Unfailing Haskell: Stopping Pattern Match Errors Neil Mitchell and - PowerPoint PPT Presentation

Unfailing Haskell: Stopping Pattern Match Errors Neil Mitchell and Colin Runciman University of York, UK http://www.cs.york.ac.uk/~ ndm/

Is this safe? r i ser s : : O r d a => [ a] - > [ [ a] ] r i ser s [ ] = [ ] r i ser s [ x] = [ [ x] ] r i ser s ( x: y: et c) = i f x <= y t hen ( x: s) : ss el se [ x] : ( s: ss) wher e ( s: ss) = r i ser s ( y: et c) > r i ser s [ 1, 2, 3, 1, 2] [ [ 1, 2, 3] , [ 1, 2] ]

Answer: Yes Reasoning: ( s: ss) = r i ser s ( y: et c) ∴ r i ser s ( _: _) = ( _: _) By case analysis: r i ser s [ x] = [ [ x] ] r i ser s ( x: y: et c) = ( x: s) : ss or [ x] ( s: ss)

Is this safe? t r anspose : : [ [ a] ] - > [ [ a] ] t r anspose x@ ( ( _: _) : _) = m ap head x : t r anspose ( m ap t ai l x) t r anspose x = [ ] > t r anspose [ “ 123” , ” 456” , ” 789” ] [ “ 147” , ” 258” , ” 369” ]

Answer: No Try: t r anspose [ “ 123” , ” 45” ] Pr ogr am er r or : pat t er n m at ch f ai l ur e: head [ ]

The checker � Takes reduced Haskell � Generates a proof that a program will not crash with a case error � Uses static analysis � It is conservative

Reduced Haskell dat a Li st = Cons Cons 1 Cons 2 | Ni l head @ 1 = case @ 1 of Cons - > @ 1. Cons 1 m ap @ 1 @ 2 = case @ 2 of Ni l - > Ni l Cons - > Cons ( @ 1 @ 2. Cons 1 ) ( m ap @ 1 @ 2. Cons 2 ) r ever se @ 1 = r ev @ 1 Ni l r ev @ 1 @ 2 = case @ 1 of Ni l - > @ 2 Cons - > r ev @ 1. Cons 2 ( Cons @ 1. Cons 1 @ 2)

An overview Haskell Program Reduced Haskell Find non-exhaustive patterns Find callers Perform backward analysis Perform fixed pointing Report result

Constraints, intro by example head ( x: xs) = x head@ 1{ : } f r om Just ( Just x) = x f r om Just @ 1{ Just } f ol dr 1 f [ x] = x f ol dr 1 f ( x: xs) = f x ( f ol dr 1 f xs) f ol dr 1@ 2{ : }

Constraints with paths m apHead [ ] = [ ] m apHead ( x: xs) = head x : m apHead xs m apHead@ 1. * t ai l . head{ : } m apHead@ 1. head{ : } ^ m apHead@ 1. t ai l . head{ : } ^ m apHead@ 1. t ai l . t ai l . head{ : } ^ …

Finding a fixed point � In m apHead 1 ≠ @ � @ 1. t ai l � Condition, ignoring recursive call � m apHead@ 1. head{ : } � Rule n ≠ @ n. pat h fl � @ @ n ¶ = @ n. * pat h � m apHead@ 1. * t ai l . head{ : }

Infinite constraints r evHead x = m apHead ( r ever se x) 1. * t ai l { : } ∨ r evHead@ r evHead@ 1. * t ai l { : } r evHead@ 1. * t ai l . head{ : } r evHead@ 1{ : } ^ r evHead@ 1. t ai l { : } ^ r evHead@ 1. t ai l . t ai l { : } ^ … r evHead@ 1 is infinite

Backward Analysis � head@ 1{ : } , applies to head � f @ 1 = head ( i ni t @ 1) � ( i ni t f @ 1) { : } , applies to…? � Backward analysis Const r ai nt Expr - > Const r ai nt Ar g � f @ 1. t ai l { : }

Higher Order Functions � They complicate analysis � Can be removed in some cases � m ap, f ol dr , f ol dl , f i l t er . . . t est n x = m ap ( f n) x m apf n [ ] = [ ] m apf n ( x: xs) = f n x : m apf n xs

Laziness � A function may be safe lazily, but not strictly saf eTai l X = cond ( nul l x) [ ] ( t ai l x) cond c t f = i f c t hen t el se f � Can inline saf eTai l x = i f nul l x t hen [ ] el se t ai l x

Real Programs � Has been tested on real programs � Clausify – propositional simplifier � Adjoxo – adjudicate XOX games � Soda – word search solver � Minor modifications were needed for success � Apart from Clausify

Conclusions � Manages to prove a function safe wrt pattern match errors, even if incomplete patterns � Algorithm identified and implemented � Good initial results � Future Work � Improve results � Better support for full Haskell

The Rules