Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Model of Substructural State

Published byArttu Kokkonen Modified over 5 years ago

Similar presentations

Presentation on theme: "A Model of Substructural State"— Presentation transcript:

1 A Model of Substructural State
Matthew Fluet Cornell University

2 Introduction Forms of “uniqueness” are appearing in programming languages Feb. 25, 2005

3 Introduction Forms of “uniqueness” are appearing in programming languages Cyclone – affine pointers, which may be discarded, but not duplicated allow fine grained memory management Vault – linear keys, which may be neither discarded nor duplicated enforce resource management protocols Feb. 25, 2005

4 Introduction Forms of “uniqueness” are appearing in programming languages Cyclone – affine pointers, which may be discarded, but not duplicated allow fine grained memory management Vault – linear keys, which may be neither discarded nor duplicated enforce resource management protocols C / Java / SML – unrestricted objects that may be both discarded and duplicated Feb. 25, 2005

5 Introduction But, programming with only unique objects is much too painful Both Cyclone and Vault allow a programmer to put unique objects in shared objects Impose a variety of restrictions to ensure that these mixed objects behave in a safe manner Feb. 25, 2005

6 Introduction Natural to study a core language with mutable references of all flavors Feb. 25, 2005

7 Linear Affine Relevant Unrestricted Qualifiers Discard Duplicate
Feb. 25, 2005

8 Unique objects – may be “used” at most once
Qualifiers Unique objects – may be “used” at most once Linear Affine Discard Relevant Duplicate Unrestricted Discard,Duplicate Shared objects – may be copied Feb. 25, 2005

9 must be “used” at least once
Qualifiers must be “used” at least once Linear Affine Discard Relevant Duplicate Unrestricted Discard,Duplicate may be dropped Feb. 25, 2005

10 Introduction Natural to study a core language with mutable references of all qualifiers Raises design questions: What does it mean to copy or drop a ref? What operations make sense on different refs? What combinations of qualifiers for a reference and its contents make sense? Can one construct a reasonable model for such a language? Feb. 25, 2005

11 Outline A Substructural Type System … with References Model Teaser
Feb. 25, 2005

12 A Substructural Type System
Qualifiers q ::= U j R j A j L PreTypes t ::= 1 j t1 ­ t2 j t1 ( t2 Types t ::= qt Feb. 25, 2005

13 A Substructural Type System
Non-examples U(At1 ­ At2), U(Rt1 ­ Rt2), U(Lt1 ­ Lt2) Feb. 25, 2005

14 A Substructural Type System
Non-examples U(At1 ­ At2), U(Rt1 ­ Rt2), U(Lt1 ­ Lt2)    copy hv1,v2i ! hhv1,v2i,hv1,v2ii v1 and v2 may be used more than once Feb. 25, 2005

15 A Substructural Type System
Non-examples U(At1 ­ At2), U(Rt1 ­ Rt2), U(Lt1 ­ Lt2)    copy hv1,v2i ! hhv1,v2i,hv1,v2ii v1 and v2 may be used more than once Feb. 25, 2005

16 A Substructural Type System
Non-examples U(At1 ­ At2), U(Rt1 ­ Rt2), U(Lt1 ­ Lt2)    copy hv1,v2i ! hhv1,v2i,hv1,v2ii drop hv1,v2i ! hi v1 and v2 may be used more than once v1 and v2 are not used Feb. 25, 2005

17 A Substructural Type System
Non-examples U(At1 ­ At2), U(Rt1 ­ Rt2), U(Lt1 ­ Lt2)    copy hv1,v2i ! hhv1,v2i,hv1,v2ii drop hv1,v2i ! hi v1 and v2 may be used more than once v1 and v2 are not used Feb. 25, 2005

18 … with References PreTypes t ::= … j ref t Feb. 25, 2005

19 … with References Examples? U(ref Ut), U(ref Rt), U(ref At), U(ref Lt)
Feb. 25, 2005

20 … with References Examples? U(ref Ut), U(ref Rt), U(ref At), U(ref Lt)
copy l ! hl,li drop l ! hi l may be used more than once; but contents are not copied l may is not used; and contents are dropped Feb. 25, 2005

21 … with References Examples? U(ref Ut), U(ref Rt), U(ref At), U(ref Lt)
    copy l ! hl,li drop l ! hi l may be used more than once; but contents are not copied l may is not used; and contents are dropped Feb. 25, 2005

22 Operations on Substructural State
Ops Contents and Ops Ref U R A L shared new weak updates read write swap write swap read swap swap unique new free strong updates Feb. 25, 2005

23 A Model of Substructural State
Model a type as a set of tuples of qualifier, value, and local store typing «t¬ ::= { (q,y,v), …} Model a local store typing as a partial map from locations to qualifiers and types y ::= { l a (q,«t¬), … } Feb. 25, 2005

24 A Model of Substructural State
Model a type as a set of tuples of qualifier, value, and local store type Model a local store type as a partial map from locations to qualifiers and types Local store of v only defined on those locations that appear as sub-expressions of v Feb. 25, 2005

25 A Model of Substructural State
Model a type as a set of tuples of qualifier, value, and local store type Model a local store type as a partial map from locations to qualifiers and types Local store of v only defined on those locations that appear as sub-expressions of v Further restrictions to rule out  stores Feb. 25, 2005

26 A Model of Substructural State
Why only a local store type? Storing a unique object in a shared reference “hides” the unique object Using the global store – difficult to identify the “real” occurrence of a unique location Feb. 25, 2005

27 A Model of Substructural State
How can we check that a global store satisfies a local store type? Use a Garbage Collector Feb. 25, 2005

28 Store Satisfaction store satisfies Feb. 25, 2005 s l4 a v4 l7 a v7 y
l1 a t1 l2 a v2 l9 a v9 l2 a t2 l3 a v3 l6 a v6 l3 a t3 Feb. 25, 2005

29 Store Satisfaction store satisfies These are the roots Feb. 25, 2005 s
l4 a v4 l7 a v7 y l1 a v1 l5 a v5 l8 a v8 l1 a t1 l2 a v2 l9 a v9 l2 a t2 l3 a v3 l6 a v6 l3 a t3 These are the roots Feb. 25, 2005

30 Store Satisfaction store satisfies if there exists a set of locations
l4 a v4 l7 a v7 y l1 a v1 l5 a v5 l8 a v8 l1 a t1 l2 a v2 l9 a v9 l2 a t2 l3 a v3 l6 a v6 l3 a t3 if there exists a set of locations N l4 l7 l5 l9 l6 These are the non-roots Feb. 25, 2005

31 Store Satisfaction and local store types yl (l 2 dom(y) ] N) that merge These are the child locations traced from the contents of l Feb. 25, 2005

32 The local store types are compatible (non-contradictory)
Store Satisfaction and local store types yl (l 2 dom(y) ] N) that merge = y ¯ ¯l 2 dom(y) ] N yl Y* l4 a t4 l7 a t7 l1 a t1 l5 a t5 l2 a t2 l9 a t9 l3 a t3 l6 a t6 The global store type The local store types are compatible (non-contradictory) Feb. 25, 2005

33 Don’t trace a unique location more than once
Store Satisfaction and local store types yl (l 2 dom(y) ] N) that merge = y ¯ ¯l 2 dom(y) ] N yl Y* l4 a t4 l7 a t7 l1 a t1 l5 a t5 l2 a t2 l9 a t9 l3 a t3 l6 a t6 The global store type Don’t trace a unique location more than once Feb. 25, 2005

34 Store Satisfaction to describe the store Feb. 25, 2005 l1 a v1 : t1
s : Y* l2 a v2 : t2 l3 a v3 : t3 l4 a v4 : t4 l5 a v5 : t5 l6 a v6 : t6 l7 a v7 : t7 l8 a v8 l9 a v9 : t9 Feb. 25, 2005

35 Conclusion and Future Work
Core language, type-system, and model Model more advanced features Cyclone – alias construct allows a unique pointer to be treated as shared for a limited scope Vault – focus construct allows a shared object to be treated as unique for a limited scope Feb. 25, 2005

36 Feb. 25, 2005

37 Structural Lemmas Exchange: Contraction: Weakening:
If G1,x1:t1,x2:t2,G2 ` e : t, then G1,x2:t2,x1:t1,G2 ` e : t. Contraction: If G1,x1:tx,x2:tx,G2 ` e : t, then G1,x:tx,G2 ` e[x/x1][x/x2] : t. Weakening: If G ` e : t, then G,x:tx ` e : t. Feb. 25, 2005

38 Structural Lemmas Exchange: Contraction: Duplicate Weakening: Discard
If G1,x1:t1,x2:t2,G2 ` e : t, then G1,x2:t2,x1:t1,G2 ` e : t. Contraction: Duplicate If G1,x1:tx,x2:tx,G2 ` e : t, then G1,x:tx,G2 ` e[x/x1][x/x2] : t. Weakening: Discard If G ` e : t, then G,x:tx ` e : t. Feb. 25, 2005

39 Linear Affine Relevant Unrestricted Qualifiers Exch Exch,Weak
Exch,Cntr Unrestricted Exch,Cntr,Weak Feb. 25, 2005

40 Structural Lemmas Revisited
Contraction: If q ¹ R and G1,x1:qtx,x2:qtx,G2 ` e : t, then G1,x1:qtx,G2 ` e[x/x1][x/x2] : t. Weakening: If q ¹ A and G ` e : t, then G,x:qtx ` e : t. Feb. 25, 2005

41 Operational Semantics
s ::= {l1 a v1, …, ln a vn} (s, new v) ! (s ] {l a v}, l) (s ] {l a v}, free l) ! (s, v) (s ] {l a v}, rd l) ! (s ] {l a v}, hl, vi) (s ] {l a v1}, wr l v2) ! (s ] {l a v2}, l) (s ] {l a v1}, sw l v2) ! (s ] {l a v2}, hl, v1i) Feb. 25, 2005

42 A Model of Substructural State
Model a type as a set of tuples of qualifier, value, and local store type Model a local store type as a partial map from locations to qualifiers and types Feb. 25, 2005

43 A Model of Substructural State
Model a type as a set of tuples PreType = Ã(Qual £ Value £ LocStore) Type = PreType Model a local store type as a partial map LocStore = Locs ! (Qual £ Type)? Cardinality problem is handled by stratifying definitions with “# of steps to run the program” Feb. 25, 2005

44 A Model of Substructural State
PreType = { c 2 Ã(Qual £ Value £ LocStore) j for all (q,v,y) 2 c, each location in y is mapped to a qualifier ¹ q } Type = { c 2 PreType j all qualifiers in c are the same } LocStore = { y 2 Locs ! (Qual £ Type)? j each location is mapped to a type consistent with the location’s qualifier } Feb. 25, 2005

Download ppt "A Model of Substructural State"

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Memory Consistency Models Kevin Boos. Two Papers Shared Memory Consistency Models: A Tutorial – Sarita V. Adve & Kourosh Gharachorloo – September 1995.

Memory Consistency Models Kevin Boos. Two Papers Shared Memory Consistency Models: A Tutorial – Sarita V. Adve & Kourosh Gharachorloo – September 1995.
Programming Languages and Paradigms

Programming Languages and Paradigms
Relational Algebra Jianlin Feng School of Software SUN YAT-SEN UNIVERSITY courtesy of Joe Hellerstein for some slides.

Relational Algebra Jianlin Feng School of Software SUN YAT-SEN UNIVERSITY courtesy of Joe Hellerstein for some slides.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.

1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.

Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
Checking and Inferring Local Non-Aliasing Alex AikenJeffrey S. Foster UC BerkeleyUMD College Park John KodumalTachio Terauchi UC Berkeley.

Checking and Inferring Local Non-Aliasing Alex AikenJeffrey S. Foster UC BerkeleyUMD College Park John KodumalTachio Terauchi UC Berkeley.
Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.

Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.
Formalisms and Verification for Transactional Memories Vasu Singh EPFL Switzerland.

Formalisms and Verification for Transactional Memories Vasu Singh EPFL Switzerland.
By relieving the brain of all unnecessary work, a good notation sets it free to concentrate on more advanced problems, and, in effect, increases the mental.

By relieving the brain of all unnecessary work, a good notation sets it free to concentrate on more advanced problems, and, in effect, increases the mental.
Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.

Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.
Strict Bidirectional Type Checking Adam Chlipala, Leaf Petersen, and Robert Harper.

Strict Bidirectional Type Checking Adam Chlipala, Leaf Petersen, and Robert Harper.
A Type-Checked Restrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001.

A Type-Checked Restrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001.
1 New Architectures Need New Languages A triumph of optimism over experience! Ian Watson 3 rd July 2009.

1 New Architectures Need New Languages A triumph of optimism over experience! Ian Watson 3 rd July 2009.
Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C.

Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C.
Introduction to DFS. Distributed File Systems A file system whose clients, servers and storage devices are dispersed among the machines of a distributed.

Introduction to DFS. Distributed File Systems A file system whose clients, servers and storage devices are dispersed among the machines of a distributed.
Actions Planning and Defeasible Reasoning Guillermo R. Simari Alejandro J. García Marcela Capobianco Dept. of Computer Science and Engineering U NIVERSIDAD.

Actions Planning and Defeasible Reasoning Guillermo R. Simari Alejandro J. García Marcela Capobianco Dept. of Computer Science and Engineering U NIVERSIDAD.
A Universe-Type-Based Verification Technique for Mutable Static Fields and Methods Alexander J Summers Sophia Drossopoulou Imperial College London Peter.

A Universe-Type-Based Verification Technique for Mutable Static Fields and Methods Alexander J Summers Sophia Drossopoulou Imperial College London Peter.
Implementation and Evaluation of a Safe Runtime in Cyclone Matthew Fluet Cornell University Greg Morrisett Harvard University Daniel Wang Princeton University.

Implementation and Evaluation of a Safe Runtime in Cyclone Matthew Fluet Cornell University Greg Morrisett Harvard University Daniel Wang Princeton University.

Similar presentations

Ads by Google