Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | patience-bernard |
View: | 18 times |
Download: | 2 times |
A Model of Substructural State
Matthew Fluet
Cornell University
Feb. 25, 2005 2
Introduction
• Forms of “uniqueness” are appearing in programming languages
Feb. 25, 2005 3
Introduction
• Forms of “uniqueness” are appearing in programming languages• Cyclone – affine pointers, which may be
discarded, but not duplicated• allow fine grained memory management
• Vault – linear keys, which may be neither discarded nor duplicated
• enforce resource management protocols
Feb. 25, 2005 4
Introduction
• Forms of “uniqueness” are appearing in programming languages• Cyclone – affine pointers, which may be
discarded, but not duplicated• allow fine grained memory management
• Vault – linear keys, which may be neither discarded nor duplicated
• enforce resource management protocols
• C / Java / SML – unrestricted objects that may be both discarded and duplicated
Feb. 25, 2005 5
Introduction
• But, programming with only unique objects is much too painful• Both Cyclone and Vault allow a programmer to put
unique objects in shared objects• Impose a variety of restrictions to ensure that
these mixed objects behave in a safe manner
Feb. 25, 2005 6
Introduction
• Natural to study a core language with mutable references of all flavors
Feb. 25, 2005 7
Qualifiers
AffineDiscard
RelevantDuplicate
UnrestrictedDiscard,Duplicate
Linear
Feb. 25, 2005 8
Qualifiers
AffineDiscard
RelevantDuplicate
UnrestrictedDiscard,Duplicate
Linear
Unique objects – may be “used”at most once
Shared objects –may be copied
Feb. 25, 2005 9
Qualifiers
AffineDiscard
RelevantDuplicate
UnrestrictedDiscard,Duplicate
Linear
must be “used”at least once
may be dropped
Feb. 25, 2005 10
Introduction
• Natural to study a core language with mutable references of all qualifiers
• Raises design questions:• What does it mean to copy or drop a ref?• What operations make sense on different refs?• What combinations of qualifiers for a reference
and its contents make sense?• Can one construct a reasonable model for such a
language?
Feb. 25, 2005 11
Outline
• A Substructural Type System
• … with References
• Model Teaser
Feb. 25, 2005 12
A Substructural Type System
• Qualifiers
q ::= U j R j A j L
• PreTypes
::= 1 j 1 2 j 1 ( 2
• Types
::= q
Feb. 25, 2005 13
A Substructural Type System
• Non-examples• U(A1 A2), U(R1 R2), U(L1 L2)
•
Feb. 25, 2005 14
A Substructural Type System
• Non-examples• U(A1 A2), U(R1 R2), U(L1 L2)
•
copy hv1,v2i ! hhv1,v2i,hv1,v2ii
v1 and v2 may be used more than once
Feb. 25, 2005 15
A Substructural Type System
• Non-examples• U(A1 A2), U(R1 R2), U(L1 L2)
•
copy hv1,v2i ! hhv1,v2i,hv1,v2ii
v1 and v2 may be used more than once
Feb. 25, 2005 16
A Substructural Type System
• Non-examples• U(A1 A2), U(R1 R2), U(L1 L2)
•
copy hv1,v2i ! hhv1,v2i,hv1,v2ii
drop hv1,v2i ! hi
v1 and v2 may be used more than once
v1 and v2 are not used
Feb. 25, 2005 17
A Substructural Type System
• Non-examples• U(A1 A2), U(R1 R2), U(L1 L2)
•
copy hv1,v2i ! hhv1,v2i,hv1,v2ii
drop hv1,v2i ! hi
v1 and v2 may be used more than once
v1 and v2 are not used
Feb. 25, 2005 18
… with References
• PreTypes
::= … j ref
Feb. 25, 2005 19
… with References
• Examples?• U(ref U), U(ref R), U(ref A), U(ref L)
Feb. 25, 2005 20
… with References
• Examples?• U(ref U), U(ref R), U(ref A), U(ref L)
copy l ! hl,li
drop l ! hi
l may be used more than once;but contents are not copied
l may is not used;and contents are dropped
Feb. 25, 2005 21
… with References
• Examples?• U(ref U), U(ref R), U(ref A), U(ref L)•
copy l ! hl,li
drop l ! hi
l may be used more than once;but contents are not copied
l may is not used;and contents are dropped
Feb. 25, 2005 22
Operations on Substructural State
OpsContents and Ops
Ref U R A L
shared
U newweak updates
readwriteswap
writeswap
R newweak updates
readwriteswap
read
swapwriteswap swap
unique
A new freestrong updates
readwriteswap
writeswap
L new freestrong updates
readwriteswap
read
swapwriteswap swap
Feb. 25, 2005 23
A Model of Substructural State
• Model a type as a set of tuples ofqualifier, value, and local store typing
«¬ ::= { (q,,v), …}
• Model a local store typing as a partial map from locations to qualifiers and types
::= { l (q,«¬), … }
Feb. 25, 2005 24
A Model of Substructural State
• Model a type as a set of tuples ofqualifier, value, and local store type
• Model a local store type as a partial map from locations to qualifiers and types
• Local store of v only defined on those locations that appear as sub-expressions of v
Feb. 25, 2005 25
A Model of Substructural State
• Model a type as a set of tuples ofqualifier, value, and local store type
• Model a local store type as a partial map from locations to qualifiers and types
• Local store of v only defined on those locations that appear as sub-expressions of v
• Further restrictions to rule out stores
Feb. 25, 2005 26
A Model of Substructural State
• Why only a local store type?• Storing a unique object in a shared reference
“hides” the unique object• Using the global store – difficult to identify the
“real” occurrence of a unique location
Feb. 25, 2005 27
A Model of Substructural State
• How can we check that a global store satisfies a local store type?
• Use a Garbage Collector
Feb. 25, 2005 28
Store Satisfaction
store satisfiesl1 v1
s
l2 v2
l3 v3
l4 v4
l5 v5
l6 v6
l7 v7
l8 v8
l9 v9
l1 1
l2 2
l3 3
Feb. 25, 2005 29
Store Satisfaction
These are the roots
store satisfiesl1 v1
s
l2 v2
l3 v3
l4 v4
l5 v5
l6 v6
l7 v7
l8 v8
l9 v9
l1 1
l2 2
l3 3
Feb. 25, 2005 30
Store Satisfaction
l1 v1
s
l2 v2
l3 v3
l4 v4
l5 v5
l6 v6
l7 v7
l8 v8
l9 v9
l1 1
l2 2
l3 3
store satisfies
if there exists a set of locations
N l4
l5
l6
l7
l9
These are the non-roots
Feb. 25, 2005 31
Store Satisfaction
and local store types l (l 2 dom() ] N) that merge
These are the child locations traced from the contents of l
Feb. 25, 2005 32
Store Satisfaction
and local store types l (l 2 dom() ] N) that merge
l1 1
l2 2
l3 3
l4 4
l5 5
l6 6
l7 7
l9 9= ¯ ¯l 2 dom() ] N l
The local store types are compatible (non-contradictory)
The global store type
Feb. 25, 2005 33
Store Satisfaction
and local store types l (l 2 dom() ] N) that merge
l1 1
l2 2
l3 3
l4 4
l5 5
l6 6
l7 7
l9 9= ¯ ¯l 2 dom() ] N l
Don’t trace a unique location more than once
The global store type
Feb. 25, 2005 34
Store Satisfaction
to describe the store
l1 v1 : 1
s : *
l2 v2 : 2
l3 v3 : 3
l4 v4 : 4
l5 v5 : 5
l6 v6 : 6
l7 v7 : 7
l8 v8
l9 v9 : 9
Feb. 25, 2005 35
Conclusion and Future Work
• Core language, type-system, and model
• Model more advanced features• Cyclone – alias construct allows a unique
pointer to be treated as shared for a limited scope• Vault – focus construct allows a shared object to
be treated as unique for a limited scope
Feb. 25, 2005 36
Feb. 25, 2005 37
Structural Lemmas
• Exchange:• If 1,x1:1,x2:2,2 ` e : ,
then 1,x2:2,x1:1,2 ` e : .
• Contraction:• If 1,x1:x,x2:x,2 ` e : ,
then 1,x:x,2 ` e[x/x1][x/x2] : .
• Weakening:• If ` e : ,
then ,x:x ` e : .
Feb. 25, 2005 38
Structural Lemmas
• Exchange:• If 1,x1:1,x2:2,2 ` e : ,
then 1,x2:2,x1:1,2 ` e : .
• Contraction: Duplicate• If 1,x1:x,x2:x,2 ` e : ,
then 1,x:x,2 ` e[x/x1][x/x2] : .
• Weakening: Discard• If ` e : ,
then ,x:x ` e : .
Feb. 25, 2005 39
Qualifiers
AffineExch,Weak
RelevantExch,Cntr
UnrestrictedExch,Cntr,Weak
LinearExch
Feb. 25, 2005 40
Structural Lemmas Revisited
• Contraction:• If q ¹ R and 1,x1:qx,x2:qx,2 ` e : ,
then 1,x1:qx,2 ` e[x/x1][x/x2] : .
• Weakening:• If q ¹ A and ` e : ,
then ,x:qx ` e : .
Feb. 25, 2005 41
Operational Semantics
s ::= {l1 a v1, …, ln a vn}
(s, new v) ! (s ] {l a v}, l)
(s ] {l a v}, free l) ! (s, v)
(s ] {l a v}, rd l) ! (s ] {l a v}, hl, vi)
(s ] {l a v1}, wr l v2) ! (s ] {l a v2}, l)
(s ] {l a v1}, sw l v2) ! (s ] {l a v2}, hl, v1i)
Feb. 25, 2005 42
A Model of Substructural State
• Model a type as a set of tuples ofqualifier, value, and local store type
• Model a local store type as a partial map from locations to qualifiers and types
Feb. 25, 2005 43
A Model of Substructural State
• Model a type as a set of tuples PreType = (Qual £ Value £ LocStore)
Type = PreType
• Model a local store type as a partial map LocStore = Locs ! (Qual £ Type)?
• Cardinality problem is handled by stratifying definitions with “# of steps to run the program”
Feb. 25, 2005 44
A Model of Substructural State
PreType = { 2 (Qual £ Value £ LocStore) j for all (q,v,) 2 , each location in is mapped to a qualifier ¹ q }
Type = { 2 PreType j all qualifiers in are the same }
LocStore = { 2 Locs ! (Qual £ Type)? j each location is mapped to a type consistent with the location’s qualifier }