SETTING Type checking is usually syntax-directed and compositional So can be implemented by: TYPE AND EFFECT SYSTEMS (1.6) Basic idea? NATURAL DEDUCTION STYLE NOTATION Type systems are written with rules of the form G |- f : T1 -> T, G |- e : T1 [e-rule] _________________ if C G |- f(e1) : T [int c] |- 0 : Int ANNOTATED TYPE SYSTEM FOR TAINT ANALYSIS Types are sets of variables that may be tainted [asg] [x := a]^l : T1 -> T2 if T2 = (T1 - {x}) \cup {x | FV(a) \cap T1 \neq {} } [skip] [skip]^l : T -> T S1 : T1 -> T2, S2: T2 -> T3 [seq] ____________________________ S1; S2 : T1 -> T3 S1 : T1 -> T2, S2: T1 -> T2 [if] ___________________________________ if [b]^l then S1 else S2 : T1 -> T2 S : T1 -> T1 [wh] _____________________________ while [b]^l then S : T1 -> T1 [re] [read x]^l : T1 -> T2 if T2 = T1 \cup {x} [sa] [sanitize x]^l : T1 -> T2 if T2 = T1 - {x} [pr] [print x]^l : T1 -> T1 if x \not\in T1 S : T2 -> T3 [sub] _____________ if T1 \subseteq T2, S : T1 -> T4 T3 \subseteq T4 EXAMPLE [y := 0]^1; [print y]^2; [read x]^3; while [x < 0]^4 do ([y := y+1]^5; [print y]^6; [read x]^7); [z := x]^8 TYPE CHECKING Idea: accumulate constraints. [y := 0]^1: T1 -> T2 [asg] [print y]^2: T2 -> T3 [pr] ___________________________________ [seq] ([y := 0]^1;[print y]^2) : T1 -> T3 if T2 = T1-{y} and y \not\in T2 and T3 = T2 CONSTRAINTS T2 = T1-{y} y \not\in T2 T3 = T2 T4 = T3 \cup {x} T6 = (T5-{y}) \cup ({y} \cap T5) T7 = T6 y \not\in T6 T8 = T7 \cup {x} T9 \subseteq T5 T8 \subseteq T9 T4 = T9 T10 = T9-{z} \cup ({x} \cap T9) So, what's a solution? EXAMPLE Judgments: XMust S : Sigma -------------> Sigma YMay Where XMust and YMay are sets of variables (that S must assign and may assign). {x} [asg] [x := a]^l : Sigma ----> Sigma {x} {} [skip] [skip]^l : Sigma -----> Sigma {} X1 S1 : Sigma -----> Sigma, Y1 X2 S2 : Sigma -----> Sigma Y2 [seq] -------------------------------- X3 S1; S2 : Sigma ----> Sigma Y3 if X3 = X1 \cup X2, Y3 = Y1 \cup Y2 X1 S1 : Sigma -----> Sigma, Y1 X2 S2 : Sigma -----> Sigma Y2 [if] -------------------------------- if [b]^l then S1 else S2 X3 : Sigma ----> Sigma Y3 if X3 = X1 \cap X2, Y3 = Y1 \cup Y2 X S : Sigma -----> Sigma Y [wh] -------------------------------- while [b]^l then S {} : Sigma ----> Sigma Y X S : Sigma ----> Sigma Y [sub] ---------------------- X' S : Sigma -----> Sigma Y' if X' \subseteq X, Y \subseteq Y' TYPE CHECKING EXAMPLE TYPE CHECKING Idea: accumulate constraints. {q} [q := 0]^1: Sigma ---> Sigma , [asg] {q} {r} [r := x]^2: Sigma ---> Sigma [asg] {r} _________________________________ [seq] ([q := 0]^1;[r := x]^2) {q,r} : Sigma ----> Sigma {q,r} {r} [r := r-y]^4: Sigma ---> Sigma, [asg] {r} {q} [q := q+1]^5: Sigma ---> Sigma [asg] {q} _________________________________ [seq] ([r := r-y]^4;[q := q+1]^5) {q,r} : Sigma ----> Sigma {q,r} ___________________________________[wh] while [r >= y]^3 do ([r := r-y]^4;[q := q+1]^5) {} : Sigma ----> Sigma {q,r} so by the seq rule, EXAMPLE Judgments: Gamma |- e : t & phi where Gamma : Var -> Type e : Expression t : Type phi : Effect phi Type = int | bool | t1 ---> t2 phi : Powerset(FunName) [var] Gamma |- x : t & {}, if Gamma(x) = t Gamma[x |-> tx] |- e : t & phi [fn] -------------------------------- Gamma |- fn_pi x => e phi2 : tx ------> t & {} if phi2 = phi \cup {pi} phi Gamma |- e1 : t2 ---> t & phi1, Gamma |- e2 : t2 & phi2 [app] -------------------------------- Gamma |- e1 e2 : t & phi3 if phi3 = phi1 \cup phi2 \cup phi