Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Soundly Handling Linearity

Wenhao Tang, Daniel Hillerström, Sam Lindley, J. Garrett Morris

TL;DR

This work defines a linearity-aware semantics in order to formally prove that F eff ∘ preserves the integrity of linear values in the sense that no linear value is discarded or duplicated, and formalises the notion of control-flow linearity in a System F-style core calculus F eff ∘ equipped with linear types, an effect type system, and effect handlers.

Abstract

We propose a novel approach to soundly combining linear types with effect handlers. Linear type systems statically ensure that resources such as file handles are used exactly once. Effect handlers provide a modular programming abstraction for implementing features ranging from exceptions to concurrency. Whereas linear type systems bake in the assumption that continuations are invoked exactly once, effect handlers allow continuations to be discarded or invoked more than once. This mismatch leads to soundness bugs in existing systems such as the programming language Links, which combines linearity (for session types) with effect handlers. We introduce control flow linearity as a means to ensure that continuations are used in accordance with the linearity of any resources they capture, ruling out such soundness bugs. We formalise control flow linearity in a System F-style core calculus Feffpop equipped with linear types, effect types, and effect handlers. We define a linearity-aware semantics to formally prove that Feffpop preserves the integrity of linear values in the sense that no linear value is discarded or duplicated. In order to show that control flow linearity can be made practical, we adapt Links based on the design of Feffpop, in doing so fixing a long-standing soundness bug. Finally, to better expose the potential of control flow linearity, we define an ML-style core calculus Qeffpop, based on qualified types, which requires no programmer provided annotations, and instead relies entirely on type inference to infer control flow linearity. Both linearity and effects are captured by qualified types. Qeffpop overcomes a number of practical limitations of Feffpop, supporting abstraction over linearity, linearity dependencies between type variables, and a much more fine-grained notion of control flow linearity.

Soundly Handling Linearity

TL;DR

This work defines a linearity-aware semantics in order to formally prove that F eff ∘ preserves the integrity of linear values in the sense that no linear value is discarded or duplicated, and formalises the notion of control-flow linearity in a System F-style core calculus F eff ∘ equipped with linear types, an effect type system, and effect handlers.

Abstract

We propose a novel approach to soundly combining linear types with effect handlers. Linear type systems statically ensure that resources such as file handles are used exactly once. Effect handlers provide a modular programming abstraction for implementing features ranging from exceptions to concurrency. Whereas linear type systems bake in the assumption that continuations are invoked exactly once, effect handlers allow continuations to be discarded or invoked more than once. This mismatch leads to soundness bugs in existing systems such as the programming language Links, which combines linearity (for session types) with effect handlers. We introduce control flow linearity as a means to ensure that continuations are used in accordance with the linearity of any resources they capture, ruling out such soundness bugs. We formalise control flow linearity in a System F-style core calculus Feffpop equipped with linear types, effect types, and effect handlers. We define a linearity-aware semantics to formally prove that Feffpop preserves the integrity of linear values in the sense that no linear value is discarded or duplicated. In order to show that control flow linearity can be made practical, we adapt Links based on the design of Feffpop, in doing so fixing a long-standing soundness bug. Finally, to better expose the potential of control flow linearity, we define an ML-style core calculus Qeffpop, based on qualified types, which requires no programmer provided annotations, and instead relies entirely on type inference to infer control flow linearity. Both linearity and effects are captured by qualified types. Qeffpop overcomes a number of practical limitations of Feffpop, supporting abstraction over linearity, linearity dependencies between type variables, and a much more fine-grained notion of control flow linearity.
Paper Structure (49 sections, 32 theorems, 42 equations, 17 figures)

This paper contains 49 sections, 32 theorems, 42 equations, 17 figures.

Table of Contents

  1. Introduction
  2. Overview
  3. Value Linearity
  4. Control-Flow Linearity
  5. Qualified Linear Types
  6. Qualified Effect Types
  7. An explicit handler calculus with linear types
  8. Syntax and Kinding Rules
  9. Typing Rules
  10. Operational Semantics
  11. Metatheory
  12. Linearity Safety of Evaluation
  13. Control-Flow Linearity in Links
  14. An Implicit Calculus with Qualified Types
  15. Syntax
  16. ...and 34 more sections

Key Result

theorem 1

If $\vdash M : A \, !\, E$, then either there exists $N$ such that $M \leadsto N$ or $M$ is in a normal form with respect to $E$.

Figures (17)

  • Figure 1: Syntax of Types, Kinds, Contexts, Values and Computations of $\mathrm{F}^\circ_{\mathrm{eff}}\xspace$
  • Figure 2: Kinding and Subkinding Rules for $\mathrm{F}^\circ_{\mathrm{eff}}$
  • Figure 3: Linearity of Contexts and Context Splitting
  • Figure 4: Typing Rules for $\mathrm{F}^\circ_{\mathrm{eff}}$
  • Figure 5: Trivial Subtyping for Effect Row Types
  • ...and 12 more figures

Theorems & Definitions (34)

  • definition 1: Computation Normal Forms
  • theorem 1: Progress
  • theorem 2: Subject reduction
  • theorem 3: Unlimited is unlimited
  • definition 2: Linear Safety
  • theorem 4: Reduction Safety
  • theorem 5: Soundness
  • theorem 6: Completeness
  • theorem 7: Correctness of factorisation
  • theorem 8: Correctness of constraint solving
  • ...and 24 more