Semantics

In order to define the semantics of the programming language, the definition of some common semantic functions are given. A program state is a pair of a store and a heap. A store, σ, is a partial function that maps a variable to its value. A heap, h or H, is a finite partial map from Loc to values. The set Loc represents locations in a heap. A location is denoted by a pair of an allocated reference, o, and its field name, f . We call a set of locations a region, written R. Heaps and regions are manipulated using the following operations.

Definition 1 (Heap and Region Operations). Lookup in a heap, written Hro, f s, is defined when po, f q P dompHq. Hro, f s is the value that H associates to po, f q.

H1 is extended by H2, written H1 Ď H2, means: @po, f q P dompH1q :: po, f q P dompH2q ^

H1ro, f s “ H2ro, f s.

H1is disjoint from H2, writtenH1KH2, means dompH1q X dompH2q “ H.

Thecombination of two heaps written H1¨ H2, is defined when H1KH2 holds, and is the partial

heap such that: dompH1¨ H2q “ dompH1q Y dompH2q, and for all po, f q P dompH1¨ H2q :

pH1¨ H2qro, f s “ $ ’ & ’ %

H1ro, f s, if po, f q P dompH1q,

Let H be a heap and R be a region. The restriction of H to R, written H æ R is defined by: dompH æ Rq “ dompHq X R and @po, f q P pH æ Rq :: pH æ Rqro, f s “ Hro, f s. We use err to denote an error region or an error heap; the restriction of a heapH to an error region is defined by:Hæerr “ err.

Notations: Let f and g be two partial functions. Then f ď g means that dompf q ď dompgq and @ x P dompf q :: f pxq “ gpxq. And f ˚ g means that dompf q X dompgq “ H. The notation f ¨ g

means disjoint union, i.e., dompf ¨ gq “ dompf q Y dompgq, @ x P dompf q :: f pxq “ pf ¨ gqpxq and @ x P dompgq :: gpxq “ pf ¨ gqpxq. Let f : X ÞÑ Y and g : Y ÞÑ Z. Then g ˝ f : X ÞÑ Z, i.e.,

@ x P X :: pg ˝ f qpxq “ gpf pxqq.

Fig. 2.3 on the next page shows the semantics of properly typed programming language, where N is the standard meaning function for numeric literals. The function MO gives the semantics of operators. A Value is either a Boolean, an object reference (which may be null), an integer or a set of locations: Value “ Boolean ` Object ` Int ` PowerSet pLocq. The auxiliary function fields( T ) takes a reference type T and returns a list of its declared field names and their types. The function typepoq takes a reference o and returns its type. Pure expressions evaluate to Values; thus the semantics of E1 “ E2 and E1 ‰ E2 have no need to check for errors. Region expressions

evaluate to regions, i.e., sets of locations, and also cannot produce errors. For example, the region expression regiontx.f u is evaluated to an empty set when x “ null. The pair pnull, f q is not allowed in the regions of our language’s semantics.

We consider the form skip; S to be identical to S. In examples, if E then tSu is syntax sugar for if E then tSu else tskip; u.

A semantic function, MS : Statement Typing Judgment Ñ pState Ñ StateKq, maps an input

E : Expression Typing Judgment Ñ Store Ñ Value

ErrΓ $ x : T sspσq “ σpxq ErrΓ $ null : T sspσq “ null ErrΓ $ n : intsspσq “ N rrnss ErrΓ $ E1‘ E2 : T sspσq “ ErrΓ $ E1 : T1sspσq MOrr‘ss E rrΓ $ E2 : T2sspσq

ErrΓ $ regiontu : regionsspσq “ H

ErrΓ $ regiontx.f u : regionsspσq “ if σpxq “ null then H else tpσpxq, f qu ErrΓ $ regiontx.˚u : regionsspσq “

if σpxq “ null then H else tpo, f q | o “ σpxq and T “ typepoq and pf : T1

q P fieldspT qu ErrΓ $ E ? RE1?RE2 : regionsspσq “

if ErrΓ $ E : boolsspσq then ErrΓ $ RE1 : regionsspσq else ErrΓ $ RE2 : regionsspσq

ErrΓ $ filtertRE, T u : regionsspσq “

tpo, f q|po, f q P E rrΓ $ RE : regionsspσq ^ typepoq “ T u ErrΓ $ filtertRE, T, f u : regionsspσq “

tpo, f1q|po, f1q P E rrΓ $ RE : regionsspσq ^ f1 “ f ^ typepoq “ T u ErrΓ $ RE1b RE2 : regionsspσq “

ErrΓ $ RE : regionsspσq MOrrbss ErrΓ $ RE : regionsspσq

Figure 2.3: The semantics of expressions

takes a type and returns its default value. The allocate function takes the heap and the class name as parameters, and returns a location and a new heap. An error happens, for example, when statements attempt to access a location not in the domain of the heap. The semantics does not have garbage collection and there is no explicit deallocation. The underlined lambda (λ) denotes a strict function that cannot recover from a nonterminating computation [81]. The semantics of statements are standard, and are defined in Fig. 2.4 on the following page.

The following lemma states that extending a type environment does not change the computation. The proof can be done by induction on the structure of the statement, and is easy. Thus, it is omitted. This lemma is used in proving Lemma 26 in Chapter 8.

Lemma 1. Let Γ and Γ1 _{be two well-formed type environments. Let S be a statement, such that}

MS : Statement Typing Judgment Ñ State Ñ StateK

MSrrΓ $ skip; : okpΓqsspσ, Hq “ pσ, Hq

MSrrΓ $ var x : T ; : okpΓ, x : T qsspσ, Hq “ pσrx ÞÑ defaultpT qs, Hq MSrrΓ $ x :“ G; : okpΓqsspσ, Hq “ pσrx ÞÑ ErrΓ $ G : T sspσqs, Hq MSrrΓ $ x.f :“ G; : okpΓqsspσ, Hq “

if σpxq ‰ null then pσ, Hrpσpxq, f q ÞÑ ErrΓ $ G : T sspσqsq else err MSrrΓ $ x1 :“ x2.f ; : okpΓqsspσ, Hq “

if σpx2q ‰ null then pσrx1 ÞÑ Hrpσpx2q, f qss, Hq else err

MSrrΓ $ x :“ new T ; : okpΓqsspσ, Hq “ let pl, H1_{q “ allocatepT , Hq in}

let pf1, . . . , fnq “ fieldspT q in

let σ1

“ σrx ÞÑ ls in pσ1, H1_rpσ1_{pxq, f}

1q ÞÑ defaultpT1q, . . . , pσ1pxq, fnq ÞÑ defaultpTnqsq

MSrrΓ $ if E thentS1uelsetS2u : okpΓqsspσ, Hq “

if ErrΓ $ E : boolsspσq then MSrrΓ $ S1 : okpΓ1qsspσ, Hq

else MSrrΓ $ S2 : okpΓ2qsspσ, Hq

MSrrΓ $ while E tSu; : okpΓqsspσ, Hq “

fix pλg . λs . let v “ ErrΓ $ E : boolsspσq in

if v ‰ 0 then let s1 _{“ MSrrΓ $ S : okpΓ}1_{qsspsq in g ˝ s}1

else if v “ 0 then s else errqpσ, Hq

MSrrΓ $ S1S2 : okpΓ1qsspσ, Hq “ let s1 “ MSrrΓ $ S1 : okpΓ2qsspσ, Hq in

if s1 _{‰ err then MSrrΓ}2 _{$ S}

2 : okpΓ1qssps1q else err

Figure 2.4: The semantics of statements

dompΓ1

q X dompΓ2q “ H. Then

1. ifMSrrΓ $ S : okpΓ1

qsspσ, hq ‰ err, then MSrrΓ, Γ2 $ S : okpΓ1, Γ2qsspσ, hq ‰ err.

2. ifMSrrΓ $ S : okpΓ1