existential types for imperative languages
play

Existential Types for Imperative Languages Dan Grossman Cornell - PowerPoint PPT Presentation

Dec 14, 2022 •107 likes •410 views

Existential Types for Imperative Languages Dan Grossman Cornell University Eleventh European Symposium on Programming April 2002 Designing safe languages To design a strong-typed language: 1. Draw on acquired knowledge of well- behaved

  1. Existential Types for Imperative Languages Dan Grossman Cornell University Eleventh European Symposium on Programming April 2002

  2. Designing safe languages To design a strong-typed language: 1. Draw on acquired knowledge of well- behaved features 2. Model the parts you’re uncomfortable with (in practice, a simplification) 3. Hope/argue that the model captured everything interesting, so the language is type-safe 8 April 2002 Existential Types for Imperative Languages 2

  3. But… • Sometimes you are wrong due to a new combination of features • You fix it • You worry enough to model the fix • You add to acquired knowledge • Today’s combination: existential types, aliasing, and mutation 8 April 2002 Existential Types for Imperative Languages 3

  4. How the story goes… • Existential types in a safe low-level language – why – features (mutation, aliasing) • The problem • The solutions • Some non-problems • Related work 8 April 2002 Existential Types for Imperative Languages 4

  5. Existential types • Existential types ( ∃ α . τ ) hide types’ identities while establishing equalities, e.g., ∃ α . { zero: α succ: α → α cmp: α → α → bool } • That is, they describe abstract data types • The standard tool for modeling data-hiding constructs (closures, objects) 8 April 2002 Existential Types for Imperative Languages 5

  6. Low-level languages want ∃ • Cyclone (this work’s context) is a safe language at the C level of abstraction • Major goal: expose data representation (no hidden fields, tags, environments, ...) • Don’t provide closures/objects; give programmers a powerful type system struct IntIntFn { ∃ α . int (*f)(int, α ); α env; }; C “call-backs” use void* ; we use ∃ 8 April 2002 Existential Types for Imperative Languages 6

  7. Normal ∃ feature: Construction struct IntIntFn { ∃ α . int (*f)(int, α ); α env; }; int add (int a, int b) {return a+b; } int addp(int a, char* b) {return a+*b;} struct IntIntFn x1 = IntIntFn(add, 37); struct IntIntFn x2 = IntIntFn(addp,"a"); • Compile-time: check for appropriate witness type • Type is just struct IntIntFn • Run-time: create / initialize (no witness type) 8 April 2002 Existential Types for Imperative Languages 7

  8. Normal ∃ feature: Destruction struct IntIntFn { ∃ α . int (*f)(int, α ); α env; }; Destruction via pattern matching : void apply(struct IntIntFn x) { let IntIntFn{< β > .f=fn, .env=ev} = x; // ev : β , fn : int(*f)(int, β ) fn(42,ev); } Clients use the data without knowing the type 8 April 2002 Existential Types for Imperative Languages 8

  9. Low-level feature: Mutation • Mutation, changing witness type struct IntIntFn fn1 = f(); struct IntIntFn fn2 = g(); fn1 = fn2; // record-copy • Orthogonality encourages this feature • Useful for registering new call-backs without allocating new memory • Now memory is not type-invariant! 8 April 2002 Existential Types for Imperative Languages 9

  10. Low-level feature: Address-of field • Let client update fields of an existential package – access only through pattern-matching – variable pattern copies fields • A reference pattern binds to the field’s address: void apply2(struct IntIntFn x) { let IntIntFn{< β > .f=fn, .env=*ev} = x; // ev : β *, fn : int(*f)(int, β ) fn(42,*ev); } C uses &x.env ; we use a reference pattern 8 April 2002 Existential Types for Imperative Languages 10

  11. More on reference patterns • Orthogonality: already allowed in Cyclone’s other patterns (e.g., tagged-union fields) • Can be useful for existential types: struct Pr { ∃ α . α fst; α snd; }; ∀ α . void swap( α * x, α * y); void swapPr(struct Pr pr) { let Pr{< β > .fst=*a, .env=*b} = pr; swap(a,b); } 8 April 2002 Existential Types for Imperative Languages 11

  12. Summary of features • struct definition can bind existential type variables • construction, destruction traditional • mutation via struct assignment • reference patterns for aliasing A nice adaptation of advanced type-systems to a “safe C” setting? 8 April 2002 Existential Types for Imperative Languages 12

  13. Explaining the problem • Violation of type safety • Two solutions (restrictions) • Some non-problems 8 April 2002 Existential Types for Imperative Languages 13

  14. Oops! struct T { ∃ α . void (*f)(int, α ); α env;}; void ignore(int x, int y) {} void assign(int x, int* p) { *p = x; } void f(int* ptr) { struct T pkg1 = T(ignore, 0xABCD);// α =int struct T pkg2 = T(assign, ptr); // α =int* let T{< β > .f=fn, .env=*ev} = pkg2; // alias pkg2 = pkg1; // mutation fn(37, *ev); // write 37 to 0xABCD } 8 April 2002 Existential Types for Imperative Languages 14

  15. With pictures… pkg1 ignore 0xABCD pkg2 assign let T{< β > .f=fn, .env=*ev} = pkg2; // alias pkg1 ignore 0xABCD pkg2 assign fn assign ev 8 April 2002 Existential Types for Imperative Languages 15

  16. With pictures… pkg1 ignore 0xABCD pkg2 assign fn assign ev pkg2 = pkg1; // mutation pkg1 ignore 0xABCD pkg2 ignore 0xABCD fn assign ev 8 April 2002 Existential Types for Imperative Languages 16

  17. With pictures… pkg1 ignore 0xABCD pkg2 ignore 0xABCD fn assign ev fn(37, *ev); // write 37 to 0xABCD call assign with 0xABCD for p , the pointer: void assign(int x, int* p) {*p = x;} 8 April 2002 Existential Types for Imperative Languages 17

  18. What happened? let T{< β > .f=fn, .env=*ev} = pkg2; // alias pkg2 = pkg1; // mutation fn(37, *ev); // write 37 to 0xABCD 1. β establishes a compile-time equality relating types of fn ( void(*f)(int, β ) ) and ev ( β * ) 2. mutation makes this equality false 3. safety of call needs the equality we must rule out this program… 8 April 2002 Existential Types for Imperative Languages 18

  19. Two solutions • Solution #1: Reference patterns do not match against fields of existential packages Note: Other reference patterns still allowed ⇒ cannot create the type equality • Solution #2: Type of assignment cannot be an existential type (or have a field of existential type) Note: pointers to existentials are no problem ⇒ restores memory type-invariance 8 April 2002 Existential Types for Imperative Languages 19

  20. Independent and easy • Either solution is easy to implement • They are independent : A language can have two styles of existential types, one for each restriction • Cyclone takes solution #1 (no reference patterns for existential fields), making it a safe language without type-invariance of memory! 8 April 2002 Existential Types for Imperative Languages 20

  21. Are the solutions sufficient (correct)? • The paper develops a small formal language and proves type safety • Highlights: – Both solutions – C-style memory (flattened record values) – C-style lvalue/rvalue distinction – Memory invariant includes novel “if a reference pattern is for a field, then that field never changes type” 8 April 2002 Existential Types for Imperative Languages 21

  22. Non-problem: Pointers to witnesses struct T2 { ∃ α . void (*f)(int, α ); α * env; }; … let T2{< β > .f=fn, .env=ev} = pkg2; pkg2 = pkg1; … pkg2 assign fn assign ev 8 April 2002 Existential Types for Imperative Languages 22

  23. Non-problem: Pointers to packages struct T * p = &pkg1; p = &pkg2; pkg1 ignore 0xABCD pkg2 assign p Aliases are fine. Aliases at the “unpacked type” are not. 8 April 2002 Existential Types for Imperative Languages 23

  24. Related work • Existential types: – seminal use [Mitchell/Plotkin 1988] – closure/object encodings [Bruce et al, Minimade et al, …] – first-class types in Haskell [Läufer] None incorporate mutation • Safe low-level languages with ∃ – Typed Assembly Language [Morrisett et al] – Xanadu [Xi] , uses ∃ over ints (so does Cyclone) None have reference patterns or similar • Linear types, e.g. Vault [DeLine, Fähndrich] No aliases, destruction destroys the package 8 April 2002 Existential Types for Imperative Languages 24

  25. Polymorphic references — related? • Well-known in ML that you must not give ref [] the type ∀ α . α list ref • Unsoundness involves mutation and aliasing • Suggests the problem is dual , and there are similarities, but it’s unclear • ML has memory type-invariance, unlike Cyclone 8 April 2002 Existential Types for Imperative Languages 25

  26. Summary • Existential types are the way to have data- hiding in a safe low-level language • But type variables, mutation, and aliasing signal danger • Developed two independent, simple restrictions that suffice for type safety • Rigorous proof to help us think we’ve really fixed the problem New acquired knowledge to avoid future mistakes 8 April 2002 Existential Types for Imperative Languages 26

  27. [End of Presentation -- Some “backup slides” follow] 8 April 2002 Existential Types for Imperative Languages 27

  28. Future work — Threads • For very similar reasons, threads require: – atomic assignment (witness-change) of existential packages – atomic pattern-matching (destruction) of existential packages • Else pattern-match could get fields with different witness types, violating type equality • Future: Type system will enforce a programmer-controlled locking system 8 April 2002 Existential Types for Imperative Languages 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS4450: Principles of Programming Languages Imperative features; reference types Dr William

CS4450: Principles of Programming Languages Imperative features; reference types Dr William

CS4450: Principles of Programming Languages Imperative features; reference types Dr William Harrison Today: Imperative programming Imperative programming l i.e., programming with ; := l Case Study: imperative programming in ML

441 views • 29 slides
Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Abstract Data Types Existential Types Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Abstract Data Types Existential Types Motivation Throughout your studies, lecturers have (hopefully) expounded on

291 views • 14 slides
Motivation The operations and control structures of imperative languages are strongly influenced

Motivation The operations and control structures of imperative languages are strongly influenced

Motivation The operations and control structures of imperative languages are strongly influenced by the way most real computer hardware works. This makes imperative languages relatively easy to compile, but (arguably) less expressive; many

829 views • 44 slides
Variables in Imperative Languages A variable in an imperative programming language can be

Variables in Imperative Languages A variable in an imperative programming language can be

Variables in Imperative Languages A variable in an imperative programming language can be Functional Programming regarded as an abstraction of what? Another representative from the Declarative paradigm Assignment is ? 1 2 Variables in

1.38k views • 9 slides
CSC 1800 Organization of Programming Languages Data Types 1 Inspiration for Language Elements

CSC 1800 Organization of Programming Languages Data Types 1 Inspiration for Language Elements

CSC 1800 Organization of Programming Languages Data Types 1 Inspiration for Language Elements Imperative languages are abstractions of von Neumann architecture Memory Processor Variables characterized by attributes To

670 views • 32 slides
CSE 3341: Principles of Programming Languages Core Concepts I Jeremy Morris 1 Imperative

CSE 3341: Principles of Programming Languages Core Concepts I Jeremy Morris 1 Imperative

CSE 3341: Principles of Programming Languages Core Concepts I Jeremy Morris 1 Imperative Language Basics The model of most imperative languages is straightforward: Programs are a sequence of expressions or statements Expressions

1.33k views • 45 slides
Monadic Imperative languages C# Java C / C++ Fortran Scala Subtract abstractions Add

Monadic Imperative languages C# Java C / C++ Fortran Scala Subtract abstractions Add

by Mario Fusco mario.fusco@gmail.com twitter: @mariofusco Monadic Imperative languages C# Java C / C++ Fortran Scala Subtract abstractions Add abstractions F# Hybrid languages Algol Lisp ML Haskell Functional languages new

865 views • 52 slides
Lecture 04.2: Polymorphic and existential types So far, we have discussed extensions to the lambda

Lecture 04.2: Polymorphic and existential types So far, we have discussed extensions to the lambda

type 'a tree = Node of 'a tree * 'a * 'a tree | Leaf let id = fun x -&gt; x let x : int list = [1; 2] in Lecture 04.2: Polymorphic and existential types So far, we have discussed extensions to the lambda calculus that enable us to describe

293 views • 7 slides
Is ACT an existential therapy? ACT AND EXISTENTIAL THERAPY RFT EXISTENTIAL- PHENOMENOLOGICAL

Is ACT an existential therapy? ACT AND EXISTENTIAL THERAPY RFT EXISTENTIAL- PHENOMENOLOGICAL

Is ACT an existential therapy? ACT AND EXISTENTIAL THERAPY RFT EXISTENTIAL- PHENOMENOLOGICAL RADICAL BEHAVIOURISM PHILOSOPHY Is ACT an existential therapy? ACT AND EXISTENTIAL THERAPY RFT EXISTENTIAL- PHENOMENOLOGICAL RADICAL

329 views • 20 slides
B A C D B A The existential question Why OSGi? Hello World is not a

B A C D B A The existential question Why OSGi? Hello World is not a

OSGi enRoute An Development Chain for OSGi B A C D B A The existential question Why OSGi? Hello World is not a benchmark Dev Chain Language Small versus Large dynamic Java &amp; languages OSGi cost of change

878 views • 71 slides
Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1

Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1

History TinyImp Hoare Logic Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1 History TinyImp Hoare Logic Imperative Programming imper o Definition Imperative programming is where programs are

526 views • 17 slides
Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1

Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1

History TinyImp Hoare Logic Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1 History TinyImp Hoare Logic Imperative Programming imper o Definition Imperative programming is where programs are

1.25k views • 92 slides
CSC 1800 Organization of Programming Languages Functional Languages 1 Introduction The

CSC 1800 Organization of Programming Languages Functional Languages 1 Introduction The

CSC 1800 Organization of Programming Languages Functional Languages 1 Introduction The design of the imperative languages is based directly on the von Neumann architecture Efficiency is the primary concern, rather than the suitability of

417 views • 24 slides
Imperative Languages Chapters 6 and 8 Key Concepts Values are read from memory, and used to

Imperative Languages Chapters 6 and 8 Key Concepts Values are read from memory, and used to

Imperative Languages Chapters 6 and 8 Key Concepts Values are read from memory, and used to compute new values that are when written back to memory (e.g., x = y+z+w*v ) Expressions are used to produce values Constants, variables,

841 views • 36 slides
Tools for GUI Programming Toolkits Imperative, declarative models Programming languages &amp;

Tools for GUI Programming Toolkits Imperative, declarative models Programming languages &amp;

Tools for GUI Programming Toolkits Imperative, declarative models Programming languages &amp; toolkits 1 GUI Toolkits Operating systems (and windowing systems) include basic capabilities for input , output , and window management ( see

1.13k views • 12 slides
Advanced #1: Programming Languages SAMS SENIOR CS TRACK Learning Goals Understand the different

Advanced #1: Programming Languages SAMS SENIOR CS TRACK Learning Goals Understand the different

Advanced #1: Programming Languages SAMS SENIOR CS TRACK Learning Goals Understand the different types of imperative and declarative programming paradigms Recognize other variations in programming language design have strengths and weaknesses

412 views • 17 slides
Utility of electronic health records in improving diagnosis Bianca Duah 1 Kerri Sheahan 1 and

Utility of electronic health records in improving diagnosis Bianca Duah 1 Kerri Sheahan 1 and

Co-Authors Utility of electronic health records in improving diagnosis Bianca Duah 1 Kerri Sheahan 1 and treatment of opioid use Shafaq Tarar 1 Blanche Langenbach 1 Emily Forcht 1 Wyley Gates 1 disorders in HIV clinic settings David Perlman 1

176 views • 6 slides
Metrics, Economics, and Shared Risk at the National Scale Dan Geer dan@geer.org / 617.492.6814

Metrics, Economics, and Shared Risk at the National Scale Dan Geer dan@geer.org / 617.492.6814

Metrics, Economics, and Shared Risk at the National Scale Dan Geer dan@geer.org / 617.492.6814 formalities: Daniel E. Geer, Jr., Sc.D. Principal, Geer Risk Services, LLC P.O. Box 390244 Cambridge, Mass. 02139 Telephone: +1 617 492 6814

770 views • 62 slides
The Impact of COVID-19 on Immunization Services: Experts in Public Health and Primary Care Respond

The Impact of COVID-19 on Immunization Services: Experts in Public Health and Primary Care Respond

Welcome to the Webinar! Attendees are in listen only mode; Please use the chat box for technical difficulties and questions for the presenters. The Impact of COVID-19 on Immunization Services: Experts in Public Health and Primary Care Respond

534 views • 32 slides
Modelling Heterogeneity Nakul Chitnis Workshop on Mathematical Models of Climate Variability,

Modelling Heterogeneity Nakul Chitnis Workshop on Mathematical Models of Climate Variability,

Department of Epidemiology and Public Health Health Systems Research and Dynamical Modelling Unit Modelling Heterogeneity Nakul Chitnis Workshop on Mathematical Models of Climate Variability, Environmental Change and Infectious Diseases

838 views • 64 slides
New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head and Neck Area Coordinator Department of Oncology, Division of Experimental Medicine, San Raffaele Scientific Institute Heterogeneous acquired

288 views • 26 slides
Thrombophilia and VTE: Do We Know What To Do? Robert J. Sommer, MD Columbia University Medical

Thrombophilia and VTE: Do We Know What To Do? Robert J. Sommer, MD Columbia University Medical

Cryptogenic Stroke/PFO with Thrombophilia and VTE: Do We Know What To Do? Robert J. Sommer, MD Columbia University Medical Center New York, NY Disclosure Statement of Financial Interest Within the past 12 months, I, Robert Sommer, have had a

972 views • 22 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
RARE MISSPELLINGS OF THE GENOME, DOPAMINE MISHANDLING, AND ADHD RANDY D. BLAKELY, PH.D. FLORIDA

RARE MISSPELLINGS OF THE GENOME, DOPAMINE MISHANDLING, AND ADHD RANDY D. BLAKELY, PH.D. FLORIDA

RARE MISSPELLINGS OF THE GENOME, DOPAMINE MISHANDLING, AND ADHD RANDY D. BLAKELY, PH.D. FLORIDA ATLANTIC UNIVERSITY BRAIN INSTITUTE 1 Dr. Blakely declares no conflicts of interest derived from financial support of the research to be discussed

1.05k views • 45 slides

More recommend