i dris systems programming with dependent types
play

I DRIS : Systems Programming with Dependent Types Edwin Brady - PowerPoint PPT Presentation

Feb 14, 2023 •417 likes •932 views

I DRIS : Systems Programming with Dependent Types Edwin Brady eb@cs.st-andrews.ac.uk University of St Andrews DTP 2011, August 27th 2011 DTP 2011, August 27th 2011 p.1 Introduction A constant problem: Writing a correct computer

  1. I DRIS : Systems Programming with Dependent Types Edwin Brady eb@cs.st-andrews.ac.uk University of St Andrews DTP 2011, August 27th 2011 DTP 2011, August 27th 2011 – p.1

  2. Introduction A constant problem: • Writing a correct computer program is hard • Proving that a program is correct is even harder Dependent Types, we claim, allow us to write programs and know they are correct before running them. DTP 2011, August 27th 2011 – p.2

  3. Introduction This talk is about building correct systems software by implementing domain specific languages using I DRIS , a dependently typed functional programming language. • cabal install idris • http://www.idris-lang.org/ • http://www.idris-lang.org/tutorial DTP 2011, August 27th 2011 – p.3

  4. Part 1 Domain Specific Languages for Correctness DTP 2011, August 27th 2011 – p.4

  5. Resource Correctness — Preview Our goal is to set things up so that programs such as the following are guaranteed correct (w.r.t. resource usage) because type checking succeeds : dumpFile : String -> RES (); dumpFile filename = res do { let h = open filename Reading; Check h (rputStrLn "File open error") (do { rreadH h; rclose h; rputStrLn "DONE"; }); }; DTP 2011, August 27th 2011 – p.5

  6. What is correctness? • What does it mean to be “correct”? ◦ Depends on the application domain, but could mean one or more of: DTP 2011, August 27th 2011 – p.6

  7. What is correctness? • What does it mean to be “correct”? ◦ Depends on the application domain, but could mean one or more of: • Functionally correct (e.g. arithmetic operations on a CPU) DTP 2011, August 27th 2011 – p.6

  8. What is correctness? • What does it mean to be “correct”? ◦ Depends on the application domain, but could mean one or more of: • Functionally correct (e.g. arithmetic operations on a CPU) • Resource safe (e.g. runs within memory bounds, no memory leaks, no accessing unallocated memory, no deadlock. . . ) DTP 2011, August 27th 2011 – p.6

  9. What is correctness? • What does it mean to be “correct”? ◦ Depends on the application domain, but could mean one or more of: • Functionally correct (e.g. arithmetic operations on a CPU) • Resource safe (e.g. runs within memory bounds, no memory leaks, no accessing unallocated memory, no deadlock. . . ) • Secure (e.g. not allowing access to another user’s data) DTP 2011, August 27th 2011 – p.6

  10. Why do we care about correctness? • On the desktop, we can, and usually do, tolerate software failures: DTP 2011, August 27th 2011 – p.7

  11. Why do we care about correctness? • On the desktop, we can, and usually do, tolerate software failures: DTP 2011, August 27th 2011 – p.7

  12. Why do we care about correctness? • On the desktop, we can, and usually do, tolerate software failures: DTP 2011, August 27th 2011 – p.7

  13. Why do we care about correctness? • However, software is everywhere, not just the desktop. In other contexts incorrect programs can be: ◦ Dangerous • Control systems: aircraft, nuclear reactors, . . . ◦ Costly • Intel Pentium bug (estimated $475 million) • Ariane 5 failure (more than $370 million) ◦ Inconvenient on a large scale • February 2009 Gmail failure • Debian OpenSSL bug DTP 2011, August 27th 2011 – p.8

  14. Correctness, with dependent types We know that we can use dependent types to reason about correctness of functional programs. But. . . • Real world programs are rarely pure ◦ State, network communication, reading/writing files and other resources, spawn threads and processes. . . • Systems may fail, data may be corrupted or untrusted • Do systems programming experts need to be type theorists? Proposed solution: Embedding Domain Specific Languages in a dependently typed host language DTP 2011, August 27th 2011 – p.9

  15. Domain Specific Languages • A Domain Specific Language (DSL) is a language designed for a particular problem domain. ◦ User can focus on the high level of the domain, rather than the low level implementation details. • Many Unix examples: ◦ regular expressions, sed, awk, lex, yacc, sendmail.cf, procmail, bash, . . . • Databases, internet applications: ◦ SQL, PHP , XPath, XQuery, . . . DTP 2011, August 27th 2011 – p.10

  16. Domain Specific Languages • A Domain Specific Language (DSL) is a language designed for a particular problem domain. ◦ User can focus on the high level of the domain, rather than the low level implementation details. • Email filtering: DTP 2011, August 27th 2011 – p.10

  17. Domain Specific Languages • A Domain Specific Language (DSL) is a language designed for a particular problem domain. ◦ User can focus on the high level of the domain, rather than the low level implementation details. • Music playlists DTP 2011, August 27th 2011 – p.10

  18. Embedded Domain Specific Languages An Embedded Domain Specific Language (EDSL) is a DSL implemented by embedding in a host language. • Identify the general properties, requirements and operations in the domain • Using a dependently typed host, give precise constraints on valid programs DTP 2011, August 27th 2011 – p.11

  19. Embedded Domain Specific Languages An Embedded Domain Specific Language (EDSL) is a DSL implemented by embedding in a host language. • Identify the general properties, requirements and operations in the domain • Using a dependently typed host, give precise constraints on valid programs I DRIS aims to support hosting EDSLs for correct systems programming . Key features to support this are: • Compile-time evaluation • Overloadable syntax • Interfacing with C libraries, efficient code generation DTP 2011, August 27th 2011 – p.11

  20. Part 2 A Brief Introduction to I DRIS DTP 2011, August 27th 2011 – p.12

  21. Dependent Types in I DRIS I DRIS is loosely based on Haskell, and has similarities with Agda and Epigram. Some data types: data Nat = O | S Nat; infixr 5 :: ; -- Define an infix operator data Vect : Set -> Nat -> Set where -- List with size VNil : Vect a O | (::) : a -> Vect a k -> Vect a (S k); We say that Vect is parameterised by the element type and indexed by its length. DTP 2011, August 27th 2011 – p.13

  22. Functions The type of a function over vectors describes invariants of the input/output lengths. e.g. the type of vAdd expresses that the output length is the same as the input length: vAdd : Vect Int n -> Vect Int n -> Vect Int n; vAdd VNil VNil = VNil; vAdd (x :: xs) (y :: ys) = x + y :: vAdd xs ys; The type checker works out the type of n implicitly, from the type of Vect (by unification). DTP 2011, August 27th 2011 – p.14

  23. Syntax overloading: do -notation Like Haskell, I DRIS allows do -notation to be rebound, e.g.: data Maybe a = Nothing | Just a; maybeBind : Maybe a -> (a -> Maybe b) -> Maybe b; do using (maybeBind, Just) { m_add : Maybe Int -> Maybe Int -> Maybe Int; m_add x y = do { x’ <- x; y’ <- y; return (x’ + y’); }; } DTP 2011, August 27th 2011 – p.15

  24. Classic example: The well-typed interpreter data Ty = TyInt | TyFun Ty Ty; evalTy : Ty -> Set; using (G:Vect Ty n) { data Expr : Vect Ty n -> Ty -> Set where Var : (i:Fin n) -> Expr G (vlookup i G) | Val : (x:Int) -> Expr G TyInt | Lam : Expr (A :: G) T -> Expr G (TyFun A T) | App : Expr G (TyFun A T) -> Expr G A -> Expr G T | Op : (evalTy A -> evalTy B -> evalTy C) -> Expr G A -> Expr G B -> Expr G C; } DTP 2011, August 27th 2011 – p.16

  25. Classic example: The well-typed interpreter data Env : Vect Ty n -> Set where Empty : Env VNil | Extend : (res:evalTy T) -> Env G -> Env (T :: G); eval : Env G -> Expr G T -> evalTy T; eval env (Var i) = envLookup i env; eval env (Val x) = x; eval env (Lam sc) = \x => eval (Extend x env) sc; eval env (App f a) = eval env f (eval env a); eval env (Op op l r) = op (eval env l) (eval env r); DTP 2011, August 27th 2011 – p.17

  26. Classic example: The well-typed interpreter We use the I DRIS type checker to check Expr programs, e.g.: add : Expr G (TyFun TyInt (TyFun TyInt TyInt)); add = Lam (Lam (Op (+) (Var (fS fO)) (Var fO))); double : Expr G (TyFun TyInt TyInt); double = Lam (App (App add (Var fO)) (Var fO)); Unfortunately, this approach is not entirely suitable for an EDSL — we have to construct syntax trees explicitly! DTP 2011, August 27th 2011 – p.18

  27. Classic example: The well-typed interpreter We use the I DRIS type checker to check Expr programs, e.g.: add : Expr G (TyFun TyInt (TyFun TyInt TyInt)); add = Lam (Lam (Op (+) (Var (fS fO)) (Var fO))); double : Expr G (TyFun TyInt TyInt); double = Lam (App (App add (Var fO)) (Var fO)); Unfortunately, this approach is not entirely suitable for an EDSL — we have to construct syntax trees explicitly! (. . . no, I’m not a LISP programmer.) DTP 2011, August 27th 2011 – p.18

  28. Syntax overloading: dsl -notation We have seen overloadable do -notation, which is useful for EDSL construction. In I DRIS , we also provide a more general overloading construct: dsl expr { lambda = Lam variable = Var -- de Bruijn indexed variable index_first = fO -- most recently bound variable index_next = fS -- earlier bound variable apply = App pure = id } This allows I DRIS syntactic constructs to be used to build Expr programs. (Open question: is there a type class explanation?) DTP 2011, August 27th 2011 – p.19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Programming with dependent types: passing fad or useful tool? Xavier Leroy INRIA

Programming with dependent types: passing fad or useful tool? Xavier Leroy INRIA

Programming with dependent types: passing fad or useful tool? Xavier Leroy INRIA Paris-Rocquencourt IFIP WG 2.8, 2009-06 X. Leroy (INRIA) Dependently-typed programming 2009-06 1 / 22 Dependent types In a very general sense: all frameworks

585 views • 22 slides
Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi

Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi

Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi &amp; Nobuko Yoshida VeTSS PhD school / FMATS workshop Microsoft Research Cambridge, 25 September 2018 Problem Introduction Calculus Types

870 views • 57 slides
Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Stephanie Weirich University of Pennsylvania https://github.com/sweirich/dth @fancytypes Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs Originally, logical foundation for mathematics

840 views • 39 slides
Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea University, Swansea, UK 14 August 2012 1/ 50 A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory Weakly Final

621 views • 50 slides
Positively Dependent Types Dan Licata and Robert Harper Carnegie Mellon University 1 Dans

Positively Dependent Types Dan Licata and Robert Harper Carnegie Mellon University 1 Dans

Positively Dependent Types Dan Licata and Robert Harper Carnegie Mellon University 1 Dans thesis New dependently typed programming language for programming with binding and scope Applications: Domain-specific logics for reasoning about

809 views • 67 slides
A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software University of London Chinese Academy of Sciences Linear types and dependent types Linear types (Girard 1987): A - B Dependent types

518 views • 13 slides
Toward dependent choice: a classical sequent calculus with dependent types Hugo Herbelin 1 ,

Toward dependent choice: a classical sequent calculus with dependent types Hugo Herbelin 1 ,

Curry-Howard Axiom of Dependent Choice Sequent calculus State of the art Toward dependent choice: a classical sequent calculus with dependent types Hugo Herbelin 1 , Etienne Miquey 1,2 1 Team r 2 (INRIA), PPS, Universit e

404 views • 24 slides
CS 360 Programming Languages Day 6 Today Type systems Rules for how types are

CS 360 Programming Languages Day 6 Today Type systems Rules for how types are

CS 360 Programming Languages Day 6 Today Type systems Rules for how types are determined in a language. Side effects ...and why they are not used in functional programming. Tail recursion Special speed-up built

892 views • 40 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Memory Systems Design &amp; Programming CMPE 310 Memory Types Two basic types: ROM:

Memory Systems Design &amp; Programming CMPE 310 Memory Types Two basic types: ROM:

Memory Systems Design &amp; Programming CMPE 310 Memory Types Two basic types: ROM: Read-only memory RAM: Read-Write memory Four commonly used memories: ROM Flash, EEPROM Static RAM (SRAM) Dynamic RAM (DRAM), SDRAM,

687 views • 12 slides
Proving termination using dependent types: the case of xor-terms J.-F. Monin J. Courant VERIMAG

Proving termination using dependent types: the case of xor-terms J.-F. Monin J. Courant VERIMAG

Proving termination using dependent types: the case of xor-terms J.-F. Monin J. Courant VERIMAG Grenoble, France GDR LAC, Chambery, 2007 Outline Motivation The case of cryptographic systems State of the art Back to cryptographic systems

1.46k views • 117 slides
Towards Unification for Dependent Types Ningning Xie , Bruno C. d. S. Oliveira The University of

Towards Unification for Dependent Types Ningning Xie , Bruno C. d. S. Oliveira The University of

Towards Unification for Dependent Types Ningning Xie , Bruno C. d. S. Oliveira The University of Hong Kong June 2017 N. Xie, B.C.d.S. Oliveira Towards Unification for Dependent Types TFP 2017 1 / 26 Outline Motivation and Background 1

1k views • 78 slides
DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT:

DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT:

DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT: Dependent Object Types 1 / 21 Introduction What is DOT? DOT: Dependent Object Types type-theoretic foundation of Scala and languages like it

346 views • 21 slides
Depending on equations A proof-relevant framework for unification in dependent type theory

Depending on equations A proof-relevant framework for unification in dependent type theory

Depending on equations A proof-relevant framework for unification in dependent type theory Jesper Cockx DistriNet KU Leuven 3 September 2017 Unification for dependent types Unification is used for many purposes: logic programming, type

1.97k views • 151 slides
Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf,

Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf,

Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf, Adriaan Moors, Martin Odersky Microsoft Research July 2, 2013 1 DOT: Dependent Object Types The DOT calculus proposes a new type-theoretic foundation

275 views • 15 slides
MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk

MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk

MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk Verkleij 1 Untyped Termination Checking In dependent type theories underlying Coq and Agda, all programs need to be total: All functions defined by

357 views • 25 slides
FRP IoT Modules as a Scala DSL BenCalus, BobReynders , DominiqueDevriese, Job Noorman,

FRP IoT Modules as a Scala DSL BenCalus, BobReynders , DominiqueDevriese, Job Noorman,

FRP IoT Modules as a Scala DSL BenCalus, BobReynders , DominiqueDevriese, Job Noorman, FrankPiessens imec - DistriNet - KU Leuven FRP IoT Modules Maintainable sensor network applications High-level FRP-based API FRP-modules compile

865 views • 53 slides
Multi-Language Software Analysis with Rascal Tijs van der Storm storm@cwi.nl / @tvdstorm CWI

Multi-Language Software Analysis with Rascal Tijs van der Storm storm@cwi.nl / @tvdstorm CWI

Multi-Language Software Analysis with Rascal Tijs van der Storm storm@cwi.nl / @tvdstorm CWI SWAT Jurgen Vinju (group leader) reverse engineering, static analysis, renovation Me DSLs, language workbenches, language design Rascal

1.09k views • 24 slides
Does your Jenkins speak Gerrit? Functional testing for your pipelines, JobDSL and more Szymon

Does your Jenkins speak Gerrit? Functional testing for your pipelines, JobDSL and more Szymon

Does your Jenkins speak Gerrit? Functional testing for your pipelines, JobDSL and more Szymon Datko Roman Dobosz szymon.datko@corp.ovh.com rdobosz@redhat.com 5th November 2019 Sz. Datko, R. Dobosz Does your Jenkins speak Gerrit? - Functional

537 views • 27 slides
R: THE GOOD, THE BAD, AND THE UGLY John D. Cook M. D. Anderson Cancer Center Personal background

R: THE GOOD, THE BAD, AND THE UGLY John D. Cook M. D. Anderson Cancer Center Personal background

R: THE GOOD, THE BAD, AND THE UGLY John D. Cook M. D. Anderson Cancer Center Personal background What is R? Open source statistical language De facto standard for statistical research Grew out of Bell Labs S (1976, 1988)

631 views • 37 slides
Functional Programming WS 2019/20 Torsten Grust University of Tbingen 1 Domain-Specific

Functional Programming WS 2019/20 Torsten Grust University of Tbingen 1 Domain-Specific

Functional Programming WS 2019/20 Torsten Grust University of Tbingen 1 Domain-Specific Languages (DSLs) DSLs are small languages designed to easily and directly express the concepts/idioms of a specific domain. Not Turing complete in

616 views • 23 slides
Towards xMOF: Executable DSMLs based on fUML www.modelexecution.org Tanja Mayerhofer, Philip

Towards xMOF: Executable DSMLs based on fUML www.modelexecution.org Tanja Mayerhofer, Philip

Towards xMOF: Executable DSMLs based on fUML www.modelexecution.org Tanja Mayerhofer, Philip Langer, Manuel Wimmer Business Informatics Group Institute of Software Technology and Interactive Systems Vienna University of Technology y gy

556 views • 18 slides
Autonomic Management Policy Specification from UML to DSML Beno t Combemale Laurent Broto

Autonomic Management Policy Specification from UML to DSML Beno t Combemale Laurent Broto

Autonomic Management Policy Specification from UML to DSML Beno t Combemale Laurent Broto Xavier Cr egut Michel Dayd e Daniel Hagimont Institut de Recherche en Informatique de Toulouse (UMR CNRS 5505) 2, rue Charles Camichel - BP

235 views • 22 slides
- SPaCIFY project - Synoptic : Spacecraft Synchronous DSML Alexandre Cortier Post-doc at

- SPaCIFY project - Synoptic : Spacecraft Synchronous DSML Alexandre Cortier Post-doc at

Introduction Synoptic language Middleware/Synoptic Interaction Current works - SPaCIFY project - Synoptic : Spacecraft Synchronous DSML Alexandre Cortier Post-doc at IRIT/ACADIE rtrrtr IRIT - SPaCIFY project - ,

626 views • 28 slides

More recommend