programming with dependent types passing fad or useful
play

Programming with dependent types: passing fad or useful tool? - PowerPoint PPT Presentation

Dec 04, 2023 •362 likes •585 views

Programming with dependent types: passing fad or useful tool? Xavier Leroy INRIA Paris-Rocquencourt IFIP WG 2.8, 2009-06 X. Leroy (INRIA) Dependently-typed programming 2009-06 1 / 22 Dependent types In a very general sense: all frameworks

  1. Programming with dependent types: passing fad or useful tool? Xavier Leroy INRIA Paris-Rocquencourt IFIP WG 2.8, 2009-06 X. Leroy (INRIA) Dependently-typed programming 2009-06 1 / 22

  2. Dependent types In a very general sense: all frameworks enabling programmers to Write functional programs; State logical properties about them; Prove these properties with machine assistance. Examples: most proof assistants (HOL, Isabelle/HOL, Coq, Agda, . . . ) Unquestionably a Very Very Good Thing. X. Leroy (INRIA) Dependently-typed programming 2009-06 2 / 22

  3. Dependent types In a narrower sense: all frameworks enabling programmers to Include logical propositions within data and function types; Include proof terms within data and functions. Foundations: Martin-L¨ of’s type theory. Examples: Coq, Agda, Epigram (general); Dependent ML (restricted). This talk: an experience report on using / not using dependent types when programming and verifying functional programs in Coq. X. Leroy (INRIA) Dependently-typed programming 2009-06 3 / 22

  4. Dependent function types in Coq Functions can take proof terms as arguments. . . div: forall (a: Z) (b: Z), b <> 0 -> Z. This function must be called with 3 arguments: 2 integers a , b and a proof that b <> 0 . X. Leroy (INRIA) Dependently-typed programming 2009-06 4 / 22

  5. Dependent data types in Coq The “subset” type: { x : T | P x } Data of this type are pairs of an x of type T and a proof that the proposition P x holds. (With P : T -> Prop .) proj1_sig: {x: T | P x} -> T proj2_sig: forall (p: {x: T | P x}), P (proj1_sig x) Examples: Definition Zstar : Type := { x : Z | x <> 0 }. Definition Zplus : Type := { x : Z | x >= 0 }. X. Leroy (INRIA) Dependently-typed programming 2009-06 5 / 22

  6. Dependent data types in Coq More generally: dependent record types. Record cfg: Type := mk_cfg { graph: nat -> option instruction; entrypoint: nat; lastnode: nat; entrypoint_exists: graph entrypoint <> None; graph_finite: forall n, n > lastnode -> graph n = None } X. Leroy (INRIA) Dependently-typed programming 2009-06 6 / 22

  7. Dependent data types in Coq The primitive notion: inductive definitions where constructors receive dependent function types. Inductive sig (A: Type) (P: A -> Prop) : Type := | exist: forall (x: A), P x -> sig A P. Definition proj1_sig (A: Type) (P: A -> Prop) (s: sig A P) : A := match s with exist x p => x end. X. Leroy (INRIA) Dependently-typed programming 2009-06 7 / 22

  8. Putting all together The general shape of a function with precondition P and postcondition Q : forall ( x 1 : A 1 ) . . . ( x n : A n ) , P x 1 . . . x n → { y : B | Q x 1 . . . x n y } Example: divrem: forall (a b: Z), b > 0 -> { qr: Z * Z | 0 <= snd(qr) < b /\ a = b * fst(qr) + snd(qr) } X. Leroy (INRIA) Dependently-typed programming 2009-06 8 / 22

  9. Using dependently-typed functions The hard way: write proof terms by hand. Lemma square_nonzero_pos: forall (y: Z), y <> 0 -> y * y > 0. Proof. (* interactive proof *) Qed. Definition f (x: Z) (y: Z) (nonzero: y <> 0) : Z := fst (proj1_sig (divrem x (y*y) (square_nonzero_pos y nonzero))). X. Leroy (INRIA) Dependently-typed programming 2009-06 9 / 22

  10. Using dependently-typed functions The easier way: Matthieu Sozeau’s Program mechanism. Program Definition f (x: Z) (y: Z) (nonzero: y <> 0) : Z := fst (divrem x (y*y) _ ). Next Obligation. (* interactive proof of Z -> forall y : Z, y <> 0 -> y * y > 0 *) Qed. X. Leroy (INRIA) Dependently-typed programming 2009-06 10 / 22

  11. My practical experience Dependent types work great to automatically propagate invariants Attached to data structures (standard); In conjunction with monads (new!). In most other cases, plain functions + separate theorems about them are generally more convenient. X. Leroy (INRIA) Dependently-typed programming 2009-06 11 / 22

  12. Attaching invariants to data structures The example of AVL trees: Inductive tree: Type := | Leaf: tree | Node: tree -> A -> tree -> tree. Inductive bst: tree -> Prop := ... (* to be a binary search tree *) Inductive avl: tree -> Prop := ... (* to be balanced according to the AVL criterion *) X. Leroy (INRIA) Dependently-typed programming 2009-06 12 / 22

  13. Attaching invariants to data structures Need to prove that all base operations over trees preserve the bst and avl invariants: Definition add (x: A) (t: tree) : tree := ... Lemma add_invariant: forall x t, bst t /\ avl t -> bst (add x t) /\ avl (add x t). Problem: users must also prove that their functions using the base operations preserves these invariants. Without strong proof automation, this entails a lot of manual proof. X. Leroy (INRIA) Dependently-typed programming 2009-06 13 / 22

  14. Dependent types to the rescue An internal implementation using plain data structures: Inductive raw_tree: Type := ... Inductive bst: raw_tree -> Prop := ... Inductive avl: raw_tree -> Prop := ... Definition raw_add (x: A) (t: raw_tree) : raw_tree := ... Lemma raw_add_invariant: forall x t, bst t /\ avl t -> bst (raw_add x t) /\ avl (raw_add x t). An external interface using a subset type, guaranteeing that the invariant always holds in well-typed user code: Definition tree : Type := { t: raw_tree | bst t /\ avl t }. Definition add (x: A) (t: tree) : tree := match t with exist rt INV => exist (raw_add x rt) (raw_add_invariant x rt INV) end. X. Leroy (INRIA) Dependently-typed programming 2009-06 14 / 22

  15. Attaching invariants to monadic computations Example: incremental construction of a control-flow graph by successive additions of nodes. A job for the state monad! Record cfg : Type := mk_cfg { graph: nat -> option instr; nextnode: nat; wf: forall n, n >= nextnode -> graph n = Node }. Definition mon (A: Type) : Type := cfg -> A * cfg. Definition ret (A: Type) (x: A) : mon A := fun s => (x, s). Definition bind (A B: Type) (x: mon A) (f: A -> mon B): mon B := fun s => let (r, s’) := x s in f r s’. Program Definition add (i: instr) : mon nat := fun s => (nextnode s, mk_cfg (update (graph s) (nextnode s) (Some i)) (nextnode s + 1) _). X. Leroy (INRIA) Dependently-typed programming 2009-06 15 / 22

  16. Monotone evolution of the state Crucial property: nodes are added to the CFG, but existing nodes are never modified. Definition cfg_incl (s1 s2: cfg) : Prop := nextnode s1 <= nextnode s2 /\ forall n i, graph s1 n = Some i -> graph s2 n = Some i. Easy to prove that ret , bind , add satisfy this property: Lemma add_incr: forall s i n s’, add i s = (n, s’) -> cfg_incl s s’. But users need to prove that similar properties hold for all the functions they define using this monad . . . X. Leroy (INRIA) Dependently-typed programming 2009-06 16 / 22

  17. Dependent types to the rescue Attach an invariant to the monad (new!): Definition mon (A: Type) : Type := forall (s: cfg), { r: A * cfg | cfg_incl s (snd r) } The definitions of the monad operations include some proofs (for ret and bind : reflexivity and transitivity of cfg_incl , respectively). Then, the cfg_incl property comes for free for all user code written with this monad! X. Leroy (INRIA) Dependently-typed programming 2009-06 17 / 22

  18. What doesn’t work well with dependent types Issue 1: Where to put preconditions? div: forall (a b: Z), b <> 0 -> Z div: Z -> { b: Z | b <> 0 } -> Z No best choice between these two presentations. X. Leroy (INRIA) Dependently-typed programming 2009-06 18 / 22

  19. What doesn’t work well with dependent types Issue 2: what properties shoud be attached to the result of a function? what properties should be stated separately? Extreme example: very basic functions such as list append have a huge number of properties of interest app nil l = l app l nil = l app (app l1 l2) l3 = app l1 (app l2 l3) app l1 l2 = l2 -> l1 = nil rev (app l1 l2) = app (rev l2) (rev l1) length (app l1 l2) = length l1 + length l2 In x (app l1 l2) <-> In x l1 \/ In x l2 ... If we were to give a dependent type to app , which of these should be attached to the result? (Assuming they can be attached at all – not true for associativity, e.g.) X. Leroy (INRIA) Dependently-typed programming 2009-06 19 / 22

  20. What properties should be attached to the result of a general-purpose function? Sensible answer: none! Almost sensible answer: an inductive predicate describing the recursion pattern of the function. Inductive p_app: list A -> list A -> list A -> Prop := | p_app_nil: forall l, p_app nil l l | p_app_cons: forall l1 l2 l3 a, p_app l1 l2 l3 -> p_app (a :: l1) l2 (a :: l3). Fixpoint app (l1 l2: list A): { l | p_app l1 l2 l } := ... Enables replacing some reasoning over the function app by reasoning over the inductive predicate p_app . For app , nothing is gained. Sometimes useful for more complex recursion patterns, though. X. Leroy (INRIA) Dependently-typed programming 2009-06 20 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Message Passing Programming with MPI Message Passing Programming with MPI 1 What is MPI?

Message Passing Programming with MPI Message Passing Programming with MPI 1 What is MPI?

Message Passing Programming with MPI Message Passing Programming with MPI 1 What is MPI? Message Passing Programming with MPI 2 MPI Forum First message-passing interface standard. Sixty people from forty different organisations.

1.61k views • 113 slides
Message Passing Programming with MPI What is MPI? Message Passing Programming with MPI 1

Message Passing Programming with MPI What is MPI? Message Passing Programming with MPI 1

Message Passing Programming with MPI What is MPI? Message Passing Programming with MPI 1 Message Passing Programming with MPI 2 MPI Forum Goals and Scope of MPI First message-passing interface standard. MPIs prime goals are:

511 views • 29 slides
Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will

Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will

Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will cover message passing model SPMD communication modes collective communications Programming Models Message-Passing Serial Programming

406 views • 28 slides
Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi

Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi

Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi &amp; Nobuko Yoshida VeTSS PhD school / FMATS workshop Microsoft Research Cambridge, 25 September 2018 Problem Introduction Calculus Types

870 views • 57 slides
Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Stephanie Weirich University of Pennsylvania https://github.com/sweirich/dth @fancytypes Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs Originally, logical foundation for mathematics

840 views • 39 slides
Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea University, Swansea, UK 14 August 2012 1/ 50 A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory Weakly Final

621 views • 50 slides
Positively Dependent Types Dan Licata and Robert Harper Carnegie Mellon University 1 Dans

Positively Dependent Types Dan Licata and Robert Harper Carnegie Mellon University 1 Dans

Positively Dependent Types Dan Licata and Robert Harper Carnegie Mellon University 1 Dans thesis New dependently typed programming language for programming with binding and scope Applications: Domain-specific logics for reasoning about

809 views • 67 slides
Message Passing Programming Introduction to MPI What is MPI? MPI Forum First

Message Passing Programming Introduction to MPI What is MPI? MPI Forum First

Message Passing Programming Introduction to MPI What is MPI? MPI Forum First message-passing interface standard. Sixty people from forty different organisations. Users and vendors represented, from the US and Europe. Two-year

526 views • 18 slides
A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software University of London Chinese Academy of Sciences Linear types and dependent types Linear types (Girard 1987): A - B Dependent types

518 views • 13 slides
Toward dependent choice: a classical sequent calculus with dependent types Hugo Herbelin 1 ,

Toward dependent choice: a classical sequent calculus with dependent types Hugo Herbelin 1 ,

Curry-Howard Axiom of Dependent Choice Sequent calculus State of the art Toward dependent choice: a classical sequent calculus with dependent types Hugo Herbelin 1 , Etienne Miquey 1,2 1 Team r 2 (INRIA), PPS, Universit e

404 views • 24 slides
Programming Introduction to MPI What is MPI? 2 MPI Forum First message-passing interface

Programming Introduction to MPI What is MPI? 2 MPI Forum First message-passing interface

Message Passing Programming Introduction to MPI What is MPI? 2 MPI Forum First message-passing interface standard. Sixty people from forty different organisations. Users and vendors represented, from the US and Europe. Two-year

302 views • 18 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
I DRIS : Systems Programming with Dependent Types Edwin Brady eb@cs.st-andrews.ac.uk University

I DRIS : Systems Programming with Dependent Types Edwin Brady eb@cs.st-andrews.ac.uk University

I DRIS : Systems Programming with Dependent Types Edwin Brady eb@cs.st-andrews.ac.uk University of St Andrews DTP 2011, August 27th 2011 DTP 2011, August 27th 2011 p.1 Introduction A constant problem: Writing a correct computer

932 views • 51 slides
CSE-505: Programming Languages Lecture 21 Synchronous Message-Passing and Concurrent ML Zach

CSE-505: Programming Languages Lecture 21 Synchronous Message-Passing and Concurrent ML Zach

CSE-505: Programming Languages Lecture 21 Synchronous Message-Passing and Concurrent ML Zach Tatlock 2016 Message Passing Threads communicate via send and receive along channels instead of read and write of references Not so

626 views • 13 slides
Introduction to Parallel Computing Irene Moulitsas Programming using the Message-Passing

Introduction to Parallel Computing Irene Moulitsas Programming using the Message-Passing

Introduction to Parallel Computing Irene Moulitsas Programming using the Message-Passing Paradigm MPI Background MPI : Message Passing Interface Began in Supercomputing 92 Vendors IBM, Intel, Cray Library writers PVM

876 views • 38 slides
Towards Unification for Dependent Types Ningning Xie , Bruno C. d. S. Oliveira The University of

Towards Unification for Dependent Types Ningning Xie , Bruno C. d. S. Oliveira The University of

Towards Unification for Dependent Types Ningning Xie , Bruno C. d. S. Oliveira The University of Hong Kong June 2017 N. Xie, B.C.d.S. Oliveira Towards Unification for Dependent Types TFP 2017 1 / 26 Outline Motivation and Background 1

1k views • 78 slides
BST property: for each node v with key k , nodes in left subtree have keys k nodes in

BST property: for each node v with key k , nodes in left subtree have keys k nodes in

BST property: for each node v with key k , nodes in left subtree have keys k nodes in right subtree have keys k Have seen simple BST operations : Search Minimum Maximum Predecessor Successor Insert Delete

325 views • 18 slides
Binary Search Trees get(), put() and remove() Dictionary Operations: Data Structure Worst

Binary Search Trees get(), put() and remove() Dictionary Operations: Data Structure Worst

Complexity Of Dictionary Operations Binary Search Trees get(), put() and remove() Dictionary Operations: Data Structure Worst Case Expected get(key) Hash Table O(n) O(1) put(key, value) remove(key) Binary Search O(n) O(log

150 views • 10 slides
Introduction CSCE423/823 CSCE423/823 Computer Science &amp; Engineering 423/823 Dynamic

Introduction CSCE423/823 CSCE423/823 Computer Science &amp; Engineering 423/823 Dynamic

Introduction CSCE423/823 CSCE423/823 Computer Science &amp; Engineering 423/823 Dynamic programming is a technique for solving optimization Introduction Design and Analysis of Algorithms Introduction problems Rod Cutting Rod Cutting Key

796 views • 7 slides
Intelligible Models for Classification and Regression Yin Lou 1 Rich Caruana 2 Johannes Gehrke 1

Intelligible Models for Classification and Regression Yin Lou 1 Rich Caruana 2 Johannes Gehrke 1

Intelligible Models for Classification and Regression Yin Lou 1 Rich Caruana 2 Johannes Gehrke 1 Department of Computer Science 1 Microsoft Research 2 Cornell University Microsoft Corporation Aug. 13, 2012 Yin Lou (Cornell University)

436 views • 40 slides
The Last Lecture Thoughts on Computer Science and Life Brian Harvey Senior Lecturer with

The Last Lecture Thoughts on Computer Science and Life Brian Harvey Senior Lecturer with

The Last Lecture Thoughts on Computer Science and Life Brian Harvey Senior Lecturer with Security of Employment (soon-to-be-)Emeritus May 3, 2013 Paradigms merging? Some programming language specialists want us to stop talking about

419 views • 14 slides
Binary Search Tree (BST) 15 &lt; &gt; 7 17 3 9 19 What is the 1 4 8 11 inorder

Binary Search Tree (BST) 15 &lt; &gt; 7 17 3 9 19 What is the 1 4 8 11 inorder

Binary Search Tree (BST) 15 &lt; &gt; 7 17 3 9 19 What is the 1 4 8 11 inorder traversal of a BST? 23 BST Definition BST is a binary tree Each node stores a value from an ordered domain, e.g., numbers or strings The value of any

369 views • 16 slides
Unifying Execution of Imperative and Declarative Code Aleksandar Milicevic Massachusetts

Unifying Execution of Imperative and Declarative Code Aleksandar Milicevic Massachusetts

Motivation Outline Framework Translation Data Abstractions Evaluation Discussion Summary Unifying Execution of Imperative and Declarative Code Aleksandar Milicevic Massachusetts Institute of Technology Cambridge, MA RQE Defense, MIT

1.48k views • 99 slides
Trees Binary Trees A binary tree is composed of zero or more nodes in which no node can have

Trees Binary Trees A binary tree is composed of zero or more nodes in which no node can have

Trees Binary Trees A binary tree is composed of zero or more nodes in which no node can have more than two children. Each node contains: A value (some sort of data item). A reference or pointer to a left child (may be null), and

609 views • 41 slides

More recommend