Semantics with Applications

Natural Semantics

Pablo Lpez

University of Mlaga

November 15, 2016

1 / 41
Outline

Introduction

Natural Semantics

Properties of the Natural Semantics

2 / 41
Outline

Introduction

Natural Semantics

Properties of the Natural Semantics

3 / 41
_S=C=5PB H BY6B7=NHMBQ =EY6C=NW
JYHX\ HXMNY6E5X=NW^ {J K+JY=@BCE7=
B77 H5PBQWK+JYQ\C=YPB7HN^
Abstract Syntax of WHILE
=BHXH\C=5PSB55PS=H5PY\M5X\YX=JKQ\C=YPB7HBQW BYX6B 7=H6H:6 =Q =N7HX=
=@BCE7=Q\C=NYXB7HC6:S5 =H5XYX6Q:HJKW6:65XHBQvW BY6B7=NHH5PYX6Q:HJK7=5X
W6:65XHH5PBY5X6Q: 65XSB7=55P=NY^_S=H5PY\M5X\YX=JK5PS=J5XS=NYMJQH5PYX\M5PH6H
D F>F r J KF r M KF rO
D S
FX
F r D F r\ F]
F r
o D >
D F F o r toF

o r o
F
k o
_S\H B JJ7=BQ=@EYX=HXH6JQ MNBQJQ7SB =JQ=JKHX6@K+JYXCHN ^ 56HMB77=NW
CCWe C covered
6K 656H theS semantics
JY X ofJYarithmetic SBH5PS=K+J Y
(Aexp)C r D Boolean
and J Y
r\ K S=NY =

BY= (Bexp)
BY65PSC=5P expressions.

6
M
=
@
E
Y N
=
H X
H
6
J
Q N
H
^
5
6
H N
M
B
7
7 N
= W v
B

V


V C



C

C

C


6
K
6
5
S
B
H P
5 S=

S=We YX= still

6HB
have JJto
7=NBcover
Q=@EY the JQ
=NHXH6semantics JY5PS= ofK+Jstatements
YC r (Stm). S=NYX = r BQWBY=
=@EY=NHHX6JQHN^{6C67BYYX=NCBY HBEE75PJBYX65PSC=5X6M=@EYX=HXHX6JQHBQWH5PB5P=C=
_S=HXE=NM6 MNB5P6JQB J =W= Q=NH5PS=CCCC>JK0$ + 6Q 5PSB56
HPB HSJ 5PJ\67WBY65XSC=5P6M =@EY=NHXH6JQHJJ7=NBQ =@EY=NHXH6JQH BQWH5B5X=NC
5PS= 7BQ:\B:= ^ Q= B 5XJ5PS6Q JK5PS=B H5PYPBM5H Q5PB@ 6HBHHE =MN6K 6Q:5X
5PY=N=HJK5PS=7BQ:\B:= BQW65 6775PS=Q = 5PS= E\YE JH=JK5PS = VC3C/
41
C
Dealing with Change

The purpose of statements in WHILE is to change the state:

I the semantics of Aexp and Bexp only inspect the state
I evaluation is side-effect free
I the semantics of Stm can modify the state
I execution changes the state

4 / 41
Operational Semantics and State Change

I the execution of a program changes its state

I operational semantics are concerned with how to execute
programs; not merely with the final results
I we are interested in how the states are modified during the
execution
I therefore, operational semantics must model state change

5 / 41
Two Styles of Operational Semantics

What states are relevant?

I Natural Semantics (big-step semantics) describe how the
overall results are obtained from initial to final state
I Structural Operational Semantics (small-step semantics)
describe how the individual steps change the states (initial,
intermediate, and final)
We model both operational semantics by transition systems.

6 / 41
Transition System

A transition system is a tuple (, T, B) where:

I is a set of configurations
I T a set of terminal configurations T
I B is a transition relation B

7 / 41
Quiz

Recall that the transition relation B is defined as B .

8 / 41
Quiz

Recall that the transition relation B is defined as B .

An alternative definition of B is B ( \ T ) .

8 / 41
Quiz

Recall that the transition relation B is defined as B .

An alternative definition of B is B ( \ T ) .
Whats the difference?

8 / 41
Quiz

Recall that the transition relation B is defined as B .

An alternative definition of B is B ( \ T ) .
Whats the difference?
In general, a transition system:
I can evolve from a terminal configuration ( vs \ T )
I does not need to be deterministic ( vs )

8 / 41
Configurations for WHILE

We define two types of configurations:

I hS, si statement S is to be executed from the state s, and
I s terminal or final state
A configuration of the latter form is a terminal configuration.

9 / 41
Configurations for WHILE

We define two types of configurations:

I hS, si statement S is to be executed from the state s, and
I s terminal or final state
A configuration of the latter form is a terminal configuration.
The natural and structural operational semantics:
I use the same sets of configurations, and T
I differ in the definition of the transition relation B.
Since WHILE is deterministic, we shall replace B by

9 / 41
Outline

Introduction

Natural Semantics

Properties of the Natural Semantics

10 / 41
Transition System for Natural Semantics

The Natural Semantics of WHILE is defined by a transition system

(, T, ) where:

= {hS, si | S Stm, s State} State

T = State
{hS, si | S Stm, s State} State

10 / 41
Fundamentals of Natural Semantics

I We are concerned with the initial and final states

I The transition relation specifies the relationship between
the initial and the final states for each statement of WHILE
I The transition
hS, si s0
means that the execution of statement S from the initial state
s will terminate, yielding the final state s0 .

11 / 41
But how do we know it?

I Given a transition hS, si s0 , how do we know if it holds?

I For example, how do we know that

hy := y 1; skip; x := x + 1, [x 7 3, y 7 4]i [x 7 4, y 7 3]

holds ?

12 / 41
But how do we know it?

I Given a transition hS, si s0 , how do we know if it holds?

I For example, how do we know that

hy := y 1; skip; x := x + 1, [x 7 3, y 7 4]i [x 7 4, y 7 3]

holds ?
We define the transition relation by a set of rules and axioms.

12 / 41
Rules and Axioms (I)
The definition of is given by a set of rules and axioms.
A rule has the form:
hS1 , s1 i s01 , hSn , sn i s0n
[rule name] if condition
hS, si s0

where:
I premises are written above the solid line
I the conclusion is written below the solid line
I S1 , . . . , Sn are immediate constituents of S or constructed
from immediate constituents of S
I a rule may also have a number of conditions or provisos that
must be fulfilled for the rule to be applied
I if all the conditions and premises hold then the conclusion
holds

13 / 41
Rules and Axioms (II)

The definition of is given by a set of rules and axioms.

An axiom is a rule with no premises (may have conditions):

[axiom name] if condition

hS, si s0

the solid line is usually omitted.

14 / 41
Natural Semantics for WHILE

15 / 41
The Assignment Statement :=

[assns ] hx := a, si s[x 7 AJaKs]

I executed by updating the value of x in s with the value of the

arithmetic expression a in the state s
I it is an axiom schema: x, s, and a are meta-variables
I we get an instance of the axiom when we replace the
meta-variables by actual values, e.g.:

hx := x + 1, s0 i s0 [x 7 1]

assuming that s0 x = 0
I in general, we shall use axiom and rule to mean axiom schema
and rule schema

16 / 41
The skip Statement

[skipns ] hskip, si s

I does not modify the state s

17 / 41
The ; Statement

hS1 , si s0 , hS2 , s0 i s00

[compns ]
hS1 ; S2 , si s00

I sequential composition; imposes sequential order:

I first execute S1 from s, obtaining s0
I then execute S2 from s0 , obtaining s00

18 / 41
Quiz

Assume that s0 x = 0.
I is this an instance of [compns ]?

hskip, s0 i s0 hx := x + 1, s0 i s0 [x 7 1]
hskip; x := x + 1, s0 i s0 [x 7 1]

19 / 41
Quiz

Assume that s0 x = 0.
I is this an instance of [compns ]?

hskip, s0 i s0 hx := x + 1, s0 i s0 [x 7 1]
hskip; x := x + 1, s0 i s0 [x 7 1]
Yes, it is.

19 / 41
Quiz

Assume that s0 x = 0.
I is this an instance of [compns ]?

hskip, s0 i s0 hx := x + 1, s0 i s0 [x 7 1]
hskip; x := x + 1, s0 i s0 [x 7 1]
Yes, it is.
I is this an instance of [compns ]?

hskip, s0 i s0 [x 7 5] hx := x + 1, s0 [x 7 5]i s0
hskip; x := x + 1, s0 i s0

19 / 41
Quiz

Assume that s0 x = 0.
I is this an instance of [compns ]?

hskip, s0 i s0 hx := x + 1, s0 i s0 [x 7 1]
hskip; x := x + 1, s0 i s0 [x 7 1]
Yes, it is.
I is this an instance of [compns ]?

hskip, s0 i s0 [x 7 5] hx := x + 1, s0 [x 7 5]i s0
hskip; x := x + 1, s0 i s0
Yes; even though the premises are not instances of the
corresponding axioms!

19 / 41
The if then else Statement

We need two rules, discriminated by a condition on the guard b:

tt hS1 , si s0
[ifns ] if BJbKs = tt
hif b then S1 else S2 , si s0

ff hS2 , si s0
[ifns ] if BJbKs = ff
hif b then S1 else S2 , si s0

I recall that a rule can only be applied if the condition is true

20 / 41
Quiz

We drop then, parenthesize b and get the rule:

tt hS1 , si s0
[ifns ] if BJbKs = tt
hif (b) S1 else S2 , si s0

is this rule valid for C, C++, or Java?

21 / 41
Quiz

We drop then, parenthesize b and get the rule:

tt hS1 , si s0
[ifns ] if BJbKs = tt
hif (b) S1 else S2 , si s0

is this rule valid for C, C++, or Java?

No; those languages have side effects thus the evaluation of b could
change the state s

21 / 41
The while Statement

We need an axiom:

[whileffns ] hwhile b do S, si s if BJbKs = ff

and a rule:
hS, si s0 , hwhile b do S, s0 i s00
[whilett
ns ] if BJbKs = tt
hwhile b do S, si s00

I the axiom formalizes termination: if b is false the loop

terminates and leaves the state unchanged
I the rule formalizes looping: if b is true we execute the body
and continue from a modified state

22 / 41
The Natural Semantics of WHILE is not Compositional

I The culprit is the rule:

hS, si s0 , hwhile b do S, s0 i s00

[whilett
ns ] if BJbKs = tt
hwhile b do S, si s00

because the semantics of while is defined in terms of the very

same construct; not a constituent of the construct
I This means we cannot apply induction on the structure of the
statements

23 / 41
Derivation Trees

I to derive a transition hS, si s0 we build a derivation tree

I the root is the proper transition hS, si s0
I the leaves are instances of axioms
I the internal nodes are conclusions of instances of rules, with
the corresponding premises as sons
I the conditions of all the instantiated axioms and rules must
hold
I a derivation tree is simple if it is an instance of an axiom;
otherwise it is composite

24 / 41
 YC=B>:M9L[Y8MV?:=BOM89L[HB?[?HMVV=BT F1 Y>
[^ ?9:=BC?:=OAM89:[H?M8T
An
Z1>:YO Example
9:;= ?9L>:IH9LIof
>LMVa
YC Derivation
=>LM9:[Y8MV?:=BO M89L[HB
Tree ? ;[T[8^ = =8OY>= =E=HBI9:[Y8 T
89:;For
=8M9:I>LMV?=BOM89L[H?9L;==E=BHI9L[Y8YZ9L;==EMOCV=C>:Y^>LMO
the statement (z:= x; x:= y); y:= z we get the derivation[8 9L;=?LMO=
tree:
=Z1Y>= [VV =>=BC>=B?:=89L=BT 9:;=Z1YVVY [8
M? ^ T=B>[
M9L[Y8 9L>=B=

# %' w ' %
w

# %''
' %
% #

# %
' ' ' %'
% #
;=>:=
=;M =I?=BT9:;=M >= [M9L[Y8?
s% 0 x =
where ' 5, s0 y = # s0_ = 0, and:
7,
w % ' #
% ' s# 1 = s0 [z 7 5]
% ' s# 2 = s1 [x 7 7]
s = s [y 7 5]

d;[?[?9LY =>:=MT ?
M?Z1YVVY 3d;= =E=2HBI9:[Y8YZ # %'[89L;=?9M9L= [VV>:=B?
9L;=?9LM9L
= M8TA9L;==E=HBI9:[Y8 YZ ' %
[8?9M9L= w [VV>:=?:IV9[8?9LM9L
= bd;=B
w 25 / 41
How to Build a Derivation Tree

I Given a statement S and an initial state s we proceed from

the root upwards.
I Find an axiom or rule whose conclusion matches hS, si:
1. If it is an axiom and the condition holds, determine the final
state s0 . We are done.
2. If it is a rule, recursively build derivation trees for the premises.
Make sure that all the conditions hold and determine the final
state.
I Note that, in general, the algorithm is not deterministic
I For WHILE, there will be at most one derivation tree

26 / 41
Exercises

Exercise. Build the derivation tree for the statement:

y := 1; while !( x = 1) do ( y := y * x ; x := x -1)

with an initial state s0 such that s x = 3.

Exercise 2.3 Build the derivation tree for the statement:
z := 0; while y <= x do ( z := z +1; x := x - y )

with an initial state s0 x = 17 and s0 y = 5.

27 / 41
Termination and Looping

I The execution of a statement S on a state s

I terminates if and only if there is a state s0 such that
hS, si s0 , and
I loops if and only if there is no state s0 such that hS, si s0
I Therefore, note that no run-time errors are possible
I The execution of a statement S
I always terminates if it terminates for all choices of s
I always loops if it loops for all choices of s

28 / 41
Exercises

Exercise 2.4 Consider the following statements:

I while !(x=1) do (y:= y*x; x:= x-1)
I while 1 <= x do (y:= y*x; x:= x-1)
I while true do skip

For each statement determine whether or not it always terminates

and whether or not it always loops. Use the axioms and rules of the
natural semantics to justify your answers.

29 / 41
Outline

Introduction

Natural Semantics

Properties of the Natural Semantics

30 / 41
Semantic Equivalence for Natural Semantics

Two statements S1 and S2 are semantically equivalent if for all

states s and s0 :

hS1 , si s0 if and only if hS2 , si s0

30 / 41
Loop Unfolding for while

Lemma 2.5 The statement

while b do S

is semantically equivalent to
if b then ( S ; while b do S ) else skip

Proof: By construction of valid derivation trees. You must prove

both directions of the equivalence.

31 / 41
Exercises (I)

Exercise 2.6 Prove that the two statements S1 ; (S2 ; S3 ) and

(S1 ; S2 ); S3 are semantically equivalent. Construct a statement
showing that S1 ; S2 is not, in general, semantically equivalent to
S2 ; S1 .
Exercise 2.7 Extend the WHILE language with the statement
repeat S until b

and define the relation for it. You are not allowed to rely on the
while construct. Prove that repeat S until b and
S ; if b then skip else ( repeat S until b )

are semantically equivalent.

32 / 41
Exercises (II)

Exercise 2.8 Extend the WHILE language with the statement

for x := a1 to b2 do S

and define the relation for it. You are not allowed to rely on the
whileconstruct. Evaluate the statement:
y := 1; for x := 1 to x do ( y := y * x ; x := x -1)

from a state where x has the value 5. Hint: Assume that you have
an inverse to N to compute the numeral from a given number.

33 / 41
Deterministic Natural Semantics

A Natural Semantics is deterministic if for all choices of S, s, s0 ,

and s00 we have that

hS, si s0 and hS, si s00 imply s0 = s00

This means that for every statement S and initial state s we can
uniquely determine the final state s0 if (and only if) the execution
of S terminates.

34 / 41
WHILE is Deterministic

Theorem 2.9 The Natural Semantics of WHILE is deterministic.

Proof: We assume that hS, si s0 and shall prove that

if hS, si s00 then s0 = s00 .

We proceed by induction on the shape of the derivation tree for

hS, si s0 .

35 / 41
Induction on the Shape of the Derivation (Rule Induction)

36 / 41
Exercise

Exercise 2.10 Prove that

repeat S until b

as defined in exercise 2.7 is semantically equivalent to

S ; while ! b do S

Argue that this means that the extended semantics (i.e. the natural
semantics extended to include repeat until) is deterministic.

37 / 41
The Semantic Function Sns

The meaning of statements is given by the partial function:

Sns : Stm (State , State)

This means that for every statement S we have a partial function:

Sns JSK State , State

defined as:
s0 if hS, si s0

Sns JSKs =
undef otherwise

38 / 41
Quiz

We said that Sns is a partial function:

I Why is it a function?
I Why is it partial?

39 / 41
Quiz

We said that Sns is a partial function:

I Why is it a function?
I Why is it partial?

I It is a function because the Natural Semantics of WHILE is

deterministic, thus there can only be a s0 such that hS, si s0

39 / 41
Quiz

We said that Sns is a partial function:

I Why is it a function?
I Why is it partial?

I It is a function because the Natural Semantics of WHILE is

deterministic, thus there can only be a s0 such that hS, si s0

I It is partial because of non-termination (undef )

39 / 41
Exercises (I)
Exercise 2.11 The semantics of arithmetic expressions can be
given by a natural semantics specification using the following two
configurations:
I ha, si denoting that a is to be evaluated in state s
I z denoting the final value (z Z)
The transition relation Aexp has the form:

ha, si Aexp z

The inference rule for addition is:

ha1 , si Aexp z1 , ha2 , si Aexp z2
where z = z1 + z2
ha1 + a2 , si Aexp z

Complete the transition system of the natural semantics and use

structural induction to prove that this definition is equivalent to the
semantic function A.
40 / 41
Exercises (II)

Exercise 2.12 We can specify the semantics for Boolean

expressions using natural semantics. The transitions will have the
form:
hb, si Bexp t
where t T. Specify the transition system and prove that the
meaning of b defined in this way is the same as that defined by B.
Exercise 2.13 Determine whether or not semantic equivalence of
S1 and S2 amounts to Sns JS1 K = Sns JS2 K

41 / 41