Dependently-typed data plane programming

Programming languages like P4 enable specifying the behavior of network data planes in software. However, with increasingly powerful and complex applications running in the network, the risk of faults also increases. Hence, there is growing recognition of the need for methods and tools to statically verify the correctness of P4 code, especially as the language lacks basic safety guarantees. Type systems are a lightweight and compositional way to establish program properties, but there is a significant gap between the kinds of properties that can be proved using simple type systems (e.g., SafeP4) and those that can be obtained using full-blown verification tools (e.g., p4v). In this paper, we close this gap by developing Π4, a dependently-typed version of P4 based on decidable refinements. We motivate the design of Π4, prove the soundness of its type system, develop an SMT-based implementation, and present case studies that illustrate its applicability to a variety of data plane programs.

Download Full-text

Introduction to the Special Issue on Dependent Type Theory Meets Practical Programming

Journal of Functional Programming ◽

10.1017/s0956796803004866 ◽

2004 ◽

Vol 14 (1) ◽

pp. 1-2

Author(s):

GILLES BARTHE ◽

PETER DYBJEN ◽

PETER THIEMANN

Keyword(s):

Programming Languages ◽

Type Theory ◽

Type System ◽

Type Systems ◽

Special Issue ◽

Dependent Type Theory ◽

Dependent Type

Download Full-text

Implicit self-adjusting computation for purely functional programs

Journal of Functional Programming ◽

10.1017/s0956796814000033 ◽

2014 ◽

Vol 24 (1) ◽

pp. 56-112 ◽

Cited By ~ 9

Author(s):

YAN CHEN ◽

JOSHUA DUNFIELD ◽

MATTHEW A. HAMMER ◽

UMUT A. ACAR

Keyword(s):

Programming Languages ◽

Type System ◽

Type Systems ◽

Type Inference ◽

Source Program ◽

Target Program ◽

Implicit Approach ◽

Asymptotic Complexity ◽

Cost Semantics ◽

Output Behavior

AbstractComputational problems that involve dynamic data, such as physics simulations and program development environments, have been an important subject of study in programming languages. Building on this work, recent advances in self-adjusting computation have developed techniques that enable programs to respond automatically and efficiently to dynamic changes in their inputs. Self-adjusting programs have been shown to be efficient for a reasonably broad range of problems, but the approach still requires an explicit programming style, where the programmer must use specific monadic types and primitives to identify, create, and operate on data that can change over time. We describe techniques for automatically translating purely functional programs into self-adjusting programs. In this implicit approach, the programmer need only annotate the (top-level) input types of the programs to be translated. Type inference finds all other types, and a type-directed translation rewrites the source program into an explicitly self-adjusting target program. The type system is related to information-flow type systems and enjoys decidable type inference via constraint solving. We prove that the translation outputs well- typed self-adjusting programs and preserves the source program's input–output behavior, guaranteeing that translated programs respond correctly to all changes to their data. Using a cost semantics, we also prove that the translation preserves the asymptotic complexity of the source program.

Download Full-text

Featherweight generic confinement

Journal of Functional Programming ◽

10.1017/s0956796806006125 ◽

2006 ◽

Vol 16 (6) ◽

pp. 793-811 ◽

Cited By ~ 7

Author(s):

ALEX POTANIN ◽

JAMES NOBLE ◽

DAVE CLARKE ◽

ROBERT BIDDLE

Keyword(s):

Programming Languages ◽

Ad Hoc ◽

Type System ◽

Type Systems ◽

General Purpose ◽

Ownership Type ◽

Essential Change ◽

Polymorphic Type ◽

Syntactic Restrictions

Existing approaches to object encapsulation either rely on ad hoc syntactic restrictions or require the use of specialised type systems. Syntactic restrictions are difficult to scale and to prove correct, while specialised type systems require extensive changes to programming languages. We demonstrate that confinement can be enforced cheaply in Featherweight Generic Java, with no essential change to the underlying language or type system. This result demonstrates that polymorphic type parameters can simultaneously act as ownership parameters and should facilitate the adoption of confinement and ownership type systems in general-purpose programming languages.

Download Full-text

Linearization of the lambda-calculus and its relation with intersection type systems

Journal of Functional Programming ◽

10.1017/s0956796803004970 ◽

2004 ◽

Vol 14 (5) ◽

pp. 519-546 ◽

Cited By ~ 5

Author(s):

MÁRIO FLORIDO ◽

LUÍS DAMAS

Keyword(s):

Programming Languages ◽

Functional Programming ◽

Type System ◽

Lambda Calculus ◽

Type Systems ◽

Functional Programming Languages

In this paper we present a notion of expansion of a term in the lambda-calculus which transforms terms into linear terms. This transformation replaces each occurrence of a variable in the original term by a fresh variable taking into account non-trivial implications in the structure of the term caused by these simple replacements. We prove that the class of terms which can be expanded is the same of terms typable in an Intersection Type System, i.e. the strongly normalizable terms. We then show that expansion is preserved by weak-head reduction, the reduction considered by functional programming languages.

Download Full-text

A certified lightweight non-interference Java bytecode verifier

Mathematical Structures in Computer Science ◽

10.1017/s0960129512000850 ◽

2013 ◽

Vol 23 (5) ◽

pp. 1032-1081 ◽

Cited By ~ 9

Author(s):

GILLES BARTHE ◽

DAVID PICHARDIE ◽

TAMARA REZK

Keyword(s):

Programming Languages ◽

Information Flow ◽

Type System ◽

Type Systems ◽

Program Execution ◽

Flow Type ◽

Java Bytecode ◽

First Sound ◽

Coq Proof Assistant ◽

High Level

Non-interference guarantees the absence of illicit information flow throughout program execution. It can be enforced by appropriate information flow type systems. Much of the previous work on type systems for non-interference has focused on calculi or high-level programming languages, and existing type systems for low-level languages typically omit objects, exceptions and method calls. We define an information flow type system for a sequential JVM-like language that includes all these programming features, and we prove, in the Coq proof assistant, that it guarantees non-interference. An additional benefit of the formalisation is that we have extracted from our proof a certified lightweight bytecode verifier for information flow. Our work provides, to the best of our knowledge, the first sound and certified information flow type system for such an expressive fragment of the JVM.

Download Full-text

Elaborating intersection and union types

Journal of Functional Programming ◽

10.1017/s0956796813000270 ◽

2014 ◽

Vol 24 (2-3) ◽

pp. 133-165 ◽

Cited By ~ 11

Author(s):

JOSHUA DUNFIELD

Keyword(s):

Programming Languages ◽

Type System ◽

Type Systems ◽

Prototype Implementation ◽

Value Evaluation ◽

Source Program ◽

Parametric Polymorphism ◽

New Type ◽

Dynamic Typing ◽

System Feature

AbstractDesigning and implementing typed programming languages is hard. Every new type system feature requires extending the metatheory and implementation, which are often complicated and fragile. To ease this process, we would like to provide general mechanisms that subsume many different features. In modern type systems, parametric polymorphism is fundamental, but intersection polymorphism has gained little traction in programming languages. Most practical intersection type systems have supported onlyrefinement intersections, which increase the expressiveness of types (more precise properties can be checked) without altering the expressiveness of terms; refinement intersections can simply be erased during compilation. In contrast,unrestrictedintersections increase the expressiveness of terms, and can be used to encode diverse language features, promising an economy of both theory and implementation. We describe a foundation for compiling unrestricted intersection and union types: an elaboration type system that generates ordinary λ-calculus terms. The key feature is a Forsythe-like merge construct. With this construct, not all reductions of the source program preserve types; however, we prove that ordinary call-by-value evaluation of the elaborated program corresponds to a type-preserving evaluation of the source program. We also describe a prototype implementation and applications of unrestricted intersections and unions: records, operator overloading, and simulating dynamic typing.

Download Full-text

Using Vampire in Soundness Proofs of Type Systems

10.29007/22x6 ◽

2018 ◽

Author(s):

Sylvia Grewe ◽

Sebastian Erdweg ◽

Mira Mezini

Keyword(s):

Programming Languages ◽

Type System ◽

Lambda Calculus ◽

Type Systems ◽

Current Approach ◽

Order Logic ◽

First Order Logic ◽

First Order ◽

Domain Specific ◽

Automated Proof

Type systems for programming languages shall detect type errors in programs before runtime. To ensure that a type system meets this requirement, its soundness must be formally verified. We aim at automating soundness proofs of type systems to facilitate the development of sound type systems for domain-specific languages.Soundness proofs for type systems typically require induction. However, many of the proofs of individual induction cases only require first-order reasoning. For the development of our workbench Veritas, we build on this observation by combining automated first-order theorem provers such as Vampire with automated proof strategies specific to type systems. In this paper, we describe how we encode type soundness proofs in first-order logic using TPTP. We show how we use Vampire to prove the soundness of type systems for the simply-typed lambda calculus and for parts of a typed SQL. We report on which parts of the proofs are handled well by Vampire, and what parts work less well with our current approach.

Download Full-text

Relational nullable types with Boolean unification

Proceedings of the ACM on Programming Languages ◽

10.1145/3485487 ◽

2021 ◽

Vol 5 (OOPSLA) ◽

pp. 1-28

Author(s):

Magnus Madsen ◽

Jaco van de Pol

Keyword(s):

Open Source ◽

Programming Languages ◽

Type System ◽

Type Systems ◽

Type Inference ◽

System A ◽

Wide Range ◽

Programming Patterns ◽

Null Value ◽

Preliminary Study

We present a simple, practical, and expressive relational nullable type system. A relational nullable type system captures whether an expression may evaluate to null based on its type, but also based on the type of other related expressions. The type system extends the Hindley-Milner type system with Boolean constraints, supports parametric polymorphism, and preserves principal types modulo Boolean equivalence. We show how to support full Hindley-Milner style type inference with an extension of Algorithm W. We conduct a preliminary study of open source projects showing that there is a need for relational nullable type systems across a wide range of programming languages. The most important findings from the study are: (i) programmers use programming patterns where the nullability of one expression depends on the nullability of other related expressions, (ii) such invariants are commonly enforced with run-time exceptions, and (iii) reasoning about these programming patterns requires not only knowledge of when an expression may evaluate to null, but also when it may evaluate to a non-null value. We incorporate these observations in the design of the proposed relational nullable type system.

Download Full-text

Special issue on Dependent Type Theory Meets Programming Practice CALL FOR PAPERS

Journal of Functional Programming ◽

10.1017/s0956796801004105 ◽

2001 ◽

Vol 11 (4) ◽

pp. 437-437

Author(s):

Gilles Barthe ◽

Peter Dybjer ◽

Peter Thiemann

Keyword(s):

Programming Languages ◽

Type Theory ◽

Type System ◽

Type Systems ◽

Point Of View ◽

Theoretical Point ◽

Special Issue ◽

Dependent Type Theory ◽

The Impact ◽

Dependent Type

Modern programming languages rely on advanced type systems that detect errors at compile-time. While the benefits of type systems have long been recognized, there are some areas where the standard systems in programming languages are not expressive enough. Language designers usually trade expressiveness for decidability of the type system. Some interesting programs will always be rejected (despite their semantical soundness) or be assigned uninformative types.There are several remedies to this situation. Dependent type systems, which allow the formation of types that explicitly depend on other types or values, are one of the most promising approaches. These systems are well-investigated from a theoretical point of view by logicians and type theorists. For example, dependent types are used in proof assistants to implement various logics and there are sophisticated proof editors for developing programs in a dependently typed language.To the present day, the impact of these developments on practical programming has been small, partially because of the level of sophistication of these systems and of their type checkers. Only recently, there have been efforts to integrate dependent systems into intermediate languages in compilers and programming languages. Additional uses have been identified in high-profile applications such as mobile code security, where terms of a dependently typed lambda calculus to encode safety proofs.A special issue of the Journal of Functional Programming will be devoted to the interplay between dependent type theory and programming practice. We welcome technical contributions in the field, as well as position papers that:[bull ] make researchers in programming languages aware of new developments and research directions on the theory side;[bull ] point out to theorists practical uses of advanced type systems and urge them to address theoretical problems arising in emerging applications.Authors who are concerned about the appropriateness of a topic are welcome to contact the guest editors. Manuscripts should be unpublished works and not submitted elsewhere. Revised and enhanced versions of papers published in conference proceedings that have not appeared in archival journals are eligible for submission. All submissions will be reviewed according to the usual standards of scholarship and originality.Submissions should be sent to Gilles Barthe ([email protected]), with a copy to Nasreen Ahmad ([email protected]). Submitted articles should be sent in postscript format, preferably gzipped and uuencoded. In addition, please send, as plain text, title, abstract and contact information.The submission deadline is December 1st, 2001.

Download Full-text

The use of types in designing unification algorithms: two case studies

10.29007/lbk5 ◽

2018 ◽

Author(s):

Serdar Erbatur ◽

Santiago Escobar ◽

Paliath Narendran

Keyword(s):

Case Studies ◽

Type System ◽

Equational Theory ◽

Type Systems ◽

Strict Sense ◽

Signature Schemes ◽

Rule Based ◽

Unification Algorithms

We discuss the use of type systems in a non-strict sensewhen designing unification algorithms. We first give anew (rule-based) algorithm for an equational theory which representsa property of El-Gamal signature schemes and show howa type system can be used to prove termination of the algorithm.Lastly, we reproduce termination result for theory of partialexponentiation given earlier.

Download Full-text