Sized type semantics

To formulate the size correctness of our type system we need to establish an in- habitance relation between the denotations of Section 4.2.3 and the sized types of Section 5.2.

A first problem is that a denotation will admit many sized types: ifv inhabits hσ, φi, then it should also inhabit hσ, ψi whenever φ ψ. The approach followed by Chin and Khoo (2001) is to define a “size” function S(v:: σ) that takes a data valuev and an annotated typeσ and yields the most precise constraint describing the size of the data. Type inhabitance is then defined by constraint entailment: v

inhabits hσ, φiifS(v::σ)φ.

Chin and Khoo define the size of a function F ∈ [V → V⊥] as the infinite

relation. Their formal definition is (slightly adapted to our notation): S(F ::τ1→τ2) def =^{φ∈F:∀v1::τ1 ∀v2::τ2 v2=F(v1) implies (S(v1::τ1)∧ S(v2::τ2))φ} (5.30) However, we remark that the equation (5.30) does not always define a formula be- cause the partial orderis incomplete. For example, the size ofF ≡λn. n2_∈[

Z→ Z⊥] is undefined because there are infinite descending chains of piecewise-linear ap-

proximations to{(n, n2) :n∈Z}but no “best” approximation (c.f. Section 5.2.3).

In fact, (5.30) will be undefined forany function which exhibits non-linear size rela- tions; this technical problem invalidates Chin and Khoo’s soundness proof.

Our approach to establish the soundness of size approximations is to define a size function for zero-order values (for which the “best” size is well-defined). For func- tion values, we define the approximation relation as a type semantics that imposes the entailment relation between the function’s input/output size relation and a size constraint.3

Size function

The size function for a valuev∈V⊥ with respect to a annotated typeτ is defined

in Table 5.10.

We remark that our notion of size is parametrized by the type assumptions for data constructors; consequently, our size function must be defined with respect to the later. This is generalizes the work of Chin and Khoo (2001), where the notion of size is defined only for booleans, integers and lists.

We will therefore consider a restricted form of the type assumptions defined in Section 5.3:

Σ ::= [] | c:η,Σ

Each entryc:η associates a constructorc with a size quantified typeη (including a size constraint).

Constructor consistency

In order to obtain sound size derivations, we have to impose the precondition that the size constraints in Σ areconsistent with the denotational semantics. Informally,

3 _{This is analogous to establishing correctness of abstract interpretations with an incomplete}

abstract domain; in this setting the soundness of approximations is expressed using a concretisation function alone (i.e. there is no adjoint abstraction function) (Cousot and Cousot 1992a,b).

SΣ(⊥::τ) def =False SΣ(bnc::Int`) def =`=n SΣ(bnc::Intω) def =True SΣ(bvc::α) def =True SΣ(bhc, vic::τ0) def =∃X.(φ0∧ SΣ(bvc::~τ)), where        Σ`INSTc:h~τ→τ0, φ0i FZV(~τ)∩FZV(τ0) =∅ X = FZV(~τ) SΣ(bhv1, . . . , vnic:: (τ1, . . . , τn)) def = n ^ i=1 SΣ(bvic::τi)

Table 5.10: Size function for zero-order values and tuples.

consistency of Σ states that that ifv is non-bottom then also the constructed value hc, viis non-bottom and should therefore have a satisfiable size constraint.

Definition 5.9 We sayΣisconsistentif and only for all c and allv∈Vsuch that Σ `INST c :h~τ →τ0, φ0i and SΣ(bvc ::~τ) =φ, if φ is satisfiable then φ∧φ0 is also

satisfiable.

Size semantics for functions

The size semantics for function types is defined by extension: a formulaφis a sound approximation forF if and only if itφapproximates the input/output size relation ofF, i.e. the sizes of pairs (v, F(v)).

Definition 5.10 The semantics of first order sized types is given by TΣJh∀~α. ~τ→τ0, φiK def ={F ∈[V→V⊥] : F ∈ TJ∀~α. ~τ →τ 0 Kχ0and ∀v∈V SΣ(bvc::~τ)∧ SΣ(F(v) ::τ0)φ}

andχ0 is the empty type environment.

Note that, because there are no free type variables in a quantified first order type, TΣ does not need a type environment argument.

Example 5.11 Consider an inductive data type for natural numbers augmented with a size measure for magnitude of the numbers:

data Natn = Zero {n= 0}

| Succ Natk {n= 1 +k} (5.31)

and consider the primitive recursive addition function: letrecplus (x, y) =casexof

Zero→y

|Succx0→Succ(plus (x0, y))

(5.32)

Designate by_pn_qthe denotation of a natural n, i.e.napplications of Succfollowed by one application of Zero:

p0_qdef=hZero,ui p1 +n_qdef=hSucc,_pn_qi

Letϕplus =DJ(5.32)Kϕ0, i.e. ϕplus is the denotational semantics ofplus. We show

that

ϕplus ∈ TΣJ∀ijk.h(Nati,Natj)→Natk, i+j=kiK (5.33)

where Σ are the type assumptions associated with the declaration (5.31). By the soundness of the underlying type system we will assumeϕplus ∈ TJ(Nat

i_,Natj₎ → Natk_K. It remains to be proved that

SΣ(bhpnq,pmqic:: (Nati,Natj))∧ SΣ(ϕplushpnq, pmqi::Natk)i+j=k

(∀n∈N) (∀m∈N)

(5.34)

By the definition ofS and Σ:

SΣ(bhpnq,pmqic:: (Nati,Natj)) =SΣ(bpnqc::Nati)∧ SΣ(bpmqc::Natj)

'i=n∧j =m

By the definition ofplus:

ϕplushpnq,pmqi=bpn+mqc

which implies

SΣ(ϕplushpnq,pmqi::Natk) =SΣ(bpn+mqc::Natk)'k=n+m

Replacing both results in our proof obligation (5.34) we obtain a valid entailment between constraints:

i=n∧j=m∧k=n+mi+j=k (∀n∈N) (∀m∈N)