Softwaretechnik. Lecture 03: Types and Type Soundness. Peter Thiemann. University of Freiburg, Germany SS 2008

Similar documents
Contents. Softwaretechnik. Type Safety of Java. Featherweight Java. Lecture 21: Featherweight Java

Softwaretechnik. Lecture 18: Featherweight Java. Peter Thiemann. University of Freiburg, Germany

COS 320. Compiling Techniques

The Substitution Model

Formal Semantics. Prof. Clarkson Fall Today s music: Down to Earth by Peter Gabriel from the WALL-E soundtrack

Software Engineering

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Boolean expressions. Elements of Programming Languages. Conditionals. What use is this?

Programming Languages Fall 2014

The Substitution Model. Nate Foster Spring 2018

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

1 Introduction. 3 Syntax

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

Induction and Semantics in Dafny

Pierce Ch. 3, 8, 11, 15. Type Systems

Topic 6: Types COS 320. Compiling Techniques. Princeton University Spring Prof. David August. Adapted from slides by Aarne Ranta

CS4215 Programming Language Implementation. Martin Henz

Principles of Programming Languages

Typed Lambda Calculus and Exception Handling

Lecture 15 CIS 341: COMPILERS

The three faces of homotopy type theory. Type theory and category theory. Minicourse plan. Typing judgments. Michael Shulman.

Type Inference Systems. Type Judgments. Deriving a Type Judgment. Deriving a Judgment. Hypothetical Type Judgments CS412/CS413

CMSC 330: Organization of Programming Languages

Lecture Notes on Computational Interpretations of Modalities

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

Proving Theorems with Athena

Chapter 3 (part 3) Describing Syntax and Semantics

Basic concepts. Chapter Toplevel loop

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

(Not Quite) Minijava

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Mutable References. Chapter 1

CS558 Programming Languages

Formal Semantics of Programming Languages

3.2 Big-Step Structural Operational Semantics (Big-Step SOS)

A Type System for Functional Traversal-Based Aspects

Programming Languages

Formal Semantics of Programming Languages

Semantics. A. Demers Jan This material is primarily from Ch. 2 of the text. We present an imperative

Costly software bugs that could have been averted with type checking

Principles of AI Planning. Principles of AI Planning. 7.1 How to obtain a heuristic. 7.2 Relaxed planning tasks. 7.1 How to obtain a heuristic

Softwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany

Operational Semantics 1 / 13

In Our Last Exciting Episode

Fall Lecture 3 September 4. Stephen Brookes

Last class. CS Principles of Programming Languages. Introduction. Outline

Type Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.

Review. CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Let bindings (CBV) Adding Stuff. Booleans and Conditionals

Binary Decision Diagrams

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

An Annotated Language

Outline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference

CSE505, Fall 2012, Midterm Examination October 30, 2012

Behavioral Equivalence

Programming Languages Lecture 14: Sum, Product, Recursive Types

Lesson 4 Typed Arithmetic Typed Lambda Calculus

CMSC 330: Organization of Programming Languages. OCaml Expressions and Functions

Propositional Logic. Andreas Klappenecker

Behavioral Equivalence

Computing Fundamentals 2 Introduction to CafeOBJ

Introduction to Visual Basic and Visual C++ Arithmetic Expression. Arithmetic Expression. Using Arithmetic Expression. Lesson 4.

Programming Lecture 3

Softwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany

Operational Semantics of Cool

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

Formal Systems and their Applications

The Typed λ Calculus and Type Inferencing in ML

CSE 505, Fall 2008, Midterm Examination 29 October Please do not turn the page until everyone is ready.

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Typed Lambda Calculus. Chapter 9 Benjamin Pierce Types and Programming Languages

Operational Semantics. One-Slide Summary. Lecture Outline

Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1

Gradual Typing for Functional Languages. Jeremy Siek and Walid Taha (presented by Lindsey Kuper)

Checks and Balances - Constraint Solving without Surprises in Object-Constraint Programming Languages: Full Formal Development

Intermediate Code Generation Part II

Type checking. Jianguo Lu. November 27, slides adapted from Sean Treichler and Alex Aiken s. Jianguo Lu November 27, / 39

Computation Club: Gödel s theorem

Automated Reasoning. Natural Deduction in First-Order Logic

ELEMENTARY NUMBER THEORY AND METHODS OF PROOF

Exercises on Semantics of Programming Languages

Formal semantics of loosely typed languages. Joep Verkoelen Vincent Driessen

CS558 Programming Languages

NP-Completeness of 3SAT, 1-IN-3SAT and MAX 2SAT

AXIOMS FOR THE INTEGERS

Subsumption. Principle of safe substitution

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

4.5 Pure Linear Functional Programming

CS 242. Fundamentals. Reading: See last slide

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Fundamental Concepts. Chapter 1

CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008

Formal Methods of Software Design, Eric Hehner, segment 1 page 1 out of 5

Types. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus

Semantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics

Lecture Notes on Static Semantics

Programming Languages Fall 2013

Transcription:

Softwaretechnik Lecture 03: Types and Type Soundness Peter Thiemann University of Freiburg, Germany SS 2008 Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 1 / 35

Table of Contents Types and Type correctness JAUS: Java-Expressions (Ausdrücke) Evaluation of expressions Type correctness Result Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 2 / 35

Types and Type correctness big software systems : many involved people project manager, designer, programmer,... essential : divide into components with clear defined interfaces and specifications How to divide the problem? How to divide the work? How to divide the tests? problems Are suitable libraries available? Do the components match each other? Do the components fulfill their specification? Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 3 / 35

Requirements Programming language/-environment has to ensure: each component implements their interfaces the implementation fulfills the specification each component is used correctly Main Problem : meet the interfaces and specifications: simplest interface : management of names Which operations does the component offer? simplest specification: types Which types do the arguments and the result of the operations have? see interfaces in Java Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 4 / 35

Questions Which kind of security do types provide? Which kind of errors can be detected by using types? How do we provide type safety? How can we formalize type safety? Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 5 / 35

JAUS: Java-Expressions (Ausdrücke) JAUS: Java-Expressions (Ausdrücke) The language specifies a subset of Java expressions x ::=... variables n ::= 0 1... numbers b ::= true false truth values e ::= x n b e+e!e expressions Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 6 / 35

JAUS: Java-Expressions (Ausdrücke) Correct and incorrect expressions type correct expressions boolean flag;... 0 true 17+4!flag expressions with type errors int rain since April20; boolean flag;...!rain since April20 flag+1 17+(!false)!(2+3) Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 7 / 35

JAUS: Java-Expressions (Ausdrücke) Typing Rules for each kind of expression there exists a typing rule, that defines: if an expression is type correct how to obtain the result type of the expression from the types of the subexpressions. five kinds of expressions (at first using words): Constant numbers have type int. truth values have type boolean. The expression e 1 +e 2 has type int, if e 1 and e 2 have type int. The expression!e has type boolean, if e has type boolean. A variable x has the type, with which it was declared. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 8 / 35

JAUS: Java-Expressions (Ausdrücke) Formalization of type correct expressions The language of types t ::= int boolean types Type judgment : expression e has type t e : t Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 9 / 35

JAUS: Java-Expressions (Ausdrücke) Formalization of Typing rules A type judgment is valid, if it is derivable according to the typing rules. To infer a valid type judgment J we use a deduction system. A deduction system consists of a set of type judgments and a set of typing rules. A typing rule (inference rule) is a pair (J 1... J n, J 0 ) which consists of a list of judgments (assumptions, J 1... J n ) and a judgment (conclusion, J 0 ) that is written as If n = 0, a rule (ε, J 0 ) is an axiom. J 1... J n J 0 Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 10 / 35

JAUS: Java-Expressions (Ausdrücke) Example: typing rules for JAUS numbers n has type int. (INT) truth values has type boolean. n : int (BOOL) b : boolean an expression e 1 +e 2 has type int if e 1 and e 2 has type int. (ADD) e 1 : int e 2 : int e 1 +e 2 : int an expression!e has type boolean, if e has type boolean. (NOT) e : boolean!e : boolean Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 11 / 35

JAUS: Java-Expressions (Ausdrücke) Derivation trees and validity A judgment is valid if a suitable derivation tree exists. A derivation tree for the judgment J is defined by 1. 2. J, if is an axiom J J 1... J n J, if 1... J n J J suitable for J k. is a rule and each J k is a derivation tree Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 12 / 35

JAUS: Java-Expressions (Ausdrücke) Example: derivation trees (INT) 0 : int is a derivation tree with judgment 0 : int. (BOOL) true : boolean is a derivation tree for true : boolean. The judgment 17 + 4 : int holds, because of the derivation tree (ADD) (INT) (INT) 17 : int 17 + 4 : int 4 : int Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 13 / 35

JAUS: Java-Expressions (Ausdrücke) Variable Programs declare variables Programs use them according to the declaration Declarations are collected in a type environment. A ::= A, x : t type environment An extended type judgment contains a type environment: The expression e has the type t in the type environment A. A e : t typing rule for variables: A variable has the type, with which it is declared. (VAR) x : t A A x : t Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 14 / 35

JAUS: Java-Expressions (Ausdrücke) Extension of the remaining typing rules The typing rules forward the environment. (INT) A n : int (BOOL) A b : int (ADD) A e 1 : int A e 2 : int A e 1 +e 2 : int (NOT) A!e : boolean A e : boolean Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 15 / 35

JAUS: Java-Expressions (Ausdrücke) Example: derivation with variable The declaration boolean flag; matches the type assumption A =, flag : boolean Hence flag : boolean A A flag : boolean A! flag : boolean Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 16 / 35

JAUS: Java-Expressions (Ausdrücke) Intermediate result Formal system for syntax of expressions and types (CFG, BNF) type judgments validity of type judgments Open Questions How to evaluate expressions? coherence between evaluation and type judgments Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 17 / 35

Evaluation of expressions Evaluation of expressions Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 18 / 35

Evaluation of expressions (One possible) Approach Define a binary reduction relation e e over expressions e is in relation to e (e e ) if one computational step leads from e to e. example: 5+2 7 (5+2)+14 7+14 Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 19 / 35

Evaluation of expressions Result of computations A value v is a number or a truth value. An expression can reach a value in many steps: 0 steps: 0 1 step: 5+2 7 2 steps: (5+2)+14 7+14 21 but!4711 1+false (1+2)+false 3+false These expressions can not perform a reduction step. They correspond to runtime errors. Observation: these errors are type errors! Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 20 / 35

Evaluation of expressions Formalization: results and reduction steps A value is a number or a truth value. v ::= n b values one reduction step If the two operands are number, we can add the two numbers to obtain a number as result. (B-ADD) n1 + n 2 n 1 + n 2 n represents the syntactic representation of the number n. If the operand of a negation is a truth value, the negation can be performed. (B-TRUE)!true false (B-FALSE)!false true Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 21 / 35

Evaluation of expressions Formalization: nested expressions What happens if the operands of operations are not values? At first evaluate the subexpressions. The negation addition, first operand (B-NEG) e e!e!e (B-ADD-L) e 1 e 1 e 1 +e 2 e 1 +e 2 addition, second operand (only evaluate the second, if the first is a value) e e (B-ADD-R) v+e v+e Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 22 / 35

Evaluation of expressions Variable An expression that contains variables cannot be evaluated with the reduction steps. But we can eliminate the variable using substitution. This replaces the variable with a value, and then reduction is possible. Apply a substitution [v 1 /x 1,... v n /x n ] to an expression e, written as e[v 1 /x 1,... v n /x n ] changes in e each occurrence of x i to the corresponding value v i. example: (!flag)[false/flag]!false (m+n)[25/m, 17/n] 25+17 Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 23 / 35

Type correctness Type correctness informally Type correctness: If there exists a type for an expression e, then e evaluates to a value in a finite number of steps. In particular, no runtime error happens. For the language JAUS the converse also holds (this is not correct in general, like in full Java) Prove in two steps (after Wright and Felleisen) Assume e has a type, then it holds: Progress: Either e is a value or there exists a reduction step for e. Preservation: If e e, then e and e have the same types. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 24 / 35

Type correctness Progress If e : t is derivable, then e is a value or there exists e with e e. Prove Induction over the derivation tree of J = e : t. If (INT) n : int is the final step of J, then e n is a value (and t int). If (BOOL) b : boolean is the last step of J, then e b is a value (and t boolean). Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 25 / 35

Type correctness Progress: Addition If (ADD) e 1 : int e 2 : int is the final step of J, then it holds e 1 +e 2 : int that e e 1 +e 2 and t int. Moreover, it is derivable that e 1 : int and e 2 : int. The induction hypothesis tells us that e 1 is a value or there exists an e 1 with e 1 e 1. If e 1 e 1 holds, we obtain that e e 1+e 2 e e 1 +e 2 cause of rule (B-ADD-L). This is the desired result. In the case e 1 v 1 is a value, we concentrate on e 2 : int. The induction hypothesis says that e 2 is either a value or there exists an e 2 with e 2 e 2. In the second case we can use rule (B-ADD-R) and get: e v 1 +e 2 e v 1 +e 2. In the first case (e 2 = v 1 ), we can prove easily that v 1 n 1 and v 2 n 2 are both numbers. Hence, we can apply the rule (B-ADD) and obtain the desired e. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 26 / 35

Type correctness Progress: Negation e If (NOT) 1 : boolean!e 1 : boolean is the last step of J, it holds that e!e 1 and t boolean and e 1 : boolean is derivable. Using the induction hypothesis (e 1 is a value or there exists e with e e ) there are two cases. In the case that e 1 e 1, we conclude that there exists e with e e using rule (B-NEG). If e 1 v is a value, it s easy to prove that v is a truth value. Hence, we can apply the rule (B-TRUE) or (B-FALSE). QED Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 27 / 35

Type correctness Preservation If e : t and e e, then e : t. Prove Induction on the derivation e e. If (B-ADD) is the reduction step, then it n1 + n 2 n 1 + n 2 holds that t int because of (ADD). We can apply (INT) to e = n 1 + n 2 and obtain the desired result n 1 + n 2 : int. If (B-TRUE)!true false is the reduction step it holds that t boolean because of (NOT). We can apply (BOOL) to e = false and get the desired result false : boolean. The case for rule B-FALSE is analoguous. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 28 / 35

Type correctness Preservation: Addition e If (B-ADD-L) 1 e 1 e 1 +e 2 e 1 +e 2 obtain through e : t that is the occasion for the last step, we (ADD) e 1 : int e 2 : int e 1 +e 2 : int holds with e e 1 +e 2 and t int. From e 1 : int and e 1 e 1 it follows by induction that e 1 : int holds. Another application of (ADD) on e 1 : int and e 2 : int yields e 1 +e 2 : int. The case of rule (B-ADD-R) is analoguous. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 29 / 35

Type correctness Preservation: Negation e If (B-NEG) 1 e 1!e 1!e 1 is the occasion for the last step, we get through e : t, that (NOT) e 1 : boolean!e 1 : boolean holds with e!e 1 and t boolean. From e 1 : boolean and e 1 e 1 we conclude (using induction) that e 1 : boolean holds. Another application of rule (NOT) to e 1 : boolean yields!e 1 : boolean. QED Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 30 / 35

Type correctness Elimination of variables throw substitution Intention If x 1 : t 1,..., x n : t n e : t and v i : t i (for all i), then it holds e[v 1 /x 1,..., v 1 /x 1 ] : t. Assertion If A, x 0 : t 0 e : t and A e 0 : t 0, then it holds A e[e 0 /x 0 ] : t. Prove Induction over derivation of A e : t with A A, x 0 : t 0. If (VAR) x : t A is the latest step of the derivation, there are two A x : t cases: Either x x 0 or not. If x x 0 holds, then e[e 0 /x 0 ] e 0. Because of the rule (VAR) is holds t t 0. Hence it holds A e 0 : t 0 (use the assumption). If x x 0, then e[e 0 /x 0 ] x and it holds x : t A. Due to (VAR) it holds A x : t. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 31 / 35

Type correctness Substitution: Constants If (INT) is the latest step, it holds (INT) A n : int A n : int. If (BOOL) is the latest step, it holds A b : boolean (BOOL) A b : boolean. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 32 / 35

Type correctness Substitution: Addition If (ADD) A e 1 : int A e 2 : int is the latest step, then the A e 1 +e 2 : int induction hypothesis yields A e 1 [e 0 /x 0 ] : int and A e 2 [e 0 /x 0 ] : int. Apply rule (ADD) yields A (e 1 +e 2 )[e 0 /x 0 ] : int. Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 33 / 35

Type correctness Substitution: Negation A e If (NOT) 1 : boolean is the latest step, the induction hypothesis A!e 1 : boolean yields A e 1 [e 0 /x 0 ] : boolean. Apply rule (NOT) yields A (!e 1 )[e 0 /x 0 ] : boolean. QED Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 34 / 35

Result Theorem: Soundness of JAUS If e : t, then there exists a value v with v : t and reduction steps with e e 0 and e n v. e 0 e 1, e 1 e 2,..., e n 1 e n If e contains variables, then we have to substitute them with suitable values (choose values with same types as the variables). Peter Thiemann (Univ. Freiburg) Softwaretechnik SWT 35 / 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback