static assurance with types liam o connor
play

Static Assurance with Types Liam OConnor University of Edinburgh - PowerPoint PPT Presentation

Apr 08, 2024 •278 likes •1.09k views

Static Assurance Phantom Types GADTs Type Families Software System Design and Implementation Static Assurance with Types Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Static Assurance Phantom Types GADTs Type

  1. Static Assurance Phantom Types GADTs Type Families Software System Design and Implementation Static Assurance with Types Liam O’Connor University of Edinburgh LFCS (and UNSW) Term 2 2020 1

  2. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Hybrid Dynamic Static Testing

  3. Static Assurance Phantom Types GADTs Type Families Methods of Assurance assert() Hybrid Dynamic Static Testing

  4. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs assert() Hybrid Dynamic Static Testing

  5. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs assert() Hybrid Dynamic Static Types Testing

  6. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs Proofs assert() Hybrid Dynamic Static Types Testing

  7. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs Static Analysers Proofs assert() Hybrid Dynamic Static Types Testing

  8. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs Static Analysers Proofs assert() Hybrid Dynamic Static Types Testing Model Checkers

  9. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs Static Analysers Proofs assert() Hybrid Dynamic Static Types Testing Contracts Model Checkers

  10. Static Assurance Phantom Types GADTs Type Families Methods of Assurance Monitors, watchdogs Static Analysers Gradual Types Proofs assert() Hybrid Dynamic Static Types Testing Contracts Model Checkers Static means of assurance analyse a program without running it. 10

  11. Static Assurance Phantom Types GADTs Type Families Static vs. Dynamic Static checks can be exhaustive. 11

  12. Static Assurance Phantom Types GADTs Type Families Static vs. Dynamic Static checks can be exhaustive. Exhaustivity An exhaustive check is a check that is able to analyse all possible executions of a program. 12

  13. Static Assurance Phantom Types GADTs Type Families Static vs. Dynamic Static checks can be exhaustive. Exhaustivity An exhaustive check is a check that is able to analyse all possible executions of a program. However , some properties cannot be checked statically in general (halting problem), or are intractable to feasibly check statically (state space explosion). Dynamic checks cannot be exhaustive, but can be used to check some properties where static methods are unsuitable. 13

  14. Static Assurance Phantom Types GADTs Type Families Compiler Integration Most static and all dynamic methods of assurance are not integrated into the compilation process. 14

  15. Static Assurance Phantom Types GADTs Type Families Compiler Integration Most static and all dynamic methods of assurance are not integrated into the compilation process. You can compile and run your program even if it fails tests. 15

  16. Static Assurance Phantom Types GADTs Type Families Compiler Integration Most static and all dynamic methods of assurance are not integrated into the compilation process. You can compile and run your program even if it fails tests. You can change your program to diverge from your model checker model. 16

  17. Static Assurance Phantom Types GADTs Type Families Compiler Integration Most static and all dynamic methods of assurance are not integrated into the compilation process. You can compile and run your program even if it fails tests. You can change your program to diverge from your model checker model. Your proofs can diverge from your implementation. 17

  18. Static Assurance Phantom Types GADTs Type Families Compiler Integration Most static and all dynamic methods of assurance are not integrated into the compilation process. You can compile and run your program even if it fails tests. You can change your program to diverge from your model checker model. Your proofs can diverge from your implementation. Types Because types are integrated into the compiler, they cannot diverge from the source code. This means that type signatures are a kind of machine-checked documentation for your code. 18

  19. Static Assurance Phantom Types GADTs Type Families Types Types are the most widely used kind of formal verification in programming today. They are checked automatically by the compiler. They can be extended to encompass properties and proof systems with very high expressivity (covered next week). They are an exhaustive analysis. 19

  20. Static Assurance Phantom Types GADTs Type Families Types Types are the most widely used kind of formal verification in programming today. They are checked automatically by the compiler. They can be extended to encompass properties and proof systems with very high expressivity (covered next week). They are an exhaustive analysis. This week, we’ll look at techniques to encode various correctness conditions inside Haskell’s type system. 20

  21. Static Assurance Phantom Types GADTs Type Families Phantom Types Definition A type parameter is phantom if it does not appear in the right hand side of the type definition. newtype Size x = S Int 21

  22. Static Assurance Phantom Types GADTs Type Families Phantom Types Definition A type parameter is phantom if it does not appear in the right hand side of the type definition. newtype Size x = S Int Lets examine each one of the following use cases: We can use this parameter to track what data invariants have been established about a value. 22

  23. Static Assurance Phantom Types GADTs Type Families Phantom Types Definition A type parameter is phantom if it does not appear in the right hand side of the type definition. newtype Size x = S Int Lets examine each one of the following use cases: We can use this parameter to track what data invariants have been established about a value. We can use this parameter to track information about the representation (e.g. units of measure). 23

  24. Static Assurance Phantom Types GADTs Type Families Phantom Types Definition A type parameter is phantom if it does not appear in the right hand side of the type definition. newtype Size x = S Int Lets examine each one of the following use cases: We can use this parameter to track what data invariants have been established about a value. We can use this parameter to track information about the representation (e.g. units of measure). We can use this parameter to enforce an ordering of operations performed on these values ( type state ). 24

  25. Static Assurance Phantom Types GADTs Type Families Validation data UG -- empty type data PG data StudentID x = SID Int 25

  26. Static Assurance Phantom Types GADTs Type Families Validation data UG -- empty type data PG data StudentID x = SID Int We can define a smart constructor that specialises the type parameter: sid :: Int -> Either (StudentID UG) (StudentID PG) (Recalling the following definition of Either) data Either a b = Left a | Right b 26

  27. Static Assurance Phantom Types GADTs Type Families Validation data UG -- empty type data PG data StudentID x = SID Int We can define a smart constructor that specialises the type parameter: sid :: Int -> Either (StudentID UG) (StudentID PG) (Recalling the following definition of Either) data Either a b = Left a | Right b And then define functions: enrolInCOMP3141 :: StudentID UG -> IO () lookupTranscript :: StudentID x -> IO String 27

  28. Static Assurance Phantom Types GADTs Type Families Units of Measure In 1999, software confusing units of measure (pounds and newtons) caused a mars orbiter to burn up on atmospheric entry. data Kilometres data Miles data Value x = U Int sydneyToMelbourne = (U 877 :: Value Kilometres) losAngelesToSanFran = (U 383 :: Value Miles) 28

  29. Static Assurance Phantom Types GADTs Type Families Units of Measure In 1999, software confusing units of measure (pounds and newtons) caused a mars orbiter to burn up on atmospheric entry. data Kilometres data Miles data Value x = U Int sydneyToMelbourne = (U 877 :: Value Kilometres) losAngelesToSanFran = (U 383 :: Value Miles) In addition to tagging values, we can also enforce constraints on units: data Square a area :: Value m -> Value m -> Value (Square m) area (U x) (U y) = U (x * y) Note the arguments to area must have the same units. 29

  30. Static Assurance Phantom Types GADTs Type Families Type State Example A Socket can either be ready to recieve data, or busy. If the socket is busy, the user must first use the wait operation, which blocks until the socket is ready. If the socket is ready, the user can use the send operation to send string data, which will make the socket busy again. 30

  31. Static Assurance Phantom Types GADTs Type Families Type State Example A Socket can either be ready to recieve data, or busy. If the socket is busy, the user must first use the wait operation, which blocks until the socket is ready. If the socket is ready, the user can use the send operation to send string data, which will make the socket busy again. data Busy data Ready newtype Socket s = Socket ... wait :: Socket Busy -> IO (Socket Ready) send :: Socket Ready -> String -> IO (Socket Busy) What assumptions are we making here? 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

! TYPES & STATIC ANALYSIS TYPES ARE GOOD, I PROMISE. SAM GREENWOOD @SAMTGREENWOOD

! TYPES & STATIC ANALYSIS TYPES ARE GOOD, I PROMISE. SAM GREENWOOD @SAMTGREENWOOD

! TYPES & STATIC ANALYSIS TYPES ARE GOOD, I PROMISE. SAM GREENWOOD @SAMTGREENWOOD TECHNOLOGY MANAGER @ UNITI GROUP I LIKE TYPES. WITHOUT TYPES WITH TYPES WHAT ARE TYPES? DYNAMIC TYPES DEFINED WHEN WE USE THEM STATIC TYPES DEFINED

756 views • 40 slides
Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of captured and coded data Quality assurance of downstream processes (including data security and integrity) Quality assurance of population counts,

129 views • 12 slides
Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are

Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are

Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are the values of the static type? C. What are the operations of this type? Oberon Types Rules (Phase I Checks) Numeric types The INTEGER and REAL types

468 views • 12 slides
Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI

Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI

Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis? Examples of some techniques

732 views • 34 slides
Types Dynamic types Types are broken down into many categories Static types Duck typing

Types Dynamic types Types are broken down into many categories Static types Duck typing

Types Dynamic types Types are broken down into many categories Static types Duck typing Dynamic types Subtypes Types are broken down into many categories Classes and subclasses Static types Strong types Dependent Duck typing

1.22k views • 98 slides
static vs automatic storage classes Three types of memory allocations static storage class

static vs automatic storage classes Three types of memory allocations static storage class

static vs automatic storage classes Three types of memory allocations static storage class means variable persists through static allocation: for globals and any static the life of the program variables in functions automatic storage

569 views • 9 slides
Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Abstract Data Types Existential Types Existential Types and Abstraction Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Abstract Data Types Existential Types Motivation Throughout your studies, lecturers have (hopefully) expounded on

291 views • 14 slides
A a:INTEGER b:INTEGER B C c:INTEGER D d:INTEGER Figure 1: Class Inheritance Hierarchy 1 2

A a:INTEGER b:INTEGER B C c:INTEGER D d:INTEGER Figure 1: Class Inheritance Hierarchy 1 2

EECS3311 Software Design Fall 2018 Static Types, Expectations, Dynamic Types, and Type Casts Chen-Wei Wang Contents 1 Inheritance Hierarchy 1 2 Static Types (at Compile Time) Define Expected Usages 2 3 Dynamic Types (at Runtime) 2 4

198 views • 5 slides
CPSC 213 2.2.3, 2.3, 2.4.1-2.4.3, 2.6 static base types (e.g., int, char) Textbook

CPSC 213 2.2.3, 2.3, 2.4.1-2.4.3, 2.6 static base types (e.g., int, char) Textbook

Reading Examine Java and C Piece by Piece Companion Reading writing and arithmetic on variables CPSC 213 2.2.3, 2.3, 2.4.1-2.4.3, 2.6 static base types (e.g., int, char) Textbook static and dynamic arrays of base types

347 views • 3 slides
Induction, Data Types and Type Classes Dr. Liam OConnor University of Edinburgh LFCS (and

Induction, Data Types and Type Classes Dr. Liam OConnor University of Edinburgh LFCS (and

Induction Data Types Type Classes Functors Homework Software System Design and Implementation Induction, Data Types and Type Classes Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Induction Data Types Type

624 views • 31 slides
Induction, Data Types and Type Classes Dr. Liam OConnor University of Edinburgh LFCS (and

Induction, Data Types and Type Classes Dr. Liam OConnor University of Edinburgh LFCS (and

Induction Data Types Type Classes Functors Homework Software System Design and Implementation Induction, Data Types and Type Classes Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Induction Data Types Type

1.02k views • 68 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Communication assurance with Session Types Rumyana Neykova Communication Safety with Session

Communication assurance with Session Types Rumyana Neykova Communication Safety with Session

Communication assurance with Session Types Rumyana Neykova Communication Safety with Session Types Promises: Organising structured communications from a global point of view Efficient type-checking strategy of processes through

459 views • 31 slides
Types and Static Semantic Analysis Stephen A. Edwards Columbia University Fall 2012 Part I

Types and Static Semantic Analysis Stephen A. Edwards Columbia University Fall 2012 Part I

Types and Static Semantic Analysis Stephen A. Edwards Columbia University Fall 2012 Part I Types Data Types What is a type? A restriction on the possible interpretations of a segment of memory or other program construct. Useful for two

606 views • 47 slides
Coupling: co-adapted vs. maximal (joint work with W.S. Kendall and S. Jacka, University of

Coupling: co-adapted vs. maximal (joint work with W.S. Kendall and S. Jacka, University of

RW on Z n Introduction Types of coupling Brownian Motion Conclusion References 2 Coupling: co-adapted vs. maximal (joint work with W.S. Kendall and S. Jacka, University of Warwick) Stephen Connor stephen.connor@york.ac.uk Stephen Connor

884 views • 57 slides
Theory of Types Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Recap:

Theory of Types Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Recap:

Recap: Logic Typed Lambda Calculus Algebraic Type Isomorphism Polymorphism and Parametricity Software System Design and Implementation Theory of Types Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Recap: Logic

1.15k views • 88 slides
Quality Assurance The work who no one want's to pay About me Raphael Bircher Committer

Quality Assurance The work who no one want's to pay About me Raphael Bircher Committer

Quality Assurance The work who no one want's to pay About me Raphael Bircher Committer and PMC of AOO, IPMC Member Mentor at the Apache Incubator 10 year experience in QA (8 years at OpenOffice) New in the Open Source Business.

391 views • 5 slides
Look to Christ Colossians 2:1-5 Assurance of salvation is the internal sense that one is a

Look to Christ Colossians 2:1-5 Assurance of salvation is the internal sense that one is a

Look to Christ Colossians 2:1-5 Assurance of salvation is the internal sense that one is a Christian and will persevere as a Christian until the end of their life. Look to Christ Instead of looking outward to Christ for assurance you

409 views • 21 slides
FOUNDATIONS [Track One : Believer To Disciple] Lesson 03 : Assurance of Salvation And

FOUNDATIONS [Track One : Believer To Disciple] Lesson 03 : Assurance of Salvation And

FOUNDATIONS [Track One : Believer To Disciple] Lesson 03 : Assurance of Salvation And Forgiveness [Track One] Lesson 03 : Assurance of Salvation and Forgiveness Foundational elements of Assurance of Salvation 1. The Bible's Authority 2.

397 views • 21 slides
Automated Data Quality Assurance with Machine Learning and Autoencoders SDS2019 Bern, 14.06.2019

Automated Data Quality Assurance with Machine Learning and Autoencoders SDS2019 Bern, 14.06.2019

Automated Data Quality Assurance with Machine Learning and Autoencoders SDS2019 Bern, 14.06.2019 Martin Mller-Lennert Milica Petrovi Senior Data Scientist Senior Data Scientist martin.mueller-lennert@incubegroup.com

668 views • 32 slides
SARBANES OXLEY EDITION BECAUSE ITS NOT WORTH MILLIONS IN FINES AND 10- 20 YEARS IN JAIL THE

SARBANES OXLEY EDITION BECAUSE ITS NOT WORTH MILLIONS IN FINES AND 10- 20 YEARS IN JAIL THE

INFORMATION ASSURANCE: SARBANES OXLEY EDITION BECAUSE ITS NOT WORTH MILLIONS IN FINES AND 10- 20 YEARS IN JAIL THE PROBLEM Public companies are forced to follow SOX and many I.T. departments dont know how to build a SOX

290 views • 9 slides
What Is Software Assurance? John Rushby Based on joint work with Bev Littlewood (City University

What Is Software Assurance? John Rushby Based on joint work with Bev Littlewood (City University

What Is Software Assurance? John Rushby Based on joint work with Bev Littlewood (City University UK) Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I What Is S/W Assurance? 1 A Conundrum Critical systems

367 views • 35 slides
CCC Assured Autonomy Workshop #2 Ethics, Policy, and Societal Impact Cara LaPointe, Co-Director

CCC Assured Autonomy Workshop #2 Ethics, Policy, and Societal Impact Cara LaPointe, Co-Director

CCC Assured Autonomy Workshop #2 Ethics, Policy, and Societal Impact Cara LaPointe, Co-Director of the Johns Hopkins Institute for Assured Autonomy February 21, 2020 Autonomous Systems as Trusted Contributors to Society Predictable Safe and

287 views • 3 slides
Performance Assurance Framework for the regime

Performance Assurance Framework for the regime

Performance Assurance Framework for the regime Angela Love, ScottishPower Background The Gas Performance Assurance Group have been meeting

360 views • 9 slides

More recommend