a mechanized proof of type safety for the polymorphic
play

A Mechanized Proof of Type Safety for the Polymorphic -Calculus - PowerPoint PPT Presentation

Oct 26, 2022 •207 likes •613 views

A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A. Papakyriakou Prodromos E. Gerakios Nikolaos S. Papaspyrou National Technical University of Athens School of Electrical and Computer Engineering

  1. A Mechanized Proof of Type Safety for the Polymorphic λ -Calculus with References Michalis A. Papakyriakou Prodromos E. Gerakios Nikolaos S. Papaspyrou National Technical University of Athens School of Electrical and Computer Engineering Software Engineering Laboratory {mpapakyr, pgerakios, nickie}@softlab.ntua.gr 6th Panhellenic Logic Symposium Volos, Greece, 5-8 July 2007 Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  2. Outline Introduction Type systems and type safety Polymorphic λ -calculus References Mechanized proof The language λ ∀ , ref Encoding λ ∀ , ref in Isabelle/HOL A tour of the proof Conclusions and future work Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  3. What is this paper about? ◮ The language Polymorphic λ -calculus with references ◮ The goal A proof of type safety ◮ The method Mechanized proof Using Isabelle/HOL Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  4. Type systems ◮ A type system defines: ◮ how a programming language classifies values and expressions into types ◮ how elements of these types can be manipulated ◮ how these types can interact ◮ A type indicates a set of values that have the same generic meaning or intended purpose ◮ The purpose of type systems: to prevent certain forms of erroneous or undesirable program behaviour Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  5. Type safety ◮ If a program is free of static type errors, then its execution is free of dynamic type errors ◮ Kinds of dynamic errors that can be avoided: ◮ programs can only access appropriate memory locations (memory safety) ◮ programs can only transfer control to appropriate program points (control safety) Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  6. Type safety ◮ If a program is free of static type errors, then its execution is free of dynamic type errors ◮ Kinds of dynamic errors that can be avoided: ◮ programs can only access appropriate memory locations (memory safety) ◮ programs can only transfer control to appropriate program points (control safety) ◮ The standard procedure ◮ Syntax ◮ Operational semantics ◮ Typing rules ◮ Safety = preservation + progress Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  7. Polymorphic λ -calculus ◮ System F , F 2 ◮ Girard, 1971; Reynolds, 1974 ◮ First-class polymorphism ◮ Useful for code reuse and modular type checking Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  8. Polymorphic λ -calculus ◮ System F , F 2 ◮ Girard, 1971; Reynolds, 1974 ◮ First-class polymorphism ◮ Useful for code reuse and modular type checking ◮ Polymorphic types and functions ∀ α . α → α id : = Λ α . λ x : α . x Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  9. Polymorphic λ -calculus ◮ System F , F 2 ◮ Girard, 1971; Reynolds, 1974 ◮ First-class polymorphism ◮ Useful for code reuse and modular type checking ◮ Polymorphic types and functions ∀ α . α → α id : = Λ α . λ x : α . x ◮ Explicit type application ∀ α . list α → list α → list α append : . . . append [ int ] [ 1, 2, 3 ] [ 4, 5 ] . . . Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  10. ML-style references Imperative programming in functional style ◮ Reference allocation let r = new 7 . . . r : Ref int Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  11. ML-style references Imperative programming in functional style ◮ Reference allocation let r = new 7 . . . r : Ref int ◮ Assignment . . . in r : = 42; . . . destructive update! Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  12. ML-style references Imperative programming in functional style ◮ Reference allocation let r = new 7 . . . r : Ref int ◮ Assignment . . . in r : = 42; . . . destructive update! ◮ Dereference . . . print ( deref r ) ; prints 42 Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  13. ML-style references Imperative programming in functional style ◮ Reference allocation let r = new 7 . . . r : Ref int ◮ Assignment . . . in r : = 42; . . . destructive update! ◮ Dereference . . . print ( deref r ) ; prints 42 ◮ No reference deallocation! . . . free r use garbage collection! Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  14. Polymorphic references ◮ The problem let r = Λ α . new ( λ x : α . x ) in r : ∀ α . Ref ( α → α ) r [ int ] : = succ ; deref ( r [ bool ]) true dynamic type error Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  15. Polymorphic references ◮ The problem let r = Λ α . new ( λ x : α . x ) in r : ∀ α . Ref ( α → α ) r [ int ] : = succ ; deref ( r [ bool ]) true dynamic type error ◮ A solution: value restriction In Λ α . v , the term v must be a value Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  16. Mechanized proof (i) ◮ Why not with pencil and paper? ◮ easy to make a mistake ◮ easy to “fix” a mistake ◮ if one is willing to spend time and effort to write a thorough proof with pencil and paper, why not use a proof assistant? Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  17. Mechanized proof (i) ◮ Why not with pencil and paper? ◮ easy to make a mistake ◮ easy to “fix” a mistake ◮ if one is willing to spend time and effort to write a thorough proof with pencil and paper, why not use a proof assistant? ◮ Proof assistants ◮ tools to develop formal proofs by man-machine collaboration ◮ interactive proof editor, with which a human can guide the search for proofs ◮ some steps of the proofs can be provided by the computer ◮ not (necessarily) automatic theorem proving! Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  18. Mechanized proof (ii) ◮ Some available proof assistants: Isabelle/HOL, Coq, Twelf, NuPRL, PVS, PhoX, MINLOG, . . . ◮ Isabelle/HOL ◮ Larry Paulson, Cambridge University ◮ Tobias Nipkow, TU München ◮ ❤tt♣✿✴✴✐s❛❜❡❧❧❡✳✐♥✳t✉♠✳❞❡✴ Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  19. Syntax of λ ∀ , ref τ :: = Unit | α | τ → τ | ∀ α . τ | Ref τ e :: = unit | x | λ x : τ . e | Λ α . e | e 1 e 2 | e [ τ ] | new e | deref e | e 1 : = e 2 | loc l v :: = unit | λ x : τ . e | Λ α . v | loc l Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  20. Typing rules of λ ∀ , ref Γ ; ∆ ; M ⊢ unit : Unit Γ , x : τ ; ∆ ; M ⊢ x : τ Γ , x : τ ; ∆ ; M ⊢ e : τ ′ ∆ | = τ Γ ; ∆ , α ; M ⊢ v : τ Γ ; ∆ ; M ⊢ λ x : τ . e : τ → τ ′ Γ ; ∆ ; M ⊢ Λ α . v : ∀ α . τ Γ ; ∆ ; M ⊢ e 1 : τ → τ ′ Γ ; ∆ ; M ⊢ e 2 : τ Γ ; ∆ ; M ⊢ e 1 e 2 : τ ′ = τ ′ Γ ; ∆ ; M ⊢ e : ∀ α . τ ∆ | Γ ; ∆ ; M ⊢ e : τ Γ ; ∆ ; M ⊢ e [ τ ′ ] : τ { α �→ τ ′ } Γ ; ∆ ; M ⊢ new e : Ref τ Γ ; ∆ ; M ⊢ e : Ref τ Γ ; ∆ ; M ⊢ deref e : τ Γ ; ∆ ; M ⊢ e 1 : Ref τ Γ ; ∆ ; M ⊢ e 2 : τ Γ ; ∆ ; M ⊢ e 1 : = e 2 : Unit Γ ; ∆ ; M, l : τ ⊢ loc l : Ref τ Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  21. Operational semantics of λ ∀ , ref → S ′ ; e ′ → S ′ ; e ′ S ; e 1 − S ; e 2 − 1 2 → S ′ ; e ′ → S ′ ; v 1 e ′ S ; e 1 e 2 − S ; v 1 e 2 − 1 e 2 2 → S ′ ; e ′ S ; e − → S ′ ; e ′ [ τ ] S ; e [ τ ] − → S ′ ; e ′ → S ′ ; e ′ S ; e − S ; e − → S ′ ; new e ′ → S ′ ; deref e ′ S ; new e − S ; deref e − → S ′ ; e ′ → S ′ ; e ′ S ; e 1 − S ; e 2 − 1 2 → S ′ ; e ′ → S ′ ; v 1 : = e ′ S ; e 1 : = e 2 − 1 : = e 2 S ; v 1 : = e 2 − 2 S ; ( λ x : τ . e ) v − → S ; e { x �→ v } S ; ( Λ α . v ) [ τ ] − → S ; v { α �→ τ } S ; new v − → S , l �→ v ; loc l S , l �→ v ; deref ( loc l ) − → S , l �→ v ; v S , l �→ v ′ ; loc l : = v − → S , l �→ v ; v Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

  22. Encoding λ ∀ , ref in Isabelle/HOL ◮ Main problems ◮ The representation of bound variables ◮ The representation of type environments ◮ The details are usually ignored in pencil and paper proofs Mechanized Proof of Type Safety for λ ∀ , ref M. A. Papakyriakou, P . E. Gerakios, N. S. Papaspyrou

Recommend

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Masters Thesis Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of Freiburg Department of Computer Science Programming Languages Chair September 1, 2019 Hannes Saffrich Mechanized Type

1.03k views • 39 slides
This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f ((

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f ((

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f (( f true ) :: ( f nil )) -bound variables in ML cannot be used polymorphically within a function abstraction E.g. f (( f true ) :: ( f nil ))

945 views • 23 slides
Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is monomorphic, Extends simply-typed : i.e. a type has no flexible pieces ::= * | type syntax expression/value syntax

328 views • 4 slides
Polymorphic type inference Example fun sum lst = ML infers types of functions (etc.)

Polymorphic type inference Example fun sum lst = ML infers types of functions (etc.)

Polymorphic type inference Example fun sum lst = ML infers types of functions (etc.) automatically, as follows: 1. Assign each bound variable & subexpression a fresh type variable if null lst then 0 plus fresh type variables for

347 views • 7 slides
A Mechanized Proof of Higmans Lemma by Open Induction Christian Sternagel University of

A Mechanized Proof of Higmans Lemma by Open Induction Christian Sternagel University of

A Mechanized Proof of Higmans Lemma by Open Induction Christian Sternagel University of Innsbruck, Austria January 18, 2016 Dagstuhl Seminar 16031 Well-Quasi-Orders in Computer Science Supported by the Austrian Science Fund (FWF):

833 views • 69 slides
How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt

How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt

How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt PiP 2014: Principles in Practice In this talk. . . Some feedback from the aircraft industry concerning the potential usefulness of the CompCert

890 views • 36 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
A Mechanized Proof of the Curve Length of a Rectifiable Curve Jagadish Bapanapally and Ruben

A Mechanized Proof of the Curve Length of a Rectifiable Curve Jagadish Bapanapally and Ruben

A Mechanized Proof of the Curve Length of a Rectifiable Curve Jagadish Bapanapally and Ruben Gamboa ACL2 Workshop 2017 May 23, 2017 Theory L n i =1 | P i P i 1 | Deriving length of a continuously differentiable curve n L =

568 views • 24 slides
Instant Polymorphic Type Systems for Mobile Process Calculi: Just Add Reduction Rules and Close

Instant Polymorphic Type Systems for Mobile Process Calculi: Just Add Reduction Rules and Close

Instant Polymorphic Type Systems for Mobile Process Calculi: Just Add Reduction Rules and Close Henning Makholm and Joe Wells Heriot-Watt University ESOP05 April 8, 2005 U seful L ogics, T ypes, Work supported by EU/IST/FET grant

537 views • 29 slides
Complexity Analysis by Polymorphic Sized Type Inference and Constraint Solving. ELICA meeting

Complexity Analysis by Polymorphic Sized Type Inference and Constraint Solving. ELICA meeting

Complexity Analysis by Polymorphic Sized Type Inference and Constraint Solving. ELICA meeting Martin Avanzini 1 (Joint work with Ugo Dal Lago 2 ) 1 University of Innsbruck 2 Universit di Bologna & INRIA, Sophia Antipolis Motivation

850 views • 57 slides
Mechanized semantics for Clight Sandrine Blaxy, Xavier Leroy Pim Jager - Type Theory and Coq The

Mechanized semantics for Clight Sandrine Blaxy, Xavier Leroy Pim Jager - Type Theory and Coq The

Mechanized semantics for Clight Sandrine Blaxy, Xavier Leroy Pim Jager - Type Theory and Coq The CompCert C project Formally proving a compiler The CompCert project investigates the formal verification of realistic compilers usable

948 views • 26 slides
polymorphic lambda calculus type theory week 09 2006 04 10 0 overview the course 1st

polymorphic lambda calculus type theory week 09 2006 04 10 0 overview the course 1st

polymorphic lambda calculus type theory week 09 2006 04 10 0 overview the course 1st order propositional logic simple type theory 1st order predicate logic type theory with dependent types P 2nd order propositional

482 views • 37 slides
Once Upon a Polymorphic Type CAMBRIDGE Keith Wansbrough Computer Laboratory University of

Once Upon a Polymorphic Type CAMBRIDGE Keith Wansbrough Computer Laboratory University of

UNIVERSITY OF Once Upon a Polymorphic Type CAMBRIDGE Keith Wansbrough Computer Laboratory University of Cambridge kw217@cl.cam.ac.uk http://www.cl.cam.ac.uk/users/kw217/ Simon Peyton Jones Microsoft Research Cambridge 20 January, 1999

665 views • 45 slides
Once Upon a Polymorphic Type CAMBRIDGE Keith Wansbrough Computer Laboratory University of

Once Upon a Polymorphic Type CAMBRIDGE Keith Wansbrough Computer Laboratory University of

UNIVERSITY OF Once Upon a Polymorphic Type CAMBRIDGE Keith Wansbrough Computer Laboratory University of Cambridge kw217@cl.cam.ac.uk http://www.cl.cam.ac.uk/users/kw217/ Simon Peyton Jones Microsoft Research Cambridge 20 January, 1999

604 views • 27 slides
CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

Introduction Using CryptoVerif Proof technique Enc-then-MAC example FDH example Conclusion CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, Ecole Normale Sup erieure, INRIA,

972 views • 78 slides
Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would

Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would

Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would like to have a functional language where it is possible to define general polymorphic functions Return type of a function is uniquely determined

476 views • 22 slides
Introduction to Type Theory February 2008 Alpha Lernet Summer School Piriapolis, Uruguay Herman

Introduction to Type Theory February 2008 Alpha Lernet Summer School Piriapolis, Uruguay Herman

Introduction to Type Theory February 2008 Alpha Lernet Summer School Piriapolis, Uruguay Herman Geuvers Nijmegen & Eindhoven, NL Lecture 3: Polymorphic Type Theory: Full polymorphism and ML style polymorphism 1 Why Polymorphic

826 views • 27 slides
Type System for a Polymorphic Multi-Stage Programming Language Atsushi Igarashi (Kyoto Univ.)

Type System for a Polymorphic Multi-Stage Programming Language Atsushi Igarashi (Kyoto Univ.)

Type System for a Polymorphic Multi-Stage Programming Language Atsushi Igarashi (Kyoto Univ.) Joint work with Megumi Kobayashi MetaOCaml [Calcagno, Taha, Huang, Leroy; GPCE03] An extension of OCaml with features for multi- stage programming

816 views • 33 slides
Components of a Hammer for Type Theory Goal Translation and Proof Reconstruction ukasz Czajka

Components of a Hammer for Type Theory Goal Translation and Proof Reconstruction ukasz Czajka

Components of a Hammer for Type Theory Goal Translation and Proof Reconstruction ukasz Czajka Cezary Kaliszyk University of Innsbruck May 24, 2016 Interactive Proof in Type Theory Why do we love it? Why do we hate it? 2 / 14

689 views • 46 slides
A Complete Characterization of Observational Equivalence in Polymorphic lambda-Calculus with

A Complete Characterization of Observational Equivalence in Polymorphic lambda-Calculus with

A Complete Characterization of Observational Equivalence in Polymorphic lambda-Calculus with General References Eijiro Sumii (Tohoku University) Executive Summary Sound and complete "proof method" for contextual equivalence in a

496 views • 34 slides
Meyer and Wand property for Damas and Milners polymorphic type assignment system Presentation

Meyer and Wand property for Damas and Milners polymorphic type assignment system Presentation

Meyer and Wand property for Damas and Milners polymorphic type assignment system Presentation Type Theory and Coq Jelte J. Zwetsloot Radboud University Nijmegen May 15th, 2018 Jelte J. Zwetsloot (Radboud University) Meyer and Wand property

462 views • 17 slides
On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code Hendrik Tews 1

On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code Hendrik Tews 1

Introduction Basics Type Errors Stronger Encodings Type Sensitivity Conclusion On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code Hendrik Tews 1 , Marcus V olp 1 , Tjark Weber 2 1 Technische Universit at

559 views • 40 slides
Type Theory Proof by reflection Marene Dimmendaal, Pleun Koldewijn Overview - What is proof

Type Theory Proof by reflection Marene Dimmendaal, Pleun Koldewijn Overview - What is proof

Type Theory Proof by reflection Marene Dimmendaal, Pleun Koldewijn Overview - What is proof by reflection? - The two main classes: - Direct computation proofs - Algebraic computation proofs - Example Direct proof - Example

483 views • 37 slides
Portable and mobile gas appliance safety Enzo Alfonsetti Type A Gas Appliance and Component

Portable and mobile gas appliance safety Enzo Alfonsetti Type A Gas Appliance and Component

Portable and mobile gas appliance safety Enzo Alfonsetti Type A Gas Appliance and Component Safety 24 November 2016 Topics Gas safety regulation in Australia and New Zealand GTRC Type A and Type B appliances GTRC website and

437 views • 43 slides

More recommend