Annotated types and constraints

Table 5.1 extends the basic type system of Section 4.2.2 with size annotations. Al- gebraic data types are annotated with either a size variable ` or the symbol ω

indicating the absence of size information. Type variables and the unit type require no size annotation.

As in the system of Chin and Khoo, size annotations are variables and size relations are expressed through constraints; this has the advantage of separating the free algebra of types from the algebra of sizes. For example, checking the equality of the sized types

h(Inti,Intj)→Intk,1 +k=i+j∧0≤i∧0≤j

| {z }

φ

i

h(Inti,Intj)→Intk, i+j−1 =k∧0≤j∧0≤1 +k

| {z }

ψ

i

reduces to checking the equivalence of constraints φ and ψ. This simplifies a type checking or inference algorithm: the non-free algebra of arithmetic can be delegated to a specialised constraint solver, while the inference algorithm deals only with a free algebra of types.

Type variables are syntactical place-holders for type expressions. Because sizes are attached to types, substituting a type variable in will propagate size informa-

τ ∈ Type0

τ ::= α | Intz | Dz~τ zero order types

ν ::= τ | ~τ→τ first order types

~τ ::= (τ1, . . . , τk) argument tuple (k≥0) z ::= ` | ω size annotations σ ∈ Type<sub>1</sub> σ ::= ν | ∀α. σ0 type quantification η ∈ Type<sub>2</sub> η ::= hσ, φi | ∀`. η0 size quantification

α ∈ TVar type variables

α ::= a | b | c | . . . sized type variables | _ba | bb | _bc | . . . unsized type variables

φ, ψ ∈ F φ ::= s1≤s2 | φ1∧φ2 | φ1∨φ2 | ∃`. φ0 size constraints s ::= n | ` | n×s0 _{| s} 1+s2 size expressions ` ∈ ZVar ` ::= i | j | k | n | m | . . . size variables

Table 5.1: Syntax of annotated types and size constraints.

tion. For soundness reasons, we will need to disallow size propagation in some circumstances. Therefore, we introduce two kinds of type variables: unsized type variables that can only be replaced by types where all size annotations are ω; and sized type variables that can be replaced by arbitrary annotated types.

Size constraints

The choice of size constraints must balance expressiveness with effectiveness: con- straints must be expressive enough to capture useful size relations, but also simple enough to make automatic manipulation tractable. At the very least the type sys- tem should be decidable, i.e. we should be able to algorithmically check if a type derivation is well-formed; this motivates the restriction to a decidable fragment of first-order logic with arithmetic.

arithmetic: first-order logic formulae over the naturals with addition and predicates for equality and ‘less-than’, but no multiplication. Thus 1 +i=j is a Presburger formula over variablesi, j, buti×j= 4 is not because of the termi×j. The decid- ability of this logical theory over the naturals was proved in 1929 by M. Presburger; applications to automated theorem proving go back to Cooper (1972). Presburger formulae can be extended with negative numbers and multiplication by constants and still maintain decidability; computational implementations typically handle these ex- tensions, e.g. the Omega calculator (Pugh 1992).

Although we do not consider equality as a primitive predicate, equations can be expressed as a conjunction of two inequations. We use the shorthands1=s2for the

logically equivalent conjunction (s1 ≤s2)∧(s2 ≤s1). Similarly, we use True and

False as shorthands for universal and unsatisfiable constraints, e.g.True≡(0≤0) andFalse ≡(1≤0).

While the syntax of our size constraints is a fragment of Presburger arithmetic, the semantics is interpreted over therationals rather than theintegers. This choice allows performing quantifier elimination by Fourier elimination (Chandru 1993) avoiding the congruence predicates needed for integer solutions (Rabin 1977). We remark that solving for rationals rather than integers sizes yields a larger solution set which is always a sound approximation. In practice, we found that rational solutions give short constraints that compose more easily while still capturing accurate upper and lower bounds on sizes.

Quantified types

Types can be quantified in both type and size variables. We introduce two levels of quantification: type schemesσare (first-order) types quantified over type variables; and size schemes η are type schemes quantified over size variables. As is usual in type systems extended with constraints (Mitchell 1984, Jouvelot and Gifford 1991, Nielson et al. 1999), size schemes need to capture both the type structure σ and a constraint φ.

We use the logic quantifier∀for both type and size variables, distinguishing the two uses by the kind of variable quantified. We will also abuse notation and write ∀~αor∀~`to quantify over sequences of type or size variables.

Free and bound occurrences of variables

The scope of a type quantifier∀α. σisσ; the scope of a size quantifier∀`. ηisη; the scope of the constraint quantifier∃`. φisφ. An occurrence of a type variableαinside

the scope of a quantifier∀αis said to bebound by the quantifier (and similarly for occurrences of size variables`in the scope of∀`or∃`). An occurrence of a variable that is not bound by any quantifier is said to befree. The set of type and annotation variables with free occurrences int(wheretis a quantified type or a size constraint) is given by FTV(t) and FZV(t), respectively (see Table 5.2).

Sized type substitutions

We consider an extended notion of syntactical substitution that maps type variables to (sized) types and size variables to size annotations (i.e. size variables or ω). Formally, substitutionsθare sequences of mappings from variables to terms,

θ ::= [ ] | [α7→τ]θ | [`7→`0]θ | [`7→ω]θ

where [ ] is the empty substitution and:

[α7→τ]θ is the substitution mapping a type variableαto the typeτ;

[`7→`0]θ is the substitution mapping a size variable`to another`0;

[`7→ω]θ is the substitution mapping a size variable`toω.

In all the above cases, a substitution [v7→ · · ·]θacts asθ for variables other thanv. Substitutions extend to (sized) types in the usual way. We will also extend substitutions to constraints; note that type variables do not occur in the latter, so mappings on type variables are not relevant in this case; substituting a size vari- able by another in a constraint is straightforward. The only remaining case is the substitution of a size variable by ωin a constraint φ; this is defined by existential quantification:

([`7→ω]θ)φdef=θ(∃`. φ) (5.5)

As usual, the composition of two substitutions is written θ1◦θ2 and defined as

(θ1◦θ2)t

def

=θ1(θ2t). A substitutionθ isidempotent if and only ifθ◦θ=θ.

An annotated typeτ isunsized if and only if all size annotations areω and all type variables are unsized, i.e. FZV(τ) =∅and FTV(τ) are unsized. A substitution

θ is proper if and only if it is idempotent and all unsized variables are mapped to unsized types. It is straightforward to verify that the composition of two proper substitutions is proper.

FTV(α) = {α} FTV(Intz) = ∅ FTV(Dz~τ) = FTV(~τ) FTV(~τ→τ) = FTV(~τ)∪FTV(τ) FTV((τ1, . . . , τk)) = S k i=1FTV(τi) FTV(∀α. σ) = FTV(σ)\ {α} FTV(hσ, φi) = FTV(σ) FTV(∀`. η) = FTV(η) FZV(α) = ∅ FZV(Intω) = ∅ FZV(Int`) = {`} FZV(D`~τ) = {`} ∪FZV(~τ) FZV(Dω~τ) = FZV(~τ) FZV(~τ→τ) = FZV(~τ)∪FZV(τ) FZV((τ1, . . . , τk)) = S k i=1FZV(τi) FZV(∀α. σ) = FZV(σ) FZV(hσ, φi) = FZV(σ)∪FZV(φ) FZV(∀`. η) = FZV(η)\ {`} FZV(φ1∧φ2) = FZV(φ1∨φ2) = FZV(φ1)∪FZV(φ2) FZV(s1≤s2) = FZV(s1)∪FZV(s2) FZV(∃`. φ) = FZV(φ)\ {`} FZV(n) = ∅ FZV(`) = {`} FZV(n×s) = FZV(s) FZV(s1+s2) = FZV(s1)∪FZV(s2)

V |=s1≤s2 ⇐⇒ Js1KV ≤Js2KV

V |=φ1∧φ2 ⇐⇒ V |=φ1 ∧ V |=φ2

V |=φ1∨φ2 ⇐⇒ V |=φ1 ∨ V |=φ2

V |=∃`. φ ⇐⇒ ∃r∈Q:V[`7→r]|=φ

Table 5.3: Constraint satisfiability relation

Lemma 5.1 For all size variables`, `0 and termst (i.e. sized types or constraints): [`7→`0]t = t , if` /∈FZV(t) (5.6) FZV([`7→`0]t) = [`7→`0] FZV(t) (5.7) FZV([`7→ω]t) = FZV(t)\ {`} (5.8)

Proof: By simple induction on the structure oft.