Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.
-
date post
21-Dec-2015 -
Category
Documents
-
view
218 -
download
2
Transcript of Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.
![Page 1: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/1.jpg)
Facilitating Programming Verification withDependent Types
Hongwei XiUniversity of Cincinnati
![Page 2: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/2.jpg)
A Wish List
We would like to have a programming language that should be simple and general support extensive error checking facilitate proofs of program properties possess correct and efficient
implementation ... ...
![Page 3: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/3.jpg)
Reality
Invariably, there are many conflicts among this wish list
These conflicts must be resolved with careful attention to the needs of the user
![Page 4: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/4.jpg)
Advantages of Types
Capturing errors at compile-time Enabling compiler optimizations Facilitating program verification Serving as program documentation
![Page 5: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/5.jpg)
Limitations of Types
Not general enough Many correct programs cannot be
typed Not specific enough
Many interesting properties cannot be captured
![Page 6: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/6.jpg)
Dependent Types
Dependent types are types that are more refined dependent on the values of expressions
Examples int(i): singleton type containing only
integer i <int> array(n): type for integer arrays
of size n
![Page 7: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/7.jpg)
Type System Design
A practically useful type system should be Scalable Applicable Comprehensible Unobtrusive Flexible
![Page 8: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/8.jpg)
Xanadu
Xanadu is a dependently typed imperative programming language with C-like syntax
The type of a variable in Xanadu can change during execution
The programmer may need to provide dependent type annotations for type-checking purpose
![Page 9: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/9.jpg)
Early Design Decisions
Practical type-checking Realistic programming features Conservative extension Pay-only-if-you-use policy
![Page 10: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/10.jpg)
Examples of Dependent Types in Xanadu int(a): singleton types containing
the only integer equal to a, where a ranges over all integers
<‘a> array(a): types for arrays of size a in which all elements are of type ‘a, where a ranges over all natural numbers
![Page 11: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/11.jpg)
Examples of Dependent Types in Xanadu int(i,j) is defined as
[a:int | i < a < j] int(a) int[i,j) is defined as
[a:int | i <= a < j] int(a) int(i,j] is defined as
[a:int | i < a <= j] int(a) int[i,j] is defined as
[a:int | i <= a <= j] int(a)
![Page 12: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/12.jpg)
A Xanadu Program
{n:nat}unit init (int vec[n]) { var int ind, size;; size = arraysize(vec); invariant: [i:nat] (ind: int(i)) for (ind=0; ind<size; ind=ind+1){ vec[ind] = ind; }}
![Page 13: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/13.jpg)
Binary Search in Xanadu{n:nat}int bs(int key, int vec[n]) { var: int l, m, h; float x;; l = 0; h = arraysize(vec) - 1; invariant: [i:nat, j:nat | 0 <= i <= n, 0 <= j+1 <= n]
(l:int(i), h:int(j)) while (l <= h) { m = (l + h) / 2; x = vec[m]; if (x < key) { l = m - 1; } else if (x > key) { h = m + 1; } else { return m; } } return –1;}
![Page 14: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/14.jpg)
Dependent Record Types A polymorphic type for arrays
{n:nat} <‘a> array(n) { size: int(n); data[n]: ‘a}
![Page 15: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/15.jpg)
Dependent Record Types A polymorphic type for 2-
dimensional arrays:
{n:nat} <‘a> array2(m,n) { row: int(m); col: int(n); data[m][n]: ‘a}
![Page 16: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/16.jpg)
Dependent Record Types A polymorphic type for heaps:
{m:nat} <‘a> heap(m) { max: int(m); size: int[0, m]; data[m]: ‘a }
![Page 17: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/17.jpg)
Dependent Record Types A polymorphic type for sparse
arrays:
<‘a>sparseArray(m,n) { row: int(m); col: int(n); data[m]: <int[0,n) * ‘a> list}
![Page 18: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/18.jpg)
Dependent Union Types
A polymorphic type for lists:
union <‘a> list with nat = { Nil(0); {n:nat} Cons(n+1) of ‘a * <‘a> list(n) }
Nil: <‘a> list(0) Cons: {n:nat} ‘a * <‘a> list(n) -> ‘a
list(n+1)
![Page 19: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/19.jpg)
Dependent Union Types
A polymorphic type for binary trees:
union <‘a> tree with (nat,nat) = { E(0,0); {n:nat} B(sl+sr+1,1+max(hl,hr)) of <‘a> tree(sl,hl) * ‘a * <‘a> tree(sr,hr) }
![Page 20: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/20.jpg)
Reverse Append in Xanadu (‘a) {m:nat,n:nat}
<‘a> list(m+n) revApp (xs:<‘a> list(m),ys:<‘a> list(n)) { var: ‘a x;; invariant: [m1:nat,n1:nat | m1+n1=m+n] (xs: <‘a> list(m1), ys:<‘a> list(n1)) while (true) { switch (xs) { case Nil: return ys; case Cons (x, xs): ys = Cons(x, ys); } } exit; /* can never be reached */ }
![Page 21: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/21.jpg)
Constraint Generation in Type-checking The following integer constraint is
generated when the revApp example is type-checked:
m:nat,n:nat, m1:nat,n1:nat, m1+n1=m+n, a:nat, m1=a+1
|- a+(n1+1)=m+n
![Page 22: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/22.jpg)
Conclusion
It is still largely an elusive goal in practice to verify the correctness of a program
It is therefore important to identify those program properties that can be effectively verified for realistic programs
![Page 23: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/23.jpg)
Conclusion
We have designed a type-theoretic approach to capturing simple arithmetic reasoning
The preliminary studies indicate that this approach allows the programmer to capture many more properties in realistic programs
![Page 24: Facilitating Programming Verification with Dependent Types Hongwei Xi University of Cincinnati.](https://reader030.fdocuments.in/reader030/viewer/2022032522/56649d635503460f94a46428/html5/thumbnails/24.jpg)
Future Work
Adding more program features into Xanadu
Constructing a compiler for Xanadu that can compile dependent types from source level into bytecode level
Incorporating dependent types into Java and …