Semantic relationships: reducing the separation between theory and practice Robert Milne rem@antelope.org.uk
The sixties 1960 1970 1
Basic attitude “ It has long been my personal view that the separation of practical and theoretical work is artificial and injurious. Much of the practical work done in computing, both in software and in hardware design, is unsound and clumsy because the people who do it have not any clear understanding of the fundamental design principles of their work. Most of the abstract mathematical and theoretical work is sterile because it has no point of contact with real computing .” Christopher Strachey, Towards a formal semantics , 1966. “ We need to develop our insight into computing processes and to recognise and isolate the central concepts—things analogous to the concepts of continuity and convergence in analysis. To do this we must become familiar with them and give them names even before we are really satisfied that we have described them precisely. If we attempt to formalise our ideas before we have really sorted out the important concepts the result, though possibly rigorous, is of very little value— indeed it may well do more harm than good by making it harder to discover the really important concepts. Our motto should be ‘No axiomatisation without insight’. ” Christopher Strachey, Fundamental concepts in programming languages , 1967. 2
The Programming Research Group • Attracted because of these early papers and the subsequent progress. • Unstructured and informal, perhaps as when Christopher had one employee. • Occupied occasionally by up to twelve people (half being students). • Slightly more structured when we wrote the essay for the Adams Prize. 3
Writing the essay • Typing Multiple golf balls per line and at least • four per page. Up to fifty written or stamped script • characters per page. • Correction Different alignments of moved and • reinserted pages. Different reflectances of original and • amended characters. • Notation 𝒟⟦Ε 0 Ε 1 ⟧ = 𝜇𝜍𝜄. ℰ⟦Ε 0 ⟧𝜍(𝜇𝜁 0 . ℰ⟦Ε 1 ⟧𝜍(𝜇𝜁 1 . 𝑏𝑞𝑞𝑚𝑧 𝜁 0 𝜁 1 𝜄)) Few simplifications. • would be used. Detailed proofs to show feasibility. • 𝒟⟦Ε 0 Ε 1 ⟧ = Explicit entities to limit abstraction. 𝑚𝑓𝑢 𝜁 0 = ℰ⟦Ε 0 ⟧ 𝑗𝑜 𝑚𝑓𝑢 𝜁 1 = ℰ⟦Ε 1 ⟧ 𝑗𝑜 𝑏𝑞𝑞𝑚𝑧 𝜁 0 𝜁 1 • (with or without the brackets) could have served instead in all forms of semantics, not just this one. 4
Describing the fundamental concepts The essay Fundamental concepts in programming languages locations and values environments and stores scopes and extents procedures and routines jumps continuations parameters recursion changeable data structures polymorphism types concurrency 5
Relating theory to practice After Fundamental concepts in programming languages From Fundamental concepts in programming languages Procedure modelled by theory Procedure implemented in practice • • Mathematical function. Executable statement. • • Environment embedded in the Environment (“FVL”) with an explicit • • function. pointer. Recursion by introducing a fixed Recursion by pointing back to the • • point of the function. statement through the location. Programming language Execution language “standard semantics” “store semantics” interpretation “SECD” “stack semantics” compilation chained display 6 equivalence proofs equivalence proofs equivalence proofs
Relationships between forms of the semantics Programming language Execution language program program executable executable fragment fragment statement statement Γ Γ Π Π restricting program translating program identifying executable fragments to ones for which fragments into executable statements for which different forms of the statements different forms of the semantics should be related semantics should be related 𝑑⟦Γ⟧𝜍́ Γ ↦ 𝑑⟦Γ⟧𝜍̀𝜉 Π ↦ Π denoting denoting denoting denoting entities more entities less execution states execution states deeply embedded deeply embedded as arguments and as tuples and in functions in functions executable code executable code as functions as text )𝜑̀𝜏̀� (𝜏́ &𝜉𝜑̀𝜏̀ 𝒟⟦Γ⟧𝜍́𝜄 �𝒟⟦Γ⟧𝜍̀𝜂 𝒶⟦Π⟧𝜉𝜑𝜏 𝒲⟦Π⟧𝜂 related related related by inclusive predicates by inclusive predicates by inclusive predicates (or “logical relations”) (or “logical relations”) and partial orders (𝜑̀𝜏̀ = 𝒲⟦𝒹⟦Γ⟧𝜍̀1⟧𝜂 (1𝜑̀𝜏̀ 𝒟⟦Γ⟧𝜍̀𝜂 7
The abstract model for storage The effect of an assignment command is to change the contents of the store of the machine. Thus it alters the relationship between L-values and R-values and so changes σ. We can therefore regard assignment as an operator on σ which produces a fresh σ. If we update the L-value α (whose original R-value in σ was β ) by a fresh R-value β ’ to produce a new store σ’, we want the R-value of α in σ’ to be β ’, while the R-value of all other L-values remain unaltered. Christopher Strachey, Fundamental concepts in programming languages , 1967. Thus storage is modelled by such functions as the following. 𝑏𝑠𝑓𝑏: 𝐌 → 𝐓 → 𝐔 𝑏𝑠𝑓𝑏 𝛽(𝑣𝑞𝑒𝑏𝑢𝑓 𝛽′𝛾𝜏) = 𝑗𝑔 𝛽 = 𝛽′ 𝑢ℎ𝑓𝑜 𝑢𝑠𝑣𝑓 𝑓𝑚𝑡𝑓 𝑏𝑠𝑓𝑏 𝛽𝜏 ℎ𝑝𝑚𝑒: 𝐌 → 𝐓 → 𝐖 ℎ𝑝𝑚𝑒 𝛽(𝑣𝑞𝑒𝑏𝑢𝑓 𝛽′𝛾𝜏) = 𝑗𝑔 𝛽 = 𝛽′ 𝑢ℎ𝑓𝑜 𝛾 𝑓𝑚𝑡𝑓 ℎ𝑝𝑚𝑒 𝛽𝜏 𝑜𝑓𝑥: 𝐓 → 𝐌 𝑏𝑠𝑓𝑏 (𝑜𝑓𝑥 𝜏)𝜏 = 𝑔𝑏𝑚𝑡𝑓 𝑓𝑛𝑞𝑢𝑧: 𝐓 𝑏𝑠𝑓𝑏 𝛽(𝑓𝑛𝑞𝑢𝑧) = 𝑔𝑏𝑚𝑡𝑓 𝑣𝑞𝑒𝑏𝑢𝑓: 𝐌 → 𝐖 → 𝐓 → 𝐓 8
Problems and solutions for storage fun f(z) = y := !ref(0) fun f(z) = y := !ref(0) Assignment of an integer • f(2) val x = ref(1) • The location for x is inaccessible in f. val x = ref(1) f(2) • The fragments should be equivalent. equivalent • Their denotations might be unequal. Assignment of a reference fun f(z) = y := ref(0) fun f(z) = y := ref(0) • f(2) val x = ref(1) • The location for x is dependent on f. val x = ref(1) f(2) • The fragments should be inequivalent. inequivalent • Their denotations should be unequal. one program another program • Relations are based on states such as: fragment and state fragment and state • Stores (if locations can be paired with other entities). • Locations (if locations are paired only with locations). • Stacks and stores (if, as in the essay, the relations are between “stack denoting denoting semantics” and “store semantics”, with states ordered by match and restricted by seen ). 9 related
Principles for reasoning about storage • Constrain fragments to be consistent one program another program with the expected relations. fragment and state fragment and state , 𝜓́ ∧ 𝑑𝑝𝑜𝑡𝑗𝑡𝑢𝑓𝑜𝑢 𝜓́𝜌́ 𝜍́ 𝒹 Γ " " Γ Γ 9 (𝑓𝑦𝑢𝑠𝑏𝑑𝑢 𝜌̀𝜍̀ ) 𝒹 Γ • Introduce binary relations that both fit the domain constructors and reflect the intentions of the constraints. 𝜌 D means 𝜌́ , 𝜌̀ G. 𝑑 ? G ⇒ 𝑑 ? ,, 𝛿̀𝜄 9 denoting denoting (𝑑 ? @ → 𝑑 ? @ )𝛿 D means ∀𝜄 @ 𝜄 @ 𝛿́𝜄 • Relate (or make assertions about) $⟧𝜍́𝜄 $𝜏́ $⟧𝜍̀𝜄 $𝜏̀ 𝒟⟦Γ 𝒟⟦Γ fragments through states. , 𝜍́, 𝒟 Γ 9 𝜍̀ related 𝑣 ? @ 𝜍 D ⇒ 𝑑 ? @ → 𝑑 ? @ 𝒟 Γ 𝑚 ? @ 𝛽 D ⇒ 𝑤 ? @ ℎ𝑝𝑚𝑒 𝛽́𝜏́, ℎ𝑝𝑚𝑒 𝛽 ̀ 𝜏̀ @WX • Order states partially according to $⟧𝜓́ ∧ 𝒹⟦Γ )⟧𝜓̀ ⇒ 𝑑𝑝𝑜𝑡𝑗𝑡𝑢𝑓𝑜𝑢 𝜓́𝜌́ 𝜍́ ∧ 𝑑𝑝𝑜𝑡𝑗𝑡𝑢𝑓𝑜𝑢 𝜓̀𝜌̀𝜍̀ ⇒ 𝒹⟦Γ whether one extends another. $⟧𝜍́, 𝒟⟦Γ )⟧𝜍̀〉 8 ⇒ (𝑑 𝜌 7 ) 〈𝒟⟦Γ 𝑣 𝜌 7 𝜍 7 → 𝑑 𝜌 𝜌 ≤ 𝜌 N means ∃𝛽. 𝜌 = 𝜌 N † 𝛽 where 𝜌 N † 𝛽 has no locations in the state 𝜌 ′ "newer" than 𝛽 . $⟧(𝑓𝑦𝑢𝑠𝑏𝑑𝑢 𝜌́ 𝜍́) ∧ 𝒹⟦Γ )⟧(𝑓𝑦𝑢𝑠𝑏𝑑𝑢 𝜌̀𝜍̀) ⇒ 𝒹⟦Γ • Apply fragments in states that extend $⟧𝜍́, 𝒟⟦Γ )⟧𝜍̀〉 8 ⇒ (𝑑 𝜌 7 ) 〈𝒟⟦Γ 𝑣 𝜌 7 𝜍 7 → 𝑑 𝜌 those for their definitions. S ⇒ D ≤ 𝜌 N 𝜌 , 𝜍́, 𝒟 Γ 9 𝜍̀ ⇒ 𝑑 ? @ → 𝑑 ? @ 𝒟 Γ 10 , 𝜍́, 𝒟 Γ 9 𝜍̀ 𝑑 ?N T → 𝑑 ?N T 𝒟 Γ
Recommend
More recommend
