type checking linear dependent types
play

Type-checking Linear Dependent Types Arthur Azevedo de Amorim 1 2 - PowerPoint PPT Presentation

Nov 23, 2023 •226 likes •1.07k views

Type-checking Linear Dependent Types Arthur Azevedo de Amorim 1 2 Marco Gaboardi 3 Emilio Jess Gallego Arias 1 Justin Hsu 1 1 University of Pennsylvania 2 INRIA Paris-Rocquencourt 3 University of Dundee 1 2 2 2 Anonymization Movie Ratings

  1. Type-checking Linear Dependent Types Arthur Azevedo de Amorim 1 2 Marco Gaboardi 3 Emilio Jesús Gallego Arias 1 Justin Hsu 1 1 University of Pennsylvania 2 INRIA Paris-Rocquencourt 3 University of Dundee 1

  2. 2

  3. 2

  4. 2

  5. Anonymization Movie Ratings Internet 2

  6. 2

  7. 2

  8. How to allow database queries and retain privacy guarantees? 3

  9. Differential Privacy • Rigorous bound on “privacy loss” [Dwork, 2006] • Informally: adding one’s data doesn’t change query results by much • Many available algorithms • Statistical analyses, combinatorial optimizations, machine learning, ... 4

  10. Ensuring Differential Privacy Random Noise + Differentially Private Deterministic Query Probabilistic Query 5

  11. Ensuring Differential Privacy Random Noise ∝ k k -sensitive + Differentially Private Deterministic Query Probabilistic Query 5

  12. Ensuring Differential Privacy Bound on result variation Random Noise ∝ k k -sensitive + Differentially Private Deterministic Query Probabilistic Query 5

  13. Ensuring Differential Privacy Bound on result variation Random Noise ∝ k k -sensitive + Differentially Private Deterministic Query Probabilistic Query Requires tedious proofs 5

  14. Types to the Rescue • DFuzz [Reed&Pierce10,Gaboardi13] is a type system for function sensitivity (hence, differential privacy) • Capable of expressing many differentially private algorithms • Metatheory ensures differential privacy • Type-checking algorithm: proof automation 6

  15. Challenge: Checking and Inference The DFuzz type system combines interesting features: • Linear indexed types • Dependent types • Subtyping Their interplay makes it difficult to reuse existing techniques directly 7

  16. Our Contributions • A type-checking and type-inference algorithm for a system combining linear and dependent types in the presence of subtyping • Showing how ideas from the type-checking literature for those domains can be adapted to a type system built around a special-purpose index language 8

  17. Outline • DFuzz and function sensitivity • Type checking and inference for DFuzz 9

  18. DFuzz and Function Sensitivity 10

  19. Function Sensitivity Bound output variation based on input variation f is k -sensitive: d ( f ( x ) , f ( y )) ≤ k · d ( x , y ) 11

  20. Function Sensitivity Bound output variation based on input variation f is k -sensitive: d ( f ( x ) , f ( y )) ≤ k · d ( x , y ) Distance functions 11

  21. Function Sensitivity f f ( x ) x D ≤ k · D y f ( y ) f 11

  22. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) 12

  23. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) Multivariate polynomial 12

  24. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) • list n σ : list of length n (mechanisms that depend on input size) 12

  25. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) • list n σ : list of length n (mechanisms that depend on input size) • σ ⊑ τ : sensitivity weakening (e.g. (! 1 σ ⊸ τ ) ⊑ (! 2 σ ⊸ τ ) ) 12

  26. A Basic Example Consider the standard map function function map f l { case l of { | [] => [] | x :: l’ => f x :: map f l’ } } How to bound “distance” between results of two calls? 13

  27. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) 14

  28. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) k -sensitive 14

  29. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) length n 14

  30. Analyzing Example Distance for lists d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 14

  31. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) Triangle inequality i = 1 n � ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] i = 1 14

  32. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 Max difference n � between f and g ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] i = 1 n � ≤ [ d ( f , g ) + k · d ( x i , y i )] i = 1 14

  33. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 Definition of n � ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] sensitivity i = 1 n � ≤ [ d ( f , g ) + k · d ( x i , y i )] i = 1 14

  34. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 n � ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] i = 1 n � ≤ [ d ( f , g ) + k · d ( x i , y i )] i = 1 = n · d ( f , g ) + k · d ( � x ,� y ) 14

  35. Typing Example in DFuzz map : ! n (! k σ ⊸ τ ) ⊸ ! k list n σ ⊸ list n τ 15

  36. Typing Example in DFuzz map : ! n (! k σ ⊸ τ ) ⊸ ! k list n σ ⊸ list n τ Argument sensitivities 15

  37. Some Rules Γ , x : k σ ⊢ e : τ ( ⊸ I ) Γ ⊢ λ x : k σ. e : ! k σ ⊸ τ 16

  38. Some Rules Keep track of sensitivity Γ , x : k σ ⊢ e : τ ( ⊸ I ) Γ ⊢ λ x : k σ. e : ! k σ ⊸ τ 16

  39. Some Rules Γ , x : k σ ⊢ e : τ ( ⊸ I ) Γ ⊢ λ x : k σ. e : ! k σ ⊸ τ Propagate sensitivity to type 16

  40. Some Rules Γ ⊢ e 1 :! k σ ⊸ τ ∆ ⊢ e 2 : σ ( ⊸ E ) Γ + k · ∆ ⊢ e 1 e 2 : τ Context split, combine sensitivities 16

  41. Some Rules Γ ⊢ e 1 :! k σ ⊸ τ ∆ ⊢ e 2 : σ ( ⊸ E ) Γ + k · ∆ ⊢ e 1 e 2 : τ Composition: multiply sensitivities 16

  42. Some Rules ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ 16

  43. Some Rules Assuming n = 0 ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ 16

  44. Some Rules Assuming n = i + 1 ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ 16

  45. Some Rules ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ Track sensitivity on list 16

  46. Type Checking and Inference 17

  47. Plan DFuzz Program 18

  48. Plan DFuzz Program Inference 18

  49. Plan DFuzz Program Inference σ Constraints 18

  50. Plan DFuzz Program Inference σ Constraints Polynomial inequalities from subtyping 18

  51. Plan DFuzz Program Inference σ Constraints Solver 18

  52. Plan DFuzz Program Inference σ Constraints Solver Yes 18

  53. Plan DFuzz Program Inference σ Constraints Solver ⊑ τ ? 18

  54. Plan DFuzz Program Inference σ Constraints Solver ⊑ τ ? Provided by annotation 18

  55. Plan DFuzz Program Inference σ Constraints Solver ⊑ τ ? Yes 18

  56. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively 19

  57. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively . . . e 1 . . . e 2 . . . 19

  58. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively e 1 : σ 1 e 2 : σ 2 . . . e 1 . . . e 2 . . . 19

  59. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively e 1 : σ 1 e 2 : σ 2 . . . e 1 . . . e 2 . . . : τ 19

  60. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively • Restrict subtyping to essential places (e.g. application) 19

  61. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively • Restrict subtyping to essential places (e.g. application) • Assume sensitivities on higher-order types are given 19

  62. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively • Restrict subtyping to essential places (e.g. application) • Assume sensitivities on higher-order types are given E.g ! _ (! k α ⊸ α ) ⊸ α 19

  63. Problems • Language not rich enough to express minimal sensitivities • E.g. point-wise maximum of two polynomials is not a polynomial • Solution: enrich sensitivity language with new operators 20

  64. Problems • Language not rich enough to express minimal sensitivities • E.g. point-wise maximum of two polynomials is not a polynomial • Solution: enrich sensitivity language with new operators cf. literature on subtyping 20

  65. Problems • Language not rich enough to express minimal sensitivities • E.g. point-wise maximum of two polynomials is not a polynomial • Solution: enrich sensitivity language with new operators • Type checking is undecidable • Can encode equality of integer polynomials (Hilbert’s tenth problem) • Completeness relative to a decider of sensitivity inequalities 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software University of London Chinese Academy of Sciences Linear types and dependent types Linear types (Girard 1987): A - B Dependent types

518 views • 13 slides
Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Stephanie Weirich University of Pennsylvania https://github.com/sweirich/dth @fancytypes Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs Originally, logical foundation for mathematics

840 views • 39 slides
INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types and type checking Intro Various types and their representation Equality of types Type checking 2 / 43 Outline 1. Types and type checking Intro

1.11k views • 43 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk

MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk

MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk Verkleij 1 Untyped Termination Checking In dependent type theories underlying Coq and Agda, all programs need to be total: All functions defined by

357 views • 25 slides
Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type

Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type

Typing Linear Constraints Salvatore RUGGIERI and Fred MESNARD Introduction Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type assertions A linear programming Salvatore RUGGIERI and Fred MESNARD

476 views • 26 slides
Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types

Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types

Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types for Object Ownership Ilya Sergey 14 November 2012 Types A type - is a set of data instances and operations on them true , false boolean =

1.27k views • 86 slides
Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

COMP 520 Fall 2010 Type checking (1) Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks: determine the types of all expressions; check that values and variables are used correctly; and resolve

631 views • 30 slides
Chapter 6 Data Types Introduction Type Nomenclature Primitive Types Type

Chapter 6 Data Types Introduction Type Nomenclature Primitive Types Type

Chapter 6 Data Types Introduction Type Nomenclature Primitive Types Type constructors Ordinal Types Structured Types Type Checking Type conversion CSCI325 Chapter 6 Dr Ahmed Rafea 1 Introduction Evolution

367 views • 24 slides
Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf,

Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf,

Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf, Adriaan Moors, Martin Odersky Microsoft Research July 2, 2013 1 DOT: Dependent Object Types The DOT calculus proposes a new type-theoretic foundation

275 views • 15 slides
Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex

Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex

Types Micro-Haskell: crash course MH Types & Abstract Syntax Type Checking Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex Simpson School of Informatics University of Edinburgh

574 views • 26 slides
Type checking and normalisation James Chapman - University of Nottingham My thesis Type

Type checking and normalisation James Chapman - University of Nottingham My thesis Type

Type checking and normalisation James Chapman - University of Nottingham My thesis Type checking in Haskell Epigram language - McBride/McKinna Big-step normalisation for simple types, formalised in Agda Big-step normalisation for

978 views • 36 slides
Colored intersection types: a bridge between linear logic and higher-order model-checking Charles

Colored intersection types: a bridge between linear logic and higher-order model-checking Charles

Colored intersection types: a bridge between linear logic and higher-order model-checking Charles Grellois (joint work with Paul-Andr e Melli` es) PPS & LIAFA Universit e Paris 7 TYPES conference May 18th, 2015 Charles

549 views • 35 slides
Depending on equations A proof-relevant framework for unification in dependent type theory

Depending on equations A proof-relevant framework for unification in dependent type theory

Depending on equations A proof-relevant framework for unification in dependent type theory Jesper Cockx DistriNet KU Leuven 3 September 2017 Unification for dependent types Unification is used for many purposes: logic programming, type

1.97k views • 151 slides
Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea University, Swansea, UK 14 August 2012 1/ 50 A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory Weakly Final

621 views • 50 slides
Formalising semantics of dependent type theory in dependent type theory (work in progress)

Formalising semantics of dependent type theory in dependent type theory (work in progress)

Formalising semantics of dependent type theory in dependent type theory (work in progress) Peter LeFanu Lumsdaine joint work with H akon Gylterud, Erik Palmgren DMV Hamburg, 25 September 2015 1 / 19 Modelling DTT Early models of

389 views • 19 slides
Spikes & Sines Joel A. Tropp This month: The University of Michigan (Math)

Spikes & Sines Joel A. Tropp This month: The University of Michigan (Math)

Spikes & Sines Joel A. Tropp This month: The University of Michigan (Math) jtropp@umich.edu Next month: California Institute of Technology (ACM) jtropp@acm.caltech.edu Research supported in part by NSF and DARPA 1 Spikes &

371 views • 23 slides
Linear Algebra Review Fei-Fei Li 1 / 37 Vectors Vectors and matrices are just collections of

Linear Algebra Review Fei-Fei Li 1 / 37 Vectors Vectors and matrices are just collections of

Linear Algebra Review Fei-Fei Li 1 / 37 Vectors Vectors and matrices are just collections of ordered numbers that represent something: movements in space, scaling factors, pixel brightnesses, etc. A vector is a quantity that involves both

525 views • 37 slides
Linear independence of zeros of Dirichlet L -functions Greg Martin University of British Columbia

Linear independence of zeros of Dirichlet L -functions Greg Martin University of British Columbia

Linear independence conjectures Vertical arithmetic progressions Other work in progress Linear independence of zeros of Dirichlet L -functions Greg Martin University of British Columbia joint work with Nathan Ng University of Lethbridge 3rd

923 views • 81 slides
COL863: Quantum Computation and Information Ragesh Jaiswal, CSE, IIT Delhi Ragesh Jaiswal, CSE,

COL863: Quantum Computation and Information Ragesh Jaiswal, CSE, IIT Delhi Ragesh Jaiswal, CSE,

COL863: Quantum Computation and Information Ragesh Jaiswal, CSE, IIT Delhi Ragesh Jaiswal, CSE, IIT Delhi COL863: Quantum Computation and Information Quantum Mechanics: Linear Algebra Ragesh Jaiswal, CSE, IIT Delhi COL863: Quantum Computation

246 views • 22 slides
Improved Computation-Communication Trade-Off for Coded Distributed Computing using Linear

Improved Computation-Communication Trade-Off for Coded Distributed Computing using Linear

Improved Computation-Communication Trade-Off for Coded Distributed Computing using Linear Dependence of Intermediate Values Improved Computation-Communication Trade-Off for Coded Distributed Computing using Linear Dependence of Intermediate Values

403 views • 26 slides
Tropical Rank and Beyond Alexander E. Guterman Moscow State University Based on joint works with

Tropical Rank and Beyond Alexander E. Guterman Moscow State University Based on joint works with

Tropical Rank and Beyond Alexander E. Guterman Moscow State University Based on joint works with Marianne Akian, LeRoy B. Beasley, Stephane Gaubert, Yaroslav Shitov Definition. A semiring S consists of a set S and two binary operations,

1.36k views • 115 slides
Humanoid Robotics Compact Course on Linear Algebra Maren Bennewitz Vectors Arrays of

Humanoid Robotics Compact Course on Linear Algebra Maren Bennewitz Vectors Arrays of

Humanoid Robotics Compact Course on Linear Algebra Maren Bennewitz Vectors Arrays of numbers Vectors represent a point in a n dimensional space Vectors: Scalar Product Scalar-vector product Changes the length of the

520 views • 21 slides
A Modular, Efficient Formalisation of Real Algebraic Numbers Wenda Li in joint work with Larry

A Modular, Efficient Formalisation of Real Algebraic Numbers Wenda Li in joint work with Larry

A Modular, Efficient Formalisation of Real Algebraic Numbers Wenda Li in joint work with Larry Paulson University of Cambridge wl302@cam.ac.uk January 17, 2016 1 / 20 What is real algebraic number Real algebraic numbers ( R alg ) are real

509 views • 20 slides

More recommend