How to be a Productive Programmer by putting things ofg until - - PowerPoint PPT Presentation

How to be a Productive Programmer

by putting things ofg until tomorrow Robert Atkey University of Strathclyde, Glasgow, UK 11th November 2011

Playing in Streams

co data Stream = StreamCons Integer Stream

• nes :: Stream
• nes = StreamCons 1 ones

map :: (Integer → Integer) → Stream → Stream map f (StreamCons x xs) = StreamCons (f x) (map f xs) merge :: Stream → Stream → Stream merge (StreamCons x xs) (StreamCons y ys) = StreamCons x (StreamCons y (merge xs ys))

Playing in Streams

co data Stream = StreamCons Integer Stream

• nes :: Stream
• nes = StreamCons 1 ones

map :: (Integer → Integer) → Stream → Stream map f (StreamCons x xs) = StreamCons (f x) (map f xs) merge :: Stream → Stream → Stream merge (StreamCons x xs) (StreamCons y ys) = StreamCons x (StreamCons y (merge xs ys))

Higher-order Functions on Streams

mergef :: (Integer → Integer → Stream → Stream) → Stream → Stream → Stream mergef f (StreamCons x xs) (StreamCons y ys) = f x y (mergef f xs ys)

Higher-order Functions on Streams

mergef :: (Integer → Integer → Stream → Stream) → Stream → Stream → Stream mergef f (StreamCons x xs) (StreamCons y ys) = f x y (mergef f xs ys) A bad choice of argument yields non-productive defjnitions: badf :: Integer → Integer → Stream → Stream badf x y s = s

Higher-order Functions on Streams

mergef :: (Integer → Integer → Stream → Stream) → Stream → Stream → Stream mergef f (StreamCons x xs) (StreamCons y ys) = f x y (mergef f xs ys) Coq reports: Sub-expression “f x y (mergef f xs ys)” not in guarded form

Higher-order Functions on Streams

mergef :: (Integer → Integer → Stream → Stream) → Stream → Stream → Stream mergef f (StreamCons x xs) (StreamCons y ys) = f x y (mergef f xs ys) Get around guardedness check by changing the type of f? f :: Integer → Integer → Integer f :: Integer → Integer → (Integer, [Integer]) but what about: f x y s = StreamCons x (map (+1) s)

How can we put guardedness constraints into the types?

Putting things ofg until tomorrow

(Nakano, 2000) (McBride, 2009)

Putting things ofg until tomorrow

(Nakano, 2000) (McBride, 2009)

Type-based Guardedness

f :: Integer → Integer → ⊲ Stream → Stream

Type-based Guardedness

f :: Integer → Integer → ⊲ Stream → Stream

Type-based Guardedness

⊲Stream − “a stream tomorrow” StreamCons :: Integer → ⊲Stream → Stream deStreamCons :: Stream → (Integer, ⊲Stream) fjx :: (⊲A → A) → A

• nes

fjx s 1 s fjx x x

Type-based Guardedness

⊲Stream − “a stream tomorrow” StreamCons :: Integer → ⊲Stream → Stream deStreamCons :: Stream → (Integer, ⊲Stream) fjx :: (⊲A → A) → A

• nes = fjx (λs. StreamCons 1 s)

fjx (λx. x)

Type-based Guardedness

⊲Stream − “a stream tomorrow” StreamCons :: Integer → ⊲Stream → Stream deStreamCons :: Stream → (Integer, ⊲Stream) fjx :: (⊲A → A) → A

• nes = fjx (λs. StreamCons 1 s)

✘✘✘✘✘

fjx (λx. x)

Applicative Functor

pure :: A → ⊲A (⊛) :: ⊲(A → B) → ⊲A → ⊲B mergef Integer Integer Stream Stream Stream Stream Stream mergef f fjx g xs ys let x xs’ xs let y ys’ ys in f x y g xs’ ys’ g Stream Stream Stream

Applicative Functor

pure :: A → ⊲A (⊛) :: ⊲(A → B) → ⊲A → ⊲B mergef :: (Integer → Integer → ⊲Stream → Stream) → Stream → Stream → Stream mergef f = fjx (λg xs ys. let (x, xs’) = deStreamCons xs let (y, ys’) = deStreamCons ys in f x y (g ⊛ xs’ ⊛ ys’)) g :: ⊲(Stream → Stream → Stream)

From Infjnite to Finite

Can we write take :: Natural → Stream → [Integer] by structural recursion on the fjrst argument? take 0 s take n 1 s x take n s’ where x s’ s This type prevents us: Stream Integer Stream We cannot leave the “time stream” of the stream.

From Infjnite to Finite

Can we write take :: Natural → Stream → [Integer] by structural recursion on the fjrst argument? take 0 s = [] take (n + 1) s = x : take n s’ where (x, s’) = deStreamCons s This type prevents us: Stream Integer Stream We cannot leave the “time stream” of the stream.

From Infjnite to Finite

Can we write take :: Natural → Stream → [Integer] by structural recursion on the fjrst argument? take 0 s = [] take (n + 1) s = x : take n s’ where (x, s’) = deStreamCons s This type prevents us: deStreamCons :: Stream → (Integer, ⊲Stream) We cannot leave the “time stream” of the stream.

Clock Variables

Clock Variables

Annotate with “clock variables”, κ:

◮ A clock κ represents a fjxed amount of time remaining ◮ Streamκ is a stream for at least the time remaining in κ ◮ ⊲ κ removes one unit of time remaining in κ

Integer Stream Stream Stream Integer Stream delay A A A B A B fjx A A A

Clock Variables

Annotate with “clock variables”, κ:

◮ A clock κ represents a fjxed amount of time remaining ◮ Streamκ is a stream for at least the time remaining in κ ◮ ⊲ κ removes one unit of time remaining in κ

StreamConsκ :: Integer → ⊲

κStreamκ → Streamκ

deStreamConsκ :: Streamκ → (Integer, ⊲

κStreamκ)

delay A A A B A B fjx A A A

Clock Variables

Annotate with “clock variables”, κ:

◮ A clock κ represents a fjxed amount of time remaining ◮ Streamκ is a stream for at least the time remaining in κ ◮ ⊲ κ removes one unit of time remaining in κ

StreamConsκ :: Integer → ⊲

κStreamκ → Streamκ

deStreamConsκ :: Streamκ → (Integer, ⊲

κStreamκ)

delayκ :: A → ⊲

κA

(⊛κ) :: ⊲

κ(A → B) → ⊲ κA → ⊲ κB

fjx A A A

Clock Variables

Annotate with “clock variables”, κ:

◮ A clock κ represents a fjxed amount of time remaining ◮ Streamκ is a stream for at least the time remaining in κ ◮ ⊲ κ removes one unit of time remaining in κ

StreamConsκ :: Integer → ⊲

κStreamκ → Streamκ

deStreamConsκ :: Streamκ → (Integer, ⊲

κStreamκ)

delayκ :: A → ⊲

κA

(⊛κ) :: ⊲

κ(A → B) → ⊲ κA → ⊲ κB

fjxκ :: (⊲

κA → A) → A

Eternity in an Hour

For type A with a free clock variable κ:

◮ Form the type ∀κ. A ◮ A with all possible amounts of “time remaining”

Stream streams that go on forever Quantifjcation allows removal of delays: force A A

Eternity in an Hour

For type A with a free clock variable κ:

◮ Form the type ∀κ. A ◮ A with all possible amounts of “time remaining”

(∀κ. Streamκ) ≈ streams that go on forever Quantifjcation allows removal of delays: force A A

Eternity in an Hour

For type A with a free clock variable κ:

◮ Form the type ∀κ. A ◮ A with all possible amounts of “time remaining”

(∀κ. Streamκ) ≈ streams that go on forever Quantifjcation allows removal of delays: force :: (∀κ. ⊲

κA) → (∀κ. A)

From Infjnite to Finite, again

Can we write take :: Natural → (∀κ. Streamκ) → [Integer] by structural recursion on the fjrst argument? take 0 s take n 1 s x take n force s’ where x s’ s

From Infjnite to Finite, again

Can we write take :: Natural → (∀κ. Streamκ) → [Integer] by structural recursion on the fjrst argument? take 0 s = [] take (n + 1) s = x : take n (force s’) where (x, s’) = deStreamCons s

Derivation

Let Γ = s : ∀κ. Streamκ κ; Γ ⊢ s : ∀κ. Streamκ κ; Γ ⊢ s : Streamκ κ; Γ ⊢ deStreamCons s : (Integer, ⊲

κStreamκ)

; Γ ⊢ deStreamCons s : ∀κ. (Integer, ⊲

κStreamκ)

; Γ ⊢ deStreamCons s : (Integer, ∀κ. ⊲

κStreamκ)

Replace-Min

A classic example (Bird, 1984) replaceMin :: Tree → Tree replaceMin t = let (t’, m) = replaceMinBody (t, m) in t’ where replaceMinBody (Leaf x, m) = (Leaf m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in (Br l’ r’, min ml mr)

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace A U B U A B replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace A U B U A B replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace A U B U A B replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace A U B U A B replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace A U B U A B replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace A U B U A B replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace :: ∀κ. ((A[κ], ⊲

κU) → (B[κ], U)) → A[κ] → B[κ]

replaceMin Tree Tree replaceMin t force trace replaceMinBody t

With Clocks

replaceMinBody :: ∀κ. (Tree, ⊲

κ Integer) → ( ⊲ κ Tree, Integer)

replaceMinBody (Leaf x, m) = ( delay Leaf ⊛ m, x) replaceMinBody (Br l r, m) = let (l’, ml) = replaceMinBody l m let (r’, mr) = replaceMinBody r m in ( delay Br ⊛ l’ ⊛ r’, min ml mr) trace :: ∀κ. ((A[κ], ⊲

κU) → (B[κ], U)) → A[κ] → B[κ]

replaceMin :: Tree → Tree replaceMin t = force (trace replaceMinBody t)

Related Work

Related Work

A Modality for recursion (Nakano, 2000) Step-indexed Logical Relations (Appel, McAllester, 2001) (Dreyer, Ahmed, Birkedal, 2011) Time Flies like an Applicative Functor (McBride, 2009) First steps in synthetic guarded domain theory: step-indexing in the topos of trees (Birkedal, Møgelberg, Støvring, Schwinghammer, 2011) Ultrametric Semantics of Reactive Programs (Krishnaswami, Benton, 2011) The Logic of Provability (Boolos, 1993)

. . Short of time?

Formal Calculus

Types

Well formed types: ∆ ⊢ A where ∆ = κ1, ..., κn ∆ ⊢ 1 ∆ ⊢ A ∆ ⊢ B ∆ ⊢ A → B ∆ ⊢ A ∆ ⊢ B ∆ ⊢ A × B ∆ ⊢ A ∆ ⊢ B ∆ ⊢ A + B κ ∈ ∆ ∆ ⊢ A ∆ ⊢ ⊲

κA

∆, κ ⊢ A ∆ ⊢ ∀κ.A

Type Equalities

A ≡ B is

◮ refmexive, symmetric, transitive ◮ a congruence

and satisfjes: ∀κ.A ≡ A (κ ∈ fv(A)) ∀κ.A + B ≡ (∀κ.A) + (∀κ.B) ∀κ.A × B ≡ (∀κ.A) × (∀κ.B) ∀κ.A → B ≡ A → ∀κ.B (κ ∈ fv(A)) ∀κ.∀κ′.A ≡ ∀κ′.∀κ.A

Typing Rules

Well-typed terms: ∆; Γ ⊢ e : A where Γ = x1 : A1, ..., xn : An

◮ The simply-typed λ-calculus with products and sums

∆; Γ ⊢ e : A κ ∈ ∆ ∆; Γ ⊢ delay e : ⊲

κA

∆; Γ ⊢ f : ⊲

κ(A → B)

∆; Γ ⊢ e : ⊲

κA

∆; Γ ⊢ f ⊛ e : ⊲

κB

Typing Rules

∆, κ; Γ ⊢ e : A κ ∈ fv(Γ) ∆; Γ ⊢ e : ∀κ.A ∆; Γ ⊢ e : ∀κ.A κ′ ∈ ∆ ∆; Γ ⊢ e : A[κ → κ′] ∆; Γ ⊢ e : A ∆ ⊢ A ≡ B ∆; Γ ⊢ e : B ∆; Γ ⊢ f : ⊲

κA → A

∆; Γ ⊢ fix f : A ∆; Γ ⊢ e : ∀κ.⊲

κA

∆; Γ ⊢ force e : ∀κ.A

Data types

Descriptions of data types: F, G ::= A | F × G | F + G | − AX = A F × GX = FX × GX F + GX = FX + GX −X = X F F F

def

F F F F FA A F A F F F F F F

Data types

Descriptions of data types: F, G ::= A | F × G | F + G | − AX = A F × GX = FX × GX F + GX = FX + GX −X = X ∆ ⊢ µF κ ∈ ∆ ∆ ⊢ νκF νF

def

= ∀κ.νκF F F F FA A F A F F F F F F

Data types

Descriptions of data types: F, G ::= A | F × G | F + G | − AX = A F × GX = FX × GX F + GX = FX + GX −X = X ∆ ⊢ µF κ ∈ ∆ ∆ ⊢ νκF νF

def

= ∀κ.νκF consµ : F(µF) → µF foldµ : (FA → A) → µF → A consν : F(⊲

κνκF) → νκF

deConsν : νκF → F(⊲

κνκF)

Semantics

Untyped Semantics

data D = Lam (D → D) | Inl D | Inr D | Pair D D | Unit − :: Term → (Var → D) → D x η = η(x) λx. e η = Lam (λv. e(η[x → v])) f e η = df (eη) where Lam df = fη (really in DCPO )

Untyped Semantics

data D = Lam (D → D) | Inl D | Inr D | Pair D D | Unit − :: Term → (Var → D) → D x η = η(x) λx. e η = Lam (λv. e(η[x → v])) f e η = df (eη) where Lam df = fη delay e η = eη f ⊛ e η = df (eη) where Lam df = fη force e η = eη (really in DCPO )

Untyped Semantics

data D = Lam (D → D) | Inl D | Inr D | Pair D D | Unit − :: Term → (Var → D) → D x η = η(x) λx. e η = Lam (λv. e(η[x → v])) f e η = df (eη) where Lam df = fη delay e η = eη f ⊛ e η = df (eη) where Lam df = fη force e η = eη fjx f η = fix df where Lam df = fη (really in DCPO )

Untyped Semantics

data D = Lam (D → D) | Inl D | Inr D | Pair D D | Unit − :: Term → (Var → D) → D x η = η(x) λx. e η = Lam (λv. e(η[x → v])) f e η = df (eη) where Lam df = fη delay e η = eη f ⊛ e η = df (eη) where Lam df = fη force e η = eη fjx f η = fix df where Lam df = fη (really in DCPO⊥)

Semantics of Types

A type ∆ ⊢ A is interpreted as a collection of subsets of D ∆ ⊢ A : N|∆| → P(D) The interpretation of ∆ ⊢ A is parameterised by ∆-many clocks Satisfying:

◮ (n1, ..., n|∆|) ≤ (n′ 1, ..., n′ |∆|) implies

∆ ⊢ A(n′

1, ..., n′ ∆) ⊆ ∆ ⊢ A(n1, ..., n∆) ◮ If x ∈ ∆ ⊢ Aδ and x ⊑ x′ then x′ ∈ ∆ ⊢ Aδ.

Semantics of Types

δ = (n1, ..., n|∆|) and also: F : P(D) → P(D) 1δ = {Unit} A → Bδ = {Lam f | ∀δ′ ⊑ δ, x ∈ Aδ′. fx ∈ Bδ′} A × Bδ = {Pair(x, y) | x ∈ Aδ ∧ y ∈ Bδ} A + Bδ = {Inl(x) | x ∈ Aδ} ∪ {Inr(y) | y ∈ Bδ} ⊲

κAδ

= { D if δ(κ) = 0 A(δ[κ → n]) if δ(κ) = n + 1 ∀κ.Aδ = ∩

n∈N

A(δ[κ → n]) νκFδ = Fδ(κ)(D) µFδ = ∪

n∈N

Fn(∅)

Type Safety

Theorem If −; − ⊢ e : A, then for all η ∈ Var → D, eη ∈ ∆ ⊢ A() This means:

◮ eη = ⊥ ◮ If A = ∀κ.νκ(X × −), then e generates infjnitely many Xs

Slogan

Well typed programs ramble on forever and never get to the ⊥ of things

Alternative Ending

Type Safety

Defjne a semantics where:

◮ delay, ⊛, force are no-ops, and

fjx is interpreted by domain-theoretic fjxpoint If −; − ⊢ e : A, then

◮ eη = ⊥ ◮ If A = ∀κ.νκ(X × −), then e generates infjnitely many Xs

Slogan

Well typed programs ramble on forever and never get to the ⊥ of things