CS 641 Lecture -*- Outline -*- * Full abstraction (Schmdit's 10.7) What makes a good operational semantics? (here the fixpoint semantics is taken as primary; i.e., as the model) operational semantics: Let Op = (Gamma, -->, T) be a TTS T subset of Gamma I: Programs -> Gamma A: Gamma -> Programs (this is different than usual O) M[[.]]: Programs -> Programs by M[[e]] = a iff there is a g in T such that I(e) -->* g and A(g) = a fixpoint semantics: C[[t]] is a poset, ordered by <= C[[e:t]]: env -> C[[t]] Answers subset of Programs not necessarily true that A: T -> Answers assumptions: for all a in Answers, I(a) in T and A(I(a)) in Answers P[[.]] defined by P[[e:t]] = C[[e:t]](\bot) given e:t, returns element of C[[t]]. ** Faithfulness each transition of Op perserves meaning of expression The TTS Op is faithful to P iff for all e in Programs, for all g in Gamma I(e) -->* g implies P[[e]] = P[[A(g)]] for PCF: e ~ c implies C[[e]] = C[[c]]. ** Termination eventually get to a terminal configuration (converse of faithfulness) The TTS Op is terminating wrt P iff for all e in Programs, for all a in Answers, if P[[e]] = P[[a]], then there is some g in T such that I(e) -->* g, A(g) in Answers, and P[[A(g)]] = P[[a]] computational adequacy for PCF: for cannonical c, C[[e]] = C[[c]] implies e ~ c. only true for e,c of ground type. Can also use the above criteria to discuss correctness of one operational semantics with respect to another. ** Observability *** Contexts an expression with a "hole" e.g., C[] = \x:num.[] so C[\y:bool.x] = \x:num.\y:bool.x Capturing is allowed. Holes can be thought of as typed... Contexts for PCF replace e by C[], add [] to grammar. ---------------- t ::= num | bool | t -> t C[] ::= 0 | succ(C[]) | pred(C[]) | true | false | zero?(C[]) [] | x | \x:t.C[] | C[] C[] | \mu x:t.C[] | if C[] then C[] else C[] ---------------- *** Observational equivalence e ~~ e' iff e [~ e' and e' [~ e Schmidt's def: e [~ e' iff for each context C[], for all g in T, I(C[e]) -->* g and A(g) in Answers implies there is some g' in T such that I(C[e']) -->* g' and P[[A(g)]] = P[[A(g')]]. e.g., in PCF: e [~ e' iff for each context C[] if |- C[e] : s and |- C[e'] : s, s a ground type, C[e] ~ c implies C[e'] ~ c *** Full abstraction def: for all e, e', P[[e]] <= P[[e']] iff e [~ e' lemma: if P[[e]] <= P[[e']], then P[[(C[e])]] <= P[[(C[e'])]]. **** Denotational equality implies observable equiv for faithful & termin. Theorem (Plotkin): if the TTS Op is faithful to P, then Op is terminating iff for all e, e', P[[e]] = P[[e']] implies e ~~ e' Pf: Suppose that Op is faithful to P. (=>) Suppose Op is terminating. Let e, e' be given. Suppose that P[[e]] = P[[e']]. ([~) Let C[] be a context. Let g be an element of T. Suppose I(C[e]) -->* g and A(g) in Answers. Since Op is faithful, P[[(C[e])]] = P[[A(g)]]. By lemma above: P[[A(g)]] = P[[(C[e'])]]. Since Op is terminating, there is some g' in T such that I(C[e']) -->* g', A(g') in Answers, and P[[A(g')]] = P[[A(g)]]. (]~) similar. (<=) Suppose for all e, e', P[[e]] = P[[e']] implies e ~~ e'. Let e in Programs, a in Answers be such that P[[e]] = P[[a]]. I(a) -->* I(a). By def, I(a) in T and A(I(a)) in Answers. Since Op is faithful, P[[a]] = P[[A(I(a))]]. Since a [~ e, there is some g' in T such that I(e) -->* g' and P[[A(g')]] = P[[A(I(a))]]. Gunter's 5.1: If C[[e]](\bot) <= C[[e']](\bot), then e [~ e'. **** Converse not true! There are terms (T and F below) such that T ~~ F, but C[[T]] <> C[[F]]. ---------------------- let T: bool -> (bool -> bool) -> bool be \f : bool -> (bool -> bool) . if f(true)(Omega) then if f(Omega)(true) then if f(false)(false) then Omega else true * else Omega else Omega let F: bool -> (bool -> bool) -> bool be \f : bool -> (bool -> bool) . if f(true)(Omega) then if f(Omega)(true) then if f(false)(false) then Omega else false * else Omega else Omega ---------------------- claim: T ~~ F. show this using theory of finite approximations, finer semantics for PCF. claim: C[[T]] <> C[[F]] Let por: bool -> (bool -> bool) be the "parallel or" function: por(true)(Omega) = true por(Omega)(true) = true por(a)(b) = a or b otherwise por is continuous, thus a member of C[[bool -> (bool -> bool)]] But C[[T]](\bot)(por) = true <> false = C[[F]](\bot)(por) So C is not fully abstract. **** Fixes New semantics for PCF... New constructs in PCF, e.g., por or parallel conditional (pif)