Semantics and Verification of Software

Size: px

Start display at page:

Download "Semantics and Verification of Software"

Jean Sullivan
5 years ago
Views:

1 Semantics and Verification of Software Thomas Noll Software Modeling and Verification Group RWTH Aachen University

2 Recap: Operational Semantics of Blocks and Procedures Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 2 of 22 Semantics and Verification of Software

3 Recap: Operational Semantics of Blocks and Procedures Extending the Syntax Syntactic categories: Category Domain Meta variable Procedure identifiers PVar = {P, Q,...} P Procedure declarations PDec p Variable declarations VDec v Commands (statements) Cmd c Context-free grammar: p ::= proc P is c end;p ε PDec v ::= var x;v ε VDec c ::= skip x := a c 1 ;c 2 if b then c 1 else c 2 end while b do c end call P begin v p c end Cmd All used variable/procedure identifiers have to be declared Identifiers declared within a block must be distinct 3 of 22 Semantics and Verification of Software

4 Recap: Operational Semantics of Blocks and Procedures Locations and Stores So far: states Σ = {σ σ : Var Z} Now: explicit control over all (nested) instances of a variable: variable environments VEnv := {ρ ρ : Var Loc} (partial function to maintain declaredness information) locations Loc := N stores Sto := {σ σ : Loc Z} (partial function to maintain allocation information) Two-level access to a variable x Var: 1. determine current memory location of x: l := ρ(x) 2. reading/writing access to σ at location l Thus: previous state information represented as σ ρ 4 of 22 Semantics and Verification of Software

5 Recap: Operational Semantics of Blocks and Procedures Procedure Environments and Declarations Effect of procedure call determined by its body and variable and procedure environment of its declaration: PEnv := {π π : PVar Cmd VEnv PEnv} denotes the set of procedure environments Effect of declaration: update of environment (and store) upd v. : VDec VEnv Sto VEnv Sto upd v var x;v (ρ, σ) := upd v v (ρ[x l x ], σ[l x 0]) upd v ε (ρ, σ) := (ρ, σ) upd p. : PDec VEnv PEnv PEnv upd p proc P is c end;p (ρ, π) := upd p p (ρ, π[p (c, ρ, π)]) upd p ε (ρ, π) := π where l x := min{l Loc σ(l) = } 5 of 22 Semantics and Verification of Software

6 Recap: Operational Semantics of Blocks and Procedures Execution Relation I Definition (Execution relation) For c Cmd, σ, σ Sto, ρ VEnv, and π PEnv, the execution relation (ρ, π) c, σ σ ( in environment (ρ, π), statement c transforms store σ into σ ) is defined by the following rules: (seq) (if-t) (asgn) (skip) (ρ, π) skip, σ σ a, σ ρ z (ρ, π) x := a, σ σ[ρ(x) z] (ρ, π) c 1, σ σ (ρ, π) c 2, σ σ (ρ, π) c 1 ;c 2, σ σ b, σ ρ true (ρ, π) c 1, σ σ (ρ, π) if b then c 1 else c 2 end, σ σ 6 of 22 Semantics and Verification of Software

7 Recap: Operational Semantics of Blocks and Procedures Execution Relation II Definition (Execution relation; continued) (wh-t) (call) (block) (if-f) b, σ ρ false (ρ, π) c 2, σ σ (ρ, π) if b then c 1 else c 2 end, σ σ b, σ ρ false (wh-f) (ρ, π) while b do c end, σ σ b, σ ρ true (ρ, π) c, σ σ (ρ, π) while b do c end, σ σ (ρ, π) while b do c end, σ σ (ρ, π [P (c, ρ, π )]) c, σ σ (ρ, π) call P, σ σ if π(p) = (c, ρ, π ) upd v v (ρ, σ) = (ρ, σ ) upd p p (ρ, π) = π (ρ, π ) c, σ σ (ρ, π) begin v p c end, σ σ 7 of 22 Semantics and Verification of Software

8 Denotational Semantics of Blocks and Procedures Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 8 of 22 Semantics and Verification of Software

9 Denotational Semantics of Blocks and Procedures The Approach Operational semantics: syntactic approach procedure environment stores code of body semantics of call = inlining 9 of 22 Semantics and Verification of Software

10 Denotational Semantics of Blocks and Procedures The Approach Operational semantics: syntactic approach procedure environment stores code of body semantics of call = inlining Denotational semantics: semantic approach procedure environment stores (partial) storage transformations semantics of call = function application variables handled as in operational semantics (by environment and stores) declarations of recursive procedures handled by fixpoint approach 9 of 22 Semantics and Verification of Software

11 Handling Variable Declarations Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 10 of 22 Semantics and Verification of Software

12 Handling Variable Declarations Handling Variable Declarations Exactly as in operational semantics: Variable environments keep location information: with Loc := N VEnv := {ρ ρ : Var Loc} 11 of 22 Semantics and Verification of Software

13 Handling Variable Declarations Handling Variable Declarations Exactly as in operational semantics: Variable environments keep location information: with Loc := N VEnv := {ρ ρ : Var Loc} Effect of variable declaration: update of environment and store upd v. : VDec VEnv Sto VEnv Sto where l x := min{l Loc σ(l) = } upd v var x;v (ρ, σ) := upd v v (ρ[x l x ], σ[l x 0]) upd v ε (ρ, σ) := (ρ, σ) 11 of 22 Semantics and Verification of Software

14 Handling Variable Declarations Statement Semantics Using Variable Environments First step: reformulation of Definition 6.3 using variable environments and locations So far: C. : Cmd (Σ Σ) 12 of 22 Semantics and Verification of Software

15 Handling Variable Declarations Statement Semantics Using Variable Environments First step: reformulation of Definition 6.3 using variable environments and locations So far: C. : Cmd (Σ Σ) Definition 15.1 (Denotational semantics using locations) The (denotational) semantic functional for statements, C. : Cmd VEnv (Sto Sto), is given by: C skip ρ := id Sto C x := a ρ σ := σ[ρ(x) A a (lookup ρ σ)] C c 1 ;c 2 ρ := (C c 2 ρ) (C c 1 ρ) C if b then c 1 else c 2 end ρ := cond(b b (lookup ρ), C c 1 ρ, C c 2 ρ) C while b do c end ρ := fix(φ) where lookup : VEnv Sto Σ with lookup ρ σ := σ ρ and Φ : (Sto Sto) (Sto Sto) : f cond(b b (lookup ρ), f C c ρ, id Sto ) 12 of 22 Semantics and Verification of Software

16 Handling Procedures Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 13 of 22 Semantics and Verification of Software

17 Handling Procedures Procedure Environments Procedure environments now store semantic information: So far: PEnv := {π π : PVar Cmd VEnv PEnv} Now: PEnv := {π π : PVar (Sto Sto)}, to be used in C. : Cmd VEnv PEnv (Sto Sto) 14 of 22 Semantics and Verification of Software

18 Handling Procedures Procedure Environments Procedure environments now store semantic information: So far: PEnv := {π π : PVar Cmd VEnv PEnv} Now: PEnv := {π π : PVar (Sto Sto)}, to be used in C. : Cmd VEnv PEnv (Sto Sto) Procedure declarations ( proc P is c end ) update procedure environment: upd p. : PDec VEnv PEnv PEnv non-recursive case: P not (indirectly) called within c π(p) immediately given by C c ρ π upd p proc P is c end;p (ρ, π) := upd p p (ρ, π[p C c ρ π]) recursive case: π(p) must be a solution of equation f = C c ρ π[p f] (cf. fixpoint semantics of while loop Slide 6.12) upd p proc P is c end;p (ρ, π) := upd p p (ρ, π[p fix(ψ)]) where Ψ : (Sto Sto) (Sto Sto) : f C c ρ π[p f] 14 of 22 Semantics and Verification of Software

19 Handling Procedures Procedure Environments Procedure environments now store semantic information: So far: PEnv := {π π : PVar Cmd VEnv PEnv} Now: PEnv := {π π : PVar (Sto Sto)}, to be used in C. : Cmd VEnv PEnv (Sto Sto) Procedure declarations ( proc P is c end ) update procedure environment: upd p. : PDec VEnv PEnv PEnv non-recursive case: P not (indirectly) called within c π(p) immediately given by C c ρ π upd p proc P is c end;p (ρ, π) := upd p p (ρ, π[p C c ρ π]) recursive case: π(p) must be a solution of equation f = C c ρ π[p f] (cf. fixpoint semantics of while loop Slide 6.12) upd p proc P is c end;p (ρ, π) := upd p p (ρ, π[p fix(ψ)]) where Ψ : (Sto Sto) (Sto Sto) : f C c ρ π[p f] upd p ε (ρ, π) := π Remark: non-recursive is special case of recursive situation 14 of 22 Semantics and Verification of Software

20 Handling Procedures Statement Semantics Including Procedures So far: C. : Cmd VEnv (Sto Sto) 15 of 22 Semantics and Verification of Software

21 Handling Procedures Statement Semantics Including Procedures So far: C. : Cmd VEnv (Sto Sto) Definition 15.2 (Denotational semantics with procedures) C. : Cmd VEnv PEnv (Sto Sto) is given by C skip ρ π := id Sto C x := a ρ π σ := σ[ρ(x) A a (lookup ρ σ)] C c 1 ;c 2 ρ π := (C c 2 ρ π) (C c 1 ρ π) C if b then c 1 else c 2 end ρ π := cond(b b (lookup ρ), C c 1 ρ π, C c 2 ρ π) C while b do c end ρ π := fix(φ) C call P ρ π := π(p) C begin v p c end ρ π σ := C c ρ π σ where upd v v (ρ, σ) = (ρ, σ ) upd p p (ρ, π) = π lookup ρ σ := σ ρ Φ(f) := cond(b b (lookup ρ), f C c ρ π, id Sto ) 15 of 22 Semantics and Verification of Software

22 Two Examples Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 16 of 22 Semantics and Verification of Software

23 Two Examples Example: Non-Recursive Case Example 15.3 (Non-recursive procedure call) (also demonstrates static scoping principle) c = begin var x; proc P is x := x - 1 end; x := 2; } c 1 begin var x; x := 3; c 2 call P; end; end Initial environments/store: ρ VEnv, π PEnv, σ Sto Computation of C c ρ π σ : on the board 17 of 22 Semantics and Verification of Software

24 Two Examples Example: Recursive Case Example 15.4 (Recursive procedure call) c = begin proc F is if x = 1 then skip; else y := x * y; x := x - 1; call F end end } y := 1; c call F; 2 end c 1 p Initial environments/store: ρ 1 := ρ [x 0, y 1] VEnv π PEnv σ 1 Sto (with σ 1 (0) σ 1 (1)) Computation of C c ρ 1 π σ 1 : on the board 18 of 22 Semantics and Verification of Software

25 Justification of Fixpoint Semantics Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 19 of 22 Semantics and Verification of Software

26 Justification of Fixpoint Semantics Justification of Fixpoint Semantics Lemma (cf. Lemma 7.9) (Sto Sto, ) is a CCPO where f g iff for all σ, σ Σ: f (σ) = σ g(σ) = σ 20 of 22 Semantics and Verification of Software

27 Justification of Fixpoint Semantics Justification of Fixpoint Semantics Lemma (cf. Lemma 7.9) (Sto Sto, ) is a CCPO where f g iff for all σ, σ Σ: f (σ) = σ g(σ) = σ 2. (cf. Lemmata 7.13 and 7.16) Let b BExp, c Cmd, ρ VEnv, π PEnv, and Φ : (Sto Sto) (Sto Sto) with Φ(f ) := cond(b b (lookup ρ), f C c ρ π, id Sto ). Then Φ is monotonic and continuous w.r.t. (Sto Sto, ). 20 of 22 Semantics and Verification of Software

28 Justification of Fixpoint Semantics Justification of Fixpoint Semantics Lemma (cf. Lemma 7.9) (Sto Sto, ) is a CCPO where f g iff for all σ, σ Σ: f (σ) = σ g(σ) = σ 2. (cf. Lemmata 7.13 and 7.16) Let b BExp, c Cmd, ρ VEnv, π PEnv, and Φ : (Sto Sto) (Sto Sto) with Φ(f ) := cond(b b (lookup ρ), f C c ρ π, id Sto ). Then Φ is monotonic and continuous w.r.t. (Sto Sto, ). 3. Let proc P is c end PDec, ρ VEnv, π PEnv, and Ψ : (Sto Sto) (Sto Sto) with Ψ(f ) := C c ρ π[p f ]. Then Ψ is monotonic and continuous w.r.t. (Sto Sto, ). Proof. omitted 20 of 22 Semantics and Verification of Software

29 Outline of Lecture 15 Recap: Operational Semantics of Blocks and Procedures Denotational Semantics of Blocks and Procedures Handling Variable Declarations Handling Procedures Two Examples Justification of Fixpoint Semantics 21 of 22 Semantics and Verification of Software

30 Blocks allow to declare local variables and recursive procedures 22 of 22 Semantics and Verification of Software

31 Blocks allow to declare local variables and recursive procedures Requires concept of locations to support instantiation of variables 22 of 22 Semantics and Verification of Software

32 Blocks allow to declare local variables and recursive procedures Requires concept of locations to support instantiation of variables Static scoping: meaning of identifier determined by declaration (rather than calling) context 22 of 22 Semantics and Verification of Software

33 Blocks allow to declare local variables and recursive procedures Requires concept of locations to support instantiation of variables Static scoping: meaning of identifier determined by declaration (rather than calling) context Meaning of variable declaration: storage allocation 22 of 22 Semantics and Verification of Software

34 Blocks allow to declare local variables and recursive procedures Requires concept of locations to support instantiation of variables Static scoping: meaning of identifier determined by declaration (rather than calling) context Meaning of variable declaration: storage allocation Meaning of procedure call: operationally: execution of procedure body procedure environment records statement ( symbol table ) denotationally: application of procedure meaning procedure environment records (partial) store transformation recursive behavior again handled by fixpoint approach 22 of 22 Semantics and Verification of Software

35 Blocks allow to declare local variables and recursive procedures Requires concept of locations to support instantiation of variables Static scoping: meaning of identifier determined by declaration (rather than calling) context Meaning of variable declaration: storage allocation Meaning of procedure call: operationally: execution of procedure body procedure environment records statement ( symbol table ) denotationally: application of procedure meaning procedure environment records (partial) store transformation recursive behavior again handled by fixpoint approach Further extensions: axiomatic semantics (for proc P is c end PDec) {A} c {B} non-recursive: (call) {A} call P {B} {A} call P {B} {A} c {B} recursive: (call) {A} call P {B} procedure parameters and higher-order procedures 22 of 22 Semantics and Verification of Software

Static Program Analysis

Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Schedule of Lectures Jan 17/19: Interprocedural DFA