Upload
imogene-dixon
View
32
Download
1
Embed Size (px)
DESCRIPTION
CSE-321 Programming Languages Dependent Types. 박성우. POSTECH June 5, 2006. runtime error. Untyped Lanugage. /* takes two integers and returns their sum */ fun add x y = x + y let s = add 1 2 let t = add "Oops" "Darn". Typed Lanugage. /* takes two integers and returns their sum */ - PowerPoint PPT Presentation
Citation preview
2
Untyped Lanugage
/* takes two integers and returns their sum */
fun add x y = x + y
let s = add 1 2
let t = add "Oops" "Darn"runtime error
3
Typed Lanugage
/* takes two integers and returns their sum */
val add : int -> int -> intfun add x y = x + y
let s = add 1 2
let t = add "Oops" "Darn"compile error
4
Types as Documentations
/* takes two integers and returns their sum */
val add : int -> int -> intfun add x y = x + y
• Types are formal documentations that the compiler recognizes.
• Types express properties of code.– "add takes two integers and returns an integer."
5
Types = Properties of Code?
/* takes two integers and returns their sum */
val add : ???fun add x y = x + y
• Then why not express this property instead:– "add takes two integers and returns their sum."
• What is the type for this property?– ???
6
Lesson• Rich type systems are always better!
– We can express more properties of code.– We can catch more error at compile time.– We can better maintain code.– ...
• Rich type systems are expensive, however.– Eg. System F
• rich type system• but type reconstruction is undecidable.
7
Dependent Types• A good compromise between
– expressivity• can express many useful properties of code.
– cost• decidable
• Theoretic foundation– dependent types = first-order logic
10
Dynamic Failure in Mainstream Languages
Solved problems: Random memory overwrites Memory leaks
Solveable: Accessing arrays out-of-bounds Dereferencing null pointers Integer overflow Accessing uninitialized variables
50% of the bugs in Unreal can be traced to these problems!
11
Analysis of the Unreal code
Usage of integer variables in Unreal:– 90% of integer variables in Unreal exist to index into arrays
• 80% could be dependently-typed explicitly,guaranteeing safe array access without casting.
• 10% would require casts upon array access.
– The other 10% are used for:• Computing summary statistics
• Encoding bit flags
• Various forms of low-level hackery
“For” loops in Unreal:– 40% are functional comprehensions
– 50% are functional folds
12
Array Types• Without dependent types
[| 1; 2; 3 |] : int array
• With dependent types
[| 1; 2; 3 |] : int array [3]
• Dependent array type– 'a array [n]
• array of type 'a with length n
13
Array Boundary Checking• Without dependent types
sub : 'a array * int -> 'aupdate : 'a array * int * 'a -> unit
• With dependent types
sub : 8n:nat. 8i:nat. {i < n}. 'a array [n] * int [i] -> 'a
update : 8n:nat. 8i:nat. {i < n}. 'a array [n] * int [i] * 'a -> unit
15
List Types• Without dependent types
[ 1; 2; 3 ] : int list
• With dependent types
[ 1; 2; 3 ] : int list [3]
• Dependent list type– 'a list [n]
• list of type 'a with length n
16
List Constructors• Nil
[] : 'a list [0]
• Cons :: : 8n:nat
'a -> 'a list [n] -> 'a list [n+1]
• Appendappend : 8m:nat. 8n:nat
'a list [m] -> 'a list [n] -> 'a list [m+n]
17
Filtering• Filter a list
filter : ('a -> bool) -> 'a list -> 'a listfilter f nil = nil| f (h :: t) = if f h then f :: filter t
else filter t
• With dependent types
filter : 8m:nat. 9n:nat. {n <= m}. ('a -> bool) -> 'a list [m] -> 'a list
[n]
18
Outline• Introduction V• Ex. Array boundary checking V• Ex. List length V• Ex. Dimension analysis
20
Mars Climate Orbiter Failure• Mars Climate Orbiter launched in 1998• Destroyed due to a navigation error• Cause?
– One module used English units (feet).– The other module expected metric units (meter).
• Lessons– Both modules were fine in isolation.– Programmers did not even know the existence of the bug
until the spacecraft was destroyed.– Stupidity:
• NASA scientists? No!• programming languages they used? Yes!
21
Dependent Types for Dimension • Annotate every float value with its dimension
– without dependent types1.0 : float
– with dependent types1.0 meter : float [L]
• Assign dependent types to arithmetic operators+. : 8D. float [D] * float [D] -> float [D]*. : 8D1. 8D2.
float [D1] * float [D2] -> float [D1 * D2]