Programming Languages and Compiler Design

Programming Language Semantics Compiler Design Techniques

Yassine Lakhnech & Laurent Mounier

{lakhnech,mounier}@imag.fr http://www-verimag.imag.fr/˜lakhnech http://www-verimag.imag.fr/˜mounier.

Master of Sciences in Informatics at Grenoble (MoSIG) Grenoble Universites´ (Universite´ Joseph Fourier, Grenoble INP)

Yassine Lakhnech, Semantique´ Start C3 C4 – p.1/?? ?? ´ emantique Start C3 C4 – p.2/ Yassine Lakhnech, S lakhnech ˜ Yassine Lakhnech Laurent Mounier Yliés Falcone

Teachers • • • Verimag Lab, CTL building, av. de Vignate, Gières http://www-verimag.imag.fr/ Lecture sessions Ofﬁce location: Exercice sessions (TD) Web page: ?? ´ emantique Start C3 C4 – p.3/ Yassine Lakhnech, S

Course objectives Programming languages, and their description General compiler architecture Some more detailed compiler techniques • • • References

A. Aho, R. Sethi and J. Ullman Compilers: Principles, techniques and tools InterEditions, 1989 H. R. Nielson and F. Nielson. Semantics with Applications: An Appetizer. Springer, March 2007. ISBN 978-1-84628-691-9 W. Waite and G. Goos. Compiler Construction Springer Verlag, 1984 R. Wilhelm and D. Maurer. Compilers - Theory, construction, generation Masson 1994

Yassine Lakhnech, Semantique´ Start C3 C4 – p.4/?? ?? ´ emantique Start C3 C4 – p.5/ target pgm T language Lt Yassine Lakhnech, S Compiler

Compiler: what do we expect ? • • • langage Ls source pgm S Expected Properties ? ?? ´ emantique Start C3 C4 – p.5/ S target pgm T language Lt of Yassine Lakhnech, S semantics -program should be accepted should be accurately reported S Ls Compiler errors in any correct should preserve the T

Compiler: what do we expect ? should be optimized w.r.t. some execution resources correctness: execution of efﬁciency: T (time, memory, energy, etc.) “user-friendness”: completeness: •• • • • langage Ls source pgm S Expected Properties ? ?? ns ´ emantique Start C3 C4 – p.6/ Yassine Lakhnech, S

Many programming langage paradigms . . . ML, CAML, LISP, Scheme, etc term reduction, function evaluation Java, Ada, Eiffel, ... objets, classes, types, heritage, polymorphism, . . . Prolog resolution, uniﬁcation, predicate calculus, . . . Fortran, Algol-xx, Pascal, C, Ada,control Java, structure, etc explicit memory assignment, expressio Functional languages Object-oriented langages Logical languages etc. Imperative langages ?? ´ emantique Start C3 C4 – p.7/ Yassine Lakhnech, S

. . . and many architectures to target ! CISC RISC VLIW, multi-processor architectures dedicated processors (DSP, . . . ). etc. • • • • • ?? ´ emantique Start C3 C4 – p.8/ Yassine Lakhnech, S (e.g. ARM, iX86) basic types (integers, characters, pointers,user-deﬁned etc) types (enumeration, unions, arrays, . . . ) assignements iterations, conditionals, sequence nested blocks, sub-programs • • • • • data structures control structures heap, stack and registers arithmetic and logical binary operations conditional branches

We will mainly focus on: • • • • • Imperative languages “Standart” general-purpose machine architecture: ?? ´ emantique Start C3 C4 – p.9/ P Yassine Lakhnech, S sentences of L programs alphabet P P of P “meaningful” P meaning of P , deﬁned by inference rules or attribute the of S words sentences : : L a context-free language over transition relation, predicate transformers, partial subset of a regular language over

Language Description S → → functions → → grammars Static semantic (e.g., typing): For a programming language Lexicon Syntax Dynamic semantic: ?? ´ emantique Start C3 C4 – p.10/ Yassine Lakhnech, S intermediate code AST + symbol table tokens AST + symbol table lexical analysis syntactic analysis semantic analysis optimisation code generation target pgm

Compiler architecture source pgm ?? ´ emantique Start C3 C4 – p.11/ Yassine Lakhnech, S lexical class a given ∈ regular expressions ⇔ ): constants, identiﬁers, keywords, token error regular languages sequence of lexical unit classes

Lexical analysis sequence of characters lexical classes ( operators, separators, . . . 1. compute the longest sequence 2. skip the comments 3. special token: Input: Formal tool: (deterministic) ﬁnite automata Output: ?? ´ emantique Start C3 C4 – p.12/ of CFG Yassine Lakhnech, S strict subset (CFG) ⇔ context-free languages abstract syntax tree (AST) + symbol table

Syntactic Analysis (parsing) sequence of tokens 1. syntactic analysis of the2. input sequence AST construction (from a3. derivation tree) insert the identifiers in a symbol table Input: Formal tools: Pushdown automata, context-free grammars deterministic pushdown automata Output: ?? ´ emantique Start C3 C4 – p.13/ Yassine Lakhnech, S occurrences use-def : enriched AST bind Semantic analysis : Abstract syntax tree (AST) name identification: → type verification and/or type inference traversals and modifications of the AST • • Input: Output: ⇒ ?? ´ emantique Start C3 C4 – p.14/ Yassine Lakhnech, S f )) P ( f ( cible Sem )= P ( source Sem intermediate code, machine code

Code generation AST based on a systematic translation functions should ensure that: in practice: several intermediate code(to levels ease the optimisation steps) • • • Input: Output: ?? ) ´ emantique Start C3 C4 – p.15/ Yassine Lakhnech, S intermediate code data-ﬂow analysis abstract interpretation typing systems etc.

Optimisation • • • • several criteria: execution time, size of the code, energy several optimization levels (source level vs machine level several techniques: • • • Input/Output: ?? ´ emantique Start C3 C4 – p.16/ Yassine Lakhnech, S

Programming language semantics ?? ´ emantique Start C3 C4 – p.17/ Yassine Lakhnech, S

Motivation understand programming languages validate programs write program speciﬁcations write compilers (and program transformers) classify programming languages • • • • • Why do we need toSemantics study is programming essential language to: semantics ? Why do we need to formalise this semantics ? ?? ´ emantique Start C3 C4 – p.18/ Yassine Lakhnech, S ) a ( write + 1; x ) Static_Dynamic ); := 2; a := x ( ; ; a ( := 1; a p p q a begin end end var begin Program var proc proc

Example: static vs. dynamic binding ?? ´ emantique Start C3 C4 – p.18/ Yassine Lakhnech, S ) x ( write + 1; x ) Static_Dynamic ); := 2; a := x ( ; ; a ( := 1; p a p q a begin end var begin end proc Program var proc

Example: static vs. dynamic binding what value is printed ? ?? ´ emantique Start C3 C4 – p.19/ Yassine Lakhnech, S ) x ( write ); a ) ( a ( write write ); a + 1; ( x p value_reference ); := x Example: parameters ; ( a ; p := 2; ; a begin a end proc var Program begin end ?? ´ emantique Start C3 C4 – p.19/ Yassine Lakhnech, S ) x ( write ); a ) ( a ( write write ); + 1; a ( x p value_reference ); := x Example: parameters ; ( x ; p := 2; ; a begin end a begin end var Program proc What values are printed ? ?? ´ emantique Start C3 C4 – p.19/ Yassine Lakhnech, S ) x ( write ); a ) ( a ( write write ); + 1; a ( x p value_reference ); := x Example: parameters ; ( x ; p := 2; ; a begin end a begin end var Program proc 23 3 3 2 , if call-by-value 3, if call-by-reference ?? ´ emantique Start C3 C4 – p.20/ Yassine Lakhnech, S Natural operational semantic Axiomatic semantics (Hoare logic) Denotational semantics imperative functional

Course overview • • • • • Semantic styles Languages considered: • • ?? ´ emantique Start C3 C4 – p.21/ Yassine Lakhnech, S | 2 S 2 ; 1 S S | od else S 1 skip S do | a b then := b x if while ::= S language While

The : statement : variable : arithmetic expression : boolean expression x S a b ?? ´ emantique Start C3 C4 – p.22/ 2 a − Yassine Lakhnech, S 1 a | + 2 } a 9 ∗ , 1 a · · · | , 0 2 Var { a ∈ = + x 1 a | Num x ∈ | n Aexp n ∈ := a a

Syntactic categories 2 Boolean expressions Statements • • ?? ´ emantique Start C3 C4 – p.24/ , left child ; Yassine Lakhnech, S 3 S ); 2 S ; 1 S ( tree. 2 and S ) 3 S ; 2 S ( , 1 S represents the tree those root is 2 S ; 1 S tree, and right child is 1

Concrete vs. abstract syntax S The term Parenthesis shall be used to avoid ambiguities. Example : is • • ?? ´ emantique Start C3 C4 – p.25/ Yassine Lakhnech, S such that: ′ σ y 6 = Z x → if otherwise ) Var x ( = v σ denotes state ] ( v State 7→ )= x y [ ( ′ σ σ B Z . Then Z ∈ v

Semantic domains Integers : Booleans : States : Let ?? ´ emantique Start C3 C4 – p.26/ Z Yassine Lakhnech, S ) Z → Z → State ( Num → : N Aexp : A

Semantic functions 1 Digits : integers Arithmetic expressions: for each state, a value in • • ?? ´ emantique Start C3 C4 – p.27/ B Yassine Lakhnech, S ) ) B State → −→ part. State ( State ( → → Bexp : Stm : B S

Semantic functions 2 Boolean expressions: for each state, a value in Statements: • • ?? ned ´ emantique Start C3 C4 – p.28/ Yassine Lakhnech, S σ σ ] σ ] i ] 2 2 − 2 a a k [ [ a [ A A 10 A · I I I i + ∗ − n σ σ σ ] ] ] =1 ] 1 1 1 k i ) n a a a x [ [ [ [ ( A N σ A A ) = Σ = = = = = k n σ σ ] ] σ ] 2 2 2 a a · · · a 1 + ∗ − n σ σ ] ] ( 1 1 1 n a x a a [ [ [ [ [ N A A A A A

Arithmetic expressions semantics The semantics of arithmetic expressionsover their is structure. inductively It deﬁ is a compositional semantics. ?? ´ emantique Start C3 C4 – p.29/ Yassine Lakhnech, S

Boolean expressions semantics Exercice : deﬁne the semantics of boolean expressions . . . ?? ´ emantique Start C3 C4 – p.30/ Yassine Lakhnech, S : the semantics of a compositionality

Various semantic styles Operational semantics tells how ahelps program to is write executed. interpreters It or codeAxiomatic generators. semantics allows to prove program properties.Denotational semantics describes the effectexecution of (from program a given state),program without is telling executed. how the • • • compound program is a function ofnents. the semantics of its compo- Another important feature is ?? ´ emantique Start C3 C4 – p.31/ . Yassine Lakhnech, S transition system where ) → , T, (Γ is the transition relation. Γ is the set of ﬁnal conﬁgurations. × Γ Γ

Operational Semantic ⊆ is the conﬁguration set. Γ T →⊆ • • • An operational semantics deﬁnes a A transition system is given by: ?? ´ emantique Start C3 C4 – p.32/ Yassine Lakhnech, S ′′ ] σ σ ] a [ → ) ′′ ′ σ σ ,σ 7→ A 2 → x S → [ ( ) ) σ ,σ ,σ , 2 → ′ S ) σ ; skip 1 ( → S a,σ ( ) := ,σ 1 x S ( (

Natural semantic 1 Goal: to describe how theobtained. result of a programSemantic execution deﬁned is by an inference system: axioms and rules. ?? ´ emantique Start C3 C4 – p.33/ ′′ σ Yassine Lakhnech, S → ) ′ ′ ′ ′′ σ σ ,σ σ → → od → ) ) ) ′ ′ S ,σ ,σ σ σ 2 2 ,σ do S S → → od b ) ) S else else ,σ ,σ 1 1 1 2 do while S S S S ( ( ( b , then then ′ σ b b while if if ( ( ( → ) then then then S,σ ( tt ff tt = = = σ σ σ ] ] ] b b b [ [ [

Natural semantic 2 B B B If If If ?? ´ emantique Start C3 C4 – p.34/ ′′ σ Yassine Lakhnech, S → ) ′ ′′ σ ,σ σ → od → ) ) S ,σ ,σ do od od b S S do do while ( b b , ′ σ while while ( ( → ) then then S,σ ( tt ff = = σ σ ] ] b b [ [

Natural semantic 3 B B If If ?? ´ emantique Start C3 C4 – p.35/ Yassine Lakhnech, S od od 1 + 1 − x x := := x x do do 0 0 x> x> while while

Derivation tree := 2; := 2; x Leaves correspond to axioms Nodes corresponds to inference rules. x • • 2. 1. Example : what is the semantic of: ?? 2 : ′′ σ ´ emantique Start C3 C4 – p.36/ and ′ σ, σ Yassine Lakhnech, S . ′′ σ = ′ σ , for all states then Stm ′′ σ ∈ S → ) S,σ ( and then it does not exist an inﬁnite derivation tree. ′ ′ σ σ → → for all statement ) ) by induction on the structure of the derivation tree. S,σ S,σ The natural semantics is deterministic ( ( If If 1. 2. Théorème Preuve ?? ´ emantique Start C3 C4 – p.37/ ′ Yassine Lakhnech, S σ → ) S,σ ( If otherwise ; ; ns S ′ σ undef ( = σ ] S [ ns S

The semantic function ?? ´ emantique Start C3 C4 – p.38/ Yassine Lakhnech, S

Blocks and variable declarations The syntactic category ?? ´ emantique Start C3 C4 – p.40/ Yassine Lakhnech, S end + 1 x := y ; := 2 ) x x + := 1; y y := 1; := x ( x var begin var begin end

Example ?? n ? ´ emantique Start C3 C4 – p.40/ Yassine Lakhnech, S end + 1 x := y ; := 2 ) x x + := 1; y y := 1; := x ( x var begin var begin end

Example 1. Are the declaration actives during declaration executio 2. which order to choose3. when executing How the to declarations? restore the initial state? Questions: ?? ´ emantique Start C3 C4 – p.41/ . V D . ) Yassine Lakhnech, S x ( ′ σ ′ ′ σ σ D D else → → ) . x ) σ ]) ( σ σ σ ,σ ] D or a V [ ) → D ) ,σ then ; v a 7→ A X D ǫ,σ ( ( x := [ ∈ x x ,σ V if · var D ( ( λx ]= denotes the set of variables declared in σ ) 7→ V D X Natural operational semantics ( [ ′ DV σ • • ´ eclarations : Notation: D Configurations of the form To define the semantics wedeclarations define and a a transition transition system system for for the the statements. ?? ´ emantique Start C3 C4 – p.42/ Yassine Lakhnech, S ′′ ′′ σ σ → → ) ′ ) ,σ S,σ ( end ′ σ S ; D V → D ) ,σ V begin ( D (

Transition rules for the blocks ?? ´ emantique Start C3 C4 – p.42/ ] σ Yassine Lakhnech, S 7→ ) ′′ V σ D ( → ) ′ DV [ ′′ σ S,σ ( → ′ ) σ ,σ D → end ) S ,σ ; V V D D ( begin (

Transition rules for the blocks ?? ´ emantique Start C3 C4 – p.42/ ] σ Yassine Lakhnech, S 7→ ) ′′ ′′ V σ σ D ( → → ′′ ) ′ DV ) σ ′ [ ′′ ,σ σ → S,σ 2 ( ) S ′ → ( ′ ) σ ,σ ′ 2 σ ,σ D S ; → 1 → end ) S ) ( S ,σ ,σ ; 1 V V S D ( D ( begin (

Transition rules for the blocks Rule for sequential composition ?? . P p ´ emantique Start C3 C4 – p.43/ Dec call | end Yassine Lakhnech, S S ; P D V D | 2 ǫ S begin ǫ 2 ; | | | 1 S V S P | od D D else ; S ; 1 a skip S S do | is := a b p x then := b x Stm var while proc if ::= ∈ ::= ::= V P

Procedure S S D D Procedure declarations are a syntactic category called ?? ´ emantique Start C3 C4 – p.44/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x q is is call := 0; proc call p q x ; proc begin var end proc end begin var

Example ?? ´ emantique Start C3 C4 – p.45/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x q is is call := 0; proc call p q x ; proc begin var end proc end begin var

Example 2 Dynamic binding for variables and procedures. ?? ´ emantique Start C3 C4 – p.45/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x p is is call := 0; proc call p q x ; proc begin var end proc end begin var

Example 2 Dynamic binding for variables and procedures. ?? ´ emantique Start C3 C4 – p.45/ Yassine Lakhnech, S ; x + 1; := x 2; y ∗ := x x ; p + 1; := 5; is := x x p x := is is call := 0; proc x p q x ; proc begin var end proc end begin var

Example 2 Dynamic binding for variables and procedures. ?? ´ emantique Start C3 C4 – p.46/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x q is is call := 0; proc call p q x ; proc begin var end proc end begin var

Exemple 3 Dynamic binding for the variablesprocedures. and static binding for the ?? ´ emantique Start C3 C4 – p.46/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x p is is call := 0; proc call p q x ; proc begin var end proc end begin var

Exemple 3 Dynamic binding for the variablesprocedures. and static binding for the ?? ´ emantique Start C3 C4 – p.46/ Yassine Lakhnech, S ; x + 1; x := 2; y ∗ := x 2; x ; p ∗ := 5; is := x x p x := is is call := 0; proc x p q x ; proc begin var end proc end begin var

Exemple 3 Dynamic binding for the variablesprocedures. and static binding for the ?? ´ emantique Start C3 C4 – p.47/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x q is is call := 0; proc call p q x ; proc begin var end proc end begin var

Exemple 4 Static binding for variables and procedures. ?? ´ emantique Start C3 C4 – p.47/ Yassine Lakhnech, S + 1; x 2; ; x ∗ := x x ; := p := 5; is y := ; x p x p is is call := 0; proc call p q x ; proc begin var end proc end begin var

Exemple 4 Static binding for variables and procedures. ?? ´ emantique Start C3 C4 – p.47/ Yassine Lakhnech, S ; x + 1; x := 2; y ∗ := x 2; x ; p ∗ := 5; is := x x p x := is is call := 0; proc x p q x ; proc begin var end proc end begin var

Exemple 4 Static binding for variables and procedures. ?? ´ emantique Start C3 C4 – p.48/ Yassine Lakhnech, S . Stm State ∪ −→ part. ) State Pname × = Stm P × Env P Env associates a value to a procedure. (

Semantics: dynamic bindings environment Conﬁgurations: A state associates a valueAn (an integer) to a variable. ?? ´ emantique Start C3 C4 – p.49/ ] σ ′′ 7→ . σ ) ) Yassine Lakhnech, S P V → ) D ′ , D ( ] S DV [ ′ ′′ ′ ,S,σ σ 7→ ) σ σ p P [ → → → ) ) ) env ,σ ( ,σ ) env, D p p,σ ( ( upd end call upd S ( )= ; ′ P P σ env, D D ( env, env ; et ( D V S → D is ) env p ,σ V begin )= proc D ( env, ( env,ǫ env, ( (

Transition rules upd upd • • where ?? ´ emantique Start C3 C4 – p.50/ Yassine Lakhnech, S ′′ σ → ) ′ ′′ ,σ σ 2 → ,S ) ,σ env ( 2 S ′ ; σ 1 ,S → ) env ,σ ( 1 ,S env (

Rule for sequential composition ?? ; . ´ emantique Start C3 C4 – p.51/ ) P end p , D )] call Yassine Lakhnech, S ); p P S, env ( . Env 7→ is call × p p State [ ∪ Stm ) env proc ( ( ; −→ part. State upd × := 1 ; )= x P Pname Stm D := 0 = ; × and x S P P is is begin is := 2; env q p Env p x Env q ( )= call proc proc proc env,ǫ env, ( ( end Semantics: static binding for procedures begin var upd upd • • Configurations: ?? ; . ´ emantique Start C3 C4 – p.51/ ) P end p , D )] call Yassine Lakhnech, S ); p P S, env ( . Env 7→ is call × p p State [ ∪ Stm ) env proc ( ( ; −→ part. State upd × := 1 ; )= x P Pname Stm D := 0 = ; × and x S P P is is begin is := 2; env q p Env p x Env q ( )= call proc proc proc env,ǫ env, ( ( begin var Semantics: static binding for procedures end upd upd • • Configurations: ?? ; . ´ emantique Start C3 C4 – p.51/ ) P end p , D )] call Yassine Lakhnech, S ); p P S, env ( . call Env 7→ is × p p State [ ∪ Stm ) env proc ( ( ; −→ part. State upd × := 1 ; )= x P Pname Stm D := 0 = ; × and x S P P is is begin is := 2; env q p Env p x Env q ( )= call proc proc proc env,ǫ env, ( ( begin var Semantics: static binding for procedures end upd upd • • Configurations: ?? . ) ′ ´ emantique Start C3 C4 – p.52/ . S, env ) ′ ) = ( p Yassine Lakhnech, S ( S, env env ) = ( p où ( ′ σ env → où ) ′ ′ σ ′ σ σ → ,S,σ → ) )] → ′ ) ) p,σ p,σ call S, env ,S,σ ( ′ call 7→ env env, ( ( p env, [ ( ′ ] env ( call [ ]

Transition rules rec call [ Two alternatives: ?? . ) ′ ´ emantique Start C3 C4 – p.52/ . S, env ) ′ ) = ( p Yassine Lakhnech, S ′′ ( S, env σ env → ) = ( ) ′ p où ( ′′ ′ ,σ σ 2 σ env → ,S → ) où ) ′ ′ σ ,σ env ( 2 ′ σ S σ ′ → ,S,σ ; → σ 1 ) )] → ′ ) ,S ) → p,σ ) p,σ env ,σ ( call S, env ,S,σ 1 ( ′ call ,S 7→ env env, ( ( p env, [ env ( ′ ( ] env ( call [ ]

Transition rules rec call Rule for sequential composition [ Two alternatives: ?? is ) n ( ´ emantique Start C3 C4 – p.53/ sto . Yassine Lakhnech, S V env ◦ Z = sto Loc → part. Var Z = V the smallest integer n such that → part. ) Env sto Loc ( = new Store

Semantics: static bindings a symbol table associates amemory variable address. (an identiﬁer) with a a memory associates an address with a value. • • States are replaced by a symbol table and a memory: Memory : We denote by not deﬁned. Intuition: function state corresponds to Symbol table: variable environment: ?? . ) ´ emantique Start C3 C4 – p.54/ Store × V . Yassine Lakhnech, S Env ) ( P ∪ ) . , D ) )] . P P Store Store )= × Env , env × P × V D and Stm ; V P S × Envv is Env ( P S, env env ( p ∪ × ) Env 7→ )= proc × p Stm ,ǫ , [ V P P P Store −→ × part. Env ( , env , env , env V V V Envv Pname env env env ( ( ( × = V upd upd upd P

Conﬁgurations • • Dec Variable declarations: ( Env Statements: • • • ?? ) ′ ´ emantique Start C3 C4 – p.55/ , sto ′ V ) ′ env ( Yassine Lakhnech, S D , sto ′ V → ) ]) env v ( , sto D V 7→ ) → env ) ( sto ( D , sto new → V [ ) . , sto , env ) , sto )] V V V D sto ; ( env a ◦ ǫ, env new ( := sto x 7→ ]( a x [ [ var V A ( = v

Semantic rules for variable declarations , env V D ( where ?? ) )]) ′ V , sto env ′ V ◦ ´ emantique Start C3 C4 – p.56/ ) sto ′ . env ( ) ]( ′ a ) [ ′ → , sto Yassine Lakhnech, S ) V , sto V , sto 7→ A ′ V env ) ( x env ( ( , S, sto env → V ( )] ) → ′ P ) → env [ ) , env p, sto ′ V , sto p, sto V call , , S, sto . call P ′ ) P , env S, env ′ P ( P ( , env → , env 7→ V ) , env ′ V , env p [ ′ V V ′ P env env ( ( a, sto env ( , env S, env := ′ V ] ,x ) = ( env P call [ ( p ( P Semantic rules for statements ] , env V rec env env où call ( [ ?? ) )]) ′ V , sto env ′ V ◦ ´ emantique Start C3 C4 – p.56/ ′′ σ ) sto ′ . env ( ) ]( ′ → a ) [ ′ ) → , sto ′ Yassine Lakhnech, S ) V , sto ,σ V , sto 2 7→ A ′ V env ′′ ) ( ,S σ x env ( P ( , S, sto env → V ( )] → ) → ′ P ) env , ) → env [ ,σ V ) 2 , env p, sto S ′ ; V env , sto p, sto 1 ( V call ′ , , S, sto ,S . call σ P ′ ) P P , env S, env ′ P ( P ( → env ) , env → , env , 7→ V ) , env ′ V , env V ,σ p [ ′ 1 V V ′ P env env env ,S ( ( ( a, sto env P ( , env S, env := ′ V env ] , ,x V ) = ( env P call [ ( p ( env P ( Semantic rules for statements ] , env V rec env env où call ( [ Rule for sequential composition ?? ´ emantique Start C3 C4 – p.57/ Yassine Lakhnech, S language by While

Correct Code Generation Define the operational semantics ofMore an specifically abstract a machine. stack machine. Specify a code generator for the Use the operational semantics tospecified prove code correctness generator. of the induction on the structure of programs. • • • ?? of ´ emantique Start C3 C4 – p.58/ is defined AM Yassine Lakhnech, S of instructions. This is the code that n . Z , instr has neither registers nor accumulators. The · · · , 1 AM instr

The abstract machine AM A list A stack that is used toThe evaluate expressions. memory of the machine,from that variables is to described as a mapping has to be executed. • • • The operational semantics of theas abstract a machine transition system whoseconsisting conﬁgurations of: are triples The machine head of the stack plays the role ofthe an stack accumulator as and registers. the rest ?? x 1 c )) ´ emantique Start C3 C4 – p.59/ 2 tt c , 1 execute c ( tt x Yassine Lakhnech, S loop ff , tt , , otherwise stop n 2 c followed by , then if the head is 1 2 c c stop , execute ff ff similar Effect push the constant push the current value of pop the head of the stackreplace and the save head it of in the stackthe and next element by their sum if the head of the stackif is it is execute execute if it is skip neg , equal , le ) , False 2 , c ) , 2 and 1 . c c True , , The instruction set ( 1 c (x) (x) mult ( , Instruction push-n fetch store add sub branch loop noop ?? p ns. Z Z ´ emantique Start C3 C4 – p.60/ ∈ ∈ 2 2 Z , v , v ∈ 1 1 is a program, v v v Yassine Lakhnech, S c if if if is a memory in ) ) m ) ]) p,m p,m , where . v · · ) and ) ) ) ) ) 2 2 7→ p,m ∗ v v ) · Code x ) [ B + − p,m c,p,m p,m p,m x ( ( 1 1 · ∪ · · v v ( tt ff ( Z ( c,m c,p,m c, c, c, c, n c, ( ( ( ( ( ( ( ⊲ ⊲ ⊲ ⊲ ⊲ ⊲ ⊲ ) ) ) is deﬁned as follows : ⊲ ) p,m p,m p,m ) · · · ) 2 2 ) v v · · c, v c,p,m 1 1 · · c,p,m ) · ) c,p,m c,p,m x · x c, v c, v ( · ( · ·

The transition relation push-n True False fetch store add sub ( ( ( ( ( ( ( . State The transition relation A program of the abstractThe machine set is of a all sequence programs of is instructio denoted A conﬁguration of Am is a triple is the content of the stack in ?? ) Z Z Z B ∈ ∈ ∈ ∈ ´ emantique Start C3 C4 – p.61/ 2 2 2 2 B c,p,m , v , v , v ,b ∈ · 1 1 1 1 ) v b v v b if if if if if Yassine Lakhnech, S noop ) ) , ) ) ) 2 p,m p,m ,c ) p,m p,m 1 · · · · c ) ) ) ) ( ) ) 2 2 2 2 v v p,m b v · ) loop ≤ = ∗ ) ∧ · b 1 1 1 1 c,p,m c,p,m 2 v v ¬ v b c · · ( ( ( ( ( ( 1 2 c, c, c, c c c,p,m c, c, ( ( ( ( ( ( ( ( ⊲ ⊲ ⊲ ⊲ ⊲ ⊲ ⊲ ⊲ ⊲ ) ) branch · ) 1 p,m p,m ) c ) ) · · ( ) tt ff p,m p,m · c, c, p,m ) · 2 · · · p,m 2 v ) c,p,m ) ) · 2 v · · 2 2 b 2 · p,m ) 1 · v ,c ,c 2 1 · 1 · 1 1 c c ,c c, v 1 c,p,m ( ( 1 c, v · c,b c,b · c · · · ( c, v The transition relation cnt. · mult le equal and neg branch branch loop noop ( ( ( ( ( ( ( ( ( ) 2 ,m ?? 2 ,p 2 ) c 2 and ) = ( p,m ) 1 · ′ ´ emantique Start C3 C4 – p.62/ and a 2 ,m ,m Æ 1 ′ c,p · ∈ ,p ǫ,p 1 2 ′ ( c c k ( Yassine Lakhnech, S ( ′ k ⊲ ⊲ ) ⇒ ) 1 ) 2 p,m ,m . ,p,m · 2 c 1 1 c ,p ( 2 c,p c ( · ⊲ 1 ) c then there exists ( ) . 2 ) is deterministic: ⇒ 2 such that ) ⊲ ,m c,p,m AM ) 2 2 ( ′ ,m 2 ∧ ) ,m ǫ,p ,m 1 2 ′ ( ǫ,p ( k ,p ,m ′ ⊲ 2 ǫ,p 1 k ( c ) ( − ,p k ⊲ 1 ⊲ ) c ) ( 1 ′ ,p,m ⊲ 2 ) c ,m ,m · 1 ′ 1 ,p ,p Some properties of c 1 2 ( c c,p,m c Proof by induction on the length of The transition relation Extentionality of the code and the stack: ( Composability of the code : if conﬁguration ( ( • • • ?? ´ emantique Start C3 C4 – p.63/ ) ′ Yassine Lakhnech, S . ) ǫ,p,m ( ∗ State ⊲ ) → c,ǫ,m sinon State ( ( , , → ′ m undef Code ( : = M m ] c [ M

The semantic function associated to AM ?? ´ emantique Start C3 C4 – p.64/ Yassine Lakhnech, S ′ σ → ) , we have have the following properties: M◦CS S,σ ( Stm ) ) CS ∈ []= ssi c σ, σ ) ns ] ′ σ, σ ] and S a b [ [ A A CB ǫ,p,σ ǫ, , ǫ, ( ( ( ∗ ∗ Code Code ∗ CA ⊲ ⊲ Code ⊲ ) ) ) → → → ,ǫ,σ ,ǫ,σ ,ǫ,σ ] ] ] Aexp Bexp Stm a b S [ : [ [ : :

Code Generation CA CB CS CA CB CS ( ( ( 1. 2. 3. 1. 2. 3. We require that We need to deﬁne three fonctions : such that for any program ?? ´ emantique Start C3 C4 – p.65/ Yassine Lakhnech, S : CS et add · CB ] 1 , ] ) a 2 [ x ( S CA [ ·CA store ] · CS 2 · ] a ] 1 [ a [ S [ ) CA . x CA CS ( ]= True 2 ]= ]= push-n a fetch a 2 S ]= + ; := ]= ]= 1 1 n x a true x S [ [ [ [ [ [ Code Generation CA CA CA CB CS CS • • • • • • Some examples for deﬁning ?? ´ emantique Start C3 C4 – p.66/ Yassine Lakhnech, S

Exemple ?? ´ emantique Start C3 C4 – p.67/ Yassine Lakhnech, S

Axiomatic Semantics: Hoare Logic ?? ´ emantique Start C3 C4 – p.68/ od Yassine Lakhnech, S 1) − x := x ; x . ∗ ! . ! y n n then the program must terminate := and if the program terminates 0 y 0 ( do n > n> has to be has to be is y is y x x = 1) x ( ¬ := 1; Fact: y while

Partial and Total Program Correctness The aim is to specify the behavior of a program as an Example : Partial correctness If the initial value of Total correctness If the initial value of input/output relation. then the ﬁnal value of and the ﬁnal value of ?? ee. ´ emantique Start C3 C4 – p.69/ od Yassine Lakhnech, S 1) − x := x ; x ∗ 0 y > := ) y x ( ( σ do et ′ σ )! x ( = 1) → σ ) x ( ,σ ¬ )= y ( := 1; ′ Fact Fact: y while ( ⇓ σ

Semantic veriﬁcation 1. Correctness of the body2. of the Correction loop of the loop 3. Correction of the program Three steps Each time, we have to investigate the semantic derivation tr ?? ions. ´ emantique Start C3 C4 – p.70/ od Yassine Lakhnech, S 1) − x := x ; x . ∗ } y 0 } 0 := n> y ( n> ∧ } ! ∧ do } 0 n 0 n = = n> y n> = 1) x { ∧ { ∧ x ! ( n n ¬ = = := 1; x y { y while {

Hoare’s triple Precondition: Postcondition: • • Example : We will use ﬁrst-order logic to express pre- and post-condit ?? ´ emantique Start C3 C4 – p.71/ : ′ . σ, σ Q . Yassine Lakhnech, S Q . and Q : and P = σ | ′ P σ then } ] ′ Q Q σ , if for every states { [ } S S , if for every ] ] → Q } { then P ) Q with respect to P [ [ ′ S { S eith respect to } σ ] S,σ P P ( { → ) = [ = | | : if ′ σ S,σ ( and then the program terminates and partially correct totally correct . P P is is Q = = | | S S = Total and partial correctness | σ σ ′ if σ if for every state • • • • is valied, denoted by The Hoare triple i svalied, denoted by We say The Hoare triple We say ?? ´ emantique Start C3 C4 – p.72/ } Yassine Lakhnech, S Q { 2 } S } Q Q { } { 2 } else 1 R S S 1 { P } } 2 } { S P } S a P R } { ∧ P ∧ 2 { Q b := then b S b ; { x {¬ } { 1 skip } if ] } S } Q } { P P 1 { P a/x { [ S { } P { P { Conditional:

Hoare calculus Inference rules Axioms: Composition: ?? ´ emantique Start C3 C4 – p.73/ Q Yassine Lakhnech, S ⇒ ′ } Q P = | ∧ b et } ′ {¬ } P P Q { od { S ⇒ S S } } P P P do { ∧ = | b b ⊢ { Si while } ′ } } Q Q P { { { S S } } is derivable from the axioms and inference rules. ′ P } P { { Q { S } P Hoare Logic for partial correctness { Consequence: While: Notation: We write when ?? ´ emantique Start C3 C4 – p.74/ Yassine Lakhnech, S } od = 1 1 y od − ∧ 1 0 x − x := n> x := ; ∧ x x n ; ∗ x = y ∗ x } y := { y := = 1 := 1 y do y . y } ∧ do } 0 0 0 = 1) } } x n> 0 n> n> 0 = 1) ( ∧ ¬ ∧ ∧ x ! ( n> n n n n> ¬ ∧ = = = ∧ while

An example ! x x y n n { { while { = = • • := 1; x y We can derive { y { and conclude ?? ; od } ) ) ´ emantique Start C3 C4 – p.75/ x − n, m ( y := Yassine Lakhnech, S pgcd y = z else { y − pgcd x } 0 := ≥ x n ∧ then 0 ≥ m x > y ∧ if ( m do = ) y y ∧ = n x ( = ¬ The greates common divisor example x x { := z while Let pgcd denote the followingExample program: : We can show ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y ≥ pgcd else n y ∧ )= 0 − x od ≥ x, y ′′ ( := m S x ∧ do pgcd m ∧ ) then y 0 = y = ≥ ∧ x y ( x > y n ∧ ¬ if 0 =

Proof in Hoare logic : x ≥ ′′ while : S x : : ′ Let S I pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y } ) := . m, n ( 0 y n, m ( ≥ pgcd else n y pgcd ∧ )= 0 − = x z od ≥ x, y { ′′ ( := m S x ∧ do pgcd pgcd } m ∧ ) then y 0 = pre y { = ≥ ∧ x y ( x > y n ∧ ¬ if 0 =

Proof in Hoare logic : x ≥ ′′ while : S x : : ′ Let S I pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y } ≥ ) pgcd else n } y ) ∧ n, m ( )= 0 − x od ≥ n, m x, y ( pgcd ′′ ( := m S = x ∧ z pgcd do pgcd { m ∧ ) = then y 0 = z { y = pgcd ≥ } ∧ x y I ( x > y { n ∧ ¬ pgcd if } 0 = :

Proof in Hoare logic I x ≥ ′′ pre while ⇒ : { S x : : ′ pre Let S I pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y } ≥ ) pgcd else n } y ) ∧ n, m ( )= 0 − x od ≥ n, m x, y ( pgcd ′′ ( := m S = x ∧ z pgcd do pgcd { m ∧ ) = then y 0 = z { y = pgcd ≥ } ∧ x y I ( x > y { n ∧ ¬ pgcd if } 0 = :

Proof in Hoare logic I x ≥ ′′ pre while ⇒ : { S x : : ′ Let S I pre pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y } ) := . m, n ( 0 y n, m ( ≥ pgcd else n y pgcd ∧ )= 0 − = x z od ≥ { x, y ′′ ( := m S x ∧ do pgcd pgcd } m ∧ ) I then y { 0 = y = ≥ ∧ x y ( x > y n ∧ ¬ if 0 =

Proof in Hoare logic : x ≥ ′′ while : S x : : ′ Let S I pre ?? } ) n, m ´ emantique Start C3 C4 – p.76/ ( pgcd = Yassine Lakhnech, S z { x } ) x := − . z ) y n, m } ( ) := . m, n ( 0 y pgcd n, m ( ≥ = pgcd else n z { pgcd y ∧ x )= 0 = − x := x od ≥ x, y z ′′ ( ; := m ′ S } { x S ∧ ) } do pgcd I m ∧ ) { then y n, m 0 = ( y = ≥ ∧ x y ( pgcd x > y n ∧ ¬ if = 0 = :

Proof in Hoare logic x x ≥ { ′′ ′ while : S x S : } : ′ I Let S I { pre ?? } ) n, m ´ emantique Start C3 C4 – p.76/ ( pgcd = Yassine Lakhnech, S z { x } ) x := − . z ) y n, m } ( ) := . m, n ( 0 y pgcd n, m ( ≥ = pgcd else n z { pgcd y ∧ x )= 0 = − x := x od ≥ { x, y z ′′ ( ; := m ′ S } x S ∧ ) } do pgcd I m ∧ ) { then y n, m 0 = ( y = ≥ ∧ x y ( pgcd x > y n ∧ ¬ if = 0 = :

Proof in Hoare logic x x ≥ { ′′ ′ while : S x S : } : ′ I Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y } ) := . m, n ( 0 y n, m ( ≥ pgcd else n y pgcd ∧ )= 0 − = x od ≥ x x, y { ′′ ( ′ := m S S x } ∧ do pgcd I { m ∧ ) then y 0 = y = ≥ ∧ x y ( x > y n ∧ ¬ if 0 =

Proof in Hoare logic : x ≥ ′′ while : S x : : ′ Let S I pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S ) x − . n, m ) ( y := . pgcd m, n ( 0 y = } ≥ ) x pgcd else n y ⇒ ∧ n, m )= y 0 − ( x od = ≥ x, y ′′ ( x pgcd := m S ∧ = x ∧ I do pgcd x m { ∧ ) ′ then } y 0 = S I } { y = ≥ I ′′ { ∧ x y S ( x > y } n ∧ ¬ y if 0 = :

Proof in Hoare logic 6 = x ≥ ′′ x while : S x ∧ : : ′ I Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S ) x − . n, m ) ( y := . pgcd m, n ( 0 y = } ≥ ) x pgcd else n y ⇒ ∧ n, m )= y 0 − ( x od = ≥ x, y ′′ ( x pgcd := m S ∧ = x ∧ I do pgcd x m { ∧ ) ′ then } y 0 = S I } { y = ≥ I ′′ { ∧ x y S ( x > y } n ∧ ¬ y if 0 = :

Proof in Hoare logic 6 = x ≥ ′′ x while : S x ∧ : : ′ I Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ } I { x − Yassine Lakhnech, S y := x y − . ) y else := y . m, n ( 0 y − ≥ x pgcd else n := y ∧ x )= 0 − x od ≥ x, y ′′ then ( := m S x ∧ do pgcd m x > y ∧ ) then y if 0 = } y = y ≥ ∧ x y 6 = ( x > y n ∧ ¬ x if 0 = ∧ Proof in Hoare logic : x I ≥ ′′ while { : S x : : ′ Let S I pre ?? } I { x − y } ´ emantique Start C3 C4 – p.76/ := I { y x } ) − y Yassine Lakhnech, S x > y := ( y ∧¬ x y else y − 6 = . ) y x − x ∧ := . m, n I ( 0 y := ≥ x } { pgcd else n I y { ∧ then y )= 0 − − x od ≥ x, y x ′′ ( x > y := m S := if x ∧ } do pgcd x y } m ∧ ) 6 = then y 0 = x y = ≥ x > y ∧ ∧ x y I ( ∧ x > y

Proof in Hoare logic n { ∧ ¬ y if 0 = : 6 = x ≥ ′′ x while : S x ∧ : : ′ I Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y ≥ ] } pgcd else n I y { ∧ y/x y )= 0 − − − x od ≥ x x x, y [ ′′ ( := I m S := x ∧ ⇒ do pgcd x ) } m ∧ ) then y 0 = y = ≥ x > y x > y ∧ x y ( ∧ ∧ x > y n ∧ ¬ y y if 0 = : 6 = Proof in Hoare logic 6 = x ≥ ′′ x x while : S x ∧ ∧ : : ′ I I ( Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y ≥ ] } pgcd else n I y { ∧ y/x y )= 0 − − − x od ≥ x x x, y [ ′′ ( := I m S := x ∧ ⇒ do pgcd x ) } m ∧ ) then y 0 = y = ≥ x > y x > y ∧ x y ( ∧ ∧ x > y n ∧ ¬ y y if 0 = : 6 = Proof in Hoare logic 6 = x ≥ ′′ x x while : S x ∧ ∧ : : ′ I I ( Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y ] } I ≥ { pgcd x/x else x n y − ∧ − )= y 0 − y [ I x od ≥ := x, y ′′ ( ⇒ := y m S } x ) )) ∧ do pgcd m ∧ ) then y 0 = x > y x > y ( ( y = ≥ ∧ x y ( ∧¬ ∧¬ x > y n ∧ ¬ y y if 0 = : 6 =

Proof in Hoare logic 6 = x ≥ ′′ x x while : S x ∧ ∧ : : ′ I I ( Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S x − . ) y := . m, n ( 0 y ] } I ≥ { pgcd x/x else x n y − ∧ − )= y 0 − y [ I x od ≥ := x, y ′′ ( ⇒ := y m S } x ) )) ∧ do pgcd m ∧ ) then y 0 = x > y x > y ( ( y = ≥ ∧ x y ( ∧¬ ∧¬ x > y n ∧ ¬ y y if 0 = : 6 =

Proof in Hoare logic 6 = x ≥ ′′ x x while : S x ∧ ∧ : : ′ I I ( Let S I { pre ?? ´ emantique Start C3 C4 – p.76/ Yassine Lakhnech, S } x ) − . ) y n, m ( := . m, n ( 0 y pgcd ≥ = pgcd else n z y ∧ { )= 0 − x od ≥ x, y pgcd ′′ ( } := m S x ∧ pre do pgcd { m ∧ ) then y 0 = y = ≥ ∧ x y ( x > y n ∧ ¬ if 0 =

Proof in Hoare logic : x ≥ ′′ while : S x : : ′ Let S I pre ?? ´ emantique Start C3 C4 – p.77/ i.e., i.e., Yassine Lakhnech, S , , } } Q Q { { S S } } P P { { ⊢ = | then then } } Q Q { { S S } } P P { { = ⊢ | if if

Soundness and Completeness all valid statements are derivable. we can derive only valid statements. Soundness: Completeness ?? ´ emantique Start C3 C4 – p.78/ Yassine Lakhnech, S } Q { S } P { = | then } Q { S } P { ⊢ If Hoare logic for partial correctness is sound

Soundness of Hoare Logic Théorème The proof is by induction on the derivation tree. ?? ´ emantique Start C3 C4 – p.79/ Yassine Lakhnech, S } Q { S } P { ⊢ then } Q { S } P { = | If Hoare logic for partial correctness is complete

Completeness of Hoare Logic Théorème ?? ´ emantique Start C3 C4 – p.80/ in ﬁrst-order ) Yassine Lakhnech, S } S, Q Q ( = | wlp ′ σ ⇒ and ′ ) σ → S, Q ( ) wlp S,σ ( ⇒ · ′ as follows : P σ } ) Q = | |∀ { S, Q σ S iff ( { } } ) wlp Q { S, Q S ( } describes the following set: P ) wlp

The plan of the proof { { = | ⊢ S, Q ( • • logic. We introduce wlp For now, we assume that we can express The proof of the ﬁrstThe item second is item immediate. can beprograms. proved by induction of the structure of ?? ´ emantique Start C3 C4 – p.81/ Yassine Lakhnech, S . 1 ) } od . Q ′ { )) I.H. S ( S } } } do ) } } ) ) S, Q ) ( Q b { S, Q S, Q wlp S S, Q ( S, Q ( , ( } ( ′ ) while S wlp wlp wlp ( wlp { { ≡ Q ′ { ∧ ′ S, Q ⊢ wlp S ( S b S } ⇒ } ) ⇒ ) )) wlp {¬ { ) S } ) S, Q S, Q S, Q ( ( ( S, Q ( wlp wlp wlp S, Q , ( wlp ′ ∧ ∧ S b b ∧ wlp ( { b ¬ Case of the While-statement { wlp = = | | { 2. 1. . it is enough to prove: To prove since 2 ?? . ) ∗ , ´ emantique Start C3 C4 – p.82/ + , Æ . ( } Q Yassine Lakhnech, S { S } } } P { Q { is expressible in S } ) P { S, Q = ( | | wlp } false { S } P { {

Expressiveness and Decidability 1st-order logic. Is this assumptionIt reasonable? is, if our 1st-order logic includes Peano arithmetic We made the assumption that The complement of is recursively enumerable but not recursive. Reason: this allows to encodeintegers. sequences of integers as This is called Gëdelisation. Consequence: Hoare logic is undecidable ?? ´ emantique Start C3 C4 – p.83/ ] : true σ [ Yassine Lakhnech, S S ] . P Q = | = [ | ′ termination. σ ∧ and } ] then Q Q ′ [ { σ S , if for every state S ] ] } → P Q [ P [ ) { S ] = | P S,σ ( iff = [ | ] : if ′ Q [ σ S ] P then the program terminates and = [ | P = |

Termination Proofs σ if for evry state • • is valied, denoted by Recall that Notice that In other words, Total correctness = Partical correction ?? at a . ´ emantique Start C3 C4 – p.84/ b = . c a ≤ ⇒ Yassine Lakhnech, S a est well-founded a ⇒ ≤ c b ∧ ≤ b b ∧ ≤ well-order b a · ≤ . A . A a . a if it does not include an infinitely · · · · ∈ A 2 ≤ A ∈ a a,b ∈ · >a ∀ . 1 a,b . A b A ∈ , if 6 = a,b,c >a a A a ∀ 0 ∀ a well-founded ∧ b is ≤ , for every ≤ a a ≤ iff b is transitive: is anti-symmetric: Well-founded ordering is reflexive: be a relation on or ≤ ≤ ≤ b ≤ alex v P n lex ≤ Yassine Lakhnech, S , ≤ ∗ lex on , P n ≤ ( P n lex u and ( ≤ ) i ( < v ) i ( u . ) . j v ( v | u lex | or ≤ or )= v such that j u v to words of any length ( u · n lex and ) i < n ≤ | is a well-founded ordering. be an ordering. We define ,i v ) | ) is well-founded ordering then is a well-founded ordering then iff [0 ≤ ) ) v = lex ∈ | is prefix of is prefixe of ≤ ≤ ≤ j P, u , ( n lex u there is u | ∀ ∗ P, P, Examples ≤ ( ( • • • • Æ follows: Let u If We extend If ( well-founded ordering. well-founded ordering. • • • ?? ´ emantique Start C3 C4 – p.87/ Yassine Lakhnech, S is an invariant of I such that I , a function est vrai ) ] ≤ , i.e., } W, I true ( [ { ′ S od } ′ , i.e., the ranking function B S ] ∧ do I { b f

Loop Termination b = = [ decreases at each iteration. the loop and | | State : 2. 1. Théorème iff there is a well-founded ordering f ?? ; . od } ) ) ´ emantique Start C3 C4 – p.88/ x − n, m y ( := Yassine Lakhnech, S pgcd y = z else { y − pgcd x } 0 := ≥ x n ∧ then 0 ≥ m x > y if ∧ ( m do = ) y y ∧ = n x ( = ¬ Example x x { := z while We showed And termination? ?? ´ emantique Start C3 C4 – p.89/ Yassine Lakhnech, S

Denotational Semantics ?? ´ emantique Start C3 C4 – p.90/ Yassine Lakhnech, S

Motivation The operational semantics describes howexecuted. a program is The axiomatic semantics allows usprograms to while reason abstracting about the details ofThe its denotational execution. semantics describes the(denotation) meaning of a programs withoutexecuted. describes how it is Denotational semantics is compositional. • • • ?? ´ emantique Start C3 C4 – p.91/ where ]]) 2 tt Yassine Lakhnech, S S [[ d )= S ) σ , ( ]] 1 p S otherwise if State [[ d ); ); S σ σ , ( ] ( −→ part. b g f [ B ( ( ]] ] State 1 σ ( = ] S cond [[ a σ [ d → ) ]] = ◦ S 2 Stm 7→ A ]] S 2 : p,f,g x ( S [ d [[ σ S d else S = cond 1 S id σ ]] ]] = a 2 S ]] = then ; := b 1 S if skip x [[ [[ [[ Semantic clauses [[ d d d d S S S S ?? ) the , id ]] S ´ emantique Start C3 C4 – p.92/ [[ d ◦ S ]] . ′ σ Yassine Lakhnech, S od S ) )= σ do ( , id f ]] b S [[ ⇒ d ′ while σ . [[ ◦ S ) d = S , f , , id σ ] ] , we have: ]] ]] ) B B S [ [ f [[ od ( d B B is a solution of the equation: ( ( F S ]] ◦ S = do od cond cond f , f ] b S = B ]] = [ f do B ( while od b [[ d S S cond such that do while [[ f d b )= S f Denotation of Loops ( F while [[ d S Let We should have Does this equation has solutions?We shall several? see that this equation has always solutions and that least one is the oneFor we every are interested in: Hence, ?? ´ emantique Start C3 C4 – p.93/ Yassine Lakhnech, S ﬁxpoint theory has a solution? X )= X ( F

Fixpoints when does To answer this question we rely on ?? d . is , if y . d X ⊑ x ´ ⊓ emantique Start C3 C4 – p.94/ x , if ⊑ : . X y . y : ⊔ X X y ∈ ∈ Yassine Lakhnech, S . x x x X , denoted by ∈ S x X . = of , denoted by D X , for every X , for every ⊆ d ⊔ , when they exist. x of X D ⊑ ⊑ ⊔ x and d x , if , if X X ∈ T and for every upper bound X x denote and for every lower bound of of X = ⊤ X X ⊓ and D ⊓ be an ordered set and . Then, lower bound upper bound greatest lower bound (g.l.b.) ) ) least upper bound (l.u.b.) ⊆ ⊑ , Upper bound, lower bound and limits is a is a is is a denote A D, is a lower bound d d d d an upper bound of ( (2 ⊥ • • • • Let Example: Let Let ?? . D ´ emantique Start C3 C4 – p.95/ ⊆ X exist for every Yassine Lakhnech, S X is lattice which is ⊔ ) , and ∗ exist for every X (Σ ⊓ X ⊔ , if is lattice that is not complte, and ) ⊆ X lattice , } ⊓ is a , if ) finite ⊑ D, ( A, X ⊆ is infinite. . is a complete lattice. ) D be a finite alphabet. Then, A X | ⊆ Σ ⊆ ,

Lattice X A complete lattice X { (2 ( when not complete 1. 2. 3. Let ﬁnite An ordered set It is a Examples: ?? ´ emantique Start C3 C4 – p.96/ . X . I.e., the and X ) Yassine Lakhnech, S 2 d ( f ′ ⊑ . -chain) is an ) is total on 1 ω · · · ( d 1 ⊑ ( , for every chain x f ) be ordered sets. ⊑ X ( ) ′ 0 chain f ′ x ⊑ , ⊔ ′ implies such that D 2 ( )= d D X ⊑ is continuous, if ⊆ ⊔ and 1 ′ ( d ) f X D ⊑ → D, can be ordered ( D : X Let be an ordered set. A f -additive: ) ⊔ ⊑

Continuous functions D, ( 1. it is monotonic: 2. it is enumerable subset Let Deﬁnition: A function elements of ?? . is the D } ´ emantique Start C3 C4 – p.97/ x → ⊑ D ) : x ( Yassine Lakhnech, S f f | x is the least ﬁxpoint . ) } ⊓{ 0 ⊥ ( i ≥ f i 0 | ≥ F ) i ⊥ ( i f { F )= is monotonic then be a complete lattice and ⊥ f ( . ) i f ⊑ f 0 ≥ F is continuous then D, i ( f Let , where

The Theorems of Knaster-Tarski and Kleene f least fixpoint of Knaster-Tarski. If Kleene. If of • • Théorème ?? is and 0 we x ) is a 0 A ) x ´ emantique Start C3 C4 – p.98/ et 0 ( ∈ . Then, . Hence, x f A ) x ( A x f ⊑ ( ∈ 0 f is in x x . Yassine Lakhnech, S ⊑ be a monotonic f A Let )) . D ∈ x . A ( 0 , for every A 0 → f x ⊓ ( x ∈ . Hence, . Therefore, f D = ) x : A 0 x x ( f ⊑ ∈ is monotonic, for every f is the greatest lower bound ) ) f 0 0 x . That is, ( x x and 0 ( f } x f x ⊑ ⊑ implies ) ⊑ ) 0 is monotonic, . For every fixpoint of By definition of 0 ) A x . Since ( x x . f ( ∈ ( . A f A f f A x | ∈ . Hence,since x 0 x { x . . Since ⊑ = x . A 0 we have 0 x A ⊑ ∈ x , we have A ) ) be a complete lattice and A x x ∈ ) ( ( )= 0 f f have we show that We show x lower bound of of ⊑ is a fixpoint is the least fixpoint Proof of Knaster-Tarski’s Theorem x ( 0 0 D, x f x a lower bound of (a) and (b) together imply (b) (a) ( 1. 2. function. Let Let ?? ) ⊥ ( i f 0 ≥ ´ emantique Start C3 C4 – p.99/ G i = i f 1 : i . Yassine Lakhnech, S ≥ G i continuous. x ⊑ D ⊥⊔ ) → ⊥ ( )= i . D ⊥ f f : ( 0 i f ≥ F f i 1 ≥ G i )= ⊥ ( +1 i f . This implies 0 x ≥ G i ⊑ ) ⊥ )) = ( is a fixpoint is lower than any fixpoint i ⊥ ) ) f ( i · be a complete lattice and ⊥ ⊥ be a fixpoint. We show by induction on f ( ( 0 ) i i 0 x f f ⊑ ≥ ≥

Proof of Kleene’s Theorem G i 0 0 ( i ≥ ≥ F F D, i f i Let ∀ ( 1. 2. Let ?? ) σ ( f , if ´ emantique Start C3 C4 – p.100/ σ . ) σ ( Yassine Lakhnech, S . g iff for every )= g σ iff ( ′ . ⊑ f σ X f ⊑ ⊔ σ ∪ {⊤} ∪ {⊥} but not State is a complete lattice X ) = ⊑ ⊤ ⊥ , be deﬁned by: ⊤ ⊥ ) is also deﬁned and ⊑ State ) , σ State ( ( g State or or exists for every → ′ part. ⊤ ⊥ σ X

Ordre sur les états = ⊓ = = ′ State σ σ σ ( 1. 2. 3. Then, is deﬁned then For this reason, let equipped with the following order: Let We can show that ?? to ´ emantique Start C3 C4 – p.101/ ⊤ ⊥ State Yassine Lakhnech, S . σ , for every ) : σ ( D g ⊑ ) σ ( f iff g is a complete lattice. ⊑ ) f ⊑ , D (

Ordering Functions be the set of total continuous functions from . ⊤ ⊥ D State We define the following ordering Let Théorème ?? . ´ emantique Start C3 C4 – p.102/ )) , id ]] , the least, S [[ νf d Yassine Lakhnech, S exists, if ◦ S ]] , f od , resp. ] S B [ µf B do ( b cond while λf. [[ ( d is monotonic. µ S , if it exists. )) f ]] = . We denote by , id A ]] od S [[ S → d A do : ◦ S b f , f ] B [ while [[ B d ( Denotation of Loops S cond Notation: Let Fixpoint theory tells us that resp. greatest, fixpoint of We define λf. We can show that this functional is even continuous.