# Semantics

## Introduction

There is no single widely acceptable notation or formalism for describing semantics

Several needs for a methodology and notation for semantics:

- Programmers need to know what statements mean
- Compiler writers must know exactly what language constructs do
- Correctness proofs would be possible
- Compiler generators would be possible
- Designers could detect ambiguities and inconsistencies

## Operational Semantics

Describes the meaning of a program by executing its statements on a machine, either simulated or actual.
- The change in the state of the machine (memory, registers, etc.) defines the meaning of the statement

To use operational semantics for a high-level language, a virtual machine is needed.

## Operational Semantics (cont.)

A **hardware** pure interpreter would be too expensive

A **software** pure interpreter also has problems

-   The detailed characteristics of the particular computer would make actions difficult to understand
-   Such a semantic definition would be machine-dependent

## Operational Semantics (cont.)


A better alternative: A complete computer simulation

The process:

-   Build a translator (translates source code to the machine code of an idealized computer)
-   Build a simulator for the idealized computer

Evaluation of operational semantics:

-   Good if used informally (language manuals, etc.)
-   Extremely complex if used formally (e.g., VDL), it was used for describing semantics of PL/I.

## Operational Semantics (cont.)

- Uses of operational semantics:
    - Language manuals and textbooks
    - Teaching programming languages
- Two different levels of uses of operational semantics:
    - Natural operational semantics
    - Structural operational semantics
- Evaluation
    - Good if used informally (language manuals, etc.)
    - Extremely complex if used formally (e.g.,VDL)

## Denotational Semantics

-   Based on recursive function theory
-   The most abstract semantics description method
-   Originally developed by Scott and Strachey (1970)

## Denotational Semantics (cont.)

The process of building a denotational specification for a language:

- Define a mathematical object for each language entity

- Define a function that maps instances of the language entities onto instances of the corresponding mathematical objects

The meaning of language constructs are defined by only the values of the program's variables

## Denotational Semantics: Program State

The state of a program is the values of all its current variables
- s = {<i₁, v₁\>, <i₂, v₂\>, …, <iₙ, vₙ\>}
 
Let **VARMAP** be a function that, when given a variable name and a state, returns the current value of the variable
- VARMAP(iⱼ, s) = vⱼ


## Denotational Semantics:  Decimal Numbers

- **CFG Rule:**

    \<dec_num> ⟶ '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' |
                <dec_num> ('0' | '1' | '2' | '3' | '4' |
                           '5' | '6' | '7' | '8' | '9')

- **Semantics:**

        Mₙ('0') = 0, Mₙ('1') = 1, …, Mₙ('9') = 9
        Mₙ(<dec_num> '0') = 10 * Mₙ(<dec_num>)
        Mₙ(<dec_num> '1') = 10 * Mₙ(<dec_num>) + 1
        ...
        Mₙ(<dec_num> '9') = 10 * Mₙ(<dec_num>) + 9



## Denotational Semantics: Expressions

- Map expressions onto **Z** ∪ {error}
- We assume expressions are decimal numbers, variables, or binary expressions having one arithmetic operator and two operands, each of which can be an expression

- **CFG Rule:** <expr\> → <dec_num\> | <var\> | <binary_expr\>
- **Semantics:**
    
    Mₑ(\<expr>, s) Δ=
      case <expr> of
        <dec_num> => Mₙ(<dec_num>, s)
        <var>     => if VARMAP(<var>, s) == undef then error
                     else VARMAP(<var>, s)
        <binary_expr> =>
            if (Mₑ(<binary_expr>.<left_expr>, s) == undef
                OR Mₑ(<binary_expr>.<right_expr>, s) = undef)
            then error
            else
            if (<binary_expr>.<operator> == ' + ' then
                 Mₑ(<binary_expr>.<left_expr>, s) + Mₑ(<binary_expr>.<right_expr>, s)
            else Mₑ(<binary_expr>.<left_expr>, s) * Mₑ(<binary_expr>.<right_expr>, s)
        ...


## Denotational Semantics: Assignment Statements

- Maps state sets to state sets ∪ {error}
- **CFG Rule:** <assign\> -> <var\> := <expr\>
- **Semantics:**

        Ma(x := E, s) Δ=
            if Mₑ(E, s) == error
            then error
            else s’ = {<i₁ ,v₁’>,<i₂ ,v₂’>,...,<iₙ ,vₙ’>},
                where for j = 1, 2, ..., n,
                    if iⱼ == x
                    then vⱼ’ = Mₑ(E, s)
                    else vⱼ’ = VARMAP(iⱼ , s)

## Denotational Semantics: Logical Pretest Loops

- Maps state sets to state sets ∪ {error}
    
    Mₗ(while B do L, s) Δ=
        if Mₚ(B, s) == undef
        then error
        else if Mₚ(B, s) == false
             then s
             else if Mₛₗ(L, s) == error
                  then error
                  else Mₗ(while B do L, Mₛₗ(L, s))


## Loop Meaning

- The meaning of the loop is the value of the program variables after the statements in the loop have been executed the prescribed number of times, assuming there have been no errors
- In essence, the loop has been converted from iteration to recursion, where the recursive control is mathematically defined by other recursive state mapping functions
    - Recursion, when compared to iteration, is easier to describe with mathematical rigor

## Evaluation of Denotational Semantics

-   Can be used to prove the correctness of programs
-   Provides a rigorous way to think about programs
-   Can be an aid to language design
-   Has been used in compiler generation systems
-   Because of its complexity, it are of little use to language users

## Axiomatic Semantics

- Based on formal logic (predicate calculus)
- Original purpose: formal program verification
- Axioms or inference rules are defined for each statement type in the language (to allow transformations of logic expressions into more formal logic expressions)
- The logic expressions are called *assertions*
- Concerned with **properties of program state**

## Axiomatic Semantics: State

State: a function $\sigma$ from variables to values
- e.g., program with 3 variables x, y, z
$$\sigma(x) = 9$$
$$\sigma(y) = 5$$
$$\sigma(z) = 2$$

For simplicity, we will only consider integer variables
- σ: Variables ⟶ {0,-1,+1,-2,2,...}

## Sets of States

Need to talk about sets of states
- e.g., "x=1, y=2, z=1 or x=1, y=2, z=2 or x=1, y=2, z=3"

We use assertions in first-order logic
- x=1 ∧ y=2 ∧ 1 ≤ z ≤ 3

An assertion $P$ represents the set of states that satisfy the assertion

- We will write $\{P\}$ to denote this set of states

## Use of First-Order Logic

Variables from the program
- In the program they are part of the syntax, here they are part of the assertion
    - programming language vs. meta-language of assertions

The usual symbols from first-order logic
- = < > ∨ ∧ ¬ ∃ ∀ true false

Operations from the programming language:
- e.g. +, -, ...

## First-Order Logic

Terms
- If $x$ is a variable, $x$ is a term
- If $n$ is an integer constant, $n$ is a term
- If $s$ and $t$ are terms, so are $s+t$, $s-t$,...

Formulas
- **true** and **false**
- $s < t$ and $s=t$ for terms $s$ and $t$
- $f \vee g$, $f \wedge g$, $\neg f$ for formulas $f, g$
- $\exists x.f$ and $\forall x.f$ for a formula $f$

## Axiomatic Semantics (cont.)

- An assertion before a statement (a **precondition**) states the relationships and constraints among variables that are true at that point in execution
- An assertion following a statement is a **postcondition**
- A **weakest precondition** is the least restrictive precondition that will guarantee the postcondition

## Axiomatic Semantics Form

Hoare triple: $\{P\} S \{Q\}$
- $S$ is a program statement, $P$ is the **precondition**, $Q$ is the **postcondition**
- $P$ and $Q$ are **logical assertions** over program variables
    - P = (X ≥ 0 ∧ Y ≥ 0) ∨ (X < 0 ∧ Y < 0)

A triple means:
- if $P$ holds before $S$ is executed
- then $Q$ holds after the execution of $S$
- unless $S$ does not terminates or encounters an error

Example:
- {b = 100} a = b + 1 {a \> 1}
- One possible precondition: {b \> 10}
- Weakest precondition: {b \> 0}


## Program Proof Process

The postcondition for the entire program is the desired result

- Work back through the program to the first statement. If the
  precondition on the first statement is the same as the program
  specification, the program is correct.

## Axiomatic Semantics: Assignment

An axiom for assignment statements ($x = E$):

$$\{Q_{x \to E}\} x = E \{Q\}$$

where $Q_{x \to E}$ is $Q$ where free occurrences of $x$ are replaced with $E$

Examples:
- {true} X ← 5 {X = 5}
- {Y = 5} X ← Y {X = 5}
- {X + 1 ≥ 0} X ← X + 1 {X ≥ 0}
- {false} X ← Y + 3 {Y = 0 ∧ X = 12}
- {Y ∈ [0, 10]} X ← Y + 3 {X = Y + 3 ∧ Y ∈ [0, 10]}

## Axiomatic Semantics: The Rule of Consequence

The Rule of Consequence:

$$\frac{\{P\}S\{Q\}, P'=>P, Q=>Q'}{\{P'\}S\{Q'\}}$$

We can weaken a Hoare triple by:
- *weakening* its postcondition $Q <= Q'$
- *strengthening* its precondition $P => P'$

Example:
- {X = 99 ∧ Y ∈ [1, 10]} X ← Y + 10 {X = Y + 10 ∧ Y ∈ [1, 10]}
    - as {Y ∈ [1, 10]} X ← Y + 10 {X = Y + 10 ∧ Y ∈ [1, 10]}
        - where X = 99 ∧ Y ∈ [1, 10] ⇒ Y ∈ [1, 10])


## Axiomatic Semantics: Sequences

Given sequences of the form $S1; S2$ where
-   {P1} S1 {P2}
-   {P2} S2 {P3}

An inference rule for sequences is

$$\frac{\{P1\}S1\{P2\}, \{P2\}S2\{P3\}}{\{P1\}S1;S2\{P3\}}$$

Example:
- {X = 1 ∧ Y = 1} X ← X + 1 {X = 2 ∧ Y = 1} Y ← Y − 1 {X = 2 ∧ Y = 0}


## Axiomatic Semantics: Selection

Given a selection:
- {P}**if** B **then** S1 **else** S2{Q}

An inference rules for selection is

$$\frac{\{B \text{ and } P\}S1\{Q\}, \{(\text{not } B) \text{ and } P\}S2\{Q\}}{\{P\} \textbf{if } B \textbf{ then } S1 \textbf{ else } S2 \{Q\}}$$


## Axiomatic Semantics: Loops

Given a loop
- {P} **while** B **do** S **end** {Q}

An inference rule for logical pretest loops is

$$\frac{\{I \text{ and } B\}S\{I\}}{\{I\} \textbf{while} B \textbf{ do } S \{I \text{ and } (\text{not } B)\}}$$

- where $I$ is the loop invariant (the inductive hypothesis)

## Axiomatic Semantics: Loop Axioms

Characteristics of the loop invariant $I$ must meet the following conditions:

- $P => I$: the loop invariant must be true initially
- $\{I\} B \{I\}$: evaluation of the Boolean must not change the validity of $I$
- $\{I \text{ and } B\} S \{I\}$: $I$ is not changed by executing the body of the loop
- $(I \text{ and } (\text{not } B)) => Q$: if $I$ is true and $B$ is false, $Q$ is implied
- The loop terminates: can be difficult to prove


## Loop Invariant

-   The loop invariant I is a weakened version of the loop
    postcondition, and it is also a precondition.
-   I must be weak enough to be satisfied prior to the beginning of the
    loop, but when combined with the loop exit condition, it must be
    strong enough to force the truth of the postcondition

## Evaluation of Axiomatic Semantics

-   Developing axioms or inference rules for all of the statements in a
    language is difficult
-   It is a good tool for correctness proofs, and an excellent framework
    for reasoning about programs, but it is not as useful for language
    users and compiler writers
-   Its usefulness in describing the meaning of a programming language
    is limited for language users or compiler writers

## Denotation Semantics vs Operational Semantics

- In operational semantics, the state changes are defined by coded algorithms
- In denotational semantics, the state changes are defined by rigorous mathematical functions