afl-material: comparison coursework/cw04.tex

equal deleted inserted replaced

-:3703ade9b17c
+:640e4a05cd9b
 \usepackage{../style}
 \usepackage{../langs}
 \begin{document}
-\section*{Coursework (Strand 2)}
+\section*{Coursework 4 (Strand 1)}
-\noindent This coursework is worth 25\% and is due on 12
+\noindent This coursework is worth 10\% and is due on 12th
-December at 16:00. You are asked to prove the correctness of a
+December at 16:00. You are asked to implement a compiler for
-regular expression matcher from the lectures using the
+the WHILE language that targets the assembler language
-Isabelle theorem prover. You need to submit a theory file
+provided by Jasmin. This assembler is available from
-containing this proof. The Isabelle theorem prover is
-available from
+\begin{center}
+\url{http://jasmin.sourceforge.net}
-\begin{center}
+\end{center}
-\url{http://isabelle.in.tum.de}
-\end{center}
+\noindent
+There is a user guide for Jasmin
-\noindent This is an interactive theorem prover, meaning that
-you can make definitions and state properties, and then help
+\begin{center}
-the system with proving these properties. Sometimes the proofs
+\url{http://jasmin.sourceforge.net/guide.html}
-are also automatic. There is a shortish user guide for
+\end{center}
-Isabelle, called ``Programming and Proving in Isabelle/HOL''
-at
+\noindent
+and also a description of some of the instructions that the JVM understands
-\begin{center}
-\url{http://isabelle.in.tum.de/documentation.html}
+\begin{center}
-\end{center}
+\url{http://jasmin.sourceforge.net/instructions.html}
+\end{center}
-\noindent
-and also a longer (free) book at
+\noindent
+If you generated a correct assembler file for Jasmin, for example
-\begin{center}
+\texttt{loops.j}, you can use
-\url{http://www.concrete-semantics.org}
-\end{center}
+\begin{center}
+\texttt{java -jar jasmin-2.4/jasmin.jar loops.j}
-\noindent The Isabelle theorem prover is operated through the
+\end{center}
-jEdit IDE, which might not be an editor that is widely known.
-JEdit is documented in
+\noindent
+in order to translate it to Java byte code. The resulting class file can be
-\begin{center}
+run with
-\url{http://isabelle.in.tum.de/dist/Isabelle2014/doc/jedit.pdf}
-\end{center}
+\begin{center}
+\texttt{java loops}
+\end{center}
-\noindent If you need more help or you are stuck somewhere,
-please feel free to contact me (christian.urban@kcl.ac.uk). I
+\noindent
-am a main developer of Isabelle and have used it for
+where you might need to give the correct path to the class file. There
-approximately the 14 years. One of the success stories of
+are also other resources about Jasmin on the Internet, for example
-Isabelle is the recent verification of a microkernel operating
+\mbox{\url{http://goo.gl/Qj8TeK}} and \mbox{\url{http://goo.gl/fpVNyT}}\;.\bigskip
-system by an Australian group, see \url{http://sel4.systems}.
-Their operating system is the only one that has been proved
+\noindent
-correct according to its specification and is used for
+You need to submit a document containing the answers for the two questions
-application where high assurance, security and reliability is
+below. You can do the implementation in any programming language you like, but you need
-needed.
+to submit the source code with which you answered the questions. Otherwise
+the submission will not be counted.  However, the coursework
+will \emph{only} be judged according to the answers. You can submit your answers
-\subsection*{The Task}
+in a txt-file or as pdf.\bigskip
-In this coursework you are asked to prove the correctness of
-the regular expression matcher from the lectures in Isabelle.
+\subsection*{Question 1 (marked with 2\%)}
-For this you need to first specify what the matcher is
-supposed to do and then to implement the algorithm. Finally
+You need to lex and parse WHILE programs and submit the assembler
-you need to prove that the algorithm meets the specification.
+instructions for the Fibonacci program and for the program you submitted
-The first two parts are relatively easy, because the
+in Coursework 2 in Question 3. The latter should be so modified that
-definitions in Isabelle will look very similar to the
+a user can input the upper bound on the console (in the original question
-mathematical definitions from the lectures or the Scala code
+it was fixed to 100).
-that is supplied at KEATS. For example very similar to Scala,
-regular expressions are defined in Isabelle as an inductive
+\subsection*{Question 2 (marked with 2\%)}
-datatype:
+Extend the syntax of you language so that it contains also \texttt{for}-loops, like
-\begin{lstlisting}[language={},numbers=none]
-datatype rexp =
+\begin{center}
-NULL
+\texttt{for} \;\textit{Id} \texttt{:=} \textit{AExp}\; \texttt{upto} \;\textit{AExp}\; \texttt{do} \textit{Block}
-| EMPTY
+\end{center}
-| CHAR char
-| SEQ rexp rexp
+\noindent
-| ALT rexp rexp
+The intended meaning is to first assign the variable \textit{Id} the value of the first arithmetic
-| STAR rexp
+expression, then go through the loop, at the end increase the value of the variable by 1,
-\end{lstlisting}
+and finally test wether the value is not less or equal to the value of the second
+arithmetic expression. For example the following instance of a \texttt{for}-loop
-\noindent The meaning of regular expressions is given as
+is supposed to print out the numbers \texttt{2}, \texttt{3}, \texttt{4}.
-usual:
 \begin{center}
-\begin{tabular}{rcl@{\hspace{10mm}}l}
+\begin{minipage}{6cm}
-$L(\varnothing)$  & $\dn$ & $\varnothing$   & \pcode{NULL}\\
+\begin{lstlisting}[language=While,basicstyle=\ttfamily, numbers=none]
-$L(\epsilon)$     & $\dn$ & $\{[]\}$        & \pcode{EMPTY}\\
+for i := 2 upto 4 do {
-$L(c)$            & $\dn$ & $\{[c]\}$       & \pcode{CHAR}\\
+write i
-$L(r_1 + r_2)$     & $\dn$ & $L(r_1) \cup L(r_2)$ & \pcode{ALT}\\
+}
-$L(r_1 \cdot r_2)$ & $\dn$ & $L(r_1) \,@\, L(r_2)$ & \pcode{SEQ}\\
+\end{lstlisting}
-$L(r^*)$           & $\dn$ & $(L(r))^*$ & \pcode{STAR}\\
+\end{minipage}
-\end{tabular}
+\end{center}
-\end{center}
+\noindent
-\noindent You would need to implement this function in order
+There are two ways how this can be implemented: one is to adapt the code generation
-to state the theorem about the correctness of the algorithm.
+part of the compiler and generate specific code for \texttt{for}-loops; the other is to
-The function $L$ should in Isabelle take a \pcode{rexp} as
+translate the abstract syntax tree of \texttt{for}-loops into an abstract syntax tree using
-input and return a set of strings. Its type is
+existing language constructs. For example the loop above could be translated
-therefore
+to the following \texttt{while}-loop:
 \begin{center}
-\pcode{L} \pcode{::} \pcode{rexp} $\Rightarrow$ \pcode{string set}
+\begin{minipage}{6cm}
-\end{center}
+\begin{lstlisting}[language=While,basicstyle=\ttfamily, numbers=none]
+i := 2;
-\noindent Isabelle treats strings as an abbreviation for lists
+while (i <= 4) do {
-of characters. This means you can pattern-match strings like
+write i;
-lists. The union operation on sets (for the \pcode{ALT}-case)
+i := i + 1;
-is a standard definition in Isabelle, but not the
+}
-concatenation operation on sets and also not the
+\end{lstlisting}
-star-operation. You would have to supply these definitions.
+\end{minipage}
-The concatenation operation can be defined in terms of the
+\end{center}
-append function, written \code{_ @ _} in Isabelle, for lists.
-The star-operation can be defined as a ``big-union'' of
+\noindent
-powers, like in the lectures, or directly as an inductive set.
+In this question you are supposed to give the assembler instructions for the
+program
-The functions for the matcher are shown in
-Figure~\ref{matcher}. The theorem that needs to be proved is
+\begin{center}
+\begin{minipage}{6cm}
-\begin{lstlisting}[numbers=none,language={},keywordstyle=\color{black}\ttfamily,mathescape]
+\begin{lstlisting}[language=While,basicstyle=\ttfamily, numbers=none]
-theorem
+for i := 1 upto 10000 do {
-"matches r s $\longleftrightarrow$ s $\in$ L r"
+for i := 1 upto 10000 do {
-\end{lstlisting}
+skip
+}
-\noindent which states that the function \emph{matches} is
+}
-true if and only if the string is in the language of the
+\end{lstlisting}
-regular expression. A proof for this lemma will need
+\end{minipage}
-side-lemmas about \pcode{nullable} and \pcode{der}. An example
+\end{center}
-proof in Isabelle that will not be relevant for the theorem
-above is given in Figure~\ref{proof}.
-\begin{figure}[p]
+\subsection*{Further Information}
-\begin{lstlisting}[language={},keywordstyle=\color{black}\ttfamily,mathescape]
-fun
+The Java infrastructure unfortunately does not contain an assembler out-of-the-box
-nullable :: "rexp $\Rightarrow$ bool"
+(therefore
-where
+you need to download the additional package Jasmin---see above). But it does contain a
-"nullable NULL = False"
+disassembler, called \texttt{javap}. A dissembler does the ``opposite'' of an assembler: it
-| "nullable EMPTY = True"
+generates readable assembler code from Java byte code. Have a look at the
-| "nullable (CHAR _) = False"
+following example: Compile using the usual Java compiler the simple Hello World
-| "nullable (ALT r1 r2) = (nullable(r1) $\vee$ nullable(r2))"
+program below:
-| "nullable (SEQ r1 r2) = (nullable(r1) $\wedge$ nullable(r2))"
-| "nullable (STAR _) = True"
+\begin{center}
+\begin{minipage}{10cm}
-fun
+\begin{lstlisting}[language=Java,basicstyle=\ttfamily]
-der :: "char $\Rightarrow$ rexp $\Rightarrow$ rexp"
+class HelloWorld {
-where
+public static void main(String[] args) {
-"der c NULL = NULL"
+System.out.println("Hello World!");
-| "der c EMPTY = NULL"
+}
-| "der c (CHAR d) = (if c = d then EMPTY else NULL)"
+}
-| "der c (ALT r1 r2) = ALT (der c r1) (der c r2)"
+\end{lstlisting}
-| "der c (SEQ r1 r2) =
+\end{minipage}
-(if (nullable r1) then ALT (SEQ (der c r1) r2) (der c r2)
+\end{center}
-else SEQ (der c r1) r2)"
-| "der c (STAR r) = SEQ (der c r) (STAR r)"
+\noindent
+You can use the command
-fun
-ders :: "rexp $\Rightarrow$ string $\Rightarrow$ rexp"
+\begin{center}
-where
+\texttt{javap -v HelloWorld}
-"ders r [] = r"
+\end{center}
-| "ders r (c # s) = ders (der c r) s"
+\noindent
-fun
+to see the assembler instructions of the Java byte code that has been generated for this
-matches :: "rexp $\Rightarrow$ string $\Rightarrow$ bool"
+program. You can compare this with the code generated for the Scala
-where
+version of Hello World.
-"matches r s = nullable (ders r s)"
-\end{lstlisting}
+\begin{center}
-\caption{The definition of the matcher algorithm in
+\begin{minipage}{10cm}
-Isabelle.\label{matcher}}
+\begin{lstlisting}[language=Scala,basicstyle=\ttfamily]
-\end{figure}
+object HelloWorld {
+def main(args: Array[String]) {
-\begin{figure}[p]
+println("Hello World!")
-\begin{lstlisting}[language={},keywordstyle=\color{black}\ttfamily,mathescape]
+}
-fun
+}
-zeroable :: "rexp $\Rightarrow$ bool"
+\end{lstlisting}
-where
+\end{minipage}
-"zeroable NULL = True"
+\end{center}
-| "zeroable EMPTY = False"
-| "zeroable (CHAR _) = False"
-| "zeroable (ALT r1 r2) = (zeroable(r1) $\wedge$ zeroable(r2))"
+\subsection*{Library Functions}
-| "zeroable (SEQ r1 r2) = (zeroable(r1) $\vee$ zeroable(r2))"
-| "zeroable (STAR _) = False"
+You need to generate code for the commands \texttt{write} and \texttt{read}. This
+will require the addition of some ``library'' functions to your generated code. The first
-lemma
+command even needs two versions, because you might want to write out an
-"zeroable r $\longleftrightarrow$ L r = {}"
+integer or a string. The Java byte code will need two separate functions for this.
-proof (induct)
+For writing out an integer, you can use the assembler code
-case (NULL)
-have "zeroable NULL" "L NULL = {}" by simp_all
+\begin{center}
-then show "zeroable NULL $\longleftrightarrow$ (L NULL = {})" by simp
+\begin{minipage}{12cm}
-next
+\begin{lstlisting}[basicstyle=\ttfamily, numbers=none]
-case (EMPTY)
+.method public static write(I)V
-have "$\neg$ zeroable EMPTY" "L EMPTY = {[]}" by simp_all
+.limit locals 5
-then show "zeroable EMPTY $\longleftrightarrow$ (L EMPTY = {})" by simp
+.limit stack 5
-next
+iload 0
-case (CHAR c)
+getstatic java/lang/System/out Ljava/io/PrintStream;
-have "$\neg$ zeroable (CHAR c)" "L (CHAR c) = {[c]}" by simp_all
+swap
-then show "zeroable (CHAR c) $\longleftrightarrow$ (L (CHAR c) = {})" by simp
+invokevirtual java/io/PrintStream/println(I)V
-next
+return
-case (ALT r1 r2)
+.end method
-have ih1: "zeroable r1 $\longleftrightarrow$ L r1 = {}" by fact
+\end{lstlisting}
-have ih2: "zeroable r2 $\longleftrightarrow$ L r2 = {}" by fact
+\end{minipage}
-show "zeroable (ALT r1 r2) $\longleftrightarrow$ (L (ALT r1 r2) = {})"
+\end{center}
-using ih1 ih2 by simp
-next
+\noindent
-case (SEQ r1 r2)
+This function will invoke Java's \texttt{println} function for integers. Then if you need
-have ih1: "zeroable r1 $\longleftrightarrow$ L r1 = {}" by fact
+to generate code for \texttt{write x} where \texttt{x} is an integer variable, you can generate
-have ih2: "zeroable r2 $\longleftrightarrow$ L r2 = {}" by fact
-show "zeroable (SEQ r1 r2) $\longleftrightarrow$ (L (SEQ r1 r2) = {})"
+\begin{center}
-using ih1 ih2 by (auto simp add: Conc_def)
+\begin{minipage}{8cm}
-next
+\begin{lstlisting}[basicstyle=\ttfamily, numbers=none]
-case (STAR r)
+iload n
-have "$\neg$ zeroable (STAR r)" "[] $\in$ L (r) ^ 0" by simp_all
+invokestatic XXX/XXX/write(I)V
-then show "zeroable (STAR r) $\longleftrightarrow$ (L (STAR r) = {})"
+\end{lstlisting}
-by (simp (no_asm) add: Star_def) blast
+\end{minipage}
-qed
+\end{center}
-\end{lstlisting}
-\caption{An Isabelle proof about the function \pcode{zeroable}.\label{proof}}
+\noindent
+where \texttt{n} is the index where the value of the variable \texttt{x} is
+stored. The \texttt{XXX/XXX} needs to be replaced with the class name
+which you use to generate the code (for example \texttt{fib/fib} in case
+of the Fibonacci numbers).
+Writing out a string is similar. The corresponding library function uses strings
+instead of integers:
+\begin{center}
+\begin{minipage}{12cm}
+\begin{lstlisting}[basicstyle=\ttfamily, numbers=none]
+.method public static writes(Ljava/lang/String;)V
+.limit stack 2
+.limit locals 2
+getstatic java/lang/System/out Ljava/io/PrintStream;
+aload 0
+invokevirtual java/io/PrintStream/println(Ljava/lang/String;)V
+return
+.end method
+\end{lstlisting}
+\end{minipage}
+\end{center}
+\noindent
+The code that needs to be generated for \texttt{write "some\_string"} commands
+is
+\begin{center}
+\begin{minipage}{8cm}
+\begin{lstlisting}[basicstyle=\ttfamily, numbers=none]
+ldc "some_string"
+invokestatic XXX/XXX/writes(Ljava/lang/String;)V
+\end{lstlisting}
+\end{minipage}
+\end{center}
+\noindent
+Again you need to adjust the \texttt{XXX/XXX} part in each call.
+The code for \texttt{read} is more complicated. The reason is that inputting a string
+will need to be transformed into an integer. The code in Figure~\ref{read} does this.
+It can be called with
+\begin{center}
+\begin{minipage}{8cm}
+\begin{lstlisting}[basicstyle=\ttfamily, numbers=none]
+invokestatic XXX/XXX/read()I
+istore n
+\end{lstlisting}
+\end{minipage}
+\end{center}
+\noindent
+where \texttt{n} is the index of the variable that requires an input.
+\begin{figure}[p]\small
+\begin{lstlisting}[basicstyle=\ttfamily, numbers=none]
+.method public static read()I
+.limit locals 10
+.limit stack 10
+ldc 0
+istore 1  ; this will hold our final integer
+Label1:
+getstatic java/lang/System/in Ljava/io/InputStream;
+invokevirtual java/io/InputStream/read()I
+istore 2
+iload 2
+ldc 10   ; the newline delimiter
+isub
+ifeq Label2
+iload 2
+ldc 32   ; the space delimiter
+isub
+ifeq Label2
+iload 2
+ldc 48   ; we have our digit in ASCII, have to subtract it from 48
+isub
+ldc 10
+iload 1
+imul
+iadd
+istore 1
+goto Label1
+Label2:
+;when we come here we have our integer computed in Local Variable 1
+iload 1
+ireturn
+.end method
+\end{lstlisting}\normalsize
+\caption{Assembler code for reading an integer from the console.\label{read}}
 \end{figure}
 \end{document}
 %%% Local Variables:

changeset 309	640e4a05cd9b
parent 298	bdf84605b6cd
child 313	90ccc385c547