

K Syntax: BNF syntax annotated with strictness

Exp ::= Id

| * Exp

[strict]

| Exp = Exp

[strict(2)] Stmt ::= Exp ; [strict]

| Stmt Stmt

[seqstrict]

* ERed ⇋

ERed * E = ERed

⇋

ERed E = ERed ;

⇋

ERed ; SRed S

⇋

SRed S

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 17 / 39

The K Framework K in a nutshell

Heating syntax through strictness rules

Computation

* x

• t =
• ;
• * x = * y ; * y = t ;

K Syntax: BNF syntax annotated with strictness

Exp ::= Id

| * Exp

[strict]

| Exp = Exp

[strict(2)] Stmt ::= Exp ; [strict]

| Stmt Stmt

[seqstrict]

* ERed ⇋

ERed * E = ERed

⇋

ERed E = ERed ;

⇋

ERed ; SRed S

⇋

SRed S

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 17 / 39

The K Framework K in a nutshell

Heating syntax through strictness rules

Computation x

• *
• t =
• ;
• * x = * y ; * y = t ;

K Syntax: BNF syntax annotated with strictness

Exp ::= Id

| * Exp

[strict]

| Exp = Exp

[strict(2)] Stmt ::= Exp ; [strict]

| Stmt Stmt

[seqstrict]

* ERed ⇋

ERed * E = ERed

⇋

ERed E = ERed ;

⇋

ERed ; SRed S

⇋

SRed S

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 17 / 39

The K Framework K rules

Example: running configuration

Swapping the values at locations 4 and 5 in memory

void swap(int * x, int * y){ int t = * x; * x = * y; * y = t; }

Possible Configuration during a call to swap (a, b):

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

Example: running configuration

Strictness rules (from annotations) extract the redex How do we specify next step?

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Focusing on the relevant part

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Unnecessary parts of the cells are abstracted away

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Underlining what to replace, writing the replacement under the line

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Configuration Abstraction: Keep only the relevant cells

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Configuration Abstraction: Keep only the relevant cells

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Generalize the concrete instance

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Voilà!

Reading from environment If a local variable X is the next thing to be processed . . . . . . and if X is mapped to a value V in the environment . . . . . . then process X, replacing it by V

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

K rules: expressing natural language into rules

Summary

Reading from environment X V k X → V env

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

Configuration abstraction enhances modularity

At least as modular as Modular SOS

Reading from environment X V k X → V env

t * 5 = ; env( a → 4 b → 5 ) k thread x → 4 t → 1 y → 5 env 4 → 7 5 → 7 mem state T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 18 / 39

The K Framework K rules

Applying K rules: Reading from environment

X V k X → V env

t * 5 = ; env( a → 4 b → 5 )

k

x → 4 t → 1 y → 5

env

4 → 7 5 → 7

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Reading from environment

X V k X → V env 1 * 5 = ; env( a → 4 b → 5 ) k

x → 4 t → 1 y → 5

env

4 → 7 5 → 7

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Strictness of assignment

Exp ::= Exp = Exp [strict(2)] which is syntactic sugar for: E = Redex

⇋

Redex E = 1 * 5 = ; env( a → 4 b → 5 ) k

x → 4 t → 1 y → 5

env

4 → 7 5 → 7

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Strictness of assignment

Exp ::= Exp = Exp [strict(2)] which is syntactic sugar for: E = Redex

⇋

Redex E =

* 5 = 1 ; env( a → 4 b → 5 )

k

x → 4 t → 1 y → 5

env

4 → 7 5 → 7

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Updating memory

* N = V

V k N → _ V mem

* 5 = 1 ; env( a → 4 b → 5 )

k

x → 4 t → 1 y → 5

env

4 → 7 5 → 7

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Updating memory

* N = V

V k N → _ V mem 1 ; env( a → 4 b → 5 ) k

x → 4 t → 1 y → 5

env

4 → 7 5 → 1

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Semantics for expression statements

Strictness : Stmt ::= Exp ; [strict] Semantic rule: V ; ⇀ skip 1 ; env( a → 4 b → 5 ) k

x → 4 t → 1 y → 5

env

4 → 7 5 → 1

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Semantics for expression statements

Strictness : Stmt ::= Exp ; [strict] Semantic rule: V ; ⇀ skip

skip env( a → 4 b → 5 )

k

x → 4 t → 1 y → 5

env

4 → 7 5 → 1

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Recovering environment

V env( Env )

• k

_ Env env

skip env( a → 4 b → 5 )

k

x → 4 t → 1 y → 5

env

4 → 7 5 → 1

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework K rules

Applying K rules: Recovering environment

V env( Env )

• k

_ Env env

skip

k a → 4 b → 5 env

4 → 7 5 → 1

mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 19 / 39

The K Framework Strengths of K

K’s definitional power

More expressive than Reduction with Evaluation Contexts

Some of K’s strengths Dealing with control Task synchronization Defining reflective features

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 20 / 39

The K Framework Strengths of K

Definitional Power: Control

Call with current continuation Passing computation as value:

callcc V

V cc(K)

K

k Applying computation as function: cc(K) V _ V K k Impossible to capture in frameworks without evaluation contexts

Why? Execution context is logical context, not observable from within

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 21 / 39

The K Framework Strengths of K

Definitional Power: Synchronization

Synchronous communication N1 me

sendSynch V to N2 skip

k agent N2 me

receiveFrom N1

V k agent Hard, if not impossible to capture in other definitional frameworks

(might work for toy languages: CCS, π-calculus)

Both redexes must be matched simultaneously

Easy in K as redex is always at top of computation

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 22 / 39

The K Framework Strengths of K

Definitional Power: Syntactic Reflection

K Syntax = AST

K ::= KLabel(List{K})

| •K | K K

List{K} ::= K

| •List{K} | List{K} , List{K}

Everything else (language construct, builtin constant) is a K label a + 3 ≡ _ + _(a(•List{K}) , 3(•List{K})) Reflection through AST manipulation Generic AST visitor pattern Code generation: quote/unquote Binder independent substitution Check dissertation for more details

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 23 / 39

The K Framework Concurrency

The concurrency of the K framework

Truly concurrent (even more concurrent than the CHAM framework) Captures concurrency with sharing of resources.

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 24 / 39

The K Framework Concurrency

K rules enhance concurrency

Concurrent reads

* N

V k N → V mem

* 3 · · ·

k

* 3 · · ·

k 2 → 5 3 → 1 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

The K Framework Concurrency

K rules enhance concurrency

Concurrent reads

* N

V k N → V mem

* 3 · · ·

k

* 3 · · ·

k 2 → 5 3 → 1 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

The K Framework Concurrency

K rules enhance concurrency

Concurrent reads

* N

V k N → V mem 1 · · · k 1 · · · k 2 → 5 3 → 1 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

The K Framework Concurrency

K rules enhance concurrency

Concurrent updates (on distinct locations)

* N = V

V k N → _ V mem

* 2 = 9 · · ·

k

* 3 = 0 · · ·

k 2 → 5 3 → 1 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

The K Framework Concurrency

K rules enhance concurrency

Concurrent updates (on distinct locations)

* N = V

V k N → _ V mem

* 2 = 9 · · ·

k

* 3 = 0 · · ·

k 2 → 5 3 → 1 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

The K Framework Concurrency

K rules enhance concurrency

Concurrent updates (on distinct locations)

* N = V

V k N → _ V mem 9 · · · k 0 · · · k 2 → 9 3 → 0 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

The K Framework Concurrency

K rules enhance concurrency

No dataraces: rule instances can overlap only on read-only part

* N = V

V k N → _ V mem

* N

V k N → V mem

* 3 = 0 · · ·

k

* 3 · · ·

k 2 → 5 3 → 1 4 → 6 mem T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 25 / 39

Formally capturing the concurrency of K

Formally capturing the concurrency of K

Idea: Give semantics to K rewriting through graph rewriting

K rules resemble graph rewriting rules

Graph rewriting captures concurrency with sharing of context Results: A new formalism of term-graph rewriting Sound and complete w.r.t. term rewriting Capturing the intended concurrency of K rewriting

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 26 / 39

Formally capturing the concurrency of K K graph rewriting

K graph rules: a new kind of term graph rewriting rules

K rule ρ

h( x g(x, x)

, _ , 1 )

Direct representation as a rewrite rule K2R(ρ) h(x, y, 1) → h(g(x, x), y, 0) Corresponding graph rewrite rule K2G(ρ) s h x:s

1

int 1

3

⊃

s h x:s int 1

⊂

s h s

1

g int

3

x:s int 1

1 2

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 27 / 39

Formally capturing the concurrency of K K graph rewriting

K rewriting

Definition Let S be a K rewrite system and t be a term. Then t

S ≡ ≡ ≡ ≡ ≡

≻

K

t′ iff K2G(t)

K2G(S)

= = = = ⇒

Graph H such that term(H) = t′

Theorem (Correctness w.r.t. rewriting) Soundness: If t

ρ ≡ ≡ ≡ ≡ ≡

≻

K

t′ then t

K2R(ρ)

= = = = ⇒

Rew

t′. Completeness: If t

K2R(ρ)

= = = = ⇒

Rew

t′ then t

ρ ≡ ≡ ≡ ≡ ≡

≻

K

t′. Serializability: If t

ρ1+···+ρn ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

≻

K

t′ then t

ρ1∗ ≡ ≡ ≡ ≡ ≡

≻

K

· · ·

ρn∗ ≡ ≡ ≡ ≡ ≡

≻

K

t′ (and thus, t

∗

= = ⇒

Rew t′).

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 28 / 39

Formally capturing the concurrency of K K graph rewriting

Instead of proof

Quite technical and complex 12 pages of definitions, constructions, and preparatory results Getting there

K term graphs and K graph rewrite rules K term graphs are stable under concurrent applications of K rules

If their instances only overlap on read-only part If they do not introduce cycles

Serializability based on graph rewriting serializability

[Ehrig, Kreowski, 1976]

K graph rewriting conservatively extends Jungle rewriting

Jungle rewriting is sound and complete w.r.t. rewriting

[Holland, Plump, 1991; Plump 1999]

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 29 / 39

Representing K into RWL

Representing K into RWL

Core of the K-Maude tool

Faithfully, in two steps Represent K rewriting as K graph rewriting RWL captures graph rewriting as theories over concurrent objects

Theoretical, non executable

Useful to reason about the amount of concurrency in a K definition Directly—Implemented in the K-Maude tool Straight-forward, forgetting read-only information of K rules Executable, with full access to rewriting logic’s tools Loses the one-step concurrency of K

Nevertheless, it is sound for all other analysis purposes

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 30 / 39

Representing K into RWL

Direct embedding of K into RWL (core of K-Maude)

Dereferencing rule

* N

V k N → V mem

• K

k

• Map

env id thread* threads

• Map

locks

• Set

cthreads

• Map

funs

• List

in

• List
• ut
• Map

mem

• Map

ptr 1 next T

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 31 / 39

Representing K into RWL

Direct embedding of K into RWL (core of K-Maude)

Dereferencing rule

* N

V k N → V mem Configuration-concretized version of the rule

* N V k thread threads N → V mem

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 31 / 39

Representing K into RWL

Direct embedding of K into RWL (core of K-Maude)

Dereferencing rule

* N

V k N → V mem Flattening the K rule to a rewrite rule

rl <threads> <thread> <k> * N ?1:K </k> ?2:Bag </thread> ?3:Bag </threads> <mem> N → V ?4:Map </mem> => <threads> <thread> <k> V ?1:K </k> ?2:Bag </thread> ?3:Bag </threads> <mem> N → V ?4:Map </mem>

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 31 / 39

Representing K into RWL K-Maude

K-Maude overview [S

, erb˘

anut

, ˘

a, Ros

, u, 2010]

K-Maude compiler: 22 stages ∼ 8k lines of Maude code Transforming K rules in rewrite rules (6 stages) Strictness rules generation (3 stages) Flattening syntax to AST form (10 stages) Interface (3 stages) K-L

AT

EX compiler—typesetting ASCII K Graphical representation, for presentations (like this defense) Mathematical representation, for papers (like the dissertation)

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 32 / 39

Representing K into RWL K-Maude

K-Maude Demo?

From PL definitions to runtime analysis tools

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 33 / 39

Representing K into RWL K-Maude

K-Maude Demo: Datarace freeness

Begin with a definition of KernelC, a subset of C

functions, memory allocation, pointers, input/output

Extend it with concurrency features (threads, locks, join)

without changing anything but the configuration

Specify dataraces and explore executions for datarace freeness

adding only two structural rules, for write-write and write-read conflicts

Case study: Bank account with buggy transfer function

Detect the race using a test driver Fix the race and verify the fix Show that the fix introduces a deadlock Fix the fix and verify it is now datarace and deadlock free

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 34 / 39

Representing K into RWL K-Maude

K-Maude Demo: Experimenting with memory models

Change the memory model for concurrent KernelC Use a relaxed memory model inspired by x86-TSO

Threads act like processors, local variables as registers Synchronization constructs (thread create, end, join) generate fences Rules faithfully capture the natural language description Only the rules specifically involved need to be changed

Case study: Analyzing Peterson’s algorithm on both memory models

first model, being sequentially consistent, ensures mutual exclusion second model fails to ensure it

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 35 / 39

Representing K into RWL K-Maude

K-Maude community

http://k-framework.googlecode.com

Current K-Maude projects C Chucky Ellison Haskell Michael Ilseman, David Lazar Javascript Maurice Rabb Scheme Patrick Meredith X10 Milos Gligoric Matching Logic Elena Naum, Andrei S

, tef˘

anescu CEGAR Irina As˘ avoae, Mihail As˘ avoae Teaching Dorel Lucanu, Grigore Ros

, u

Interface Andrei Arusoaie, Michael Ilseman

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 36 / 39

Conclusions

Summary of contributions

K: a framework for defining real programming languages

Expressive—at least as Reduction with evaluation contexts Modular—at least as Modular SOS Concurrent—more than CHAM Concise, intuitive K-Maude: a tool for executing and analyzing K definitions

K definitions become testing and analysis tools

Strengthens the thesis that RWL is amenable for PL definitions

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 37 / 39

Conclusions Related work

Related work using K

Definitions of real languages “by the book” Java [Farzan, Chen, Meseguer, Ros

, u, 2004]

Scheme [Meredith, Hills, Ros

, u, 2007]

Verilog [Meredith, Katelman, Meseguer, Ros

, u, 2010]

C [Ellison, Ros

, u, 2011?]

Analysis tools and techniques Static Policy Checker for C [Hills, Chen, Ros

, u, 2008]

Memory Safety [Ros

, u, Schulte, S , erb˘

anut

, ˘

a, 2009]

Type Soundness [Ellison, S

, erb˘

anut

, ˘

a, Ros

, u, 2008]

Matching Logic [Ros

, u, Ellison, Schulte, 2010]

CEGAR with predicate abstraction [As˘

avoae, As˘ avoae, 2010]

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 38 / 39

Conclusions Future Work

Future Work

Rewriting & Programming languages Long list of feature requests for K-Maude Use of K as a programming language

Compiling K definitions for faster (and concurrent) execution

Proving meta-properties about languages Specifying and verifying concurrency Relaxed memory models Foundations Explore non-serializable concurrency for rewriting Models for K definitions

Traian Florin S

, erb˘

anut

,˘

a (UIUC) Programming Language Semantics using K 39 / 39