. are at odds with linear types. More generally, control effects - - PowerPoint PPT Presentation

.

.

.

Exceptions are invaluable for structured error handling in high-level languages, but they are at odds with linear types. More generally, control effects may delete or duplicate por- tions of the stack, which, if we are not careful, can invalidate all substructural usage guaran- tees for values on the stack.

A Theory of

Substructural Types & Control

Jesse A. Tov Riccardo Pucella OOPSLA October 26, 2011 .

Control Operators exceptions, call/cc, shift and reset, coroutines, …

3

Substructural Types linear types, affine types, typestate, session types, …

4

Substructural Types . L . R . A . U . inear . elevant . ffine . nlimited .

5

Substructural Types . L . R . A . U . elevant . ffine . nlimited .

= 1

.

5

Substructural Types . L . R . A . U . ffine . nlimited .

= 1

.

≥ 1

.

5

Substructural Types . L . R . A . U . nlimited .

= 1

.

≥ 1

.

≤ 1

.

5

Substructural Types . L . R . A . U .

= 1

.

≥ 1

.

≤ 1

.

5

Substructural Types type file : A val open : string . . file val read : file . . file . char val write : file . char . file val close : file . . unit

6

Substructural Types type file : L val open : string . . file val read : file . . file . char val write : file . char . file val close : file . . unit

6

7

let confFile = open confFileName in let (conf, confFile) = parseConfFile confFile in let logFile = open conf.logFileName in close confFile; logFile

8

let confFile = #⟨file:. . conf⟩ in let (conf, confFile) = parseConfFile confFile in let logFile = open conf.logFileName in close confFile; logFile

8

let confFile = # file:. conf in let (conf, confFile) = parseConfFile #⟨file:. . conf⟩ in let logFile = open conf.logFileName in close confFile; logFile

8

let confFile = # file:. conf in let (conf, confFile) = ({ . . . }, #⟨file:. . conf⟩) in let logFile = open conf.logFileName in close confFile; logFile

8

let confFile = # file:. conf in let (conf, confFile) = ({ }, # file:. . conf ) in let logFile = open { . . . }.logFileName in close #⟨file:. . conf⟩; logFile

8

let confFile = # file:. conf in let (conf, confFile) = ({ }, # file:. . conf ) in let logFile = open “/var/log/. . .” in close #⟨file:. . conf⟩; logFile

8

let confFile = # file:. conf in let (conf, confFile) = ({ }, # file:. . conf ) in let logFile = raise IOError . .

8

exceptions shift/reset affine types . .

·

.

·

. . . . linear types . .

·

.

·

. . . . . . . .

(Danvy & Filinski 1989)

9

exceptions shift/reset affine types . .

·

.

·

. .

·

.

·

. . . linear types . .

·

.

·

. . . . .

·

.

·

. . . .

(Danvy & Filinski 1989)

9

exceptions shift/reset affine types . .

·

.

·

. .

·

.

· .

. . .

·

.

·

linear types . .

·

.

· .

. . .

·

.

·

. .

·

.

· .

. . .

·

.

·

.

(Danvy & Filinski 1989)

9

.

10

.

10

.

10

.

. . e : . ; c

10

.

. . e : . ; c

10

. URAL.

(Ahmed et al. 2005)

. Qualifiers . L . R . A . U

. .

Q

. .

Q

.

11

. URAL.

(Ahmed et al. 2005)

. Qualifiers . L . R . A . U

. . ⪯ Q . .

Q

.

11

. URAL.

(Ahmed et al. 2005)

. Qualifiers . L . R . A . U

. . ⪯ Q . . ⪯ Q

.

11

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

c { U, R, A, L }

pure effect: .

C L

sequencing: .

: C . C . . C .

qualifier bound:

C . Q . Q Q

.

12

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

∋ c

{ U, R, A, L }

pure effect: .

C L

sequencing: .

: C . C . . C .

qualifier bound:

C . Q . Q Q

.

12

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

∋ c

{ U, R, A, L }

pure effect: .

∈ C

L

sequencing: .

: C . C . . C .

qualifier bound:

C . Q . Q Q

.

12

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

∋ c

{ U, R, A, L }

pure effect: .

∈ C

L

sequencing: .

: C . C . . C .

qualifier bound:

C . Q . Q Q

.

12

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

∋ c

{ U, R, A, L }

pure effect: .

∈ C

L

sequencing: .

: C . C . . C .

qualifier bound: ⪰

⊆ C . Q

. Q Q

.

12

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

P(Exn)

{ U, R, A, L }

pure effect: .

. L

sequencing: .

. .

qualifier bound: ⪰

. {φ} ⪰ A . Q Q

.

12

. URAL(C)

C = (C, ., ., ⪰)

exceptions shift/reset

effect names: C

P(Exn)

{ U, R, A, L }

pure effect: .

. L

sequencing: .

. .

qualifier bound: ⪰

. {φ} ⪰ A . Q ⪰ Q

.

12

Application

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Application

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Context Splitting

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Qualifier

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Control Effects

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Control Effects

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Control Effects

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Effect of e2

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Effect of e2

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Effect of e1

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Effect of e1

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Application

(check e1)

. 1 . e1 : Q1(. ʼ . . c . ) ; c1

(check e2)

. 2 . e2 : . ʼ ; c2

(e2 effect ok)

. c2 ⪰ Q1

(e2 resources)

. . 2 ⪯ Q2

(e1 effect ok)

. c1 ⪰ Q2

(net effect)

. c1 . c2 . c : CTL . . 1 ⊞ . 2 . e1 e2 : . ; c1 . c2 . c .

13

Does It Work? let confFile = open confFileName in let (conf, confFile) = parseConfFile confFile in let logFile = open conf.logFileName in close confFile; logFile

14

Does It Work? let confFile = open confFileName in let (conf, confFile) = parseConfFile confFile in close confFile; let logFile = open conf.logFileName in logFile

14

Does It Work? Theorem (Type safety). If • . e : . ; . then eval(e) ̸= Wrong. Proof (Parametrized by C). Transform e to continuation-passing style . . . Three instances for : exceptions, shift/reset, and shift/reset with answer-type modification

15

Does It Work? Theorem (Type safety). If • . e : . ; . then eval(e) ̸= Wrong. Proof (Parametrized by C). Transform e to continuation-passing style . . . Three instances for C: exceptions, shift/reset, and shift/reset with answer-type modification

15

. Choose Two . no effect system . linear types . exceptions .

Vault

.

this work

.

Alms

.

16

The Take-Away Designing a substructural type system? Considering adding control effects? . Read our paper http://www.ccs.neu.edu/∼tov/pubs/

17