Abstract machine and compilation Mechanizing mathematical theory of programming languages: Operational semantics of WHILE in COQ Lecture 8 on 24.06.2013 Provably correct implementation Why is a formal specification of the semantics of a programming language useful? Provably correct implementation Why is a formal specification of the semantics of a programming language useful? ⇒ We can use it to argue about the correctness of its implementation. Provably correct implementation Why is a formal specification of the semantics of a programming language useful? ⇒ We can use it to argue about the correctness of its implementation. We will show the correctness of a translation from While to a structured assembler code for an abstract machine. Provably correct translation from While to an abstract machine The idea is: • define the meaning of the abstract machine instructions by an operational semantics Provably correct translation from While to an abstract machine The idea is: • define the meaning of the abstract machine instructions by an operational semantics • define translation functions that map expressions and statements of While into instruction sequences Provably correct translation from While to an abstract machine The idea is: • define the meaning of the abstract machine instructions by an operational semantics • define translation functions that map expressions and statements of While into instruction sequences • show that if we • translate a program into code, and • execute the code on the abstract machine, then we get the same result as is specified by the semantic functions SNat and SSOS . The abstract machine The abstract machine AM has configurations of the form hc, e, si ∈ Code × Stack × State where • c is the sequence of instructions (or, code) to be executed, • e is the evaluation stack, and • s is the storage. The abstract machine The abstract machine AM has configurations of the form hc, e, si ∈ Code × Stack × State where • c is the sequence of instructions (or, code) to be executed, • e is the evaluation stack, and • s is the storage. An evaluation stack is a list of values, i.e., e ∈ Stack = (Z ∪ T)∗ For simplicity, we assume the storage is similar to the state, so s ∈ State = Var → (Z ∪ T) Machine instructions inst ::= | | | c ::= PUSH-n | ADD | MULT | SUB TRUE | FALSE | EQ | LE | AND | NEG FETCH-x | STORE-x NOOP | BRANCH(c, c) | LOOP(c, c) | inst : c where is the empty sequence. Code represents the syntactic category of sequences of instructions (c ∈ Code). A configuration hc, e, si ∈ Code × Stack × State is terminal when c is the empty sequence. The operational semantics for AM The operational semantics for AM is given by a (small-step) transition relation on configurations in the form of hc, e, si . hc 0 , e0 , s0 i Rules of the operational semantics for AM (1) hPUSH-n : c, e, σi . hc, N JnK : e, σi hADD : c, z1 : z2 : e, σi . hc, (z1 + z2 ) : e, σi if z1 , z2 ∈ Z hMULT : c, z1 : z2 : e, σi . hc, (z1 ∗ z2 ) : e, σi if z1 , z2 ∈ Z hSUB : c, z1 : z2 : e, σi . hc, (z1 − z2 ) : e, σi if z1 , z2 ∈ Z hTRUE : c, e, σi . hc, tt : e, σi hFALSE : c, e, σi . hc, ff : e, σi hEQ : c, z1 : z2 : e, σi . hc, (z1 = z2 ) : e, σi if z1 , z2 ∈ Z hLE : c, z1 : z2 : e, σi . hc, (z1 ≤ z2 ) : e, σi if z1 , z2 ∈ Z hAND : c, t1 : t2 :e, σi . hc, tt : e, σi if t1 = tt and t2 = tt hc, ff : e, σi if t1 = ff or t2 = ff, t1 , t2 ∈ T Rules of the operational semantics for AM (2) hc, ff : e, σi hc, tt : e, σi hc, (σ x) : e, σi hc, e, σ[x 7→ z]i hc, e, σi hc1 : c, e, σi hc2 : c, e, σi hNEG : c, t : e, σi . hFETCH-x : c, e, σi hSTORE-x : c, z : e, σi hNOOP : c, e, σi . . . hBRANCH(c1 , c2 ) : c, t : e, σi . if t = tt if t = ff if t = tt if t = ff hLOOP(c1 , c2 ) : c, e, σi . hc1 : BRANCH(c2 : LOOP(c1 , c2 ), NOOP) : c, e, σi We use the notation ’:’ both for appending two instruction sequences and for prepending an element to a sequence. Computation sequences for AM Given a code c and a storage σ, a computation sequence for c and σ is either • a finite sequence γ0 , γ1 , γ2 , . . . , γk of configurations such that γ0 = hc, , σi and γi . γi+1 for 0 ≤ i < k , k ≥ 0, and there is no γ such that γk . γ, or • an infinite sequence γ0 , γ1 , γ2 , . . . of configurations such that γ0 = hc, , σi and γi . γi+1 for 0 ≤ i. Terminating/diverging computation sequences A computation sequence is • terminating if and only if it is finite, and • diverging if and only if it is infinite. A terminating computation sequence may end in a terminal configuration or in a stuck configuration, e.g., hADD, , σi. Example (1) Consider the code PUSH-1 : FETCH-x : ADD : STORE-x Given an initial storage σ where σ x = 3, we get hPUSH-1 : FETCH-x : ADD : STORE-x, , σi . hFETCH-x : ADD : STORE-x, 1, σi . hADD : STORE-x, 3 : 1, σi . hSTORE-x, 4, σi . h, , σ[x 7→ 4]i Example (2) Consider the code LOOP(TRUE, NOOP) We get hLOOP(TRUE, NOOP), , σi . hTRUE : BRANCH(NOOP : LOOP(TRUE, NOOP), NOOP), , σi . hBRANCH(NOOP : LOOP(TRUE, NOOP), NOOP), TRUE, σi . hNOOP : LOOP(TRUE, NOOP), , σi . hLOOP(TRUE, NOOP), , σi ... Properties of AM Lemma If γ . γ 0 and γ . γ 00 , then γ 0 = γ 00 . Lemma If hc1 , e1 , σi .k hc10 , e10 , σ 0 i, then, for any c2 and e2 , hc1 : c2 , e1 : e2 , σi .k hc10 : c2 , e10 : e2 , σ 0 i. Lemma If hc1 : c2 , e, σi .k h, e00 , σ 00 i, then there exists a configuration h, e0 , σ 0 i and natural numbers k1 , k2 such that k = k1 + k2 and hc1 , e, σi .k1 h, e0 , σ 0 i and hc2 , e0 , σ 0 i .k2 h, e00 , σ 00 i. The execution function M We define the meaning of code as a (partial) function from State to State M : Code → (State ,→ State) given by MJcK σ = σ0 if hc, , σi .∗ h, e, σ 0 i undef otherwise Is this function well-defined?
© Copyright 2026 Paperzz