imperative programming with dependent types hongwei xi university of cincinnati
TRANSCRIPT
![Page 1: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/1.jpg)
Imperative Programming with Dependent Types
Hongwei XiUniversity of Cincinnati
![Page 2: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/2.jpg)
A Wish List
We would like to have a programming language that should– be simple and general– support extensive error checking– facilitate proofs of program properties– possess correct and efficient implementation– ... ...
![Page 3: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/3.jpg)
Reality
Invariably, there are many conflicts among this wish list
These conflicts must be resolved with careful attention to the needs of the user
![Page 4: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/4.jpg)
Advantages of Types
Capturing errors at compile-time Enabling compiler optimizations Facilitating program verification Serving as program documentation
![Page 5: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/5.jpg)
Limitations of (Simple) Types
Not general enough– Many correct programs cannot be typed
Not specific enough– Many interesting properties cannot be
captured
![Page 6: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/6.jpg)
Dependent Types
Dependent types are types that are– more refined– dependent on the values of expressions
Examples– int(i): singleton type containing only integer i– <int> array(n): type for integer arrays of size
n
![Page 7: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/7.jpg)
Type System Design
A practically useful type system should be– Scalable– Applicable– Comprehensible– Unobtrusive– Flexible
![Page 8: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/8.jpg)
Xanadu
Xanadu is a dependently typed imperative programming language with C-like syntax
The type of a variable in Xanadu can change during execution
The programmer may need to provide dependent type annotations for type-checking purpose
![Page 9: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/9.jpg)
Early Design Decisions
Practical type-checking Realistic programming features Conservative extension Pay-only-if-you-use policy
![Page 10: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/10.jpg)
Examples of Dependent Types in Xanadu
int(a): singleton types containing the only integer equal to a, where a ranges over all integers
<‘a> array(a): types for arrays of size a in which all elements are of type ‘a, where a ranges over all natural numbers
![Page 11: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/11.jpg)
Examples of Dependent Types in Xanadu
int(i,j) is defined as [a:int | i < a < j] int(a),that is, the sum of all types int(a) for i < a < j
int[i,j), int(i,j] , int[i,j] are defined similarly
![Page 12: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/12.jpg)
A Xanadu Program
{n:nat}unit init (int vec[n]) { var int ind, size;; size = arraysize(vec); invariant: [i:nat] (ind: int(i)) for (ind=0; ind<size; ind=ind+1){ vec[ind] = ind; }}
![Page 13: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/13.jpg)
A Slight Variation
{n:nat}
unit init (int vec[n]) {
var nat ind, size;;
size = arraysize(vec);
for (ind=0; ind<size; ind=ind+1){
vec[ind] = ind;
}
}
![Page 14: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/14.jpg)
Dependent Record Types
A polymorphic type for arrays
{n:nat} <‘a> array(n) { size: int(n); data[n]: ‘a}
![Page 15: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/15.jpg)
Binary Search in Xanadu
{n:nat}int bs(key: int, vec: <int> array(n)) { var: l: int [0, n], h: int [-1, n); m: int; x: float;; l = 0; h = vec.size - 1; while (l <= h) { m = (l + h) / 2; x = vec.data[m]; if (x < key) { l = m - 1; } else if (x > key) { h = m + 1; } else { return m; } } return –1;}
![Page 16: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/16.jpg)
Dependent Record Types
A polymorphic type for 2-dimensional arrays:
{n:nat} <‘a> array2(m,n) { row: int(m); col: int(n); data[m][n]: ‘a}
![Page 17: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/17.jpg)
Dependent Record Types
A polymorphic type for sparse arrays:
<‘a>sparseArray(m,n) { row: int(m); col: int(n); data[m]: <int[0,n) * ‘a> list}
![Page 18: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/18.jpg)
Dependent Union Types
A polymorphic type for lists:
union <‘a> list with nat = { Nil(0); {n:nat} Cons(n+1) of ‘a <‘a> list(n) }
Nil: <‘a> list(0) Cons: {n:nat} ‘a * <‘a> list(n) -> ‘a
list(n+1)
![Page 19: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/19.jpg)
Dependent Union Types
A polymorphic type for binary trees:
union <‘a> tree with (nat,nat) = { E(0,0); {sl:nat,sr:nat,hl:nat,hr:nat} B(sl+sr+1,1+max(hl,hr)) of <‘a> tree(sl,hl) ‘a <‘a> tree(sr,hr) }
![Page 20: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/20.jpg)
Typing Judgment in Xanadu
e
![Page 21: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/21.jpg)
Typing Assignment
exexunit
![Page 22: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/22.jpg)
Typing Loop
ebooliieunitwhileeeiunit
![Page 23: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/23.jpg)
Reverse Append in Xanadu
(‘a) {m:nat,n:nat}
<‘a> list(m+n) revApp (xs:<‘a> list(m),ys:<‘a> list(n)) {var: ‘a x;;invariant: [m1:nat,n1:nat | m1+n1=m+n] (xs:<‘a> list(m1), ys:<‘a> list(n1))while (true) { switch (xs) { case Nil: return ys; case Cons (x, xs): ys = Cons(x, ys); } } exit; /* can never be reached */
}
![Page 24: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/24.jpg)
Constraint Generation in Type-checking
The following integer constraint is generated when the revApp example is type-checked:
m:nat,n:nat, m1:nat,n1:nat, m1+n1=m+n, a:nat, m1=a+1
|= a+(n1+1)=m+n
![Page 25: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/25.jpg)
Conclusion
It is still largely an elusive goal in practice to verify the correctness of a program
It is therefore important to identify those program properties that can be effectively verified for realistic programs
![Page 26: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/26.jpg)
Conclusion
We have designed a type-theoretic approach to capturing simple arithmetic reasoning
The preliminary studies indicate that this approach allows the programmer to capture many more properties in realistic programs
![Page 27: Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati](https://reader036.vdocuments.us/reader036/viewer/2022062320/56649c7b5503460f9492f827/html5/thumbnails/27.jpg)
Future Work
Adding more program features into Xanadu
Constructing a compiler for Xanadu that can compile dependent types from source level into bytecode level
Incorporating dependent types into Java and …