1 / 44

A Model of Substructural State

A Model of Substructural State. Matthew Fluet Cornell University. Introduction. Forms of “uniqueness” are appearing in programming languages. Introduction. Forms of “uniqueness” are appearing in programming languages Cyclone – affine pointers, which may be discarded, but not duplicated

patience-bernard
Download Presentation

A Model of Substructural State

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Model of Substructural State Matthew Fluet Cornell University

  2. Introduction • Forms of “uniqueness” are appearing in programming languages

  3. Introduction • Forms of “uniqueness” are appearing in programming languages • Cyclone – affine pointers, which may be discarded, but not duplicated • allow fine grained memory management • Vault – linear keys, which may be neither discarded nor duplicated • enforce resource management protocols

  4. Introduction • Forms of “uniqueness” are appearing in programming languages • Cyclone – affine pointers, which may be discarded, but not duplicated • allow fine grained memory management • Vault – linear keys, which may be neither discarded nor duplicated • enforce resource management protocols • C / Java / SML – unrestricted objects that may be both discarded and duplicated

  5. Introduction • But, programming with only unique objects is much too painful • Both Cyclone and Vault allow a programmer to put unique objects in shared objects • Impose a variety of restrictions to ensure that these mixed objects behave in a safe manner

  6. Introduction • Natural to study a core language with mutable references of all flavors

  7. Qualifiers Linear Affine Discard Relevant Duplicate Unrestricted Discard,Duplicate

  8. Qualifiers Unique objects – may be “used”at most once Linear Affine Discard Relevant Duplicate Unrestricted Discard,Duplicate Shared objects – may be copied

  9. Qualifiers must be “used”at least once Linear Affine Discard Relevant Duplicate Unrestricted Discard,Duplicate may be dropped

  10. Introduction • Natural to study a core language with mutable references of all qualifiers • Raises design questions: • What does it mean to copy or drop a ref? • What operations make sense on different refs? • What combinations of qualifiers for a reference and its contents make sense? • Can one construct a reasonable model for such a language?

  11. Outline • A Substructural Type System • … with References • Model Teaser

  12. A Substructural Type System • Qualifiers q ::= U j R j A j L • PreTypes t::= 1jt1­t2jt1(t2 • Types t::= qt

  13. A Substructural Type System • Non-examples • U(At1­At2), U(Rt1­Rt2), U(Lt1­Lt2)

  14. A Substructural Type System • Non-examples • U(At1­At2), U(Rt1­Rt2), U(Lt1­Lt2) •    copyhv1,v2i!hhv1,v2i,hv1,v2ii v1 and v2 may be used more than once

  15. A Substructural Type System • Non-examples • U(At1­At2), U(Rt1­Rt2), U(Lt1­Lt2) •    copyhv1,v2i!hhv1,v2i,hv1,v2ii v1 and v2 may be used more than once

  16. A Substructural Type System • Non-examples • U(At1­At2), U(Rt1­Rt2), U(Lt1­Lt2) •    copyhv1,v2i!hhv1,v2i,hv1,v2ii drophv1,v2i!hi v1 and v2 may be used more than once v1 and v2 are not used

  17. A Substructural Type System • Non-examples • U(At1­At2), U(Rt1­Rt2), U(Lt1­Lt2) •    copyhv1,v2i!hhv1,v2i,hv1,v2ii drophv1,v2i!hi v1 and v2 may be used more than once v1 and v2 are not used

  18. … with References • PreTypes t::= … jreft

  19. … with References • Examples? • U(refUt), U(refRt), U(refAt), U(refLt)

  20. … with References • Examples? • U(refUt), U(refRt), U(refAt), U(refLt) copy l !hl,li drop l !hi l may be used more than once;but contents are not copied l may is not used;and contents are dropped

  21. … with References • Examples? • U(refUt), U(refRt), U(refAt), U(refLt) •   copy l !hl,li drop l !hi l may be used more than once;but contents are not copied l may is not used;and contents are dropped

  22. Operations on Substructural State

  23. A Model of Substructural State • Model a type as a set of tuples ofqualifier, value, and local store typing «t¬ ::= { (q,y,v), …} • Model a local store typing as a partial map from locations to qualifiers and types y::= { l a (q,«t¬), … }

  24. A Model of Substructural State • Model a type as a set of tuples ofqualifier, value, and local store type • Model a local store type as a partial map from locations to qualifiers and types • Local store of v only defined on those locations that appear as sub-expressions of v

  25. A Model of Substructural State • Model a type as a set of tuples ofqualifier, value, and local store type • Model a local store type as a partial map from locations to qualifiers and types • Local store of v only defined on those locations that appear as sub-expressions of v • Further restrictions to rule out  stores

  26. A Model of Substructural State • Why only a local store type? • Storing a unique object in a shared reference “hides” the unique object • Using the global store – difficult to identify the “real” occurrence of a unique location

  27. A Model of Substructural State • How can we check that a global store satisfies a local store type? • Use a Garbage Collector

  28. Store Satisfaction store satisfies s l4a v4 l7a v7 y l1a v1 l5a v5 l8a v8 l1at1 l2a v2 l9a v9 l2at2 l3a v3 l6a v6 l3at3

  29. Store Satisfaction store satisfies s l4a v4 l7a v7 y l1a v1 l5a v5 l8a v8 l1at1 l2a v2 l9a v9 l2at2 l3a v3 l6a v6 l3at3 These are the roots

  30. Store Satisfaction store satisfies s l4a v4 l7a v7 y l1a v1 l5a v5 l8a v8 l1at1 l2a v2 l9a v9 l2at2 l3a v3 l6a v6 l3at3 if there exists a set of locations N l4 l7 l5 l9 l6 These are the non-roots

  31. Store Satisfaction and local store types yl (l 2 dom(y) ] N) that merge These are the child locations traced from the contents of l

  32. Store Satisfaction and local store types yl (l 2 dom(y) ] N) that merge = y¯¯l 2 dom(y) ] Nyl Y* l4at4 l7at7 l1at1 l5at5 l2at2 l9at9 l3at3 l6at6 The global store type The local store types are compatible (non-contradictory)

  33. Store Satisfaction and local store types yl (l 2 dom(y) ] N) that merge = y¯¯l 2 dom(y) ] Nyl Y* l4at4 l7at7 l1at1 l5at5 l2at2 l9at9 l3at3 l6at6 The global store type Don’t trace a unique location more than once

  34. s : Y* l4a v4 : t4 l7a v7 : t7 l1a v1 : t1 l5a v5 : t5 l8a v8 l2a v2 : t2 l9a v9 : t9 l3a v3 : t3 l6a v6 : t6 Store Satisfaction to describe the store

  35. Conclusion and Future Work • Core language, type-system, and model • Model more advanced features • Cyclone – alias construct allows a unique pointer to be treated as shared for a limited scope • Vault – focus construct allows a shared object to be treated as unique for a limited scope

  36. Structural Lemmas • Exchange: • If G1,x1:t1,x2:t2,G2` e : t,then G1,x2:t2,x1:t1,G2` e : t. • Contraction: • If G1,x1:tx,x2:tx,G2` e : t,then G1,x:tx,G2` e[x/x1][x/x2] : t. • Weakening: • If G` e : t, then G,x:tx` e : t.

  37. Structural Lemmas • Exchange: • If G1,x1:t1,x2:t2,G2` e : t,then G1,x2:t2,x1:t1,G2` e : t. • Contraction: Duplicate • If G1,x1:tx,x2:tx,G2` e : t,then G1,x:tx,G2` e[x/x1][x/x2] : t. • Weakening: Discard • If G` e : t, then G,x:tx` e : t.

  38. Qualifiers Linear Exch Affine Exch,Weak Relevant Exch,Cntr Unrestricted Exch,Cntr,Weak

  39. Structural Lemmas Revisited • Contraction: • If q ¹ R and G1,x1:qtx,x2:qtx,G2` e : t,then G1,x1:qtx,G2` e[x/x1][x/x2] : t. • Weakening: • If q ¹ A and G` e : t,then G,x:qtx` e : t.

  40. Operational Semantics s ::= {l1 a v1, …, ln a vn} (s, new v) ! (s ] {l a v}, l) (s ] {l a v}, free l) ! (s, v) (s ] {l a v}, rd l) ! (s ] {l a v}, hl, vi) (s ] {l a v1}, wr l v2) ! (s ] {l a v2}, l) (s ] {l a v1}, sw l v2) ! (s ] {l a v2}, hl, v1i)

  41. A Model of Substructural State • Model a type as a set of tuples ofqualifier, value, and local store type • Model a local store type as a partial map from locations to qualifiers and types

  42. A Model of Substructural State • Model a type as a set of tuples PreType = Ã(Qual £ Value £ LocStore) Type = PreType • Model a local store type as a partial map LocStore = Locs ! (Qual £ Type)? • Cardinality problem is handled by stratifying definitions with “# of steps to run the program”

  43. A Model of Substructural State PreType = { c2Ã(Qual £ Value £ LocStore) jfor all (q,v,y) 2c, each location in y is mapped to a qualifier ¹ q } Type = { c2 PreType jall qualifiers in c are the same } LocStore = { y2 Locs ! (Qual £ Type)?jeach location is mapped to a type consistent with the location’s qualifier }

More Related