Hop Operational Semantics Paris, February 23rd Tamara Rezk Indes Team, INRIA

Hop Multi-tiers compiler Input: a web application written in a single homogenous language HOP multi-tiers compiler SQL (server) scheme code and protocols over html (server code) javascript (client code)

A precise Hop specification specifications are used to understand the meaning of programs In this lecture: a precise (mathematical) specification of the Hop programming language by means of operational semantics Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct? (Dana Scott 1969)

Formal Semantics Denotational Semantics: programs are partial functions mapping initial states to final states (Strachey-Scott, domain theory) Dana Scott: his work on automata theory earned him turing award in 1976 Unless there is a prior, generally-accepted mathematical definition of a language at hand, who is to say whether a proposed implementation is correct? Dana Scott, Turing Award 76

Formal Semantics Axiomatic Semantics: programs are given specifications in e.g. first order logic and can be proven correct with respect to their spec. in the logic Turing award = prix turing “There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.” Tony Hoare, Turing Award 80

Formal Semantics Structural Operational Semantics (also called “Transition semantics” or “small-step semantics”) Execution of a program can be foramlized as a sequence of configurations Gordon Plotkin

Structural Operational Semantics Abstract grammar of the language Configurations and states Transition relation

Hop abstract grammar (Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)

Hop semantics We will study Hop semantics in layers: Scheme subset of Hop Distributed aspects of Hop (server+client) Document Object Model (DOM) aspects of Hop Same Origin Policy (SOP) Access Control (AC) and semantics Differentes couches

Hop semantics We will study Hop semantics in layers: Scheme subset of Hop Distributed aspects of Hop (server+client) Document Object Model (DOM)aspects of Hop Same Origin Policy (SOP) Access Control (AC) and semantics

Hop abstract grammar (Abstract grammars may remind to context-free/BNF grammars but abstract grammars are independent from representations such as which operators are infix, what strings are used to denote contants and variables, etc, etc)

1.Scheme abstract grammar program or expression e :: = x | w | (e0 e1) | (set! x e ) values w:: = (lambda (x) e) | i | ( )

Scheme abstract grammar program or expression e :: = x | w | (e0 e1) | (set! x e ) values w:: = (lambda (x) e) | i | ( ) Example programs: (lambda (z) (lambda (y) (set! y z))) ((lambda (z) ((lambda (y) (set! y z)) 2)) 3) (lambda (z) ((lambda (y) (set! y z)) 2))

Structural Operational Semantics Abstract grammar of the language Configurations and states Transition relation

Scheme configurations Abstract grammar: e :: = x | w | (e0 e1) | (set! x e ) w:: = (lambda (x) e) | i | ( ) Configurations are of the form: < e , μ > e expression μ environment or store, mapping variables to values

Scheme configurations Configurations are of the form: < e , μ > e expression μ environment or store, mapping variables to values Example of configuration: < (set! x 3), { x  2, z  4} > environment = environement store = memoire mapping = correspondence (ou fonction)

Scheme configurations μ environment or store, mapping variables to values In the store we will consider: local variables (defined by lambda expressions) global variables (already defined in the store before execution, in scheme #define ) Here explain notation dom(\mu) and give examples of how we write that: \mu = { x-> v}

Structural Operational Semantics Abstract grammar of the language Configurations and states Transition relation

Transition relation The operational semantics is defined by a transition system (configurations, ). The transition relation  is defined by a set of semantics rules of the form: constraints _______________________ <conf0 >  < conf1>

Transition relation e :: = x | w | (e0 e1) | (set! x e ) y not in dom(μ ) _______________________ <((lambda (x) e) w), μ >  < e{y/x}, μ U {y -> w} > Explain notation de substitution e :: = x | w | (e0 e1) | (set! x e ) w:: = (lambda (x) e) | i | ( )

Transition relation < y , μ >  <w , μ > y not in dom(μ ) _______________________ <((lambda (x) e) w), μ >  < e{y/x}, μ U {y -> w} > μ (y ) = w _______________________ < y , μ >  <w , μ > Explain notation de substitution

Transition relation Example of execution with 2 steps: y not in dom(μ ) _______________________ <((lambda (x) e) w), μ >  < e{y/x}, μ U {y -> w} > Example of execution with 2 steps: <((lambda (x) x) 2), {z ->3} >  < x{y/x}, {z ->3 , y -> 2} >  < 2, {z ->3 , y -> 2} > Explain notation de substitution

Transition relation y not in dom(μ ) _______________________ <((lambda (x) e) w), μ >  < e{y/x}, μ U {y -> w} > Exercise: give an execution for <( (lambda (z) (lambda (y) y)) 2), {z -> 2}> Explain notation de substitution

Transition relation y not in dom(μ ) _______________________ <((lambda (x) e) w), μ >  < e{y/x}, μ U {y -> w} > This rule is not enough: what happens if we want to reduce an application (e e’) where e’ is not a value? ((lambda (z) z) ((lambda (z) z) 3) ) We need to define contextual rules!! Explain notation de substitution

_______________________ Evaluation contexts E ::= [] | (E e) | (w E) | (set! x E) ((lambda (z) z) ((lambda (z) z) 3) ) In this example: E = ((lambda (z) z) [] ) y not in dom(μ ) _______________________ <E[((lambda (x) e) w)], μ >  < E[e{y/x}], μ U {y -> w} > Explain notation de substitution

_______________________ Evaluation contexts y not in dom(μ ) _______________________ <E[((lambda (x) e) w)], μ >  < E[e{y/x}], μ U {y -> w} > E ::= [] | (E e) | (w E) | (set! x E) <((lambda (z) z) ((lambda (z) z) 3) ), {z  2} >  <((lambda (z) z) y), {z  2, y  3} >  <((lambda (z) z) 3), {z  2, y  3} >  <((lambda (z) z) 3), {z  2, y  3, x 3} >  < x, {z  2, y  3, x 3}  < 3, {z  2, y  3, x 3} Explain notation de substitution

Transition relation for Scheme subset y not in dom(μ ) _______________________ <E[((lambda (x) e) w)], μ >  < E[e{y/x}], μ U {y -> w} > Transition relation for Scheme subset μ (y ) = w _______________________ < E[y] , μ >  <E[w] , μ > Explain notation de substitution x in dom(μ) _______________________ < E[(set! x w)] , μ >  <E[()] , μ[x-> w] >

Exercises (set! z 3) 2. (((lambda (z) (lambda (y) (set! y z))) 2) 3) Find executions for the following programs starting with store { z -> 5} (set! z 3) 2. (((lambda (z) (lambda (y) (set! y z))) 2) 3) 3. ((lambda (z) ((lambda (y) (set! y z))) 2) 3) 4. (((lambda (x) (lambda (y) (set! x z))) 2) 3) 5. (set! z ((lambda (y) y) 2)) One could also explain here the notion of derivation tree using the semantics rule, but I’ll skip for lack of time

Hop semantics We will study Hop semantics in layers: Scheme subset of Hop Distributed aspects of Hop (server+client) Document Object Model (DOM) aspects of Hop Same Origin Policy (SOP) Access Control (AC) and semantics deuxiemes couches

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar

Hop distribution: Abstract grammar E ::= [] | (E S) | (w E) | (set! x E) | (with-hop E s) | (with-hop w E)

Distribution aspects server/client

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Core Hop configuration

Transition relation: service definition

INIT rule When a client enter a URL in a browser, the service bound to the URL will be invoked; Bound url New client instance New server thread

Hop Compilation + Init and Invoke rule Hop source Hop client code Client code compiler CSS Code Injection Prevention HTML Server code compiler Mashic Compiler JS Invoke Generate URL Server Bytecode URL Server Bytecode Access URLs URL Server Bytecode HTTP URL Server Bytecode

Transition relation: service invocation

Transition relation: service invocation exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))) . Find a (partial) execution for s

Transition relation: service return

Transition relation: service invocation

Service return

Service return exercise: Let s be (service (z) (set! z ((lambda (y) y) 2))). Find an execution for s Let s be (service (z) ((lambda (y) y) 2)) . Find an execution for s Let s be (service (z) ~((lambda (y) y) 2)) . Find an execution for s

Hop semantics We will study Hop semantics in layers: Scheme subset of Hop Distributed aspects of Hop (server+client) Document Object Model (DOM) aspects of Hop Same Origin Policy (SOP) Access Control (AC) and semantics

HOP and DOM: Syntax

DOM: core Hop modified rules

Operation on DOM and contexts

HTML tags

DOM Operations

Example