1 / 22

CSE-321 Programming Languages Dependent Types

CSE-321 Programming Languages Dependent Types. 박성우. POSTECH June 5, 2006. runtime error. Untyped Lanugage. /* takes two integers and returns their sum */ fun add x y = x + y let s = add 1 2 let t = add "Oops" "Darn". Typed Lanugage. /* takes two integers and returns their sum */

imogene-dixon
Télécharger la présentation

CSE-321 Programming Languages Dependent Types

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE-321 Programming LanguagesDependent Types 박성우 POSTECH June 5, 2006

  2. runtime error Untyped Lanugage /* takes two integers and returns their sum */ fun add x y = x + y let s = add 1 2 let t = add "Oops" "Darn"

  3. Typed Lanugage /* takes two integers and returns their sum */ val add : int -> int -> int fun add x y = x + y let s = add 1 2 let t = add "Oops" "Darn" compile error

  4. Types as Documentations /* takes two integers and returns their sum */ val add : int -> int -> int fun add x y = x + y • Types are formal documentations that the compiler recognizes. • Types express properties of code. • "add takes two integers and returns an integer."

  5. Types = Properties of Code? /* takes two integers and returns their sum */ val add : ??? fun add x y = x + y • Then why not express this property instead: • "add takes two integers and returns their sum." • What is the type for this property? • ???

  6. Lesson • Rich type systems are always better! • We can express more properties of code. • We can catch more error at compile time. • We can better maintain code. • ... • Rich type systems are expensive, however. • Eg. System F • rich type system • but type reconstruction is undecidable.

  7. Dependent Types • A good compromise between • expressivity • can express many useful properties of code. • cost • decidable • Theoretic foundation • dependent types = first-order logic

  8. Outline • Introduction V • Ex. Array boundary checking • Ex. List length • Ex. Dimension analysis

  9. A couple of slides from Tim Sweeney's invited talk at POPL 2006

  10. Dynamic Failure in Mainstream Languages Solved problems: • Random memory overwrites • Memory leaks Solveable: • Accessing arrays out-of-bounds • Dereferencing null pointers • Integer overflow • Accessing uninitialized variables 50% of the bugs in Unreal can be traced to these problems!

  11. Analysis of the Unreal code • Usage of integer variables in Unreal: • 90% of integer variables in Unreal exist to index into arrays • 80% could be dependently-typed explicitly,guaranteeing safe array access without casting. • 10% would require casts upon array access. • The other 10% are used for: • Computing summary statistics • Encoding bit flags • Various forms of low-level hackery • “For” loops in Unreal: • 40% are functional comprehensions • 50% are functional folds

  12. Array Types • Without dependent types [| 1; 2; 3 |] : int array • With dependent types [| 1; 2; 3 |] : int array [3] • Dependent array type • 'a array [n] • array of type 'a with length n

  13. Array Boundary Checking • Without dependent types sub : 'a array * int -> 'a update : 'a array * int * 'a -> unit • With dependent types sub : 8n:nat. 8i:nat. {i < n}. 'a array [n] * int [i] -> 'a update : 8n:nat. 8i:nat. {i < n}. 'a array [n] * int [i] * 'a -> unit

  14. Outline • Introduction V • Ex. Array boundary checking V • Ex. List length • Ex. Dimension analysis

  15. List Types • Without dependent types [ 1; 2; 3 ] : int list • With dependent types [ 1; 2; 3 ] : int list [3] • Dependent list type • 'a list [n] • list of type 'a with length n

  16. List Constructors • Nil[] : 'a list [0] • Cons :: : 8n:nat 'a -> 'a list [n] -> 'a list [n+1] • Append append : 8m:nat. 8n:nat 'a list [m] -> 'a list [n] -> 'a list [m+n]

  17. Filtering • Filter a list filter : ('a -> bool) -> 'a list -> 'a list filter f nil = nil | f (h :: t) = if f h then f :: filter t else filter t • With dependent types filter : 8m:nat. 9n:nat. {n <= m}. ('a -> bool) -> 'a list [m] -> 'a list [n]

  18. Outline • Introduction V • Ex. Array boundary checking V • Ex. List length V • Ex. Dimension analysis

  19. A slide from the first lecture, March 6

  20. Mars Climate Orbiter Failure • Mars Climate Orbiter launched in 1998 • Destroyed due to a navigation error • Cause? • One module used English units (feet). • The other module expected metric units (meter). • Lessons • Both modules were fine in isolation. • Programmers did not even know the existence of the bug until the spacecraft was destroyed. • Stupidity: • NASA scientists? No! • programming languages they used? Yes!

  21. Dependent Types for Dimension • Annotate every float value with its dimension • without dependent types 1.0 : float • with dependent types 1.0 meter : float [L] • Assign dependent types to arithmetic operators +. : 8D. float [D] * float [D] -> float [D] *. : 8D1. 8D2. float [D1] * float [D2] -> float [D1 * D2]

  22. No Mars Climate Orbiter Failure! 1.0 meter + 1.0 feet : float [L] 1.0 meter + 1.0 sec : X 1.0 meter * 1.0 sec : float [LT] mult_list : 8D. 8n:nat. float [D] list [n] -> float [Dn]

More Related