263-2200 Types and Programming Languages

263-2200 Types and Programming Languages 1 / 49

Outline Types Evaluation Rules Typing Rules Properties of the Typing Relation The Inversion Lemma Prolog Implementation Reasoning Involving Types Progress Preservation 2 / 49

Outline Types Evaluation Rules Typing Rules Properties of the Typing Relation The Inversion Lemma Prolog Implementation Reasoning Involving Types Progress Preservation 3 / 49

Plan We will now revisit the simple language of arithmetic and boolean expressions NB and show how to equip it with a (very simple) type system The key property of this type system will be soundness: Well-typed programs do not get stuck After that we will develop a simple type system for the λ-calculus We will spend a good part of the rest of the semester adding features to this type system 4 / 49

Outline 1. begin with a set of terms, a set of values, and an evaluation relation 2. define a set of types classifying values according to their shapes 3. define a typing relation t : T that classifies terms according to the shape of the values that result from evaluating them 4. check that the typing relation is sound in the sense that, 4.1 if t : T and t v, then v : T 4.2 if t : T then the evaluation of t will not get stuck 5 / 49

The Language NB t ::= terms true constant true false constant false if t then t else t conditional 0 constant zero succ t successor prec t predecessor iszero t zero test v ::= values true true value false false value nv numeric value nv ::= numeric values 0 zero value succ nv successor value 6 / 49

Evaluation Rules if true then t 2 else t 3 t 2 if false then t 2 else t 3 t 3 (E-IfTrue) (E-IfFalse) t 1 t 1 if t 1 then t 2 else t3 if t 1 then t 2 else t 3 (E-If) 7 / 49

t 1 t 1 succ t 1 succ t 1 pred 0 0 pred (succ nv 1 ) nv 1 (E-Succ) (E-PredZero) (E-PredSucc) t 1 t 1 pred t 1 pred t 1 iszero 0 true iszero (succ nv 1 ) false (E-Pred) (E-IsZeroZero) (E-IsZeroSucc) t 1 t 1 iszero t 1 iszero t 1 (E-IsZero) 8 / 49

Types In this language, values have two possible shapes : they are either booleans or numbers. T ::= types Bool type of booleans Nat type of numbers 9 / 49

Typing Rules true : Bool false : Bool t 1 : Bool t 2 : T t 3 : T if t 1 then t 2 else t 3 : T (T-True) (T-False) (T-If) 0 : Nat (T-Zero) t 1 : Nat succ t 1 : Nat t 1 : Nat pred t 1 : Nat t 1 : Nat iszero t 1 : Bool (T-Succ) (T-Pred) (T-IsZero) 10 / 49

Typing Derivations Every pair (t, T ) in the typing relation can be justified by a derivation tree built from instances of the inference rules. T-Zero 0 : Nat T-IsZero iszero 0 : Bool T-Zero 0 : Nat if iszero 0 then 0 else pred 0 : Nat T-Zero 0 : Nat T-Pred pred 0 : Nat T-If Proofs of properties about the typing relation often proceed by induction on typing derivations. 11 / 49

Imprecision of Typing Like other static program analyses, type systems are generally imprecise: they do not predict exactly what kind of value will be returned by every program, but just a conservative (safe) approximation. t 1 : Bool t 2 : T t 3 : T if t 1 then t 2 else t 3 : T (T-If) Using this rule, we cannot assign a type to if true then 0 else false even though this term will certainly evaluate to a number. 12 / 49

Outline Types Evaluation Rules Typing Rules Properties of the Typing Relation The Inversion Lemma Prolog Implementation Reasoning Involving Types Progress Preservation 13 / 49

Type Safety The safety (or soundness) of this type system can be expressed by two properties: 1. Progress: A well-typed term is not stuck If t : T, then either t is a value or else t t for some t. 2. Preservation: Types are preserved by one-step evaluation If t : T and t t, then t : T. 14 / 49

Inversion Lemma: 1. If true : R, then R = Bool. 2. If false : R, then R = Bool. 3. If if t 1 then t 2 else t 3 : R, then t 1 : Bool, t 2 : R, and t 3 : R. 4. If 0 : R, then R = Nat 5. if succ t 1 : R, then R = Nat and t 1 : Nat. 6. if pred t 1 : R, then R = Nat and t 1 : Nat. 7. if iszero t 1 : R, then R = Bool and t 1 : Nat. 15 / 49

Inversion Lemma: 1. If true : R, then R = Bool. 2. If false : R, then R = Bool. 3. If if t 1 then t 2 else t 3 : R, then t 1 : Bool, t 2 : R, and t 3 : R. 4. If 0 : R, then R = Nat 5. if succ t 1 : R, then R = Nat and t 1 : Nat. 6. if pred t 1 : R, then R = Nat and t 1 : Nat. 7. if iszero t 1 : R, then R = Bool and t 1 : Nat. Proof:... 16 / 49

Inversion Lemma: 1. If true : R, then R = Bool. 2. If false : R, then R = Bool. 3. If if t 1 then t 2 else t 3 : R, then t 1 : Bool, t 2 : R, and t 3 : R. 4. If 0 : R, then R = Nat 5. if succ t 1 : R, then R = Nat and t 1 : Nat. 6. if pred t 1 : R, then R = Nat and t 1 : Nat. 7. if iszero t 1 : R, then R = Bool and t 1 : Nat. Proof:... This leads directly to a recursive algorithm for calculating the type of a term... 17 / 49

Step 1: Design a Mapping to a Term Algebra Abstract Syntax true false if t 1 then t 2 else t 3 0 succ t pred t iszero t map Term true map false map cond(t 1, t 2, t 3 ) map 0 map succ(t) map pred(t) iszero(t) map Bool Nat map map bool nat 18 / 49

Step 2: Implement the Typing Relation typeof(true, bool). typeof(false, bool). typeof(0,nat). typeof(succ(t1), nat) :- typeof(t1, nat). typeof(cond(t1,t2,t3), T) :- typeof(t1,bool), typeof(t2,t), typeof(t3,t). typeof(pred(t1), nat) :- typeof(t1,nat). typeof(iszero(t1), bool) :- typeof(t1,nat). 19 / 49

Step 3: Develop Testing Framework generictest(t) :- typeof( T, Type ), write( Result = ), write(t), write( : ), write(type), fail. test 01 :- generictest( succ(succ(0)) ). test 02 :- generictest( succ(pred(succ(pred(0)))) ). batchtest :- write( test 01:\n ), not(test 01), nl, nl, write( test 02:\n ), not(test 02), nl, nl. 20 / 49

Outline Types Evaluation Rules Typing Rules Properties of the Typing Relation The Inversion Lemma Prolog Implementation Reasoning Involving Types Progress Preservation 21 / 49

Canonical Forms Lemma: 1. If v is a value of type Bool, then v is either true or false. 2. If v is a value of type Nat, then v is a numeric value. Proof: 22 / 49

Part 1 Recall the syntax of values: v ::= values true true value false false value nv numeric value nv ::= numeric values 0 zero value succ nv successor value For part 1, 23 / 49

Part 1 Recall the syntax of values: v ::= values true true value false false value nv numeric value nv ::= numeric values 0 zero value succ nv successor value For part 1, if v is true or false, the result is immediate. 24 / 49

Part 1 Recall the syntax of values: v ::= values true true value false false value nv numeric value nv ::= numeric values 0 zero value succ nv successor value For part 1, if v is true or false, the result is immediate. Also note that in this case v cannot be 0 or succ nv, since the inversion lemma tells us that v would then have type Nat, not Bool. 25 / 49

Part 1 Recall the syntax of values: v ::= values true true value false false value nv numeric value nv ::= numeric values 0 zero value succ nv successor value For part 1, if v is true or false, the result is immediate. Also note that in this case v cannot be 0 or succ nv, since the inversion lemma tells us that v would then have type Nat, not Bool. Part 2 is similar. 26 / 49

Progress Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. 27 / 49

Progress Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Proof: 28 / 49

Progress Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Proof: By induction on a derivation of t : T. 29 / 49

Aside Recall that our typing relation consists of the following typing rules: T rule = { } T-True, T-False, T-If, T-Zero, T-Succ, T-Pred, T-IsZero Also recall that we have the following evaluation rules: E rule = E bool E nat E bool = { E-IfTrue, E-IfFalse, E-If } E nat = { E-Succ, E-PredZero, E-PredSucc, E-Pred, E-IsZeroZero, E-IsZeroSucc, E-IsZero } 30 / 49

Aside For each typing rule r T rule, we will consider the implications of a typing derivation ending with r. (r i T rule ) t : T (r j T rule ) (r) In particular, we will need to consider which evaluation rules (if any) can be applied to t. Essentially, our analysis covers: T rule E rule 31 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-True. This implies that t = true (and no evaluation rules apply). Since t is value, the theorem holds in this case. 32 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-False. This implies that t = false (and no evaluation rules apply). Since t is value, the theorem holds in this case. 33 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-Zero. This implies that t = 0 (and no evaluation rules apply). Since t is value, the theorem holds in this case. 34 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-If. This implies (by the inversion lemma) that following must hold for t: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T 35 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-If. This implies (by the inversion lemma) that following must hold for t: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T There are three evaluation rules that need to be considered: E-IfTrue, E-IfFalse, and E-If. We assume (by the induction hypothesis) that the theorem holds for t 1. This allows us to conclude that (1) t 1 is a value or (2) there exists a t 1 such that t 1 t 1. 36 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-If. This implies (by the inversion lemma) that following must hold for t: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T Subcase t 1 is a value. We also know that t 1 : Bool and hence t 1 must either be true or false (by the canonical forms lemma). In this case, the reduction t t is accomplished via the evaluation rule E-IfTrue or E-IfFalse. 37 / 49

Progress Proof Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-If. This implies (by the inversion lemma) that following must hold for t: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T Subcase There exists a t 1 such that t 1 t 1. In this case, the reduction t t is accomplished via the evaluation rule E-If. Thus, for the case T-If, our analysis accounts for all evaluation rules. 38 / 49

Remaining Cases Theorem: Suppose t is a well-typed term (that is, t : T for some type T ). Then either t is a value or else there is some t with t t. Case r = T-Zero. Here t = 0 so no evaluation rules apply. Case r = T-Succ. Here t = succ t 1 so only the evaluation rule E-Succ must be considered (in the case where t 1 is not a value). Case r = T-Pred. Here t = pred t 1 and the evaluation rules E-PredZero, E-PredSucc and E-Pred must be considered. Case r = T-IsZero. Here t = iszero t 1 and the evaluation rules E-IsZeroZero, E-IsZeroSucc and E-IsZero must be considered. 39 / 49

Preservation Theorem: If t : T and t t, then t : T. 40 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. 41 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-True. In this case, t = true. Therefore, t t is not possible, and the theorem is vacuously true. 42 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-False. In this case, t = false. Therefore, t t is not possible, and the theorem is vacuously true. 43 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-If. In this case, it follows that: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T 44 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-If. In this case, it follows that: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T In this context, there are three evaluation rule by which t t can be derived: E-IfTrue, E-IfFalse, E-If. 45 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-If. In this case, it follows that: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T Subcase Evaluation rule = E-IfTrue. In this case, t 1 = true and t = t 2. We also know that t 2 : T, and hence t : T as required. 46 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-If. In this case, it follows that: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T Subcase Evaluation rule = E-IfFalse. In this case, t 1 = false and t = t 3. We also know that t 3 : T, and hence t : T as required. 47 / 49

Preservation Theorem: If t : T and t t, then t : T. Proof: By induction on a typing derivation of t : T. Case r = T-If. In this case, it follows that: t = if t 1 then t 2 else t 3 t 1 : Bool t 2 : T t 3 : T Subcase Evaluation rule = E-If. In this case, t 1 t 1 and t = if t 1 then t 2 else t 3 Combining the inductive assumption with t 1 : Bool lets us conclude t 1 : Bool. We also know t 2 : T and t 3 : T. Therefore we can conclude that t : T. 48 / 49

Remaining Cases Theorem: If t : T and t t, then t : T. Case r = T-Zero. Here t = 0 so no evaluation rules apply. Case r = T-Succ. Here t = succ t 1 so only the evaluation rule E-Succ must be considered (and only in the case where t 1 is not a value). Case r = T-Pred. Here t = pred t 1 and the evaluation rules E-PredZero, E-PredSucc and E-Pred must be considered. Case r = T-IsZero. Here t = iszero t 1 and the evaluation rules E-IsZeroZero, E-IsZeroSucc and E-IsZero must be considered. 49 / 49