well typed programs can t be blamed
play

Well-typed programs cant be blamed Philip Wadler University of - PowerPoint PPT Presentation

Sep 10, 2023 •138 likes •565 views

Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler University of Chicago A repeated theme Thatte (1988): Partial types Henglein (1994): Dynamic typing Findler and Felleisen (2002): Contracts

  1. Well-typed programs can’t be blamed Philip Wadler University of Edinburgh Robert Bruce Findler University of Chicago

  6. A repeated theme Thatte (1988): Partial types Henglein (1994): Dynamic typing Findler and Felleisen (2002): Contracts Flanagan (2006): Hybrid types Siek and Taha (2006): Gradual types

  7. A repeated theme Javacript 4.0 Perl 6.0 C# 4.0 Visual Basic 9.0

  8. Evolving a program

  9. An untyped program ⌈ let x = 2 f = λy. y + 1 h = λg. g ( g x ) in h f ⌉ − → ⌈ 4 ⌉

  10. A typed program let x = 2 f = λy : Int . y + 1 h = λg : Int → Int . g ( g x ) in h f − → 4 : Int

  11. A partly typed program—narrowing let x = 2 f = � Int → Int ⇐ Dyn � p ⌈ λy. y + 1 ⌉ h = λg : Int → Int . g ( g x ) in h f − → 4 : Int

  12. A partly typed program—narrowing let x = 2 f = � Int → Int ⇐ Dyn � p ⌈ λy. ’b’ ⌉ h = λg : Int → Int . g ( g x ) in h f − → blame p Positive (covariant): blame the term contained in the cast

  13. Another partly typed program—widening let x = ⌈ 2 ⌉ f = � Dyn ⇐ Int → Int � p ( λy : Int . y + 1 ) h = ⌈ λg. g ( g x ) ⌉ in ⌈ h f ⌉ − → ⌈ 4 ⌉

  14. Another partly typed program—widening let x = ⌈ ’a’ ⌉ f = � Dyn ⇐ Int → Int � p ( λy : Int . y + 1 ) h = ⌈ λg. g ( g x ) ⌉ in ⌈ h f ⌉ − → blame ¯ p Negative (contravariant): blame the context containg the cast

  15. Untyped and supertyped

  16. Untyped = Uni-typed ⌈ x ⌉ = x ⌈ n ⌉ = � Dyn ⇐ Int � n ⌈ λx. N ⌉ = � Dyn ⇐ Dyn → Dyn � ( λx : Dyn . ⌈ N ⌉ ) ⌈ L M ⌉ = ( � Dyn → Dyn ⇐ Dyn � ⌈ L ⌉ ) ⌈ M ⌉ (slogan due to Bob Harper)

  17. Contracts Nat = { x : Int | x ≥ 0 } let x = � Nat ⇐ Int � 2 f = � Nat → Nat ⇐ Int → Int � ( λy : Int . y + 1 ) h = λg : Nat → Nat . g ( g x ) in h f − → 4 Nat : Nat

  18. The Blame Game

  19. Blame � Int ⇐ Dyn � p ⌈ 2 ⌉ − → 2 � Int ⇐ Dyn � p ⌈ ’a’ ⌉ − → blame p

  20. The Blame Game—widening ( � Dyn → Dyn ⇐ Int → Int � p ( λy : Int . y + 1 )) ⌈ 2 ⌉ − → � Dyn ⇐ Int � p (( λy : Int . y + 1 ) ( � Int ⇐ Dyn � ¯ p ⌈ 2 ⌉ )) − → ⌈ 3 ⌉

  21. The Blame Game—widening ( � Dyn → Dyn ⇐ Int → Int � p ( λy : Int . y + 1 )) ⌈ ’a’ ⌉ − → � Dyn ⇐ Int � p (( λy : Int . y + 1 ) ( � Int ⇐ Dyn � ¯ p ⌈ ’a’ ⌉ )) − → blame ¯ p Widening can give rise to negative blame, but never positive blame

  22. The Blame Game—narrowing ( � Int → Int ⇐ Dyn → Dyn � p ( λy : Dyn . ⌈ y + 1 ⌉ )) 2 − → � Int ⇐ Dyn � p (( λy : Dyn . ⌈ y + 1 ⌉ ) ( � Dyn ⇐ Int � ¯ p 2 )) − → 3

  23. The Blame Game—narrowing ( � Int → Int ⇐ Dyn → Dyn � p ( λy : Dyn . ⌈ ’b’ ⌉ )) 2 − → � Int ⇐ Dyn � p (( λy : Dyn . ⌈ ’b’ ⌉ ) ( � Dyn ⇐ Int � ¯ p 2 )) − → blame p Narrowing can give rise to positive blame, but never negative blame

  24. And now a word from our sponsor

  28. Subtyping < : + < : − < : < : n

  29. Subtype Dyn < : Dyn Int < : Dyn S ′ < : S T < : T ′ S → T < : S ′ → T ′ Example: Dyn → Int < : Int → Dyn

  30. Positive subtype—widening S < : + Dyn S ′ < : − S T < : + T ′ S → T < : + S ′ → T ′ Example: Int → Int < : + Dyn → Dyn

  31. Negative subtype—narrowing Dyn < : − T Int < : − Dyn S ′ < : + S T < : − T ′ S → T < : − S ′ → T ′ Example: Dyn → Dyn < : − Int → Int

  32. Naive subtype S < : n Dyn S < : n S ′ T < : n T ′ S → T < : n S ′ → T ′ Example: Int → Int < : n Dyn → Dyn

  33. The Blame Theorem

  34. Safety t safe for p s safe for p t safe for p λx. t safe for p s t safe for p x safe for p S < : + T s safe for p � T ⇐ S � p s safe for p S < : − T s safe for p p s safe for p � T ⇐ S � ¯ p � = q p � = q ¯ s safe for p � T ⇐ S � q s safe for p

  35. � The Blame Theorem Preservation If s safe for p and s − → t then t safe for p . Progress − → blame p . If s safe for p then s

  37. � � The First Tangram Theorem S < : T if and only if S < : + T and S < : − T The First Blame Corollary Let t be a term where � T ⇐ S � p s is the only subterm with label p . If S < : T then t − → blame p and t − → blame ¯ p .

  38. � � The Second Tangram Theorem S < : n T if and only if S < : + T and T < : − S The Second Blame Corollary Let t be a term where � T ⇐ S � p s is the only subterm with label p . If S < : n T then t − → blame p . Let t be a term where � T ⇐ S � p s is the only subterm with label p . If T < : n S then t − → blame ¯ p .

  39. Conclusion

  40. A new slogan for type safety Milner (1978): Well-typed programs can’t go wrong. Harper; Felleisen and Wright (1994): Well-typed programs don’t get stuck. Wadler and Findler (2008): Well-typed programs can’t be blamed.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Well-typed programs cant be blamed Philip Wadler University of Edinburgh NII Shonan Meeting

Well-typed programs cant be blamed Philip Wadler University of Edinburgh NII Shonan Meeting

Well-typed programs cant be blamed Philip Wadler University of Edinburgh NII Shonan Meeting 2630 May 2014 Publications Wadler and Findler Well-typed programs cant be blamed ESOP 2009 Siek and Wadler Threesomes, with and

811 views • 78 slides
Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler

Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler

Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler University of Chicago The mathematics of programming languages is deep and elegant examples other than Curry-Howard? terms other than

731 views • 38 slides
Well-typed programs cant be blamed (ESOP 2009) Robert Bruce Findler Northwestern University

Well-typed programs cant be blamed (ESOP 2009) Robert Bruce Findler Northwestern University

Well-typed programs cant be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh Aussois, 1418 October 2013 Part I Evolving a program An untyped program let x = 2 f = y. y + 1 h =

537 views • 35 slides
Multithreaded Algorithms Architecture Evolution Weve come a long way since we blamed Von

Multithreaded Algorithms Architecture Evolution Weve come a long way since we blamed Von

Multithreaded Algorithms Architecture Evolution Weve come a long way since we blamed Von Neumann for putting that bottleneck in our computers Memory contains data and programs Computer fetches the instructions sequentially from memory and

500 views • 17 slides
Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd

Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd

Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd Fischer n.grech@ecs.soton.ac.uk Dynamically-typed languages Principal type of a variable is mutated through assignments: def plus2(a): if

1.47k views • 109 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
Typed Scheme From Scripts to Programs Sam Tobin-Hochstadt Northeastern University 1 The PL

Typed Scheme From Scripts to Programs Sam Tobin-Hochstadt Northeastern University 1 The PL

Typed Scheme From Scripts to Programs Sam Tobin-Hochstadt Northeastern University 1 The PL Renaissance 2 The PL Renaissance 3 The PL Renaissance 4 Whats good These languages are interactive designed for rapid development supported

1.75k views • 133 slides
Declining Royalties The fall is being blamed on low oil prices, which are netting the

Declining Royalties The fall is being blamed on low oil prices, which are netting the

Declining Royalties The fall is being blamed on low oil prices, which are netting the government less money in pro rata terms as well as discouraging oil exploration in the first place Radio NZ, 20/10/2016

143 views • 11 slides
LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami Boutros Background Label Distribution Protocol (LDP) [RFC5036] defines the general notion of a &quot;Typed Wildcard Forwarding Equivalence Class

308 views • 6 slides
Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Security-Typed Programming Access control: who gets access to what? read a file play a song make an

860 views • 62 slides
CMSC 430 Introduction to Compilers Spring 2016 Type Systems What is a Type System? A type

CMSC 430 Introduction to Compilers Spring 2016 Type Systems What is a Type System? A type

CMSC 430 Introduction to Compilers Spring 2016 Type Systems What is a Type System? A type system is some mechanism for distinguishing good programs from bad Good programs = well typed Bad programs = ill-typed or not typable

765 views • 57 slides
Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469 Security-Typed Programming Access control: who gets access

1.06k views • 79 slides
FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary &amp; Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary &amp; Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary &amp; Neal Glew TOPLAS 1999 Presentation by: Drew Zagieboylo/Matthew Milano TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED

654 views • 32 slides
Moral evil is a result of human action, whereas natural evil can only be blamed on God, if He

Moral evil is a result of human action, whereas natural evil can only be blamed on God, if He

Moral evil is a result of human action, whereas natural evil can only be blamed on God, if He even exists. Natural disasters and diseases seem at odds with a good and benevolent God. Try to remember, though, that God created this universe

462 views • 8 slides
TALx86: A Realistic Typed Assembly Language TALx86: A Realistic Typed Assembly Language Dan

TALx86: A Realistic Typed Assembly Language TALx86: A Realistic Typed Assembly Language Dan

TALx86: A Realistic Typed Assembly Language TALx86: A Realistic Typed Assembly Language Dan Grossman, Fred Smith Cornell University Joint work with: Greg Morrisett, Karl Crary (CMU), Neal Glew, Richard Samuels, Dave Walker, Stephanie Weirich,

447 views • 20 slides
Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers tekniska hgskola joint work with Simon Castellan, Imperial College Pierre Clairambault, ENS Lyon TYPES 2019 Oslo, 11-14 June . . . . . . . .

140 views • 12 slides
Term Rewriting Systems All sentences are unit equations ( is implicit). AUTOMATED

Term Rewriting Systems All sentences are unit equations ( is implicit). AUTOMATED

14ai Term Rewriting Systems All sentences are unit equations ( is implicit). AUTOMATED REASONING Problem is usually to show that two terms are equal modulo equations. Although this could be done using paramodulation .... To cut

303 views • 7 slides
Unification by Narrowing Mircea Marin West University of Timisoara mmarin@info.uvt.ro May 20,

Unification by Narrowing Mircea Marin West University of Timisoara mmarin@info.uvt.ro May 20,

Unification by Narrowing Mircea Marin West University of Timisoara mmarin@info.uvt.ro May 20, 2014 Marin Unification by Narrowing What is narrowing? Narrowing sound and complete method for solving E -unification problems in theories

1.06k views • 69 slides
Panel on libraries The Coq Workshop 2020 online 1 / 1 HoTT &amp; the Future of Formalization

Panel on libraries The Coq Workshop 2020 online 1 / 1 HoTT &amp; the Future of Formalization

Moderator: Bas Spitters Andrej Bauer Cyril Cohen Robbert Krebbers Guillaume Melquiond Anders Mortberg Karl Palmskog Panel on libraries The Coq Workshop 2020 online 1 / 1 HoTT &amp; the Future of Formalization

215 views • 17 slides
Models and Algorithms for Programmable Matter Christian Scheideler Joint work with Theory of

Models and Algorithms for Programmable Matter Christian Scheideler Joint work with Theory of

Theory of Distributed Systems Models and Algorithms for Programmable Matter Christian Scheideler Joint work with Theory of Distributed Systems Motivation Scene with T1000 from Terminator 2 Movie: Primitives? Algorithms? 2 Theory of

809 views • 31 slides
H1 FY18 EARNINGS November 7, 2017 1 Yves Guillemot, President and Chief Executive Officer Alain

H1 FY18 EARNINGS November 7, 2017 1 Yves Guillemot, President and Chief Executive Officer Alain

H1 FY18 EARNINGS November 7, 2017 1 Yves Guillemot, President and Chief Executive Officer Alain Martinez, Chief Financial Officer D I S C L A I M E R This statement may contain estimated financial data, information on future projects and

569 views • 29 slides
4/14/2016 Disclosures Medtronic Spectranetics 2016 Tenaxis Medical SAB UCSF

4/14/2016 Disclosures Medtronic Spectranetics 2016 Tenaxis Medical SAB UCSF

4/14/2016 Disclosures Medtronic Spectranetics 2016 Tenaxis Medical SAB UCSF Vascular Symposium Societal, Clinical, and Radiographic Volcano Corporation Definition of Venous Stenosis: W.L. Gore James J Zimmerman, M.D. A

480 views • 5 slides
Overlapping Rules and Logic Variables in Functional Logic Programs Michael Hanus

Overlapping Rules and Logic Variables in Functional Logic Programs Michael Hanus

ICLP 2006 Overlapping Rules and Logic Variables in Functional Logic Programs Michael Hanus Christian-Albrechts-Universit at Kiel (joint work with Sergio Antoy, Portland State University) F UNCTIONAL L OGIC L ANGUAGES Approach to amalgamate

681 views • 42 slides
Maude-NPA: Tutorial Catherine Meadows, Naval Research Laboratory (USA) Jos e Meseguer,

Maude-NPA: Tutorial Catherine Meadows, Naval Research Laboratory (USA) Jos e Meseguer,

Maude-NPA: Tutorial Catherine Meadows, Naval Research Laboratory (USA) Jos e Meseguer, University of Illinois at Urbana-Champaign (USA) Santiago Escobar, Universidad Polit ecnica de Valencia (Spain) P ROTOCOL E X CHANGE , J ANUARY 23, 2008

385 views • 37 slides

More recommend