Language Semantics and Implementation Lectures 13 & 14 · PDF fileCbv determinacy:If hM;si+ v...
Transcript of Language Semantics and Implementation Lectures 13 & 14 · PDF fileCbv determinacy:If hM;si+ v...
Language Semantics and ImplementationLectures 13 & 14
Richard Mayr and Colin Stirling (cps)
School of Informatics
February 21st 2011
Adding first-class functions to LC
We extend LC with:
I Function abstraction λx .M
The function that maps x to M.
I Function application M1 M2
Apply function M1 to argument M2.
I Variables x , where x ∈ V, an infinite set of variables.
The language LFP
Syntax of LFP expressions:
M ::= n | b | ` | M iop M | M bop M
| if M then M else M | !M | M := M
| skip | M ; M | while M do M
| x | λx .M | M M
where:
n ∈ Z (integers), b ∈ B (booleans), ` ∈ L (locations),
iop ranges over integer-valued binary operations,
bop ranges over boolean-valued binary operations,
x ∈ V (variables)
Free variables and closed expressions
We define the set fv(M) of free variables in an expression M.
I fv(n) = fv(b) = fv(`) = fv(skip) = ∅I fv(!M) = fv(M)
I fv(M1 iopM2)= fv(M1bopM2)= fv(M1 :=M2)= fv(M1 ;M2) =fv(while M1 do M2) = fv(M1 M2) = fv(M1) ∪ fv(M2)
I fv(if M then M1 else M2) = fv(M) ∪ fv(M1) ∪ fv(M2)
I fv(x) = {x}I fv(λx .(M)) = fv(M)− {x}
If fv(M) = ∅ then we say that M is closed.
LFP evaluation semantics
We define an evaluation relation:
〈M, s〉 ⇓ 〈V , s ′〉
where:
I M and V are closed expressions
I s and s ′ are states (finite partial functions from L to Z)
I V is a value:
V ::= n | b | ` | skip | λx .M ′
N.B. λx .M ′ must be closed, so we must have fv(M ′) ⊆ {x}
LFP evaluation relation — values, operations, conditionals
〈V , s〉 ⇓ 〈V , s〉 V a value (⇓val)
〈M1, s〉 ⇓ 〈n1, s′〉 〈M2, s
′〉 ⇓ 〈n2, s′′〉
〈M1 op M2, s〉 ⇓ 〈c , s ′′〉if c = n1 op n2 (⇓op)
〈M, s〉 ⇓ 〈true, s ′〉 〈M1, s′〉 ⇓ 〈V , s ′′〉
〈if M then M1 else M2, s〉 ⇓ 〈V , s ′′〉(⇓if1)
〈M, s〉 ⇓ 〈false, s ′〉 〈M2, s′〉 ⇓ 〈V , s ′′〉
〈if M then M1 else M2, s〉 ⇓ 〈V , s ′′〉(⇓if2)
LFP evaluation relation — locations and sequencing
〈M, s〉 ⇓ 〈`, s ′〉
〈!M, s〉 ⇓ 〈n, s ′〉if ` ∈ dom(s ′) and s ′(`) = n (⇓loc)
〈M1, s〉 ⇓ 〈`, s ′〉 〈M2, s′〉 ⇓ 〈n, s ′′〉
〈M1 := M2, s〉 ⇓ 〈skip, s ′′[` 7→ n]〉(⇓set)
〈M1, s〉 ⇓ 〈skip, s ′〉 〈M2, s′〉 ⇓ 〈skip, s ′′〉
〈M1 ; M2, s〉 ⇓ 〈skip, s ′′〉(⇓seq)
LFP evaluation relation — while
〈M, s〉 ⇓ 〈false, s ′〉
〈while M do M ′, s〉 ⇓ 〈skip, s ′〉(⇓wh1)
〈M, s〉⇓〈true, s ′〉 〈M ′, s ′〉⇓〈skip, s ′′〉 〈while M do M ′, s ′′〉⇓〈skip, s ′′′〉
〈while M do M ′, s〉 ⇓ 〈skip, s ′′′〉(⇓wh2)
LFP evaluation relation — function application
For a call-by-name semantics include the rule:
〈M, s〉 ⇓ 〈λx .M ′, s ′〉 〈M ′[N/x ], s ′〉 ⇓ 〈V , s ′′〉
〈M N, s〉 ⇓ 〈V , s ′′〉(⇓cbn)
For a call-by-value semantics include the rule:
〈M, s〉 ⇓ 〈λx .M ′, s ′〉 〈N, s ′〉 ⇓ 〈U, s ′′〉 〈M ′[U/x ], s ′′〉 ⇓ 〈V , s ′′′〉
〈M N, s〉 ⇓ 〈V , s ′′′〉(⇓cbv)
Substitution
Both rules for function application involve substitutions.
The notation M[M ′/x ] means: substitute the expression M ′ forevery free occurrence of the variable x in M.
In both evaluation rules, the expression M ′ being substituted isclosed. (This term is N in the cbn rule, and U in the cbv rule.)This means that the substitution M[M ′/x ] can be performed bysimply textually replacing each free occurrence of x with M ′.
Because of this, we shall not, at this point, pay attention tosubtleties surrounding the substitution of open expressions for freevariables in languages containing binding operators (such as λ).
Such issues were already addressed in Lectures 11 & 12. For athorough treatment in the context of LFP, see §5.1 of Pitts’ notes.
Two evaluation relations . . .
I We write〈M, s〉 ⇓n 〈V , s ′〉
for the call-by-name evaluation relation, when we have (⇓cbn).
I We write〈M, s〉 ⇓v 〈V , s ′〉
for the call-by-value evaluation relation, when we have (⇓cbv).
I We write 〈M, s〉 6⇓n to mean that there is no configuration〈V , s ′〉 such that 〈M, s〉 ⇓n 〈V , s ′〉.
I 〈M, s〉 6⇓v is defined similarly.
. . . are incomparable
Define
C0def= while true do skip
C1def= (λx . skip) C0
C2def= (λx . if !` = 0 then skip else C0) (` := 0).
Then
〈C1, s〉 ⇓n 〈skip, s〉 (for any s)
〈C1, s〉 6⇓v
〈C2, {` 7→ 1}〉 6⇓n
〈C2, {` 7→ 1}〉 ⇓v 〈skip, {` 7→ 0}〉.
Defining let expressions
The call-by-name and call-by-value evaluation rules generalisethose for let expressions in Lectures 11 & 12.
Define:let x = M1 in M2
def= (λx .M2) M1
Derived call-by-name evaluation rule:
〈M2[M1/x ], s〉 ⇓n 〈V , s ′〉
〈let x = M1 in M2, s〉 ⇓n 〈V , s ′〉
Derived call-by-value evaluation rule:
〈M1, s〉 ⇓v 〈V1, s′〉 〈M2[V1/x ], s ′〉 ⇓v 〈V , s ′′〉
〈let x = M1 in M2, s〉 ⇓v 〈V , s ′′〉
Adding recursion
We extend the syntax of LFP expressions to include a recursionoperator.
M ::= · · · | rec x .M
The informal reading is: recursively define x to be M.
The recursion operator binds its variable, so the associated set offree variables is defined by:
fv(rec x .M) = fv(M)− {x}
The operational semantics is given by unfolding.
〈M[rec x .M/x ], s〉 ⇓ 〈V , s ′〉
〈rec x .M, s〉 ⇓ 〈V , s ′〉
We call the extended language LFP+.
Example expressions using recursion
I rec f . (λx . if x = 0 then 1 else x ∗ f (x − 1))
Factorial again — but this time as a function.
I rec z . (if M then (M ′ ; z) else skip)
A recursive definition of while M do M ′
I rec x . x
An infinite loop, hence diverges.
Example expressions using recursion
I rec f . (λx . if x = 0 then 1 else x ∗ f (x − 1))
Factorial again — but this time as a function.
I rec z . (if M then (M ′ ; z) else skip)
A recursive definition of while M do M ′
I rec x . x
An infinite loop, hence diverges.
Example expressions using recursion
I rec f . (λx . if x = 0 then 1 else x ∗ f (x − 1))
Factorial again — but this time as a function.
I rec z . (if M then (M ′ ; z) else skip)
A recursive definition of while M do M ′
I rec x . x
An infinite loop, hence diverges.
Example expressions using recursion
I rec f . (λx . if x = 0 then 1 else x ∗ f (x − 1))
Factorial again — but this time as a function.
I rec z . (if M then (M ′ ; z) else skip)
A recursive definition of while M do M ′
I rec x . x
An infinite loop, hence diverges.
Differences from treatment of LFP in Pitts’ notes
I Pitts defines the operational semantics on equivalence classesof expressions modululo α-equivalence (≡α), he calls theseequivalence classes terms.
While α-equivalence is an important concept (we shallconsider it later), there is no need to involve it in thedefinition of operational semantics for LFP.
I Rather than considering a recursion operator, Pitts definesLFP+ by adding a letrec construct for local recursivedefinitions. This is interdefinable with our recursion operator.However, the operational semantics for local recursivedefinitions is less intuitive than that for recursion.
In § 5.4 of his notes, Pitts considers the relationship betweenlocal recursive definitions and a recursion operator (he writesfix x .M instead of rec x .M).
Determinacy of evaluation
The propositions below apply both to LFP and to LFP+. (In fact,the results LFP are special cases of those for LFP+.
Cbn determinacy: If 〈M, s〉 ⇓n 〈V , s ′〉 and 〈M, s〉 ⇓n 〈V ′, s ′′〉 thenV = V ′ and s ′ = s ′′.
Cbv determinacy: If 〈M, s〉 ⇓v 〈V , s ′〉 and 〈M, s〉 ⇓v 〈V ′, s ′′〉 thenV = V ′ and s ′ = s ′′.
As usual, both properties can be proved by rule induction.
Expressions and side effects
Consider the following LFP expression:
Edef= (λx . 0) (` := 1)
An example call-by-value evaluation of E is:
〈E , {` 7→ 0}〉 ⇓v 〈0, {` 7→ 1}〉
Thus we have an example of an expression that evaluates to aninteger value but which nevertheless performs a side-effect.
Under call-by-name semantics, however, we have
〈E , {` 7→ 0}〉 ⇓v 〈0, {` 7→ 0}〉
In fact, under cbn, there is no example of a side-effecting integerexpression. But to formulate this properly we need to know whatthe integer expressions are.
Subject reduction?
Recall, from Lectures 7 & 8, that the language LC enjoyed thefollowing subject reduction property:
I If 〈P, s〉 ⇓ 〈V , s ′〉 then V is of the same “type” (command /integer expression / boolean expression) as P.
In fact, something similar holds for LFP (both cbn and cbv).
However, to formulate this for LFP, we need to be able to classifyLFP expressions according to their type.
For this purpose, we shall introduce a static semantics (a.k.a. typesystem) for LFP.
Types for LFP+
We introduce types to represent the different syntactic categoriesavailable in LFP+.
τ ::= int integers| bool booleans| loc location| cmd commands| τ → τ functions
A type τ will be assigned to a closed expression M only if M is anexpression with the properties demanded by τ .
For example, M will be given a function type τ1→ τ2 only if Mrepresents a function that, once given an argument of type τ1, willreturn a result of (or behave like an expression of) type τ2.
Many meaningless expressions will be filtered out because they willnot be typable.
The typing relation
Our goal is to define a relation M : τ between closed expressionsM and types τ saying that M can be given type τ .
Some examples:
3 + !` : int
λx . x : int→ int
λx . x : cmd → cmd
λx . x := 0 : loc → cmd
λx . λy . x := y : loc → int→ cmd
(λx . λy . x := y) ` : int→ cmd
rec f . (λx. if x =0 then1 elsex∗f (x−1)) : int→ int
The general typing relation
To define the typing relation for closed M, we need to specify amore general typing relation for general (open) expressions M.
It is only possible to assign a type to an open expression M relativeto a given assignment of types to its free variables.
This latter information is specified in a type environment Γ, whichis a finite partial function from variables to types.
The general typing relation has the form
Γ ` M : τ
which says that expression M can be given type τ in typeenvironment Γ.
Recovering the typing relation for closed expressions
We shall define the general typing relation Γ ` M : τ using aformal proof system.
Under this definition, the relation Γ ` M : τ will hold only in casesin which Γ assigns a type to every free variable in M, that is whendom(Γ) ⊆ fv(M).
We write M : τ to mean that the relation ∅ ` M : τ holds (i.e., ifM has type τ in the empty type environment, in which case M isnecessarily closed).
Thus we have obtained the desired typing relation between closedexpressions and types.
It remains to give the formal proof system defining the relationΓ ` M : τ .
Typing relation — variables, constants, operations, if
Γ ` x : τ if x ∈ dom(Γ) and Γ(x) = τ (:var)
Γ ` n : int (n ∈ Z) (:int)
Γ ` b : bool (b ∈ B) (:bool)
Γ ` ` : loc (` ∈ L) (:loc)
Γ ` M1 : int Γ ` M2 : int
Γ ` M1 iop M2 : int(:iop)
Γ ` M1 : int Γ ` M2 : int
Γ ` M1 bop M2 : bool(:bop)
Γ ` M1 : bool Γ ` M2 : τ Γ ` M3 : τ
Γ ` if M1 then M2 else M3 : τ(:if)
Typing relation — state, commands
Γ ` M : loc
Γ ` !M : int(:get)
Γ ` M1 : loc Γ ` M2 : int
Γ ` M1 := M2 : cmd(:set)
Γ ` skip : cmd (:skip)
Γ ` M1 : cmd Γ ` M2 : cmd
Γ ` M1 ; M2 : cmd(:seq)
Γ ` M1 : bool Γ ` M2 : cmd
Γ ` while M1 do M2 : cmd(:whl)
Typing relation — functions, recursion
Γ, x : τ ` M : τ ′
Γ ` λx .M : τ → τ ′(:fn)
Γ ` M1 : τ → τ ′ Γ ` M2 : τ
Γ ` M1 M2 : τ ′(:app)
Γ, x : τ ` M : τ
Γ ` rec x .M : τ(:rec)
In these rules, Γ, x : τ denotes the type environment that maps thevariable x to τ and which behaves like Γ on all other variables.
(Pitts uses the notation Γ[x 7→ τ ] for this.)
Example derivation
Γ`x : int Γ`0: int
Γ`x =0:bool Γ`1: int
Γ`x : int
Γ` f : int→int
Γ`x : int Γ`1: int
Γ`x−1: int
Γ` f (x−1) : int
Γ`x ∗ f (x−1) : int
f : int→ int, x : int ` if x = 0 then 1 else x ∗ f (x − 1) : int
f : int→ int ` λx . if x = 0 then 1 else x ∗ f (x − 1) : int→ int
` rec f . (λx . if x = 0 then 1 else x ∗ f (x − 1)) : int→ int
Here, Γ is the type environment {f 7→ (int→ int), x 7→ int}.
Observe how we write this Γ as f : int→ int, x : int in thederivation, and we write ` M : τ for ∅ ` M : τ . This is standardnotation for type environments (which are often called contexts).
A subtle point (non-examinable!)
In Pitts’ notes, the rules:
Γ, x : τ ` M : τ ′
Γ ` λx .M : τ → τ ′
Γ, x : τ ` M : τ
Γ ` rec x .M : τ
come with the side condition that x /∈ dom(Γ).
We do not make this requirement, since with this side conditionthere would be no way to obtain some correct typings, e.g.:
λx .((λx .(x + 1)) x) : int→ int
This typing is derivable in Pitts’ notes only because, he considersλx .((λx .(x + 1)) x) as being identical to λy .((λx .(x + 1)) y).
The difference between our approach and Pitts’ again arises fromhis use of α-equivalence to quotient expressions. Cf. the discussionon p. 58 of Pitts’ notes.
Properties of the typing relation
Declaration lemma: If Γ ` M : τ then fv(M) ⊆ dom(Γ).
Weakening: If Γ ` M : τ and x /∈ dom(Γ) then Γ, x : τ ′ ` M : τ .
Strengthening: If Γ, x : τ ′ ` M : τ and x /∈ fv(M) then Γ ` M : τ .
Closed-term substitution typing lemma: If Γ, x : τ ` M : τ ′ andN : τ then Γ ` M[N/x ] : τ ′ .
The lemma above requires textual substitution only. However, themore general version below needs the full definition of (open-term)substitution, as discussed in Lectures 11 & 12.
Substitution typing lemma: If Γ, x : τ ` M : τ ′ and Γ ` N : τ thenΓ ` M[N/x ] : τ ′ .
Corollary (contraction): If Γ, x : τ, y : τ ` M : τ ′ thenΓ, x : τ ` M[x/y ] : τ ′.
Subject reduction for LFP+
Cbn subject reduction: If M : τ and 〈M, s〉 ⇓n 〈V , s ′〉 then V : τ
Cbv subject reduction: If M : τ and 〈M, s〉 ⇓v 〈V , s ′〉 then V : τ
The proofs are by rule induction, and exploit the closed-termsubstitution typing lemma on the previous slide.
Side-effect freeness for cbn LFP+
Cbn evaluation at non-command types is side-efffect free: If M : τwhere τ 6= cmd and 〈M, s〉 ⇓n 〈V , s ′〉 then s = s ′.
We have already seen an example showing that the analogousproperty does not hold for cbv LFP.
Call-by-name side-effect freeness is quite sensitive to theformulation of LFP+. For example, it fails if the rules forsequencing are generalised in a natural way:
〈M1, s〉 ⇓ 〈V , s ′〉 〈M2, s′〉 ⇓ 〈V ′, s ′′〉
〈M1 ; M2, s〉 ⇓ 〈V ′, s ′′〉
Γ ` M1 : τ Γ ` M2 : τ ′
Γ ` M1 ; M2 : τ ′