1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

Slides:



Advertisements
Similar presentations
Types and Programming Languages Lecture 13 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Advertisements

Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Completeness and Expressiveness
Type Inference David Walker COS 320. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Problems and Their Classes
1 A simple abstract interpreter to compute Sign s.
1 Some abstract interpreters for type inference. 2 Types as abstract interpretations §inspired by a paper of Cousot (POPL ‘97), which l derives several.
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
Semantics Static semantics Dynamic semantics attribute grammars
Cs776 (Prasad)L4Poly1 Polymorphic Type System. cs776 (Prasad)L4Poly2 Goals Allow expression of “for all types T” fun I x = x I : ’a -> ’a Allow expression.
- Vasvi Kakkad.  Formal -  Tool for mathematical analysis of language  Method for precisely designing language  Well formed model for describing and.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.
Type checking © Marcelo d’Amorim 2010.
ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =
ISBN Chapter 3 Describing Syntax and Semantics.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
School of Computing and Mathematics, University of Huddersfield CAS810: WEEK 3 LECTURE: LAMBDA CALCULUS PRACTICAL/TUTORIAL: (i) Do exercises given out.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.
Control Flow Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =
Catriel Beeri Pls/Winter 2004/5 type reconstruction 1 Type Reconstruction & Parametric Polymorphism  Introduction  Unification and type reconstruction.
1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.
1 Combining verification and analysis. 2 CONCLUSIONS ON VERIFICATION  denotational abstract interpreters have the extra-value of being easily transformed.
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
1 Abstraction and Approximation via Abstract Interpretation: a systematic approach to program analysis and verification Giorgio Levi Dipartimento di Informatica,
Prof. Aiken CS 294 Lecture 21 Abstract Interpretation Part 2.
Describing Syntax and Semantics
Programming Language Semantics Denotational Semantics Chapter 5 Part III Based on a lecture by Martin Abadi.
Type Inference: CIS Seminar, 11/3/2009 Type inference: Inside the Type Checker. A presentation by: Daniel Tuck.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.
Copyright © Cengage Learning. All rights reserved. CHAPTER 11 ANALYSIS OF ALGORITHM EFFICIENCY ANALYSIS OF ALGORITHM EFFICIENCY.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
CSE S. Tanimoto Lambda Calculus 1 Lambda Calculus What is the simplest functional language that is still Turing complete? Where do functional languages.
Lambda Calculus History and Syntax. History The lambda calculus is a formal system designed to investigate function definition, function application and.
© Kenneth C. Louden, Chapter 11 - Functional Programming, Part III: Theory Programming Languages: Principles and Practice, 2nd Ed. Kenneth C. Louden.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
CS 363 Comparative Programming Languages Semantics.
Formal Semantics Chapter Twenty-ThreeModern Programming Languages, 2nd ed.1.
© Kenneth C. Louden, Chapter 11 - Functional Programming, Part III: Theory Programming Languages: Principles and Practice, 2nd Ed. Kenneth C. Louden.
Arvind Computer Science and Artificial Intelligence Laboratory M.I.T. L06-1 September 26, 2006http:// Type Inference September.
CSE 230 The -Calculus. Background Developed in 1930’s by Alonzo Church Studied in logic and computer science Test bed for procedural and functional PLs.
Semantics In Text: Chapter 3.
Types and Programming Languages Lecture 6 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Implementing a Dependently Typed λ -Calculus Ali Assaf Abbie Desrosiers Alexandre Tomberg.
12/9/20151 Programming Languages and Compilers (CS 421) Elsa L Gunter 2112 SC, UIUC Based in part on slides by Mattox.
1 Compiler Construction (CS-636) Muhammad Bilal Bashir UIIT, Rawalpindi.
1 Reasoning with Infinite stable models Piero A. Bonatti presented by Axel Polleres (IJCAI 2001,
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 13: Abstract Interpretation V Roman Manevich Ben-Gurion University.
8.1 8 Algorithms Foundations of Computer Science  Cengage Learning.
COMP 412, FALL Type Systems II C OMP 412 Rice University Houston, Texas Fall 2000 Copyright 2000, Robert Cartwright, all rights reserved. Students.
Types and Programming Languages Lecture 14 Simon Gay Department of Computing Science University of Glasgow 2006/07.
School of Computing and Mathematics, University of Huddersfield CAS810: WEEK 8 LECTURE: LAMBDA CALCULUS SEMANTICS TUTORIAL: exercises.
Chaotic Iterations Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Abstraction and Abstract Interpretation. Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we.
1 Abstract interpretation Giorgio Levi Dipartimento di Informatica, Università di Pisa
COMP 412, FALL Type Systems C OMP 412 Rice University Houston, Texas Fall 2000 Copyright 2000, Robert Cartwright, all rights reserved. Students.
Arvind Computer Science and Artificial Intelligence Laboratory M.I.T. L05-1 September 21, 2006http:// Types and Simple Type.
Lesson 10 Type Reconstruction
CS5205: Foundation in Programming Languages Type Reconstruction
Programming Languages and Compilers (CS 421)
Axiomatic Number Theory and Gödel’s Incompleteness Theorems
ML: a quasi-functional language with strong typing
Symbolic Implementation of the Best Transformer
Presentation transcript:

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER

2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la ML § getting a better understanding of the relation between the l type systems l abstract interpretation approaches to property inference

3 THE STARTING POINT § abstract interpretation l Monsuez’s reconstruction [FSTTCS 92, SAS 93] as computation of an abstract semantics l Cousot’s systematic derivation by abstract interpretation [POPL 97] of a hierarchy of type systems and type inference algorithms § type systems l Hindley’s monomorhic types l let-polymorphic types à la ML, with monomorphic recursion Damas-Milner’s algorithm (DM) for type inference l polymorphic recursion

4 THE FOUNDATIONS OF OUR EXPERIMENT 1 § most of the technical results are taken from Cousot 97 the concrete semantics is the collecting version of the denotational semantics of eager untyped -calculus, without let and with (mutual) recursion the abstract domain is the one defined for monomorphic types terms (monotypes with variables)  idempotent substitutions the abstract partial order is based on the instantiation relation on terms – t 1  t 2, if t 2 is an instance of t 1 the abstract domain is non-Noetherian

5 THE FOUNDATIONS OF OUR EXPERIMENT 2  the abstract semantics corresponding to the Damas-Milner type inference algorithm l which is the same as Hindley’s monomorphic types in a language with no “let” construct is obtained in Cousot 97 by abstracting a polymorphic recursion semantics (à la Mycroft)  the last abstraction removes the fixpoint computation (which would be needed in the case of recursive functions) since there is no fixpoint computation in the DM algorithm  why? the fixpoint computation might diverge since the abstract domain is non- noetherian § the DM algorithm can be understood (Monsuez 1992) as the application of a widening operator (based on unification) after the first iteration

6 OUR CONTRIBUTION: THE ALGORITHM  the Hindley and ML inference algorithms handle recursive definitions by means of a mechanism which can be explained in terms of a widening operator consisting of 1 abstract fixpoint computation step a unification  our algorithm handles recursion by performing k abstract fixpoint computation steps the unification, only if we have not reached the fixpoint as done by Monsuez in the case of polymorphic types

7 OUR CONTRIBUTION: THE RESULTS 1  if we perform just one fixpoint computation step (k = 1), we get exactly the ML result  for every k > 1, either we reach the least fixpoint which is in general more precise than the ML result or we get exactly the same result as ML  we get an improvement in precision only if we reach the least fixpoint in k steps different from what claimed by Monsuez

8 OUR CONTRIBUTION: THE RESULTS 2  the resulting abstract semantics lies between the Damas- Milner semantics and the Mycroft semantics in the Cousot’s hierarchy  the corresponding type system turns out to lie between monomorphic types and polymorphic recursion  the algorithm is much simpler than the one for polymorphic recursion no need for quantification in type terms no type generalization in the fixpoint computation, hence no polymorphic recursion  it succeeds in typing all the programs used to show the power of polymorphic recursion

9 PLAN OF THE LECTURE § the type abstract interpreter l the abstract semantics described by rules l the widenings l discussion and examples  which type system? between monomorphic and polymorphic recursion looking at the interpreter a new simple and powerful type system? § conclusion l the type system approach to static analysis can profitably import techniques from abstract interpretation

10 LANGUAGE AND MONOTYPES  untyped eager -calculus x, f, …  X: program variables e, e 1, …  E: program expressions  e::= id x | x.e | e 1 + e 2 | if e 1 then e 2 else e 3 | int n | e 1 (e 2 ) |  f. x. e  in the Church/Curry monotype semantics the type of an expression e is a set of typings stating that the standard evaluation of e in an environment where the global variables x have type H(x) given by the type environment H returns a value of type m (monotype)

11 MONOTYPES WITH VARIABLES  Hindley’s algorithm finds the principal typing for the Church/Curry monotype system an exact representation for all possible typings  Hindley’s algorithm uses the domain of Herbrand terms monotypes with variables  reconstructed as an abstract interpreter by Cousot [POPL 97]  is the same as the ML and Damas-Milner algorithms on the fragment without let polymorphism

12 THE TYPE INFERENCE ABSTRACT INTERPRETER 1 § our implementation (in OCaML) of the abstract semantics, apart from the case of recursion, is essentially the DM algorithm implementation in Cousineau-Mauny 98 § mutual recursion in the examples only § ML’s notation for concrete syntax and types

13 THE TYPE INFERENCE ABSTRACT INTERPRETER 2  the abstract semantics of an expression e in a given type environment H produces the type  of the expression e together with some constraint  on the type variables in H the intuition is that the constraint  is how H should be instantiated in order for e to have the type   the rules of the abstract type interpreter use apply( , t)=  (t)  unify(a=b,  1,  2 ) computes the solved form of the set of equations { a=b, x 1 i = t 1 i, x 2 i = t 2 i } with x 1 i / t 1 i   1 and x 2 i / t 2 i   2

14 THE RULES 1 H |- int n  (int,  ) H |- id x  H(x) H |- e 1  (  1,  1 ) H |- e 2  (  2,  2 )  = unify({  1 =int,  2 =int,  1,  2 }) H |- e 1 + e 2  (apply( ,  1 ),  )

15 THE RULES 2 H |- e 1  (  1,  1 ) H |- e 2  (  2,  2 ) H |- e 3  (  3,  3 )  = unify({  1 =int,  2 =  3,  1,  2,  3 }) H |- if e 1 then e 2 else e 3  (apply( ,  2 ),  ) H |- e 1  (  1,  1 ) H |- e 2  (  2,  2 )  = unify({  1 = f 1  f 2,  2 = f 1,  1,  2 }) H |- e 1 e 2  (apply( ,f 2 ),  ) H [x  (f 1,  )] |- e  ( ,  )  1 = apply( ,f 1 ) H |- x.e  (  1 ,  )

16 THE RULES FOR RECURSION if we abstract systematically the concrete semantics, the abstract semantics of recursion should be an abstract fixpoint computation H |-  f. x.e  T n-1 (  1,  1 ) H |-  f. x.e  T n (  2,  2 ) (  1,  1 ) = (  2,  2 ) H |-  f. x.e  (  2,  2 ) H |-  f. x.e  T n-1 (  1,  1 ) H |- (  f. x.e,(  1,  1 ))  f  ( ,  ) H |-  f. x.e  T n ( ,  ) H |-  f. x.e  T 0 (f 1,  ) H[f  ( ,  )] |- x.e  (  1,  1 ) H |- (  f. x.e,( ,  ))  f (  1,  1 )

17 RECURSION AND WIDENING  we have infinite ascending chains we are not guaranteed to be able to find a solution in a finite number of steps the abstract computation for the expression  f. x.f does not terminate  we introduce a family of widening operators obtained by generalizing the operator introduced by the Hindley’s inference algorithm used also in ML # let rec f x = f;; This expression has type 'a -> 'b but is here used with type 'b.

18 THE FAMILY OF WIDENINGS H |-  f. x.e  wid k ( ,  ) H |-  f. x.e  ( ,  ) H |-  f. x.e  wid k-1 (  1,  1 ) H |- (  f. x.e,(  1,  1 ))  f  ( ,  ) (  1,  1 ) = ( ,  ) H |-  f. x.e  wid k ( ,  ) H |-  f. x.e  wid k-1 (  1,  1 ) H |- (  f. x.e,(  1,  1 ))  f  ( ,  ) not((  1,  1 ) = ( ,  ))  = unify({  1  = ,  }) H |-  f. x.e  wid k (apply( ,  1 ),  H |-  f. x.e  wid 0 (f 1,  ) H[f  ( ,  )] |- x.e  (  1,  1 ) H |- (  f. x.e,( ,  ))  f (  1,  1 )

19 PROPERTIES OF OUR ABSTRACT SEMANTICS 1 Theorem 1 the Hindley’s algorithm is equivalent to our abstract semantics, with the choice of k = 1 Theorem 2 the relation  wid k defines a family of widening operators which return a correct approximation of the abstract least fixpoint

20 PROPERTIES OF OUR ABSTRACT SEMANTICS 2 widenings with more iterations might lead to more precise results as claimed by Monsuez false! Theorem 3 if H |-  f. x.e  wid h (  1,  1 ) and H |-  f. x.e  wid k (  2,  2 ) then (  1,  1 )  (  2,  2 ) unless one of the two is the least fixpoint

21 EXAMPLE 1 # let rec f f1 g n x = if n=0 then g(x) else f(f1)(function x -> (function h -> g(h(x)))) (n-1) x f1;; This expression has type ('a -> 'a) -> 'b but is here used with type 'b.  we succeed in typing it with two more iterations, obtaining the type val f:('a-> 'a) -> ('a-> 'b) -> int-> 'a-> 'b = the inferred type is the least fixpoint Cousot computes the same type using a polytype system á la Church-Curry § a function which cannot be typed by ML, from Cousot 97 f f1 g n x = g(f1 n (x))

22 TRACE OF THE COMPUTATION 1 step 0  0 ='a1  0 =  step 1  1 ='a5->('a4->'a2)->int->'a4->'a2  1 = {'a1='a5->('a3->(('a3->'a4)->'a2))->int->'a4 ->('a5->'a2)} unification in widening fails {'a4='a3, 'a2=('a3->'a3)->'a2, …} This expression has type ('a -> 'a) -> 'b but is here used with type 'b.

23 TRACE OF THE COMPUTATION 2 step 1  1 ='a5->('a4->'a2)->int->'a4->'a2  1 = {'a1='a5->('a3->(('a3->'a4)->'a2))->int->'a4 ->('a5->'a2)} step 2  2 = ('a7->'a7)->('a7->'a6)->int->'a7->'a6  2 = {'a2=('a7->'a7)->'a6} unification in widening fails {'a5='a7->'a7, 'a4='a7, 'a6=('a7->'a7)->'a6, …}

24 TRACE OF THE COMPUTATION 3 step 2  2 = ('a7->'a7)->('a7->'a6)->int->'a7->'a6  2 = {'a2=('a7->'a7)->'a6} step 3 (fixpoint!)  3 =('a->'a)->('a->’b)->int->’a->’b  3 = {'a6=('a->'a)->'b, 'a7='a }

25 EXAMPLE 2 [Monsuez 92]  ML’s typing # let rec f x = (function x -> function y -> x) 0 (f 0);; val f: int -> int =  we succeed in getting a more precise type with two more iterations val f: 'a -> int =  Monsuez gets the same type by polymorphic recursion

26 EXAMPLE 3: mutual recursion [Monsuez 93]  ML’s typing # let rec p x = if q x = q 1 then p x else p x and q x = p 1;; val p: int -> 'a = val q: int -> 'a =  we succeed in getting a more precise type with two more iterations val p: 'a -> ’b = val q: 'a -> ’b =  Monsuez gets the same type by polymorphic recursion

27 WHICH TYPE SYSTEM  the main difference between Hindley’s algorithm and our abstract type interpreter lies in the way we deal with recursive definitions  the examples show that we are more precise  why?

28 MONOMORPHIC TYPE SYSTEMS  each function application needs to have the same type  such a type is exactly the type of the recursive function  in the Hindley’s algorithm each instantiation of the type of a recursive function produced by a function application has a direct effect in “guessing” the type of the recursive function  the instantiation produced by a function application has to produce the same instantiation on the type of the recursive function itself

29 POLYMORPHIC TYPE SYSTEMS  each function application can have any type which is an instance of the recursive function type  the instantiation of the type of a recursive function in a function application does not produce the same instantiation on the type of the recursive function itself  different function applications of a recursive function can lead to different (possibly incompatible) instantiations of the recursive function type

30 OUR TYPE SYSTEM  a form of recursion which lies between monomorphism and polymorphic recursion  each function application can have any type which is an instance of the recursive function type as long as all these different instances are compatible  different function applications of a recursive function can lead to different (but compatible) instantiations of the recursive function type

31 Inside The Fixpoint Computation  we collect all the constraints produced by the different function applications in each abstract fixpoint computation step  the instantiations must be compatible, i.e., they must produce a satisfiable constraint  we never apply the constraint to the type of the recursive function  the instantiation of the type of a recursive function in a function application does not produce the same instantiation on the type of the recursive function itself

32 In The Middle for all the types checked by the Church/Curry monotype system there exists a principal type computed by our abstract type interpreter there are types which can be inferred by our abstract type interpreter which can not be checked by the Church/Curry monotype system any type that can be inferred with our abstract type interpreter can indeed be checked by the Damas-Milner-Mycroft polytype system

33 POLYMOPHIC RECURSION À LA Damas-Milner-Mycroft  universally quantified types are inserted in the environment after having been generalized  all the free type variables are universally quantified  any instance by renaming and instantiating universally quantified variables whenever needed in a function application

34 OUR POLYMOPHIC RECURSION  our abstract domain is much simpler it is the standard monomorphic types with variables domain without quantification no type generalization  the Damas-Milner-Mycroft polytype system could check an expression where the recursive function is called with two incomparable instances this case seems not to arise in meaningful programs  all the examples introduced as a motivation for polymorphic recursion can indeed be typed by our abstract interpreter

35 WHAT DO WE LEARN FROM THE EXAMPLES? § by computing better approximations of the fixpoints (bounded iteration + possible widening) in the abstract semantics of recursive functions l we succeed in inferring more precise types l we solve some problems of the ML type inference algorithm without resorting to more complex type systems § example 1 is typed by Cousot using a polytype system à la Church- Curry (and a fixpoint computation) § example 2 is typed by Monsuez (and Mycroft) using polymorphic recursion (and a fixpoint computation)

36 FROM TYPE SYSTEMS TO TYPE INFERENCE  type systems are very important to handle a large class of properties functional and object-oriented programming calculi for concurrency and mobility  the type system directly reflects the property we are interested in  typing rules are easy to understand  it is often hard to move from the typing rules to the type inference algorithm systematic techniques are needed abstract interpretation provides some of these techniques

37 FROM TYPE SYSTEMS TO TYPE INFERENCE  which information needs to be added to types in order to perform an accurate inference? the DM algorithm adds idempotent substitutions a kind of relational information [Monsuez 92], very often used in abstract domains, to achieve a better precision in the abstract computation the theory of abstract interpretation provides techniques for the systematic refinement of domains, which can be very useful to systematically transform the property of interest into a good (possibly complete) abstract domain  how to cope with fixpoint approximation abstract interpretation tells us when we can safely compute abstract fixpoints and when and how we should use widening operators

38 REFERENCES  R. Gori and G. Levi. An Experiment in Type Inference and Verification by Abstract Interpretation Verification, Model Checking and Abstract Interpretation, Third Int’l Workshop, VMCAI 2002, Venice A. Cortesi, Ed., LNCS 2294, , 2002  R. Gori and G. Levi. Properties of a Type Abstract Interpreter Verification, Model Checking and Abstract Interpretation, Fourth Int’l Workshop, VMCAI 2003, New York L. Zuck et al., Eds., LNCS 2575, , 2003