What is the Meaning of These Constant Interruptions? Graham Hutton and Joel Wright University of Nottingham.

What is the Meaning of These Constant Interruptions?

Graham Hutton and Joel WrightUniversity of Nottingham

2

What Is An Exception?

Division by zeroNull pointer

Examples:

An event within a computation that causes termination in a non-

standard way

3

What Is An Interrupt?

An exception that arises from the external environement, e.g. another

computation

TerminateAny exception

Examples:

4

This TalkHaskell is unique in providing both full support

for interrupts and a semantics for this.

But the semantics is subtle, and relies on quite considerable technical machinery.

We give a simple, formally justified, semantics for interrupts in a small language.

5

An Exceptional Language

data Expr = Val Int | Throw | Add Expr Expr | Seq Expr Expr | Catch Expr Expr

Syntax:

Semantics:

e ve can evaluate to

v

6

Sequencing:

Seq x y v

x Val n y v

Seq x y Throw

x Throw

Catch x y Val n

x Val n

Catch x y v

x Throw y v

Catch:

7

Finally, An Example

Problem: how can we ensure that evaluation of x is always succeeded by evaluation of y?

finally x y

=

8

Finally, An Example


finally x y

=

Seq x y

9

Finally, An Example


finally x y

=

Seq x y

If x produces an exception,

y is not evaluated

10

Seq (Catch x y) y

Finally, An Example


finally x y

=

11

Seq (Catch x y) y

Finally, An Example


finally x y

=

If x produces an exception, y

may be evaluated twice

12

Seq (Catch x (Seq y Throw)) y

Finally, An Example


finally x y

=

13


Finally, An Example


finally x y

=

Now has the correct

behaviour

14

Adding Interrupts

To avoid the need for concurrency, we adopt the following worst-case rule for interrupts:

x ThrowEvaluation can be interrupted at any time by replacing

the current expression by throw

15


Note:

Evaluation is now non-deterministic.

Finally no longer behaves as expected.

could be interrupted as y is about to be

evaluated

16

Controlling Interrupts

data Expr = ••• | Block Expr | Unblock Expr

Syntax:

Semantics:

e i ve can evaluate to

v in interrupt status i

17

Key rules:

Block x i v

x B v

Unblock x i v

x U v

x U Throw

The other rules are simply modified to propogate the current interrupt status to their arguments.

18

Finally Revisited

finally x y

=


19

Block (Seq (Catch (Unblock x) (Seq y Throw)) y)

Finally Revisited

finally x y

=

20

Block (Seq (Catch (Unblock x) (Seq y Throw)) y)

Finally Revisited

finally x y

=

Modulo syntax, finally in Haskell is defined in precisely

the same way

21

Is Our Semantics Correct?

How does our high-level semantics reflect our low-level intuition about interrupts?

To address this issue, we first define a virtual machine, its semantics, and a compiler.

We explain the basic ideas informally using an example - the paper gives full details.

22

Catch (Unblock (2+3)) 4

Example

Code

23


Example

Code

24


Example

MARK [ ]

UNMARK

Code

25


Example

MARK [ ]

UNMARK

Code

26


Example

MARK [PUSH 4]

UNMARK

Code

27


Example

MARK [PUSH 4]

UNMARK

Code

28


Example

MARK [PUSH 4]SET U

RESETUNMARK

Code

29


Example

MARK [PUSH 4]SET U

RESETUNMARK

Code

30


Example

MARK [PUSH 4]SET UPUSH 2PUSH 3ADDRESETUNMARK

Code

31


Example


Code

Stack

Status

32


Example


Code

Stack

Status

B

33


Example

SET UPUSH 2PUSH 3ADDRESETUNMARK

Code

Stack

HAN [PUSH 4]

Status

B

34


Example

PUSH 2PUSH 3ADDRESETUNMARK

Code

Stack

INT BHAN [PUSH 4]

Status

U

35


Example

PUSH 3ADDRESETUNMARK

Code

Stack

VAL 2INT BHAN [PUSH 4]

Status

U

36


Example

ADDRESETUNMARK

Code

Stack

VAL 3VAL 2INT BHAN [PUSH 4]

Status

U

37


Example

ADDRESETUNMARK

Code

Stack


Status

U

interrupt!

38


Example

THROWRESETUNMARK

Code

Stack


Status

U

interrupt!

39


Example

THROWRESETUNMARK

Code

Stack

VAL 2INT BHAN [PUSH 4]

Status

U

40


Example

THROWRESETUNMARK

Code

Stack

INT BHAN [PUSH 4]

Status

U

41


Example

THROWRESETUNMARK

Code

Stack

HAN [PUSH 4]

Status

B

42


Example

PUSH 4

Code

Stack

Status

B

43


Example

Code

Stack

VAL 4

Status

B

44


Example

Code

Stack

VAL 4

Status

B

Final result

45

Compiler CorrectnessWe will exploit two basic notions of reachability for configurations of our virtual machine.

x can reach everything in

Y

x will reach something in

Y

x * Y

x Y

46

Theorem

{ | e i Val n }

{ | e i Throw }

*

U

Proof: approximately 10 pages of calculation, much of which requires considerable care.

comp e c i s

c i VAL n : s

i s

47

Summary

Simple semantics for interrupts, formally justified by a compiler correctness theorem.

Discovery of an error in the semantics for Haskell, concerning the delivery of interrupts.

Verification of finally, a useful high-level operator for programming with exceptions/interrupts.

48

Further Work

Mechanical verification

Bisimulation theorem

Generalising the language

Reasoning about programs

Calculating the compiler

What is the Meaning of These Constant Interruptions? Graham Hutton and Joel Wright University of Nottingham.

Documents