Type Checking. Textbook: Types and Programming Languages Benjamin Pierce

Type Checking

Textbook: Types and Programming Languages

Benjamin Pierce

Plan

• Motivation (Chapter 1)

• Untyped Arithmetic Expressions (Chapter 3)

• Typed Arithmetic Expressions (Chapter 8)

• Untyped Lambda Calculus (Chapter 5)

• Typed Lambda Calculus (Chapter 9)

• Extensions

Challenges of Program Verification

• Specification of software behavior

• Reasoning about logical formulas

• The annotation burden

• The dynamic nature of software

• Automatically infer safe invariants from the code

• Concentrate on very simple properties with lightweight

annotations

June 4, 1996 The European Ariane5 rocket explodes 40s

into its maiden flight due to a software bug.

1997 Mars Rover Loses Contact

1999 Mars Climate Orbiter is Lost

1999 Mars polar Lander is lost

2004 Mar rover freezes

August 2005

As a Malaysia Airlines jetliner cruised from Perth, Australia, to Kuala Lumpur, Malaysia,

one evening last August, it suddenly took on a mind of its own and zoomed 3,000 feet upward.

The captain disconnected the autopilot and pointed the Boeing 777's nose down to avoid stalling, but was jerked into a steep dive.

He throttled back sharply on both engines, trying to slow the plane.

Instead, the jet raced into another climb.

The crew eventually regained control and manually flew their 177 passengers safely back to Australia.

Investigators quickly discovered the reason for the plane's roller-coaster ride 38,000 feet above the Indian Ocean.

A defective software program had provided incorrect data about the

aircraft's speed and acceleration, confusing flight computers. August 2005

Type Systems

• A tractable syntactic method for proving absence of certain program behaviors by classifying

phrases according to the kinds they compute

• Examples

– Whenever f is called, its argument must be integer – The arguments of f are not aliased

– The types of dimensions must match

– …

What is a type

• A denotation of set of values

– Int – Bool – …

• A set of legal operations

Static Type Checking

• Performed at compile-time

• Conservative (sound but incomplete)

– if <complex test> then 5 else <type error>

• Usually limited to simple properties

– Prevents runtime errors – Enforce modularity

– Protects user-defined abstractions – Allows tractable analysis

• Properties beyond scope (usually)

– Array out of bound – Division by zero – Non null reference

Error detection

• Early error detection

– Logical errors – Interface errors

– Dimension analysis

– Effectiveness also depends on the programmer

– Can be used for code maintenance

Abstraction

• Types define interface between different software components

• Enforces disciplined programming

• Ease software integration

Documentation

• Types are useful for reading programs

• Can be used by language tools

Language Safety

• A safe programming language protects its own abstraction

• Can be achieved by type safety

Statically vs. Dynamically Checked Languages Statically

Checked

Dynamically Checked

Safe ML, Haskel,

Java

Lisp, Scheme, Perl

Unsafe C, C++

Eiffel, 1989

Cook, W.R. (1989) - A Proposal for Making Eiffel Type-Safe, in Proceedings of ECOOP'89. S. Cook (ed.), pp. 57-70. Cambridge University Press.

Betrand Meyer, on unsoundness of Eiffel:

“Eiffel users universally report that they almost never run into such problems in real software development.”

Ten years later: Java

Efficiency

• Compilers can used types to optimize computations

• Pointer scope (Titanium)

• Region inference

Language Design

• Design the programming language with the type system

• But types incur some notational overhead

• Implicit vs. explicit types

– The annotation overhead

Untyped Arithmetic Expressions

Chapter 3

Untyped Arithmetic Expressions

t ::= terms

true constant true false constant false if t then t else t conditional 0 constant zero succ t successor pred t predecessor izzero t zero test

if false then 0 else 1 1

iszero (pred (succ 0)) true

Untyped Arithmetic Expressions

t ::= terms

true constant true false constant false if t then t else t conditional 0 constant zero succ t successor pred t predecessor izzero t zero test

succ true type error

if 0 then 0 else 0 type error

SOS for Booleans

t ::= terms

true constant true false constant false if t then t else t conditional v ::= values

true

false

if true then t₁ else t₂ → t₁ (E-IFTRUE) if false then t₁ else t₂ → t₂ (E-IFFALSE)

t₁ → t’₁

if t₁ then t₁ else t₂ → if t’₁ then t₁ else t₂

(E-IF)

t

→t’

SOS for Numbers

t ::= terms

0 constant zero succ t successor pred t predecessor iszero t zero test v ::= values

true true value false false value

nv numeric values

nv ::= numeric values 0 zero value

succ nv successor value

t₁ → t’₁

succ t₁ → succ t’₁ (E-SUCC) pred 0 → 0 (E-PREDZERO)

pred (succ nv₁) → nv₁ (E-PREDSUCC)

iszero 0 → true (E-ISZEROZERO) iszero (succ nv₁) → false (E-ISZEROSUCC)

t

→t’

t₁ → t’₁

pred t₁ →pred t’₁ (E-PRED)

t₁ → t’₁

iszero t₁ → iszero t’₁(E-ISZERO)

Typed Arithmetic Expressions

Chapter 8

Stuck Computations

• The goal of the type system is to ensure at compile-time that no stuck ever occurs at runtime

• Safety (soundness)

– Progress: A well-typed term t never gets stuck

• Either it has value or there exists t’ such that t→ t’

– Preservation (subject reduction)

• If well type term takes a step in evaluation, then the

resulting term is also well typed

Type Rules for Boolean

T ::= types

Bool type of Boolean

t : T

true : Bool (T-TRUE)

false : Bool (T-FALSE)

t

: Bool t

: T t

: T

if t

then t

else t

: T (T-IF)

Type Rules for Numbers

T ::= types

Nat type of Natural numbers

t : T

0 : Nat (T-ZERO) t

: Nat

succ(t

) : Nat

T-SUCC

t

: Nat pred(t

) : Nat

T-PRED

t

: Nat

iszero(t

) : Bool

ISZERO

The Typing Relation

• Formally the typing relation is the smallest binary relation between terms and types

– in terms of inclusion

• A term t is typable (well typed) if there

exists some type T such that t : T

Inversion of the typing relation

• true : R ⇒ R = Bool

• false : R ⇒ R = Bool

• if t

then t

else t

: R ⇒ t

: Bool, t

: R, t

: R

• 0 : R ⇒ R = Nat

• succ t

: R ⇒ R = Nat and t

: Nat

• pred t

: R ⇒ R = Nat and t

: Nat

• iszero t1 : R ⇒ R = Bool and t

: Nat

Uniqueness of Types

• Each term t has at most one type

– If t is typable then

• its type is unique

• There is a unique type derivation tree for t

Safety

• Canonical Forms:

– If v is a value of type Boolean then v =true or v=false – If v is a value of type Nat then v belongs to nv

• Progress : If t is well defined then either t is a value or for some t’: t → t’

• Preservation: if t : T and t → t’ then t’ : T

nv ::= numeric values 0 zero value

succ nv successor value

Untyped Lambda Calculus

Chapter 5

Untyped Lambda Calculus

t ::= terms x variable

λ x. t abstraction

t t application

(λ x. x) (λ x. x) (λ x. x)

Syntactic Conventions

• Applications associates to left

• The body of abstraction extends as far as possible

Scope

• An occurrence of x is free in a term t if it is not in the body on an abstraction λx. t

– otherwise it is bound – λx is a binder

• FV: t → P(Var) is the set free variables of t

– FV(x) = {x}

– FV( λ x. t) = FV(t) – {x}

– FV (t

t

) = FV(t

) ∪FV(t

)

• Terms w/o free variables are combinators

– Example: λ x. x

Operational Semantics

(λ x. t

) t

→ [x ht

] t

(β-reduction)

[xhs]x =s

[x hs]y=y if y ≠ x

[x hs ] (λy. t₁) = λy. [x hs ] t₁ if y ≠ x and y∉FV(s) [x hs ] (t₁ t₂) = ([x hs ] t₁) ([x hs ] t₂)

(λ x. x) y → y

(λ x. x (λ x. x) ) (u r)→ u r (λ x. x)

(λ x (λy. x y)) (y z) → (λ x (λw. x w)) (y z) → λw. y z w

Operational Semantics

(λ x. t

) t

→ [x ht

] t

(β-reduction)

[xhs]x =s

[x hs]y=y if y ≠ x

[x hs ] (λy. t₁) = λy. [x hs ] t₁ if y ≠ x and y∉FV(s) [x hs ] (t₁ t₂) = ([x hs ] t₁) ([x hs ] t₂)

Evaluation orders:

•Full beta reduction

•Normal order

•Call by name

•Call by value

(λx. x)((λx. x)(λz. (λx. x) z))

Programming in the Lambda Calculus

• Turing complete

• Multiple arguments – λ(x, y). s = λx. λy.s

• Church Booleans – tru = λt. λf. t – fls =λt. λf. f

– test =λl. λm. λn. l m n – and = λb. λc. b c fls

• Pairs

– pair = λf. λb. λs. b f s – fst = λp. p tru

– snd = λp. p fls

• Church Numerals – c₀ = λf. λz. z – c₁ =λf. λz. s z – c₂ = λf. λz. s (s z) – c₃ = λf. λz. s (s (s z))

• Divergence

– omega= (λx. x x) (λx. x x)

Summary Lambda Calculus

• Powerful

• Useful to illustrate ideas

• But can be counterintuitive

• Usually extended with useful syntactic

sugars

Simple Typed Lambda Calculus

Chapter 9

Simple Typed Lambda Calculus

t ::= terms x variable

λ x: T. t abstraction

t t application

T::= types

T → T types of functions

SOS for Simple Typed Lambda Calculus

t ::= terms x variable

λ x: T. t abstraction

t t application v::= values

λ x: T. t abstraction values

T::= types

T → T types of functions

t₁ → t₂ t₁ → t’₁ t₁ t₂→ t’₁ t₂

(E-APP1)

t₂ → t’₂ t₁ t₂→ t₁ t’₂

(E-APP2)

(λ x: T

. t

) t

→ [x ht

] t

(E-APPABS)

t ::= terms x variable

λ x: T. t abstraction

T::= types

T → T types of functions

Γ::= context

∅ empty context

Γ, x : T term variable binding

Γd t : T

x : T ∈Γ

Γd x : T (T-VAR)

Γ, x : T₁ d t₂ : T₂

Γd λx : T₁. t₂ : T₂ : T₁ → T₂(T-ABS) Γ d t₁ : T₁₁ →T₁₂

Γd t₁ t₂ : TΓ d t_{12 2} : T₁₁ (T-APP)

Type Rules

t ::= terms x variable

λ x: T. t abstraction

t t application true constant true false constant false if t then t else t conditional T::= types

Bool Boolean type

T → T types of functions

Γ::= context

∅ empty context

Γ, x : T term variable binding

Γd t : T

x : T ∈Γ

Γd x : T (T-VAR)

Γ, x : T₁ d t₂ : T₂

Γd λx : T₁. t₂ : T₂ : T₁ → T₂(T-ABS) Γ d t₁ : T₁₁ →T₁₂

Γd t₁ t₂ : TΓ d t_{12 2} : T₁₁ (T-APP) Γ d true : Bool (T-TRUE)

Γ d false : Bool (T-FALSE) Γdt₁ : Bool t₂ : T t₃ : T

Γd if t₁ then t₂ else t₃ : T (T-IF)

Examples

• (λx:Bool. x ) true

• if true then (λx:Bool. x) else ( λx:Bool. x)

• if true then (λx:Bool. x) else ( λx:Bool.

λy:Bool. x)

The Typing Relation

• Formally the typing relation is the smallest ternary relation on contexts, terms and types

– in terms of inclusion

• A term t is typable in a given context Γ

(well typed) if there exists some type T such

that Γdt : T

Inversion of the typing relation

• Γ d x : R ⇒ x: R ∈Γ

• Γ d λx : T

. t2 : R ⇒ R = T

→ R

for some R

with Γd t

: R

• Γ d t

t

: R ⇒ there exists T

such that Γd t

: T

→ R and Γd t

: T

• Γ d true : R ⇒ R = Bool

• Γ d false : R ⇒ R = Bool

• Γ d if t

then t

else t

: R ⇒ Γ d t

: Bool,

Γ d t

: R, Γ d t

: R

Uniqueness of Types

• Each term t has at most one type in any given context

– If t is typable then

• its type is unique

• There is a unique type derivation tree for t

Safety

• Canonical Forms:

– If v is a value of type Boolean then v =true or v=false – If v is a value of type T₁→ T₂ then v =λx. T₁. t₂

• Progress :

If t is closed and well defined (dt : T for some T) then either t is a value of for some t’: t → t’

• Permutation: if Γ d t : T and < is a permutation of Γ then

< d t : T

• Weakening: if Γ d t : T and x ∉ dom(Γ) then Γ, x : S d t : T

• Preservation of types under substitution:

– If Γ, x : S d t : T and Γ d s : S then Γd [x hs] t : T

• Preservation: if Γd t : T and t → t’ then Γd t’ : T

Implicit vs. Explicit Types

• Do we have to spell out the type of every argument?

• Implicit type systems allow the

programmers to omit the types as long as the resulting type is unique

– Reduces the annotation burden

• A type inference algorithm infers a unique

type or issues an error

Other Issues

• The Curry-Howard Correspondence

• Erasure of typability

• Curry-Stlyle vs. Church style of languages

definition

Extensions

• Subtyping (Chapters 15-19)

– Most general type

• Recursive Types (Chapters 20, 21)

– NatList = <Nil: Unit, cons: {Nat, NatList}>

• Polymorphism (Chapters 22-28)

– length:list α → int

– Append: list α → α → list α

• Higher-order systems (Chapters 29-32)

Summary

• Type systems provide a useful for enforcing certain safety properties

– Can be combined with runtime systems and program analysis

• Interacts with the programmer

• A lot of interesting theory