The while language

Given test b, expression e over signature Σ:

skip

x :=e

S1 ;S2

if b then S1 else S2 fi

while b do S0 od

WP(Σ) = set of all while programs over Σ.

1

program Euclid

signature Naturals for Euclidean Algorithm

sorts nat,bool

constants 0: →nat;

true,false: →bool

operations mod: nat × nat→nat;

6= : nat × nat→bool

endsig

2

body

var x,y,r: nat

begin

read x;

r:=x mod y;

while r 6= 0 do

x:=y; y:=r; r:=x mod y

od;

write y

end

3

Problem of Semantics

To model mathematically what happens when any while program

performs a computation over any data type.

To give a mathematical definition of how a while program computes

a function on any data type.

Let Σ be a signature modelling the interface of a data type. Let

WP(Σ) be the set of all while programs over Σ.

We will build a mathematical model

input-output semantics

whose equations allow us to derive the output of a program from its

input.

4

Extending while language

e.g., user identifierssemantics

Extend with newsyntactic featuresindependent of

Extend with newconstructs that are

defined in terms of olde.g., repeat, case

Extend with newsorts and operations

in data typee.g., arrays

substituteforget flatten

Syntax ofkernel language

WP(Σ)

Semantics ofkernel language

WP(Σ)New Semantics

New constructs

5

Semantics of a Simple Construct

Assignment 1 : begin var x ,y :nat; x :=y end

“Make the value of y the new value of x . The value of y is not

changed but the old value of x is lost.”

Assignment 2 : begin var x ,y ,z :nat; x :=y+z end

“Evaluate the sum of the data that are the values of y and z , and

make this the new value of x . The values of y and z are not changed

but the old value of x is lost.”

6

Assignment 3 : begin var x ,y ,z :nat; x :=(y+z )/2 end

“Evaluate the sum of the data that are the values of y and z . Divide

by 2 and, if this number is a natural number, then make this the

new value of x . The values of y and z are not changed but the old

value of x is lost. If however the division leads to a rational then

. . . ”

Assignment 4 : begin var x ,y ,z :real; x :=sqr[[(y+z )/2]] end

“Evaluate the sum of the data that are the values of y and z , and

divide by 2. Take the square root of this datum, if it exists, and

make this the new value of x . The values of y and z are not changed

but the old value of x is lost. If the square root does not exist then

. . . ”

7

input-output behaviour of a program

Suppose the program S is over a data-type with signature Σ, i.e.,

S ∈ WP(Σ). Suppose the data type is implemented by a Σ-algebra

A. We will define the concept of a state of a computation using

data from the algebra A and hence the set

State(A)

of all possible states of all possible computations using data from A.

8

The input-output behaviour of a program S is specified by a

function

M ioA (S ) : State(A) → State(A)

such that for any state σ ∈ State(A)

M ioA (S )(σ) = the final state of the computation generated by a

program S from an initial state σ, if such a final

state exists.

9

Termination

Since a while loop may execute forever, we do not expect the

function M ioA (S ) to be defined on all states. That is, we expect

M ioA (S ) to be a partial function. If there is a final state τ of the

computation of S on σ we say the computation is terminating and

we write

M ioA (S )(σ) ↓ or M io

A (S )(σ) ↓ τ

otherwise it is non-terminating and we write

M ioA (S )(σ) ↑ .

10

To model the behaviour of programs, we will solve the following

problem:

Problem of Input-Output Semantics To give a precise

mathematical definition of the input-output function

M ioA (S ).

11

signature Σ

sorts . . . , s, . . . ,Bool

constants . . . , c : → s, . . .

true, false : → Bool

operations . . . , f : s(1) × · · · × s(n) → s, . . .

. . . , r : t(1) × · · · × t(m) → Bool , . . .

not : Bool → Bool

and , or : Bool × Bool → Bool

endsig

12

algebra A

carriers . . . ,As , . . . , B

constants . . . , cA : → As , . . .

trueA, falseA : → B

operations . . . , f A : As(1) × · · · × As(n) → As , . . .

. . . , rA : At(1) × · · · × At(m) → B, . . .

notA : B → B

andA, orA : B × B → B

13

signature Peano

sorts nat ,Bool

constants zero : → nat

true, false : → Bool

operations succ : nat → nat

add ,mult : nat × nat → nat

not : Bool → Bool

and : Bool × Bool → Bool

less than : nat × nat → Bool

14

signature Ordered field of reals

sorts real ,Bool

constants zero, one : → real

true, false : → Bool

operations add ,minus,mult , div : real × real → real

not : Bool → Bool

and : Bool × Bool → Bool

less than : real × real → Bool

15

States

The data of A belong to the family

〈As | s ∈ S 〉

of carrier sets of A. Each sort of data needs its own store.

We will consider while programs that operate over some S -sorted

family

Var = 〈Var s | s ∈ S 〉of variables, where

Var s is the set of all variables of sort s.

16

For each sort s ∈ S an s-state over A is a map:

σs : Var s → As

which represents a possible configuration of a store of data of sort s

from A. The idea is that

σs(x ) = value in As of variable x ∈ Var s .

17

Let States(A) be the set of all s-sorted states over A.

A state over A is a family

σ = 〈σs | s ∈ S 〉

of s-states over A and represents a possible configuration of a

complete store of data from A.

The set of all states over A represents all configurations of this

abstract state over A, and is given by

State(A) = 〈States(A) | s ∈ S 〉.

18

...

sort s variables x s0 , x s

1 , . . . , x sn , . . .

state σs values σs(xs0 ), σs(x

s1 ), . . . , σs(x

sn), . . .

...

19

Substitutions in States

Let σ = 〈σs | s ∈ S 〉 be a state over A. Let s ∈ S , x ∈ Var s and

a ∈ As . To change the value of a variable x in the state σ to the

new value a we require a substitution operation that transforms σs

into a new state

σs [a/x ]

This substitution is defined by:

σs [a/x ](y) =

σs(y) if y 6= x ;

a otherwise.

So σs is unchanged except that the new value of x is a and the old

value is lost; in particular, for y 6= x ,

σs [a/x ](y) = σs(y)

20

Example

Var real r1 r2 r3 r4 · · · ri · · ·σreal(ri) 0 1 .5 π

√2 · · · −4 · · ·

σreal [3 .14/r3 ](ri) 0 1 .5 3 .14√

2 · · · −4 · · ·

21

Expressions

We define the value of an expression e on a state σ over A by

means of the function

VA : Exp(Σ) → (State(A) → A)

where for e ∈ Exp(Σ) the purpose of the function

VA(e) : State(A) → A

is, for σ ∈ State(A)

VA(e)(σ) = the value in A of expression e on state σ.

22

In detail, VA is a family

〈V sA | s ∈ S 〉

of functions

V sA : Exps(Σ) → (States(A) → As)

that define the value of expressions of sort s on states of sort s.

23

The family VA is defined by induction on the structure of terms

over Σ simultaneously for each sort s ∈ S by:

V sA(c)(σ) = cA

V sA(x )(σ) = σ(x ) = σs(x )

V sA(f (e1 , . . . , en))(σ) = f A(V

s(1)A (e1 )(σ), . . . , V

s(n)A (en)(σ))

24

Example Expression Evaluation

If

σreal(x ) = 1 and σreal(y) = 3 .14

then

V realA (add(x , y))(σ) = +(V real

A (x )(σ),V realA (y)(σ))

= +(σreal(x ), σreal(y))

= +(1 , 3 .14 )

= 4 .14

25

Tests

The semantics of Boolean expressions is the special case V BoolA of

the semantics of expressions. We define the value of a Boolean

expression b on a state σ over A by means of

WA : BExp(Σ) → (State(A) → B)

where for b ∈ BExp(Σ) the purpose of the function

WA(b) : State(A) → B

is, for σ ∈ State(A)

WA(b)(σ) = value in B of Boolean expression b on state σ.

26

We give an inductive definition on the syntactic structure

WA(true)(σ) = tt

WA(false)(σ) = ff

WA(r(e1 , . . . , en))(σ) = rA(VA(e1 )(σ), . . . , VA(en)(σ))

WA(not(b))(σ) =

tt if WA(b)(σ) = ff ;

ff if WA(b)(σ) = tt .

WA(and(b1 , b2 ))(σ) =

tt if WA(b1 )(σ) = tt and

WA(b2 )(σ) = tt;

ff otherwise.

27

Statements and Commands: First Definition

The input-output semantics for commands is given by the following

functions:

M ioA : Comm(Σ) → (State(A) → State(A))

where, for S ∈ Comm(Σ) the purpose of the function

M ioA (S ) : State(A) → State(A)

is, for σ ∈ State(A)

M ioA (S )(σ) = the final state, if such a state exists, on executing

program S on initial state σ.

28

The definition is constructed by induction on the syntactic

structure of a program S .

Base Case There are two base cases.

Identity Do nothing

M io

A (skip)(σ) = σ.

Assignment Update a variable with evaluation of an expression

M io

A (x :=e)(σ) = σ[VA(e)(σ)/x ].

29

Induction Step There are three cases.

Composition Execute S1 and then S2

M ioA (S1 ;S2 )(σ) ' M io

A (S2 )(M ioA (S1 )(σ)).

Conditional Choose to execute S1 or S2 according to test b

M ioA (if b then S1 else S2 fi)(σ)

=

M ioA (S1 )(σ) if WA(b)(σ) = tt ;

M ioA (S2 )(σ) if WA(b)(σ) = ff .

30

Iteration Repeatedly execute S0 until b is false. We define the

semantics of the while command in two cases, depending upon

whether or not a computation exits the while loop.

Termination Suppose the computation exits the while construct

and halts.

M ioA (while b do S0 od)(σ) ↓ & M io

A (while b do S0 od)(σ) = τ

if, and only if, there exists n ≥ 0 and a sequence of states

σ0 , σ1 , . . . , σn

such that

31

Initial state σ0 = σ

Final state σn = τ

Iteration M ioA (S0 )(σi−1 ) ↓ & M io

A (S0 )(σi−1 ) = σi

for 1 ≤ i ≤ n

Continuity WA(b)(σi) = tt for 1 ≤ i ≤ n

Exit WA(b)(σn) = ff

32

Non-termination Otherwise, suppose that the computation

does not exit the while construct. This means there is no such

finite sequence and M ioA (while b do S0 od)(σ) is undefined, which

we denote by

M io

A (while b do S0 od)(σ) ↑ .

33

Examples Let

σreal(x ) = 3 .14 and σreal(y) = π.

Then

M ioA (y :=x )(σ) = σ[VA(x )(σ)/y ]

= σ[σreal(x )/y ]

= σ[3 .14/y ].

34

Let

σ(x) = π.

Then

M ioA (while x > 0 do x:=x + 1 od)(σ) = ⊥

because the evaluation of the Boolean expression will always be

true, so leading to a non-convergent computation sequence

σ0 , σ1 , σ2 , . . . , σn , . . .

in which σn(x ) = π + n.

35

However, if we take the initial state σ, over which we evaluate S to

have

σreal(x) = −1

then

M ioA (while x > 0 do x:=x + 1 od)(σ) ↓ σ

as

WA(x > 0)(σ) = ff

giving a computation sequence of one state σ0 = σ.

36

Statements and Commands: Second Definition

using Recursion

An alternative approach is to develop an equational definition for

the case of the while statement. We expect that the statement

S ≡ while b do S0 od

has the same effect on a state as the statement

S ′ ≡ if b then S0 ;while b do S0 od else skip fi

which unfolds the first stage in the while loop.

37

Now both statements S and S ′ are valid while programs and hence

have a formal input-output semantics according to the first

definition. The input-output semantics of the first definition are

the same:

Lemma (Semantics of unfolded while loops) For any

σ ∈ State(A),

M ioA (while b do S0 od)(σ)

' M ioA (if b then S0 ; while b do S0 od else skip fi)(σ)

38

This recursive definition provides for each S an equation that

M recA (S ) must satisfy.

M recA : Comm(Σ) → (State(A) → State(A))

M recA (S )(σ) = the final state, if such a state exists, on executing

program S on initial state σ.

39

M recA (skip)(σ) = σ

M recA (x :=e)(σ) = σ[VA(e)(σ)/x ]

M recA (S1 ;S2 )(σ) ' M rec

A (S2 )(M recA (S1 )(σ))

M recA (if b then S1 else S2 fi)(σ)

=

M recA (S1 )(σ) if WA(b)(σ) = tt ;

M recA (S2 )(σ) if WA(b)(σ) = ff .

M recA (while b do S0 od)(σ)

=

M recA (while b do S0 od)(M rec

A (S0 )(σ))

if WA(b)(σ) = tt ;

σ if WA(b)(σ) = ff .

40

By the semantics of unfolded while loops Lemma we know that the

state transformer M ioA satisfies the equations generalised from S .

However,

(i) How many state transformers, in addition to M ioA (S ) satisfy

the equations?

(ii) Are there extra properties that allow us to characterise the

function M ioA (S ) as a unique solution of the equations?

41

Adding Data Types to Programming Languages

We have developed a formal definition of the syntax and semantics

for the simple programming language

WP(Σ)

of while programs that compute over an abstract data type with

signature Σ.

42

To compute over and implement the data type, we chose a

Σ-algebra

A

and defined the input-output semantics

M ioA (S ) : State(A) → State(A)

of every program S ∈ Comm(Σ) over A.

43

Suppose we want to enhance the power of WP by adding some

constructs, such as

(i) dynamic arrays, or

(ii) infinite streams.

This is trivial given our methods. As we have emphasised

repeatedly, we have solved the problem for while programming over

any algebra A.

44

Adding Dynamic Arrays

For any Σ-algebra A we can construct the algebra

AArray

with signature ΣArray of dynamic arrays over A.

So, given WP(Σ), we can add dynamic arrays to our while

programming language over Σ simply by forming the language

WP(ΣArray).

We can obtain its semantics by applying our input-output model to

ΣArray -algebra AArray .

45

Adding Infinite Streams

For any Σ-algebra A we can construct the algebra

AStream

with signature ΣStream of infinite streams over A.

So, given WP(Σ), we can add infinite streams to our while

programming language over Σ simply by forming the language

WP(ΣStream).

We can then obtain its semantics by applying our input-output

semantics model to ΣStream -algebra AStream .

46