Nested Refinement Types for Javascript

Total Page:16

File Type:pdf, Size:1020Kb

Nested Refinement Types for Javascript UNIVERSITY OF CALIFORNIA, SAN DIEGO Nested Refinement Types for JavaScript A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science by Ravi Chugh Committee in charge: Professor Ranjit Jhala, Chair Professor Samuel R. Buss Professor Alin Deutsch Professor Cormac Flanagan Professor Sorin Lerner 2013 Copyright Ravi Chugh, 2013 All rights reserved. The Dissertation of Ravi Chugh is approved and is acceptable in quality and form for publication on microfilm and electronically: Chair University of California, San Diego 2013 iii EPIGRAPH No grammatical rules have sufficient authority to control the firm and established usage of language. Joseph M. Williams “Style: Ten Lessons in Clarity and Grace" iv TABLE OF CONTENTS Signature Page . iii Epigraph . iv Table of Contents . v List of Figures . viii Preface............................................................................... ix Acknowledgements . x Vita.................................................................................. xii Abstract of the Dissertation . xiii Part I Prologue 1 Chapter 1 Introduction. 2 1.1 An Untyped l-calculus . 2 1.2 Type Systems . 6 1.2.1 Simple Types and Subtyping . 7 1.2.2 Richer Syntactic Types . 9 1.2.3 Refinement Types . 11 1.2.4 Higher-Order Dependent Types . 16 1.3 “Dynamic” Languages . 17 1.3.1 Untagged Unions and Path Sensitivity . 17 1.3.2 Dictionary-Style Objects . 18 1.3.3 Extensible Objects . 19 1.3.4 Prototype Inheritance . 19 1.3.5 Dynamically Loaded Code . 20 1.4 Hybrid Typing . 20 1.5 Contributions . 20 Part II Nested Refinements 23 Chapter 2 System D . 24 2.1 Overview .................................................................... 27 2.1.1 Simple Refinements . 28 2.1.2 Nested Refinements . 29 2.1.3 Dictionaries . 31 2.1.4 Type Constructors . 33 2.1.5 Polymorphism . 34 2.1.6 All Together Now . 35 2.2 Syntax and Semantics . 37 2.3 Type Checking . 40 v 2.3.1 Well-Formedness . 41 2.3.2 Typing . 43 2.3.3 Subtyping . 46 2.4 Type Soundness . 49 2.4.1 The Problem: Substitution . 50 2.4.2 The Solution: Stratified System D . 51 Chapter 3 Algorithmic Typing . 54 3.1 Algorithmic Subtyping . 54 3.2 Bidirectional Type Checking . 57 3.3 Soundness . 61 Chapter 4 Extensions to Subtyping . 63 4.1 Joins......................................................................... 63 4.2 Meets........................................................................ 64 4.3 Formula Normalization . 66 4.4 Soundness . 66 4.5 Algorithmic Typing . 67 Part III From System D to JavaScript 69 Chapter 5 System !D . 70 5.1 Overview .................................................................... 72 5.1.1 Imperative Updates . 73 5.1.2 Mutable Objects . 75 5.1.3 Function Types . 77 5.1.4 Collections . 79 5.2 Syntax and Semantics . 82 5.3 Type Checking . 85 5.3.1 Well-Formedness . 85 5.3.2 Value Typing . 86 5.3.3 Expression Typing . 88 5.3.4 Subtyping . 91 5.3.5 Type Soundness . 92 Chapter 6 System DJS . ..
Recommended publications
  • Gradual Liquid Type Inference
    Gradual Liquid Type Inference NIKI VAZOU, IMDEA, Spain ÉRIC TANTER, University of Chile, Chile DAVID VAN HORN, University of Maryland, USA Refinement types allow for lightweight program verification by enriching types with logical predicates. Liquid typing provides a decidable refinement inference mechanism that is convenient but subject to two major issues: (1) inference is global and requires top-level annotations, making it unsuitable for inference of modular code components and prohibiting its applicability to library code, and (2) inference failure results in obscure error messages. These difficulties seriously hamper the migration of existing code to use refinements. This paper shows that gradual liquid type inferenceśa novel combination of liquid inference and gradual refinement typesśaddresses both issues. Gradual refinement types, which support imprecise predicates that are optimistically interpreted, can be used in argument positions to constrain liquid inference so that the global inference process effectively infers modular specifications usable for library components. Dually, when gradual refinements appear as the result of inference, they signal an inconsistency in the use of static refinements. Because liquid refinements are drawn from a finite set of predicates, in gradual liquid type inference wecan enumerate the safe concretizations of each imprecise refinement, i.e., the static refinements that justify why a program is gradually well-typed. This enumeration is useful for static liquid type error explanation, since the safe concretizations exhibit all the potential inconsistencies that lead to static type errors. We develop the theory of gradual liquid type inference and explore its pragmatics in the setting of Liquid 132 Haskell. To demonstrate the utility of our approach, we develop an interactive tool, GuiLT, for gradual liquid type inference in Liquid Haskell that both infers modular types and explores safe concretizations of gradual refinements.
    [Show full text]
  • Relatively Complete Refinement Type System for Verification of Higher-Order Non-Deterministic Programs
    Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs HIROSHI UNNO, University of Tsukuba, Japan YUKI SATAKE, University of Tsukuba, Japan TACHIO TERAUCHI, Waseda University, Japan This paper considers verification of non-deterministic higher-order functional programs. Our contribution is a novel type system in which the types are used to express and verify (conditional) safety, termination, non-safety, and non-termination properties in the presence of 8-9 branching behavior due to non-determinism. 88 For instance, the judgement ` e : u:int ϕ(u) says that every evaluation of e either diverges or reduces 98 to some integer u satisfying ϕ(u), whereas ` e : u:int ψ (u) says that there exists an evaluation of e that either diverges or reduces to some integer u satisfying ψ (u). Note that the former is a safety property whereas the latter is a counterexample to a (conditional) termination property. Following the recent work on type-based verification methods for deterministic higher-order functional programs, we formalize theideaon the foundation of dependent refinement types, thereby allowing the type system to express and verify rich properties involving program values, branching behaviors, and the combination thereof. Our type system is able to seamlessly combine deductions of both universal and existential facts within a unified framework, paving the way for an exciting opportunity for new type-based verification methods that combine both universal and existential reasoning. For example, our system can prove the existence of a path violating some safety property from a proof of termination that uses a well-foundedness termination 12 argument.
    [Show full text]
  • Safe, Fast and Easy: Towards Scalable Scripting Languages
    Safe, Fast and Easy: Towards Scalable Scripting Languages by Pottayil Harisanker Menon A dissertation submitted to The Johns Hopkins University in conformity with the requirements for the degree of Doctor of Philosophy. Baltimore, Maryland Feb, 2017 ⃝c Pottayil Harisanker Menon 2017 All rights reserved Abstract Scripting languages are immensely popular in many domains. They are char- acterized by a number of features that make it easy to develop small applications quickly - flexible data structures, simple syntax and intuitive semantics. However they are less attractive at scale: scripting languages are harder to debug, difficult to refactor and suffers performance penalties. Many research projects have tackled the issue of safety and performance for existing scripting languages with mixed results: the considerable flexibility offered by their semantics also makes them significantly harder to analyze and optimize. Previous research from our lab has led to the design of a typed scripting language built specifically to be flexible without losing static analyzability. Inthis dissertation, we present a framework to exploit this analyzability, with the aim of producing a more efficient implementation Our approach centers around the concept of adaptive tags: specialized tags attached to values that represent how it is used in the current program. Our frame- work abstractly tracks the flow of deep structural types in the program, and thuscan ii ABSTRACT efficiently tag them at runtime. Adaptive tags allow us to tackle key issuesatthe heart of performance problems of scripting languages: the framework is capable of performing efficient dispatch in the presence of flexible structures. iii Acknowledgments At the very outset, I would like to express my gratitude and appreciation to my advisor Prof.
    [Show full text]
  • Refinement Types for ML
    Refinement Types for ML Tim Freeman Frank Pfenning [email protected] [email protected] School of Computer Science School of Computer Science Carnegie Mellon University Carnegie Mellon University Pittsburgh, Pennsylvania 15213-3890 Pittsburgh, Pennsylvania 15213-3890 Abstract tended to the full Standard ML language. To see the opportunity to improve ML’s type system, We describe a refinement of ML’s type system allow- consider the following function which returns the last ing the specification of recursively defined subtypes of cons cell in a list: user-defined datatypes. The resulting system of refine- ment types preserves desirable properties of ML such as datatype α list = nil | cons of α * α list decidability of type inference, while at the same time fun lastcons (last as cons(hd,nil)) = last allowing more errors to be detected at compile-time. | lastcons (cons(hd,tl)) = lastcons tl The type system combines abstract interpretation with We know that this function will be undefined when ideas from the intersection type discipline, but remains called on an empty list, so we would like to obtain a closely tied to ML in that refinement types are given type error at compile-time when lastcons is called with only to programs which are already well-typed in ML. an argument of nil. Using refinement types this can be achieved, thus preventing runtime errors which could be 1 Introduction caught at compile-time. Similarly, we would like to be able to write code such as Standard ML [MTH90] is a practical programming lan- case lastcons y of guage with higher-order functions, polymorphic types, cons(x,nil) => print x and a well-developed module system.
    [Show full text]
  • UC San Diego UC San Diego Previously Published Works
    UC San Diego UC San Diego Previously Published Works Title Liquid information flow control Permalink https://escholarship.org/uc/item/0t20j69d Journal Proceedings of the ACM on Programming Languages, 4(ICFP) ISSN 2475-1421 Authors Polikarpova, Nadia Stefan, Deian Yang, Jean et al. Publication Date 2020-08-02 DOI 10.1145/3408987 Peer reviewed eScholarship.org Powered by the California Digital Library University of California Type-Driven Repair for Information Flow Security Nadia Polikarpova Jean Yang Shachar Itzhaky Massachusetts Institute of Technology Carnegie Mellon University Armando Solar-Lezama [email protected] [email protected] Massachusetts Institute of Technology shachari,[email protected] Abstract We present LIFTY, a language that uses type-driven program repair to enforce information flow policies. In LIFTY, the programmer Policies specifies a policy by annotating the source of sensitive data with a refinement type, and the system automatically inserts access checks Program Program Verify necessary to enforce this policy across the code. This is a significant with Repair with Program improvement over current practice, where programmers manually holes checks implement access checks, and any missing check can cause an information leak. To support this programming model, we have developed (1) an encoding of information flow security in terms of decidable refine- ment types that enables fully automatic verification and (2) a pro- gram repair algorithm that localizes unsafe accesses to sensitive data and replaces them with provably secure alternatives. We for- ✓ ✗ malize the encoding and prove its noninterference guarantee. Our experience using LIFTY to implement a conference management Specification Core program Program hole system shows that it decreases policy burden and is able to effi- ciently synthesize all necessary access checks, including those re- Policy check Tool component quired to prevent a set of reported real-world information leaks.
    [Show full text]
  • Umltmprofile for Schedulability, Performance, and Time Specification
    UMLTM Profile for Schedulability, Performance, and Time Specification September 2003 Version 1.0 formal/03-09-01 An Adopted Specification of the Object Management Group, Inc. Copyright © 2001, ARTiSAN Software Tools, Inc. Copyright © 2001, I-Logix, Ind. Copyright © 2003, Object Management Group Copyright © 2001, Rational Software Corp. Copyright © 2001, Telelogic AB Copyright © 2001, TimeSys Corporation Copyright © 2001, Tri-Pacific Software USE OF SPECIFICATION - TERMS, CONDITIONS & NOTICES The material in this document details an Object Management Group specification in accordance with the terms, conditions and notices set forth below. This document does not represent a commitment to implement any portion of this specification in any company's products. The information contained in this document is subject to change without notice. LICENSES The companies listed above have granted to the Object Management Group, Inc. (OMG) a nonexclusive, royalty-free, paid up, worldwide license to copy and distribute this document and to modify this document and distribute copies of the modified version. Each of the copyright holders listed above has agreed that no person shall be deemed to have infringed the copyright in the included material of any such copyright holder by reason of having used the specification set forth herein or having conformed any computer software to the specification. Subject to all of the terms and conditions below, the owners of the copyright in this specification hereby grant you a fully- paid up, non-exclusive, nontransferable,
    [Show full text]
  • Comparative Studies of Programming Languages; Course Lecture Notes
    Comparative Studies of Programming Languages, COMP6411 Lecture Notes, Revision 1.9 Joey Paquet Serguei A. Mokhov (Eds.) August 5, 2010 arXiv:1007.2123v6 [cs.PL] 4 Aug 2010 2 Preface Lecture notes for the Comparative Studies of Programming Languages course, COMP6411, taught at the Department of Computer Science and Software Engineering, Faculty of Engineering and Computer Science, Concordia University, Montreal, QC, Canada. These notes include a compiled book of primarily related articles from the Wikipedia, the Free Encyclopedia [24], as well as Comparative Programming Languages book [7] and other resources, including our own. The original notes were compiled by Dr. Paquet [14] 3 4 Contents 1 Brief History and Genealogy of Programming Languages 7 1.1 Introduction . 7 1.1.1 Subreferences . 7 1.2 History . 7 1.2.1 Pre-computer era . 7 1.2.2 Subreferences . 8 1.2.3 Early computer era . 8 1.2.4 Subreferences . 8 1.2.5 Modern/Structured programming languages . 9 1.3 References . 19 2 Programming Paradigms 21 2.1 Introduction . 21 2.2 History . 21 2.2.1 Low-level: binary, assembly . 21 2.2.2 Procedural programming . 22 2.2.3 Object-oriented programming . 23 2.2.4 Declarative programming . 27 3 Program Evaluation 33 3.1 Program analysis and translation phases . 33 3.1.1 Front end . 33 3.1.2 Back end . 34 3.2 Compilation vs. interpretation . 34 3.2.1 Compilation . 34 3.2.2 Interpretation . 36 3.2.3 Subreferences . 37 3.3 Type System . 38 3.3.1 Type checking . 38 3.4 Memory management .
    [Show full text]
  • Static Analyses for Stratego Programs
    Static analyses for Stratego programs BSc project report June 30, 2011 Author name Vlad A. Vergu Author student number 1195549 Faculty Technical Informatics - ST track Company Delft Technical University Department Software Engineering Commission Ir. Bernard Sodoyer Dr. Eelco Visser 2 I Preface For the successful completion of their Bachelor of Science, students at the faculty of Computer Science of the Technical University of Delft are required to carry out a software engineering project. The present report is the conclusion of this Bachelor of Science project for the student Vlad A. Vergu. The project has been carried out within the Software Language Design and Engineering Group of the Computer Science faculty, under the direct supervision of Dr. Eelco Visser of the aforementioned department and Ir. Bernard Sodoyer. I would like to thank Dr. Eelco Visser for his past and ongoing involvment and support in my educational process and in particular for the many opportunities for interesting and challenging projects. I further want to thank Ir. Bernard Sodoyer for his support with this project and his patience with my sometimes unconvential way of working. Vlad Vergu Delft; June 30, 2011 II Summary Model driven software development is gaining momentum in the software engi- neering world. One approach to model driven software development is the design and development of domain-specific languages allowing programmers and users to spend more time on their core business and less on addressing non problem- specific issues. Language workbenches and support languages and compilers are necessary for supporting development of these domain-specific languages. One such workbench is the Spoofax Language Workbench.
    [Show full text]
  • Blossom: a Language Built to Grow
    Macalester College DigitalCommons@Macalester College Mathematics, Statistics, and Computer Science Honors Projects Mathematics, Statistics, and Computer Science 4-26-2016 Blossom: A Language Built to Grow Jeffrey Lyman Macalester College Follow this and additional works at: https://digitalcommons.macalester.edu/mathcs_honors Part of the Computer Sciences Commons, Mathematics Commons, and the Statistics and Probability Commons Recommended Citation Lyman, Jeffrey, "Blossom: A Language Built to Grow" (2016). Mathematics, Statistics, and Computer Science Honors Projects. 45. https://digitalcommons.macalester.edu/mathcs_honors/45 This Honors Project - Open Access is brought to you for free and open access by the Mathematics, Statistics, and Computer Science at DigitalCommons@Macalester College. It has been accepted for inclusion in Mathematics, Statistics, and Computer Science Honors Projects by an authorized administrator of DigitalCommons@Macalester College. For more information, please contact [email protected]. In Memory of Daniel Schanus Macalester College Department of Mathematics, Statistics, and Computer Science Blossom A Language Built to Grow Jeffrey Lyman April 26, 2016 Advisor Libby Shoop Readers Paul Cantrell, Brett Jackson, Libby Shoop Contents 1 Introduction 4 1.1 Blossom . .4 2 Theoretic Basis 6 2.1 The Potential of Types . .6 2.2 Type basics . .6 2.3 Subtyping . .7 2.4 Duck Typing . .8 2.5 Hindley Milner Typing . .9 2.6 Typeclasses . 10 2.7 Type Level Operators . 11 2.8 Dependent types . 11 2.9 Hoare Types . 12 2.10 Success Types . 13 2.11 Gradual Typing . 14 2.12 Synthesis . 14 3 Language Description 16 3.1 Design goals . 16 3.2 Type System . 17 3.3 Hello World .
    [Show full text]
  • Refinement Session Types
    MENG INDIVIDUAL PROJECT IMPERIAL COLLEGE LONDON DEPARTMENT OF COMPUTING Refinement Session Types Supervisor: Prof. Nobuko Yoshida Author: Fangyi Zhou Second Marker: Dr. Iain Phillips 16th June 2019 Abstract We present an end-to-end framework to statically verify multiparty concurrent and distributed protocols with refinements, where refinements are in the form of logical constraints. We combine the theory of multiparty session types and refinement types and provide a type system approach for lightweight static verification. We formalise a variant of the l-calculus, extended with refinement types, and prove their type safety properties. Based on the formalisation, we implement a refinement type system extension for the F# language. We design a functional approach to generate APIs with refinement types from a multiparty protocol in F#. We generate handler-styled APIs, which statically guarantee the linear usage of channels. With our refinement type system extension, we can check whether the implementation is correct with respect to the refinements. We evaluate the expressiveness of our system using three case studies of refined protocols. Acknowledgements I would like to thank Prof. Nobuko Yoshida, Dr. Francisco Ferreira, Dr. Rumyana Neykova and Dr. Raymond Hu for their advice, support and help during the project. Without them I would not be able to complete this project. I would like to thank Prof. Paul Kelly, Prof. Philippa Gardner and Prof. Sophia Drossopoulou, whose courses enlightened me to explore the area of programming languages. Without them I would not be motivated to discover more in this area. I would like to thank Prof. Paul Kelly again, this time for being my personal tutor.
    [Show full text]
  • Generative Contracts
    Generative Contracts by Soheila Bashardoust Tajali B.C.S., M.C.S. A Thesis submitted to the Faculty of Graduate and Postdoctoral Affairs in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Ottawa-Carleton Institute for Computer Science School of Computer Science Carleton University Ottawa, Ontario November, 2012 © Copyright 2012, Soheila Bashardoust Tajali Library and Archives Bibliotheque et Canada Archives Canada Published Heritage Direction du 1+1 Branch Patrimoine de I'edition 395 Wellington Street 395, rue Wellington Ottawa ON K1A0N4 Ottawa ON K1A 0N4 Canada Canada Your file Votre reference ISBN: 978-0-494-94208-6 Our file Notre reference ISBN: 978-0-494-94208-6 NOTICE: AVIS: The author has granted a non­ L'auteur a accorde une licence non exclusive exclusive license allowing Library and permettant a la Bibliotheque et Archives Archives Canada to reproduce, Canada de reproduire, publier, archiver, publish, archive, preserve, conserve, sauvegarder, conserver, transmettre au public communicate to the public by par telecommunication ou par I'lnternet, preter, telecommunication or on the Internet, distribuer et vendre des theses partout dans le loan, distrbute and sell theses monde, a des fins commerciales ou autres, sur worldwide, for commercial or non­ support microforme, papier, electronique et/ou commercial purposes, in microform, autres formats. paper, electronic and/or any other formats. The author retains copyright L'auteur conserve la propriete du droit d'auteur ownership and moral rights in this et des droits moraux qui protege cette these. Ni thesis. Neither the thesis nor la these ni des extraits substantiels de celle-ci substantial extracts from it may be ne doivent etre imprimes ou autrement printed or otherwise reproduced reproduits sans son autorisation.
    [Show full text]
  • Local Refinement Typing
    Local Refinement Typing BENJAMIN COSMAN, UC San Diego RANJIT JHALA, UC San Diego 26 We introduce the Fusion algorithm for local refinement type inference, yielding a new SMT-based method for verifying programs with polymorphic data types and higher-order functions. Fusion is concise as the programmer need only write signatures for (externally exported) top-level functions and places with cyclic (recursive) dependencies, after which Fusion can predictably synthesize the most precise refinement types for all intermediate terms (expressible in the decidable refinement logic), thereby checking the program without false alarms. We have implemented Fusion and evaluated it on the benchmarks from the LiqidHaskell suite totalling about 12KLOC. Fusion checks an existing safety benchmark suite using about half as many templates as previously required and nearly 2× faster. In a new set of theorem proving benchmarks Fusion is both 10 − 50× faster and, by synthesizing the most precise types, avoids false alarms to make verification possible. Additional Key Words and Phrases: Refinement Types, Program Logics, SMT, Verification ACM Reference format: Benjamin Cosman and Ranjit Jhala. 2017. Local Refinement Typing. Proc. ACM Program. Lang. 1, 1, Article 26 (September 2017), 31 pages. https://doi.org/10.1145/3110270 1 INTRODUCTION Refinement types are a generalization of Floyd-Hoare logics to the higher-order setting. Assertions are generalized to types by constraining basic types so that their inhabitants satisfy predicates drawn from SMT-decidable refinement logics. Assertion checking can then be generalized toa form of subtyping, where subtyping for basic types reduces to checking implications between their refinement predicates [Constable 1986; Rushby et al.
    [Show full text]