77 research outputs found
Coinductive big-step operational semantics
Using a call-by-value functional language as an example, this article
illustrates the use of coinductive definitions and proofs in big-step
operational semantics, enabling it to describe diverging evaluations in
addition to terminating evaluations. We formalize the connections between the
coinductive big-step semantics and the standard small-step semantics, proving
that both semantics are equivalent. We then study the use of coinductive
big-step semantics in proofs of type soundness and proofs of semantic
preservation for compilers. A methodological originality of this paper is that
all results have been proved using the Coq proof assistant. We explain the
proof-theoretic presentation of coinductive definitions and proofs offered by
Coq, and show that it facilitates the discovery and the presentation of the
results
Coinductive Big-Step Semantics for Concurrency
In a paper presented at SOS 2010, we developed a framework for big-step
semantics for interactive input-output in combination with divergence, based on
coinductive and mixed inductive-coinductive notions of resumptions, evaluation
and termination-sensitive weak bisimilarity. In contrast to standard
inductively defined big-step semantics, this framework handles divergence
properly; in particular, runs that produce some observable effects and then
diverge, are not "lost". Here we scale this approach for shared-variable
concurrency on a simple example language. We develop the metatheory of our
semantics in a constructive logic.Comment: In Proceedings PLACES 2013, arXiv:1312.221
Compiler verification meets cross-language linking via data abstraction
Many real programs are written in multiple different programming languages, and supporting this pattern creates challenges for formal compiler verification. We describe our Coq verification of a compiler for a high-level language, such that the compiler correctness theorem allows us to derive partial-correctness Hoare-logic theorems for programs built by linking the assembly code output by our compiler and assembly code produced by other means. Our compiler supports such tricky features as storable cross-language function pointers, without giving up the usual benefits of being able to verify different compiler phases (including, in our case, two classic optimizations) independently. The key technical innovation is a mixed operational and axiomatic semantics for the source language, with a built-in notion of abstract data types, such that compiled code interfaces with other languages only through axiomatically specified methods that mutate encapsulated private data, represented in whatever formats are most natural for those languages.National Science Foundation (U.S.) (Grant CCF-1253229)United States. Defense Advanced Research Projects Agency (Agreement FA8750-12-2-0293)United States. Dept. of Energy. Office of Science (Award DE-SC0008923
Formal Semantics of a Subset of the Paderborn's BSPlib
PUB (Paderborn University BSPLib) is a C library supporting the development of Bulk-Synchronous Parallel (BSP) algorithms. The BSP model allows an estimation of the execution time, avoids deadlocks and indeterminism. This paper presents a formal operational semantics for a C+PUB subset language using the Coq proof assistant and a certified N-body computation as example of using this for-mal semantics. 1
Resumptions, Weak Bisimilarity and Big-Step Semantics for While with Interactive I/O: An Exercise in Mixed Induction-Coinduction
We look at the operational semantics of languages with interactive I/O
through the glasses of constructive type theory. Following on from our earlier
work on coinductive trace-based semantics for While, we define several big-step
semantics for While with interactive I/O, based on resumptions and
termination-sensitive weak bisimilarity. These require nesting inductive
definitions in coinductive definitions, which is interesting both
mathematically and from the point-of-view of implementation in a proof
assistant.
After first defining a basic semantics of statements in terms of resumptions
with explicit internal actions (delays), we introduce a semantics in terms of
delay-free resumptions that essentially removes finite sequences of delays on
the fly from those resumptions that are responsive. Finally, we also look at a
semantics in terms of delay-free resumptions supplemented with a silent
divergence option. This semantics hinges on decisions between convergence and
divergence and is only equivalent to the basic one classically.
We have fully formalized our development in Coq.Comment: In Proceedings SOS 2010, arXiv:1008.190
A static cost analysis for a higher-order language
We develop a static complexity analysis for a higher-order functional
language with structural list recursion. The complexity of an expression is a
pair consisting of a cost and a potential. The former is defined to be the size
of the expression's evaluation derivation in a standard big-step operational
semantics. The latter is a measure of the "future" cost of using the value of
that expression. A translation function tr maps target expressions to
complexities. Our main result is the following Soundness Theorem: If t is a
term in the target language, then the cost component of tr(t) is an upper bound
on the cost of evaluating t. The proof of the Soundness Theorem is formalized
in Coq, providing certified upper bounds on the cost of any expression in the
target language.Comment: Final versio
Equality of Corecursive Streams Defined by Finitary Equational Systems
In recent work, non-regular streams have been defined corecursively, by representing them with finitary equational systems built on top of various operators, besides the standard constructor. With finitary equational systems based only on the stream constructor, one can use the free theory of regular (a.k.a. rational) trees to get a sound and complete procedure to decide whether two streams are equal. However, this is not the case if one allows other operators in equations, since the underlying equational theory becomes non-trivial, hence equality of regular trees is too strong to guarantee termination of corecursive functions defined even only with the constructor and tail operators. To overcome this problem, we provide a weaker definition of equality between streams denoted by finitary equational systems built on different stream operators, including tail operator and constructor, and prove its soundness
Pretty-Big-Step Semantics
International audienceIn spite of the popularity of small-step semantics, big-step semantics remain used by many researchers. However, big-step semantics suffer from a serious duplication problem, which appears as soon as the semantics account for exceptions and/or divergence. In particular, many premises need to be copy-pasted across several evaluation rules. This duplication problem, which is particularly visible when scaling up to full-blown languages, results in formal definitions growing far bigger than necessary. Moreover, it leads to unsatisfactory redundancy in proofs. In this paper, we address the problem by introducing pretty-big-step semantics. Pretty-big-step semantics preserve the spirit of big-step semantics, in the sense that terms are directly related to their results, but they eliminate the duplication associated with big-step semantics
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
Comment gagner confiance en C ?
National audiencevoir article (cette communication est une chronique et ne contient pas de résumé)
- …