type checking linear dependent types
play

Type-checking Linear Dependent Types Arthur Azevedo de Amorim 1 2 - PowerPoint PPT Presentation

Nov 23, 2023 •226 likes •1.07k views

Type-checking Linear Dependent Types Arthur Azevedo de Amorim 1 2 Marco Gaboardi 3 Emilio Jess Gallego Arias 1 Justin Hsu 1 1 University of Pennsylvania 2 INRIA Paris-Rocquencourt 3 University of Dundee 1 2 2 2 Anonymization Movie Ratings

  1. Type-checking Linear Dependent Types Arthur Azevedo de Amorim 1 2 Marco Gaboardi 3 Emilio Jesús Gallego Arias 1 Justin Hsu 1 1 University of Pennsylvania 2 INRIA Paris-Rocquencourt 3 University of Dundee 1

  2. 2

  3. 2

  4. 2

  5. Anonymization Movie Ratings Internet 2

  6. 2

  7. 2

  8. How to allow database queries and retain privacy guarantees? 3

  9. Differential Privacy • Rigorous bound on “privacy loss” [Dwork, 2006] • Informally: adding one’s data doesn’t change query results by much • Many available algorithms • Statistical analyses, combinatorial optimizations, machine learning, ... 4

  10. Ensuring Differential Privacy Random Noise + Differentially Private Deterministic Query Probabilistic Query 5

  11. Ensuring Differential Privacy Random Noise ∝ k k -sensitive + Differentially Private Deterministic Query Probabilistic Query 5

  12. Ensuring Differential Privacy Bound on result variation Random Noise ∝ k k -sensitive + Differentially Private Deterministic Query Probabilistic Query 5

  13. Ensuring Differential Privacy Bound on result variation Random Noise ∝ k k -sensitive + Differentially Private Deterministic Query Probabilistic Query Requires tedious proofs 5

  14. Types to the Rescue • DFuzz [Reed&Pierce10,Gaboardi13] is a type system for function sensitivity (hence, differential privacy) • Capable of expressing many differentially private algorithms • Metatheory ensures differential privacy • Type-checking algorithm: proof automation 6

  15. Challenge: Checking and Inference The DFuzz type system combines interesting features: • Linear indexed types • Dependent types • Subtyping Their interplay makes it difficult to reuse existing techniques directly 7

  16. Our Contributions • A type-checking and type-inference algorithm for a system combining linear and dependent types in the presence of subtyping • Showing how ideas from the type-checking literature for those domains can be adapted to a type system built around a special-purpose index language 8

  17. Outline • DFuzz and function sensitivity • Type checking and inference for DFuzz 9

  18. DFuzz and Function Sensitivity 10

  19. Function Sensitivity Bound output variation based on input variation f is k -sensitive: d ( f ( x ) , f ( y )) ≤ k · d ( x , y ) 11

  20. Function Sensitivity Bound output variation based on input variation f is k -sensitive: d ( f ( x ) , f ( y )) ≤ k · d ( x , y ) Distance functions 11

  21. Function Sensitivity f f ( x ) x D ≤ k · D y f ( y ) f 11

  22. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) 12

  23. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) Multivariate polynomial 12

  24. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) • list n σ : list of length n (mechanisms that depend on input size) 12

  25. DFuzz in a Nutshell • ! k σ ⊸ τ : k -sensitive function (= linear) • list n σ : list of length n (mechanisms that depend on input size) • σ ⊑ τ : sensitivity weakening (e.g. (! 1 σ ⊸ τ ) ⊑ (! 2 σ ⊸ τ ) ) 12

  26. A Basic Example Consider the standard map function function map f l { case l of { | [] => [] | x :: l’ => f x :: map f l’ } } How to bound “distance” between results of two calls? 13

  27. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) 14

  28. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) k -sensitive 14

  29. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) length n 14

  30. Analyzing Example Distance for lists d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 14

  31. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) Triangle inequality i = 1 n � ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] i = 1 14

  32. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 Max difference n � between f and g ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] i = 1 n � ≤ [ d ( f , g ) + k · d ( x i , y i )] i = 1 14

  33. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 Definition of n � ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] sensitivity i = 1 n � ≤ [ d ( f , g ) + k · d ( x i , y i )] i = 1 14

  34. Analyzing Example d ( map ( f ,� x ) , map ( g ,� y )) n � = d ( f ( x i ) , g ( y i )) i = 1 n � ≤ [ d ( f ( x i ) , g ( x i )) + d ( g ( x i ) , g ( y i ))] i = 1 n � ≤ [ d ( f , g ) + k · d ( x i , y i )] i = 1 = n · d ( f , g ) + k · d ( � x ,� y ) 14

  35. Typing Example in DFuzz map : ! n (! k σ ⊸ τ ) ⊸ ! k list n σ ⊸ list n τ 15

  36. Typing Example in DFuzz map : ! n (! k σ ⊸ τ ) ⊸ ! k list n σ ⊸ list n τ Argument sensitivities 15

  37. Some Rules Γ , x : k σ ⊢ e : τ ( ⊸ I ) Γ ⊢ λ x : k σ. e : ! k σ ⊸ τ 16

  38. Some Rules Keep track of sensitivity Γ , x : k σ ⊢ e : τ ( ⊸ I ) Γ ⊢ λ x : k σ. e : ! k σ ⊸ τ 16

  39. Some Rules Γ , x : k σ ⊢ e : τ ( ⊸ I ) Γ ⊢ λ x : k σ. e : ! k σ ⊸ τ Propagate sensitivity to type 16

  40. Some Rules Γ ⊢ e 1 :! k σ ⊸ τ ∆ ⊢ e 2 : σ ( ⊸ E ) Γ + k · ∆ ⊢ e 1 e 2 : τ Context split, combine sensitivities 16

  41. Some Rules Γ ⊢ e 1 :! k σ ⊸ τ ∆ ⊢ e 2 : σ ( ⊸ E ) Γ + k · ∆ ⊢ e 1 e 2 : τ Composition: multiply sensitivities 16

  42. Some Rules ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ 16

  43. Some Rules Assuming n = 0 ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ 16

  44. Some Rules Assuming n = i + 1 ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ 16

  45. Some Rules ∆ ⊢ e : list n σ Γ ⊢ e nil : τ Γ , h : k σ, t : k list i σ ⊢ e cons : τ ( list E ) Γ + k · ∆ ⊢ case e of [] → e nil | h :: t → e cons : τ Track sensitivity on list 16

  46. Type Checking and Inference 17

  47. Plan DFuzz Program 18

  48. Plan DFuzz Program Inference 18

  49. Plan DFuzz Program Inference σ Constraints 18

  50. Plan DFuzz Program Inference σ Constraints Polynomial inequalities from subtyping 18

  51. Plan DFuzz Program Inference σ Constraints Solver 18

  52. Plan DFuzz Program Inference σ Constraints Solver Yes 18

  53. Plan DFuzz Program Inference σ Constraints Solver ⊑ τ ? 18

  54. Plan DFuzz Program Inference σ Constraints Solver ⊑ τ ? Provided by annotation 18

  55. Plan DFuzz Program Inference σ Constraints Solver ⊑ τ ? Yes 18

  56. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively 19

  57. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively . . . e 1 . . . e 2 . . . 19

  58. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively e 1 : σ 1 e 2 : σ 2 . . . e 1 . . . e 2 . . . 19

  59. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively e 1 : σ 1 e 2 : σ 2 . . . e 1 . . . e 2 . . . : τ 19

  60. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively • Restrict subtyping to essential places (e.g. application) 19

  61. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively • Restrict subtyping to essential places (e.g. application) • Assume sensitivities on higher-order types are given 19

  62. Important Points • Context splitting imposes a bottom-up strategy: start with leaves, combine sensitivities progressively • Restrict subtyping to essential places (e.g. application) • Assume sensitivities on higher-order types are given E.g ! _ (! k α ⊸ α ) ⊸ α 19

  63. Problems • Language not rich enough to express minimal sensitivities • E.g. point-wise maximum of two polynomials is not a polynomial • Solution: enrich sensitivity language with new operators 20

  64. Problems • Language not rich enough to express minimal sensitivities • E.g. point-wise maximum of two polynomials is not a polynomial • Solution: enrich sensitivity language with new operators cf. literature on subtyping 20

  65. Problems • Language not rich enough to express minimal sensitivities • E.g. point-wise maximum of two polynomials is not a polynomial • Solution: enrich sensitivity language with new operators • Type checking is undecidable • Can encode equality of integer polynomials (Hilbert’s tenth problem) • Completeness relative to a decider of sensitivity inequalities 20

Recommend

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software

A Linear Dependent Type Theory Zhaohui Luo Yu Zhang Royal Holloway Institute of Software University of London Chinese Academy of Sciences Linear types and dependent types Linear types (Girard 1987): A - B Dependent types

518 views • 13 slides
Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs

Stephanie Weirich University of Pennsylvania https://github.com/sweirich/dth @fancytypes Dependent Types in Haskell What is Dependent Type Theory? are types, proofs are programs Originally, logical foundation for mathematics

840 views • 39 slides
INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types and type checking Intro Various types and their representation Equality of types Type checking 2 / 43 Outline 1. Types and type checking Intro

1.11k views • 43 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk

MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk

MiniAgda: Integrating Sized and Dependent Types Andreas Abel, sec 1-2 Loes Habermehl Luuk Verkleij 1 Untyped Termination Checking In dependent type theories underlying Coq and Agda, all programs need to be total: All functions defined by

357 views • 25 slides
Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type

Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type

Typing Linear Constraints Salvatore RUGGIERI and Fred MESNARD Introduction Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type assertions A linear programming Salvatore RUGGIERI and Fred MESNARD

476 views • 26 slides
Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types

Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types

Operational Aspects of Type Systems Inter-Derivable Semantics of Type Checking and Gradual Types for Object Ownership Ilya Sergey 14 November 2012 Types A type - is a set of data instances and operations on them true , false boolean =

1.27k views • 86 slides
Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

COMP 520 Fall 2010 Type checking (1) Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks: determine the types of all expressions; check that values and variables are used correctly; and resolve

631 views • 30 slides
Chapter 6 Data Types Introduction Type Nomenclature Primitive Types Type

Chapter 6 Data Types Introduction Type Nomenclature Primitive Types Type

Chapter 6 Data Types Introduction Type Nomenclature Primitive Types Type constructors Ordinal Types Structured Types Type Checking Type conversion CSCI325 Chapter 6 Dr Ahmed Rafea 1 Introduction Evolution

367 views • 24 slides
Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf,

Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf,

Dependent Object Types Towards a foundation for Scalas type system Nada Amin, Tiark Rompf, Adriaan Moors, Martin Odersky Microsoft Research July 2, 2013 1 DOT: Dependent Object Types The DOT calculus proposes a new type-theoretic foundation

275 views • 15 slides
Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex

Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex

Types Micro-Haskell: crash course MH Types & Abstract Syntax Type Checking Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex Simpson School of Informatics University of Edinburgh

574 views • 26 slides
Type checking and normalisation James Chapman - University of Nottingham My thesis Type

Type checking and normalisation James Chapman - University of Nottingham My thesis Type

Type checking and normalisation James Chapman - University of Nottingham My thesis Type checking in Haskell Epigram language - McBride/McKinna Big-step normalisation for simple types, formalised in Agda Big-step normalisation for

978 views • 36 slides
Colored intersection types: a bridge between linear logic and higher-order model-checking Charles

Colored intersection types: a bridge between linear logic and higher-order model-checking Charles

Colored intersection types: a bridge between linear logic and higher-order model-checking Charles Grellois (joint work with Paul-Andr e Melli` es) PPS & LIAFA Universit e Paris 7 TYPES conference May 18th, 2015 Charles

549 views • 35 slides
Depending on equations A proof-relevant framework for unification in dependent type theory

Depending on equations A proof-relevant framework for unification in dependent type theory

Depending on equations A proof-relevant framework for unification in dependent type theory Jesper Cockx DistriNet KU Leuven 3 September 2017 Unification for dependent types Unification is used for many purposes: logic programming, type

1.97k views • 151 slides
Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea

Programming with Dependent Types Interactive programs and Coalgebras Anton Setzer Swansea University, Swansea, UK 14 August 2012 1/ 50 A Brief Introduction into ML Type Theory Interactive Programs in Dependent Type Theory Weakly Final

621 views • 50 slides
Formalising semantics of dependent type theory in dependent type theory (work in progress)

Formalising semantics of dependent type theory in dependent type theory (work in progress)

Formalising semantics of dependent type theory in dependent type theory (work in progress) Peter LeFanu Lumsdaine joint work with H akon Gylterud, Erik Palmgren DMV Hamburg, 25 September 2015 1 / 19 Modelling DTT Early models of

389 views • 19 slides
Really Naturally Linear Indexed Type Checking Arthur Azevedo de Amorim 1 , Marco Gaboardi 2 , us

Really Naturally Linear Indexed Type Checking Arthur Azevedo de Amorim 1 , Marco Gaboardi 2 , us

Really Naturally Linear Indexed Type Checking Arthur Azevedo de Amorim 1 , Marco Gaboardi 2 , us Gallego Arias 1 , Justin Hsu 1 Emilio Jes 1 University of Pennsylvania 2 University of Dundee October 2, 2014 In the beginning... In the

1.19k views • 82 slides
DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT:

DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT:

DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT: Dependent Object Types 1 / 21 Introduction What is DOT? DOT: Dependent Object Types type-theoretic foundation of Scala and languages like it

346 views • 21 slides
Dependent Type Theory with Pattern-Matching and Size-Change Termination TYPES 2006 Nottingham

Dependent Type Theory with Pattern-Matching and Size-Change Termination TYPES 2006 Nottingham

Dependent Type Theory with Pattern-Matching and Size-Change Termination TYPES 2006 Nottingham David Wahlstedt Chalmers University of Technology, G oteborg, Sweden davidw@cs.chalmers.se 1 Contribution A proof of normalisation for

520 views • 20 slides
Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the question of type checking and type reconstruction. Given , t and T , check whether t : T Type checking: Given and t , find a type T

518 views • 28 slides
Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive Analysis To understand the input computation, a compiler/interpreter need to discover The types of values stored in each variable The types

576 views • 39 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp .

Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp .

Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp . type ) type-exp int type-exp . type := integer type-exp bool type-exp . type := boolean type-exp 1 array type-exp 1 . type := [num] of

613 views • 7 slides
Dynamically checking types, bounds and maybe even more (or: some were meant for C) Stephen

Dynamically checking types, bounds and maybe even more (or: some were meant for C) Stephen

Dynamically checking types, bounds and maybe even more (or: some were meant for C) Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge 1 Tool wanted (how it all started) if (obj > type == OBJ

863 views • 29 slides

More recommend