1 / 23

The Semantics of AsmL in a Proper Perspective

The Semantics of AsmL in a Proper Perspective. Yuri Gurevich Microsoft Research. Preamble. The intention was to present a forthcoming paper “ Semantics of AsmL ” by YG and Wolfram Schulte. But what ’ s good for a paper is not necessarily good for a talk. Hence a more general view.

jimmyr
Télécharger la présentation

The Semantics of AsmL in a Proper Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Semantics of AsmLin a Proper Perspective Yuri Gurevich Microsoft Research

  2. Preamble The intention was to present a forthcoming paper “Semantics of AsmL” by YG and Wolfram Schulte. But what’s good for a paper is not necessarily good for a talk. Hence a more general view.

  3. Agenda • A few words on the ASM project and executable specifications • An AsmL demo • AsmL-S • Why not full AsmL? • Abstract syntax, type system, operational semantics • The proof of pudding

  4. In the beginning, there wasa foundational investigation • PDEs model physical world.What are the PDEs of CS? • How CS is different? • Not a natural science: we study artificial world. • In seq case, a state is examinable and – unless the process stops – the next state exists. • The traditional math ways to deal with dynamics (math as autopsy) may be insufficient. • Hence a machine approach may be apt if we can improve on Turing’s machine.

  5. The ASM thesis Every computer system, at any level of abstraction, is an ASMas far as behavior is concerned. • Ref: Lipari Guide, #103 at my webpage • There is experimental and theoretical confirmation of the thesis but this belongs to a different talk. • Natural ASM applications: modeling existing systems, executable specifications of future systems

  6. Executable Specifications • One needs a practical spec language to write and execute ASM models. Hence ASM engines: • ASM Workbench (U Paderborn, Siemens) XASM (TU Berlin, Kestrel) ASM Gofer (U Ulm, Siemens)AsmL = ASM Language (Microsoft) • AsmL specs do include declarations: invariants, pre- and post-conditions • But isn’t an exec spec just a prototype?

  7. Nondeterminsm Parallelism A = [1,3,2] A = [2,1,3] A = [1,2,3] In-place one-swap-a-time sorting var A as Seq of Integer = [3,1,2] Swap() choose i,j in Indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i) Sort() step until fixpoint Swap() A = [2,3,1]

  8. Topological Sorting • Requirement: Given an acyclic digraph G = (V,E), sort the vertices into a sequence S where each edge (u,v) leads forward. • Observe: there is a v with no (u,v), and the remainder is still acyclic. Use the observation repeatedly to build the desired sequence S. • Modula-2 implementation by Niklaus Wirth • AsmL spec

  9. How to validate, enforce a spec? Again, a different talk. Product Idea / Informal Spec What product are you building? Are you building the right product? Modeling Validation AsmL Model Refinement Verification Are you building the product right ? Implementation C, C++, C#, ...

  10. AsmL http://research.microsoft.com/fse/asml • Math e.g. set comprehension {e(x) | x ∊ r | φ(x)} as well assequence and map comprehension • OO • Transaction programming and massive synch. parallelism • Nondeterminism • Interoperability via .NET • Literate programming via MS Word and automated programming via XML

  11. ASMs in AsmL • Universes are approximated by semantic subtypes. • Remark on typing: pragmatically necessary, semantically a drag. • Set theory is untyped for a reason. • Dynamic functions are represented by map variables.

  12. More Highlights of AsmL • Advanced type system: Disjunctive types, Semantic Subtypes, Generics • Pattern Matching: Structures and Classes • Intra-step communication with outside world and among submachines • Reflection over execution • Data access, structural coverage • State as first class citizen: Explore command, etc. • Processes (coming) • Bootstrapping

  13. Why AsmL-S? • The full AsmL is rich (numerous features are needed for the .NET integration and to support various tools) and evolving. • A smaller core fragment may be useful • to study semantics, refinements • for initial experimentation with e.g. FSM generation, model checking, parameter generation

  14. AsmL-S at a glance • Math: only maps (with partial updates) • no tuples, sets, sequences • OO • Restricted type system • no interfaces, union types • Compositions – a;b a∥b a⌷b –as well as – while, forall, choose • Exceptions • An interpreter

  15. A core of AsmL? It would be great to claim that the full AsmL is a definable extension of AsmL-S but this is not literally so. The typing discipline does not allow us even to define sets via maps. T → Unit does not work, for example.

  16. Abstract Syntax pgm = cls e cls = class c extends c {fldmth} fld = f as t mth = m(l as t) as t e t = b | c | t→t b = Bool | Int | ... | Null | Thrown | Void v = void | null | true | 0 | ... o = + | - | ... e =

  17. Abstract syntax of exprs v | l | o(e) | let l = e : e | if e then e else e | new c(e) | new t→t (e↦e) | e.f | e.m | e[e] | e.f:=e | e[e]:=e | remove e[e] | e is t | e as t | e;e | e ∥ e | e⌷e |while(e) do e | forall l in e : e | choose l in e : e | try e catch(l as t) e | throw e | skip

  18. Subyping rules Program specific: c extends c’...------------------------------------------------------------------------ ---------------- c < c’ General: Trown < t Null < c, t→t’ < Object t3<t1 t2<t4 ------------------------------------------------------------------------------------ t1→t2 < t3<t4 < if reflexive, transitive Basic types are not objects in AsmL-S though they are in AsmL.

  19. Static semantics • Class table (as in Featherweight Java) and lookup functions, like fields(c) • An example rule T⊦ e1 :: Bool T ⊦ e2 :: t ---------------------------------------------------------------------------------------T⊦ (while (e1) do e2) :: Void

  20. Semantic domains • Value = Literal ∪ ObjId • Location = ObjectId × (FieldId ∪ Value) • Store = (ObjId ∪ Location) × (Type ∪ Value) • Update = Location × (Value ∪ {⊥}) • Updates = Set{Update} • Status = {X,OK} • Effect = Store × Updates × Status • Binding = LocalId → Value

  21. Judgements ⊦ cls e ⇓φ,v B,S ⊦ e ⇓φ,v where φ is an effect and v is a value. φ gives object types, location values, updates and status.

  22. A couple of evaluation rules B,S ⊦ e ⇓φ,v v ≠ null------------------------------------------------------------------------------------------------------------------------------------------------------------------------B,S ⊦ e.f ⇓φ,(S + store(φ))(v.f) B,S ⊦ e ⇓φ,nullB,S ⊦ (throw new NullX())⇓φ’,v’----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------B,S ⊦ e.f ⇓φ + φ’, v’ Remark on natural semantics.

  23. Proof of pudding • Who uses AsmL? • Some MS product groups, e.g. XAF. • Some academics (who complain that there is no book) • Dogfooding • Architects, PMs, devs and testers. • ESTATE(?)

More Related