Denotational Semantics

10 lectures for Part II CST 2012/13 Marcelo Fiore Course web page: http://www.cl.cam.ac.uk/teaching/1213/DenotSem/

Lecture 1
Introduction

What is this course about?

General area.
Formal methods: Mathematical techniques for the specication, development, and verication of software and hardware systems.

Specic area.
Formal semantics: Mathematical theories for ascribing meanings to computer languages.

Why do we care?

Why do we care?

Rigour.
. . . specication of programming languages . . . justication of program transformations

Why do we care?

Rigour.
. . . specication of programming languages . . . justication of program transformations

Insight.
. . . generalisations of notions computability . . . higher-order functions . . . data structures

 Feedback into language design.

. . . continuations . . . monads

 Feedback into language design.

. . . continuations . . . monads

Reasoning principles.
. . . Scott induction . . . Logical relations . . . Co-induction

Styles of formal semantics Operational.

Axiomatic.

Denotational.

Styles of formal semantics Operational. Meanings for program phrases dened in terms of the steps of computation they can take during program execution. Axiomatic.

Denotational.

Styles of formal semantics Operational. Meanings for program phrases dened in terms of the steps of computation they can take during program execution. Axiomatic. Meanings for program phrases dened indirectly via the axioms and rules of some logic of program properties. Denotational.

Styles of formal semantics Operational. Meanings for program phrases dened in terms of the steps of computation they can take during program execution. Axiomatic. Meanings for program phrases dened indirectly via the axioms and rules of some logic of program properties. Denotational. Concerned with giving mathematical models of programming languages. Meanings for program phrases dened abstractly as elements of some suitable mathematical structure.

Basic idea of denotational semantics Syntax

[[]]

Semantics

[[P ]]

Basic idea of denotational semantics Syntax Recursive program

[[]]

Semantics Partial recursive function

[[P ]]

Basic idea of denotational semantics Syntax Recursive program Boolean circuit

[[]]

Semantics Partial recursive function Boolean function

[[P ]]

Basic idea of denotational semantics Syntax Recursive program Boolean circuit

P
Concerns:

[[]]

Semantics Partial recursive function Boolean function

[[P ]]

Abstract models (i.e. implementation/machine independent).

Lectures 2, 3 and 4.

Basic idea of denotational semantics Syntax Recursive program Boolean circuit

P
Concerns:

[[]]

Semantics Partial recursive function Boolean function

[[P ]]

Abstract models (i.e. implementation/machine independent).

Lectures 2, 3 and 4.

Compositionality.
Lectures 5 and 6.

Basic idea of denotational semantics Syntax Recursive program Boolean circuit

P
Concerns:

[[]]

Semantics Partial recursive function Boolean function

[[P ]]

Abstract models (i.e. implementation/machine independent).

Lectures 2, 3 and 4.

Compositionality.
Lectures 5 and 6.

Relationship to computation (e.g. operational semantics).

Lectures 7 and 8.
7

Characteristic features of a denotational semantics

Each phrase (= part of a program), P , is given a denotation, [[P ]] a mathematical object representing the contribution of P to the meaning of any complete program in which it occurs. The denotation of a phrase is determined just by the
denotations of its subphrases (one says that the semantics is compositional).

Basic example of denotational semantics (I) IMP syntax Arithmetic expressions

A Aexp ::= n | L | A + A | . . . where n ranges over integers and L over a specied set of locations L
Boolean expressions

B Bexp ::= true | false | A = A | . . . | B | . . .

Commands

C Comm ::= skip | L := A | C ; C | if B then C else C

9

Basic example of denotational semantics (II) Semantic functions

A : Aexp (State Z)

where

Z = { . . . , 1, 0, 1, . . . } State = (L Z)

10

Basic example of denotational semantics (II) Semantic functions

A : Aexp (State Z) B : Bexp (State B)

where

Z = { . . . , 1, 0, 1, . . . } B = { true , false } State = (L Z)

10

Basic example of denotational semantics (II) Semantic functions

A : Aexp (State Z) B : Bexp (State B) C : Comm (State State )

where

Z = { . . . , 1, 0, 1, . . . } B = { true , false } State = (L Z)

10

Basic example of denotational semantics (III) Semantic function A

A[[n]] = s State . n A[[L]] = s State . s(L) A[[A1 + A2 ]] = s State . A[[A1 ]](s) + A[[A2 ]](s)

11

Basic example of denotational semantics (IV) Semantic function B

B [[true]] = s State . true B [[false]] = s State . false B [[A1 = A2 ]] = s State . eq A[[A1 ]](s), A[[A2 ]](s)
where eq (a, a

)=

true if a = a false if a = a

12

Basic example of denotational semantics (V) Semantic function C

[[skip]] = s State . s

NB: From now on the names of semantic functions are omitted!

13

A simple example of compositionality Given partial functions [[C ]], [[C

]] : State State and a function [[B ]] : State {true , false }, we can dene [[if B then C else C ]] = s State . if [[B ]](s), [[C ]](s), [[C ]](s)
where

if (b, x, x ) =

x x

if b

= true if b = false

14

Basic example of denotational semantics (VI) Semantic function C

[[L := A]] = s State . L. if

= L, [[A]](s), s( )

15

Denotational semantics of sequential composition Denotation of sequential composition C ; C of two commands

[[C ; C ]] = [[C ]] [[C ]] = s State . [[C ]] [[C ]](s)

given by composition of the partial functions from states to states

[[C ]], [[C ]] : State

commands.

State which are the denotations of the

16

Denotational semantics of sequential composition Denotation of sequential composition C ; C of two commands

[[C ; C ]] = [[C ]] [[C ]] = s State . [[C ]] [[C ]](s)

given by composition of the partial functions from states to states

[[C ]], [[C ]] : State

commands.

State which are the denotations of the

Cf. operational semantics of sequential composition:

C, s s

C ,s s

C; C , s s

16

[[while B do C ]]

17

Fixed point property of

[[while B do C ]] [[while B do C ]] = f[[B ]],[[C ]] ([[while B do C ]])

where, for each b

c : State
as

: State {true , false } and State , we dene State ) (State State )

fb,c : (State

fb,c = w (State

State ). s State . if b(s), w(c(s)), s .

17

Fixed point property of

[[while B do C ]] [[while B do C ]] = f[[B ]],[[C ]] ([[while B do C ]])

where, for each b

c : State
as

: State {true , false } and State , we dene State ) (State State )

fb,c : (State

fb,c = w (State

State ). s State . if b(s), w(c(s)), s .

Why does w = f[[B ]],[[C ]] (w) have a solution? What if it has several solutionswhich one do we take to be [[while B do C ]]?
17

Approximating [[while

B do C ]]

18

Approximating [[while

B do C ]]

f[[B ]],[[C ]] n () = s State . k (s) if 0 k < n. [[B ]]([[C ]]k (s)) = false [[ C ]] and 0 i < k. [[B ]]([[C ]]i (s)) = true if 0 i < n. [[B ]]([[C ]]i (s)) = true

18

D = (State Partial order w w

iff iff on D :

def

State )

for all s State , if w is dened at s then so is w and moreover w (s) = w (s). the graph of w is included in the graph of w . :

Least element D w.r.t.

= =

totally undened partial function partial function with empty graph

(satises

w, for all w D).

19

Lecture 2
Least Fixed Points

20

Thesis

All domains of computation are partial orders with a least element.

21

Thesis

All domains of computation are partial orders with a least element.

All computable functions are mononotic.

21

Partially ordered sets A binary relation reexive: transitive: on a set D is a partial order iff it is

d D. d

d d d d d d

d, d , d D. d d, d D. d

anti-symmetric: Such a pair (D,

dd=d.

) is called a partially ordered set, or poset.

22

y x

y z

x=y

23

Domain of partial functions, X

24

Domain of partial functions, X

Underlying set: all partial functions, f , with domain of denition

dom (f ) X and taking values in Y .

24

Domain of partial functions, X

Underlying set: all partial functions, f , with domain of denition

dom (f ) X and taking values in Y .

Partial order:

iff iff

dom (f ) dom (g ) and x dom (f ). f (x) = g (x) graph (f ) graph (g )

24

Monotonicity

A function f : D E between posets is monotone iff d, d D. d d f (d ) f (d ).

x f (x)

y f (y )

(f monotone)

25

Least Elements Suppose that D is a poset and that S is a subset of D . An element d

S is the least element of S if it satises x S. d x .

Note that because

least element.

is anti-symmetric, S has at most one

Note also that a poset may not have least element.

26

Pre-xed points Let D be a poset and f An element d

: D D be a function.

D is a pre-xed point of f if it satises

f (d )

d.

The least pre-xed point of f , if it exists, will be written

x (f )
It is thus (uniquely) specied by the two properties:

f (x (f ))

x (f ) d x (f ) d.

(lfp1) (lfp2)

d D. f (d)

27

Proof principle

2. Let D be a poset and let f

: D D be a function with a least pre-xed point x (f ) D . x it is enough to For all x D , to prove that x (f ) establish that f (x) x.

28

Proof principle

2. Let D be a poset and let f

: D D be a function with a least pre-xed point x (f ) D . x it is enough to For all x D , to prove that x (f ) establish that f (x) x. f (x) x (f ) x x

28

Proof principle 1.

f (x (f ))
2. Let D be a poset and let f

x (f )

: D D be a function with a least pre-xed point x (f ) D . x it is enough to For all x D , to prove that x (f ) establish that f (x) x. f (x) x (f ) x x

28

Least pre-xed points are xed points If it exists, the least pre-xed point of a mononote function on a partial order is necessarily a xed point.

29

Thesis

All domains of computation are complete partial orders with a least element.

30

Thesis

All domains of computation are complete partial orders with a least element.

All computable functions are continuous.

30

Cpos and domains A chain complete poset, or cpo for short, is a poset (D, which all countable increasing chains d0 least upper bounds,
n 0 dn :

d1

d2

) in . . . have

m 0 . dm
n0

dn d)
n0

(lub1)

d D . ( m 0 . d m

dn

d.

(lub2)

A domain is a cpo that possesses a least element, :

d D .

d.

31

xi

n0 xn

(i 0 and xn a chain)

n 0 . xn
n0 xn

x x

( xi a chain)

32

Domain of partial functions, X

33

Domain of partial functions, X

Underlying set: all partial functions, f , with domain of denition dom (f ) X and taking values in Y .

33

Domain of partial functions, X

Underlying set: all partial functions, f , with domain of denition dom (f ) X and taking values in Y . Partial order:

iff iff

dom (f ) dom (g ) and x dom (f ). f (x) = g (x) graph (f ) graph (g )

33

Domain of partial functions, X

Underlying set: all partial functions, f , with domain of denition dom (f ) X and taking values in Y . Partial order:

iff iff

dom (f ) dom (g ) and x dom (f ). f (x) = g (x) graph (f ) graph (g ) f2 . . . is the partial function f with n0 dom (fn ) and fn (x)
undened if x

Lub of chain

f0 dom (f ) = f (x) =

f1

dom (fn ), some n

otherwise

33

Domain of partial functions, X

Underlying set: all partial functions, f , with domain of denition dom (f ) X and taking values in Y . Partial order:

iff iff

dom (f ) dom (g ) and x dom (f ). f (x) = g (x) graph (f ) graph (g ) f2 . . . is the partial function f with n0 dom (fn ) and fn (x)
undened if x

Lub of chain

f0 dom (f ) = f (x) =

f1

dom (fn ), some n

otherwise

Least element

is the totally undened partial function.

33

Some properties of lubs of chains Let D be a cpo. 1. For d

D,

nd

= d. d1
n

2. For every chain d0

...
n

dn dN + n

. . . in D,

dn =
for all N

N.

34

3. For every pair of chains d0

e0

e1
if dn

...

en

d1 . . . . . . in D,
n dn

dn

. . . and
n en .

en for all n N then

35

3. For every pair of chains d0

e0

e1
if dn

...

en

d1 . . . . . . in D,
n dn

dn

. . . and
n en .

en for all n N then

n 0 . xn
n xn

yn
n yn

( xn and yn chains)

35

Diagonalising a double chain Lemma. Let D be a cpo. Suppose that the doubly-indexed family of elements dm,n D (m, n 0) satises

m m & n n dm,n
Then

dm ,n . ...

( )

d0,n
n0 n0

d1,n
n0

d2,n

and

dm,0
m0 m0

dm,1
m0

dm,3

...

36

Diagonalising a double chain Lemma. Let D be a cpo. Suppose that the doubly-indexed family of elements dm,n D (m, n 0) satises

m m & n n dm,n
Then

dm ,n . ...

( )

d0,n
n0 n0

d1,n
n0

d2,n

and

dm,0
m0 m0

dm,1
m0

dm,3

...

Moreover

m0

n0

dm,n =

dk,k =
k 0 n0

m0

dm,n .
36

Continuity and strictness

If D and E are cpos, the function f is continuous iff

1. it is monotone, and 2. it preserves lubs of chains, i.e. for all chains

d0

d1

. . . in D, it is the case that f(

n0

dn ) =
n0

f (dn ) in E .

37

Continuity and strictness

If D and E are cpos, the function f is continuous iff

1. it is monotone, and 2. it preserves lubs of chains, i.e. for all chains

d0

d1

. . . in D, it is the case that f(

n0

dn ) =
n0

f (dn ) in E .

If D and E have least elements, then the function f is strict iff f () = .

37

Tarskis Fixed Point Theorem Let f

: D D be a continuous function on a domain D. Then

f possesses a least pre-xed point, given by x (f ) =

n0

f n ().

Moreover, x (f ) is a xed point of f , i.e. satises f x (f ) = x (f ), and hence is the least xed point of f .

38

[[while B do C ]] [[while B do C ]] = x (f[[B ]],[[C ]] ) =

n f n0 [[B ]],[[C ]] ()

= s State . k ( s) [[ C ]]

if k

0 is such that [[B ]]([[C ]]k (s)) = false and [[B ]]([[C ]]i (s)) = true for all 0 i < k = true for all i 0

undened

if [[B ]]([[C ]]i (s))

39

Lecture 3
Constructions on Domains

40

Discrete cpos and at domains For any set X , the relation of equality

x
makes (X, set X .

x x=x

def

(x, x X )

) into a cpo, called the discrete cpo with underlying

41

Discrete cpos and at domains For any set X , the relation of equality

x
makes (X, set X . Let X
def

x x=x

def

(x, x X )

) into a cpo, called the discrete cpo with underlying

= X {}, where is some element not in X . Then d (d = d ) (d = )

def

(d, d X )

) into a domain (with least element ), called the at domain determined by X .

makes (X ,

41

Binary product of cpos and domains The product of two cpos (D1 , set
1 ) and

(D2 ,

2 ) has underlying

D1 D2 = {(d1 , d2 ) | d1 D1 & d2 D2 }
and partial order dened by
def

(d 1 , d 2 )

(d 1 , d 2 ) d 1

d1 & d2

d2 .

(x1 , x2 ) x1
1

( y1 , y2 ) x2
2

y1

y2

42

Lubs of chains are calculated componentwise:

(d1,n , d2,n ) = (
n0 i 0

d1,i ,
j 0

d2,j ) .

If (D1 ,

1 ) and

and D1 D2

(D2 , 2 ) are domains so is (D1 D2 , ) = ( D1 , D2 ) .

43

Continuous functions of two arguments Proposition. Let D , E , F be cpos. A function f : (D E ) F is monotone if and only if it is monotone in each argument separately:

d, d D, e E. d d D, e, e E. e

d f (d, e) e f (d, e)

f (d , e) f (d, e ).

Moreover, it is continuous if and only if it preserves lubs of chains in each argument separately:

f(
m0

dm , e) =
m0

f (dm , e) f (d, en ).
n0

f (d ,
n0

en ) =

44

 A couple of derived rules: x x y y (f monotone)

f (x, y )

f (x , y )

f(

m xm ,

n yn )

f (xk , yk )

45

Function cpos and domains Given cpos (D,

D ) and

(E,

E ), the function cpo

(D E, ) has underlying set (D E ) = {f | f : D E is a continuous function}

and partial order:
def

f d D . f (d )

def

f (d ).

46

Function cpos and domains Given cpos (D,

D ) and

(E,

E ), the function cpo

(D E, ) has underlying set (D E ) = {f | f : D E is a continuous function}

and partial order:
def

f d D . f (d )

def

f (d ).

A derived rule: f
(D E )

x g (y )

f (x)

46

Lubs of chains are calculated argumentwise (using lubs in E ):

fn = d D.
n0 n0

f n (d ) .

If E is a domain, then so is D

E and DE (d) = E , all

d D.

47

Lubs of chains are calculated argumentwise (using lubs in E ):

fn = d D.
n0 n0

f n (d ) .

A derived rule:

n fn

m xm )

k fk (xk )

If E is a domain, then so is D

E and DE (d) = E , all

d D.

47

Continuity of composition For cpos D, E, F , the composition function

: (E F ) (D E ) (D F )
dened by setting, for all f

(D E ) and g (E F ),

g f = d D. g f (d)
is continuous.

48

Continuity of the xpoint operator Let D be a domain. By Tarskis Fixed Point Theorem we know that each continuous function f

(D D) possesses a least xed point, x (f ) D .

Proposition. The function

x : (D D) D
is continuous.

49

Lecture 4
Scott Induction

50

Scotts Fixed Point Induction Principle Let f

: D D be a continuous function on a domain D. D, to prove that the least

For any admissible subset S

xed point of f is in S , i.e. that

x (f ) S ,
it sufces to prove

d D (d S f (d ) S ) .

51

Chain-closed and admissible subsets Let D be a cpo. A subset S for all chains d0

d1

D is called chain-closed iff d2 . . . in D dn S

n0

( n 0 . d n S )
If D is a domain, S

D is called admissible iff it is a chain-closed subset of D and S .

52

Chain-closed and admissible subsets Let D be a cpo. A subset S for all chains d0

d1

D is called chain-closed iff d2 . . . in D dn S

n0

( n 0 . d n S )
If D is a domain, S

D is called admissible iff it is a chain-closed subset of D and S . D is called chain-closed (resp. admissible) iff {d D | (d)} is a chain-closed (resp. admissible) subset of D .
A property (d) of elements d
52

Building chain-closed subsets (I) Let D, E be cpos. Basic relations:

For every d D, the subset (d) = { x D | x

of D is chain-closed.
def

d}

53

Building chain-closed subsets (I) Let D, E be cpos. Basic relations:

For every d D, the subset (d) = { x D | x

of D is chain-closed.
def

d}

The subsets {(x, y ) D D | x

and

y}

{(x, y ) D D | x = y }
of D

D are chain-closed.
53

Example (I): Least pre-xed point property Let D be a domain and let f

: D D be a continuous function. d = x (f ) d

d D. f (d)

54

Example (I): Least pre-xed point property Let D be a domain and let f

: D D be a continuous function. d = x (f ) d

d D. f (d)
Proof by Scott induction. Let d

D be a pre-xed point of f . Then, x (d) = = = = x d f (x) f (d) f (x) d f (x) (d)

Hence,

x (f ) (d) .
54

Building chain-closed subsets (II) Inverse image:

: D E be a continuous function. If S is a chain-closed subset of E then the inverse image

Let f

f 1 S = {x D | f (x) S }
is an chain-closed subset of D .

55

Example (II) Let D be a domain and let f, g : D D be continuous functions such that f g g f . Then,

f ()

g () = x (f )

x (g ) .

56

Example (II) Let D be a domain and let f, g : D D be continuous functions such that f g g f . Then,

f ()

g () = x (f )

x (g ) . f (x) g (x)

Proof by Scott induction. Consider the admissible property (x) of D . Since

f (x)

g (x) g (f (x)) f (x (g ))

g (g (x)) f (g (x)) g (x (g )) .

g (g (x))

we have that

56

Building chain-closed subsets (III) Logical operations:

If S, T D are chain-closed subsets of D then ST and ST are chain-closed subsets of D . If { Si }iI is a family of chain-closed subsets of D indexed by a set I , then iI Si is a chain-closed subset of D . If a property P (x, y ) determines a chain-closed subset of D E , then the property x D. P (x, y ) determines a chain-closed subset of E .

57

Example (III): Partial correctness Let F

: State

State be the denotation of

while X > 0 do (Y := X Y ; X := X 1) .
For all x, y

0, F [X x, Y y ] = F [X x, Y y ] = [X 0, Y !x y ].

58

Recall that

F = x (f )
where f

: (State

State ) (State

State ) is given by

f (w) = (x, y ) State .

(x, y ) if x 0 w(x 1, x y ) if x > 0

59

Proof by Scott induction. We consider the admissible subset of (State

State ) given by

S=

and show that

x, y 0. w[X x, Y y ] w[X x, Y y ] = [X 0, Y !x y ] w S = f (w) S .

60

Lecture 5
PCF

61

PCF syntax Types

::= nat | bool |

62

PCF syntax Types

::= nat | bool |

Expressions

::= 0 | succ(M ) | pred(M )

62

PCF syntax Types

::= nat | bool |

Expressions

::= 0 | succ(M ) | pred(M ) | true | false | zero(M )

62

PCF syntax Types

::= nat | bool |

Expressions

::= 0 | succ(M ) | pred(M ) | true | false | zero(M ) | x | if M then M else M

62

PCF syntax Types

::= nat | bool |

Expressions

::= | | |

0 | succ(M ) | pred(M ) true | false | zero(M ) x | if M then M else M fn x : . M | M M | x(M )

where x

V, an innite set of variables.

62

PCF syntax Types

::= nat | bool |

Expressions

::= | | |

0 | succ(M ) | pred(M ) true | false | zero(M ) x | if M then M else M fn x : . M | M M | x(M )

where x

V, an innite set of variables.

Technicality: We identify expressions up to -conversion of bound variables (created by the fn expression-former): by denition a PCF term is an -equivalence class of expressions.
62

PCF typing relation,

M :

is a type environment, i.e. a nite partial function mapping

variables to types (whose domain of denition is denoted

dom ()) M is a term is a type.

63

PCF typing relation,

M :

is a type environment, i.e. a nite partial function mapping

variables to types (whose domain of denition is denoted

dom ()) M is a term is a type.

Notation:

M : means M is closed and PCF = {M | M : }.

def

M : holds.

63

PCF typing relation (sample rules)

(:fn )

[x ]

M :

fn x : . M :

if x

/ dom ()

64

PCF typing relation (sample rules)

(:fn )

[x ]

M :

fn x : . M : M1 :

if x

/ dom ()

(:app )

M2 :

M1 M2 :

64

PCF typing relation (sample rules)

(:fn )

[x ]

M :

fn x : . M : M1 : (:x )

if x

/ dom ()

(:app )

M2 :

M1 M2 : M : x(M ) :

64

Partial recursive functions in PCF

Primitive recursion. h(x, 0) = f (x) h(x, y + 1) = g (x, y, h(x, y ))

65

Partial recursive functions in PCF

Primitive recursion. h(x, 0) = f (x) h(x, y + 1) = g (x, y, h(x, y )) Minimisation. m(x) = the least y 0 such that k (x, y ) = 0

65

PCF evaluation relation takes the form

M V
where

is a PCF type M, V PCF are closed PCF terms of type V is a value, V ::= 0 | succ(V ) | true | false | fn x : . M .

66

PCF evaluation (sample rules)

(val ) V V

(V a value of type )

67

PCF evaluation (sample rules)

(val ) V V

(V a value of type )

(cbn )

M1 fn x : . M1

M1 [M2 /x] V

M1 M2 V

67

PCF evaluation (sample rules)

(val ) V V

(V a value of type )

(cbn )

M1 fn x : . M1

M1 [M2 /x] V

M1 M2 V M x(M ) V x(M ) V

(x )

67

Contextual equivalence Two phrases of a programming language are contextually equivalent if any occurrences of the rst phrase in a complete program can be replaced by the second phrase without affecting the observable results of executing the program.

68

Contextual equivalence of PCF terms Given PCF terms M1 , M2 , PCF type , and a type environment , the relation is dened to hold iff

M1 =ctx M2 : M2 : hold.

Both the typings

M1 : and

For all PCF contexts C for which C [M1 ] and C [M2 ] are closed terms of type , where = nat or = bool , and for all values V : , C [M1 ] V C [M2 ] V.

69

PCF denotational semantics aims

70

PCF denotational semantics aims

PCF types domains [[ ]].

70

PCF denotational semantics aims

PCF types domains [[ ]]. Closed PCF terms M : elements [[M ]] [[ ]].
Denotations of open terms will be continuous functions.

70

PCF denotational semantics aims

PCF types domains [[ ]]. Closed PCF terms M : elements [[M ]] [[ ]].
Denotations of open terms will be continuous functions.

Compositionality. In particular: [[M ]] = [[M ]] [[C [M ]]] = [[C [M ]]].

70

PCF denotational semantics aims

PCF types domains [[ ]]. Closed PCF terms M : elements [[M ]] [[ ]].
Denotations of open terms will be continuous functions.

Compositionality. In particular: [[M ]] = [[M ]] [[C [M ]]] = [[C [M ]]]. Soundness.

For any type , M

V [[M ]] = [[V ]].

70

PCF denotational semantics aims

PCF types domains [[ ]]. Closed PCF terms M : elements [[M ]] [[ ]].
Denotations of open terms will be continuous functions.

Compositionality. In particular: [[M ]] = [[M ]] [[C [M ]]] = [[C [M ]]]. Soundness.

For any type , M

V [[M ]] = [[V ]].

Adequacy. M V . For = bool or nat , [[M ]] = [[V ]] [[ ]] =

70

 PCF , if [[M1 ]] and [[M2 ]] are equal elements of the domain [[ ]], then M1 =ctx M2 : .
Theorem. For all types and closed terms M1 , M2

71

 PCF , if [[M1 ]] and [[M2 ]] are equal elements of the domain [[ ]], then M1 =ctx M2 : .
Theorem. For all types and closed terms M1 , M2 Proof.

C [M1 ] nat V [[C [M1 ]]] = [[V ]] (soundness) [[C [M2 ]]] = [[V ]]
(compositionality on [[M1 ]]

= [[M2 ]])

C [M2 ] nat V
and symmetrically.

(adequacy)

71

Proof principle To prove

M1 =ctx M2 :
it sufces to establish

[[M1 ]] = [[M2 ]] in [[ ]]

72

Proof principle To prove

M1 =ctx M2 :
it sufces to establish

[[M1 ]] = [[M2 ]] in [[ ]]

The proof principle is sound, but is it complete? That is, is equality in the denotational model also a necessary condition for contextual equivalence?

72

Lecture 6
Denotational Semantics of PCF

73

Denotational semantics of PCF To every typing judgement

M :

we associate a continuous function

[[
between domains.

M ]] : [[]] [[ ]]

74

Denotational semantics of PCF types

[[nat ]] = N [[bool ]] = B
def

def

(at domain)

(at domain)

where N

= {0, 1, 2, . . . } and B = {true , false }.

75

Denotational semantics of PCF types

[[nat ]] = N [[bool ]] = B [[ ]] = [[ ]] [[ ]]
where N
def def

def

(at domain)

(at domain)

(function domain).

= {0, 1, 2, . . . } and B = {true , false }.

75

Denotational semantics of PCF type environments

[[]]

def

xdom ()

[[(x)]]

(-environments)

76

Denotational semantics of PCF type environments

[[]]

def

xdom ()

[[(x)]]

(-environments)

the domain of partial functions from variables to domains such that dom () = dom () and (x) [[(x)]] for all x dom ()

76

Denotational semantics of PCF type environments

[[]]

def

xdom ()

[[(x)]]

(-environments)

the domain of partial functions from variables to domains such that dom () = dom () and (x) [[(x)]] for all x dom ()

Example: 1. For the empty type environment ,

[[]] = { }
where denotes the unique partial function with

dom () = .
76

2.

[[ x ]] = { x } [[ ]]

77

2.

[[ x ]] = { x } [[ ]] = [[ ]]

77

2. 3.

[[ x ]] = { x } [[ ]] = [[ ]]

[[ x1 1 , . . . , xn n ]] = { x1 } [[1 ]] . . . { xn } [[n ]] = [[1 ]] . . . [[n ]]

77

Denotational semantics of PCF terms, I

[[ [[ [[

0]]() = 0 [[nat ]]
def

def

true]]() = true [[bool ]] false]]() = false [[bool ]]

def

78

Denotational semantics of PCF terms, I

[[ [[ [[

0]]() = 0 [[nat ]]
def

def

true]]() = true [[bool ]] false]]() = false [[bool ]] [[ x]]() = (x) [[(x)]]

def def

x dom ()

78

Denotational semantics of PCF terms, II

[[

succ(M )]]()
def

[[

M ]]() + 1 if [[ if [[

M ]]() = M ]]() =

79

Denotational semantics of PCF terms, II

[[

succ(M )]]()
def

[[

M ]]() + 1 if [[ if [[

M ]]() = M ]]() =

[[

pred(M )]]()
def

[[

M ]]() 1 if [[ if [[

M ]]() > 0 M ]]() = 0,

79

Denotational semantics of PCF terms, II

[[

succ(M )]]()
def

[[

M ]]() + 1 if [[ if [[

M ]]() = M ]]() =

[[

pred(M )]]()
def

M ]]() 1 if [[ M ]]() > 0 = if [[ M ]]() = 0, true if [[ M ]]() = 0 def [[ zero(M )]]() = false if [[ M ]]() > 0 if [[ M ]]() = [[
79

Denotational semantics of PCF terms, III

[[

if M1 then M2 else M3 ]]() [[ M2 ]]() if [[ M1 ]]() = true def = [[ M3 ]]() if [[ M1 ]]() = false if [[ M1 ]]() =

80

Denotational semantics of PCF terms, III

[[

[[

if M1 then M2 else M3 ]]() [[ M2 ]]() if [[ M1 ]]() = true def = [[ M3 ]]() if [[ M1 ]]() = false if [[ M1 ]]() = M1 M2 ]]() = [[
def

M1 ]]() ([[

M2 ]]())

80

Denotational semantics of PCF terms, IV

[[
def

fn x : . M ]]() M ]]([x d])

= d [[ ]] . [[[x ]

x / dom ()

d] [[[x ]]] is the function mapping x to d [[ ]] and otherwise acting like .

NB: [x

81

Denotational semantics of PCF terms, V

[[

x(M )]]() = x ([[

def

M ]]())

Recall that x is the function assigning least xed points to continuous functions.

82

Denotational semantics of PCF

Proposition. For all typing judgements denotation

M : , the

[[

M ]] : [[]] [[ ]]

is a well-dened continous function.

83

Denotations of closed terms For a closed term M

PCF , we get [[ M ]] : [[]] [[ ]]

and, since [[]]

def

= { }, we have M () [[ ]] (M PCF )

[[M ]] =

84

Compositionality

Proposition. For all typing judgements

M : and M : , and all contexts C [] such that C [M ] : and C [M ] : ,

if

[[

M ]] = [[

M ]] : [[]] [[ ]] C [M ] : [[ ]] [[ ]]

then

C [M ] =

85

Soundness Proposition. For all closed terms M, V if

PCF ,

M V then [[M ]] = [[V ]] [[ ]] .

86

Substitution property Proposition. Suppose that

[x ]
Then,

M : and that M : , so that we also have M [M/x] : .

M [M/x] () = [x ] M x [[ M ]]

for all

[[]].

87

Substitution property Proposition. Suppose that

[x ]
Then,

M : and that M : , so that we also have M [M/x] : .

M [M/x] () = [x ] M x [[ M ]]

for all

[[]]. = , [[ x x M ]] : [[ ]] [[ ]] and M ([[M ]])

In particular when

M [M/x] =

87

Lecture 7
Relating Denotational and Operational Semantics

88

Adequacy For any closed PCF terms M and V of ground type

{nat , bool } with V a value [[M ]] = [[V ]] [[ ]] = M V .

89

Adequacy For any closed PCF terms M and V of ground type

{nat , bool } with V a value [[M ]] = [[V ]] [[ ]] = M V .

NB. Adequacy does not hold at function types

89

Adequacy For any closed PCF terms M and V of ground type

{nat , bool } with V a value [[M ]] = [[V ]] [[ ]] = M V .

NB. Adequacy does not hold at function types:

[[fn x : . (fn y : . y ) x]] = [[fn x : . x]] : [[ ]] [[ ]]

89

Adequacy For any closed PCF terms M and V of ground type

{nat , bool } with V a value [[M ]] = [[V ]] [[ ]] = M V .

NB. Adequacy does not hold at function types:

[[fn x : . (fn y : . y ) x]] = [[fn x : . x]] : [[ ]] [[ ]]

but

fn x : . (fn y : . y ) x fn x : . x

89

Adequacy proof idea

90

Adequacy proof idea 1. We cannot proceed to prove the adequacy statement by a straightforward induction on the structure of terms. Consider M to be

M1 M2 , x(M ).

90

Adequacy proof idea 1. We cannot proceed to prove the adequacy statement by a straightforward induction on the structure of terms. Consider M to be

M1 M2 , x(M ).

2. So we proceed to prove a stronger statement that applies to terms of arbitrary types and implies adequacy.

90

Adequacy proof idea 1. We cannot proceed to prove the adequacy statement by a straightforward induction on the structure of terms. Consider M to be

M1 M2 , x(M ).

2. So we proceed to prove a stronger statement that applies to terms of arbitrary types and implies adequacy. This statement roughly takes the form:

[[M ]]

M for all types and all M PCF

where the formal approximation relations

[[ ]] PCF

are logically chosen to allow a proof by induction.

90

Requirements on the formal approximation relations, I We want that, for

{nat , bool },

[[M ]]

M implies V ([[M ]] = [[V ]] = M V )

adequacy

91

Denition of

M (d [[ ]], M PCF ) for {nat , bool } d

n b

nat

M M

def

n N M nat succn (0)

def

bool

(b = true M bool true) & (b = false M bool false)

92

Proof of: Case

[[M ]]

M implies adequacy

= nat .

[[M ]] = [[V ]] = [[M ]] = [[succn (0)]] = n = [[M ]]

for some n

M
by denition of
nat

= M succn (0)
Case

= bool is similar.

93

Requirements on the formal approximation relations, II We want to be able to proceed by induction. Consider the case M

= M1 M2 . ; logical denition

94

Denition of

f ([[ ]] [[ ]]), M PCF

95

Denition of

f f

M M

f ([[ ]] [[ ]]), M PCF

def

x [[ ]], N PCF (x

N f (x)

M N)

95

Requirements on the formal approximation relations, III We want to be able to proceed by induction. Consider the case M

= x(M ). ; admissibility property

96

Admissibility property

Lemma. For all types and M

PCF , the set

{ d [[ ]] | d
is an admissible subset of [[ ]].

M}

97

Further properties

Lemma. For all types , elements d, d

[[ ]], and terms

M, N, V PCF ,
1. If 2. If

d d

d and d

M then d

M.

M and V (M V = N V ) then d N .

98

Requirements on the formal approximation relations, IV We want to be able to proceed by induction. Consider the case M

= fn x : . M . ; substitutivity property for open terms

99

Fundamental property Theorem. For all

[[

M : , if d1

= x1 1 , . . . , xn n and all 1 M1 , . . . , dn n Mn then

M ]][x1 d1 , . . . , xn dn ]

M [M1 /x1 , . . . , Mn /xn ] .

100

Fundamental property Theorem. For all

[[

M : , if d1

= x1 1 , . . . , xn n and all 1 M1 , . . . , dn n Mn then

M ]][x1 d1 , . . . , xn dn ]

M [M1 /x1 , . . . , Mn /xn ] .

NB. The case

= reduces to [[M ]]

for all M

PCF .

100

Fundamental property of the relations Proposition. If

M : is a valid PCF typing, then for all -environments and all -substitutions

[[

M ]]()

M [ ]

means that (x) x dom ().

(x)

(x) holds for each

M [ ] is the PCF term resulting from the simultaneous substitution of (x) for x in M , each x dom ().

101

Contextual preorder between PCF terms

Given PCF terms M1 , M2 , PCF type , and a type environment

, the relation

M1 ctx M2 : is dened to hold iff M1 : and M2 : hold.

Both the typings

For all PCF contexts C for which C [M1 ] and C [M2 ] are closed terms of type , where = nat or = bool , and for all values V PCF , C [M1 ] V = C [M2 ] V .

102

Extensionality properties of ctx

At a ground type

{bool , nat },

M1 ctx M2 : holds if and only if V PCF (M1 V = M2 V ) .

At a function type

M1 ctx

, M2 : holds if and only if

M PCF (M1 M ctx M2 M : ) .

103

Lecture 8
Full Abstraction

104

Proof principle For all types and closed terms M1 , M2

PCF ,

[[M1 ]] = [[M2 ]] in [[ ]] = M1 =ctx M2 : .

Hence, to prove

M1 =ctx M2 :
it sufces to establish

[[M1 ]] = [[M2 ]] in [[ ]] .

105

Full abstraction A denotational model is said to be fully abstract whenever denotational equality characterises contextual equivalence.

106

Full abstraction A denotational model is said to be fully abstract whenever denotational equality characterises contextual equivalence. The domain model of PCF is not fully abstract. In other words, there are contextually equivalent PCF terms with different denotations.

106

Failure of full abstraction, idea We will construct two closed terms

T1 , T2 PCF(bool (bool bool ))bool

such that

T1 =ctx T2
and

[[T1 ]] = [[T2 ]]

107

We achieve T1

=ctx T2 by making sure that

M PCFbool (bool bool ) ( T1 M bool & T2 M bool )

108

We achieve T1

=ctx T2 by making sure that

M PCFbool (bool bool ) ( T1 M bool & T2 M bool )

Hence,

[[T1 ]]([[M ]]) = = [[T2 ]]([[M ]])

for all M

PCFbool (bool bool ) .

108

We achieve T1

=ctx T2 by making sure that

M PCFbool (bool bool ) ( T1 M bool & T2 M bool )

Hence,

[[T1 ]]([[M ]]) = = [[T2 ]]([[M ]])

for all M

PCFbool (bool bool ) . = [[T2 ]] by making sure that [[T1 ]](por ) = [[T2 ]](por )

We achieve [[T1 ]]

for some non-denable continuous function

por (B (B B )) .

108

Parallel-or function is the unique continuous function por that

: B (B B ) such

por true = true por true = true por false false = false

109

Parallel-or function is the unique continuous function por that

: B (B B ) such

por true = true por true = true por false false = false
In which case, it necessarily follows by monotonicity that

por true true = true por true false = true por false true = true

por false = por false = por =

109

Undenability of parallel-or Proposition. There is no closed PCF term

P : bool (bool bool )

satisfying

[[P ]] = por : B (B B ) .

110

Parallel-or test functions

111

Parallel-or test functions For i

= 1, 2 dene
def

Ti =

fn f : bool (bool bool ) . if (f true ) then if (f true) then if (f false false) then else Bi else else
def

where B1

= true, B2 = false, def and = x(fn x : bool . x).

111

def

Failure of full abstraction

Proposition.

T1 =ctx T2 : (bool (bool bool )) bool [[T1 ]] = [[T2 ]] (B (B B )) B

112

PCF+por Expressions Typing Evaluation

M ::= | por(M, M ) M1 : bool M2 : bool por(M1 , M2 ) : bool M2 bool true por(M1 , M2 ) bool true

M1 bool true por(M1 , M2 ) bool true

M1 bool false M2 bool false por(M1 , M2 ) bool false

113

Plotkins full abstraction result

The denotational semantics of PCF+por is given by extending that of PCF with the clause
def

[[

por(M1 , M2 )]]() = por [[

M1 ]]() [[

M2 ]]()

This denotational semantics is fully abstract for contextual equivalence of PCF+por terms:

M1 =ctx M2 : [[

M1 ]] = [[

M2 ]].

114