type driven development of certified tree
play

Type-Driven Development of Certified Tree of Certified Tree - PowerPoint PPT Presentation

May 06, 2023 •228 likes •812 views

Type-Driven Development Type-Driven Development of Certified Tree of Certified Tree Algorithms Algorithms An Experience Report on Dependently-Typed Programming Introduction in Coq Initial take Why dependent types? Reynald Affeldt 1

  1. Type-Driven Development Type-Driven Development of Certified Tree of Certified Tree Algorithms Algorithms An Experience Report on Dependently-Typed Programming Introduction in Coq Initial take Why dependent types? Reynald Affeldt 1 Jacques Garrigue 2,4 Producing better code Xuanrui Qi 2,3 Kazunari Tanaka 2 Conclusion 1 National Institute of Advanced Industrial Science and Technology, Japan 2 Graduate School of Mathematics, Nagoya University, Japan 3 Department of Computer Science, Tufts University, USA 4 Inria Paris, France September 8, 2019 The Coq Workshop 2019, Portland, Oregon 1 / 22

  2. Type-Driven Development Our story of Certified Tree Algorithms Introduction Initial take Dependently-typed Programming in Coq: Why and How? Why dependent types? The “Why” Why did we use dependent types in Coq? Under Producing better code what occasions are they useful? Conclusion The “How” What is the best approach towards dependently-typed programming in Coq? How did we approach it? 2 / 22

  3. Type-Driven Development Our story of Certified Tree Algorithms Introduction Initial take Dependently-typed Programming in Coq: Why and How? Why dependent types? The “Why” Why did we use dependent types in Coq? Under Producing better code what occasions are they useful? Conclusion The “How” What is the best approach towards dependently-typed programming in Coq? How did we approach it? 2 / 22

  4. Type-Driven Development Our story of Certified Tree Algorithms Introduction Initial take Dependently-typed Programming in Coq: Why and How? Why dependent types? The “Why” Why did we use dependent types in Coq? Under Producing better code what occasions are they useful? Conclusion The “How” What is the best approach towards dependently-typed programming in Coq? How did we approach it? 2 / 22

  5. Type-Driven Development Quick recap: what were we of Certified Tree Algorithms working on? Bit vectors with efficient insert & delete: Introduction Initial take delete 2 nd bit Why dependent types? Producing better code Conclusion 100 10101 1111 101 1111 • Represented using a red-black tree • Insertion and deletion might involve inserting/deleting nodes 3 / 22

  6. Type-Driven Development The motivation of Certified Tree Algorithms Introduction Initial take Deletion from red-black trees is too hard. Why dependent types? • long standing problem with a few proposed solutions Producing better code [Kahrs 2001; Germane & Might 2014], but none of them Conclusion totally satisfactory for us; • complex invariant hard to describe precisely • difficult to transcribe to our non-standard tree structure (bit-borrowing, leaf merging, etc.) 4 / 22

  7. Type-Driven Development Take 1 of Certified Tree Algorithms Introduction We tried transcribing Kahrs’ Haskell code directly to Coq Initial take without trying to fully understand it. But you guessed... Why dependent types? Producing better code Conclusion 5 / 22

  8. Type-Driven Development Take 1 of Certified Tree Algorithms Introduction We tried transcribing Kahrs’ Haskell code directly to Coq Initial take without trying to fully understand it. But you guessed... Why dependent types? Producing better code Conclusion 5 / 22

  9. Type-Driven Development Using dependent types of Certified Tree Algorithms Introduction Initial take Problem: Why • not sure about how to do case analysis; dependent types? • not sure about the exact invariants; Producing better code • not sure about the auxiliary structures required. Conclusion Idea : use dependently-typed programming to guide programming process. 6 / 22

  10. Type-Driven Development Auxiliary structures? of Certified Tree Algorithms The intermediate data structures required for re-balancing the Introduction tree: Initial take Inductive near_tree : nat -> nat -> nat -> Why dependent color -> Type := types? | Bad : forall {s1 o1 s2 o2 s3 o3 d}, Producing better code tree s1 o1 d Black -> Conclusion tree s2 o2 d Black -> tree s3 o3 d Black -> near_tree (s1 + s2 + s3) (o1 + o2 + o3) d Red | Good: forall {s o d c} p, tree s o d c -> near_tree s o d p. Re-balancing requires temporarily breaking the red-black tree invariants, hence the need for auxiliary structures. 7 / 22

  11. Type-Driven Development Auxiliary structures? of Certified Tree Algorithms The intermediate data structures required for re-balancing the Introduction tree: Initial take Inductive near_tree : nat -> nat -> nat -> Why dependent color -> Type := types? | Bad : forall {s1 o1 s2 o2 s3 o3 d}, Producing better code tree s1 o1 d Black -> Conclusion tree s2 o2 d Black -> tree s3 o3 d Black -> near_tree (s1 + s2 + s3) (o1 + o2 + o3) d Red | Good: forall {s o d c} p, tree s o d c -> near_tree s o d p. Re-balancing requires temporarily breaking the red-black tree invariants, hence the need for auxiliary structures. 7 / 22

  12. Type-Driven Development Take 2: Ltac of Certified Tree Algorithms Introduction Initial take Why • use tactics to develop the program dependent types? • we ascribe strict types to each function, allowing to be Producing better code completely sure that our code is correct Conclusion • as a side effect, we got a very clean specification • no “external” lemmas which can be easy to forget • all desired invariants were encoded into the types 8 / 22

  13. Type-Driven Development Take 2: Ltac of Certified Tree Algorithms Introduction Initial take Why • use tactics to develop the program dependent types? • we ascribe strict types to each function, allowing to be Producing better code completely sure that our code is correct Conclusion • as a side effect, we got a very clean specification • no “external” lemmas which can be easy to forget • all desired invariants were encoded into the types 8 / 22

  14. Type-Driven Development Programming Coq with tactics of Certified Tree Algorithms Introduction Initial take Why dependent The Pros types? • “No brainer”: no need to fully understand the algorithm Producing better code [Chlipala 2013] Conclusion • Easy to refactor: when underlying data structures change • Quick fixes & adapting to changes 9 / 22

  15. Type-Driven Development Programming Coq with tactics of Certified Tree Algorithms Introduction Initial take Why dependent types? The Cons Producing • You don’t know what you’re actually doing better code • Readability: other people don’t know what you’re doing Conclusion • Semantics of Ltac changes frequently 10 / 22

  16. Type-Driven Development Type-driven development? of Certified Tree Algorithms Introduction “Type-driven” in what sense? Initial take Why dependent Regular development: design the algorithm, and then write types? types to check that you’re correct. Producing better code Conclusion Type-driven development : write types to declare what you want, and then code until it type checks It type checks, ship it! 11 / 22

  17. Type-Driven Development Type-driven development? of Certified Tree Algorithms Introduction “Type-driven” in what sense? Initial take Why dependent Regular development: design the algorithm, and then write types? types to check that you’re correct. Producing better code Conclusion Type-driven development : write types to declare what you want, and then code until it type checks It type checks, ship it! 11 / 22

  18. Type-Driven Development Type-driven development? of Certified Tree Algorithms Introduction “Type-driven” in what sense? Initial take Why dependent Regular development: design the algorithm, and then write types? types to check that you’re correct. Producing better code Conclusion Type-driven development : write types to declare what you want, and then code until it type checks It type checks, ship it! 11 / 22

  19. Type-Driven Development Type-driven development? of Certified Tree Algorithms Introduction “Type-driven” in what sense? Initial take Why dependent Regular development: design the algorithm, and then write types? types to check that you’re correct. Producing better code Conclusion Type-driven development : write types to declare what you want, and then code until it type checks It type checks, ship it! 11 / 22

  20. Type-Driven Development Applying the TDD methodology of Certified Tree Algorithms Introduction At first, we had no clue about what the delete algorithm should Initial take look like! Why dependent types? We began with a complete specification: Producing better code Definition ddelete Conclusion (d: nat) (c: color) (num ones : nat) (i : nat) (B : tree w num ones (incr_black d c) c) : { B' : tree (num - (i < num)) (ones - (daccess B i)) d c | dflatten B' = delete (dflatten B) i }. 12 / 22

  21. Type-Driven Development Applying the TDD methodology of Certified Tree Algorithms Introduction At first, we had no clue about what the delete algorithm should Initial take look like! Why dependent types? We began with a complete specification: Producing better code Definition ddelete Conclusion (d: nat) (c: color) (num ones : nat) (i : nat) (B : tree w num ones (incr_black d c) c) : { B' : tree (num - (i < num)) (ones - (daccess B i)) d c | dflatten B' = delete (dflatten B) i }. 12 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Trees 5 May 2016 OSU CSE 1 A New Math Type: tree A ubiquitous concept in computing is that

Trees 5 May 2016 OSU CSE 1 A New Math Type: tree A ubiquitous concept in computing is that

Trees 5 May 2016 OSU CSE 1 A New Math Type: tree A ubiquitous concept in computing is that of a tree Often we are interested in a binary tree , a special case of a tree in which each node has at most two children An informal

377 views • 24 slides
The Scenario Client: The Christmas Empire Development: The Christmas Tree doka

The Scenario Client: The Christmas Empire Development: The Christmas Tree doka

10/27/2009 The Scenario Client: The Christmas Empire Development: The Christmas Tree doka Building is in the shape of a cone Vital statistics Type of development: Shopping mall and office Number of storey: 30 y

488 views • 20 slides
Services Using E-Tree Service Type Ethernet Private Tree (EP-Tree) and Ethernet Virtual Private

Services Using E-Tree Service Type Ethernet Private Tree (EP-Tree) and Ethernet Virtual Private

E-TREE Requirements and Solution space Jim Uttaro (uttaro@att.com) Nick Delregno (nick.delregno@verizon.com) Florin Balus (florin.balus@alcatel-lucent.com) Services Using E-Tree Service Type Ethernet Private Tree (EP-Tree) and Ethernet

386 views • 12 slides
PLTree A tree programming language Overview Philosophy: Everything is a tree All data structures

PLTree A tree programming language Overview Philosophy: Everything is a tree All data structures

PLTree A tree programming language Overview Philosophy: Everything is a tree All data structures are built on the tree A primitive type is a tree with a single node at the root and no leaves A string is a tree of characters A function is a

370 views • 13 slides
Intermediate Code Lecture 7 IR Types structure Tree : TREE = struct type label = Temp.label

Intermediate Code Lecture 7 IR Types structure Tree : TREE = struct type label = Temp.label

Intermediate Code Lecture 7 IR Types structure Tree : TREE = struct type label = Temp.label type size = int datatype exp = BINOP of binop * exp * exp | ESEQ of stm * exp | NAME of label | CONST of int | CALL of exp * exp list | FETCH

750 views • 25 slides
Software Engineering I cs361 Test Driven Development What is Test Driven Development (TDD)

Software Engineering I cs361 Test Driven Development What is Test Driven Development (TDD)

Software Engineering I cs361 Test Driven Development What is Test Driven Development (TDD) Test-driven development ( TDD ) is a software development process based on three simple rules TDD Rules (From Uncle Bob Martin) 1. You are not allowed

386 views • 19 slides
Transit-Driven Complete Streets Transit-Driven Complete Streets Questions: Type questions

Transit-Driven Complete Streets Transit-Driven Complete Streets Questions: Type questions

Transit-Driven Complete Streets Transit-Driven Complete Streets Questions: Type questions into the box at bottom of webinar panel. Transit-Driven Complete Streets Panelists for todays webinar: Nimotalai Azeez , Program Associate

1.05k views • 83 slides
Amendment Item Type: Update Eleanor Ku Codding Land Development Services January 29, 2019

Amendment Item Type: Update Eleanor Ku Codding Land Development Services January 29, 2019

Tree Preservation Ordinance Amendment Item Type: Update Eleanor Ku Codding Land Development Services January 29, 2019 Background In 2018, Land Development Services received complaints related to removal of trees prior to approval of a

231 views • 5 slides
Monte Carlo Tree Search 2-15-16 Reading Quiz What is the relationship between Monte Carlo tree

Monte Carlo Tree Search 2-15-16 Reading Quiz What is the relationship between Monte Carlo tree

Monte Carlo Tree Search 2-15-16 Reading Quiz What is the relationship between Monte Carlo tree search and upper confidence bound applied to trees? a) MCTS is a type of UCB b) UCB is a type of MCTS c) both (they are the same algorithm) d)

330 views • 17 slides
Software Engineering and Architecture Test-Driven Development What is it? Test-Driven

Software Engineering and Architecture Test-Driven Development What is it? Test-Driven

Software Engineering and Architecture Test-Driven Development What is it? Test-Driven Development It is a systematic programming technique Focus on Continued Speed Reliability It is not a testing technique, despite the

695 views • 24 slides
Agile SW Development plus Scrum in - depth Slide 1 Plan-driven and agile development

Agile SW Development plus Scrum in - depth Slide 1 Plan-driven and agile development

Software Engineering I Chapter 3 Agile SW Development plus Scrum in - depth Slide 1 Plan-driven and agile development Plan-driven development A plan-driven approach to software engineering is based around separate development stages

797 views • 78 slides
1 2 3+4 2 type Parser = String Tree type Parser = String ( Tree, String) type Parser =

1 2 3+4 2 type Parser = String Tree type Parser = String ( Tree, String) type Parser =

1 2 3+4 2 type Parser = String Tree type Parser = String ( Tree, String) type Parser = String [ (Tree,String) ] 3 type Parser res = String [(res,String)] type TokenParser symb res = [symb] [(res,[symb])] 4 5 6 7

649 views • 36 slides
Part A: Schaeffer type bijections A.I Reminders about trees and maps Trees Def. A tree is a

Part A: Schaeffer type bijections A.I Reminders about trees and maps Trees Def. A tree is a

Bijections for Planar Maps: Beautiful and Powerful Part A: Schaeffer type bijections A.I Reminders about trees and maps Trees Def. A tree is a connected acyclic graph. Trees Def. A tree is a connected acyclic graph. Def. A rooted tree is a

1.26k views • 115 slides
CERTIFIED BUSINESS ENTERPRISE PROGRAM Department of Small and Local Business Development CBE

CERTIFIED BUSINESS ENTERPRISE PROGRAM Department of Small and Local Business Development CBE

CERTIFIED BUSINESS ENTERPRISE PROGRAM Department of Small and Local Business Development CBE Program at a Glance PERCENT OF CERTIFIED BUSINESS ENTERPRISES BY WARD* The Business Certification Division evaluates businesses headquartered in

327 views • 8 slides
Non Type Certified Aircraft (NTCA) in South Africa Thabo Fisha SACAA Acting General Manager

Non Type Certified Aircraft (NTCA) in South Africa Thabo Fisha SACAA Acting General Manager

Industry meeting 31 March 2015 The utilization of Non Type Certified Aircraft (NTCA) in South Africa Thabo Fisha SACAA Acting General Manager ASO WELCOME SACAA would like to take this opportunity to welcome everybody present. Todays

504 views • 29 slides
Behaviour-Driven Development Writing software that matters Aslak Hellesy - Chief Scientist -

Behaviour-Driven Development Writing software that matters Aslak Hellesy - Chief Scientist -

Behaviour-Driven Development Writing software that matters Aslak Hellesy - Chief Scientist - BEKK Stakeholders Programmers Dual audience 2 Origin and inspiration JBehave Test Driven FIT Dan North Development Ward Chris Matts Kent

492 views • 27 slides
CSE 331 Unit Testing with JUnit slides created by Marty Stepp based on materials by M. Ernst, S.

CSE 331 Unit Testing with JUnit slides created by Marty Stepp based on materials by M. Ernst, S.

CSE 331 Unit Testing with JUnit slides created by Marty Stepp based on materials by M. Ernst, S. Reges, D. Notkin, R. Mercer, Wikipedia http://www.cs.washington.edu/331/ 1 Bugs and testing software reliability : Probability that a software

601 views • 34 slides
Agile Methods About Last Lecture Clarification on process selection: People (so developer)

Agile Methods About Last Lecture Clarification on process selection: People (so developer)

CPSC 310 Software Engineering Lecture 3 Agile Methods About Last Lecture Clarification on process selection: People (so developer) are reluctant to change. Introducing a new process into a company is expensive and time consuming.

458 views • 16 slides
How I Learned to Stop Worrying &amp; Love the Bug Project Management Clarification Your

How I Learned to Stop Worrying &amp; Love the Bug Project Management Clarification Your

Picture Courtesy of: Dr. Sarah Ford How I Learned to Stop Worrying &amp; Love the Bug Project Management Clarification Your project manager is in charge of your project They are your manager You write the user stories for your project

868 views • 62 slides
Software Craftsmanship for New Developers Tech Foundations Louisville January 22, 2019 Who is

Software Craftsmanship for New Developers Tech Foundations Louisville January 22, 2019 Who is

Software Craftsmanship for New Developers Tech Foundations Louisville January 22, 2019 Who is Chad Green? Data &amp; Solutions Architect at ProgressiveHealth Community Involvement Code PaLOUsa Conference Chair Louisville .NET Meetup

796 views • 75 slides
Unit Testing with cfcUnit #SA3D, Process &amp; Tools John Mason Slides &amp; Code

Unit Testing with cfcUnit #SA3D, Process &amp; Tools John Mason Slides &amp; Code

Unit Testing with cfcUnit #SA3D, Process &amp; Tools John Mason Slides &amp; Code labs.fusionlink.com Blog - www.codfusion.com Unit Testing with cfcUnit Why do Testing? A bad release of code or software will stick in people's

442 views • 22 slides
who s watching the watch dogs? kowsik@mudynamics.com http://labs.mudynamics.com agenda

who s watching the watch dogs? kowsik@mudynamics.com http://labs.mudynamics.com agenda

who s watching the watch dogs? kowsik@mudynamics.com http://labs.mudynamics.com agenda rant on the state of affairs winds of change test driven development new perspectives summary the early days close this port

552 views • 38 slides
Introduction to eXtreme Programming (XP) Rochester Institute of Technology Software Engineering

Introduction to eXtreme Programming (XP) Rochester Institute of Technology Software Engineering

Introduction to eXtreme Programming (XP) Rochester Institute of Technology Software Engineering Department Extreme Programming (XP) Kent Beck C3 Project Chrysler Comprehensive Compensation system. XP Values:

753 views • 25 slides
Introduction to Agile Dr. Vadim Zaytsev aka @grammarware 2015 Manifesto * Manifesto for Agile

Introduction to Agile Dr. Vadim Zaytsev aka @grammarware 2015 Manifesto * Manifesto for Agile

Introduction to Agile Dr. Vadim Zaytsev aka @grammarware 2015 Manifesto * Manifesto for Agile Software Development, 2001 * http://agilemanifesto.org Individuals &amp; interactions over processes &amp; tools (1) Agile Individuals

667 views • 38 slides

More recommend