Oracle-based Differential Operational Semantics (long version)

Program dierences are pervasive in software development and understanding them is crucial. However, such changes are usually represented as textual dierences with no regard to the syntactic nature of programs or their semantics. Such a representation may be hard to read or reason about and often fails to convey insight on the semantic implications of a change. In this paper, we propose a formal framework to characterize the dierence of behavior between two close programs equivalent or notin terms of their small-step semantics. To this end, we introduce small-step-prediction oracles that consume one reduction step of one program and produce a sequence of reduction steps of the other. Such oracles are operational, handle diverging or stuck computations, and are well-suited for describing local changes, while expressive enough to describe arbitrary ones. They can also be composed, to characterize a dierence as a sequence of simpler dierences. Last but not least, small-prediction-step oracles can be explained to programmers in terms of evaluation of the compared programs. We illustrate this framework by instantiating it on the Imp imperative language, with oracles ranging from trivial equivalence-preserving syntactic transformations to characterized semantic dierences. Through these examples, we show how our framework can be used to relate syntactic changes with their eect on the semantics, or to describe higher-level changes by abstracting away from the small-step semantics presentation. We have dened and proved the framework and the presented examples in the Coq proof assistant, and implemented a proof-of-concept inference tool for the Imp language