GAME SEMANTICS FOR INTERFACE MIDDLEWEIGHT JAVA Andrzej S. Murawski - PowerPoint PPT Presentation

GAME SEMANTICS FOR INTERFACE MIDDLEWEIGHT JAVA Andrzej S. Murawski Steven J. Ramsay WARWICK OXFORD Nikos Tzevelekos QUEEN MARY LONDON

WHAT IS THIS TALK ABOUT? a fully abstract denotational model for a core fragment of Java classification of decidable cases for contextual equivalence

CAPTURING PROGRAM BEHAVIOUR ?

FULL ABSTRACTION � M 1 � = � M 2 � if and only if M 1 ∼ = M 2

Game semantics: from PCF to ML Full Abstraction for PCF (early 90's) Games for variants of Idealized Algol ● Non-determinism, exceptions, probability, concurrency, polymorphism, … Nominal game semantics (2004-) ● U se names for dynamic resource generation → fragments of ML, CML, C, now Java

The need for names References as pairs: ref int = (unit  int) x (int  unit) ” ( 1  Z ) x ( Z  1 ) ● Theoretically attractive ● but: mkvar( R , H ), all R , H ( bad variables )

The need for names References as pairs: References as names: ref int = (unit  int) x ref int = base type (int  unit) ”  (reference names) ” ( 1  Z ) x ( Z  1 ) ● Notion of resource (name): ● Theoretically attractive ● atomic values ● infinitely many ● but: mkvar( R , H ), all R , H ● comparable for equality ( bad variables )

GOOD-VARIABLE SOLUTIONS ref ( int ) 20 Andrzej S. Murawski, Nikos Tzevelekos: Full Abstraction for Reduced ML. FOSSACS ref ( ref ( θ )) 2009: 32-47 ref ( θ 1 → θ 2 ) 2008 22 Andrzej S. Murawski, Nikos Tzevelekos: Game Semantics for Good General References. LICS 2011: 75-84 exceptions 37 Andrzej S. Murawski, Nikos Tzevelekos: Game Semantics for Nominal Exceptions. FoSSaCS 2014: 164-179 objects 36 35 Andrzej S. Murawski, Nikos Tzevelekos: Game semantics for interface middleweight Java. POPL 2014: 517-528 i6

Interface Middleweight Java (IMJ) interface ident. θ ::= void | int |  Types field identifiers method identif. Interface definitions Θ ::=  | ( f : θ ), Θ | ( m : θ → θ ), Θ Interface tables Δ ::=  | (  : Θ ), Δ | (     : Θ ), Δ Object calculus based on MJ [Bierman, Parkinson, Pitts] ● Objects, inheritance, casting, interfaces

Interface Middleweight Java (IMJ) Terms M ::= skip | n | null | x | i | M ⊕ M | if M M M | let x = M in M | M = M | (  ) M | new( x :  ; M ) | M . f | M . f := M | M .m( M ) Method implementations M ::=  | (m : λ x.Μ ), M Object calculus based on MJ [Bierman, Parkinson, Pitts] ● Objects, inheritance, casting, interfaces

IMJ example* Δ = Empty:  , Cell: (get: void → Empty, M 1 : let u = new( Var Emp ) in set: Empty → void), new( M 1 ) : Cell Var Emp : (val: Empty), Var Int : (val: int) M 1 : get : λ () . u . val, set : λ y . u . val := y * Koutavas & Wand, 2007

IMJ example* Δ = Empty:  , Cell: (get: void → Empty, M 1 : let u = new( Var Emp ) in set: Empty → void), new( M 1 ) : Cell Var Emp : (val: Empty), Var Int : (val: int) M 1 : get : λ () . u . val, set : λ y . u . val := y M 2 : let b = new( Var Int M 2 : get : λ () . if b . val ) in then b . val := 0 ; u 1 . val let u 1 = new( Var Emp ) in else b . val := 1 ; u 2 . val, let u 2 = new( Var Emp ) in set : λ y . u 1 . val := y ; new( M 2 ) : Cell u 2 . val := y * Koutavas & Wand, 2007

Game Semantics Computation is modelled as a 2-player game between: ● Opponent (the environment, O ) ● Proponent (the program, P ) Qualitative games ( ≠ Game Theory) Computations = plays of a specified game Programs = strategies for P Strategy composition → categories of games

Plays, strategies  M  :  I inp   I out  strategy arenas Plays : sequences of moves-with-store call n . set(12) ( n  IntCell, val=5) , … Strategies : sets of plays ● moves have polarities ( O / P ), which alternate ● P calls methods of O , and viceversa; dually for returns ● calls and returns obey the object interfaces ● strategies are closed wrt to O -name subtyping …

IMJ example: game semantics M 1 : let u = new( Var Emp Δ = Empty:  , ) in Cell: (get: void → Empty, new( M 1 ) : Cell set: Empty → void), Var Emp : (val: Empty), M 1 : get : λ () . u . val, Var Int : (val: int) set : λ y . u . val := y O P O P  = * n Σ 0 ( call n .get() Σ 0 ret n .get( nul ) Σ 0 )*  M 1 ) Σ 1 ret n .set() Σ 1 call n .set( n 1 ( call n .get() Σ 1 ret n .get( n 1 ) Σ 1 )* ) Σ 2 ret n .set() Σ 2 ... call n .set( n 2 Σ i = { n  (Cell,  ) }  { n j  (Empty,  ), 1  j  i }

IMJ example: game semantics M 1 : let u = new( Var Emp Δ = Empty:  , ) in Cell: (get: void → Empty, new( M 1 ) : Cell set: Empty → void), Var Emp : (val: Empty), M 1 : get : λ () . u . val, Var Int : (val: int) set : λ y . u . val := y O P O P  = * n Σ 0 ( call n .get() Σ 0 ret n .get( nul ) Σ 0 )*  M 1 ) Σ 1 ret n .set() Σ 1 call n .set( n 1 ( call n .get() Σ 1 ret n .get( n 1 ) Σ 1 )* ) Σ 2 ret n .set() Σ 2 ... call n .set( n 2 Σ i = { n  (Cell,  ) }  { n j  (Empty,  ), 1  j  i }

IMJ example: game semantics M 1 : let u = new( Var Emp Δ = Empty:  , ) in Cell: (get: void → Empty, new( M 1 ) : Cell set: Empty → void), Var Emp : (val: Empty), M 1 : get : λ () . u . val, Var Int : (val: int) set : λ y . u . val := y O P O P  = * n Σ 0 ( call n .get() Σ 0 ret n .get( nul ) Σ 0 )*  M 1 ) Σ 1 ret n .set() Σ 1 call n .set( n 1 ( call n .get() Σ 1 ret n .get( n 1 ) Σ 1 )* ) Σ 2 ret n .set() Σ 2 ... call n .set( n 2 Σ i = { n  (Cell,  ) }  { n j  (Empty,  ), 1  j  i }

IMJ example: game semantics M 1 : let u = new( Var Emp Δ = Empty:  , ) in Cell: (get: void → Empty, new( M 1 ) : Cell set: Empty → void), Var Emp : (val: Empty), M 1 : get : λ () . u . val, Var Int : (val: int) set : λ y . u . val := y O P O P  = * n Σ 0 ( call n .get() Σ 0 ret n .get( nul ) Σ 0 )*  M 1 ) Σ 1 ret n .set() Σ 1 call n .set( n 1 ( call n .get() Σ 1 ret n .get( n 1 ) Σ 1 )* ) Σ 2 ret n .set() Σ 2 ... call n .set( n 2 Σ i = { n  (Cell,  ) }  { n j  (Empty,  ), 1  j  i }

IMJ example: game semantics M 1 : let u = new( Var Emp Δ = Empty:  , ) in Cell: (get: void → Empty, new( M 1 ) : Cell set: Empty → void), Var Emp : (val: Empty), M 1 : get : λ () . u . val, Var Int : (val: int) set : λ y . u . val := y O P O P  = * n Σ 0 ( call n .get() Σ 0 ret n .get( nul ) Σ 0 )*  M 1 ) Σ 1 ret n .set() Σ 1 call n .set( n 1 ( call n .get() Σ 1 ret n .get( n 1 ) Σ 1 )* ) Σ 2 ret n .set( ) Σ 2 ... call n .set( n 2 Σ i = { n  (Cell,  ) }  { n j  (Empty,  ), 1  j  i }

IMJ example: game semantics M 2 : let b = new( Var Int M 2 : get : λ () . if b . val ) in M 1 : let u = new( Var Emp Δ = Empty:  , ) in then b . val := 0 ; u 1 . val Cell: (get: void → Empty, let u 1 = new( Var Emp ) in new( Cell; M 1 ) : Cell set: Empty → void), else b . val := 1 ; u 2 . val, let u 2 = new( Var Emp ) in Var Emp : (val: Empty), M 1 : get : λ(). u . val, set : λ y . u 1 . val := y ; Var Int : (val: int) new( M 2 ) : Cell set : λ y . u . val := y u 2 . val := y O P O P  = * n Σ 0 ( call n .get() Σ 0 ret n .get( nul ) Σ 0 )*  M 1 ) Σ 1 ret n .set() Σ 1 call n .set( n 1 ( call n .get() Σ 1 ret n .get( n 1 ) Σ 1 )* ) Σ 2 ret n .set( ) Σ 2 ... =  M 2  call n .set( n 2 Σ i = { n  (Cell,  ) }  { n j  (Empty,  ), 1  j  i }

Full abstraction for IMJ Lemma . The game model is sound Lemma. Every finitary strategy is IMJ-definable Theorem. The game model is fully abstract P  P' ⇔  P    P' 

Related work on objects TAOOP'94 Domain models FSSJava'99

Related work on objects TAOOP'94 Domain models FSSJava'99 Environmental FOOL/WOOD'07 bisimulations

Related work on objects TAOOP'94 Domain models FSSJava'99 Environmental FOOL/WOOD'07 bisimulations ESOP'03 Trace models FMCO'04 TCS'05

contextually equivalent M 1 , M 2 VERIFICATION ⇐ ⇒ � M 1 � = � M 2 � strategy ⇐ ⇒ A M 1 ≈ A M 2 9 x.1 x.1write x.0 6 x.q x.-1 3 10 x.0write x.1 15 x.1 x.-1write x.ok 11 18 run x.q x.0 x.q 0 1 2 4 7 x.0 x.1write x.-1 12 x.1 x.0write 5 x.-1 x.q x.-1write x.ok x.0write x.ok done 16 19 21 22 23 13 x.-1write 8 x.0 x.ok 20 x.-1 x.-1write 17 14

SOURCES OF UNDECIDABILITY • arithmetic • recursive definitions (datatypes and methods) • storage of method-carrying objects in fields • “higher-order” types o 1 : I 1 , , o k : I k M : I · · · ⊢

HIGHER-ORDER TYPES bad • → ( • → • ) ⊢ (( • → • ) → • ) → • ⊢ ( • → • ) → • ⊢ − − → good G ::= void | int | − − → f : G − − − − − − − → L ::= void | int | ( − − → m : ⃗ f : G , G → L ) − − − − − − − → R ::= void | int | ( − − → m : ⃗ f : G , L → G )

AUTOMATA THEORY ( t, n 1 ) OVER INFINITE ALPHABETS ( t ′ , n 2 ) ( t, n 1 ) . . . . . # . n 1 n 2 n r · · · · · · • RA language equivalence (det) [LICS’15] co-NP-complete bisimilarity PSPACE-complete [LICS’15] • PDRA emptiness EXPTIME-complete [MFCS’14] bisimilarity [LICS’15] undecidable HO emptiness undecidable [MFCS’14] • FPDRA emptiness [ICALP’12, MFCS’14] EXPTIME-complete