Program Analysis and Verification 0368 4479 Noam Rinetzky

Program Analysis and Verification 0368 -4479 Noam Rinetzky Lecture 2: Operational Semantics Slides credit: Tom Ball, Dawson Engler, Roman Manevich, Erik Poll, Mooly Sagiv, Jean Souyris, Eran Tromer, Avishai Wool, Eran Yahav

Verification by over-approximation Over Approximation Exact set of configurations/ behaviors Under Approximation universe 2

Program semantics Exact set of configurations/ behaviors universe 3

Program analysis & verification y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); ? 4

What does P do? y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); ? 5

What does P mean? y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); syntax … semantics 6

Program semantics • State-transformer – Set-of-states transformer – Trace transformer • Predicate-transformer • Functions • Cat-transformer 7

Program semantics & Verification 8

Agenda • Operational semantics – Natural operational semantics – Structural operational semantics 9

What does P mean? y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); syntax … semantics 10

“Standard” semantics y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); …-1, 0, 1, … y x 11

“Standard” semantics (“state transformer”) y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); …-1, 0, 1, … y x 12

“Standard” semantics (“state transformer”) y = ? ; y=3, x=9 x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); …-1, 0, 1, … y x 13

“Standard” semantics (“state transformer”) y = ? ; y=3, x=9 x=y*2 y=3, x=6 if (x % 2 == 0) { y=3, x=6 y = 42; y=42, x=6 } else { y = 73; … foo(); … } assert (y == 42); y=42, x=6 …-1, 0, 1, … y x 14

“State transformer” semantics bad states y=3, x=6 reachable states y=3, x=6 y=3, x=9 initial states 15

“State transformer” semantics bad states reachable states initial states y=4, x=8 y=4, x=1 16

“State transformer” semantics bad states reachable states initial states y=4…, x=… 17

“State transformer” semantics Main idea: find (properties of) all reachable states* bad states y=3, x=6 reachable states y=3, x=6 y=3, x=9 initial states y=4, x=1 y=4, x=8 y=4…, x=… 18

“Standard” (collecting) semantics (“sets-of states-transformer”) y = ? ; x = ? ; {(y, x) | y, x ∈ x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); Nat} 19

“Standard” (collecting) semantics (“sets-of states-transformer”) y = ? ; x=y*2 if (x % 2 == 0) { y = 42; {(y=3, x=9), (y=4, x=1), (y=…, x=…)} {(y=3, x=6), (y=4, x=8), (y=…, x=…)} {(y=42, x=6), (y=42, x=8), (y=42, x=…)} } else { y = 73; {} foo(); {} } assert (y == 42); {(y=42, x=6), (y=42, x=8), (y=42, x=…)} Yes 20

“Set-of-states transformer” semantics bad states y=3, x=6 reachable states y=3, x=6 y=3, x=9 initial states y=4, x=1 21

Program semantics • State-transformer – Set-of-states transformer – Trace transformer • Predicate-transformer • Functions 22

Program semantics • State-transformer – Set-of-states transformer – Trace transformer • Predicate-transformer • Functions • Cat-transformer 23

“Abstract-state transformer” semantics T O T E T y O E T y = ? ; y=T, x=T x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); x (y=E, x=E)={(0, 0), (0, 2), (-4, 10), …} 24

“Abstract-state transformer” semantics T O T E T y O E T y = ? ; y=T, x=T x=y*2 y=T, x=E if (x % 2 == 0) { y=T, x=E y = 42; y=T, x=E } else { y = 73; … foo(); … } assert (y == 42); y=E, x=E x (y=E, x=E)={(0, 0), (0, 2), (-4, 10), …} Yes/? /No 25

“Abstract-state transformer” semantics T O T E T y O E T y = ? ; y=T, x=T x=y*2 y=T, x=E if (x % 2 == 0) { y=T, x=E y = 42; y=T, x=E } else { y = 73; … foo(); … } assert (y == 42); y=E, x=E x (y=E, x=E)={(0, 0), (0, 2), (-4, 10), …} Yes/? /No 26

“Abstract-state transformer” semantics T O T E T y O E T y = ? ; y=T, x=T x=y*2 y=T, x=E if (x % 2 == 0) { y=T, x=E y = 42; y=E, x=E } else { y = 73; … foo(); … } assert (y%2 == 0) y=E, x=E x (y=E, x=E)={(0, 0), (0, 2), (-4, 10), …} ? 27

“Abstract-state transformer” semantics bad states reachable states initial states 28

“Abstract-state transformer” semantics bad states reachable states initial states 29

“Abstract-state transformer” semantics bad states reachable states initial states 30

How do we say what P mean? y = ? ; x=y*2 if (x % 2 == 0) { y = 42; } else { y = 73; foo(); } assert (y == 42); syntax … semantics 31

Agenda • Operational semantics – Natural operational semantics – Structural operational semantics 32

Programming Languages • Syntax • “how do I write a program? ” – BNF – “Parsing” • Semantics • “What does my program mean? ” –… 33

Program semantics • State-transformer – Set-of-states transformer – Trace transformer • Predicate-transformer • Functions 34

Program semantics • State-transformer – Set-of-states transformer – Trace transformer • Predicate-transformer • Functions 35

What semantics do we want? • Captures the aspects of computations we care about – “adequate” • Hides irrelevant details – “fully abstract” • Compositional 36

What semantics do we want? • Captures the aspects of computations we care about – “adequate” • Hides irrelevant details – “fully abstract” • Compositional

Formal semantics “Formal semantics is concerned with rigorously specifying the meaning, or behavior, of programs, pieces of hardware, etc. ” Semantics with Applications – a Formal Introduction (Page 1) Nielsen & Nielsen 38

Formal semantics “This theory allows a program to be manipulated like a formula – that is to say, its properties can be calculated. ” Gérard Huet & Philippe Flajolet homage to Gilles Kahn 39

Why formal semantics? • Implementation-independent definition of a programming language • Automatically generating interpreters – and some day maybe full fledged compilers • Verification and debugging – if you don’t know what it does, how do you know its incorrect? 40

Why formal semantics? • Implementation-independent definition of a programming language • Automatically generating interpreters – and some day maybe full fledged compilers • Verification and debugging – if you don’t know what it does, how do you know its incorrect? 41

Levels of abstractions and applications Static Analysis (abstract semantics) � Program Semantics � Assembly-level Semantics (Small-step) 42

Semantic description methods • Operational semantics – Natural semantics (big step) [G. Kahn] – Structural semantics (small step) [G. Plotkin] • Trace semantics • Collecting semantics • [Instrumented semantics] • Denotational semantics [D. Scott, C. Strachy] • Axiomatic semantics [C. A. R. Hoare, R. Floyd] 43

Operational Semantics

http: //www. daimi. au. dk/~bra 8130/Wiley_book/wiley. html 45

A simple imperative language: While Abstract syntax: a : : = n | x | a 1 + a 2 | a 1 �a 2 | a 1 – a 2 b : : = true | false | a 1 = a 2 | a 1 �a 2 | � b | b 1 �b 2 S : : = x : = a | skip | S 1; S 2 | if b then S 1 else S 2 | while b do S 46

Concrete Syntax vs. Abstract Syntax z: =x; x: =y; y: =z S S ; S z : = a x S ; S S x : = a y : = a z : = a x : = a y z x y z: =x; (x: =y; y: =z) S S y : = a z (z: =x; x: =y); y: =z 47

Exercise: draw an AST y: =1; while � (x=1) do (y: =y*x; x: =x-1) S S ; S 48

Syntactic categories n �Num numerals x �Var program variables a �Aexparithmetic expressions b �Bexpboolean expressions S �Stm statements 49

Semantic categories Z T State Integers {0, 1, -1, 2, -2, …} Truth values {ff, tt} Var �Z Example state: Lookup: Update: s=[x� 5, y� 7, z� 0] sx=5 s[x� 6] = [x� 6, y� 7, z� 0] 50

Example state manipulations • • • [x 1, y 7, z 16] y = [x 1, y 7, z 16] t = [x 1, y 7, z 16][x 5] x = [x 1, y 7, z 16][x 5] y = 51

Semantics of arithmetic expressions • Arithmetic expressions are side-effect free • Semantic function A Aexp : State Z • Defined by induction on the syntax tree A n s=n A x s=sx A a 1 + a 2 s = A a 1 s + A a 2 s A a 1 - a 2 s = A a 1 s - A a 2 s A a 1 * a 2 s = A a 1 s A a 2 s A (a 1) s = A a 1 s --- not needed A - a s = 0 - A a 1 s • Compositional • Properties can be proved by structural induction 52

Arithmetic expression exercise Suppose s x = 3 Evaluate A x+1 s 53

Semantics of boolean expressions • Boolean expressions are side-effect free • Semantic function B Bexp : State T • Defined by induction on the syntax tree B true s = tt B false s = ff B a 1 = a 2 s = B a 1 �a 2 s = B b 1 b 2 s = B �b s = 54

Operational semantics • Concerned with how to execute programs – How statements modify state – Define transition relation between configurations • Two flavors – Natural semantics: describes how the overall results of executions are obtained • So-called “big-step” semantics – Structural operational semantics: describes how the individual steps of a computations take place • So-called “small-step” semantics 55

Natural operating semantics (NS) 56

Natural operating semantics (NS) • aka “Large-step semantics” S, s �s’ all steps 57

Natural operating semantics • Developed by Gilles Kahn [STACS 1987] • Configurations S, s s Statement S is about to execute on state s Terminal (final) state • Transitions S, s �s’ Execution of S from s will terminate with the result state s’ – Ignores non-terminating computations 58

Natural operating semantics • defined by rules of the form side condition premise S 1, s 1 �s 1’, … , Sn, sn �sn’ S, s �s’ if… conclusion • The meaning of compound statements is defined using the meaning immediate constituent statements 59

Natural semantics for While [assns] [skipns] [compns] x : = a, s �s[x A a s] skip, s �s axioms S 1, s �s’, S 2, s’ �s’’ S 1; S 2, s s’’ [ifttns] S 1, s �s’ if b then S 1 else S 2, s �s’ if B b s = tt [ifffns] S 2, s �s’ if b then S 1 else S 2, s �s’ if B b s = ff 60

Natural semantics for While [whileffns] while b do S, s �s if B b s = ff Non-compositional [whilettns] S, s s’, while b do S, s’ �s’’ while b do S, s �s’’ if B b s = tt 61

Example • Let s 0 be the state which assigns zero to all program variables 1] x: =x+1, s 0 � s 0[x� skip, s 0 �s 0, x: =x+1, s 0 �s 0[x� 1] skip; x: =x+1, s 0 �s 0[x� 1] if x=0 then x: =x+1 else skip, s 0 �s 0[x� 1] 62

Derivation trees • Using axioms and rules to derive a transition S, s �s’ gives a derivation tree – Root: S, s �s’ – Leaves: axioms – Internal nodes: conclusions of rules • Immediate children: matching rule premises 63

Derivation tree example 1 • Assume s 0=[x� 5, y� 7, z� 0] s 1=[x� 5, y� 7, z� 5] s 2=[x� 7, y� 7, z� 5] s 3=[x� 7, y� 5, z� 5] [assns] z: =x, s 0 s 1 [assns] x: =y, s 1 s 2 [compns] (z: =x; x: =y), s 0 s 2 [assns] y: =z, s 2 s 3 [compns] (z: =x; x: =y); y: =z, s 0 s 3 64

Derivation tree example 1 • Assume s 0=[x� 5, y� 7, z� 0] s 1=[x� 5, y� 7, z� 5] s 2=[x� 7, y� 7, z� 5] s 3=[x� 7, y� 5, z� 5] [assns] z: =x, s 0 s 1 [assns] x: =y, s 1 s 2 [compns] (z: =x; x: =y), s 0 s 2 [assns] y: =z, s 2 s 3 [compns] (z: =x; x: =y); y: =z, s 0 s 3 65

Top-down evaluation via derivation trees • Given a statement S and an input state s find an output state s’ such that S, s � s’ • Start with the root and repeatedly apply rules until the axioms are reached – Inspect different alternatives in order • In While s’ and the derivation tree is unique 66

Top-down evaluation example • Factorial program with s x = 2 • Shorthand: W=while (x=1) do (y: =y*x; [assns] y: =y*x, s[y 1] s[y 2] [compns] [assns] x: =x-1, s[y 2][x 1] y: =y*x; x: =x-1, s[y 1] s[y 2][x 1] [assns] y: =1, s s[y 1] x: =x-1) [whilettns] [whileffns] W, s[y 2][x 1] s[y 2, x 1] W, s[y 1] s[y 2, x 1] [compns] y: =1; while (x=1) do (y: =y*x; x: =x-1), s s[y 2][x 1] 67

Program termination • Given a statement S and input s – S terminates on s if there exists a state s’ such that S, s �s’ – S loops on s if there is no state s’ such that S, s �s’ • Given a statement S – S always terminates if for every input state s, S terminates on s – S always loops if for every input state s, S loops on s 68

Semantic equivalence • S 1 and S 2 are semantically equivalent if for all s and s’ S 1, s �s’ if and only if S 2, s �s’ • Simple example while b do S is semantically equivalent to: if b then (S; while b do S) else skip – Read proof in pages 26 -27 69

Properties of natural semantics • Equivalence of program constructs – skip; skip is semantically equivalent to skip – ((S 1; S 2); S 3) is semantically equivalent to (S 1; (S 2; S 3)) – (x: =5; y: =x*8) is semantically equivalent to (x: =5; y: =40) 70

Equivalence of (S 1; S 2); S 3 and S 1; (S 2; S 3) 71

Equivalence of (S 1; S 2); S 3 and S 1; (S 2; S 3) Assume (S 1; S 2); S 3, s �s’ then the following unique derivation tree exists: S 1, s �s 1, S 2, s 1 �s 12 (S 1; S 2), s �s 12, (S 1; S 2); S 3, s �s’ S 3, s 12 �s’ Using the rule applications above, we can construct the following derivation tree: S 2, s 1 �s 12, S 3, s 12 �s’ S 1, s �s 1, (S 2; S 3), s 12 �s’ (S 1; S 2); S 3, s �s’ And vice versa. 72

Deterministic semantics for While • Theorem: for all statements S and states s 1, s 2 if S, s �s 1 and S, s �s 2 then s 1=s 2 • The proof uses induction on the shape of derivation trees (pages 29 -30) single node – Prove that the property holds for all simple derivation trees by showing it holds for axioms – Prove that the property holds for all composite trees: #nodes>1 • For each rule assume that the property holds for its premises (induction hypothesis) and prove it holds for the conclusion of the rule 73

The semantic function Sns • The meaning of a statement S is defined as a partial function from State to State Sns: Stm (State �State) Sns � S�s = s’ undefined if S, s �s’ otherwise • Examples: Sns skip s = s Sns x: =1 s = s [x 1] Sns while true do skip s = undefined 74

Structural operating semantics (SOS) 75

Structural operating semantics (SOS) • aka “Small-step semantics” S, s S’, s’ first step 76

Structural operational semantics • Developed by Gordon Plotkin • Configurations: has one of two forms: S, s s Statement S is about to execute on state s Terminal (final) state first step • Transitions S, s = S’, s’ Execution of S from s is not completed and remaining computation proceeds from intermediate configuration = s’ Execution of S from s has terminated and the final state is s’ • S, s is stuck if there is no such that S, s 77

Structural semantics for While [asssos] x: =a, s s[x A a s] [skipsos] skip, s s [comp 1 [comp 2 sos] S 1, s S 1’, s’ S 1; S 2, s S 1’; S 2, s’ S 1, s s’ S 1; S 2, s’ When does this happen? [ifttsos] if b then S 1 else S 2, s S 1, s if B b s = tt [ifffsos] if b then S 1 else S 2, s if B b s = ff 78

Structural semantics for While [whilesos] while b do S, s if b then S; while b do S) else skip, s 79

Derivation sequences • A derivation sequence of a statement S starting in state s is either • A finite sequence 0, 1, 2 …, k such that 1. 2. 3. 0 = S, s i i+1 k is either stuck configuration or a final state 1. 2. 0 = S, s i i+1 • An infinite sequence 0, 1, 2, … such that • Notations: – 0 k k – 0 * 0 derives k in k steps 0 derives in a finite number of steps • For each step there is a corresponding derivation tree 80

Derivation sequence example • Assume s 0=[x� 5, y� 7, z� 0] (z: =x; x: =y); y: =z, s 0 x: =y; y: =z, s 0[z� 5] y: =z, (s 0[z� 5])[x� 7] ((s 0[z� 5])[x� 7])[y� 5] • Derivation tree for first step: z: =x, s 0[z� 5] z: =x; x: =y, s 0[z� 5] (z: =x; x: =y); y: =z, s 0 x: =y; y: =z, s 0[z� 5] 81

Evaluation via derivation sequences • For any While statement S and state s it is always possible to find at least one derivation sequence from S, s – Apply axioms and rules forever or until a terminal or stuck configuration is reached • Proposition: there are no stuck configurations in While 82

Factorial (n!) example • Input state s such that s x = 3 y : = 1; while (x=1) do (y : = y * x; x : = x – 1) y : =1 ; W, s[y 1] if (x =1) then ((y : = y * x; x : = x – 1); W else skip), s[y 1] ((y : = y * x; x : = x – 1); W), s[y 1] (x : = x – 1; W), s[y 3] W , s[y 3][x 2] if (x =1) then ((y : = y * x; x : = x – 1); W else skip), s[y 3][x 2] ((y : = y * x; x : = x – 1); W), s[y 3] [x 2] (x : = x – 1; W) , s[y 6] [x 2] W, s[y 6][x 1] if (x =1) then ((y : = y * x; x : = x – 1); W else skip, s[y 6][x 1] 83

Program termination • Given a statement S and input s – S terminates on s if there exists a finite derivation sequence starting at S, s – S terminates successfully on s if there exists a finite derivation sequence starting at S, s leading to a final state – S loops on s if there exists an infinite derivation sequence starting at S, s 84

Properties of structural operational semantics • S 1 and S 2 are semantically equivalent if: – for all s and which is either final or stuck, S 1, s * if and only if S 2, s * – for all s, there is an infinite derivation sequence starting at S 1, s if and only if there is an infinite derivation sequence starting at S 2, s • Theorem: While is deterministic: – If S, s * s 1 and S, s * s 2 then s 1=s 2 85

Sequential composition • Lemma: If S 1; S 2, s k s’’ then there exists s’ and k=m+n such that S 1, s m s’ and S 2, s’ n s’’ • The proof (pages 37 -38) uses induction on the length of derivation sequences – Prove that the property holds for all derivation sequences of length 0 – Prove that the property holds for all other derivation sequences: • Show that the property holds for sequences of length k+1 using the fact it holds on all sequences of length k (induction hypothesis) 86

The semantic function Ssos • The meaning of a statement S is defined as a partial function from State to State Ssos: Stm (State �State) Ssos � S�s = s’ if S, s * s’ undefined else • Examples: Ssos skip s = s Ssos x: =1 s = s [x 1] Ssos while true do skip s = undefined 87

An equivalence result • For every statement in While Sns � S�= Ssos � S� • Proof in pages 40 -43 88

Language Extensions • • • abort statement (like C’s exit w/o return value) Non-determinism Parallelism Local Variables Procedures – Static Scope – Dynamic scope

While + abort • Abstract syntax S : : = x : = a | skip | S 1; S 2 | if b then S 1 else S 2 | while b do S | abort • Abort terminates the execution – In “skip; S” the statement S executes – In“abort; S” the statement S should never execute • Natural semantics rules: …? • Structural semantics rules: …? 90

Comparing semantics Statement Natural semantics Structural semantics abort; S skip; S while true do skip if x = 0 then abort else y : = y / x Conclusions • The natural semantics cannot distinguish between looping and abnormal termination ‒ Unless we add a special error state • In the structural operational semantics looping is reflected by infinite derivations and abnormal termination is reflected by stuck configuration 91

While + non-determinism • Abstract syntax S : : = x : = a | skip | S 1; S 2 | if b then S 1 else S 2 | while b do S | S 1 or S 2 • Either S 1 is executed or S 2 is executed • Example: x: =1 or (x: =2; x: =x+2) – Possible outcomes for x: 1 and 4 92

While + non-determinism: natural semantics [or 1 ns] S 1, s s’ S 1 or S 2, s s’ [or 2 S 2, s s’ S 1 or S 2, s s’ ns] 93

While + non-determinism: structural semantics [or 1 sos] ? [or 2 sos] ? 94

While + non-determinism • What about the definitions of the semantic functions? – Sns �S 1 or S 2 �s – Ssos �S 1 or S 2 �s 95

Comparing semantics Statement Natural semantics Structural semantics x: =1 or (x: =2; x: =x+2) (while true do skip) or (x: =2; x: =x+2) Conclusions • In the natural semantics non-determinism will suppress non -termination (looping) if possible • In the structural operational semantics non-determinism does not suppress non-terminating statements 96

While + parallelism Abstract syntax S : : = x : = a | skip | S 1; S 2 | if b then S 1 else S 2 | while b do S | S 1 �S 2 • All the interleaving of S 1 and S 2 are executed • Example: x: =1 �(x: =2; x: =x+2) – Possible outcomes for x: 1, 3, 4 97

While + parallelism: structural semantics [par 1 sos] S 1, s S 1’, s’ S 1� S 2, s S 1’� S 2, s’ [par 2 sos] S 1, s s’ S 1� S 2, s’ [par 3 sos] S 2, s S 2’, s’ S 1� S 2, s S 1� S 2’, s’ [par 4 sos] S 2, s s’ S 1� S 2, s S 1, s’ 98

While + parallelism: natural semantics Challenge problem: Give a formal proof that this is in fact impossible. Idea: try to prove on a restricted version of While without loops/conditions 99

Example: derivation sequences of a parallel statement x: =1 �(x: =2; x: =x+2), s 100

Conclusion • In the structural operational semantics we concentrate on small steps so interleaving of computations can be easily expressed • In the natural semantics immediate constituent is an atomic entity so we cannot express interleaving of computations 101

While + memory Abstract syntax S : : = x : = a | skip | S 1; S 2 | if b then S 1 else S 2 | while b do S | x : = malloc(a) | x : = [y] |[x] : = y State : Var Z State : Stack �Heap Stack : Var Z Heap : Z Z Integers as memory addresses 102

From states to traces

Trace semantics • Low-level (conceptual) semantics • Add program counter (pc) with states – = State + pc • The meaning of a program is a relation Stm • Execution is a finite/infinite sequence of states • A useful concept in defining static analysis as we will see later 104

Example 1: y : = 1; while 2: (x=1) do ( 3: y : = y * x; 4: x : = x - 1 ) 5: 105

Traces 1: y : = 1; while 2: (x=1) do ( 3: y : = y * x; Set of traces is infinite therefore trace semantics is incomputable in general 4: x : = x - 1 ) 5: {x� 2, y� 3}, 1 [y: =1] {x� 2, y� 1}, 2 [ (x=1)] {x� 2, y� 1}, 3 [y: =y*x] {x� 2, y� 2}, 4 [x: =x-1] {x� 1, y� 2}, 2 [ (x=1)] {x� 1, y� 2}, 5 {x� 3, y� 3}, 1 [y: =1] {x� 3, y� 1}, 2 [ (x=1)] {x� 3, y� 1}, 3 [y: =y*x] {x� 3, y� 3}, 4 [x: =x-1] {x� 2, y� 3}, 2 [ (x=1)] {x� 2, y� 3}, 3 [y: =y*x] {x� 2, y� 6}, 4 [x: =x-1] {x� 1, y� 6}, 2 [ (x=1)] {x� 1, y� 6}, 5 … 106

Operational semantics summary • SOS is powerful enough to describe imperative programs – Can define the set of traces – Can represent program counter implicitly – Handle goto statements and other non-trivial control constructs (e. g. , exceptions) • Natural operational semantics is an abstraction • Different semantics may be used to justify different behaviors • Thinking in concrete semantics is essential for a analysis writer 107

The End