compiling with dependent types hongwei xi university of cincinnati
Post on 22-Dec-2015
221 views
TRANSCRIPT
![Page 1: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/1.jpg)
Compiling with Dependent Types
Hongwei XiUniversity of Cincinnati
![Page 2: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/2.jpg)
What do we want to do?
To produce (optimized) self-certified code that can guarantee both type safety and memory safety
Self-certification is done through the use of a form of low-level dependent types
Such low-level dependent types are to be translated from high-level dependent types in source programs
![Page 3: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/3.jpg)
Source Language: Xanadu
Xanadu (Xi, 2000) is a dependently typed imperative programming language with C-like syntax
The type of a variable in Xanadu can change during execution
The programmer may need to provide dependent type annotations for type-checking purpose
![Page 4: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/4.jpg)
A Program in Xanadu
{n:nat} float dotprod (len: int(n), a[n]: float, b[n]: float) {
var: nat i; float sum;; /* nat is [a: int | a >= 0] int(a) */
sum = 0.0;
for (i = 0; i < len; i = i + 1) { sum = sum +. a[i] *. b [i];
}
return sum;}
![Page 5: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/5.jpg)
A Datatype in Xanadu
A polymorphic datatype for lists:
union <‘a> list with nat = { Nil (0); Cons (n+1) of ‘a * <‘a> list(n)}
![Page 6: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/6.jpg)
Another Program in Xanadu (‘a){n:nat} int(n) length (xs: <‘a>list(n)) {
var: int x;; invariant: [i:nat,j:nat | i+j=n] (xs:<‘a> list(i), x:int(j)) while (true) { switch (xs) { case Nil: return x; case Cons (_, xs): x = x+1; } } exit; /* can never be reached */}
![Page 7: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/7.jpg)
Target Language: DTAL
DTAL is a dependently typed assembly language (Xi and Harper, 1999)
DTAL was originally designed to extend TAL (Morrisett et al, 1998) with a form of dependent types adopted from DML (Xi and Pfenning, 1999) for certifying memory safety.
![Page 8: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/8.jpg)
What is in this talk?
This talk is focused on low-level data representation
In particular, we show how dependent datatypes are represented
We also briefly explain how a state type annotation in Xanadu is transformed into a state type in DTAL
![Page 9: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/9.jpg)
Low-Level Types
= int | float | | top (s) | …n|d; |i; 1, …, n| …
1 + … + n = a:natn. a…nwhere natn is {a:int | 0<= a < n}
![Page 10: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/10.jpg)
Sizes of Types
|int| = 1, |float| = 2 |top (s)| = s, || = 1 | (d; )| = 1 |1,…, n | = |1| + … + |n| | (i; 1,…, n) | = max (|1|, …, |n|)
(currently, we require || … |n|)
![Page 11: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/11.jpg)
Tuple Type Representation
1, …, n) is represented flatly as
1 … n
![Page 12: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/12.jpg)
Pointer Type Representation
(d; ) is represented as
d
![Page 13: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/13.jpg)
An Example of Boxing
The high-level type Int * float may be translated into the low-level type:
,int, float
![Page 14: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/14.jpg)
Tag Functions
A tag function for (1,…, n) has the following type
a:natn. (a; 1,…, n) int(a)
![Page 15: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/15.jpg)
An Example of Tag Function
Let 1 = (1, (int(0), int)) 2 = (1, (int(1), float))
Then the following is a tag function for (1, 2): tag (x) = { var y; load y, x(-1); ret y; }
![Page 16: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/16.jpg)
An Example of Tagging (I)
The high-level type int + float may be translated into the low-level type:
a:nat2. (a; 1, 2)
where int(0), int int(1), float
![Page 17: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/17.jpg)
An Example of Tagging (II)
int(0) / int(1) Int / float
a:nat2. (a; (1,T(int(0), int)), (1,T(int(1), float)))
![Page 18: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/18.jpg)
An Interesting Question
Would it be still useful to form i… neven if we could not find a tag function for…n)
![Page 19: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/19.jpg)
Another Example of Tagging
The high-level type Int + float may also be translated into the low-level type:
a:nat2. int(a) (a; 1, )
where 1 = int and 2 = (0, float)
![Page 20: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/20.jpg)
Recursive Sum Types (I)
()list = unit + ()list list
a:nat2.a; intintlist
list may be translated intolist
![Page 21: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/21.jpg)
Recursive Sum Types (II)
()list = unit + ()list null = top/* null pointer */ list
a:nat2.a; nulllist
list may be translated intolist
![Page 22: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/22.jpg)
Dependent Datatypes (I)
union <‘a> list with nat = { Nil (0); Cons (n+1) of ‘a * <‘a> list(n)}
Nil: <‘a> list(0) Cons:
{n:nat} ‘a * <‘a> list(n) <‘a> list(n+1)
![Page 23: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/23.jpg)
Dependent Datatypes (II)
list = forall nnat. unit listawhere is n andis a:natn a
![Page 24: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/24.jpg)
Dependent Datatypes (III)
list = forall nnat. intintlistawhere is n andis a:natn a
![Page 25: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/25.jpg)
A Code Fragment in Xanadu
We now explain how the following code fragment is compiled
invariant: [i:nat,j:nat | i+j=n] (xs:<‘a> list(i), x:int(j)) while (true) { switch (xs) { case Nil: return x; case Cons (_, xs): x = x+1; } }
![Page 26: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/26.jpg)
A Code Fragment in DTAL
loop: (‘a,’r){i:nat,j:nat | i + j = n} [r1:<’a>list(i), r2:int(j), sp: [sp: int(n) :: ‘r] :: ‘r]
unfold r1 /* for type-checking purpose */
load r3, r1(-1)
beq r3, finish
load r1, r1(1)
add r2, r2, 1
jmp loop
![Page 27: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/27.jpg)
Some Questions
Would it be beneficial to introduce a low-level language with some structures instead of handling native code directly?
In particular, would it be beneficial to introduce the notion of macros? How?
![Page 28: Compiling with Dependent Types Hongwei Xi University of Cincinnati](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d7f5503460f94a63890/html5/thumbnails/28.jpg)
Conclusion
Translating (dependent) types from source level to target level presents an effective approach to establishing properties on low-level code, which would often be difficult to prove from scratch
This practice can also be of great help for debugging a compiler