recall for free
play

Recall for free: preorder - respecting state monads in Danel Ahman - PowerPoint PPT Presentation

May 21, 2023 •243 likes •1.47k views

Recall for free: preorder - respecting state monads in Danel Ahman LFCS, University of Edinburgh (joint work with Aseem Rastogi and Nikhil Swamy) EUTypes WG Meeting in Lisbon 5 October 2016 An effectful dependently-typed functional

  1. get and put val get : #rel:preorder state → PST rel state ( fun _ → True) ( fun s 0 s s 1 → s 0 = s ∧ s = s 1 )

  2. get and put pre and post are exactly as for STATE and ST val get : #rel:preorder state → PST rel state ( fun _ → True) ( fun s 0 s s 1 → s 0 = s ∧ s = s 1 )

  3. get and put pre and post are exactly as for STATE and ST val get : #rel:preorder state → PST rel state ( fun _ → True) ( fun s 0 s s 1 → s 0 = s ∧ s = s 1 ) val put : #rel:preorder state → x:state → PST rel unit ( fun s 0 → rel s 0 x) ( fun _ _ s 1 → s 1 = x)

  4. get and put pre and post are exactly as for STATE and ST val get : #rel:preorder state → PST rel state ( fun _ → True) ( fun s 0 s s 1 → s 0 = s ∧ s = s 1 ) the change wrt. STATE and ST val put : #rel:preorder state val put : #rel:preorder state → x:state → x:state → PST rel unit ( fun s 0 → rel s 0 x) → PST rel unit ( fun s 0 → rel s 0 x) ( fun _ _ s 1 → s 1 = x) ( fun _ _ s 1 → s 1 = x)

  5. ■ - modality in

  6. ■ - modality in We introduce an uninterpreted function symbol val ■ : #rel:preorder state → p:stable_p rel → Type 0

  7. ■ - modality in We introduce an uninterpreted function symbol val ■ : #rel:preorder state → p:stable_p rel → Type 0 We assume logical axioms, e.g., functoriality: forall p p' . ( forall s . p s ⇒ p' s) ⇒ ( ■ p ⇒ ■ p')

  8. ■ - modality in We introduce an uninterpreted function symbol val ■ : #rel:preorder state → p:stable_p rel → Type 0 We assume logical axioms, e.g., functoriality: forall p p' . ( forall s . p s ⇒ p' s) ⇒ ( ■ p ⇒ ■ p') Two readings of ■ p 
 p held at some past state of an PSTATE computation p holds at all states reachable from the current with PSTATE

  9. witness and recall

  10. witness and recall val witness : #rel:preorder state → p:stable_p rel → PST rel unit ( fun s 0 → p s 0 ) ■ p) ( fun s 0 _ s 1 → s 0 = s 1 ∧

  11. witness and recall val witness : #rel:preorder state → p:stable_p rel → PST rel unit ( fun s 0 → p s 0 ) ■ p) ( fun s 0 _ s 1 → s 0 = s 1 ∧ val recall : #rel:preorder state → p:stable_p rel → PST rel unit ( fun _ → ■ p ) p s 1 ) ( fun s 0 _ s 1 → s 0 = s 1 ∧

  12. Examples

  13. Examples

  14. Examples • Recalling that allocated references remain allocated • using FStar.Heap.heap (need a source of freshness for alloc ) � using our own heap type (source of freshness built into the heap)

  15. Examples • Recalling that allocated references remain allocated • using FStar.Heap.heap (need a source of freshness for alloc ) � using our own heap type (source of freshness built into the heap) • Immutable references and other preorders

  16. Examples • Recalling that allocated references remain allocated • using FStar.Heap.heap (need a source of freshness for alloc ) � using our own heap type (source of freshness built into the heap) • Immutable references and other preorders • Monotonic references

  17. Examples • Recalling that allocated references remain allocated • using FStar.Heap.heap (need a source of freshness for alloc ) � using our own heap type (source of freshness built into the heap) • Immutable references and other preorders • Monotonic references � Temporarily ignoring the constraint on put via snapshots

  18. Our heap and ref types

  19. Our heap and ref types The heap and ref types let heap = h:(nat * (nat → option (a:Type 0 & a))) { ... } let ref a = nat

  20. Our heap and ref types freshness counter The heap and ref types The heap and ref types let heap = h:(nat * (nat → option (a:Type 0 & a))) let heap = h:(nat * (nat → option (a:Type 0 & a))) { ... } { ... } let ref a = nat let ref a = nat

  21. Our heap and ref types freshness counter The heap and ref types The heap and ref types let heap = h:(nat * (nat → option (a:Type 0 & a))) let heap = h:(nat * (nat → option (a:Type 0 & a))) { ... } { ... } let ref a = nat let ref a = nat We can define sel and upd and gen_fresh operations

  22. Our heap and ref types freshness counter The heap and ref types The heap and ref types let heap = h:(nat * (nat → option (a:Type 0 & a))) let heap = h:(nat * (nat → option (a:Type 0 & a))) { ... } { ... } both ops. have (r ∈ h) let ref a = nat let ref a = nat refinements on references We can define sel and upd and gen_fresh operations

  23. Our heap and ref types freshness counter The heap and ref types The heap and ref types let heap = h:(nat * (nat → option (a:Type 0 & a))) let heap = h:(nat * (nat → option (a:Type 0 & a))) { ... } { ... } both ops. have (r ∈ h) let ref a = nat let ref a = nat refinements on references We can define sel and upd and gen_fresh operations and prove expected properties, e.g.: r <> r' ⇒ sel (upd h r x) r' = sel h r'

  24. Our heap and ref types freshness counter The heap and ref types The heap and ref types let heap = h:(nat * (nat → option (a:Type 0 & a))) let heap = h:(nat * (nat → option (a:Type 0 & a))) { ... } { ... } both ops. have (r ∈ h) let ref a = nat let ref a = nat refinements on references Goal: use this heap as drop-in replacement for F * 's heap We can define sel and upd and gen_fresh operations (but in F*'s heap , sel and upd don't have (r ∈ h) refinements) and prove expected properties, e.g.: • change the type of refs. to ( let ref a = nat * a) r <> r' ⇒ sel (upd h r x) r' = sel h r' • make use of the presence LEM in WPs for checking (r ∈ h)

  25. Allocated references example

  26. Allocated references example The type of refs. and preorder for recalling allocation let ref a = r:(Heap.ref a){ ■ ( fun h → r ∈ h) } let rel h 0 h 1 = forall a r . r ∈ h 0 ⇒ r ∈ h 1 AllocST a pre post = PST rel a pre post

  27. Allocated references example The type of refs. and preorder for recalling allocation let ref a = r:(Heap.ref a){ ■ ( fun h → r ∈ h) } let rel h 0 h 1 = forall a r . r ∈ h 0 ⇒ r ∈ h 1 AllocST a pre post = PST rel a pre post AllocST operations crucially use witness and recall , e.g., let read #a (r:ref a) = let h = get () in recall ( fun h → r ∈ h) ; sel h r

  28. Snapshots

  29. Snapshots We first define snaphsot-capable state as let s_state state = state * option state

  30. Snapshots We first define snaphsot-capable state as let s_state state = state * option state The snaphsot-capable preorder is indexed by rel on state let s_rel (rel:preorder state) s 0 s 1 = match (snd s 0 ) (snd s 1 ) with | None None ⇒ rel (fst s 0 ) (fst s 1 ) | None (Some s) ⇒ rel (fst s 0 ) s | (Some s) None ⇒ rel s (fst s 1 ) | (Some s 0 ') (Some s 1 ') ⇒ rel s 0 ' s 1 '

  31. Snapshots We first define snaphsot-capable state as let s_state state = state * option state The snaphsot-capable preorder is indexed by rel on state let s_rel (rel:preorder state) s 0 s 1 = match (snd s 0 ) (snd s 1 ) with | None None ⇒ rel (fst s 0 ) (fst s 1 ) | None (Some s) ⇒ rel (fst s 0 ) s | (Some s) None ⇒ rel s (fst s 1 ) | (Some s 0 ') (Some s 1 ') ⇒ rel s 0 ' s 1 '

  32. Snapshots We first define snaphsot-capable state as let s_state state = state * option state The snaphsot-capable preorder is indexed by rel on state let s_rel (rel:preorder state) s 0 s 1 = match (snd s 0 ) (snd s 1 ) with | None None ⇒ rel (fst s 0 ) (fst s 1 ) | None (Some s) ⇒ rel (fst s 0 ) s | (Some s) None ⇒ rel s (fst s 1 ) | (Some s 0 ') (Some s 1 ') ⇒ rel s 0 ' s 1 '

  33. Snapshots We first define snaphsot-capable state as let s_state state = state * option state The snaphsot-capable preorder is indexed by rel on state let s_rel (rel:preorder state) s 0 s 1 = match (snd s 0 ) (snd s 1 ) with | None None ⇒ rel (fst s 0 ) (fst s 1 ) | None (Some s) ⇒ rel (fst s 0 ) s | (Some s) None ⇒ rel s (fst s 1 ) | (Some s 0 ') (Some s 1 ') ⇒ rel s 0 ' s 1 '

  34. Snapshots We first define snaphsot-capable state as let s_state state = state * option state The snaphsot-capable preorder is indexed by rel on state let s_rel (rel:preorder state) s 0 s 1 = match (snd s 0 ) (snd s 1 ) with | None None ⇒ rel (fst s 0 ) (fst s 1 ) | None (Some s) ⇒ rel (fst s 0 ) s | (Some s) None ⇒ rel s (fst s 1 ) | (Some s 0 ') (Some s 1 ') ⇒ rel s 0 ' s 1 '

  35. read and write

  36. read and write val read : #rel:preorder state → SST rel state ( fun s 0 → True) ∧ fst s 1 ∧ ( fun s 0 s s 1 → fst s 0 = s s = snd s 0 = snd s 1 ) let write #rel x = ...

  37. read and write val read : #rel:preorder state → SST rel state ( fun s 0 → True) ∧ fst s 1 ∧ ( fun s 0 s s 1 → fst s 0 = s s = snd s 0 = snd s 1 ) let write #rel x = ... val write : #rel:preorder state → x:state → SST rel unit ( fun s 0 → s_rel rel s 0 (x,snd s 0 )) ( fun s 0 _ s 1 → s 1 = (x,snd s 0 )) let write #rel x = ...

  38. witness and recall

  39. witness and recall val witness : #rel:preorder state → p:stable_p rel → SST rel unit ( fun s 0 → p (fst s 0 ) ∧ snd s 0 = None) ■ p) ( fun s 0 _ s 1 → s 0 = s 1 ∧ let witness #rel p = ...

  40. witness and recall val witness : #rel:preorder state → p:stable_p rel → SST rel unit ( fun s 0 → p (fst s 0 ) ∧ snd s 0 = None) ■ p) ( fun s 0 _ s 1 → s 0 = s 1 ∧ let witness #rel p = ... val recall : #rel:preorder state → p:stable_p rel → SST rel unit ( fun s 0 → ■ p ∧ snd s 0 = None) ( fun s 0 _ s 1 → s 0 = s 1 ∧ p (fst s 1 )) let recall #rel p = ...

  41. snap and ok

  42. snap and ok val snap : #rel:preorder state → SST rel unit ( fun s 0 → snd s 0 = None) ( fun s 0 _ s 1 → fst s 0 = fst s 1 ∧ snd s 1 = Some (fst s 0 )) let snap #rel = ...

  43. snap and ok val snap : #rel:preorder state → SST rel unit ( fun s 0 → snd s 0 = None) ( fun s 0 _ s 1 → fst s 0 = fst s 1 ∧ snd s 1 = Some (fst s 0 )) let snap #rel = ... val ok : #rel:preorder state → SST rel unit ( fun s 0 → exists s . snd s 0 = Some s ∧ rel s (fst s 0 )) ( fun s 0 _ s 1 → fst s 0 = fst s 1 ∧ snd s 1 = None) let ok #rel = ...

  44. Example use of SST

  45. Example use of SST y 1 y 0 x 0 x 1 • Implementing a 2D point using two locations • E.g., want to enforce that can only move along some line

  46. A glimpse of the formal metatheory

  47. PSTATE formally

  48. PSTATE formally We work with a small calculus based on EMF * from DM4F t, wp, ::= state | rel | x:t1 → Tot t2 | x:t1 → PSTATE t2 wp | ... e, φ | x | fun x:t → e | e1 e2 | (e1,e2) | fst e | ... | return e | bind e1 x:t.e2 | get e | put e | witness e | recall e

  49. PSTATE formally We work with a small calculus based on EMF * from DM4F t, wp, ::= state | rel | x:t1 → Tot t2 | x:t1 → PSTATE t2 wp | ... e, φ | x | fun x:t → e | e1 e2 | (e1,e2) | fst e | ... | return e | bind e1 x:t.e2 | get e | put e | witness e | recall e Typing judgements have the form G ⊢ e : Tot t G ⊢ e : PSTATE t wp

  50. PSTATE formally We work with a small calculus based on EMF * from DM4F t, wp, ::= state | rel | x:t1 → Tot t2 | x:t1 → PSTATE t2 wp | ... e, φ | x | fun x:t → e | e1 e2 | (e1,e2) | fst e | ... | return e | bind e1 x:t.e2 | get e | put e | witness e | recall e Typing judgements have the form G ⊢ e : Tot t G ⊢ e : PSTATE t wp There is also a judgement for logical reasoning in WPs G | Φ ⊨ φ

  51. PSTATE formally We work with a small calculus based on EMF * from DM4F t, wp, ::= state | rel | x:t1 → Tot t2 | x:t1 → PSTATE t2 wp | ... e, φ | x | fun x:t → e | e1 e2 | (e1,e2) | fst e | ... | return e | bind e1 x:t.e2 | get e | put e | witness e | recall e Typing judgements have the form G ⊢ e : Tot t G ⊢ e : PSTATE t wp There is also a judgement for logical reasoning in WPs G | Φ ⊨ φ nat. deduction for classical predicate logic

  52. Operational semantics

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Free recall and recognition in a network model of the hippocampus: simulating effects of

Free recall and recognition in a network model of the hippocampus: simulating effects of

Free recall and recognition in a network model of the hippocampus: simulating effects of scopolamine on human memory function Michael E. Hasselmo * and Bradley P. Wyble Acetylcholine again! - thought to be involved in learning and memory -

1.41k views • 89 slides
GPU tuning, part 1 (updated) CSE 6230: HPC Tools &amp; Apps Fall 2014 September 30 &amp;

GPU tuning, part 1 (updated) CSE 6230: HPC Tools &amp; Apps Fall 2014 September 30 &amp;

vuduc.org/cse6230 GPU tuning, part 1 (updated) CSE 6230: HPC Tools &amp; Apps Fall 2014 September 30 &amp; October 2 Recall: 2 Recall: 6 GB/s 2 Recall: 3 Recall: 4 Recall: 5 Recall: 6 Recall: 7 Recall: 8 Recall: 9

1.19k views • 99 slides
Compilers and computer architecture From strings to ASTs (2): context free grammars Martin Berger

Compilers and computer architecture From strings to ASTs (2): context free grammars Martin Berger

Compilers and computer architecture From strings to ASTs (2): context free grammars Martin Berger 1 October 2019 1 Email: M.F.Berger@sussex.ac.uk , Office hours: Wed 12-13 in Chi-2R312 1 / 1 Recall the function of compilers 2 / 1 Recall we

686 views • 53 slides
Equivalence with context-free grammars I Language context free recognized by pushdown automata

Equivalence with context-free grammars I Language context free recognized by pushdown automata

Equivalence with context-free grammars I Language context free recognized by pushdown automata For the left-hand side, recall that by definition a language is context-free if it is constructed by some CFG For the proof, one direction is

329 views • 7 slides
Before We Start Any questions? Context Free Languages PDAs and CFLs Languages Context Free

Before We Start Any questions? Context Free Languages PDAs and CFLs Languages Context Free

Before We Start Any questions? Context Free Languages PDAs and CFLs Languages Context Free Languages Recall. Context Free Languages(CFL) is the next class of languages outside of Regular What is a language? Languages:

492 views • 10 slides
1 Bin(10, 0.3), Bin(100, 0.03) vs. Poi(3) Tender (Central) Moments with Poisson Recall: Y ~

1 Bin(10, 0.3), Bin(100, 0.03) vs. Poi(3) Tender (Central) Moments with Poisson Recall: Y ~

Whither the Binomial Binomial in the Limit Recall example of sending bit string over network Recall the Binomial distribution n ! n = 4 bits sent over network where each bit had i n i ( ) ( 1 ) P X i

191 views • 4 slides
3rd Annual Automotive Industry Warranty &amp; Recall Symposium Global Financial Advisory Services

3rd Annual Automotive Industry Warranty &amp; Recall Symposium Global Financial Advisory Services

3rd Annual Automotive Industry Warranty &amp; Recall Symposium Global Financial Advisory Services Agenda News and Recall Data 2015 Recap NHTSA Recall Data Completion Rate Trends and Observations International Recall Data

1.32k views • 114 slides
Big picture All languages Decidable Turing machines NP P Context-free

Big picture All languages Decidable Turing machines NP P Context-free

Big picture All languages Decidable Turing machines NP P Context-free Context-free grammars, push-down automata Regular Automata, non-deterministic automata, regular expressions Recall: Theorem: L := {0 n 1 n : n 0}

1.23k views • 108 slides
1 Those of you who came to our original Seminar will recall that I there tried to provide an

1 Those of you who came to our original Seminar will recall that I there tried to provide an

1 Those of you who came to our original Seminar will recall that I there tried to provide an overview of the process of developing policy and then turning it into legislation. You may also recall that the key messages of that presentation were:

141 views • 13 slides
CSCI341 Lecture 36, Pipelining &amp; Hazards RECALL... RECALL... HAZARDS Data Hazards

CSCI341 Lecture 36, Pipelining &amp; Hazards RECALL... RECALL... HAZARDS Data Hazards

CSCI341 Lecture 36, Pipelining &amp; Hazards RECALL... RECALL... HAZARDS Data Hazards Control Hazards Dukes of Hazzard DATA HAZARD Hardware solution: Include forwarding paths in the machines datapath. Even though results have not

436 views • 27 slides
RECALL READINESS Presentation Prepared for the Colorado Fruit and Vegetable Growers Association

RECALL READINESS Presentation Prepared for the Colorado Fruit and Vegetable Growers Association

RECALL READINESS Presentation Prepared for the Colorado Fruit and Vegetable Growers Association Recall Readiness and Crisis Management Workshop November 14, 2017 J. Lee Gray Partner IS A RECALL PLAN REQUIRED? Register as Food Facility?

390 views • 34 slides
Lecture 14: Energy Bands for Electrons in Crystals (Kittel Ch. 7) Energy Energy Gap k

Lecture 14: Energy Bands for Electrons in Crystals (Kittel Ch. 7) Energy Energy Gap k

Lecture 14: Energy Bands for Electrons in Crystals (Kittel Ch. 7) Energy Energy Gap k /a /a 0 Physics 460 F 2006 Lect 14 1 Outline Recall the solution for the free electron gas (Jellium) Simplest model for a metal Free

459 views • 20 slides
Proving Invariances CS256/Spring 2008 Lecture #6 Zohar Manna Definitions Recall: the

Proving Invariances CS256/Spring 2008 Lecture #6 Zohar Manna Definitions Recall: the

Proving Invariances CS256/Spring 2008 Lecture #6 Zohar Manna Definitions Recall: the variables of assertion: free (flexible) system variables V = Y { } Chapter 1 where Y are the program variables and is the control

292 views • 10 slides
YACC Background ! Review : Recall grammars for YACC are a CSCI: 4500/6500 Programming variant of

YACC Background ! Review : Recall grammars for YACC are a CSCI: 4500/6500 Programming variant of

YACC Background ! Review : Recall grammars for YACC are a CSCI: 4500/6500 Programming variant of BNF Languages Can be used to express context free languages X -&gt; p X is non terminal, p is a string of non-terminals and/ Conclusion of

326 views • 7 slides
Hopes and Fears for Evergreen Oh were free! Free! Forever were free Come join the song

Hopes and Fears for Evergreen Oh were free! Free! Forever were free Come join the song

My My Hopes and Fears for Evergreen Oh were free! Free! Forever were free Come join the song of all the redeemed Yes were free! Free! Forever amen Thats when death was arrested and my life began We worship you! Hallelujah,

713 views • 23 slides
Should You Be Gluten Free? Should You Be Gluten Free? Should You Be Gluten Free? Should You Be

Should You Be Gluten Free? Should You Be Gluten Free? Should You Be Gluten Free? Should You Be

Should You Be Gluten Free? Should You Be Gluten Free? Should You Be Gluten Free? Should You Be Gluten Free? New Research Shows 1 in 8 Americans N R h Sh 1 i 8 A i are Gluten Intolerant Are You? What is gluten? Testing Latest

518 views • 41 slides
How Serious is the WMD Terrorism Threat?: Terrorist Motivations and Capabilities for Using

How Serious is the WMD Terrorism Threat?: Terrorist Motivations and Capabilities for Using

How Serious is the WMD Terrorism Threat?: Terrorist Motivations and Capabilities for Using Chemical, Biological, Radiological, and Nuclear Weapons Gary Ackerman Director, WMD Terrorism Research Program Center for Nonproliferation Studies

609 views • 41 slides
Federal Policy Proposals for Rebuilding the Efficiency Industry During the COVID Era July 15,

Federal Policy Proposals for Rebuilding the Efficiency Industry During the COVID Era July 15,

WELCOME TO TODAYS WEBINAR! Federal Policy Proposals for Rebuilding the Efficiency Industry During the COVID Era July 15, 2020 Todays Speakers Roger Flanagan, TRC Ben Evans, Alliance to Save Energy Kateri Callahan, Dynamic

272 views • 23 slides
Planning for Small Water Systems David Tucker www.efcnetwork.org 6/19/2013 Dedicated to

Planning for Small Water Systems David Tucker www.efcnetwork.org 6/19/2013 Dedicated to

Energy Management Planning for Small Water Systems David Tucker www.efcnetwork.org 6/19/2013 Dedicated to enhancing the ability of governments and organizations to provide environmental programs and services in fair, effective, and financially

579 views • 16 slides
Training Programme 2018 15 th 16 th March, 2018 A project financed by the European Union Top

Training Programme 2018 15 th 16 th March, 2018 A project financed by the European Union Top

Implementing Partners Understanding China Training Programme 2018 15 th 16 th March, 2018 A project financed by the European Union Top Trends Macro 1. Towards Re-Centralisation 2. Prioritisation of administrative, social and regional

335 views • 11 slides
Collaborative Deanonymization University of Cambridge Security Seminar Series, 26 May 2020 Patrik

Collaborative Deanonymization University of Cambridge Security Seminar Series, 26 May 2020 Patrik

Collaborative Deanonymization University of Cambridge Security Seminar Series, 26 May 2020 Patrik Keller, Martin Florian, Rainer Bhme https://arxiv.org/abs/2005.03535 Motivation Decentralized systems Crime Anonymity prevention Objective:

194 views • 15 slides
Non-standard in tf rac tj ons in atmospheric neu ts ino experiments Arman Esmaili Pontifcia

Non-standard in tf rac tj ons in atmospheric neu ts ino experiments Arman Esmaili Pontifcia

Non-standard in tf rac tj ons in atmospheric neu ts ino experiments Arman Esmaili Pontifcia Universidade Catlica do Rio de Janeiro (PUC-Rio), Brasil &lt;latexit

692 views • 40 slides
Energy Efficiency Measuring for Success: Coordination, Collaboration, and Transparency

Energy Efficiency Measuring for Success: Coordination, Collaboration, and Transparency

Energy Efficiency Measuring for Success: Coordination, Collaboration, and Transparency Comments by Lucas Davis Associate Professor UC Berkeley Haas School of Business ldavis@haas.berkeley.edu March 6, 2013 Lucas Davis (UC Berkeley) Measuring

360 views • 8 slides
Adverse Media Screening Practices May 2020 Speakers David Balson Gavin Lockhart Mirams Henry

Adverse Media Screening Practices May 2020 Speakers David Balson Gavin Lockhart Mirams Henry

Adverse Media Screening Practices May 2020 Speakers David Balson Gavin Lockhart Mirams Henry Williams Director of Intelligence MD Think Tank &amp; Founder Head of Investigations Ripjar Themis Themis Kenneth Gazzaway Director, EMEA

435 views • 11 slides

More recommend