Download presentation
Presentation is loading. Please wait.
1
Dependent Types for JavaScript Ravi Chugh Ranjit Jhala University of California, San Diego David Herman Mozilla Research
2
Goal: Precise and Flexible Reasoning for Fine-Grained Security But hard even for simple type invariants! Dependent Types for JavaScript A Large Subset of
3
3 Outline Challenges Tour of DJS Security Predicates
4
4 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } readLinks(document,5) // read at most 5 links … readLinks(document) // … or 10 by default Challenges: Unions and Mutation integer or undefined…
![4 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) // read at most 5 links … readLinks(document) // … or 10 by default Challenges: Unions and Mutation integer or undefined…](http://images.slideplayer.com/27/8986115/slides/slide_4.jpg "4 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) // read at most 5 links … readLinks(document) // … or 10 by default Challenges: Unions and Mutation integer or undefined…")
5
5 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } readLinks(document,5) readLinks(document) Challenges: Unions and Mutation integer or undefined…
![5 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenges: Unions and Mutation integer or undefined…](http://images.slideplayer.com/27/8986115/slides/slide_5.jpg "5 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenges: Unions and Mutation integer or undefined…")
6
6 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } readLinks(document,5) readLinks(document) Challenges: Unions and Mutation integer or undefined… … but now definitely an integer
![6 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenges: Unions and Mutation integer or undefined… … but now definitely an integer](http://images.slideplayer.com/27/8986115/slides/slide_6.jpg "6 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenges: Unions and Mutation integer or undefined… … but now definitely an integer")
7
7 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } readLinks(document,5) readLinks(document) Challenge: Objects prototype inheritance, mutability, dynamic keys
![7 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenge: Objects prototype inheritance, mutability, dynamic keys](http://images.slideplayer.com/27/8986115/slides/slide_7.jpg "7 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenge: Objects prototype inheritance, mutability, dynamic keys")
8
8 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } readLinks(document,5) readLinks(document) Challenge: Arrays “length”, “holes”, non-integer keys, prototypes
![8 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenge: Arrays length , holes , non-integer keys, prototypes](http://images.slideplayer.com/27/8986115/slides/slide_8.jpg "8 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } readLinks(document,5) readLinks(document) Challenge: Arrays length , holes , non-integer keys, prototypes")
9
Coq refinement types dependent types Expressivity “Usability” JS + nested refinements System D [POPL ’12] DJS Dependent JavaScript [OOPSLA ’12] syntactic types … occurrenc e types ∨, ∧ F≤F≤
![Coq refinement types dependent types Expressivity Usability JS + nested refinements System D [POPL ’12] DJS Dependent JavaScript [OOPSLA ’12] syntactic types … occurrenc e types ∨, ∧ F≤F≤](http://images.slideplayer.com/27/8986115/slides/slide_9.jpg "Coq refinement types dependent types Expressivity Usability JS + nested refinements System D [POPL ’12] DJS Dependent JavaScript [OOPSLA ’12] syntactic types … occurrenc e types ∨, ∧ F≤F≤")
10
10 Outline Challenges Tour of DJS Security Predicates
11
RefinementsPath and Flow SensitivityArraysPrototypesLoops
12
12 { b | tag(b) = “boolean” } Bool { n | tag(n) = “number” } Num { i | tag(i) = “number” integer(i) }Int { x | true }Top RefinementsPath and Flow SensitivityArraysPrototypesLoops {x|p}{x|p} “value x such that formula p is true” Refinement Types
13
13 {x|p}{x|p} “value x such that formula p is true” Num3 :: Int3 :: {i|i>0}{i|i>0} {i|i=3}{i|i=3} RefinementsPath and Flow SensitivityArraysPrototypesLoops {x|p}{x|p} “value x such that formula p is true” Refinement Types
14
14 { i | i = 3 } 0 } <: Int <: Num i = 3 i > 0 tag(i) = “number” integer(i) tag(i) = “number” RefinementsPath and Flow SensitivityArraysPrototypesLoops Subtyping is Implication*
15
15 RefinementsPath and Flow SensitivityArraysPrototypesLoops { d | Bool(sel(d,“f”)) sel(d,k) :: Int Int } McCarthy’s decidable theory of arrays uninterpreted System D “has-type” predicate nests typing relation inside formulas Nested Refinements
16
16 Subtyping is Implication* RefinementsPath and Flow SensitivityArraysPrototypesLoops Implication* = Uninterpreted Validty Syntactic Subtyping Nested Refinements
17
var readLinks = function (doc, max) { if (!max) { max = 10 } else { } … Path and Flow Sensitivity 17 max 0 :Int? T? { x | T(x) x = undefined } max 1 :{v|v = 10}max 2 :{v|v = max 0 } max 12 :Int (max0 ≠ undefined) RefinementsPath and Flow SensitivityArraysPrototypesLoops /*: readLinks :: (Ref(~doc), Int?) Top */
18
var readLinks = function (doc, max) { if (!max) { max = 10 } else { } … Path and Flow Sensitivity 18 max 0 :Int? T? { x | T(x) x = undefined } max 12 :Int RefinementsPath and Flow SensitivityArraysPrototypesLoops /*: readLinks :: (Ref(~doc), Int?) Top */
19
Path and Flow Sensitivity RefinementsPath and Flow SensitivityArraysPrototypesLoops var x = { } x[k] = 7 x 0 :Empty x 1 :{v|v = upd(x 0,k,7)} Strong updates to singleton objects Weak updates to collections of objects
![Path and Flow Sensitivity RefinementsPath and Flow SensitivityArraysPrototypesLoops var x = { } x[k] = 7 x 0 :Empty x 1 :{v|v = upd(x 0,k,7)} Strong updates to singleton objects Weak updates to collections of objects](http://images.slideplayer.com/27/8986115/slides/slide_19.jpg "Path and Flow Sensitivity RefinementsPath and Flow SensitivityArraysPrototypesLoops var x = { } x[k] = 7 x 0 :Empty x 1 :{v|v = upd(x 0,k,7)} Strong updates to singleton objects Weak updates to collections of objects")
20
Track types, “packedness,” and length of arrays where possible { a | a :: Arr (A) { a | packed(a) { a | len(a) = 10 } XAAAA … X …… A? A?A?A?A? … A?A? …… A? { x | A(x) x = undefined } 012len(a) X { x | x = undefined } RefinementsPath and Flow SensitivityArraysPrototypesLoops
21
21 x:T 1 /H 1 T 2 /H 2 output typeinput heap input typeoutput heap RefinementsPath and Flow SensitivityArraysPrototypesLoops (Quick Detour) Function types include local heap pre- and post-conditions à la separation logic
22
22 extern getIdx :: All A. (a:Ref, i:Int) / (a 0 :Arr(A)) {a 1 | (a 1 :: A ∨ a 1 = undefined) 1 (packed(a 0 ) ite (0 <= i < len(a 0 )) 11 (a 1 :: A)) 1 1 (a 1 = undefined)} / same RefinementsPath and Flow SensitivityArraysPrototypesLoops output type / heap input type / heap ite p q 1 q 2 (p q 1 ) ∧ (p q 2 ) (a 1 :{v|v=a 0 })
23
23 RefinementsPath and Flow SensitivityArraysPrototypesLoops extern setIdx :: All A. (a:Ref, i:Int, y:A) / (a 0 :Arr(A)) Top / (a 1 :{a 1 :: Arr(A) 1 (packed(a 0 ) 0 <= i < len(a 0 ) packed(a 1 ) len(a 1 ) = len(a 0 )) 1 (packed(a 0 ) i = len(a 0 ) packed(a 1 ) len(a 1 ) = len(a 0 ) + 1)})
24
24 RefinementsPath and Flow SensitivityArraysPrototypesLoops extern __ArrayProto :: {v | sel(v,“pop”) :: … sel(v,“push”) :: … … }
25
25 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } RefinementsPath and Flow SensitivityArraysPrototypesLoops max inv : Int i inv : {v | v >= 0} elts inv : {a | a = elts 0 } Elt.proto inv : {d | …} Heap invariants before and after each iteration Type checker infers heap for common cases
![25 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } RefinementsPath and Flow SensitivityArraysPrototypesLoops max inv : Int i inv : {v | v >= 0} elts inv : {a | a = elts 0 } Elt.proto inv : {d | …} Heap invariants before and after each iteration Type checker infers heap for common cases](http://images.slideplayer.com/27/8986115/slides/slide_25.jpg "25 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } RefinementsPath and Flow SensitivityArraysPrototypesLoops max inv : Int i inv : {v | v >= 0} elts inv : {a | a = elts 0 } Elt.proto inv : {d | …} Heap invariants before and after each iteration Type checker infers heap for common cases")
26
26 DJS handles prototypes… RefinementsPath and Flow SensitivityArraysPrototypesLoops
27
Desugared Program Z3 SMT Solver Type Checker DJS Program Desugarer Based on Guha et al. [ECOOP ’10] 13 benchmarks mainly from SunSpider and JSGP 300 unannotated LOC 35% annotation overhead 11 benchmarks run in <1s 2 benchmarks run in 2-6s
28
28 Outline Challenges Tour of DJS Security Predicates
29
Browser Extension Security 29 “Degree of JavaScript” Granularity of Invariants ADsafet y Politz et al. [SEC ’11] JS coarse IBEX Guha et al. [SP ’11] ML fine DJS Can we track fine- grained policies directly in JS? ?
30
/*: readLinks :: (Ref(~doc), Int?) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } Allow extension to read this attribute?
![/*: readLinks :: (Ref(~doc), Int ) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } Allow extension to read this attribute](http://images.slideplayer.com/27/8986115/slides/slide_30.jpg "/*: readLinks :: (Ref(~doc), Int ) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } Allow extension to read this attribute")
31
/*: readLinks :: (Ref(~doc), Int?) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } /*: assume forall (e d) (eltTagName e “a” ∧ eltInDoc e d ∧ docDomain d “newyorker.com”) canReadAttr e “href” */ IBEX-style security policy Type check against IBEX-style DOM API
![/*: readLinks :: (Ref(~doc), Int ) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } /*: assume forall (e d) (eltTagName e a ∧ eltInDoc e d ∧ docDomain d newyorker.com ) canReadAttr e href */ IBEX-style security policy Type check against IBEX-style DOM API](http://images.slideplayer.com/27/8986115/slides/slide_31.jpg "/*: readLinks :: (Ref(~doc), Int ) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } /*: assume forall (e d) (eltTagName e a ∧ eltInDoc e d ∧ docDomain d newyorker.com ) canReadAttr e href */ IBEX-style security policy Type check against IBEX-style DOM API")
32
32 extern Elt.prototype.getAttr :: (this:Ref(~elt), k:Str) Str
33
extern Elt.prototype.getAttr :: (this:Ref(~elt), {k | Str(k) canReadAttr this k}) {s | Str(s) attrOfElt this k s }
34
extern Elt.prototype.getAttr :: (this:Ref(~elt), {k | Str(k) canReadAttr this k) {s | Str(s) attrOfElt this k s } extern Doc.prototype.domain :: (this:Ref(~doc)) Str
35
35 extern Doc.prototype.domain :: (this:Ref(~doc)) {s | Str(s) docDomain this s } extern Elt.prototype.getAttr :: (this:Ref(~elt), {k | Str(k) canReadAttr this k) {s | Str(s) attrOfElt this k s }
36
36 extern Doc.prototype.getEltsByTagName :: … extern Doc.prototype.domain :: (this:Ref(~doc)) {s | Str(s) docDomain this s } extern Elt.prototype.getAttr :: (this:Ref(~elt), {k | Str(k) canReadAttr this k) {s | Str(s) attrOfElt this k s }
37
/*: readLinks :: (Ref(~doc), Int?) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr(“href”) } /*: assume forall (e d) (eltTagName e “a” ∧ eltInDoc e d ∧ docDomain d “newyorker.com”) canReadAttr e “href” */ IBEX-style security policy Type check against IBEX-style DOM API ✓
![/*: readLinks :: (Ref(~doc), Int ) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } /*: assume forall (e d) (eltTagName e a ∧ eltInDoc e d ∧ docDomain d newyorker.com ) canReadAttr e href */ IBEX-style security policy Type check against IBEX-style DOM API ✓](http://images.slideplayer.com/27/8986115/slides/slide_37.jpg "/*: readLinks :: (Ref(~doc), Int ) Top */ var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) for (var i = 0; i < elts.length && i <= max; i++) { elts[i].getAttr( href ) } /*: assume forall (e d) (eltTagName e a ∧ eltInDoc e d ∧ docDomain d newyorker.com ) canReadAttr e href */ IBEX-style security policy Type check against IBEX-style DOM API ✓")
38
Current Status 38 9 of 17 IBEX examples ported to DJS Total running time ~3s Invariants translate directly (so far)
39
Conclusion 39 DJS able to track simple type invariants, and security predicates seem within reach
40
Thanks! 40 ravichugh.com/djs D :: github.com/ravichugh/djs
41
Extra Slides 41
42
42 var grandpa = …, parent = Object.create(grandpa), child = Object.create(parent), b = k in child, { v | v = true iff (has(child,k) (has(parent,k) (has(grandpa,k) (HeapHas(H,great,k)) } grandpa child parent Key Membership via Prototype Chain Unrolling b :: H (Rest of Heap) great RefinementsPath and Flow SensitivityArraysPrototypesLoops
43
var grandpa = …, parent = Object.create(grandpa), child = Object.create(parent), b = k in child, x = child[k] { v | if has(child,k) then v = sel(child,k) { v | elif has(parent,k) then v = sel(parent,k) { v | elif has(grandpa,k) then v = sel(grandpa,k) { v | elif HeapHas(H,great,k)) then v = HeapSel(H,great,k)) { v | else v = undefined } Key Lookup via Prototype Chain Unrolling x :: RefinementsPath and Flow SensitivityArraysPrototypesLoops
![var grandpa = …, parent = Object.create(grandpa), child = Object.create(parent), b = k in child, x = child[k] { v | if has(child,k) then v = sel(child,k) { v | elif has(parent,k) then v = sel(parent,k) { v | elif has(grandpa,k) then v = sel(grandpa,k) { v | elif HeapHas(H,great,k)) then v = HeapSel(H,great,k)) { v | else v = undefined } Key Lookup via Prototype Chain Unrolling x :: RefinementsPath and Flow SensitivityArraysPrototypesLoops](http://images.slideplayer.com/27/8986115/slides/slide_43.jpg "var grandpa = …, parent = Object.create(grandpa), child = Object.create(parent), b = k in child, x = child[k] { v | if has(child,k) then v = sel(child,k) { v | elif has(parent,k) then v = sel(parent,k) { v | elif has(grandpa,k) then v = sel(grandpa,k) { v | elif HeapHas(H,great,k)) then v = HeapSel(H,great,k)) { v | else v = undefined } Key Lookup via Prototype Chain Unrolling x :: RefinementsPath and Flow SensitivityArraysPrototypesLoops")
44
44 Key Idea Reduce prototype semantics to decidable theory of arrays via flow-sensitivity and unrolling RefinementsPath and Flow SensitivityArraysPrototypesLoops
45
45 Encode tuples as arrays { a | a :: Arr (Top) { a | packed(a) len(a) = 2 { a | Int(a[0]) { a | Str(a[1]) } var tup = [5, “guten abend!”] RefinementsPath and Flow SensitivityArraysPrototypesLoops
![45 Encode tuples as arrays { a | a :: Arr (Top) { a | packed(a) len(a) = 2 { a | Int(a[0]) { a | Str(a[1]) } var tup = [5, guten abend! ] RefinementsPath and Flow SensitivityArraysPrototypesLoops](http://images.slideplayer.com/27/8986115/slides/slide_45.jpg "45 Encode tuples as arrays { a | a :: Arr (Top) { a | packed(a) len(a) = 2 { a | Int(a[0]) { a | Str(a[1]) } var tup = [5, guten abend! ] RefinementsPath and Flow SensitivityArraysPrototypesLoops")
46
46 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == “newyorker.com”) { var elts = doc.getEltsByTagName(“a”) var i = 0 var loop = function loop () { if (i < elts.length && i <= max) { elts[i].getAttr(“href”) i++ loop() } else { undefined } loop() } max :- Int i :- {v | v >= 0} elts :- {a | a = elts 0 } Elt.proto :- {d | …} Desugared Loop
![46 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) var i = 0 var loop = function loop () { if (i < elts.length && i <= max) { elts[i].getAttr( href ) i++ loop() } else { undefined } loop() } max :- Int i :- {v | v >= 0} elts :- {a | a = elts 0 } Elt.proto :- {d | …} Desugared Loop](http://images.slideplayer.com/27/8986115/slides/slide_46.jpg "46 var readLinks = function (doc, max) { if (!max) max = 10 if (doc.domain() == newyorker.com ) { var elts = doc.getEltsByTagName( a ) var i = 0 var loop = function loop () { if (i < elts.length && i <= max) { elts[i].getAttr( href ) i++ loop() } else { undefined } loop() } max :- Int i :- {v | v >= 0} elts :- {a | a = elts 0 } Elt.proto :- {d | …} Desugared Loop")
47
47 /*: x:NumOrBool {ite Num(x) Num(v) Bool(v)} */ function negate(x) { x = (typeof x == “number”) ? 0 – x : !x return x } /*: x:Any {v iff falsy(x)} */ function negate(x) { x = (typeof x == “number”) ? 0 – x : !x return x } {p} {v|p}
48
48 ObjHas(d,k,H,d’) has(d,k) HeapHas(H,d’,k) /*: x:Ref / [x |-> d:Dict |> ^x] {v iff ObjHas(d,”f”,curHeap,^x)} / sameHeap */ function hasF(x) { return “f” in x } x:T 1 /H 1 T 2 /H 2 Function Types and Objects output typeinput heap input typeoutput heap
![48 ObjHas(d,k,H,d’) has(d,k) HeapHas(H,d’,k) /*: x:Ref / [x |-> d:Dict |> ^x] {v iff ObjHas(d, f ,curHeap,^x)} / sameHeap */ function hasF(x) { return f in x } x:T 1 /H 1 T 2 /H 2 Function Types and Objects output typeinput heap input typeoutput heap](http://images.slideplayer.com/27/8986115/slides/slide_48.jpg "48 ObjHas(d,k,H,d’) has(d,k) HeapHas(H,d’,k) /*: x:Ref / [x |-> d:Dict |> ^x] {v iff ObjHas(d, f ,curHeap,^x)} / sameHeap */ function hasF(x) { return f in x } x:T 1 /H 1 T 2 /H 2 Function Types and Objects output typeinput heap input typeoutput heap")
49
49 ObjSel(d,k,H,d’) ite has(d,k) sel(d,k) HeapSel(H,d’,k) x:T 1 /H 1 T 2 /H 2 Function Types and Objects output typeinput heap input typeoutput heap /*: x:Ref / [x |-> d:Dict |> ^x] {v = ObjSel(d,”f”,curHeap,^x)} / sameHeap */ function readF(x) { return x.f }
![49 ObjSel(d,k,H,d’) ite has(d,k) sel(d,k) HeapSel(H,d’,k) x:T 1 /H 1 T 2 /H 2 Function Types and Objects output typeinput heap input typeoutput heap /*: x:Ref / [x |-> d:Dict |> ^x] {v = ObjSel(d, f ,curHeap,^x)} / sameHeap */ function readF(x) { return x.f }](http://images.slideplayer.com/27/8986115/slides/slide_49.jpg "49 ObjSel(d,k,H,d’) ite has(d,k) sel(d,k) HeapSel(H,d’,k) x:T 1 /H 1 T 2 /H 2 Function Types and Objects output typeinput heap input typeoutput heap /*: x:Ref / [x |-> d:Dict |> ^x] {v = ObjSel(d, f ,curHeap,^x)} / sameHeap */ function readF(x) { return x.f }")
Similar presentations
