Operational Semantics. ‌ The introduction of the import construct leads to an under-specification of the program: only the names and the types of the imported classes are given but not the code. The consequence is that the semantics definition of a component now consists of two parts. The first part, called internal semantics, deals with internal computations only, i.e., computations which are completely independent of the imported classes but solely determined by the program’s code. This part is given in form of a transition semantics which is almost identical to the one already given in Table 2.7. We only add a premise in rule Call and in rule New which ensures that the called method or constructor, respectively, indeed belongs to a class of the given program code. As for rule New, this additional check is very simple, since the class name itself is part of the new statement. As for the method call, we have to find out, if the callee object, named o, is an instance of a program class. We will see later, however, that the heap function stores information about objects of program classes, only. Therefore, the check can be easily realized by adding the premise o ∈ dom(h).3
In general the operational semantics of the specification language is very similar to the operational semantics of the original programming language. In particular, the internal steps remain the same. Regarding the inference rules of the external steps, the crucial point is that we have to narrow down the communication steps such that the resulting trace semantics of the specification consists only of the specified traces (and their prefixes). This is implemented, on the one hand, by additional premises and, on the other hand, by allowing incoming communication only if a corresponding communication term is on top of the call stack. The different handling of interface communication as well as the absence of internal method and constructor calls also leads to a somewhat different, i.e., simpler, form of the call stack of a specification. For, the execution of a program never adds or removes an activation record but each inference rule only modifies the topmost activation record. Although this means that the call stack does not consist of several blocked and possibly one active activation record, we still dis- tinguish activation records which only allow incoming communication as the next interface communication from activation records which only allow outgoing com- munication as the next interface communication. Thus, for the activation records of the specification language we define AR ::= ARa | ARp ARa ::= (µ, mcact) ARp ::= (µ, mcpsv) mcact ::= sact | sact ; !return(e); xxxxx mcpsv ::= spsv | spsv ; x =?return(T x).where(e); mcact
Operational Semantics. We can now define an operational semantics for our contract calculus. The rules of the operational xxxxx- tics appear in Figure 1. The semantics take one of three forms: (i) ϕ −Ñ ϕ1 to denote that contract ϕ a,k can evolve (in one s−tep) to ϕ1 when action a is per- formed, which involves party k (and possibly other parties); or (ii) ϕ pa,kÑq ϕ1 indicating that the contract units: OppPBPqr5s. In this case, equivalence rule 13 can be applied after 5 time units: OppPBPqr5s ϕ can evolve to ϕ−1−w−−hen the action a is not offered by any party other than k; or (iii) ϕ d ϕ1 to represent OppPBPqr0s ãÑ K. that contract ϕ can evolve to contract ϕ1 when d time \[ p q p q In order to justify the simplification of contract formulae by applying these rules repeatedly, we will need to prove that the rewriting process is terminat- ing and confluent. To prove confluence of ã , we will first prove local confluence, from which conflu- ence follows using a standard result from computer science. Ñ P Ø Proposition 2. The ã C C relation is: (i) ter- minating: there is no infinite sequence ϕ1, ϕ2 . . . , units pass. We will use variable α to stand for a label of either form: a, k or a, k . The rules of the op- erational semantics are always applied to irreducible terms. The core of any contract reasoning formalism is the rules defining the semantics of the deontic modal- ities.
The operational semantics of a contract is given by the minimal labeled transition system, with labels taken from the set Labels, satisfying the following axiom and rules (a, b, r e Names)
We can now define an operational semantics for our contract calculus. The rules of the opera- tional semantics appear in Figure 1.
Operational Semantics. The operational semantics of a contract is given by the minimal labeled transition system, with labels taken from the set Labels, satisfying the following axiom and rules (a, b, r e Names) α Gl –→ Gjl l e I r g Names( xx.Xx) ieI Gi α Gj invoke(a, b .C ) (r) (r(b ).C ) | a(r) ieI –→ l ieI i –→
Operational Semantics. Afirst attempt to formalise aspects of the Modelica language was made at a time where no complete implementation was available and was performed by Xxxxxxx and Fritzson to discover and close gaps in the early specification documents [KF98]. Xxxxxxx and Fritzson distinguish betweenstatic semantics(which describes how the object-oriented structuring of models and their equations work) and thedynamic semantics(which de- scribes the simulation-time behaviour) of Modelica models. Like most later work on formalizing Modelica semantics the work by Xxxxxxx and Fritzson [KF98] addresses the static semanticsand does not intend to describe the equations solving process, nor the actual simulation. The formal semantics provided in their work is expressed in a high- level specification language called Relational Meta Language (RML) [Pet95], which is based on natural semantics (an operational semantics specification style). A compiler generation system allows generating a translator from a language specification written in RML. The paper explains the basic ideas behind that approach, but it does not list the complete RML source-code that was written during that early effort. Development and usage of efficient language implementation generators has been a long- term research effort at the Programming Environments Laboratory (PELAB)2 at Lin- köping University. In [FPBA09], Xxxxx et al. report on practical experience gained with various approaches. The biggest effort was developing a complete Modelica compiler using RML as the specification language. This implementation formed the base for the OpenModelicaenvironment [ FAL+05]. A remarkable observation reported in the paper is the enormous growth of the RML code over time; we reproduce the data below (where we refer to lines of RML code, including comments). Nowadays the development of OpenModelica has swapped from RML toMetaModelica. MetaModelica is a language developed at PELAB that introduces language modelling features known from languages like RML into the Modelica language. One of its develop- ment motivations was to provide a language with a more gentle learning curve than RML, particularly in regard to prospective OpenModelica developers without a background in formal specification methods. MetaModelica [PF06] has evolved over the years and, more recently, a bootstrapping version has been used in the OpenModelica development [SFP14]. An ongoing project that aims to formalize a clocked discrete-time subset of the Mod...
Operational Semantics. Operational semantics [59] is a way to express the meaning of a programming language: for each language construct, the effect of its execution on an abstract machine is formalized. The operational semantics of our language will be given in form of a small-step semantics. This kind of semantics is based on the idea that a program execution is considered as a sequence of indivisible steps that manifest themselves in form of changes in the program’s configuration. The small-step semantics stipulates what kind of changes may happen in a certain situation. It is often represented by a transition relation which in turn is described by an inference system where the conclusion of each inference rule determines a (parameterized) transition between two configurations. The concept of using an inference system to describe the computation step, also called structural operational semantics, goes back to Xxxxxxx [56]. Before we take a closer look at the operational semantics’ transition rules let us first discuss the constituents of a program configuration. A program configuration (h, v, CS) is a triple consisting of the current state of the heap h, the global variables v, and the call stack CS. The details about the elements of a program configuration are given in the following definition. 2.3.1 (Configuration): Let the set of all possible values be denoted by Val including null as the semantical representation for null. We use partial functions from field names to values to represent the state of an object. More specifically, an object consists of the value of its fields and a reference to its class. Thus, we define Obj =def CNames × F with F =def FNames - Val as the set of all possible objects. For an object o Obj we use o.class and x.xxxxxx to denote the projection onto the first or, respectively, the second element of the pair. Let N be the set of object names. The heap is represented by a partial function from object names to objects. We use def H = N - Obj to denote the set of heaps. Let V =def VNames - Val be the set of variable functions, i.e., partial functions from variables to values. The state of a program’s global variables is represented by an element v of V. The call stack consists of a list of activation records each capturing the local variables as well as the code fragment of a method instance that still has to be executed. More precisely, an activation record’s code fragment is of the form: mc ::= stmt x; mc | return [e], where the square brackets den...