Dependent types and program equivalence. Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg

Similar documents
Dependent types and program equivalence. Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg

Dependent Types and Program Equivalence

Dependent types and Program Equivalence

Programming Up-to-Congruence, Again. WG 2.8 Estes Park

Eta-equivalence in Core Dependent Haskell

Combining Proofs and Programs in a Dependently Typed Language. Certification of High-level and Low-level Programs

CS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012

Simple Unification-based Type Inference for GADTs

Goal. CS152: Programming Languages. Lecture 15 Parametric Polymorphism. What the Library Likes. What The Client Likes. Start simpler.

Programming Languages Lecture 14: Sum, Product, Recursive Types

Tradeoffs. CSE 505: Programming Languages. Lecture 15 Subtyping. Where shall we add useful completeness? Where shall we add completeness?

Programming Languages

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Part VI. Imperative Functional Programming

TRELLYS and Beyond: Type Systems for Advanced Functional Programming

1 Introduction. 3 Syntax

Programming Languages Lecture 15: Recursive Types & Subtyping

COMP 181. Agenda. Midterm topics. Today: type checking. Purpose of types. Type errors. Type checking

COS 320. Compiling Techniques

Semantic Subtyping with an SMT Solver

Alonzo a Compiler for Agda

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

The design of a programming language for provably correct programs: success and failure

Tracing Ambiguity in GADT Type Inference

Harvard School of Engineering and Applied Sciences Computer Science 152

TYPE INFERENCE. François Pottier. The Programming Languages Mentoring ICFP August 30, 2015

Programming with Universes, Generically

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

(Refer Slide Time: 4:00)

CSE 505: Concepts of Programming Languages

Where is ML type inference headed?

Programming Languages Assignment #7

Outline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context

Lecture #23: Conversion and Type Inference

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

More Lambda Calculus and Intro to Type Systems

Conversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";

A Specification for Dependently-Typed Haskell (Extended version)

Typing Control. Chapter Conditionals

Gradual Typing for Functional Languages. Jeremy Siek and Walid Taha (presented by Lindsey Kuper)

Adding GADTs to OCaml the direct approach

CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008

Basic Foundations of Isabelle/HOL

Calculus of Inductive Constructions

Simply-Typed Lambda Calculus

Combining Programming with Theorem Proving

Meta-programming with Names and Necessity p.1

Programming with Types

GADTs. Wouter Swierstra and Alejandro Serrano. Advanced functional programming - Lecture 7. [Faculty of Science Information and Computing Sciences]

Review. CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Let bindings (CBV) Adding Stuff. Booleans and Conditionals

CS-XXX: Graduate Programming Languages. Lecture 17 Recursive Types. Dan Grossman 2012

CMSC 330: Organization of Programming Languages. Operational Semantics

GADTs. Alejandro Serrano. AFP Summer School. [Faculty of Science Information and Computing Sciences]

Static and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012

Lambda Calculus and Type Inference

CS153: Compilers Lecture 15: Local Optimization

Mutable References. Chapter 1

Pattern Matching and Abstract Data Types

Part III. Chapter 15: Subtyping

GADTs. Wouter Swierstra. Advanced functional programming - Lecture 7. Faculty of Science Information and Computing Sciences

CSE-505: Programming Languages. Lecture 20.5 Recursive Types. Zach Tatlock 2016

Unifying Nominal and Structural Ad-Hoc Polymorphism

Typing Data. Chapter Recursive Types Declaring Recursive Types

Part III Chapter 15: Subtyping

COMP 1130 Lambda Calculus. based on slides by Jeff Foster, U Maryland

Let Arguments Go First

Flang typechecker Due: February 27, 2015

4.5 Pure Linear Functional Programming

Typed Lambda Calculus and Exception Handling

Generic Programming With Dependent Types: II

ATS: a language to make typeful programming real and fun

Structural polymorphism in Generic Haskell

The Polymorphic Blame Calculus and Parametricity

The Substitution Model

CS 11 Haskell track: lecture 1

Symmetry in Type Theory

CS558 Programming Languages

Universes. Universes for Data. Peter Morris. University of Nottingham. November 12, 2009

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Types and Type Inference

Ornaments in ML. Thomas Williams, Didier Rémy. April 18, Inria - Gallium

Higher-Order Intensional Type Analysis. Stephanie Weirich Cornell University

Lecture 8: Summary of Haskell course + Type Level Programming

l e t print_name r = p r i n t _ e n d l i n e ( Name : ^ r. name)

Refined typechecking with Stardust

Optimising Functional Programming Languages. Max Bolingbroke, Cambridge University CPRG Lectures 2010

Lecture 5: The Untyped λ-calculus

Combining Proofs and Programs in a Dependently Typed Language

CSE 505: Programming Languages. Lecture 10 Types. Zach Tatlock Winter 2015

CSCI-GA Scripting Languages

MPRI course 2-4 Functional programming languages Exercises

CSE-321 Programming Languages 2010 Final

Type- & Example-Driven Program Synthesis. Steve Zdancewic WG 2.8, August 2014

Inductive Definitions, continued

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Type families and data kinds

Types, Universes and Everything

Recursive Types and Subtyping

Types for References, Exceptions and Continuations. Review of Subtyping. Γ e:τ τ <:σ Γ e:σ. Annoucements. How s the midterm going?

Polymorphic Types in ACL2

Transcription:

Dependent types and program equivalence Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg

Doing dependent types wrong without going wrong Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg

What are dependent types? Types that depend on elements of other types. Examples: vec n type of lists of length in Generalized tries PADS Type of ASTs that represent well-typed code Statically enforce expressive program properties BST ops preserve BST invariants CompCert compiler

Two sorts in practice today Pure everywhere Types indexed by actual computations, everything is pure (terminating) Pure types only Types indexed by a pure language, separate from impure computations Decidable type checking Easy to connect type system to actual computation Uniform reasoning independent of phase Total correctness Not really a programming language Examples: Coq, Epigram, Agda2 Decidable type checking Expressive computation language, including nontermination, state & control effects, etc Index language may have minimal similarity to computation language, both in syntax and semantics "Partial" Correctness Examples: DML, ATS, mega, Haskell

Let s do it wrong What about languages that are impure everywhere? Deliberately allow nonterminating terms in types Type:Type [Cardelli 86], Cayenne [Augustsson 98] What does a type soundness proof for such a language look like? Note: type checking undecidable Advantages Linguistic uniformity, reasoning does not depend on phase Programming language, not a logic Disadvantages How to type check? Partial correctness

What else do we want? Syntactic type soundness proof Easily extensible Strong eliminators "If x = true then int else bool" Important for expressivity, refinements, etc. Call-by-value language If we have an impure language, we must fix the evaluation order CBV has better treatment of control effects "Modular" metatheory Program equivalence is hard. Let's not commit to a particular definition.

"Pure everywhere" type system - PTS No distinction between types, terms, kinds e, τ, k ::= x λx.e e e' (x:τ 1 ) τ 2 T C case e { C i x i e i } One set of formation rules Γ e : τ Conversion rule uses beta-equivalence τ 1 and τ 2 are betaconvertible Γ e : τ 1 Γ τ 2 : s τ 1 ~ τ 2 Γ e : τ 2 Term equivalence is fixed by type system (and defined to be the same as type equivalence).

New vision Syntactic distinction between terms, types, and kinds k ::= (x:τ) τ ::= (x:τ 1 ) τ 2 T τ e case e T e' { C i x i τ i } e ::= x fun f (x) = e e e' C e case e { C i x i e i } Key syntactic changes Term language includes non-termination Curry-style, no types in expressions Convenient simplifications Datatypes have one index, data constructors have one argument (unit/products in paper) No polymorphism, no higher-kinded types (future work)

Parameterized term equivalence Given an "equivalence context" Δ ::=. Δ, e 1 = e 2 Assume the existence of program equivalence predicate iseq (Δ, e 1, e 2 ) Equality is untyped No guarantee that e 1 and e 2 have the same type No assumptions about the types of the free variables Rules do not use substitution, add to equivalence context instead

Type system Two sorts of judgments Equality for type, contexts, and kinds Formation for contexts, kinds, types and terms All judgments derivable from an inconsistent context incon (Δ) if there exist pure terms C i w i and C j w j such that iseq (Δ, C i w i, C j w j ) and C i C j Pure terms w ::= x fun f (x) = e C w

Typing rules (excerpt) Extract equivalence context

Typing rules for case

Type equivalence (excerpt)

Questions to answer What properties of iseq must hold to show preservation & progress? What instantiations of iseq satisfy these properties?

Necessary assumptions about iseq Is an equivalence class Contains evaluation: e e' implies iseq (Δ, e, e') Constructors are injective for pure arguments iseq (Δ, C w, C w') implies iseq (Δ, w, w') Empty context is consistent C C' implies iseq(., C w, C' w') does not hold Closed under pure substitution iseq (Δ, e, e') implies iseq (Δ{w/x}, e{w/x}, e'{w/x}) Preserved under contextual operations iseq ((Δ, e = e', Δ'), e 1, e 2 ) and iseq(δ, e, e') implies iseq (Δ Δ', e 1, e 2 ) iseq (Δ Δ'',e 1, e 2 ) implies iseq (Δ Δ' Δ'', e 1, e 2 ) iseq (Δ, e 1, e 2 ) and Δ = Δ' implies iseq (Δ', e 1, e 2 )

What satisfies these properties? Compare normal forms (ignoring Δ) Only types STLC terms Contextual equivalence (ignoring Δ) Only types STLC terms RST-closure of evaluation, constructor injectivity, and equivalence assumptions CBV Contextual equivalence modulo Δ Some strange equalities that identify nonterminating terms with terminating terms Safe to conclude iseq(let x = loop in 3, 3) as long as we don t conclude iseq(let x = loop in 3, loop) Safe to say iseq(loop,3) as long as we don t say iseq(loop, 4)

What about decidable type checking? All instantiations of iseq are undecidable Must contain evaluation relation Decidable approximations are type safe, but don t satisfy preservation Any types system that checks strictly fewer terms than a safe type system is safe Preservation important for compiler transformations Want to know that inlining always produces safe code Not really an issue: Decidable doesn't mean tractable

What about termination analysis? Like most type systems, only get "partial correctness" results: Σx:t. P(x) means If this expression terminates, then it produces a value of type t such that P holds Implications (P1 P2) may be bogus Termination analysis produces total correctness Termination/stage analysis is an optimization permits proof erasure in CBV language

Future work Add polymorphism, higher-order types Keep curry-style system for simple specification of iseq Annotated external language to aid type checking Similar to ICC* [Barras and Bernardo] Terms contain type annotations, but equality defined for erased terms Type checking still undecidable but closer to an algorithm Add control/state effects to computations Should we limit domain of iseq? Non-termination ok in types, but exceptions are not? Can we provide type/termination information to strengthen equivalence?

Conclusions What have we achieved? Uniform design Same reasoning for compile time as run time Not easy for CBV! Simple design Program equivalence isolated from type system Proved all metatheory in Coq in ~2 weeks (OTT + LNgen) General design Program equivalence not nailed down Lots of examples that satisfy preservation, not just type soundness

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback