. are at odds with linear types. More generally, control effects - PowerPoint PPT Presentation

. . Exceptions are invaluable for structured error handling in high-level languages, but they . are at odds with linear types. More generally, control effects may delete or duplicate por- tions of the stack, which, if we are not careful, can invalidate all substructural usage guaran- tees for values on the stack.

A Theory of Substructural Types & Control Jesse A. Tov Riccardo Pucella OOPSLA October 26, 2011 .

Control Operators exceptions, call/cc, shift and reset, coroutines, … 3

Substructural Types linear types, affine types, typestate, session types, … 4

Substructural Types L inear . . . . . . . . . R elevant A ffine U nlimited 5

Substructural Types L = 1 . . . . . . . . . R elevant A ffine U nlimited 5

Substructural Types L = 1 . . . . . . . . . ≥ 1 R A ffine U nlimited 5

Substructural Types L = 1 . . . . . . . . . ≥ 1 ≤ 1 R A U nlimited 5

Substructural Types L = 1 . . . . . . . . ≥ 1 ≤ 1 R A U 5

Substructural Types type file : A val open : string . . file file . char val read : file . . val write : file . char . file val close : file . . unit 6

Substructural Types type file : L val open : string . . file file . char val read : file . . val write : file . char . file val close : file . . unit 6

7

let confFile = open confFileName in let ( conf , confFile ) = parseConfFile confFile in let logFile = open conf.logFileName in close confFile ; logFile 8

let confFile = # ⟨ file:. . conf ⟩ in let ( conf , confFile ) = parseConfFile confFile in let logFile = open conf.logFileName in close confFile ; logFile 8

let confFile = # file:. conf in let ( conf , confFile ) = parseConfFile # ⟨ file:. . conf ⟩ in let logFile = open conf.logFileName in close confFile ; logFile 8

let confFile = # file:. conf in let ( conf , confFile ) = ({ . . . }, # ⟨ file:. . conf ⟩ ) in let logFile = open conf.logFileName in close confFile ; logFile 8

let confFile = # file:. conf in let ( conf , confFile ) = ({ }, # file:. . conf ) in let logFile = open { . . . } .logFileName in close # ⟨ file:. . conf ⟩ ; logFile 8

let confFile = # file:. conf in let ( conf , confFile ) = ({ }, # file:. . conf ) in let logFile = open “/var/log/ . . . ” in close # ⟨ file:. . conf ⟩ ; logFile 8

let confFile = # file:. conf in let ( conf , confFile ) = ({ }, # file:. . conf ) in let logFile = raise IOError . . 8

shift/reset . . . . . . . . . . . . (Danvy & Filinski 1989) exceptions . . . · · affine types . . . · · linear types 9

. . . . . . . . . exceptions shift/reset . . . . . . . · · · · affine types . . . . . . · · · · linear types (Danvy & Filinski 1989) 9

. (Danvy & Filinski 1989) exceptions shift/reset . . . . . . . . . · . · · · . · · affine types . . . . . . . . . . . . · . · . · · · · · · . . linear types 9

. 10

. 10

. 10

; c . . . e : . 10

. . . e : . ; c 10

. . Q . . Q . URAL. L . . . . . R Qualifiers A U . (Ahmed et al. 2005) 11

. . Q . URAL. L . . . . . R Qualifiers A U . . ⪯ Q . (Ahmed et al. 2005) 11

. URAL. L . . . . . R Qualifiers A U . . ⪯ Q . . ⪯ Q . (Ahmed et al. 2005) 11

{ U, R, A, L } L . . Q Q exceptions shift/reset effect names: C c pure effect: . C sequencing: . : C . C . . C C . Q qualifier bound: . URAL ( C ) C = ( C , ., ., ⪰ ) . 12

L . . Q Q exceptions shift/reset { U, R, A, L } pure effect: . C sequencing: . : C . C . . C C . Q qualifier bound: . URAL ( C ) C = ( C , ., ., ⪰ ) effect names: C ∋ c . 12

. . Q Q exceptions shift/reset { U, R, A, L } L sequencing: . : C . C . . C C . Q qualifier bound: . URAL ( C ) C = ( C , ., ., ⪰ ) effect names: C ∋ c pure effect: . ∈ C . 12

. Q Q exceptions shift/reset { U, R, A, L } L . C . Q qualifier bound: . URAL ( C ) C = ( C , ., ., ⪰ ) effect names: C ∋ c pure effect: . ∈ C sequencing: . : C . C . . C . 12

exceptions shift/reset { U, R, A, L } L . . Q Q . URAL ( C ) C = ( C , ., ., ⪰ ) effect names: C ∋ c pure effect: . ∈ C sequencing: . : C . C . . C ⊆ C . Q qualifier bound: ⪰ . 12

shift/reset { U, R, A, L } L . . Q Q . URAL ( C ) C = ( C , ., ., ⪰ ) exceptions effect names: C P ( Exn ) . pure effect: . sequencing: . . . { φ } ⪰ A qualifier bound: ⪰ . 12

. URAL ( C ) C = ( C , ., ., ⪰ ) exceptions shift/reset effect names: C P ( Exn ) { U, R, A, L } . pure effect: . L sequencing: . . . . { φ } ⪰ A . Q ⪰ Q qualifier bound: ⪰ . 12

Application . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Application . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Context Splitting . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Qualifier . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Control Effects . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Control Effects . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Control Effects . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Effect of e 2 . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Effect of e 2 . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Effect of e 1 . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Effect of e 1 . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Application . c . 1 . e 1 : Q 1 (. ʼ . . ) ; c 1 (check e 1 ) . 2 . e 2 : . ʼ ; c 2 (check e 2 ) . c 2 ⪰ Q 1 ( e 2 effect ok) . . 2 ⪯ Q 2 ( e 2 resources) . c 1 ⪰ Q 2 ( e 1 effect ok) . c 1 . c 2 . c : CTL (net effect) . . 1 ⊞ . 2 . e 1 e 2 : . ; c 1 . c 2 . c . 13

Does It Work? let confFile = open confFileName in let ( conf , confFile ) = parseConfFile confFile in let logFile = open conf.logFileName in close confFile ; logFile 14

Does It Work? let confFile = open confFileName in let ( conf , confFile ) = parseConfFile confFile in close confFile ; let logFile = open conf.logFileName in logFile 14

Three instances for : exceptions, shift/reset, and shift/reset with answer-type modification Does It Work? Theorem (Type safety). If • . e : . ; . then eval ( e ) ̸ = Wrong. Proof (Parametrized by C ). Transform e to continuation-passing style . . . 15

Does It Work? Theorem (Type safety). If • . e : . ; . then eval ( e ) ̸ = Wrong. Proof (Parametrized by C ). Transform e to continuation-passing style . . . Three instances for C : exceptions, shift/reset, and shift/reset with answer-type modification 15

no effect system Vault Alms . . . . . . . . Choose Two exceptions linear types this work 16