Presentation is loading. Please wait.

Presentation is loading. Please wait.

Type soundness In a more formal way. Proving Soundness of Type Systems Goal of a sound type system: –if the program type checks, then it never “crashes”

Published byMercy Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Type soundness In a more formal way. Proving Soundness of Type Systems Goal of a sound type system: –if the program type checks, then it never “crashes”"— Presentation transcript:

1 Type soundness In a more formal way

2 Proving Soundness of Type Systems Goal of a sound type system: –if the program type checks, then it never “crashes” –crash = some precisely specified bad behavior e.g. invoking an operation with a wrong type dividing one string by another string “cat” / “frog trying to multiply a Window object by a File object e.g. not dividing an integer by zero Never crashes: no matter how long it executes –proof is done by induction on program execution

3 Definition of Simple Language var x 1 : Pos var x 2 : Int... var x n : Pos x i = x j x p = x q + x r x a = x b / x c... x p = x q + x r Programs: variable declarations var x: Pos or var x: Int followed by statements of one of 3 forms 1)x i = x j 2)x i = x j / x k 3)x i = x j + x k (No complex expressions) Soundness here: no division by zero

4 Proving Soundness by Induction Program moves from state to state Bad state = state where program is about to exhibit a bad operation ( 3 / 0 ) Good state = state that is not bad To prove: program type checks  states in all executions are good Usually need a stronger inductive hypothesis; some notion of very good (VG) state such that: program type checks  program’s initial state is very good state is very good  next state is also very good state is very good  state is good (not about to crash) VG Good VG

5 Proving Soundness by Induction Usually need a stronger inductive hypothesis; some notion of very good (VG) state such that: program type checks  program’s initial state is very good state is very good  next state is also very good state is very good  state is good (not about to crash) Given program statements and type rules, and under the assumption that programs type check 1.Define a formal description of program execution (operational semantics) 2.Find an invariant to describe very good states 3.Prove that the invariant is preserved for each execution step 4.Prove that the invariant implies no division by zero VG Good VG

6 Operational semantics Operational semantics gives meaning to programs by describing how the program state changes as a sequence of steps. big-step semantics: consider the effect of entire blocks small-step semantics: consider individual steps (e.g. z = x + y) V: set of variables in the program pc: integer variable denoting the program counter g: V  Int fnc. giving the values of program variables (g, pc)program state Then, for each possible statement in the program we define how it changes the program state. Example: z = x (g, pc)  (g’, pc + 1) s. t. g’ = g(z := g(x))

7 Step 1: operational semantics Give the operational semantics for our simple language. var x 1 : Pos var x 2 : Int... var x n : Pos x i = x j x p = x q + x r x a = x b / x c... x p = x q + x r Programs: variable declarations var x: Pos (assume default value 1) or var x: Int (assume default value 0) followed by statements of one of 3 forms 1)x i = x j 2)x i = x j / x k 3)x i = x j + x k (No complex expressions) Notation: g(x := e) function update g(x)value of variable x

8 Step 2: invariant “A state is very good, if each variable belongs to the domain determined by its type.” Find the invariant that formalizes this.

9 Step 3: invariant is inductive Show that if a program type checks, invariant holds in program’s initial state if the invariant holds in one state, it holds in the next state

10 Step 4: invariant implies no crash Show that assuming a program type checks, its execution will not divide by zero.

11 Back to the start Does the proof still work? If not, where does it break?

12 What if we want more complex types? class A { } class B extends A { void foo() { } } class Test { public static void main(String[] args) { B[] b = new B[5]; A[] a; a = b; System.out.println("Hello,"); a[0] = new A(); System.out.println("world!"); b[0].foo(); } Should it type check? Does this type check in Java? Does this type check in Scala?

13 What if we want more complex types? Suppose we add to our language a reference type: class Ref[T](var content : T) var x 1 : Pos var x 2 : Int var x 3 : Ref[Int] var x 4 : Ref[Pos] x = y x = y + z x = y / z x = y + z.content x.content = y … Programs: Exercise 1: Extend the type rules to use with Ref[T] types. Show your new type system is sound. Exercise 2: Can we use the subtyping rule? If not, where does the proof break?

Download ppt "Type soundness In a more formal way. Proving Soundness of Type Systems Goal of a sound type system: –if the program type checks, then it never “crashes”"

Similar presentations

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
- Vasvi Kakkad.  Formal -  Tool for mathematical analysis of language  Method for precisely designing language  Well formed model for describing and.

- Vasvi Kakkad.  Formal -  Tool for mathematical analysis of language  Method for precisely designing language  Well formed model for describing and.
The Substitution Principle SWE 332 – Fall 2010. 2 Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,

The Substitution Principle SWE 332 – Fall Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
1 Lecture 11 Interfaces and Exception Handling from Chapters 9 and 10.

1 Lecture 11 Interfaces and Exception Handling from Chapters 9 and 10.
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Type Checking.

Type Checking.
1 Data types, operations, and expressions Overview l Primitive Data Types l Variable declaration l Arithmetical Operations l Expressions.

1 Data types, operations, and expressions Overview l Primitive Data Types l Variable declaration l Arithmetical Operations l Expressions.
Datalogi A 1: 8/9. Book: Cay Horstmann: Big Java or Java Consepts.

Datalogi A 1: 8/9. Book: Cay Horstmann: Big Java or Java Consepts.
Classes and Objects in Java

Classes and Objects in Java
1 Data types, operations, and expressions Overview l Format of a Java Application l Primitive Data Types l Variable Declaration l Arithmetic Operations.

1 Data types, operations, and expressions Overview l Format of a Java Application l Primitive Data Types l Variable Declaration l Arithmetic Operations.
CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.
Fundamental Programming Structures in Java: Comments, Data Types, Variables, Assignments, Operators.

Fundamental Programming Structures in Java: Comments, Data Types, Variables, Assignments, Operators.
Computer Science A 1: 3/2. Course plan Introduction to programming Basic concepts of typical programming languages. Tools: compiler, editor, integrated.

Computer Science A 1: 3/2. Course plan Introduction to programming Basic concepts of typical programming languages. Tools: compiler, editor, integrated.
COMP 14: Primitive Data and Objects May 24, 2000 Nick Vallidis.

COMP 14: Primitive Data and Objects May 24, 2000 Nick Vallidis.
Writing algorithms using the for-statement. Programming example 1: find all divisors of a number We have seen a program using a while-statement to solve.

Writing algorithms using the for-statement. Programming example 1: find all divisors of a number We have seen a program using a while-statement to solve.
10-Aug-15 Classes and Objects in Java. 2 Classes and Objects A Java program consists of one or more classes A class is an abstract description of objects.

10-Aug-15 Classes and Objects in Java. 2 Classes and Objects A Java program consists of one or more classes A class is an abstract description of objects.
Types for Positive and Negative Ints Int = {..., -2, -1, 0, 1, 2,... } Pos = { 1, 2,... } (not including zero) Neg = {..., -2, -1 } (not including zero)

Types for Positive and Negative Ints Int = {..., -2, -1, 0, 1, 2,... } Pos = { 1, 2,... } (not including zero) Neg = {..., -2, -1 } (not including zero)
CS1101: Programming Methodology Aaron Tan.

CS1101: Programming Methodology Aaron Tan.

Similar presentations

Ads by Google