S´emantique des langages de programmation Master 1

(1)

Delia KESNER IRIF, CNRS et Universit ´e Paris kesner@irif.fr www.irif.fr/˜kesner

S ´emantique des langages de programmation

Master 1

Delia Kesner UFR d’Informatique

Universit ´e de Paris Email : kesner@irif.fr URL :www.irif.fr/˜kesner

(2)

Informations g ´en ´erales

(3)

Informations g ´en ´erales

Enseignantes: D. Kesner (cours), C. Faggian (TD) Cr ´eneaux horaires:

Cours: Lundi 13h45-15h45 TD: Mercredi 16h00-18h00 Note module: (CC + Examen)/ 2 2 `eme session: (CC + Examen)/ 2

(4)

Software runs our lives today.

(Critical) software is everywhere.

(5)

Space

(6)

Transportation

(7)

Medical

(8)

Telecommunications

(9)

Energy

(10)

Household Appliances

(11)

Military

(12)

Encryption

(13)

Administration

(14)

Bugs

Bugs are also everywhere, and failure is expensive.

Bugs: found in PC, Smartphones, enterprise software.

They cause uncomfortable work, more actions than expected, inconsistency, frustration, loss of time, frequent upgrades, etc.

Bad bugs: found in data security, network security, internet privacy.

They cause data corruption, invalid data representation, unavailability to perform action, loss of integrity, loss of money, begin sued.

Critical bugs: found in railways, medical, nuclear, airplanes. They damage health, nature, buildings, technics.... and all above.

(15)

Famous Bugs

(16)

Famous Bugs

Therac-25 radiation therapy machine (1980).

MIM-104 Patriot, failure in the interception of missile (1991).

Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (1996).

The year 2000 problem (1999-2000).

Virus ILOVEYOU (2000).

Google’s search engine (2009).

Pac-Man (256th level).

(17)

Prevention

Safety vs correctness, automatic vs interactive.

Testing (empirical, finite, dominant approach)

Programming techniques(high-level languages, types, etc) Formal specifications(metro systems using Z)

Static analysis(specificity, reachability properties) Abstract Interpretation (approximation)

Model checkers (finite state) Semanticsof programming languages

Deduction program provers(first-order logic, automatic) Proof assistants(higher-order logics)

Rigorous prevention tools involve FORMAL METHODS using mathematical and logical theories.

(18)

Mathematics in Computer Science

Computer Science Mathematics

Semantics of programming languages Logic, Category Theory

Machine learning Statistics

Cryptography Number Theory

Numerical analysis Differential Equations Analysis of algorithms Complex Analysis Network performance Probabilities

(19)

Logics in Computer Science

GottlobFrege(1848–1925). Logical basis for mathematics.

GiuseppePeano(1858–1932). Axiomatization of the natural numbers.

DavidHilbert(1862–1943). One of the founders of proof theory.

BertrandRussell(1872–1970). One of the founders of proof theory.

ArendHeyting(1898–1980). Intuitionistic Logic.

Kurt FriedrichG ¨odel(1906–1978). Incompleteness theorems.

GerhardGentzen(1909–1945). Proof theory.

HaskellCurry(1900–1982). Combinatoric Logic.

AlfredTarski(1901–1983). Model Theory.

AlonzoChurch(1903–1995). Lambda calculus.

AlainTuring(1912–1954). Father of theoretical computer science.

William AlvinHoward(1926). Lambda calculus.

PerMartin-L ¨of(1942). Type Theory.

Jean-YvesGirard(1947). Linear Logic.

(20)

Testing - Dominant Approach

”In several cases, engineers have reported finding flaws in systems once they reviewed their designs formally.” (R. Kling, 1995)

”Program testing can be used to show the presence of bugs, but never to show their absence! ”(E. W. Dijkstra, 1972)

Formal methods are used to verify and infer properties that hold forALLexecutions of a program. Used in industry to

Obtain some guarantees (besides testing).

Prove absence of sime kind of errors.

Save time and money (rigorous testing is expensive).

(21)

Certification - Huge progress

Kepler conjecture (algebra), by T. Hales, ongoing work.

Feit Thompson Theorem (finite groups), by G. Gonthier.

Full certification of java compiler, by X. Leroy.

(22)

Programming techniques, programming languages, proof

assistants.

(23)

Programming Languages

Syntax: what do programs are supposed to express?

Dynamics: how programs execute? what do they compute?

Types: what are well-formed programs?

(24)

Typing at primary school

A technique to automatically detect a class of (programming) errors.

2 + 3 = 5

3 + 6 = 9

2 + 6 = ?

(25)

Typing in Programming

Correct and well-typed program:

let rec fact n =

if n < 2 then 1 else fact(n - 1) * n

Ill-typed program:

let rec fact n =

if n < 2 then 1 else fact(n - "toto") * n

Uncorrect but well-typed program:

let rec fact n =

if n < 2 then 1 else fact(n + 1) * n

(26)

Typed algebras

Type= a set of data having the same form.

Base Types:

int: integer numbers0,1,12, . . . bool: truth valuestrueandfalse string: list of char

Composed Types:

A×B pairs with first (resp. second) element of typeA(respB) A+B elements of typeAorB

A→B functions taking arguments of typeAand yielding results of typeB list(A) lists of elements of typeA

Exemple :list(int×string)→list(int)×list(string)

(27)

Towards the notion of well-typed terms

Constants0,1,2, ...have typeint.

The expressionx<yis well-typed iffxandyhave typeint.

The expressionif c then x else yis well-typed iffchas typeboolandxandy have the same type.

Exemples :

if 1<2 then 3 else 4 correct true<false wrong if 1<2 then 3 else false wrong

(28)

Types, formally

Typing judgments:

x1:A1, ...,xn:An`expr:B Intuitive meaning:

”If variablesx1, . . . ,xnhave typeA1, . . . ,Anresp. thenexprhas typeB. ”

Typing Rules:

H1. . .Hn

C whereH1, . . . ,Hn,Care typing judgments.

Intuitive meaning:

”If premissesH1, . . . ,Hnare true, then the conclusionCis true. ”

(29)

Example

Γ`0 :int Γ(x)=A Γ`x:A

Γ`e1:int Γ`e2:int Γ`(e1+e2) :int

Γè1:bool Γè2:A Γè3:A Γìfe1thene2elsee3:A

Γ` f:A→B Γ`a:A Γ` f a:B x:A,Γ`b:B Γ`functionx7→b:A→B

(30)

Types and Logic

Curry-HowardIsomorphism

Logical system ⇔ Language

Propositions ⇔ Types

Logical Rules ⇔ Typing Rules

Proofs ⇔ Programs

(31)

Curry-Howard

Logical system Language

Propositions Types

Aand B A×B

Aor B A+B

Aimplies B A→B

Logical Rules Typing Rules

Γ`AimpliesB Γ`A Γ`B

Γ` f:A→B Γ`a:A Γ` f a:B

(32)

Some CH examples

Logical system Language

Intuitionistic propositional Logic Typed Lambda Calculus Intuitionistic second order Logic Functional Languages(CAML, Haskell)

Intuitionistic higher-order Logic Type Theory(Coq, Isabell) Classical Logic Control Operators(Scheme)

(33)

Types and expressivity

Subtyping:natural numbers can be considered a subtype of real numbers, so that a function accepting real numbers, accepts also natural numbers.

Path Polymorphism:a function can be applied to any argument having a particular data structure.

Linear types:unique use of data.

Intersection types:overloading, characterization of mathematical properties.

Union types:values belonging to different types.

Existential types:use to model abstract data types.

(34)

Types and Languages/Proof Assistants

Typed Lambda Calculus:a function of typeint→intcan only be applied to an integer. But not Turing complete: only total functions.

Polymorphic Lambda Calculus:a function of typeα→αcan be applied to any type, in particular to an argument of typeint,int→int,(int→int)→int, etc.

Example: Caml, Haskell.

Dependent Types:distinction between arrays of different lenghts (i.e.[] :list(0)and [1; 3] :array(2).

Example: AGDA, Epigram.

Calculus of Constructions:polymorphism + depedent types. Powerfull enough to model a proof assistant.

Examples: Coq proof assistant.

(35)

The Lambda Cube

Termsdepending onterms.

Termsdepending ontypes, or polymorphism (2).

Typesdepending ontypes, or type operators (ω).

Typesdepending onterms, or dependent types (P).

(36)

Programming Languages

Functional Programming Logic Programming Data Base languages

Concurrent Languages (Mobility, Security) Imperative Programming

Rewriting Programming Object-Oriented Programming Proof Assistants

. . .

(37)

Syntax vs Semantics

Syntax:

∀x.s(x),0 Semantics:

”Every positive natural number is different from zero”

(38)

Semantics of programming languages

Themeaningof programming languages.

Different techniques:

Operationalsemantics Denotationalsemantics Axiomaticsemantics

(39)

Operational semantics

The meaning of a program is the sequence of states of the machine executing the program.

program = transition system

Example

P1: a=1; b=0; P2: a=1; P3: b=0; a=1; P4: a=1; b=1;

b=0;

P1 is equivalent to P2, but P1 is not equivalent to P3/P4, and P3 is not equivalent to P4.

/

non equivalent programs may have the same result.

This notion can be refined in order to observe just a piece of memory of the machine.

(40)

Denotational semantics

program = mathematical function

Argument of this function: the state of the memorybeforeexecution Result of this function: the state of the memoryafterexecution Example

P1:a=1; b=0; P2:a=1; P3:b=0; a=1; P4:a=1; b=1;

b=0;

P1, P2 and P3 are equivalent, but they are not equivalent to P4.

(41)

Axiomatic semantics

program = transformation of logical properties

This can be written for example inHoare logicas {P}Prog{Q} Thus for example,

{true} _P1/P2: a=1;b=0; {a≥0∧b≥0} {true} P3: b=0;a=1; {a≥0∧b≥0}

{true} P4: a=1;b=1; {a≥0∧b≥0}

are all equivalent.

(42)

Relation between different semantics

Two syntactic equivalent programs are operational equivalent.

Two operational equivalent programs are denotational equivalent.

Two denotational equivalent programs are axiomatic equivalent.

The converse implications are in general false.

(43)

Operational Semantics

program = transition system

Rewriting systemsare a natural tool to model transitions between objects.

(44)

Example I: String rewriting

Rewriting system:

vert 7→ orange orange 7→ rouge rouge 7→ vert Reduction sequence:

vert→orange→rouge→vert→orange→. . .

(45)

Example II: String rewriting

Rewriting system:

◦• 7→ •◦

•• 7→ ••

•◦ 7→ ◦•

Reduction Sequence:

◦•• ◦ •• ◦ ••

↓∗

• • • ◦ ◦ ◦ • • •

(46)

Example III: Term rewriting

Rewriting system for Peano arithmetic:

0+Y 7→ Y

s(X)+Y 7→ s(X+Y)

0∗Y 7→ 0

s(X)∗Y 7→ (X∗Y)+Y Reduction sequence:

“2∗3”=s(s(0))∗s(s(s(0))) → s(0)∗s(s(s(0)))+s(s(s(0))) → 0∗s(s(s(0)))+s(s(s(0)))+s(s(s(0))) → 0+s(s(s(0)))+s(s(s(0))) → s(s(s(0)))+s(s(s(0))) → s(s(s(0))+s(s(s(0)))) → s(s(s(0)+s(s(s(0))))) → s(s(s(0+s(s(s(0)))))) → s(s(s(s(s(s(0))))))=^“6”

(47)

Example IV: Equational Programming

Rewriting system:

nil[X\Y] 7→ nil

cons(H,T)[H\I] 7→ cons(I,T[H\I]) cons(J,T)[H\I] 7→ cons(J,T[H\I]) Reduction sequence:

cons(a,cons(b,cons(a,cons(b,nil))))[a\c][b\d] →^∗ cons(c,cons(d,cons(c,cons(d,nil))))

(48)

Example V: Logical reasoning

Rewriting system:

P⊃Q 7→ ¬P∨Q

¬(P∧Q) 7→ ¬P∨ ¬Q

¬(P∨Q) 7→ ¬P∧ ¬Q

¬¬P 7→ P Reduction sequence:

¬(¬(¬r⊃s)⊃t) →

¬(¬(¬¬r∨s)⊃t) →

¬(¬(r∨s)⊃t) →

¬((¬r∧ ¬s)⊃t) →

¬(¬(¬r∧ ¬s)∨t) →

¬((¬¬r∨ ¬¬s)∨t) →

¬((r∨ ¬¬s)∨t) →

¬((r∨s)∨t) →

¬(r∨s)∧ ¬t → (¬r∧ ¬s)∧ ¬t

(49)

Example VI: Functional Programming

The λ -calculus [Church]

(β) (λx.M)N 7→ M{x\N}

(η) λx.M x 7→ M

(S P) hπ1(M), π2(M)i 7→ M

(50)

Example VII: Object-Oriented Programming

The ς -calculus [Abadi & Cardelli]

AnobjetOis a collection ofmethodshli≡ςsel fi.Biii∈1...n. Methodinvocation is given by the rewriting rules:

O.lj7→Bj{sel fj\O}

(51)

Example VIII: Mathematical reasoning

Formulae:

∃α.∀β.X 7→ ∀β.∃α.X Sets:

T ∈{α:A|P} 7→ T ∈A∧P{α\T}

(52)

Example IX: OCAML Programs

let rec length l = match l with [] -> 0

| h::t -> length t + 1 ;;

let rec append l1 l2 = match l1 with [] -> l2

| h::t -> h::append t l2;;

let rec map l f = match l with [] -> []

| h::t -> (f h):: map t f ;;

(53)

Example X: Concurrent Programming

The π -calculus [Milner & Parrow & Walker]

αhti.P|αhxi.Q 7→ P|Q{x\t}

(54)

Typical questions concerning a rewriting model

Consider a rewriting sequence

t1→_R t2→_R t3→_R . . . Is this computationterminating? (always? sometimes?) Is there aresult(e.g. canonical form) ?

Is thereuniquenessof results?

(55)

(Part of the) History

(Thue-1914) String rewrite systems (Church-1936) Lambda calculus (Gorn-1967) Term rewrite systems

(Klop-1980) Combinatory reduction systems

(56)

Plan du cours

Introduction

Quelques notions math ´ematiques Calculs fonctionnels

Introduction au lambda calcul

Propri ét és: Confluence, standardisation, r ésidus, etc.

Lambda calcul typ é: type, jugement de type, d érivation de typage Propri ét és : pr éservation du typage, normalisation forte, etc.

S émantique op érationnelle: appel par nom, appel par valeur, appel par ncessit, call-by-push-value, s émantique à petits pas et à grands pas.

Machines `a environnement.

Polymorphisme, inf ´erence de types, types intersection.

Calculs alg ébriques Termes et Sigma alg èbres Th éor ème de Birkhoff R é écriture

Quelques techniques pour montrer la confluence Quelques techniques pour montrer la terminaison S ´emantique d ´enotationnelle

L’approche d énotationnelle de la s émantique S émantique d’un langage fonctionnel simple

(57)

Bibliographie

Transparents et tableau

(consulterwww.irif.fr/˜kesnerr ´eguli `erement)

Pour les calculs alg ´ebriques : Term Rewriting and All That. 1998.

Franz Baader, Tobias Nipkow.Cambridge University Press

(58)

Bibliographie

Pour les calculs fonctionnels :

Lambda-calcul, types et mod `eles. 1997.

Jean-Louis Krivine.Masson

The lambda calculus: its Syntax and Semantics. 1984. Henk Barendregt.

North-Holland

(59)

Bibliographie

Pour les deux:Term Rewriting Systems. 2003. Terese.Cambridge University Press