1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

Slides:



Advertisements
Similar presentations
Sml2java a source to source translator Justin Koser, Haakon Larsen, Jeffrey Vaughan PLI 2003 DP-COOL.
Advertisements

Transposing F to C Transposing F to C Andrew Kennedy & Don Syme Microsoft Research Cambridge, U.K.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Tom Schrijvers K.U.Leuven, Belgium with Manuel Chakravarty, Martin Sulzmann and Simon Peyton Jones.
Type-based termination analysis with disjunctive invariants Dimitrios Vytiniotis, MSR Cambridge with Byron Cook (MSR Cambridge) and Ranjit Jhala (UCSD)
Type Inference David Walker COS 320. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Satisfiability Modulo Theories (An introduction)
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
Dependent Types in Practical Programming Hongwei Xi Oregon Graduate Institute.
Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati.
A.Darbari¹, B. Fischer², J. Marques-Silva³ ¹ARM, Cambridge ²University of Southampton ³University College Dublin Industrial-Strength.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
CS7100 (Prasad)L16-7AG1 Attribute Grammars Attribute Grammar is a Framework for specifying semantics and enables Modular specification.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
1 Meta-Programming through Typeful Code Representation Chiyan Chen and Hongwei Xi Boston University.
1 CPS Transform for Dependent ML Hongwei Xi University of Cincinnati and Carsten Schürmann Yale University.
Yongjian Li The State Key Laboratory of Computer Science Chinese Academy of Sciences William N. N. HungSynopsys Inc. Xiaoyu SongPortland State University.
Dependently Typed Pattern Matching Hongwei Xi Boston University.
May 1, 2003May 1, Imperative Programming with Dependent Types Hongwei Xi Boston University.
Facilitating Program Verification with Dependent Types Hongwei Xi Boston University.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Advanced Programming Handout 9 Qualified Types (SOE Chapter 12)
10 September Implementing Staged Computation Chiyan Chen and Hongwei Xi Boston University.
MinML: an idealized programming language CS 510 David Walker.
Administrative stuff On Thursday, we will start class at 11:10, and finish at 11:55 This means that each project will get a 10 minute presentation + 5.
Type Inference David Walker COS 441. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
1 Dependent Types in Practical Programming Hongwei Xi University of Cincinnati.
Type Inference David Walker CS 510, Fall Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs.
Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.
Dependent Types for Reasoning About Distributed Systems Paul Sivilotti - Ohio State Hongwei Xi - Cincinnati.
Type Inference: CIS Seminar, 11/3/2009 Type inference: Inside the Type Checker. A presentation by: Daniel Tuck.
Chapter 12 Qualified Types. Motivation  What should the principal type of (+) be? Int -> Int -> Int-- too specific a -> a -> a-- too general  It seems.
CS784 (Prasad)L167AG1 Attribute Grammars Attribute Grammar is a Framework for specifying semantics and enables Modular specification.
Have Your Verified Compiler And Extend It Too Zachary Tatlock Sorin Lerner UC San Diego.
Hoare logic for higher order store using simple semantics Billiejoe (Nathaniel) Charlton University of Sussex WoLLIC 2011.
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth
Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.
Semantics In Text: Chapter 3.
Implementing a Dependently Typed λ -Calculus Ali Assaf Abbie Desrosiers Alexandre Tomberg.
12/9/20151 Programming Languages and Compilers (CS 421) Elsa L Gunter 2112 SC, UIUC Based in part on slides by Mattox.
13 Aug 2013 Program Verification. Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.
COMP 412, FALL Type Systems C OMP 412 Rice University Houston, Texas Fall 2000 Copyright 2000, Robert Cartwright, all rights reserved. Students.
1 Interactive Computer Theorem Proving CS294-9 October 19, 2006 Adam Chlipala UC Berkeley Lecture 9: Beyond Primitive Recursion.
1 Interactive Computer Theorem Proving CS294-9 September 7, 2006 Adam Chlipala UC Berkeley Lecture 3: Data structures and Induction.
Lecture 11: Proof by Reflection
Type Checking and Type Inference
Programming Languages and Compilers (CS 421)
CSE-321 Programming Languages Simply Typed -Calculus
Types for Programs and Proofs
Sparkle a functional theorem prover
(One-Path) Reachability Logic
Automating Induction for Solving Horn Clauses
Imperative Programming with Dependent Types
Programming Languages and Compilers (CS 421)
Semantics In Text: Chapter 3.
Organization of Programming Languages
Sub-system interfaces
OBJ first-order functional language based on equational logic
Presentation transcript:

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati

2 Overview Motivation Program error detection at compile-time Compilation certification Termination Verification for Dependent ML Theoretical development Practical applications Conclusion

3 Program Error Detection Unfortunately one often pays a price for [languages which impose no disciplines of types] in the time taken to find rather inscrutable bugs — anyone who mistakenly applies CDR to an atom in LISP and finds himself absurdly adding a property list to an integer, will know the symptoms. -- Robin Milner A Theory of Type Polymorphism in Programming Therefore, a stronger type discipline allows for capturing more program errors at compile-time.

4 Some Advantages of Types Detecting program errors at compile-time Enabling compiler optimizations Facilitating program verification Using types to encode program properties Verifying the encoded properties through type- checking Serving as program documentation Unlike informal comments, types are formally verified and can thus be fully trusted

5 Compiler Correctness How can we prove the correctness of a (realistic) compiler? Verifying that the semantics of e is the same as the semantics of |e| for every program e But this simply seems too challenging (and is unlikely to be feasible) Source program e Target code | e | compilation |. ||. |

6 Compilation Certification Assume that  e  holds, i.e., e has the property  Then  e  should hold, too A compiler can be designed to produce a certificate to assert that  e  does have the property  Target code  e  :  e  holds Source program e:  e  holds compilation |. ||. |

7 Narrowing the Gap NuPrl Coq Program Extraction Proof Synthesis ML Dependent ML

8 Termination Verification Termination is a liveness property can not be verified at run-time is often proven with a well-founded metric that decreases whenever a recursive function call is made

9 Primitive Recursion datatype Nat with nat = Z(0) | {n:nat} S(n+1) of Nat(n) (* Z: Nat(0) S: {n:nat} Nat(n) -> Nat(n+1) *) fun (‘a) R Z u v = u | R (S n) u v = v n (R n u v) withtype {n:nat} Nat(n) -> ‘a -> (Nat -> ‘a -> ‘a) -> ‘a (* Nat is for [n:nat] Nat(n) *) =>

10 Ackermann Function in DML fun ack (m, n) = if m = 0 then n+1 else if n = 0 then ack (m-1, 1) else ack (m-1, ack (m, n-1)) withtype {m:nat,n:nat} int(m) * int(n) -> nat (* Note: nat = [a:int | a >=0] int(a) *) =>

11 What’s really new here? We present a formalism that allows the programmer to supply crucial information for facilitating program termination verification can smoothly integrate into a realistic programming language

12 ML 0: start point base types  ::= int | bool | (user defined datatypes) types  ::=  |       |      patterns p ::= x | c(p) | <> | match clauses ms ::= (p  e) | (p  e | ms) expressions e ::= x | f | c | if (e, e 1, e 2 ) | <> | | lam x: . e | fix f: . e | e 1 (e 2 ) | let x=e 1 in e 2 end | case e of ms values v ::= x | c | | lam x: . e context  ::=. | , x: 

13 Integer Constraint Domain We use a for index variables index expressions i, j ::= a | c | i + j | i – j | i * j | i / j | … index propositions P, Q ::= i j | i >= j | i = j | i <> j | P  Q | P  Q index sorts  ::= int | {a :  | P } index variable contexts  ::=. | , a:  | , P index constraints  ::= P | P   |  a:  

14 Dependent Types dependent types  ::=... |  (i) |  a: .  |  a: .  For instance, int(0), bool array(16); nat = [a:int | a >= 0] int(a); {a:int | a >= 0} int list(a) -> int list(a)

15 DML 0  ML 0 + dependent types expressions e ::=... | a: .v | e[i] | | open e 1 as in e 2 end values v ::=... | a: .v | typing judgment  e 

16 A Typing Rule  e  bool(i)  i  e 1:  i  e 2:   type-if   if (e, e 1, e 2 ): 

17 Metric Typing Judgments Definition (Metric) Let  = be a tuple of index expressions. We write   : metric if we have  i j :nat for 1  j  n. We use  a  for a decorated type We use the judgemnt  e  f    to mean that for each occurrence of f[i] in e,  [a->i]    holds, where f is declared in  to have type  a 

18 Some Metric Typing Rules  The rule (  app) is:  e 1      f    e 2    f      e 1( e 2):      f    The rule (  lab) is:  i  a  i    f  a     f  i  a  i  f  

19 DML 0,  The following typing rule is for forming functions:  a  f  a  |- e:   f   type-fun)   fun f  a  is e:  a 

20 Reducibility Definition Suppose that e is a closed expression of type  and e  * v holds for some value v.   is a base type. Then e is reducible          Then e is reducible if e(v 1 ) is reducible for every reducible value v 1 of type  .       Then e is reducible if v= and v 1, v 2 are reducible.     a: .    Then e is reducible if e[i] is reducible for every i: .     a: .    Then e is reducible if v= and v 1 is reducible.

21  -reducibility Definition Let e be a well-typed closed function fun f[a:  ]:  is v and   be a closed metric. e is   -reducible if e[i] is reducible for each i  satisfying  [a->i]   . Theorem Every closed expression e is reducible if it is well-typed in DML 0, 

22 Quicksort in DML fun qs [] = [] | qs (x :: xs) = par (x, xs, [], []) withtype {n:nat} int list(n) -> int list(n) and par (x, [], l, g) = qs (x :: qs (g)) | par (x, y :: ys, l, g) = if y <= x then par (x, ys, y :: l, g) else par (x, ys, l, y :: g) withtype {p:nat,q:nat,r:nat} int * int list(p) * int list(q) * int list(r) -> int list(p+q+r+1) =>

23 Contributions Novel type system design to facilitate termination verification Unobtrusive programming Theoretical foundation Prototype implementation and evaluation

24 Some Closely Related Work Termination and Reduction Checking in Logic Framework, Pientka and Pfenning Termination Analysis for Mercury, Speirs, Somogyi and S Ø ndergarrd Proving correctness of reactive systems using sized types, Hughes, Pareto and Sabry. Cost recurrences for DML programs, Bernd Grobauer.

25 End of the Talk Thank You! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.