Dependent Types for JavaScript Ravi Chugh Ranjit Jhala Dave Herman Pat Rondon Panos Vekris UCSD...

DependentTypes for JavaScript

Ravi ChughRanjit JhalaDave HermanPat RondonPanos Vekris

UCSDUCSDMozillaGoogleUCSD

“Dynamic” Features Facilitate Rapid Innovation

1. Better Development Tools

2. Better Reliability

3. Better Performance

var person = { name : { first : “John”, last : “McCarthy” }};

person.nom;

person.nom.first;

… but this raises TypeError3

produces undefined rather than error…

var person = { name : { first : “John”, last : “McCarthy” }};

person.nom;

person.nom.first;

if (unlikely()) {

some errors hard to catch with testing

Will Never Replace Need forTesting and Dynamic Checking

But Want Static Checking When Possible

JavaScript

implicit global object

scope manipulation

var lifting

‘,,,’ == new Array(4)

JavaScript

implicit global object

scope manipulation

var lifting

‘,,,’ == new Array(4)

objects prototypes

lambdastype-tests

“The Good Parts” arrays

eval()

JavaScript

“The Good Parts”

Dependent JavaScript

Use Logic, butAvoid Quantifiers!

9Expressiveness

“Usability”

F* + Dijkstra

TypedJS

Nik@9:00am

Shriram@2:30pm

Me@now

Dependent JavaScript (DJS)[POPL ’12, OOPSLA ’12]

Me@now

= Refinement Types+ Several New Quantifier-Free Mechanisms

typeof true // “boolean”

typeof 0.1 // “number”typeof 0 // “number”

typeof {} // “object”typeof [] // “object”typeof null // “object”

typeof returns run-time “tags”

Tags are very coarse-grained types

“undefined”

“boolean”

“string”

“number”

“object”

“function”

Refinement Types{x|p}

“set of values x s.t. formula p is true”

{n|tag(n) = “number” }Num

{v|tag(v) = “number” ∨ tag(v) = “boolean” }NumOrBool

{i|tag(i) = “number” integer(i) }Int

{x|true }Any

{n|tag(n) = “number” }Num

{v|tag(v) = “number” ∨ tag(v) = “boolean” }NumOrBool

{i|tag(i) = “number” integer(i) }Int

{x|true }Any

Refinement Types

Syntactic Sugarfor Common Types

Refinement Types

3 :: {n|n = 3}

{n|n > 0} 3 ::{n|tag(n) = “number” integer(n)} 3 ::{n|tag(n) = “number”} 3 ::

Refinement Types

{n|n = 3}

{n|n > 0} {n|tag(n) = “number” integer(n)} {n|tag(n) = “number” }

<:<:<:<:

Subtyping is Implication

Refinement Types

{n|n = 3}

{n|n > 0} {n|tag(n) = “number” integer(n)} {n|tag(n) = “number” }

Subtyping is Implication

ArraysPrototypesMutable ObjectsDuck TypingTag-Tests

Tag-Tests ArraysPrototypesMutable ObjectsDuck Typing

var negate = function(x) {

if (typeof x == “boolean”)

return !x;

return 0 - x;

negate( )

// false

return !x;

return 0 - x;

negate( )

0 - 2 // -2

return !x;

return 0 - x;

negate( )

0 - [] // 0?!?

return !x;

return 0 - x;

} Use types to prevent implicit coercion

(-) :: (Num,Num) Num

return !x;

return 0 - x;

Function type annotation inside

comments

//: negate :: (x:Any) Any

return !x;

return 0 - x;

so negationis well-typed

x is boolean...

DJS is Path Sensitive

return !x;

return 0 - x;

x is arbitrarynon-boolean value…so DJS signals error!

DJS is Path Sensitive

return !x;

return 0 - x;

//: negate :: (x:NumOrBool) Any

return !x;

return 0 - x;

//: negate :: (x:NumOrBool) Any

this time,x is a number…✓so subtractionis well-typed

return !x;

return 0 - x;

//: negate :: (x:NumOrBool) Any✓

but returntype is imprecise

//: negate :: (x:NumOrBool) NumOrBool

return !x;

return 0 - x;

/*: negate :: (x:NumOrBool) {y|tag(y) = tag(x)} */

return !x;

return 0 - x;

output type depends on input value

Duck Typing ArraysPrototypesMutable ObjectsTag-Tests

if (duck.quack)

return “Duck says ” + duck.quack();

return “This duck can’t quack!”;

What is “Duck Typing”?

if (duck.quack)

(+) :: (Num,Num) Num

(+) :: (Str,Str) Str

if (duck.quack)

Can dynamically testthe presence of a method

but not its type

if (duck.quack)

{d|tag(d) = “object”∧

{v|has(d,“quack”)

{v| sel(d,“quack”) :: UnitStr }

Operators from McCarthy theory of arrays

if (duck.quack)

{d|tag(d) = “object”∧

{v|has(d,“quack”)

{v| sel(d,“quack”) :: Unit Str }

Call produces Str, so concat well-typed

Mutable Objects ArraysPrototypesTag-Tests Duck Typing

var x = {};

x.f = 7;

x.f + 2;

x0:Empty

x1:{d|d = upd(x0,“f”,7)}

DJS is Flow Sensitive

McCarthy operatorDJS verifies that x.f is definitely a number

Mutable Objects ArraysPrototypesTag-Tests Duck Typing

var x = {};

x.f = 7;

x.f + 2;

x0:Empty

x1:{d|d = upd(x0,“f”,7)}

DJS is Flow Sensitive

Strong updates to singleton objects

Weak updates to collections of objects

ArraysPrototypesTag-Tests Duck Typing Mutable Objects

Typical“Dynamic”Features

ArraysPrototypesTag-Tests Duck Typing Mutable Objects

Typical“Dynamic”Features

JavaScript

Prototypes ArraysTag-Tests Mutable ObjectsDuck Typing

parent

grandpa

Upon construction, each object links to a

prototype object

If child contains k, then Read k from child

Else if parent contains k, then Read k from parent

Else if grandpa contains k, then Read k from grandpa

Else if …

Else Return undefined

parent

grandpa

var k = “first”; child[k];Semantics of Key Lookup

parent

grandpa

H(Rest of Heap)

Else if …

{v|if has(child,k) then

{v|ifv=sel(child,k)

parent

grandpa

H(Rest of Heap)

Else if …

{v|ifv=sel(child,k)

{v|else if has(parent,k) then

{v|ifv=sel(parent,k)

Else if …

{v|ifv=sel(child,k)

parent

grandpa ???

H(Rest of Heap)

{v|ifv=sel(child,k)

{v|else

{v|ifv=HeapSel(H,grandpa,k)) }

parent

grandpa ???

H(Rest of Heap)

Abstract predicateto summarize theunknown portion

of the prototype chain

{v|ifv=sel(child,k)

{v|else

{ “first” : “John” }child

parent{ “first” : “Ida”, “last” : “McCarthy” }

grandpa ???

H(Rest of Heap)

{v|v=“John”}

var k = “first”; child[k];

{v|ifv=sel(child,k)

{v|else

{ “first” : “John” }child

parent{ “first” : “Ida”, “last” : “McCarthy” }

grandpa ???

H(Rest of Heap)

var k = “last”; child[k];

{v|v=“McCarthy”}

Key Idea:

Reduce prototypesemantics to decidable

theory of arrays

Prototype Chain Unrolling

ArraysTag-Tests PrototypesMutable ObjectsDuck Typing

var nums = [0,1,2];while (…) { nums[nums.length] = 17;}

A finite tuple…

… extended to unbounded collection

var nums = [0,1,2];while (…) { nums[nums.length] = 17;}

delete nums[1];

for (i = 0; i < nums.length; i++) { sum += nums[i];}

A “hole” in the array

Missing element within “length”

Track types, “packedness,” and lengthof arrays where possible

{a |a :: Arr(T)

{a | packed(a)

{a | len(a) = 10}

X T T T T… X ……

T? T? T? T? T?… T? ……

T? { x | T(x) x = undefined }

-1 0 1 2 len(a)

X { x | x = undefined }

{a |a :: Arr(Any)

{a | packed(a) len(a) = 2

{a | Int(sel(a,0))

{a | Str(sel(a,1))}

Encode tuples as arrays

var tup = [17, “cacti”];

tup[tup.length] = true;

{a |a :: Arr(Any)

{a | packed(a) len(a) = 3

{a | …}

DJS handles other array quirks:

Special length property

Array.prototypeNon-integer keys

Tag-Tests PrototypesMutable ObjectsDuck Typing Arrays

What About eval?

Arbitrary code loading

eval(“…”);

Old Types

What About eval?…

eval(“…”);

//: #assume

Old Types

New TypesNew Types

Can Integrate DJS with“Contract Checking” at Run-time

aka “Gradual Typing”

Expressiveness

“Usability”

F* + Dijkstra

= Refinement Types+ Nested Refinements+ Flow Sensitive Types+ Prototype Unrolling+ Array Encoding

Quantifier-Free Mechanisms}

Function Subtyping…{d|sel(d,“f”) :: }

(x:Any) { y|y = x }{d|sel(d,“f”) :: }(x:Num) Num<:

Function Subtyping…

{d|sel(d,“f”) :: }(x:Num) Num

{d|sel(d,“f”) :: } (x:Any) { y|y = x }

{d|sel(d,“”)f :: }(x:Num) Num

{d|sel(d,“ ”f :: } (x:Any) { y|y = x }

… With Quantifiers∀x,y. true ∧ y = f(x) y = x

∀x,y. Num(x) ∧ y = f(x) Num(y)✓Valid, but First-Order Logic is Undecidable

{d|sel(d,“”)f :: }(x:Num) Num

{d|sel(d,“ ”f :: } (x:Any) { y|y = x }

… Without Quantifiers!Nested Refinements

Treat Function Types as Uninterpreted

Implication = SMT Validity + Syntactic Subtyping

Heap Updates…

… With Quantifiers

var x = {};

x.f = 7;h1

∧ …

∧ sel(h1,x) = empty∧ ∀y. x ≠ y sel(h1,y) = sel(h0,y)

∧ sel(h2,x) = upd(sel(h1,x),“f”,7)∧ ∀y. x ≠ y sel(h2,y) = sel(h1,y)

Encode Heap w/ McCarthy Operators

Heap Updates…

x:T1/H1 T2/H2

output typeinput heap

input type output heap

Flow-Sensitive Types (à la Alias Types)

var x = {};

x.f = 7;h1

… Without Quantifiers!

Prototype Inheritance…

… Without Quantifiers!

Array Semantics…

Expressiveness

“Usability”

F* + Dijkstra

= Refinement Types+ Nested Refinements+ Flow Sensitive Types+ Prototype Unrolling+ Array Encoding

Quantifier-Free Mechanisms}

DesugaredProgram

DJSProgram

DesugarerBased on Guha et al.

[ECOOP ’10]

JavaScript λ-Calculus + References + Prototypes

Implementation

DesugaredProgram

Z3 SMTSolver

TypeChecker

DJSProgram

DesugarerBased on Guha et al.

[ECOOP ’10]

ImplementationProgrammer Chooses

Warnings or Errors

Local Type Inference

Subtyping w/o Z3 If Possible

408(+33%)

LOCbefore/after

13 Excerpts from: JavaScript, Good Parts SunSpider Benchmark Suite Google Closure Library

Benchmarks

Chosen to Stretch the Current Limits of DJS

408(+33%)

LOCbefore/after

Benchmarks

9 Browser Extensions from: [Guha et al. Oakland ’11]

383(+19%)

1,003a

1,027(+2%)

2 Examples from: Google Gadgets

1,818(+12%)

TOTALS

1,818(+12%)

TOTALS

Already Improved by SimpleType Inference and Syntactic Sugar

Plenty of Room for Improvement• Iterative Predicate Abstraction• Bootstrap from Run-Time Traces

1,818(+12%)

LOCbefore/after

408(+33%)

Benchmarks

9 Browser Extensions from: [Guha et al. Oakland ’11]

383(+19%)

2 Examples from: Google Gadgets

1,003a

1,027(+2%)

1,818(+12%)

10 sec

Running Time

19 sec

32 sec

TOTALS

1,818(+12%)

32 sec

Already Improved by SimpleOptimizations• Avoid SMT Solver When Possible• Reduce Precision for Common Patterns

Plenty of Room for Improvement

TOTALS

32 sec

76Expressiveness

“Usability”

F* + Dijkstra

TypedJS

TypeScriptLightweight (unsound) static checking tools becoming popular

Opportunityto improveIDE tools

Reliability / Security• Refinement types for security in presence of

untrusted code (e.g. browser extensions)• Combine with static reasoning for JavaScript

Performance• JITs use static analysis + profiling to optimize

dynamic features (e.g. dictionaries, bignums)• Opportunity to enable more optimizations

DJS is a StepTowards

These Goals}

Thanks!

ravichugh.com/djs

Dependent Types for JavaScript Ravi Chugh Ranjit Jhala Dave Herman Pat Rondon Panos Vekris UCSD...

Documents

Transcript of Dependent Types for JavaScript Ravi Chugh Ranjit Jhala Dave Herman Pat Rondon Panos Vekris UCSD...

UNIVERSITY OF CALIFORNIA, SAN DIEGO (UCSD). Julie Sylvia BACKGROUND @UCSD.

UCSD Protected Troubleshooting

INFORME UCSD

RADAR: Dataflow Analysis for Concurrent Programs using Datarace Detection Ravi Chugh, Jan Voung, Ranjit Jhala, Sorin Lerner {rchugh, jvoung, jhala, lerner}

Lazy Abstraction Tom Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre.

UCSD DERMATOLOGY UCSD DERMATOLOGY UCSD DERMATOLOGY

Academic Integrity @ UCSD Handbook for UCSD Staff

Prolog CSE 130 : Spring 2010 16: Ranjit Jhala UC San Diego

Type-based termination analysis with disjunctive invariants Dimitrios Vytiniotis, MSR Cambridge with Byron Cook (MSR Cambridge) and Ranjit Jhala (UCSD)

Linked Data for the Masses: Η προσέγγισηκαιτολογισμικόLinked Data for the Masses 28 Αναφορές • [1] Anadiotis, G., Andriopoulos, P., Vekris, D. and

Refinement Types for TypeScriptgoto.ucsd.edu/~pvekris/docs/RefScript-pldi16-talk.pdf · Refinement Types for TypeScript Panagiotis Vekris Benjamin Cosman Ranjit Jhala University of

Code Organization UML Patterns Code Smells Feb 7 2011 Arnav Jhala

James Messina (UCSD) and Donald Rutherford (UCSD) Abstractphilosophyfaculty.ucsd.edu/faculty/rutherford/papers/LeibnizCom... · James Messina (UCSD) and Donald Rutherford (UCSD) Abstract

Navigation-Driven Evaluation of Virtual Mediated Views Bertram Ludäscher, SDSC/UCSD Yannis Papakonstantinou, UCSD Pavel Velikhov, UCSD Overview Mediator.

APOLLO: Next-Generation Lunar Laser Ranging Tom Murphy UCSD Tom Murphy UCSD.

ucsd-psystem-fs UCSD p-System Filesystem

Ranjit Jhala Rupak Majumdar

Fashion Retailing Haley Knight Pranali Jhala MichaelCavin Irmina Ragauskaite.

Nested Refinements: A Logic for Duck Typing Ravi Chugh, Pat Rondon, Ranjit Jhala (UCSD) ::

UCSD Cognitive Sciencecoulson/cogs179/ganis96.pdf · 2006. 1. 13. · UCSD Cognitive Science