Presentation is loading. Please wait.

Presentation is loading. Please wait.

Semantic Formalisms: an overview Eric Madelaine INRIA Sophia-Antipolis Oasis team Mastère Réseaux et Systèmes Distribués.

Published byEdgar Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "Semantic Formalisms: an overview Eric Madelaine INRIA Sophia-Antipolis Oasis team Mastère Réseaux et Systèmes Distribués."— Presentation transcript:

1

2 Semantic Formalisms: an overview Eric Madelaine eric.madelaine@sophia.inria.fr INRIA Sophia-Antipolis Oasis team Mastère Réseaux et Systèmes Distribués TC4

3 Mastère RSD - TC4 2005/20062 Program of the course: 1: Semantic Formalisms Semantics and formal methods: –motivations, definitions, examples Denotational semantics : give a precise meaning to programs –abstract interpretation Operational semantics, behaviour models : represent the complete behaviour of the system –CCS, Labelled Transition Systems

4 Mastère RSD - TC4 2005/20063 Goals of (semi) Formal Methods Develop programs and systems as mathematical objects Represent them (syntax) Interpret/Execute them (semantics) Analyze / reason about their behaviours (algorithmic, complexity, verification) In addition to debug, using exhaustive tests and property checking.

5 Mastère RSD - TC4 2005/20064 Software engineering (ideal view) Requirements informal –User needs, general functionalities. –incomplete, unsound, open Detailed specification formal ? –Norms, standards?..., at least a reference –Separation of architecture and function. No ambiguities development –Practical implementation of components –Integration, deployment Tests (units then global) vs verification ? –Experimental simulations, certification

6 Mastère RSD - TC4 2005/20065 Specification Programming reuse ? Test & Validation User requirements Product Cycle of refinements Component integration unit testing V cycle (utopia) Increasing cost

7 Mastère RSD - TC4 2005/20066 Specification Programming Test & Validation User requirements Product Benefits from formal methods ? automatisation? Abstraction ? Verification ? Synthesis ? Simulation, Verification ? Tests generation?

8 Mastère RSD - TC4 2005/20067 Support UML (aparté) Notation standardisée, une profusion de modèles/diagrammes : –class diagrams –use-case diagrams –séquence diagrams –statecharts et activity charts –deployment diagrams + stéréotypes pour particulariser les modèles (UML-RT, Embedded UML, …) Sémantique ? Flot de conception et méthodologie?

9 Mastère RSD - TC4 2005/20068 Developer Needs Notations, syntax –textual –graphical (charts, diagrams…) Meaning, semantics –Non ambiguous signification, executability –interoperability, standards Instrumentation analysis methods –prototyping, light-weight simulation –verification

10 Mastère RSD - TC4 2005/20069 How practical is this ? Currently an utopia for large software projects, but : –Embedded systems Safety is essential (no possible correction) –Critical systems Safety, human lives (travel, nuclear) Safety, economy (e-commerce, cost of bugs) Safety, large volume (microprocessors) Ligne Meteor, Airbus, route intelligente Panne réseau téléphonique US, Ariane 5 Bug Pentium

11 Mastère RSD - TC4 2005/200610 Industry succes-stories Model-checking for circuit development –Finite systems, mixing combinatory logics with register states Specification of telecom standards Proofs of Security properties for Java code and crypto-protocols. Certification of embedded software (trains, aircafts) Synthesis ?

12 Mastère RSD - TC4 2005/200611 Semantics: definition, motivations Give a (formal) meaning to words, objects, sentences, programs… Why ? Natural language specifications are not sufficientNatural language specifications are not sufficient A need for understanding languages: eliminate ambiguities, get a better confidence. Precise, compact and complete definition. Facilitate learning and implementation of languages

13 Mastère RSD - TC4 2005/200612 Formal semantics, Proofs, and Tools Manual proofs are error-prone ! Tools for Execution and Reasoning –semantic definitions are input for meta-tools Integrated in the development cycle –consistent and safe specifications –requires validation (proofs, tests, …) Challenge: Expressive power versus executability...

14 Mastère RSD - TC4 2005/200613 Concrete syntax, Abstract syntax, and Semantics Concrete syntax: –scanners, parsers, BNF,... many tools and standards. Abstract syntax: –operators, types, => tree representations Semantics: –based on abstract syntax –static semantics: typing, analysis, transformations –dynamic: evaluation, behaviours,... This is not only a concern for theoreticians: it is the very basis for compilers, programming environments, testing tools, etc...

15 Mastère RSD - TC4 2005/200614 Static semantics : examples Checks non-syntactic constraints compiler front-end : –declaration and utilisation of variables, –typing, scoping, … static typing => no execution errors ??? or back-ends : –optimisers defines legal programs : –Java byte-code verifier –JavaCard: legal acces to shared variables through firewall

16 Mastère RSD - TC4 2005/200615 Dynamic semantics Gives a meaning to the program (a semantic value) Describes the behaviour of a (legal) program Defines a language interpreter |- e -> e ’ let i=3 in 2*i -> semantic value = 6 Describes the properties of legal programs

17 Mastère RSD - TC4 2005/200616 The different semantic families (1) Denotational semantics –mathematical model, high level, abstract Axiomatic semantics –provides the language with a theory for proving properties / assertions of programs Operational semantics –computation of the successive states of an abstract machine.

18 Mastère RSD - TC4 2005/200617 Semantic families (2) Denotational semantics –defines a model, an abstraction, an interpretation  for the language designers Axiomatic semantics –builds a logical theory  for the programmers Operational semantics –builds an interpreter, or a finite representation  for the language implementors

19 Mastère RSD - TC4 2005/200618 Semantic families (3) relations between : denotational / operational –implementation correct wrt model axiomatic / denotational –completeness of the theory wrt the model

20 Mastère RSD - TC4 2005/200619 Program of the course: 1: Semantic Formalisms Semantics and formal methods: –motivations, definitions, examples Denotational semantics : give a precise meaning to programs –abstract interpretation Operational semantics, behaviour models : represent the complete behaviour of the system –CCS, Labelled Transition Systems

21 Mastère RSD - TC4 2005/200620 Denotational semantics Gives a mathematical model (interpretation) for any program of a language. All possible computations in all possible environments Examples of domains: lambda-calculus, high-level functions, pi-calculus, etc... Different levels of precision : hierarchy of semantics, related by abstraction. When coarse enough => effectively computable (finite representation) (automatic) static analysis.

22 Mastère RSD - TC4 2005/200621 Abstract Interpretation Motivations : –Analyse complex systems by reasoning on simpler models. –Design models that preserve the desired properties –Complete analysis is undecidable Abstract domains : –abstract properties (sets), abstract operations –Galois connections: relate domains by adequate abstraction/concretisation functions.

23 Mastère RSD - TC4 2005/200622 Abstract Interpretation (2) Example : –Program with 2 integer variables X and Y –Trace semantics = all possible computation traces (sequences of states with values of X and Y) –Collecting semantics = (infinite) set of values of pairs –Further Abstractions : Signs : N --> {-,0,+} succ --> - --> {-,0} 0 --> + + --> +

24 Mastère RSD - TC4 2005/200623 Example : –Program with 2 integer variables X and Y –Trace semantics = all possible computation traces (sequences of states with values of X and Y) –Collecting semantics = set of values of pairs –Further Abstractions : Abstract Interpretation (3)

25 Mastère RSD - TC4 2005/200624 Abstract Interpretation (4) –Function Abstraction: F # =   F   Abstract domain Concrete domain F F#F#  

26 Mastère RSD - TC4 2005/200625 Abstract Interpretation (5) Galois connections : –a pair of functions ( ,  ) such that: L ,   L b,  b (abstract) (concrete)   – where : –   and  b are information orders –  and  are monotonous –  (v b )   v  v b  b  (v  )

27 Mastère RSD - TC4 2005/200626 Abstract Interpretation (6) example Java / ProActive code Abstract ProActive code Method Call Graph Network of Parameterized LTSs Network of finite LTSs Data abstraction Compilation Operational semantics Finite instanciation Consistent Chain of approximations

28 Mastère RSD - TC4 2005/200627 Abstract Interpretation Summary: -From Infinite to Finite / Decidable –library of abstractions for mathematical objects –information loss : chose the right level ! –composition of abstractions –sound abstractions : property true on the abstract model => true on concrete model –but incomplete : abstract property false => concrete property may be true Ref: Abstract interpretation-based formal methods and future challenges, P. Cousot, in “informatics 10 years back, 10 years ahead”, LNCS 2000.

29 Mastère RSD - TC4 2005/200628 Program of the course: 1: Semantic Formalisms Semantics and formal methods: –motivations, definitions, examples Denotational semantics : give a precise meaning to programs –abstract interpretation Operational semantics, behaviour models : represent the complete behaviour of the system –CCS, Labelled Transition Systems

30 Mastère RSD - TC4 2005/200629 Operational Semantics (Plotkin 1981) Describes the computation States and configuration of an abstract machine: –Stack, memory state, registers, heap... Abstract machine transformation steps Transitions: current state -> next state Several different operational semantics

31 Mastère RSD - TC4 2005/200630 Natural Semantics : big steps ( Kahn 1986 ) Defines the results of evaluation. Direct relation from programs to results env |- prog => result –env: binds variables to values –result: value given by the execution of prog describes each elementary step of the evaluation rewriting relation : reduction of program terms stepwise reduction: -> –infinitely, or until reaching a normal form. Reduction Semantics : small steps

32 Mastère RSD - TC4 2005/200631 Differences: small / big steps Big steps: –abnormal execution : add an « error » result –non-terminating execution : problem deadlock (no rule applies, evaluation failure) looping program (infinite derivation) Small steps: –explicit encoding of non termination, divergence –confluence, transitive closure ->*

33 Mastère RSD - TC4 2005/200632 Natural semantics: examples (big steps) Type checking : Terms: X | tt | ff | not t | n | t1 + t2 | if b then t1 else t2 Types : Bool, Int Judgements : Typing:  |- P :  Reduction:  |- P  v

34 Mastère RSD - TC4 2005/200633 Deduction rules Values and expressions:  |- tt : Bool  |- ff : Bool  |- tt  true  |- ff  false  |- t1 + t2 : Int  |- t1 : Int  |- t2 : Int  |- t1 + t2  n1+n2  |- t1  n1  |- t2  n2

35 Mastère RSD - TC4 2005/200634 Deduction rules Environment : Conditional : Exercice : typing rule ?  :: {x->v} |- x  v  :: {x :  } |- x :   |- if b then e1 else e2  v  |- b  true  |- e1  v

36 Mastère RSD - TC4 2005/200635 Operational semantics: big steps for reactive systems Behaviours Distributed, synchronous/asynchronous programs: transitions represent communication events Non terminating systems Application domains: –telecommunication protocols –reactive systems –internet (client/server, distributed agents, grid, e-commerce) –mobile / pervasive computing

37 Mastère RSD - TC4 2005/200636 Systems build from communicating componants : parallelism, communication, concurrency Asynchronous Processes –Synchronous communications (rendez-vous) –Asynchronous communications (message queues) Synchronous Processes (instantaneous diffusion) Exercice: how do you classify ProActive ? Synchronous and asynchronous languages Process calculi: CCS, CSP, Lotos SDL modelisation of channels Esterel, Sync/State-Charts, Lustre

38 Mastère RSD - TC4 2005/200637 Parallel processes communicating by Rendez-vous : Recursive definitions : CCS ( R. Milner, “A Calculus of Communicating Systems”, 1980 ) a? a?:b!:nil b!:nil b!  nil a?:P || a!:Q P || Q let rec { st0 = a?:st1 + b?:st0 } in st0 a? b?

39 Mastère RSD - TC4 2005/200638 CCS : behavioural semantics (1) a:PP a:P P a nil (or skip) PP’ P P’ a P+QP’ P+Q P’ a QQ’ Q Q’ a P+QQ’ P+Q Q’ a

40 Mastère RSD - TC4 2005/200639 PP’ P P’ a! QQ’ Q Q’ a? P||QP’||Q’ P||Q P’||Q’  PP’ P P’ a P||QP’||Q P||Q P’||Q a QQ’ Q Q’ a P||QP||Q’ P||Q P||Q’ a a local b in PP’ local b in P local b in P’ PP’ a  {b?,b!} P P’ a  {b?,b!} a a  X.PP’  X.P P’ [  X.P/X]PP’ [  X.P/X]P P’ a Emissions & réceptions are dual actions  invisible action (internal communication) CCS : behavioural semantics (2)

41 Mastère RSD - TC4 2005/200640 Derivations (construction of each transition step) (a?:P || Q) || a!:R a?:P Par-L a? P || Q Par-2 a?:P || Q a!:R  P || Q) || R ( P || Q) || R Prefix a! R a? P Prefix (a?:P || Q) || a!:R a? P || Q) || a!:R ( P || Q) || a!:R Par-L(Par_L(Prefix))

42 Mastère RSD - TC4 2005/200641 Example: Alternated Bit Protocol Hypotheses: channels can loose messages Requirement: the protocol ensures no loss of messages ?imss ?ack0 ?ack1 !in0 !in1 ?out0 ?out1 !ack0 !omss !ack1 !omss ?out0 ?out1 !omss emitter Fwd_channel Bwd_channel receiver Write in CCS ?

43 Mastère RSD - TC4 2005/200642 Example: Alternated Bit Protocol (2) emitter = let rec {em0 = ack1? :em0 + imss?:em1 and em1 = in0! :em1 + ack0? :em2 and em2 = ack0? :em2 + imss? :em3 and em3 = in1! :em3 + ack1? :em0 } in em0 ABP = local {in0, in1, out0, out1, ack0, ack1, …} in emitter || Fwd_channel || Bwd_channel || receiver

44 Mastère RSD - TC4 2005/200643 Example: Alternated Bit Protocol (3) Channels that loose and duplicate messages (in0 and in1) but preserve their order ? Exercise : 1) Draw an automaton describing the loosy channel behaviour 2) Write the same description in CCS

45 Mastère RSD - TC4 2005/200644 Bisimulation Behavioural Equivalence –non distinguishable states by observation: two states are equivalent if for all possible action, there exist equivalent resulting states. minimal automata quotients = canonical normal forms ~ ~ act

46 Mastère RSD - TC4 2005/200645 Some definitions Labelled Transition System (LTS) (S, s0, L, T) where: S is a set of states s0  S is the initial state L is a set of labels T  SxLxS is the transition relation Bisimulations R  SxS is a bisimulation iff –It is a equivalence relation –  (p,q)  R, (p,l,p’)  T =>  q’/ (q,l,q’)  T and (p’,q’)  R ~ is the coarsest bisimulation 2 LTS are bisimilar iff their initial states are in ~ ~ ~ act

47 Mastère RSD - TC4 2005/200646 Bisimulation (3) More precise than trace equivalence : Congruence for CCS operators : Basis for compositional proof methods ~ a a a b c b c for any CCS context C[.], C[P] ~ C[Q] P~Q

48 Mastère RSD - TC4 2005/200647 Bisimulation (4) Congruence laws: P1~P2 => a:P1 ~ a:P2(  P1,P2,a) P1~P2, Q1~Q2 => P1+Q1 ~ P2+Q2 P1~P2, Q1~Q2 => P1||Q1 ~ P2||Q2 Etc…

49 Mastère RSD - TC4 2005/200648 Bisimulation : Exercice

50 Mastère RSD - TC4 2005/200649 Next courses 2) Application to distributed applications –ProActive : behaviour models –Tools : build an analysis platform 3) Distributed Components –Fractive : main concepts –Black-box reasoning –Deployment, management, transformations www-sop.inria.fr/oasis/Eric.Madelaine Teaching

Download ppt "Semantic Formalisms: an overview Eric Madelaine INRIA Sophia-Antipolis Oasis team Mastère Réseaux et Systèmes Distribués."

Similar presentations

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
8. Introduction to Denotational Semantics. © O. Nierstrasz PS — Denotational Semantics 8.2 Roadmap Overview:  Syntax and Semantics  Semantics of Expressions.

8. Introduction to Denotational Semantics. © O. Nierstrasz PS — Denotational Semantics 8.2 Roadmap Overview:  Syntax and Semantics  Semantics of Expressions.
Timed Automata.

Timed Automata.
Software system modeling

Software system modeling
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Lecture 02 – Structural Operational Semantics (SOS) Eran Yahav 1.

Lecture 02 – Structural Operational Semantics (SOS) Eran Yahav 1.
Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.

Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Concepts of Programming Languages 1 Describing Syntax and Semantics Brahim Hnich Högskola I Gävle

Concepts of Programming Languages 1 Describing Syntax and Semantics Brahim Hnich Högskola I Gävle
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Similar presentations

Ads by Google