1 / 27

Dependently Typed Data Structures

Dependently Typed Data Structures. Hongwei Xi hwxi@ececs.uc.edu presented by James Hook (hook@cse.ogi.edu) Pacific Software Research Center Oregon Graduate Institute. Hongwei’s Program.

hollis
Download Presentation

Dependently Typed Data Structures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dependently Typed Data Structures Hongwei Xi hwxi@ececs.uc.edu presented byJames Hook (hook@cse.ogi.edu)Pacific Software Research CenterOregon Graduate Institute

  2. Hongwei’s Program • Extend ML-like typechecking with computationally tractable mechanisms modeled on dependent type systems to get more expressive type systems without sacrificing practicality. • Dependent ML --- his thesis at CMU • de Caml --- a prototype implementation based on Caml

  3. This Talk • Apply “Hongwei’s types” to “Chris’ programs” • Goal is to express invariants of data structures in the extended type system • I will focus on red black trees

  4. The Types {}’s are explicit universal quantifiers for constraints Nil is the list of length 0 • ML types indexed by integers and integer expressions • datatype ‘a list with nat = • nil(0) • | {n:nat} • cons(n+1) of ‘a * ‘a list(n) Cons builds a list of length n+1 from an element and a list of length n Index expression

  5. Example let rec append = function ([], ys) -> ys| (x :: xs, ys) -> x :: append(xs, ys)withtype {m:nat}{n:nat}‘a list(m) * ‘a list(n) ->‘a list(m+n) Given a list of length m and a list of length n append produces a list of length m+n.

  6. Typechecking de Camlsource Caml type check plus constraint generation Constraint Solver ML-style type errors Constraint failures

  7. Red Black Trees • Balanced, ordered, binary trees, values at nodes • Every node is colored red or black • Balance Invariant: • No red node has a red node as a child • There is an equal number of black nodes on all root/leaf paths

  8. Example 6 Insert 8 4 7 1 5 8 8 8 3 Violates equal number of black nodes on all leaf root paths All insertions must be red to maintain the global invariant of equal numbers of black nodes on leaf root paths

  9. Example 6 Insert 2 4 7 1 5 Now we have a “red red” violation 3 2 Red red violations are repairable; they are limited to the path to the root

  10. y x z a b c d Repairing a Red Red Violation x z a y d b c

  11. x z a z y y y d d x b c c x z a b a b c d x y z a z b x d y d a c b c Repairing a Red Red Violation

  12. y x z 2 x a b c d 1 3 a z y d b c Example 6 Insert 2 4 7 1 5 3 2

  13. 4 2 6 1 3 5 7 Example 6 Insert 2 4 7 2 5 4 1 3

  14. Okasaki’s Solution The Types Capture the Tree Structure: data Color = R | B data RedBlackSet a = E | T Color (RedBlackSet a) a (RedBlackSet a)

  15. x z a z y y y d d x b c c x z a b a b c d x y z a z b x d y d a c b c Okasaki’s Solution The balance function does the rotation if there is a red red conflict balance :: Color -> RedBlackSet a -> a -> RedBlackSet a -> RedBlackSet a balance B (T R (T R a x b) y c) z d = T R (T B a x b) y (T B c z d) balance B (T R a x (T R b y c)) z d = T R (T B a x b) y (T B c z d) balance B a x (T R (T R b y c) z d) = T R (T B a x b) y (T B c z d) balance B a x (T R b y (T R c z d)) = T R (T B a x b) y (T B c z d) balance color a x b = T color a x b When given two trees of equal black heightthese clauses produce a tree of black heightone greater

  16. Okasaki’s Solution data Color = R | B data RedBlackSet a = E | T Color (RedBlackSet a) a (RedBlackSet a) balance :: Color -> RedBlackSet a -> a -> RedBlackSet a -> RedBlackSet a insert :: a -> RedBlackSet a -> RedBlackSet a insert x s = T B a y b where T _ a y b = ins s ins E = T R E x E ins s@(T color a y b) | x < y = balance color (ins a) y b | x > y = balance color a y (ins b) | True = s Where do red red conflicts come from? To answer this question we expand ins to distinguish on color and we recall that balance only rotates trees with black roots

  17. y b ins a a Okasaki’s Solution balance :: Color -> RedBlackSet a -> a -> RedBlackSet a -> RedBlackSet a insert :: Ord a => a -> RedBlackSet a -> RedBlackSet a insert x s = T B a y b where T _ a y b = ins s ins E = T R E x E ins s@(T B a y b) | x < y = balance B (ins a) y b | x > y = balance B a y (ins b) | True = s ins s@(T R a y b) | x < y = T R (ins a) y b | x > y = T R a y (ins b) | True = s insert always yields a good treebecause it recolors root ins on black yields red black treeins on red may yield one red redviolation at the root

  18. Hongwei’s Solution General Approach: Index the datatype to record “black height” and to detect “red red violations” Detecting red red violations in the type indexs requires having an arithmetic encoding of color in the type index set as well as the value distinction in the program data Color = R | B data RedBlackSet a = E | T Color (RedBlackSet a) a (RedBlackSet a) sort color == {a:int | 0 <= a <= 1};; datatype tree with (color, nat, nat) = (* color, black height, violation *) E(0, 0, 0) | {cl:color}{cr:color}{bh:nat} B(0, bh+1, 0) of tree(cl, bh, 0) * key * tree(cr, bh, 0) | {cl:color}{cr:color}{bh:nat}{sl:nat}{sr:nat} R(1, bh, cl+cr) of tree(cl, bh, 0) * key * tree(cr, bh, 0) ;;

  19. Reading the Datatype Convention: 0 = black, 1 = red(permits detecting red red with +) The empty tree is black, has height 0, and no violations A black node of height bh + 1 with no violationsis constructed from two nodes of arbitrary color of height bh A red node of height bh + 1 is constructed from two nodes of arbitrary color of height bh. The violation value of the node is the sum of the colors of its children, I.e. non-zero if either child is red.The children contain no violations. sort color == {a:int | 0 <= a <= 1};; datatype tree with (color, nat, nat) = (* color, black height, violation *) E(0, 0, 0) | {cl:color}{cr:color}{bh:nat} B(0, bh+1, 0) of tree(cl, bh, 0) * key * tree(cr, bh, 0) | {cl:color}{cr:color}{bh:nat} R(1, bh, cl+cr) of tree(cl, bh, 0) * key * tree(cr, bh, 0) ;;

  20. Hongwei’s Solution Recall from Okasaki’s solution: balance :: Color -> RedBlackSet a -> a -> RedBlackSet a -> RedBlackSet a As in red red analysis, Hongwei only calls balance on black nodes, hence Color argument is eliminated let balance = function (R(R(a, x, b), y, c), z, d) -> R(B(a, x, b), y, B(c, z, d)) | (R(a, x, R(b, y, c)), z, d) -> R(B(a, x, b), y, B(c, z, d)) | (a, x, R(R(b, y, c), z, d)) -> R(B(a, x, b), y, B(c, z, d)) | (a, x, R(b, y, R(c, z, d))) -> R(B(a, x, b), y, B(c, z, d)) | (a, x, b) -> B(a, x, b) withtype {cl:color}{cr:color}{bh:nat}{vl: nat}{vr:nat | vl+vr <= 1} tree(cl, bh, vl) * key * tree(cr, bh, vr) -> [c:color] tree(c, bh+1, 0) ;;

  21. Type of Balance withtype {cl:color}{cr:color}{bh:nat}{vl: nat}{vr:nat | vl+vr <= 1} tree(cl, bh, vl) * key * tree(cr, bh, vr) -> [c:color] tree(c, bh+1, 0) Give two trees of equal height bh, arbitrary color, and at most one red red violation, balance yields a tree with unspecified color of height bh+1 containing no violations

  22. Hongwei’s Solution ins is essentially as before let rec ins = function E -> R(E, x, E) | B(a, y, b) -> if x < y then balance(ins a, y, b) else if y < x then balance(a, y, ins b) else raise Item_already_exists | R(a, y, b) -> if x < y then R(ins a, y, b) else if y < x then R(a, y, ins b) else raise Item_already_exists withtype {c:color}{bh:nat} tree(c, bh, 0) -> [c':color][v:nat | v <= c] tree(c', bh, v) The type of ins is now dramatically more expressive! ins produces a tree of unspecified color with height equal to its input. If the root of the argument was red the tree may contain a violation. If it was black it contains no violations.

  23. Hongwei’s Solution Insert is also essentially unchanged let insert x t = let rec ins = ... withtype {c:color}{bh:nat} tree(c, bh, 0) -> [c':color][v:nat | v <= c] tree(c', bh, v) in match ins t with R(a, y, b) -> B(a, y, b) | t -> t withtype {c:color}{bh:nat} key -> tree(c, bh, 0) -> [bh’:nat] tree(0, bh’, 0) ;; The type of insert now shows that both invariants are maintained by the operation. In particular, given a key and a red black tree of any height containing no violations, insert produces a tree with black root of some height containing no violations.

  24. The Paper • Braun Trees • The type of size guarantees it computes the size • Random-Access Lists • Binomial Heaps

  25. Limitations • Sometimes the programmer knows more than de Caml can figure out • Not all integer constraints are decidable

  26. Related Work • Refinement types (Freeman, Davies, Pfenning) • Indexed types (Zenger) • Sized types (Hughes, Pareto, Sabry) • Nested datatypes (Bird & Meertens, Okasaki, Hinze, etc)

  27. Contacting Hongwei • hwxi@ececs.uc.edu • http//www.ececs.uc.edu/~hwxi • Tel +1 513 556 4762

More Related