## A Dependently Typed Framework for Static Analysis of Program Execution Costs (2005)

### Cached

### Download Links

- [www.cs.st-andrews.ac.uk]
- [www.cs.st-and.ac.uk]
- DBLP

### Other Repositories/Bibliography

Venue: | In Revised selected papers from IFL 2005: 17th international workshop on implementation and application of functional languages |

Citations: | 14 - 10 self |

### BibTeX

@INPROCEEDINGS{Brady05adependently,

author = {Edwin Brady and Kevin Hammond},

title = {A Dependently Typed Framework for Static Analysis of Program Execution Costs},

booktitle = {In Revised selected papers from IFL 2005: 17th international workshop on implementation and application of functional languages},

year = {2005},

pages = {74--90},

publisher = {Springer}

}

### OpenURL

### Abstract

Abstract. This paper considers the use of dependent types to capture information about dynamic resource usage in a static type system. Dependent types allow us to give (explicit) proofs of properties with a program; we present a dependently typed core language ��, and define a framework within this language for representing size metrics and their properties. We give several examples of size bounded programs within this framework and show that we can construct proofs of their size bounds within ��. We further show how the framework handles recursive higher order functions and sum types, and contrast our system with previous work based on sized types. 1

### Citations

477 | The Omega test: A fast and practical integer programming algorithm for dependence analysis
- Pugh
- 1992
(Show Context)
Citation Context ... there is a method for constructing an appropriate � (if it exists). For the examples in this paper, all proof obligations can be discharged using COQ’s omega tactic, based on Pugh’s Omega calculator =-=[23]-=-. 4 Examples We present several examples of functions defined in our framework. These examples have all been implemented in the COQ theorem prover, using theomega tactic to solve all of the equational... |

469 |
The formulae-as-types notion of construction
- Howard
- 1980
(Show Context)
Citation Context ...�� �� �� ���� �� �� ����� � � � The values for the arguments � and � are determined by the indices of ��� and ���; no case analysis on the numbers themselves is required. The Curry-Howard isomorphism =-=[8, 13]-=- describes this correspondence between proofs and programs. We will exploit this further in developing our framework; by expressing the size properties explicitly in a program’s type, we know that a t... |

294 | Region-based memory management
- TOFTE, TALPIN
- 1997
(Show Context)
Citation Context ...re considerable programmer expertise to exploit effectively. In their proposal for Embedded ML, Hughes and Pareto [14] have combined the earlier sized type system [15] with the notion of region types =-=[25]-=- to give bounded space and termination for a first-order strict functional language [14]. This language is however restricted in a number of ways: most notably in not supporting higher-order functions... |

224 | Cayenne - a language with dependent types
- Augustsson
- 1998
(Show Context)
Citation Context ...to reasoning and program verification, as in the LEGO [17] and COQ [6] theorem provers. More recent research, however, has led to the use of dependent types in programming itself, for example Cayenne =-=[2]-=- and Epigram [20, 19]. Our aim is to use dependent types to include explicit size information in programs, rather than as an external property. In this way, type checking subsumes checking of these pr... |

174 | Eliminating array bound checking through dependent types
- Xi, Pfenning
- 1998
(Show Context)
Citation Context ...rlsson have used dependent types to verify type correctness properties of an interpreter [3]. Xi and Pfenning have also exploited size properties of dependent types in DML for optimising array lookup =-=[29]-=-, using dependent types to guarantee the bounds of an array. However, the form of dependent types permitted by DML is limited to a specific constraint domain (e.g. integers, for representing size, wit... |

164 |
The view from the left
- McBride, McKinna
(Show Context)
Citation Context ... program verification, as in the LEGO [17] and COQ [6] theorem provers. More recent research, however, has led to the use of dependent types in programming itself, for example Cayenne [2] and Epigram =-=[20, 19]-=-. Our aim is to use dependent types to include explicit size information in programs, rather than as an external property. In this way, type checking subsumes checking of these properties. 1.2 Contrib... |

155 |
proof development system: User's manual
- Luo, Pollack, et al.
- 1992
(Show Context)
Citation Context ...pes The characteristic feature of a dependent type system is that types may be predicated on values. Such systems have traditionally been applied to reasoning and program verification, as in the LEGO =-=[17]-=- and COQ [6] theorem provers. More recent research, however, has led to the use of dependent types in programming itself, for example Cayenne [2] and Epigram [20, 19]. Our aim is to use dependent type... |

144 | Static prediction of heap space usage for first-order functional programs
- Hofmann, Jost
(Show Context)
Citation Context ...ough it is difficult to infer. Some methodssare proposed to infer a size for ����� — Vasconcelos describes a method based on abstract interpretation in his forthcoming PhD thesis; Hofmann and Jost in =-=[12]-=- are able to infer the appropriate heap space usage using a linear type system, although this method is restricted to functions which admit a linear bound. More recent work (to be described in Jost’s ... |

131 | Proving the Correctness of Reactive Systems Using Sized Types
- Hughes, Pareto, et al.
- 1996
(Show Context)
Citation Context ...ze information in programs, rather than as an external property. In this way, type checking subsumes checking of these properties. 1.2 Contributions We have previously used sized type systems such as =-=[15, 24]-=- to represent program execution cost; such systems seem attractive for this purpose because there is a clear link between, for example, data structure size and heap usage. However, there are limits to... |

120 | Resource bound certification
- Crary, Weirich
- 2000
(Show Context)
Citation Context ... limited to a specific constraint domain (e.g. integers, for representing size, with their usual operations) so it is not possible to compute sizes in the type, as in our framework. Crary and Weirich =-=[7]-=- have developed a dependent type system that provides an explicit upper bound on the number of steps needed to complete a computation. Space is conservatively bounded by the same bound as time. The la... |

83 | Recursion and Dynamic DataStructures in Bounded Space; Towards Embedded ML Programming
- Hughes, Pareto
- 1999
(Show Context)
Citation Context ...rful enough, or because the theorem is unprovable. 5 Related Work Other than our own work [24], we are aware of three main studies of formally bounded time and space behaviour in a functional setting =-=[5, 14, 26]-=-. All such approaches are based on restricted language constructs to ensure that bounds can be placed on time/space usage, and require considerable programmer expertise to exploit effectively. In thei... |

76 | Hume: a domain-specific language for real-time embedded systems
- Hammond, Michaelson
- 2003
(Show Context)
Citation Context ... that the syntax is similar to Haskell. For the moment, we assume that functions are total, and recursion is primitive.sUltimately, we hope to apply the methods presented to multi-stage Hume programs =-=[11]-=-, ensuring the resource properties we specify are preserved between stages. Our aim is to describe a resource framework in which all source language programs can be represented homogeneously along wit... |

73 | Dependently typed functional programs and their proofs
- McBride
- 1999
(Show Context)
Citation Context ...ases are impossible. 2.2 Theorem Proving The dependent type system of �� also allows us to express properties directly. For example, the following heterogeneous definition of equality, due to McBride =-=[18]-=-, is built in to �� (rather than introduced as a datatype, so we omit the data keyword): � � � � � � � � � � � � � � � � � ��� � � � � � This definition introduces an infix type constructor, �, parame... |

70 | Inductive families
- Dybjer
- 1994
(Show Context)
Citation Context ...tent both). Rather, we use dependent types to verify that the constraints we have are satisfiable. 2 Programming With Dependent Types We use a strongly normalising type theory with inductive families =-=[9]-=-, similar to Luo’s UTT [16]. This language, which we call ��, is an enriched lambda calculus, with the usual properties of subject reduction, Church Rosser, and uniqueness of types. The strong normali... |

51 |
Epigram: Practical programming with dependent types
- McBride
- 2005
(Show Context)
Citation Context ... program verification, as in the LEGO [17] and COQ [6] theorem provers. More recent research, however, has led to the use of dependent types in programming itself, for example Cayenne [2] and Epigram =-=[20, 19]-=-. Our aim is to use dependent types to include explicit size information in programs, rather than as an external property. In this way, type checking subsumes checking of these properties. 1.2 Contrib... |

47 | Elementary Strong Functional Programming
- Turner
- 1995
(Show Context)
Citation Context ...rful enough, or because the theorem is unprovable. 5 Related Work Other than our own work [24], we are aware of three main studies of formally bounded time and space behaviour in a functional setting =-=[5, 14, 26]-=-. All such approaches are based on restricted language constructs to ensure that bounds can be placed on time/space usage, and require considerable programmer expertise to exploit effectively. In thei... |

33 | A statically allocated parallel functional language
- Mycroft, Sharp
- 2000
(Show Context)
Citation Context ...on painstaking, and often manual and inaccurate, post-facto performance measurement and analysis. However, restricting the language deprives the programmer of many useful abstraction mechanisms (c.f. =-=[22, 27, 28]-=-). Conversely effective program analyses work at a low level of abstraction, and thus cannot deal effectively with high-level abstraction mechanisms, such as polymorphism,shigher-order functions (e.g.... |

33 | Real-time FRP
- Wan, Taha, et al.
- 2001
(Show Context)
Citation Context ...on painstaking, and often manual and inaccurate, post-facto performance measurement and analysis. However, restricting the language deprives the programmer of many useful abstraction mechanisms (c.f. =-=[22, 27, 28]-=-). Conversely effective program analyses work at a low level of abstraction, and thus cannot deal effectively with high-level abstraction mechanisms, such as polymorphism,shigher-order functions (e.g.... |

30 | Practical Implementation of a Dependently Typed Functional Programming Language
- Brady
- 2005
(Show Context)
Citation Context ...tive inductive datatypes. This is a dependent type system, with no syntactic distinction between types and terms; hence we can have arbitrarily complex terms in types. Full details of �� are given in =-=[4]-=-. For clarity of the presentation here, we use a higher level notation similar to the Epigram notation of [20]. In this section, we give a brief introduction to programming and theorem proving with in... |

26 | A Sized Time System for a Parallel Functional Language
- Loidl, Hammond
- 1996
(Show Context)
Citation Context ...ze information in programs, rather than as an external property. In this way, type checking subsumes checking of these properties. 1.2 Contributions We have previously used sized type systems such as =-=[15, 24]-=- to represent program execution cost; such systems seem attractive for this purpose because there is a clear link between, for example, data structure size and heap usage. However, there are limits to... |

24 | An exercise in dependent types: A well-typed interpreter
- Augustsson, Carlsson
- 1999
(Show Context)
Citation Context ...3 Available fromhttp://www.dcs.st-and.ac.uk/˜eb/TT/sgeneric programming with dependent types. Augustsson and Carlsson have used dependent types to verify type correctness properties of an interpreter =-=[3]-=-. Xi and Pfenning have also exploited size properties of dependent types in DML for optimising array lookup [29], using dependent types to guarantee the bounds of an array. However, the form of depend... |

23 | Event driven FRP
- Wan, Taha, et al.
- 2002
(Show Context)
Citation Context ...on painstaking, and often manual and inaccurate, post-facto performance measurement and analysis. However, restricting the language deprives the programmer of many useful abstraction mechanisms (c.f. =-=[22, 27, 28]-=-). Conversely effective program analyses work at a low level of abstraction, and thus cannot deal effectively with high-level abstraction mechanisms, such as polymorphism,shigher-order functions (e.g.... |

21 |
Inductively Defined Functions in Functional Programming Languages”, LFCS
- Burstall
- 1987
(Show Context)
Citation Context ...rful enough, or because the theorem is unprovable. 5 Related Work Other than our own work [24], we are aware of three main studies of formally bounded time and space behaviour in a functional setting =-=[5, 14, 26]-=-. All such approaches are based on restricted language constructs to ensure that bounds can be placed on time/space usage, and require considerable programmer expertise to exploit effectively. In thei... |

18 | Exploring the regular tree types
- Morris, Altenkirch, et al.
- 2006
(Show Context)
Citation Context ... practicality of such a system is correspondingly reduced. There is active research into programming with dependent types — [1] describes the rationale and gives an example of programming in EPIGRAM; =-=[21]-=- gives an example of 3 Available fromhttp://www.dcs.st-and.ac.uk/˜eb/TT/sgeneric programming with dependent types. Augustsson and Carlsson have used dependent types to verify type correctness properti... |

15 |
Computation and Reasoning: A Type Theory
- Luo
- 1994
(Show Context)
Citation Context ... dependent types to verify that the constraints we have are satisfiable. 2 Programming With Dependent Types We use a strongly normalising type theory with inductive families [9], similar to Luo’s UTT =-=[16]-=-. This language, which we call ��, is an enriched lambda calculus, with the usual properties of subject reduction, Church Rosser, and uniqueness of types. The strong normalisation property is guarante... |

11 | Why dependent types matter
- Altenkirch, McBride, et al.
- 2005
(Show Context)
Citation Context ...programmer to specify detailed memory usage through type specifications. The practicality of such a system is correspondingly reduced. There is active research into programming with dependent types — =-=[1]-=- describes the rationale and gives an example of programming in EPIGRAM; [21] gives an example of 3 Available fromhttp://www.dcs.st-and.ac.uk/˜eb/TT/sgeneric programming with dependent types. Augustss... |

2 |
Topics in Semantics-based Program Manipluation
- Grobauer
- 2001
(Show Context)
Citation Context ... by the same bound as time. The language does support higher-order functions, although unlike our system their language of cost functions is limited to using a fixed set of operators. Grobauer’s work =-=[10]-=- also applies dependent types, extracting time bounds for DML programs, although this is limited to first-order functions. Hofmann and Jost have shown in [12] how to obtain bounds on heap space consum... |