University of Alb erta

Typ e System for an Ob jectOriented

Database Programming Language

by

Yuri Leontiev

Technical Rep ort TR

Octob er

DEPARTMENT OF COMPUTING SCIENCE

University of Alb erta

Edmonton Alb erta Canada

University of Alb erta

Type System for an ObjectOriented

Database Programming Language

by

Yuri Leontiev

A thesis submitted to the Faculty of Graduate Studies and Research in partial fulllment of the

requirements for the degree of Do ctor of Philosophy

Department of Computing Science

Edmonton Alb erta

Fall

Tomy parents Vladimir Vasilievitch Leontiev and Alla Davidovna Leontieva

Abstract

The concept of an ob jectoriented database programming language OODBPL is app ealing b ecause

it has the p otential of combining the advantages of ob ject orientation and database programming

to yield a p owerful and universal programming language design

A uniform and consistent combination of ob ject orientation and database programming how

ever is not straightforward Since one of the main comp onents of an ob jectoriented programming

language is its typ e system one of the rst problems that arise during an OODBPL design is related

to the development of a uniform consistent and theoretically sound typ e system that is suciently

expressive to satisfy the combined needs of ob ject orientation and database programming

This dissertation presents the design of a typ e system suitable for ob jectoriented database

programmingThetyp e system has a unique combination of uniformity expressibilityveriability

and theoretically proven soundness It also p ossesses features that make it suitable for database

programming such as seamless integration of imp erativetyp es and features precise query typing

via union and intersection typ es separation among three abstraction layers providing a high degree

of co de reuse parametric p olymorphism extensibility and dynamic typ e analysis capabilities

In the pro cess of typ e system development a theoretical framework for dealing with typ e systems

that combine parametric and inclusion p olymorphism is established Due to its mo dular construc

tion this framework can b e easily extended and used b eyond the scop e of this dissertation Another

contribution of this work is an extensive analysis of existing and prop osed typ e systems from the

p oint of view of the set of requirements related to ob ject orientation and database programming

This research leads to the development of a uniform and theoretically sound OODBPL that

can successfully utilize the p ower inherent in b oth ob ject orientation and database programming

paradigms This will eventually lead to the development and implementation of a uniform ob ject

oriented database system that will use the OODBPL as its main programming and query engine

Acknowledgements

Iwould like to express my sincere thanks to my sup ervisors Dr Tamer Ozsu and Dr Duane Szafron

for their invaluable input constant supp ort and understanding This dissertation would not have

b een p ossible without their guidance

I am also grateful to the memb ers of my committee Dr Malcolm Atkinson Dr William Arm

strong and Dr Witold Pedrycz for manyvaluable comments and suggestions

Sp ecial thanks go to my Russian sup ervisor Vladimir Lvovitch Arlazarovandmy colleagues

Alexander Merkov and Marina Ionova Without their guidance and supp ort this work would not

have b een p ossible as I would not have had an opp ortunity to come to study at the Universityof

Alb erta I would also like to thank Dr Tony Marsland who help ed me come to this University

Thanks also go to the database research group and in particular to Boman Irani Iqbal Goralwalla

Kaladhar Voruganti Paul Iglinski and Wade Holst for manyinteresting helpful and insightful

discussions

Thanks to the University of Alb erta Department of Computing Science and the Killam Fund

for their nancial supp ort

My sup ervisors at Intuit Canada Ltd Andrew Smith and Drew LaHaie haveprovided me with

an opp ortunitytocontinue my studies while working fulltime for this company

Many thanks to my friends Igor Kolo dkin Igor Voronkov Oleg Verevka and Victoria Lohvin

Alexandr and Alina Litvak Andrey Zelnikov IlyaVodopyanov Andrey Maximov Vlad Alexiev and

Dolya Alexieva Anna Zolotova Ewgenii Gawrilow and Tatyana Gawrilowa Grigoriy Andronov

Dmitriy Makarov and Natalya Makarova Maxim Potashev Maria Schigoleva Dmitriy Khabirov

and Olga Chernova Evgenia Kashina and Kirill Oseledets Their friendship has supp orted me

throughout these years

I am grateful to my wife Marina for her love encouragement and understanding It is her supp ort

that gave me the strength to complete this work

I am indebted to my parents Vladimir Vasilievitch Leontiev and Alla Davidovna Leontieva for

their love and supp ort during this work and throughout myentire life This thesis is for them

Contents

Intro duction

Overview

Scop e and contributions

Organization

Requirements and Typ e System Survey

Terminology

Essential features of a typ e system

Ob jectoriented programming language requirements

Database programming language requirements

Ob jectoriented database system requirements

Summary of requirements

Related work

Typ e systems review

Conclusions

The Typ e System Design

Typ es and b ehaviors

The notion of a type

Subtyping

Interface sp ecication and pro duct types

Behavior typ es

Mutable typ es

Parametric typ es and b ehaviors sp ecication

Parametricity and subtyping

Parametricity and interface sp ecication

Union and intersection typ es

Constrained sp ecications

Subtyping and inheritance

Conclusions

Classesandfunctions

Classes

Sub classing and class extension

Ob ject creation and extent maintenance

Functions and asso ciations

Dispatch

Closures and typeif

Implementation typ es

Threelayer design Advantages and applications

The basic typesystem

Ob ject typ es

Atomic types

Collection typ es

Conclusions

The Language and Typ echecking

Syntax and translation

The target language

The translation

Consistency

Notation

Lo cal monotonicity

Simplicity and the user typegraph

Typ e expansion

Constraint consistency

Global b ehavior consistency

Functional consistency

Dispatchconsistency

Entailment

Conclusions

The Typ e System Theory

Decidability

Finite evolution

Termination of expansion algorithm

Termination of attening algorithm

Termination of entailment algorithm

Typ es

Regulartrees

Subtyping

Entailment

Prop erties of entailment and attening algorithms

Constrained typ es

Subjectreduction

Static subsumption

Natural semantics

Execution state typing

Dispatch correctness

Sub ject reduction

Imp erativetypes

Extensions

Errors nulls and exceptions

Lo cal variables and dynamic scoping

Nonlo cal returns

Handling ob ject creation

Discussion

Extensibility

Typ e system evolution

Engineering tradeos

Summary

Conclusions

Summary and contributions

Future research

Bibliography

A The Basic TIGUKATTyp e System

A Commonbehaviors

A Pro duct types

A Functional typ es

A Ob ject typ es

A Sp ecial typ es

A Atomic types

A Collection typ es

A Imp erativetypes

A Metatypes

A Class typ es and the metaclasses

B Implementation Notes

B Ob ject identiers

B Multiple dispatch

B Implementation typ es and functions

B Adding p ersistence

C Mo dule System

C Information hiding and sharing

C Exportandimport

C Inner mo dules

C Name search

C Adding p ersistence

List of Tables

Typesystemindex

Typ e system features

Typ e system expressibility

Typ e system tests

Variance combination

List of Figures

Typ e system layers

Person typ e hierarchy

Stream types

Comparable types

Class typ e hierarchy

Shap e typ e hierarchy

TIGUKATtypes

TIGUKAT ob ject types

TIGUKAT atomic typ es

TIGUKAT collection types

Example user typ e graph G

Typing rules for the target language

Natural semantics of the target language

Typing rules for rtob jects

C Mo dule data structures

C Name search

C Name search in the givenmodule

C External name search in the givenmodule

Chapter

Intro duction

Overview

From its early days ob ject orientation OO was considered one of the most inuential and useful

programming paradigms Its impact on research in virtually all areas of computing science can

only b e compared to that of relational algebra or that of the functional and logic programming

paradigms

Muchofthepower of ob ject orientation lies in the fact that it provides conceptual and mo deling

capabilities that allow it to express realworld entities with relative simplicity Another source of

the app eal of ob ject orientation is its supp ort for incremental software construction provided in the

form of co de reuse

All these advantages were rst realized and exploited by the programming language PL research

community Starting with Simula and Smalltalk the development of ob jectoriented languages

has b ecome a landmark of programming language research in the last two decades

Another ma jor research area that exp erienced the impact of the ob jectoriented paradigm is the

area of database management systems DBMS The high mo deling p ower of ob ject orientation along

with its abstraction capabilities can make it one of the preferred paradigms in the developmentof

DBMSs designed to deal with complex dataintensive applications such as CADCAM multimedia

and oce information systems

As b oth programming language and database system research areas exp erienced the impact of

the ob jectoriented paradigm so did their child the area of database programming languages

This relatively young research area is still a source of prolic research and development activity

much of this activity b eing concentrated on ob jectoriented database programming languages or

database programming languages with ob jectoriented features

Ob jectoriented database programming languages OODBPLs have the p otential to combine the

mo deling and software construction p ower of the ob jectoriented paradigm extensive and ecient

data storage and retrieval techniques of the mo dern database systems and the eciency and p ower

of to days programming languages in a single uniform framework

However OODBPLs haveyet to live up to their p otential Most of the mo dern OODBPLs are

simply ob jectoriented programming languages with the concept of p ersistence added to them They

do not provide the full p ower of database systems either in their data access mechanisms or in their

query capabilities Therefore the problems related to the design of an OODBPL that can combine

the p ower of its three constituent parts OO DB and PL are nowadays the topics of extensive

research activity

Both the mo deling and software construction p owers of ob jectoriented languages are ro oted in

their typ e and inheritance systems A prop erly designed rich and theoretically sound typ e system

can greatly increase the p ower of a language while a p o or inexible typ e system can render almost

all p ower inherent in the ob jectoriented paradigm useless

While the typ e system of an ob jectoriented language greatly aects its characteristics the typ e

system of an OODBPL aects its characteristics even more The reason for that is the presence

of dierent and sometimes contradictory requirements that are imp osed on the typ e system byan

OODBPLs database and programming language comp onents

The presence of two sets of requirements makes the developmentofatyp e system for an OODBPL

achallenging task It therefore comes as no surprise that no existing typ e system satises the

requirements that are imp osed on OODBPLs

While the task of developing suchatyp e system is dicult it is also quite rewarding Apart

from the pro of of the validityofthevery concept of OODBPL the solution to this problem will

provide the designers of OODBPLs with a consistent and uniform framework that would greatly

facilitate the development of such languages in the future

Scop e and contributions

In this dissertation a typ e system for an ob jectoriented programming language is develop ed This

typ e system satises a set of requirements that are placed on the typ e system by b oth database and

ob jectoriented language comp onents These requirements are compiled from several sources and

reviewed in terms of their relevance and necessity

An extensive review of existing typ e systems is conducted in order to nd out which of them

satisfy the requirements It is concluded that none of the reviewed typ e systems completely satises

all the requirements and therefore the task of designing such a system is relevant and imp ortant

The discussion of the typ e system presented in this dissertation is broken down into three com

p onents the design principles the typ echecking and verication algorithms and the theoretical

framework that consists of the pro ofs of correctness of the presented techniques

One of the design principles used in the construction of the presented typ e system is the novel

principle of threelayered language design The three layers are the interface layer the implemen

tation co de layer and the representation data layer This design principle provides additional

exibility in sp ecication and use of typ es and facilitates b etter co de reuse A ma jor motivation

for the layered design is understandabilityofthetyp e system by programmers The system can

b e used at all the three layers the deep er the layer the more p ower it provides and the greater

complexityitinvolves Other ma jor design principles are substitutability parametricityveriabil

ity and soundness The source language showing the use of this design and the typ e system is also

presented This language can serve as a core for the development of a fulledged OODBPL

Typ echecking and verication algorithms are based on a notion of typeconstraint entailment

A program to b e veried is transformed into a set of subtyping constraints and the task of the

typ e checker is to verify that these constraints admit a solution under certain assumptions Another

imp ortant asp ect of program verication is the validity of the dispatchmechanism Dispatch is the

pro cess of dynamically cho osing the function to execute at a callsite dep ending on the typ es of actual

arguments The validity of dispatch is also tested byverifying entailment relationships b etween sets

of subtyping constraints Development of a correct and decidable typ echecking algorithm for a typ e

system as complex as the one describ ed here is one of the ma jor contributions of this work

In order to formally prove the prop erties of the presented algorithms a theory of subtyping and

the natural semantics of a simplied version of the language the target language are develop ed

Equipp ed with this theory pro ofs of decidability and correctness of the presented algorithms are

given

Thus prop erties of the presented typ e system include veriability soundness and expressibility

Veriability is understo o d as a provable termination of all the algorithms involved in the program

verication pro cess Soundness stands for the guarantee that a successfully typ echecked program

do es not generate typ e errors at runtime Expressibility is the ability of the typ e system to express

various program and typ e structures The result of this research is applicable to the developmentof

p ersistent ob jectoriented typ e systems and languages and their theoretical underpinnings

Other research areas relevanttothedevelopment of an OODBPL but not discussed in this

dissertation include builtin ob jectoriented query language and its optimization the p ersistence

mo del and the implementation of the language

Organization

The remainder of this dissertation is organized into vechapters Chapter presents the set of

requirements placed on the typ e system The requirements are discussed and a test suite of programs

designed to test the conformance of the typ e system to the expressibility and reexivity requirements

is develop ed An extensive review of existing and prop osed typ e systems is conducted The chapter

concludes with an evaluation of these typ e systems relativetotherequirements Chapter is devoted

to the description of the design principles and decisions made during development of the presented

typ e system It highlights various design choices and explains the ones that were made The language

and the typ echecking and verication algorithms are presented in Chapter Chapter deals with

the formal asp ects of the presented typ e system The pro ofs of the decidability and correctness

results as well as the natural semantics of the simplied target language used for typ echecking are

presented in this chapter Finally Chapter concludes with a summary of contributions and outlines

directions for future research

App endix A presents an example of usage of the concepts develop ed in this dissertation for

an OODBPL based on a uniform b ehavioral ob ject mo del Pet App endix B provides a set of

implementation notes and design decisions made during a preliminary implementation of a compiler

and the runtime system for the TIGUKAT p ersistent programming language App endix C presents

a mo dule system design for the language While not directly related to the typ e system itself the

mo dule system provides supp ort for additional information hiding and sharing

Chapter

Requirements and Typ e System

Survey

The purp ose of this chapter is to answer two questions What are the requirements that a mo dern

typ e system for an ob jectoriented database programming language should satisfy and Are there

anytyp e systems develop ed todate that satisfy these requirements

In order to answer the rst question the set of requirements put forth in the literature for

typ e systems Section mo dern ob jectoriented programming languages Section database

programming languages Section and ob jectoriented database systems Section by the

leading researchers in these areas will b e considered Then the set of required typ e system features

will b e extracted The resulting combination of requirements is presented in Section Also

presented is the test suite that is used later to evaluate the existing typ e systems reviewed in this

chapter

Section presents an extensive review of more than languages and typ e systems These typ e

systems are evaluated with resp ect to the requirements and the test suite presented in Section

The result of this extensive analysis shows that while each of the requirements is satised byat

least one typ e system no typ e system satises all of them It also enables the identication of the

mechanisms that lie b ehind the strengths and weaknesses of the currenttyp e systems The knowledge

obtained this way will b e used in subsequent sections to aid in the design and development of the

typ e system that satises all of the ab ove requirements which is the primary goal of this work

Terminology

Let us start by establishing some terminology to b e used throughout the rest of this chapter This

is necessary as many of the terms used in the ob jectoriented language researchareahavenoclear

denition and are used dierently by dierent authors Most of the terminology b elow comes from

Car BP

Ob ject A primitive term for a data item used to mo del a concept or a realworld entity

Message A part f of an invo cation xf anidentication for a related set of metho ds

Function name Apartf of invo cation f x also can b e termed as a message not asso ciated with

anytyp e Sometimes called a freeoating function

Metho d A pro cedure to b e executed when an ob ject is sent an appropriate message

Function A pro cedure to b e executed when a function invo cation is requested Function relates

to a function name the same way a metho d relates to a message

These denitions are not necessarily universally accepted but they are used consistently throughout this disser

tation

Interface typ e A description of messages applicable to an ob ject

Implementation representationtyp e A description of an ob jects structure

Typ e A shorthand for interface or implementationtyp e or b oth dep ending on the context

Mutable ob ject typ e Atypeofanobjectthatiscapableofchanging its state at runtime For

example variables and arrays are mutable ob jects These typ es are sometimes called imperative

types

Parametric parameterizedtyp e message function Atyp e message function that de

scrib es a family of typ es messages functions by using an explicit parameters For exam

ple

type TListX

getAtTInteger X

Constrained typ e A parametric typ e that places a constraint on its parameters The mecha

nism that allows a programmer to sp ecify suchatyp e is called bounded quanticationFor

example

type TPersonListX where X subtype of TPerson

sp ecies a constrained typ e T PersonList

Intersection greatest lower b ound typ es An intersection of a set of typ es is a typ e that

represents the greatest lower b ound of the set in the typ e lattice Intersection typ es are useful

for typing of settheoretic op erations and queries

Inheritance Amechanism for making one interface or implementation typ e from another A

single inheritance requires that a typ e has at most one immediate ancestor parent in the

inheritance chain multiple inheritance lifts this restriction

Interface subtyping A partial order on interface typ es An interface typ e A is a subtyp e of

another interface typ e B when an ob ject of the interface typ e B can b e thoughtofasanobject

Student is a subtyp e of T Person since every student of the interface typ e A eg a typ e T

can b e thought of as a p erson

Implementation subtyping co de reuse A partial order on implementationtyp es An imple

mentation typ e A is a subtyp e of another implementation typ e B if it is p ossible to use co de

written for A to manipulate ob jects that have the implementation typ e B

Firstclass ob ject An ob ject that is capable of receiving messages

Nonrstclass ob ject value An immutableobjectthatlacks the ability to receive messages

Traditionally it is assumed that values havenointerface just a set of op erations dened on

them In this dissertation such a set of op erations will b e considered an interface of a value

Primitive atomic typ e A primitivetyp e is a typ e of basic primitive systemdened ob jects

or values suchasintegers reals characters etc Primitivetyp es usually have a sp ecial status

in nonuniform systems and languages

Soundness of a typ e system Inability of a successfully typ echecked program to pro duce run

time typ e errors Sometimes divided into static and dynamic soundness The latter makes

sense for languages with dynamic typ e checking and assures that runtime typ e errors will b e

caught

Veriabilityofatyp e system decidable typ echecking The abilityto verify that a pro

gram do es not contain typ e errors with resp ect to a particular typ e system equivalently

the presence of a decidable typ echecking algorithm Note that veriability do es not imply

soundness For example the language Eiel Mey has a decidable typ echecking algorithm

but a successfully typ echecked program can pro duce runtime typ e errors

Substitutability A prop ertyofatyp e system language that guarantees that an ob ject of a

Person is a subtyp e can b e used everywhere the ob ject of its sup ertyp e can eg if a typ e T

sup ertyp e of T Student then a student can b e legally used wherever a p erson can b e

Dispatch A pro cess of nding out at runtime which method of a particular message to execute

Single dispatch bases its decision on the typ e of the rst argument receiver only while multiple

dispatch takes into accounttyp es of other arguments as well The term static dispatch will b e

used to refer to a compiletime pro cess of metho d determination

Staticdynamic typing typ echecking Static typ echecking is done at compiletime while dy

namic typ echecking is done at runtime

Implicitexplicittyping Languages with explicit typing require the programmer to insert typ e

annotations in the program Languages with implicit typing infer the typ es of expressions

without any help from the programmer Intermediate approaches are also p ossible

Inclusion p olymorphism This term refers to a combination of subtyping and substitutability

Parametric p olymorphism Parametric p olymorphism is present when parametric sp ecications

eg parametric typ es are supp orted

Covariance contravariance novariance Covariance means that changes in a particular typ e

are parallel to the direction of the typ e hierarchy In the following example the result typ e of

the metho d getAt changes co variantlyasitisT Person in denition which o ccurs in the

typ e T PersonListand T Student a subtype of T Person in denition which o ccurs in

the typ e T StudentLista subtype of T PersonList

type TStudent subtype of TPerson

type TPersonList

getAtTInteger TPerson

type TStudentList subtype of TPersonList

getAtTInteger TStudent

The reverse direction is termed as contravariant Novariance forbids anytyp e changes along

the typ e hierarchy In this example the argumenttyp e int changes novariantly ie do es not

change at all

The terms class and subclassing are delib erately avoided in this chapter as they are to o overloaded

In ob jectoriented literature the term class is used to denote a mechanism for ob ject construction

an equivalent of an implementationtyp e an equivalentofaninterface typ e a set of ob jects satisfying

a particular condition or some combination of the ab ove four notions The denition of subclassing

is equally overloaded

Also the term type is qualied as b eing either interface typ e or implementation typ e This will

prove useful when considering typ e systems where the twotyp e notions are distinct

Essential features of a typ e system

The ma jor goals of a typ e system in to days programming languages and database systems include

Car Car BP

Provide a programmer with an ecientwayofcatching programming errors before a program

or a part of it is actually executed This is often considered to b e the ma jor ob jectiveofa

typ e system in the programming language community

Serve as a data structuring to ol for design and mo deling purp oses Many design technologies

that have emerged through the past decade rely partially or fully on typ e systems to provide

a convenient design and do cumentation framework for a system development pro cess This is

esp ecially true of ob jectoriented design technologies This is often considered to b e the ma jor

goal of a typ e system in the database community

Provide a convenient framework for program maintenance This includes do cumentation at

the pro duction stage of program evolution as well as the ability of a programmer to understand

the functionalityandinterfaces of a completed pro duct

Provide sucient information for optimization purp oses The information provided by the typ e

system can b e used by an optimizing compiler interpreter or a query optimizer in p ersistent

systems to improve the eciency of a program

In order for a compiler or interpreter to b e able to typ echeck a program or a part of it there

must exist a typechecking algorithm Existence of such an algorithm for a given typ e system is

termed as veriability of the typ e system Thus a typ e system should b e veriable It is preferred

that a typ e system b e decidably veriablehowever one mayhave to put up with an undecidable

typ e system just as one puts up with undecidable programs if enough expressivepower is desired

BP The veriability prop erty also implies that a typ e system should b e provably sound ie

there should exist a formal pro of that a successfully typ echecked program do es not generate any

typ e errors at runtime

If a compiler nds a typ e error and rep orts it to a programmer the latter should have sucient

information to b e able to understand the reason for the typ e error in order to correct it Thus the

typ e system should b e transparent

Atyp e system should also b e enforceable in order to prevent an execution of typ eincorrect

programs This implies that programs have to b e written with as muchtyp e information as p ossible

to prevent false alarms

Finallya typ e system should b e extensible This requirement stems from the fact that none of

the existing typ e systems were found to b e satisfactory for all p ossible applications Therefore the

chance that anynewtyp e system will satisfy al l application domains is remote If a typ e system

can not b e extended it will so oner or later b e abandoned for a typ e system that can adapt to new

application requirements Switching from one typ e system to another is extremely costly b oth in

terms of p eople resources that have to b e reeducated and in terms of data conversion costs

Ob jectoriented programming language requirements

Pure ob jectoriented programming languages p ose some sp ecic requirements on their typ e systems

These requirements will b e constructed by considering features essential for pure ob jectoriented

languages and reformulating them in terms of typ e system features

To b e called a pure objectoriented language a language should p ossess at least the following

prop erties most of the following is b orrowed from TNG

Much of the discussion b elow is b orrowed from Car



Some of the features listed here are advo cated in TNG as absolutely necessary for future ob jectoriented

languages

Encapsulation This prop erty is usually considered as one of the characteristic features of

ob jectoriented languages and greatly facilitates co de reuse It refers to the ability of a language

to shield internals of an ob ject implementation from outside access

Inheritance This is a characteristic prop erty of ob jectoriented languages as well The inher

itance mechanism promotes and facilitates wellstructured software design and reusabilityof

the co de Multiple inheritance is highly desirable as its absence leads to clumsy or limited

typ e sp ecication in some imp ortant cases

Uniformity Primitivevalues integers etc typ es and messages metho ds should b e rst

class ob jects If this requirement is not satised the language will have to handle the

nonob ject entities in some nonob jectoriented way and will therefore not b e purely ob ject

oriented Note that the existence of metho ds that are able to op erate on typ es and other

metho ds is a consequence of this prop erty This is also advo cated in Hau

Ob ject access and manipulation uniformity An ob ject can only b e manipulated by metho ds

dened for it Together with uniformity this prop ertyprovides for purely ob jectoriented

programming

Metho d uniformity This refers to the absence of distinction b etween stored and computed

metho ds or equivalently the absence of public instance variables This requirementisimpor

tant as its violation breaks encapsulation and may eectively hinder the usefulness of the co de

reusability provided by inheritance

Separation b etween interface and implementation inheritance sometimes termed as separation

between typ e and class hierarchies This is actually a consequence of encapsulation inheri

tance and ob ject manipulation uniformity Additional arguments in favor of such separation

can b e found in LP CasTaiBLRLOS

Multimetho ds multiple dispatch This refers to the ability of a language to use typ es of all

arguments during dispatch Traditionallyonlythetyp e of the rst argument the receiver is

used This prop erty of the language is essential to adequately mo del binary metho ds BCC

CasLMFM and certain ob jectoriented design patterns BLR

Using these requirements for pure ob jectoriented languages it is nowpossibletoformulate desirable

features of typ e systems for such languages These requirements are

Inheritance mechanisms for b oth interface and implementation inheritance This requirement

is a direct consequence of the language requirements and ab ove

Typ e system reexivity This is necessary to ensure uniformity of the language requirement

since typ es classes have to b e ob jects Since every ob ject has a typ e typ es and classes need

to havetyp es as well Thus the typ e system needs to b e reexive

Metho d typ es This is also a consequence of uniformity Indeed since metho ds havetobe

ob jects to ensure uniformity they will havetyp es Moreover when metho ds are manipulated

as ob jects eg passed as arguments to other metho ds their typ es should b e descriptive

enough to ensure the validityoftyp echecking

Metho d uniformity at the typ e level no distinction b etween typ es of stored and computed

metho ds This is a direct consequence of the language requirement

Supp ort for multimetho ds multiple dispatch This is a consequence of the language require

ment

Another desirable feature of an ob jectoriented typ e system is substitutability at least for interface

inheritance This prop erty is essential to achieve one of the primary goals of the ob jectoriented

paradigm co de reuse

Database programming language requirements

Database programming languages DBPLs p ossess their own set of distinguishing features that

p oses additional requirements on typ e systems The approach of the previous subsection will b e

used to derive the typ e system features from the following list of necessary features of a p ersistent

language that is taken from AB AM

Persistence indep endence the form of the program is indep endent of the longevity of data

the program op erates up on This is necessary to provide seamless integration b etween the

database and the language and to signicantly reduce the amount of co de necessary to deal

with p ersistent data

Orthogonalityoftyp e and p ersistence data of all typ es can b e p ersistentaswell as transient

This is an aid to data mo deling as it ensures that the mo del can b e indep endent of the longevity

of data It also eliminates the need of explicit p ersistenttotransientdataconversions

Userdened typ e constructors This requirement is due to the necessity of mo deling new

p otentially complex data structures in a uniform and consistent manner

Information hiding also known as encapsulation Encapsulation allows for data mo deling at

a higher more abstract level as it hides the implementation details and gives the programmer

an ability to deal with abstract interfaces rather than concrete data structures It greatly

facilitates mo deling co de reuse and comp onentintegration

Polymorphism parametric inclusion or b oth Parametric and inclusion p olymorphisms make

the sp ecications more succinct and precise They also allow for a signicant reduction in the

amount of co de that needs to b e written to sp ecify and implement a particular data mo del

as a signicant p ortion of the sp ecications are reused via genericityachieved by the use of

p olymorphic constructs

Static and strong typing with provisions for partial typ e sp ecication which necessitates the

presence of a typ e mechanism similar to one formed bytyp e constructor dynamic and op erator

typecase This is necessary in order to deal with data that come from a p ersistent store whose

structure is only partially known at the time the program is written An example of a program

that requires such capabilities is a generic database browser that is supp osed to work on any

database indep endently of its structure

Incremental program construction and mo dularity This principle ensures that most of the

program mo dications can b e done lo cally without aecting the rest of the co de While this

prop ertyisvery imp ortant for programming languages in general it is even more imp ortant

for database programming since databases tend to exist and evolve for extensive p erio ds of

time As a database evolves the programs designed to op erate on it havetoevolveaswell

Mo dularity is one of the ma jor features that signicantly reduce the overhead of suchan

evolution

Query facilities One of the main reasons b ehind the success of the relational data mo del was

its ability to supp ort declarative simple yet p owerful data accessquery languages In order

for ob ject systems to b e successful they must provide querying capabilities equal or exceeding

those of the relational systems

Ability of a program to deal with state change This requirement is necessary as p ersistent

data outlive the program and if a program is not able to change data the state of p ersistent

data will never change

From this list of requirements the following prop erties of the typ e system can b e derived



Features not related to typ e system are dropp ed from the list

Typ es classes in the typ e system should not b e sp ecied as either p ersistent or transient

This is the DBPL requirement reformulated in terms of typ e system terminology

Userdened typ e constructors This is the same as the DBPL requirement

Encapsulation This follows from the DBPL requirement

The presence of parametric typ es This follows from the DBPL requirements parametric

p olymorphism and It is also desirable to handle b ounded constrained parametric typ es

as it increases the mo deling p ower of the typ e system

Possibility of partial typ e sp ecication and dynamic typ e checking This follows from the

DBPL requirement

Veriable and sound typ e system as a consequence of the DBPL requirement

Incremental typ e checking as a consequence of the DBPL mo dularity requirement

The ability of the typ e system to correctly typ e declarative queries This stems from the

DBPL requirement According to BP this requires that the typ e system can supp ort

union least upp er b ound typ es

The ability of the typ e system to deal with typ es of mutable ob jects later referred to as mutable

ob ject typ es and assignment This is a direct consequence of the DBPL requirement

In addition to the ab ove KCMSadvo cates the use of reection in p ersistent ob ject systems

The combination of ob jectorientedness and p ersistence p oses some additional requirements de

scrib ed in the next subsection

Ob jectoriented database system requirements

A list of features needed or desirable in ob jectoriented database management systems OODBMS

and the rationale b ehind it are given in ABD This is the most comprehensiveofsuch lists

published so far

The following list is the part of it that is related to typ e system issues It contains the additional

requirements to those already listed in the previous subsections

Complex ob jects orthogonal typ e constructors should include at least sets tuples and lists

This is necessary to ensure that the mo deling p ower of the system is sucient to deal with

mo dern applications such as CADCAM medical and geographical information systems

Extensibility userdened and system typ es should have the same status and the user should

b e able to add new primitive typ es to the system This is also due to the necessity of dealing

with new demanding application areas It is imp ossible to anticipate all the data typ es that will

b e required to mo del the data structures in those areas since some of them are yet to emerge

By providing the same status to system and userdened typ es the system guarantees that its

capabilities are not decreased when it is applied to a new application domain Also advo cated

in MS

Views A view is in a sense an ability to transparently change the app earance of data for

dierent users clients The imp ortance of this concept as well as its usefulness and p ower

have b een convincingly demonstrated byyears of exp erience obtained by the researchand

industrial communities in dealings with relational databases



Some issues often considered as deciencies of ob jectoriented systems for example in Kim but deemed



optional in ABD are listed here as mandatory The reason for that is the understanding that if ob jectoriented

databases are to b e the next step in the database development they should utilize the advances already made in

relational databases

Dynamic schema evolution This requirement is based on the necessitytomaintain and

change the database structure over extensive p erio ds of time While it is sometimes p ossible

to create a completely new database with a new schema and migrate data to it this approach

is usually quite exp ensive and results in a substantial down time This is often not acceptable

in large distributed applications such as air trac control systems Dynamic schema evolution

makes it p ossible to change a database structure transparently to its users

These additional requirements havetobetaken into account when designing a typ e system for a

pure ob jectoriented database programming language Next these requirements will b e summarized

and a short overview will b e given

Summary of requirements

The following is the compilation of all typ e system requirements presented so far The categorization

of the requirements presented here is sub jective but it do es provide a useful structure to the extensive

set of requirements compiled so far Each requirement listed b elowcontains a reference to the section

where it has b een intro duced and explained

Theoretical requirements

a Veriability preferably decidable and provable soundness of the typ e system These

features are necessary for the typ e system to b e useful for program verication see

Section and Section

Inheritance requirements

a Inheritance mechanisms for b oth interface and implementation inheritance Section

b Substitutability prop erty at least for interface inheritance Section

Expressibility requirements

a Metho d typ es Section

b Parametric typ es Section

c Orthogonal typ e constructors at least sets tuples and lists Section

d Encapsulation Section and Section

e The ability of the typ e system to deal with mutable ob ject typ es and assignment Sec

tion

f The ability of the typ e system to correctly typ e multimetho ds Section

g The ability of the typ e system to correctly typ e SQLlike queries Section

Uniformity requirements

a Extensibility userdened and system typ es should have the same status Section

b Typ es classes in the typ e system should not b e sp ecied as either p ersistent or transient

Section

c Metho d uniformity at the typ e level no distinction b etween typ es of stored and computed

metho ds Section

Reexivity requirements

a Typ e system reexivity Section

Dynamic requirements

a Possibility of partial typ e sp ecication and dynamic typ e checking Section

b Provisions for schema evolution Section

Other requirements

a Transparency of the typ e system for a programmer Section

b Incremental typ e checking Section

c The ability to dene views in a typ esafe fashion Section

Some of the ab ove requirements are complimentary while others are contradictory Most notably

decidable verication conicts with reection as shown for example in Carb Also enforce

ability conicts to a degree with partial typ e sp ecication Another conict can b e seen in that the

complexity of the typ e system that satises the expressibility requirements ab ove will most probably

make the resulting typ e system much less transparent for a programmer than one would likeittobe

CMM also identied a conict b etween substitutabilitymutable typ es and static typ e safety

The presence of suchcontradictory requirements makes the task of designing a typ e system that

satises them particularly dicult

The following is a set of test programs that a typ e system should b e able to typ e correctly

These tests are primarily designed to test typ e systems for their expressibility as this is the most

dicult set of requirements to check however the last test is the test for reexivity and uniformity

The programs are written in an ob jectoriented pseudolanguage

These programs are designed to test known problem areas of ob jectoriented typ e systems They

are also used to verify the ability of the typ e system to consistently and orthogonally combine

parametric and inclusion p olymorphism with mutable typ es and assignment This has to b e done

b ecause soundness veriability parametricity substitutabilityandmutable typ es are all among the

requirements for an OODBPL typ e system

Many of the expressibility tests are adapted from BP which presented a b enchmark for testing

typ e system expressibilityHowever their b enchmark was designed to measure the expressibilityof

atyp e system for an ob jectoriented programming language and not for an ob jectoriented database

programming language Thus some tests related to the additional expressibility requirements pre

sented ab ovewere added

The requirement related to mutable ob ject typ es and assignmentistestedbyeach of the tests

b elow This is done in order to verify that a typ e system can deal with mutable typ es in combination

with parametric and inclusion p olymorphisms This is a wellknown problem area in ob jectoriented

typ e systems CMM

Person and T Child with metho d getAge that returns T Integer when applied to a Typ es T

p erson and T SmallInteger when applied to a child PERSON

type TInteger

type SmallInteger subtype of Integer

type TPerson

getAge TInteger

type TChild subtype of TPerson

getAge TSmallInteger

TPerson p new TPerson

TChild c new TChild



Note that the terms test and test program are not used here in the traditional software engineering sense



The programming language examples are used to illustrate the tests and not to suggest the necessary language

constructs

TInteger i

TSmallInteger si

i pgetAge should be Ok

i cgetAge should be Ok

si pgetAge should cause compiletime error

si cgetAge should be Ok

This test is designed to verify that subtyping do es not necessitate the absence of changes

Surprisingly there is a considerable numb er of languages that do not allow any changes while

inheriting only additions This signicantly limits the p ower of the typ e system and forces

the designer to use less sp ecic typ e information

Typ es T Point and T ColorPoint with equality on b oth The equalitybetween color p oints

should takecolorinto account while the equalitybetween two p oints or b etween a p ointand

a color p oint should ignore it POINT

type TPoint

equalTPoint pTBool implementation equal

type TColorPoint subtype of TPoint

equalTColorPoint pTBool implementation equal

TPoint p new TPoint

TColorPoint p new TColorPoint

pequalp should call equal

pequalp should call equal

pequalp should call equal

pequalp should call equal

p new TColorPoint

pequalp should call equal

pequalp should call equal

pequalp should call equal

pequalp should call equal

This test is adapted from BP It tests the typ e systems abilitytodealwith binary methods

awellknown problem area in ob jectoriented typ e systems BCC FM

Typ es T Number with unrelated subtyp es T Real and T Radixand T Date with comparison

metho ds such that comparing twonumb ers or two dates is legal while their crosscomparison

is not All metho d co de b elow except for the co de for the metho d less should b e reused

COMPARABLE

interface IComparable

lessselftype cTBool

greaterselftype cTBool implementation return clessthis

type TNumber implements IComparable

lessTNumber nTBool implementation less

type TReal subtype of TNumber

type TRadix subtype of TNumber

type TDate implements IComparable

lessTDate dTBool implementation less

TDate d d

TNumber n n

TRadix radixVar xF

TReal realVar

d d

n realVar

n radixVar

nlessn should call less

ngreatern should eventually call less

nlessrealVar should call less

ngreaterradixVar should eventually call less

dlessd should call less

dgreaterd should eventually call less

dlessn should cause compiletime error

nlessd should cause compiletime error

This is an additional test for binary metho d handling It tests whether the subsumption

prop ertycanbemaintained in the presence of binary metho ds This test is necessary due

to the fact that some approaches to the binary metho d problem most notablymatching

BSG BFP abandon substitutability and substitutability is one of the requirements for

an OODBPL typ e system

Parametric inputoutputIOstream typ e hierarchysuch that the three typ es are parameterized

bythetyp e of ob jects readablewritable tofrom a particular stream with T IOstream b eing

a subtyp e of b oth input and output stream typ es STREAMS

type TInputStreamcovarX

getX

isEmptyTBool

type TOutputStreamcontravarX

putX arg

type TIOStreamnovar X subtype of TInputStreamX TOutputStreamX

type TPoint

type TColorPoint subtype of TPoint

TPoint p new TPoint

TColorPoint cp new TColorPoint

TInputStreamTPoint isp

TOutputStreamTPoint osp

TIOStreamTPoint iosp

TInputStreamTColorPoint iscp

TOutputStreamTColorPoint oscp

TIOStreamTColorPoint ioscp

Initialization of the above streams

p ispget should be Ok

p iscpget should be Ok

cp ispget should cause compiletime error

cp iscpget should be Ok

ospputp should be Ok

oscpputp should cause compiletime error

ospputcp should be Ok

oscpputcp should be Ok

isp iosp should be Ok

isp ioscp should be Ok

iscp iosp should cause compiletime error

iscp ioscp should be Ok

osp iosp should be Ok

osp ioscp should cause compiletime error

oscp iosp should be Ok

oscp ioscp should be Ok

This test is designed to verify that a combination of parametric and inclusion p olymorphism

in the typ e system do es not adversely aect either of them In other words it tests the

orthogonality of the two p olymorphisms The presence of b oth parametricity and inclusion

p olymorphism subtyping substitutability in the typ e system is among the requirements

compiled earlier The unrestricted combination of the two p olymorphisms is known to b e

dicult DGLM BOSWc

Sorting of arbitrary ob jects under the constraint that all the ob jects have a comparison metho d

SORT

interface IComparable

lessselftype cTBool

type TNumber implements IComparable

type TPerson

type TListnovar X

sortTListX list TListX where X implements IComparable

implementation

TListTNumber ln

TListTPerson lp

Initialization of list variables

ln sortln should be Ok

lp sortlp should cause compiletime error

lp sortln should cause compiletime error

ln sortlp should cause compiletime error

This test is due to BP It is designed to verify the abilityofthetyp e system to deal with

b ounded quantication of the form for all typ es satisfying a given condition This is yet

another asp ect of the binary metho d problem It also tests the ability of the typ e system to

provide a link b etween parametricity and subtyping

Generic sort with a comparison metho d as a parameter The generic sort can b e applied to

a set of any ob jects provided that an appropriate comparison metho d is supplied GENSORT

type TListX

type TNumber

lessTNumber argTBool

type TDate

compareTDate argTBool

sortTListX list XXTBool comparison TListX

implementation

TListNumber ln

TListDate ld

Initialization of list variables

ln sortlnless should be Ok

ld sortldcompare should be Ok

ln sortldcompare should cause compiletime error

ln sortlncompare should cause compiletime error

This test is also from BP It is designed to verify that the typ e system is capable of

combining parametricity metho d typing and substitutability

A singlelinked list no de typ e and a doublelinked list no de typ e where the second typ e inherits

from the rst one A singlelinked list no de typ e is a recursively dened typ e with a mutable

attribute that represents the list no de linked to the given one A doublelinked list no de typ e

has an additional mutable attribute to represent the second link The typ e system should not

allow links b etween dierentnodetyp es

Note that in this example the doublelinked no de typ e is not a subtyp e of a singlelinked no de

typ e however the typ e system should b e exible enough to allow co de reuse b etween them

The co de sample uses the keyword extends in order to describ e this relationship b etween

typ es LIST

type TLinkedListNode

selftype next

getNextselftype implementation return next

attachTLinkedListNode node

implementation attach

type TDoubleLinkedListNode extends TLinkedListNode

selftype prev

getPrevselftype implementation return prev

attachTDoubleLinkedListNode node

implementation attach

TLinkedListNode lln lln

TDoubleLinkedListNode dlln dlln

Initialization of list node variables

lln dlln should cause compiletime error

lln lln should be Ok

llnattachlln should call attach

dllnattachdlln should call attach

llnattachdlln should cause compiletime error

dllnattachlln should cause compiletime error

This test is also adopted from BP It checks whether the typ e system supp orts co de reuse

beyond that provided by subtyping In other words it checks if co de reuse is p ossible b etween

typ es that are not in a subtyping relationship with each other Situations analogous to the

one describ ed in this test o ccur frequently when dealing with mutable typ es

Set union and intersection for immutable sets SET

type TSetX

unionTSetY summand TSetlubXY

intersectionTSetY summand TSetglbXY

type TPerson

type TStudent subtype of TPerson

TSetTPerson sp sp

TSetTStudent ss ss

Initialization of set variables

sp spunionsp should be Ok

sp spunionss should be Ok

sp ssunionsp should be Ok

sp ssunionss should be Ok

ss spunionsp should cause compiletime error

ss spunionss should cause compiletime error

ss ssunionsp should cause compiletime error

ss ssunionss should be Ok

sp spintersectionsp should be Ok

sp spintersectionss should be Ok

sp ssintersectionsp should be Ok

sp ssintersectionss should be Ok

ss spintersectionsp should cause compiletime error

ss spintersectionss should be Ok

ss ssintersectionsp should be Ok

ss ssintersectionss should be Ok

This test is designed to verify that set op erations used in SQLlike declarative queries can

b e successfully and precisely typ ed This is necessary to ensure seamless integration of such

queries into the language

Function apply APPLY

applyXY msg X objY implementation

type TInteger

type TSmallInteger subtype of TInteger

type TPerson

getAgeTInteger

type TChild subtype of TPerson

getAgeTSmallInteger

TPerson p new TPerson

TChild c new TChild

TInteger i

TSmallInteger si

i applygetAgep should be Ok

i applygetAgec should be Ok

si applygetAgep should cause compiletime error

si applygetAgec should be Ok

This test is analogous to the calculus test presented in BP it diers in that this test

also includes assignment It is designed to verify the abilityofthetyp e system to deal with

metho d typ es and uniformly treat metho ds as ob jects in the system

General database browser The browser should b e able to deal with databases that havean

unknown schema BROWSER

printNumberTNumber num implementation

type TPerson

getAgeTInteger

TObject root

TDatabase db

dbopen

root dbgetRoot

typecase roottypeOf

subtype of TNumber

printNumberroot should be Ok

subtype of TPerson

printNumberrootgetAge should be Ok

otherwise

printSomething else

rootgetAge should cause compiletime error

printNumberrootgetAge should cause compiletime error



The given co de only tests the ability of the typ e system to deal with dynamic typ e information in a typ esafe

manner A complete browser would also require the ability to examine typ e structure of previously unknown typ es

This test checks the abilityofa typ e system to handle partial typ e sp ecications and dynamic

typ e checking Both are on the list of requirements for an OODBPL typ e system

This set of requirements and tests will b e used in the next section to evaluate existing languages

and typ e systems

Related work

In this section typ e systems of many current languages as well as theoretical developments in the

area will b e reviewed These typ e systems and languages are listed in Table The table gives

references and pages in this dissertation where a given system is reviewed

The comparison b etween the typ e systems is presented in Table Table and Table

Not all of the languages and systems listed in Table are present in these tables Typ e systems

that are sup erseded by other typ e systems reviewed in this section languages that havenostatic

typ e systems and incomplete typ e systems are excluded from the review tables

Table lists features of the reviewed typ e systems that corresp ond to the requirements listed

in Section Veriability is understo o d as the presence of a decidable typ e checking algorithm

Static soundness means that a successfully typ echecked program do es not pro duce errors at runtime

while dynamic soundness means that the program rep orts al l p ossible typ e errors at runtime in a

welldened and predictable manner Static soundness is strictly stronger then dynamic soundness

The column uniformityatomics means that ob jects of primitive atomic typ es have the same rights

as ob jects of userdened typ es The column uniformitymethods refers to the ability of a language

to treat metho ds or messages or b oth as ob jects Reectiontypecase indicates the abilityofa

language to deal with dynamic typ e checking in a typ esafe manner Finally reectionevolution

shows whether a given language supp orts incremental typ e system evolution

Table compares various asp ects of typ e system expressibility The rst two columns indicate

whether a given typ e system has a notion of subtyping shows what kind of subtyping structural

implicit or userdened explicit it supp orts and what kind of inheritance single or multiple

the typ e system has The third column shows whether the typ e system supp orts metho d function

typ es The fourth column addresses the issue of dispatch single or multiple in the given typ e

system Columns through deal with parametricity and its relationship with subtyping Column

indicates whether a given typ e system supp orts parametric typ es Column shows if a typ e system

can deal with constrained parametric typ es Positive indication in column means that a typ e

system makes it p ossible for dierent parametric typ es formed using the same typ e constructor

to have a subtyping relationship with each other for example T SetT Person is a subtyp e of

T SetT Student Column indicates whether the typ e system is capable of sp ecifying subtyping

relationships b etween parametric typ es with dierent typ e constructors eg T ListT Person is

SetT Person Column is an indication of the abilityofatyp e system to deal a subtyp e of T

with mutable typ es This indication is negative for typ e systems of purely functional languages

Column shows whether a typ e system supp orts intersection greatest lower b ound typ es

FinallyTable demonstrates the p erformance of the reviewed typ e systems on the test suite

From the analysis of the results presented in Table it can b e concluded that languages Mini

Cecil and Transframe rate the b est on the test suite However none of them has provably sound

typ echecking in fact typ echecking MiniCecil is likely to b e undecidable Lit Of the systems

with sound and veriable typ e checking the most impressive is Sather however its typ e system

lacks multiple dispatch and union typ es Soundness of Sather typ e system has not b een formally

proven Almost all theoretical typ e systems show similar p erformance on the test suite

Sound typ e checking substitutability parametricity metho d typ es and multimetho ds app ear

together in only one typ e system that of ML However ML as well as most ML clones severely

restricts usage of mutable typ es and do es not deal well with certain asp ects of binary metho ds and

parametricity failed tests COMPARABLE and STREAMS

Due to the enormous numb er of languages constantly b eing develop ed by the scientic community this review

has to b e incomplete However every eort has b een made to include known languages with interesting typ e system

features or their analogs Thus I hop e that none of the essential typ e systems are left out

Table Typ e system index

References Reviewed on page

C Str

E RCS

O AG

O LRV

Java AG DE Sar

Generic JavaGJ BOSWc BOSWa BOSWb

Java parametric extension JPE MBL

Pizza OW AFM

Virtual typ es in Java JVT Tho BOW



ODMGOQL CBB

Mo dula Wir

DBPL SM



Mo dula LML

Mo dula Har

Ob eron MW RS

Lago ona Fra

Theta DGLM

Ada Ada

Eiel Mey

Sather SO



Emerald RTL

BETA MMPN

VML KT



Napier MBC

Smalltalk GR

Strongtalk BG

Cecil Cha Chab

BeCecil CL CL

MiniCecil Lit

Transframe Sha



CLOS BDG

Dylan App



TM BBdB

ML MTH Wri

Machiavelli OBBT BO

Fib onacci AGO

ML BMb BMa

Constrained typ es in ML AWL AW Pot Reh

Constrained typ es in Erlang MW

calculus CGL

PolyTOIL BSG BSG

Lo op ESTZ ESTb ESTa

TL MS MMS

TooL GM

TOFL QKB

Table Typ e system features

Soundness Separation b etween Uniformity Reflection

Typ e system Verifiability Static Dynamic interface and Substitutability Atomics Metho ds Typ ecase Evolution

implementation

C

E

O

O Unknown Unknown

Java Core only

GJ Unknown

JPE Unknown

Pizza

JVT Unknown

ODMG Unknown Unknown

DBPL Unknown Unknown na na

Mo dula Unknown Unknown

Mo dula Unknown Unknown

Ob eron Unknown Unknown

Theta Unknown Unknown Unknown

Ada Unknown Unknown

Sather

Emerald Unknown Unknown

BETA Unknown

Napier na na

Strongtalk Unknown Unknown

Cecil Unknown

BeCecil Unknown Unknown Unknown

MiniCecil Unknown Unknown Unknown Unknown

Transframe Unknown Unknown

TM Unknown na

ML na na

Machiavelli na

Fib onacci na

ML na

PolyTOIL na

Lo op na

TL Unknown Unknown Unknown

TooL Unknown Unknown na Unknown

TOFL na

Except for covariant arrays whichhave b een kept in Pizza only for backward compatibilitywithJava

These features are based on modulespackages fragments rather than on types

Substitutabilityworks for p ointers and references only

For ob ject typ es only

Even though a typ e can b e examined dynamically in O typ echecking do es not take this into account

Classes implementation typ es only

Evolution is typ eunsafe

The test STREAMS proved to b e the most dicult one This is surprising as the test outlines

the situation that o ccurs in almost every language dealing with IO op erations on a relatively high

level Only the typ e systems of Emerald and MiniCecil where able to pass this test however none

of these typ e systems has a pro of of soundness

Overall typ e systems with nice theoretical prop erties show only mo derate p erformance on the

test suite while typ e systems that p erform well on tests lack a theoretical basis

The rest of this section presents a detailed review of various typ e systems The index of these

typ e systems is found in Table

Typ e systems review

C Str is currently one of the most widely used ob jectoriented programming languages C

typ es combine the characteristics of interface and implementation typ es in that they dene b oth the

interface and the structure of their ob jects Classes in C are sp ecial cases of typ es classes sp ecify

prop erties of rstclass ob jects while typ es sp ecify prop erties of nonrstclass ob jects C inher

itance rules are novariant however C allows p olymorphic function and metho d sp ecications by

using a metho d function signature instead of a name for identication purp oses In the presence

of static typ e checking this is equivalent to a restricted form of static multiple dispatch Nonrst

class ob jects in C are op erated up on by free functions only ob jects instances of classes have

metho ds C also provides parametric typ es templates that can take an arbitrary number of

parameters parametric typ es can b e subtyp ed

The C typ e system is not veriable in general due mostly to its unrestricted use of p ointer

conversions however partial verication is p ossible and is p erformed at compilation time The C

typ e system combines interface and implementation inheritance and thus violates the rst inheritance

requirement It is not completely uniform as it distinguishes b etween data and ob jects and treats

Table Typ e system expressibility

Subtyping Metho d Dispatch Parametric typ es Mutable Intersection

Typ e system Inheritance typ es Bounded Intra Inter typ es typ es

C Userdefined Multiple Single

E Userdefined Multiple Single

O Userdefined Multiple Single na na na

O Userdefined Single na na na

Java Userdefined Multiple Single na na na

GJ Userdefined Multiple Single

JPE Userdefined Multiple Single

Pizza Userdefined Multiple Single

JVT Userdefined Multiple Single

ODMG Userdefined Multiple Single na

DBPL Userdefined na na na na na

Mo dula Userdefined Single Single na na na

Mo dula Userdefined Single Single na na

Ob eron Structural na Single na na na

Theta Userdefined Multiple Single

Ada Userdefined Single Single

Sather Userdefined Multiple Single

Emerald Structural na Single na na Unknown

BETA Structural Single Single na na

Napier na na na na

Strongtalk Structural Single Single

Cecil Userdefined Multiple Multiple

BeCecil Userdefined Multiple Multiple na na na

MiniCecil Userdefined Multiple Multiple

Transframe Userdefined Multiple Multiple

TM Both Multiple Single

ML Structural na na na

Machiavelli Structural na na na na na

Fib onacci Userdefined Single Unknown na na na Implicit

ML Both Multiple Multiple Implicit

PolyTOIL Structural na Single na na

Lo op Structural na Single na na na Implicit

TL Structural na na

TooL Structural Multiple Single

TOFL Userdefined Multiple Multiple Implicit

Structural subtyping is the default however user can explicitly turn it off when needed

Userdefined for classes structural for algebraic data types

Only for interfaces classes have single inheritance

Blo cktyp es only

Only virtual functions are dispatched

Only tagged types are dispatched

Dispatch mo deled as record field extensionexecution

Only systemdefined parameters can only b e used for sp ecification of prop erties

These features are based on modules rather than on types

The language provides mechanism more expressive then b ounded quantification

Always covariant

Only covariant and novariant parameters are allowed

Table Typ e system tests

Typ e system PERSON POINT COMPARABLE STREAMS SORT GENSORT LIST SET APPLY BROWSER

C

E

O

O

Java

GJ union

JPE union

Pizza union

JVT

ODMG union

DBPL

Mo dula

Mo dula

Ob eron

Theta

Ada

Sather

Emerald

BETA

Napier

Strongtalk union

Cecil

BeCecil

MiniCecil

Transframe union

TM

ML

Machiavelli

Fib onacci

ML union

PolyTOIL

Lo op

TooL

TOFL union

Relies on dynamic typ e checking

Only suggestivetyp echecking

While the subtyping relationship required by the test holds one typ e can not b e derived from the other

If typ e parameters are explicitly instantiated

This test can b e only programmed with blo cks rather than messages

Builtin op erators for dealing with sets are provided however their typing is sp ecial nonuserdefinable

If RTTI is present

Even though a typ e can b e examined dynamicallytyp echecking do es not takethisinto account

attributes in a sp ecial wayCprovides a limited substitutability for ob ject p ointers not for

ob jects In terms of expressibility the C typ e system is quite p owerful as it has function typ es

parametric typ es orthogonal typ e constructors and deals with mutable ob ject typ es However

when used on the test suite the C typ e system fails all tests except for GENSORT Other

tests can b e programmed but only with signicanttyp echecking lapses The reason for this is

the fact that C do es not handle the typing of binary metho ds since it lacks multiple dispatch

Parametric typ es in C can only b e used when fully instantiated thus limiting a programmers

ability to dene p olymorphic functions metho ds Typ e parameters are always unrestricted and

novariant The variant of C that includes runtime typ e information RTTI allows for dynamic

typ e checking allowing it to tentativelypasstheBROWSER test Intersection and union typ es

can not b e represented by the C typ e system The C typ e system is also quite complicated

ERCS is derived from C and b orrows much of the typ e and class system from it Dif

ferences b etween E and C lie in the sp ecication of parametric typ es and in the fact that E is

a p ersistent language In E as opp osed to C parametric typ es called generic classes can b e

sp ecied using a general typ e parameter restriction mechanism however subtyping for parametric

classes can not b e dened in E This mechanism allows a programmer to sp ecify restrictions on

metho ds of a parameter typ e For example it is p ossible to require a certain function metho d

parameter typ e to haveacompare metho d with a given sp ecication thus making the test SORT

succeed As a p ersistent language E is not completely uniform as its p ersistence is typ edep endent

E also fails the BROWSER test

O AG is another p ersistent language derived from C It is similar to C in all

resp ects except for provisions for p ersistence queries and a limited form of typ ereection Persis

tence in O is not typ ebased thus its typ e system is uniform in this resp ect Typ e reection

in O is provided by the means of the is op erator that checks whether a given ob ject has a given

O still do es not have orthogonal p ersistence as its p ersistence is declarationbased also p ersistent ob ject

creation is dierent from transient ob ject creation

typ e However the BROWSER test in O still fails with resp ect to typ e checking even though it

can p otentially b e programmed The SETS test also fails as O queries do not provide the full

power of SQL even though the typing for forall and suchthat is present in O at the op erator

nonuserdenable level

O LRV provides a family of languages but its typ e system is the same in all of them so

here the discussion is based up on the CO language which is based on C The typ e system of

O makes a distinction b etween rstclass and nonrstclass ob jects called values in O however

values in O are mutable O uses the term type to refer to implementation typ es of nonrst

class ob jects and the term class to refer to typ es of rstclass ob jects which combine prop erties of

interface and implementation typ es Thus the typ e system of O is not completely uniform in that

only rstclass ob jects are manipulated by metho ds much like in C Inheritance in O is based

on implementation subtyping with an additional ability to add or mo dify metho ds O adopts a

covariant signature renement rule thus providing for more natural data mo deling However in the

absence of multiple dispatch this covariant rule results in the loss of static typ e safety and thus the

typ e system of O is unsound O do es not provide any kind of parametricity metho ds messages

and typ es are not ob jects in O O is uniform in terms of p ersistence it is orthogonal to the typ e

O also makes provisions for dynamic schema evolution however this evolution is not typ esafe

O s typ e system essentially fails all tests for typ e system expressiveness since even the tests that

could b e programmed would pass typ e checking and fail at runtime In BC multimetho ds are

used to provide typ e safety for covariant sp ecications in the O programming language With the

addition of the mechanisms describ ed in the article test POINT would succeed while the others

would still fail

JavaAG has recently b ecome a p opular language in b oth academic and industrial commu

nities Its typ e system shares many features with that of C therefore the discussion will fo cus

primarily on its dierences from the latter The advantages of the Javatyp e system include sep

aration b etween interface and implementation b etter handling of runtime typ e information and

simplication of the overall typ e system design resulting in a much more transparenttyp e system

A nonreexiveJava fragment has b een shown to b e typ esafe DE while the full language has

certain typ e deciencies Sar On the other hand the Javatyp e system lacks metho d typ es all

metho ds when considered as ob jects have the same typ e in Java parametric typ es except for

statically unsafe parametric arrays which are builtin and inherits some of the problematic fea

tures of the C typ e system discussed ab ove Java fails all tests except for SORT the latter b eing

successful due to the presence of interfacesJava fails the GENSORT test as its metho d typ es are

not suciently expressive for this test

Recentlyseveral parametric extensions to the Javatyp e system have b een prop osed Generic

Java GJ BOSWc BOSWa BOSWb adds parametric typ es to the static typ e system

while using the same runtime mo del typ e parameters are erased and do not exist at runtime

Parametric typ es in GJ are novariant and parameters can only b e of reference class typ es There

are also several restrictions on the usage of parametric typ es and metho ds related to the particular

typ e inferencing algorithm used in GJ GJ passes the test COMPARABLE and the union part of

the SET test in addition to the SORT test passed byJava

Another parametric typ e extension of Java is prop osed in MBL JPE It allows usage of non

reference typ es as typ e parameters and also uses whereclauses to express requirements on parameter

typ es In this extension parametric typ es are also novariant The typ echecking algorithm is not

presented in MBL This extension has test suite p erformance identical to that of Generic Java

but provides a more uniform system These two approaches are informal in that they do not have

a theoretical pro of of their soundness

Yet another Java extension is Pizza OWwhich extends Java with parametric and function

typ es The approachtaken in OW is similar to that of MBL but is much b etter formalized

In fact Pizza would have b een statically typ esafe if not for covariant arrays whichwere left in Pizza

for Java compatibility It is shown that the resulting typ e system do es not have the subsumption

prop ertyHowever the same is true of all Java extensions considered so far as well as of Java itself

Pizza passes tests GENSORT and APPLY in addition to COMPARABLE and SORT due to the

presence of metho d typ es A similar set of extensions is prop osed in AFM but without metho d

typ es and a supp orting theory The latter approach however do es lift several restrictions placed on

the usage of typ e parameters in Pizza

A dierentapproach is taken by Thorup Tho where Java is extended with virtual types

JVT Here the choice is made in favor of convenience and b oth static typing and dynamic

substitutability are sacriced Because of this tests PERSON COMPARABLE and LIST could

b e programmed but would give runtime rather than compiletime errors in incorrect cases A

mo dication of this approach is presented in BOW which also compares parametric and virtual

typ e approaches

BC extends Javawithmultimetho ds that are intro duced via the socalled parasitic methods

The goal of this extension is to add supp ort for multimetho ds to the existing language providing

full compatibilitywithJava BC contains pro of of soundness for the resulting system

The Ob ject Database Management Group has develop ed a set of standards for ob ject database

management systems CBB Two of these standards sp ecify an ob ject mo del ODMG Ob ject

Mo del and an ob ject query language OQL The ob ject mo del includes typ es that sp ecify abstract

prop erties and abstract b ehavior of their ob jects Typ es are categorized as interfaces abstract

b ehavior only classes and literals abstract state only Typ es are implemented by language

sp ecic representations a single typ e can have several representations but only one of them can b e

used in a single program Interfaces supp ort multiple inheritance while classes only supp ort single

inheritance class extension Thus ODMG Ob ject Mo del provides separation b etween interface and

implementation Interfaces in this mo del can not b e instantiated Abstract prop erties in ODMG

Ob ject Mo del include abstract state and abstract relationships twoway mappings Relationships

can only b e dened b etween classes Abstract b ehavior is sp ecied as a set of operations Behavior

sp ecications are novariant in b oth their argument and return typ es ODMG Ob ject Mo del supp orts

single dispatch Several systemdened parametric container classes are present in the ob ject mo del

but the user is not allowed to dene new ones Typ e parameters can only b e used in prop erty

sp ecications op eration sp ecications can not b e parameterized OQL is a strongly typ ed query

language that provides a p ossibility of explicit dynamically checked typ e conversions Set op erations

in OQL can only b e p erformed on compatible typ es typ es that have the least upp er b ound

Since the notion of the greatest lower b ound is not available in OQL all set op erations use the

least upp er b ound for typing purp oses For example intersecting a set of students with a set of

p ersons would return a result of typ e set of p ersons even in the case when the typ e of students is

a subtyp e of the p erson typ e ODMGOQL fails all tests except for BROWSER and the union part

of the SET test It should b e noted however that ODMGOQL is not a generalpurp ose database

programming language and therefore its p erformance on the test suite is not fully indicative of the

merits of the ODMG Ob ject Mo del

The following group of languages is based directly or indirectly on Mo dula Wir Mo dula

is neither ob jectoriented nor a p ersistent language Its typ e checking is veriable Mo dula has a

construct for separating interface and implementation in the form of interface and implementation

modules and the languages based on Mo dula also use this approach This mechanism has proven

to b e very convenient and robust for pro cedural languages However its advantages and disadvan

tages for ob jectoriented languages with their primarily typ ebased approachtobothinterface and

implementation sp ecication are yet to b e evaluated

DBPL SM is one of the p ersistent languages based on Mo dula In DBPL mo dularity

is achieved by using the native language Mo dula mo dularization mechanisms with a sp ecial

DATABASE MODULE construct In the absence of mo dule p ersistence it do es not cause problems

with orthogonalityTransactions are supp orted as sp ecial pro cedures Partial SQL compatibility

is provided by the use of a RELATION OF typ e constructor with the appropriate set of op erations

and rstorder constructs ALL IN SOME INandFOR EACH DBPL also allows up datable and non

up datable views via SELECTOR and CONSTRUCTOR pro cedural sp ecications DBPL is not ob ject

oriented however it do es oer implementation typ es with no metho ds The DBPL typ e system is

static and nonreexive The tests describ ed in Section are not applicable to DBPL directly as

it is not ob jectoriented DBPL would tentatively pass only the test GENSORT The DBPL typ e

system is uniform in that system and userdened typ es have the same rights

Another p ersistent language based on Mo dula is Mo dula LML Mo dula has some

rudimentary ob jectoriented capabilities single inheritance and is similar to C in that metho d

signatures are novariant ob ject typ es are dierent from other typ es implementation and interface

hierarchies coincide and there is only a limited supp ort for function typ es Thus the Mo dula typ e

system is not uniform An interesting prop erty of Mo dula is the presence of typ e DYNAMICData

of this typ e are pairs of values and their typ es expressed as values of a comp ound typ e DATATYPE

Typ e DATATYPE is the typ e of the representations of all data typ es in the system it can b e used

indep endently of DYNAMIC typ e to store retrieve and op erate up on various data typ es Anyvalue

can b e co erced to the typ e DYNAMIC Mo dula provides a sp ecial op erator TYPECASE that provides a

typ esafe interface to the valuesoftyp e DYNAMIC The language also provides a set of predened typ e

op erators that can b e used to op erate on valuesoftyp e DATATYPEThus Mo dula provides typ e

safe immutabletyp e reection The Mo dula typ e system is static and nonparametric however

it do es provide orthogonal p ersistence The only expressibility tests that would succeed in Mo dula

are GENSORT and BROWSER Mo dula provides incremental typ e checking including its

dynamic variety

Mo dula Har is another language with ob jectoriented extensions based on Mo dula

Mo dula is not a p ersistent programming language and its ob ject extensions are similar to those of

Mo dula it also has TYPECASE statement that gives a programmer the ability to request dynamic

typ e checking in a typ esafe manner Mo dula has parameterized moduleshowever parameter

ized types are not allowed Mo dula passes the tests COMPARABLE SORT GENSORTand

BROWSER

Another descendant of Mo dula is Ob eron MW Subtyping in Ob eron is based on record

extension also known as structural subtyping The subtyping relationship is predened for atomic

typ es Thus Ob eron has multiple subtyping Ob eron supp orts single dispatch Subtyping of

pro cedure metho d typ es is based on novariance of argument and result typ es only the receiver

typ e is covariant Parametricity is not supp orted by Ob eron Separation b etween interface and

implementation is supp orted at the level of modules in the same manner as in all Mo dula based

languages Ob eron also has an extended WITH statementthatallows a programmer to dynamically

insp ect the typ e of an ob ject and act according to it This statement is similar to the TYPECASE

statement in Mo dula and Mo dula discussed earlier The typ e system of Ob eron would pass

the tests SORT GENSORTandBROWSER

There has b een a prop osal for adding parametric typ es and metho ds to Ob eron RS In

this prop osal parametric typ es are novariant and the typ e checker ensures that a parameter typ e

substitution exists that satises the rules for matching arguments of a particular call Unfortunately

neither the typ echecking algorithm nor the pro of of its soundness are present in RS

Lago ona Fra is another descendant of Ob eron It fo cuses on messages objects and message

passing In contrast to most ob jectoriented languages a message in Lago ona is an indep endent

entityAninterface category in Lago ona is a set of messages Each message has a typ e sp eci

cation There can b e several methods implementing a message each for a dierent receiver typ e

Implementation in Lago ona is sp ecied byaclass usually a record typ e when a category meets a

classatype combination of interface and implementation is b orn No co de inheritance is p ossible

in Lago ona only structure inheritance is p ossible Variables in Lago ona can b e sp ecied using either

category or class Lago ona thus provides a complete separation b etween interface implementation

representation and co de metho ds When a message is sent to an ob ject an ob ject can forward

resend it to another ob ject Other features of the Lago ona typ e system include single dispatch

and single inheritance Unfortunately the article Fraprovides insucient information to test

the p erformance of Lago ona on the test suite

The language Theta DGLMcombines the expressivepower of parametric and inclusion p oly

morphisms It also provides whereclauses that give its typ e system a exibility similar to that

provided by matching Theta has single dispatch multiple inheritance for typ es interfaces and

single inheritance for classes implementations Theta only allows novariant parametric typ es

Metho d typ es can b e sp ecied in Theta and metho ds functions can b e used as rstclass values

Theta also has reexive capabilities in the form of the typecase op erator Thetas typ e system is

veriable uniform and static It is also quite expressive However the its soundness has not b een

proven Theta passes the tests COMPARABLE SORT GENSORT LISTand BROWSER

The language Ada Ada is a pro cedural language with some ob jectoriented features Ada

has a remarkably strong supp ort for parametricity generic packages parametric mo dules and

generic subprograms parametric functions can not only b e instantiated but also used as parameters

of other generic entities thus providing for great exibilityParameter typ es can b e constrained by

a with clause requiring the typ e to have a metho d with a particular signature which can also b e

parameterized However Ada generics have to b e fully and explicitly instantiated b efore they can

b e used Another interesting and p owerful feature of Ada is the notion of an access type which

generalizes such notions as p ointer and reference allowing also for userdened access typ es

Ada also has function typ es and function arguments can b e sp ecied as in outorinout according

to the role they play Ada uses its package mechanism similar to the mo dule mechanism of Mo dula

to provide separation b etween interface and implementation On the other hand ob jectoriented

Ada features app ear to b e relatively weak in order to b e used for dynamic dispatch a typ e has

to b e explicitly declared as tagged In order to b e able to use subtyping inclusion p olymorphism

a programmer has to use a sp ecial form of parameter sp ecication Ada provides single dispatchand

single inheritance with novariant metho ds Sub classing in Ada is limited to record extension In

Ada typ es can b e examined dynamically data of a typ e can b e converted to any other typ e and such

aconversion is dynamically typ echecked The Ada typ e system is very complicated and it places

emphasis on static rather than dynamic p olymorphism Ada will pass the tests COMPARABLE

SORT GENSORT LIST and BROWSER provided generic packages rather than typ es are used

Next the objectoriented language Sather SO will b e considered Sather is based on the much

b etter known Eiel Mey however Eiel is not discussed here as one of the primary goals b ehind

the design of Sather was to remedy typing problems present in Eiel

Sather has multiple interface and implementation inheritance hierarchies almost indep endentof

each other concrete implementation typ es called classes in Sather must have leaf interface typ es

Implementation subtyping in Sather corresp onds to textual inclusion with replacements Sather

uses single dispatch and is strongly and statically typ ed Therefore its metho ds are covariant on the

receiver and contravariant on other arguments Sather also provides partial closures of its metho ds

and iterators as rstclass values It has parametric implementation typ es that can use a form of

b ounded p olymorphism to constrain typ e parameters These parametric typ es are novariantand

they can not b e used until fully instantiated Metho d arguments in Sather can b e sp ecied as

in outor inout according to the role they play The Sather typ e system correctly handles all

these cases Argumenttyp es and lo cal variables can b e sp ecied by using either Sather typ es or

Sather classes In the former case the parameter class has to b e a subtyp e of the given typ e in the

latter case the parameter class has to match the sp ecication exactly The language also provides a

novel notion of iters iterators that are an ob jectoriented generalization of lo op control structures

Sather also provides a sp ecial comp ound typ e TYPE and op erators typeof and typecaseThus it

has typ esafe immutable typ e reection The typ e system of Sather therefore p ossesses veriability

even though it has not b een formally proven and satises inheritance and partially uniformityand

expressibility requirements It passes tests PERSON COMPARABLE SORT GENSORT LIST

and BROWSER and fails on tests POINT STREAMS SETandAPPLY Note that APPLY fails

b ecause parametric typ es in Sather require full instantiation b efore they can b e used

Emerald RTL is a nontraditional ob jectoriented language that combines features of class

based and delegationbased ob jectoriented languages Ob jects are created in Emerald by a sp ecial

syntactic form called an object constructor The ob ject constructor plays a triple role rst it

denes the ob jects implementation second it denes a publicly visible ob ject interface type in

Emerald third it denotes the pro cess of ob ject creation itself Subtyping in Emerald is structural

as a typ e is understo o d as a set of signatures Typ es are also ob jects that can b e created byobject

constructors thus a user can dene new typ es including parametric ones The typ e checker uses

userdened typ es along with systemsupplied ones to typ echeck a program statically Since typ es

are ob jects dynamic typ e checking is also p ossible The Emerald typ e system is therefore veriable

uniform reexive satises inheritance requirements and is quite expressive However its soundness

is unknown Emerald passes the tests PERSON STREAMS SORTandBROWSER

BETA MMPN is a unique ob jectoriented language that unies the notions of class ob ject

and pro cedure metho d via its notion of a patternPatterns can contain other patterns suchas

memb er ob jects co de fragments and typ es BETA also has fragments that play the role of mo dules

and can also b e used to separate interface from implementation BETA fragments can b e regarded

as highlevel restricted patterns since they op erate on the same basic principles Patterns can b e

virtual a virtual pattern can b e extended by adding co de fragments in places sp ecied by the inner

placeholder aka metho d extension as in Simula BDMN by extending a virtual pattern

with additional memb ers aka record extension or by supplying a class pattern in place of a

virtual one aka parametric instantiation Virtual patterns have to b e explicitly declared as

such Unication of all language concepts using the notion of pattern makes it p ossible to design a

very p owerful language based on only a couple of orthogonal principles While the language design

simplicityisvery impressive the resulting language is quite unconventional Structural subtyping in

conjunction with a class substitution mechanism makes the typ e system of BETA statically unsound

dynamic typ e checks are inserted to ensure typ e safety Due to the uniformityofBETA all tests

except for POINT can b e co ded in it but only SORT and GENSORT have static typ e safety Illegal

usage in other tests would cause runtime typ e errors

In the p ersistent ob jectoriented language VML KT all ob jects that are instances of ob ject

typ es called classes are p ersistent while all nonrstclass ob jects of nonob ject typ es called data

types are transient However a value of a nonob ject typ e can b ecome p ersistent if it is referenced

from a p ersistent ob ject Thus VML do es not have orthogonal p ersistence VML ob ject typ es are

rstclass ob jects and as such b elong to their resp ective metaclasses Metaclasses dene some of the

essential class metho ds for example the metho ds for the inheritanceBehavior message that is used

when a metho d for a message is not found in the receiver class Thus VML allows userdened

metho d inheritance due to its classes are ob jects concept However VML data typ es are not rst

class ob jects and thus VML only partially satises the typ e reexivity requirement Inheritance in

VML can b e tailored to sp ecic application needs by using the userdenable inheritanceBehavior

message found in an appropriate metaclass VML do es not haveaveriable typ e system therefore

the tests are not applicable to it

The p ersistent programming language Napier version MBC is not an ob jectoriented

programming language however its typ e system is quite p owerful In Napier parametric typ es

can b e built freely from the basic typ es typ e constructors and typ e variables Parametric pro cedures

pro cedures with parametric typ es can also b e dened and are rstclass ob jects Napier typ es

are purely implementation typ es however Napier provides the typ e constructor abstract that

may b e considered as an interface typ e as it provides existential quantication over witness typ es

Thus the typ e system of Napier satises all expressibility requirements not related to the notions

of subtyping and inheritance However since Napier do es not have the notions of subtyping and

inheritance it fails the requirements related to those notions In Napier parametric typ es can not

b e used until fully instantiated Napier provides supp ort for a limited form of linguistic reection

via dynamic environmentsEnvironments are dynamically typ ed structures that provide bindings

of names to Napier entities Environments can b e dynamically mo died insp ected and used in

expressions Environments can b e p ersistent

Napier has a sp ecial typ e any that is a union typ e of all typ es in the system A sp ecial project

op erator can b e used to deal with values of typ e any in a typ esafe manner This op erator is similar

to TYPECASE of Mo dula Since anyvalue can b e injected into typ e any the ab ove mechanism

makes runtime data typ e insp ection p ossible Thus the typ e system of Napier has typ esafe typ e

reexive capabilities

The p ersistent store of Napier is an ob ject of typ e any that holds a typ ed collection of ob jects

The ob jects from the p ersistent store can b e pro jected from any and op erated up on transparently

after that Napier uses a p ersistence mo del based on reachability from the ro ot p ersistent store

ob ject Thus the p ersistence in Napier is orthogonal to typ e

In spite of the p ower of its typ e system Napier would only unconditionally pass the test LIST

It would however tentatively pass the tests COMPARABLE SORT GENSORTandAPPLY if

usage of explicit typ e parameters in parametric calls were allowed In other words the burden of

inferring correct parametric instantiation from the co de in Napier is placed on a programmer

rather than on the typ e checker

Next purely ob jectoriented programming languages typ e systems will b e reviewed The rst

language to b e considered in this group is Strongtalk BG which is a statically typ ed version of

Smalltalk GR Smalltalk is widely regarded as the rst purely ob jectoriented language however

it has no static typ e checking

In Strongtalk everything including typ es called classes in Strongtalk metho ds and messages is

a rstclass ob ject Thus Strongtalk is uniform All Strongtalk ob jects can b e op erated up on and

mo died at runtime and therefore Strongtalk is reexive the reexivityistyp eunsafe Strongtalk

separates interfaces protocols from implementations classes provides subtyping and matching It

also has parametric novariant typ es and messages blo cktyp es and union typ es However the user

has to explicitly sp ecify a mechanism to guide parametric typ e inferencing resulting in the loss of

substitutability It is also unclear from BG whether Strongtalk allows b ounded parametric typ es

Strongtalk provides single inheritance and single dispatch Subtyping is structural but the user can

use brands to restrict it Even though Strongtalk was not designed to b e a p ersistent language it do es

provide uniform p ersistence of its ob jects in a socalled imageOverall the Strongtalk typ e system

is quite expressive uniform and reective It passes the tests COMPARABLE LIST BROWSER

and p ossibly GENSORT if parametric typ e b ounds are allowed The union part of the SET test

is also passed Strongtalk would fail the tests PERSON POINT STREAMSaswell as APPLY

and SORT the latter two could b e programmed but only with blo cks rather than messages

Cecil Cha Chab is a delegationbased language that has b oth implementation and interface

typ es the former are called representations while the latter are called types Typ es in Cecil are used

for suggestivetyp echecking only as Cecils multiple dispatch is done according to representations

Cecils typ e checking is suggestive b ecause it might rep ort false errors or miss real ones therefore

its typ e discipline is not enforceable Cecils do es not supp ort incremental typ e checking Cecil

uses multiple dispatch and provides covariant sp ecication of sp ecialized arguments together with

contravariant sp ecication of unsp ecialized ones Closures and metho ds are rstclass ob jects in

Cecil they are contravariantly typ ed Cecil also provides novariant parametric typ es and metho ds

as wellastyp e parameter b ounds Parametric typ es in Cecil can b e instantiated either explicitly or

implicitly in the latter case the user has to provide a hinttothetyp e inferencing algorithm This

b ehavior results in loss of substitutability Cecil has multiple inheritance union and intersection

typ es Overall the Cecil typ e system is quite expressive and uniform while b eing nonreexive and

static It also satises the inheritance requirements Since Cecil typ e checking is only suggestive

it is dicult to apply the tests to it However tests that Cecil would tentatively pass include

PERSON POINT SORT GENSORT LIST SET APPLYand BROWSERItwould fail the tests

COMPARABLE due to the restrictions on parametric typ e b ounds and STREAMS due to the

novariance of parametric typ es

There are several extensionsmo dications to the original Cecil language One of these extensions

is BeCecil CL CL BeCecil is a statically typ echecked version of Cecil It supp orts blo ckand

mo dular structure has extensible ob jects and an extensible typ e system and its typ e system has

b een formalized However soundness and substitutability prop erties haveyet to b e proven BeCecil

also has a novel notion of acceptors which can b e considered as an ob jectoriented generalization of

the assignment op erator However BeCecil do es not have parametric typ es while sharing most of the

other features with Cecil The absence of parametricity contributes to the decreased expressibilityof

the BeCecil typ e system as compared to that of Cecil BeCecil passes the tests PERSON POINT

SORT GENSORTandLIST and fails the rest

Another mo dication MiniCecil is describ ed in Lit MiniCecil strives to achieveacom

bination of static typing and a very general form of parametric p olymorphism MiniCecil also has

frameworks which are basically interfaces with what app ears to b e an analog of selftype The

frameworks can b e used to separate interface and implementation as well as to achieve the eect of

matching Metho ds in MiniCecil are rstclass ob jects multimetho ds and multiple inheritance are

supp orted Subtyp e clauses can have a form of forall C isa C C isa C where is a

set of free typ e variables and C are typ e sp ecications The resulting typ e system is very expressive

i

Except for a p ossible uniformity breach in the form of direct attribute access

Being a delegationbased language Cecil has language reection however the typ e system of Cecil is not reexive

as Cecil typ es are not ob jects and can not b e manipulatedby the language More precisely representations of Cecil

are reexivewhile types are not

it can even b e argued that it is the most expressivetyp e system p ossible However the typ echecking

seems to b e undecidable The algorithm prop osed is a conservative approximation and its soundness

is yet to b e proven It is also unknown if the resulting typ e system has substitutability MiniCecil

would pass all tests except for BROWSER as it do es not have reexive capabilities

Transframe Sha allows the user to sp ecify whether a parameter of a parametric typeisto

be covariantornovarianttypeexact and to constrain it by giving it an upp er b ound Subtyping

and sub classing interface and implementation inheritance are dierent concepts in Transframe

There is a distinct name selfclass that allows classes to supp ort matching The language unies

the notions of class and function likeBETA Transframe also supp orts multiple dispatch There

are provisions for dynamic typ e checking and dynamic schema evolution Transframe implicitly

instantiates parameter typ es in expressions unfortunately there is no formal pro of of typ e safety

In fact it can b e shown that the typ e system presented in Shaisnot typ esafe Overall the

Transframe typ e system is veriable very expressive almost uniform and dynamically reective

However it is unsound Transframe would pass all expressibility tests except for the test STREAMS

due to its inability to representcontravarianttyp e parameters and the intersection part of the test

SET due to the absence of intersection typ es

CLOS Common LISP Ob ject System BDG is a reexive language with all the p ower

of Common LISP reection CLOS has typ es and ob ject typ es called classes the latter b eing

a subset of the former CLOS typ es are implementation typ es they do not sp ecify anyinterface

However CLOS classes combine implementationandinterface denitions Since CLOS makes a

distinction b etween ob ject and nonob ject typ es where only ob ject typ es dene interfaces and are

sub ject to inheritance the CLOS typ e system is not completely uniform CLOS classes are ob jects

that b elong to metaclasses which are also ob jects CLOS messages metho ds and functions are also

CLOS ob jects that can b e op erated up on and changed at runtime so CLOS is fully reexiveand

dynamic Sub classing in CLOS is slot collection extension with slot typ es changed covariantly a

typ e of a slot is the intersection of the typ es sp ecied for this slot in all of the class sup erclasses

Messages called generic functions are also covariant CLOS is not statically typ ed ACLOS

message can b e dispatched to yield an appropriate metho d or a combination of metho ds according

to the class or value of all arguments multiple dispatch Metho ds are covariant on all arguments

since CLOS has multiple dispatch If more than one metho d is appropriate for the given arguments

a userdenable way of constructing the function to b e executed out of al l appropriate metho ds is

employed In the b o dy of a metho d a sp ecial function callnextmethod can b e called to invoke the

next applicable metho d This capability is analogous to the inner construct of Simula BDMN

and is much more p owerful Overall the dispatchmechanism of CLOS is the most p owerful of all

known mechanisms if the consideration is limited to classes and values CLOS can not dispatchon

typ es Up dates in CLOS are invoked on slots directly or by using an appropriate message CLOS is

not statically typ e checked therefore a runtime error is signalled if a value assigned to a slot do es

not conform to the slots typ e sp ecication Since CLOS is not statically typ ed the tests are in

general not applicable to it however CLOS would pass POINT APPLYandBROWSER tests if

its typ e discipline were enforceable

Dylan App is an imp erative programming language similar to CLOS While there are certain

dierences b etween the two they are almost identical in terms of their typ e systems Dylan has

more control over the dened classes as Dylan classes can b e sealed only sub classable by the library

where they b elong or op en primary there is only single inheritance of primary classes or free

abstract all sup erclasses of an abstract class must b e abstract or concrete There is also supp ort

for singleton typ es but not singleton classes Multiple dispatch in Dylan is also dierent from that

in CLOS in that in Dylan all arguments are equal and the metho d sp ecicity is dened by a class

precedence list Dylan also has mo dules with imp ort and exp ort lists and mo dule libraries

TM BBdB is an ob jectoriented p ersistent language with many functional features TM has

averiable typ e system based on Car However the soundness pro of seems to b e missing TMs

typ e hierarchy includes userdenable sorts atomic immutable typ es and classes Sorts and classes

have representation implementation typ es that are almost hidden inside of them Metho ds and



More precisely metho ds are covariant on those arguments that are constrained by class sp ecications

typ es are not rstclass values in TM TM metho d sp ecication uses selftype to achieve the eect

of matching Since this is the only p olymorphic mechanism in TM sp ecications are covariantand

substitutability do es not hold as functional up dates are present No metho d redenition mechanisms

are provided in TM The TM typ e system extends the typ e system of Cardelli Carwithapowerset

typ e constructor Since TM is stateless p owerset typ es are covariant TM allows enumerated as

well as predicative sets as primitive language expressions Enumerated sets in TM can only b e

homogeneous while predicative sets can b e heterogeneous up to subtyping Predicativesetsin

the presence of the recordbased typ e system of Car and the absence of up dates play a role of

emb edded queries that are highly integrated with the rest of the language TM provides several levels

of constraint sp ecication mechanisms which are also setbased and resemble relational constraint

systems TM also provides rstorder set op erations However the set op erations require sp ecial

treatment and are not messages in the usual ob jectoriented sense It is also unclear howwell dierent

typ e constraints for dierent kinds of sets interact with each other TM has mo dules that dene their

p ersistent comp onents by names and everything those ob jects refer to is also implicitly p ersistent

Thus TM provides a combination of static namebased and dynamic reachabilitybased p ersistence

completely orthogonal to the typ e Overall the TM typ e system is veriable sound supp orts

b oth interface and implementation inheritance though they are not completely indep endentof

each other is almost uniform partially expressive and provides supp ort for declarative queries

However it do es not supp ort substitutability and is nonreexive and static It would unconditionally

pass tests SORT and LISTTest SET also succeeds b ecause of builtin supp ort for set op erations

However it would not b e p ossible to construct userdened typ es with the same functionality

Most of the following languages b orrowmuch of their expressiveness from ML MTH ML is

a language with b oth functional and imp erativeavors it also has some ob jectoriented features

This can b e said ab out almost all the languages discussed b elow

Standard ML MTH is a functional language with some imp erative features It is strongly

typ ed and provides provably decidable and sound typ e checking In the ML typ e system all typ e

information is inferred by the typ e checker Addition of explicit typ e annotations and declarations

is considered in OL Standard ML also providesavery sophisticated mo dule system where

eachmodulestructure has its typ e signature However MLs structures are more like abstract

implementation typ es than mo dules as they are designed to shield their internals from the rest of

the program and not to handle separate compilation or similar tasks There is no notion of subtyping

in Standard ML except for signature matching which can b e considered as restricted structural

subtyping for abstract interface typ es Highly parametric typ es are supp orted in Standard ML

They can arbitrarily include typ e variables and can b e userdened Thus the typ e system of

Standard ML is uniform For interface typ es signatures there are also functions that map signatures

to signatures functors Function typ es in ML can also b e p olymorphic Polymorphism in Standard

ML function typ es is expressed via typ e expressions that have to b e patternmatched For example

the typ e of the identity function in Standard ML is a a where a is a typ e variable This kind

of p olymorphism is uniform in that it allows userdened parametric typ es Standard ML b eing in

essence functional allows up dates on socalled ref typ es These typ es are reference typ es somewhat

similar to p ointer typ es in C or C ref typ es have a restricted parametricity as an argument

of a ref typ e must always b e a monotyp e eg see discussion in Wri Typ es are not ob jects

in Standard ML even though they can b e op erated up on by functions similar to those that op erate

on ordinary values Overall the typ e system of Standard ML is theoretically sound very expressive

and uniform while lacking inheritance and b eing only partially reexive This typ e system would

tentatively pass tests PERSONandSORT GENSORTand APPLY for the test SORT use of

mo dules rather than typ es is required

Another language from this family is Machiavelli OBBT BO which is a p ersistent language

that extends ML by adding more p olymorphism as well as query and view supp ort Machiavelli has

averiable and provably sound typ e system It adds record inclusion p olymorphism to ML by

using typ e variables of the form a that corresp ond to an arbitrary record extension Thus

Machiavelli allows more p olymorphic typ es than ML Machiavelli is also able to automatically



Provided that the notion of subtyping is substituted by the notion of co de reuse

maintain more sophisticated even noncovariant typ e constraints on description types It is

therefore p ossible for Machiavellis typ e checker to statically infer an error in case a join of two sets

of records whose typ es do not have a greatest lower b ound is attempted Machiavellis typ e system

treats description and other typ es dierentlyThus it is not completely uniform In Machiavelli

a sp ecial set typ e constructor is intro duced and query op erations are dened for ob jects of set

typ es Machiavelli extends the typ e system of ML to b e able to deal consistently with typ e inference

of generalized relational op erations Machiavelli also provides views similar to those in relational

databases Namely a Machiavelli view is dened as a function that returns a pro jection of a given

set over some appropriate typ e Overall the typ e system of Machiavelli is veriable sound

very expressive reexive partially uniform partially dynamic and capable of supp orting views

However it lacks interface inheritance It passes the same tests as ML with the addition of the SET

test due to the sp ecial supp ort of sets by the language and the typ e system

Fib onacci AGO is a p ersistent ob jectoriented language that is a descendant of Galileo

ACOwhich is in turn based on ML It has some functional and imp erative features and p os

sesses a veriable provably sound typ e system it also has multiple inheritance and single dispatch

In Fib onacci object types are indep endent from each other in terms of subtyping however role types

form indep endent directed acyclic graph DAG subhierarchies for each object typeFor example an

ob ject of typ e PersonObject can play roles Person Employee Studentand TeachingAssistant

that is b oth Employee and Student Fib onacci roles can b e dynamically created and Fib onacci

ob jects can dynamically acquire new roles Fib onacci typ es are not ob jects in the language Metho d

arguments in Fib onacci are contravariant while their results are covariant Fib onacci supp orts a dis

tinction b etween metho ds and functions metho ds are attached to role typ es and are not Fib onacci

ob jects while functions are indep endent and are rstclass values Fib onacci also has nonob ject

and nonrole typ es such as basic typ es class typ es function typ es and asso ciation typ es These

typ es form a hierarchy indep endent ofthatofobjectandroletyp es Fib onacci denes some builtin

parametric typ es Class Sequenceand Association However it is unclear from AGOif

the user can create new parametric typ es In Fib onacci ob jects of the same ob ject typ e can have

dierent implementations These implementations are dened at the time of ob ject creation Thus

an implementation in Fib onacci is not a part of an ob ject or role typ e sp ecication Up dates in

Fib onacci are allowed on sp ecial novariant Var typ es In Fib onacci the syntax of message sends

determines the strategy of the metho d lo okup There are two strategies upwardlookup that corre

sp onds to the standard lo okup pro cedure in the presence of multiple inheritance and double lookup

that rst tries to nd an appropriate metho d in the subroles of the role it has started from Fib onacci

oers declarative query op erators on parametric Sequence typ es These are typ es of immutablese

quences that are sup ertyp es of their resp ectivemutable Class and Association typ es Thus the

query facilities of Fib onacci are also applicable to Fib onacci classes and asso ciations Fib onacci

has a reachabilitybased orthogonal p ersistence mo del Everything accessible from the toplevel

environment automatically p ersists b etween sessions Thus Fib onacci p ersistence is orthogonal to

b oth interface and implementation typ es Overall the Fib onacci typ e system is veriable prov

ably sound provides dierent inheritance for interface and implementation typ es and has inclusion

p olymorphism substitutability It is also expressive almost uniform and is capable of supp orting

query typing However it is nonreexive and static The typ e system of Fib onacci would pass the

same tests as that of Machiavelli

The language ML BMbBMa is an extension of ML with subtyping and higherorder

p olymorphic multimetho ds It has typ e inference strong static typ e checking and substitutability

MLlike typeconstructors provide parametric p olymorphismTyp e constructors in ML can b e

sp ecied as covariant novariant or contravariant The formalism used is based on the systems of

typ e constraints In this theoretical language no separation b etween interface and implementation

is provided Handling of imp erativemutable typ es is b orrowed from ML and is quite restrictive

wrt p olymorphism Another restriction placed on ML s typ e system is the requirement that all

typ es that have a subtyping relationship should have the same numb er of arguments as well as the

same variance sp ecication for them Thus this typ e system fails the test STREAMS as it requires



Description typ es are ML typ es that do not include outside of ref



It is unclear whether Machiavelli handles view up dates

asubtyping relationship to b e established b etween parametric typ es of dierentvariances Overall

the ML typ e system is expressive veriable sound and static It passes the tests PERSON

POINT SORT GENSORT APPLY and the union part of the SET test However the inability

of the system presented in BMb to deal with recursive constraints makes generalization of the

system to unrestricted subtyping of parametric typ es quite dicult

There are several other approaches to adding subtyping to ML but none of them deals with

multimetho ds Aiken and Wimmers AWLAW prop osed a system that nds a solution for

a system of subtyping constraints this system can deal with recursive constraints Pottier Pot

also prop osed a system in which recursive constraints are allowed instead of solving the constraints

his system proves their consistency likethatofML Seq also adds subtyping and userdened

typ e constructors as well as constrained typ es to an MLstyle typ e system The resulting system

app ears to b e similar to that of ML but lacks its ability to deal with multimetho ds Complexity

results related to solving subtyping systems app ear in Reh

MW prop oses a typ e system for a core subset of the purely functional language Er

lang AVWW The typ e system is similar to the one prop osed by Aiken and Wimmers AWL

AW and uses constrained typ e entailment for typ e verication The main dierence is the absence

of function typ es general unions and intersections The system is provably sound and presumably

complete Addition of function typ es to the system makes it incomplete and the pro of of sound

ness in this case is absent MW includes decidable algorithms for typ e inferencing signature

verication and constraint simplication

Castagna Ghelli and Longo CGL prop osed a variantofcalculus calculus dealing

sp ecically with multimetho ds Several imp ortant results generalized sub ject reduction Church

Rosser etc are proven It is also shown how the calculus can b e used to mo del inheritance matching

and multiple dispatch

CO presents a typ e system where a fulledged supp ort for mutable typ es is added to an

MLstyle typ e system The approachtaken by the authors separates mutable and immutable typ es

by creating a parallel language syntax In essence every functional language construct has its imp er

ative counterpart Interaction b etween mutable imp erative and immutable functional language

comp onents is restricted byasetoftyp e validity rules that restrict p olymorphism of data typ es

for the data passed b etween the two language comp onents The approach of CO app ears to b e

sound but soundness seems to b e achieved at the exp ense of language simplicityandtyp e system

transparency

Next theoretical programming languages and systems that are designed sp ecically for ob ject

oriented programming will b e reviewed

PolyTOIL BSG BSG has a veriable and sound typ e system and single subtyping Poly

TOIL identies subtyping with substitutability while providing a concept of matching subtyping

up to MyType The latter is intro duced to allow for covariant metho d sp ecication Subtyping

in PolyTOIL is structural as is matching The language allows for b oth subtyping and matching

constraints Matching is used as a mechanism of sp ecifying constraints that are weaker than sub

stitutability and is therefore useful for up datable typ es In Bru it is suggested that subtyping

should b e dropp ed altogether as matching is more intuitive and more exible In BSG there

are distinct notions of object types and class types The former are interface typ es while the latter

are implementation typ es Namely ob ject typ es sp ecify signatures typ e information for metho ds

applicable to the ob jects of this ob ject typ e while class typ es sp ecify instance variables and co de

for metho ds applicable to ob jects that b elong to the class Classes are used to create new ob jects

They are pro duced by applying functions whose arguments are values used to initialize the pro duced

ob jects as well as the argumenttyp es for parametric classes to their arguments Classes can use

inheritance with redenitions Parametric typ es in PolyTOIL are pattern functions of their param

eter typ es A notion of a function typ e is also presentinPolyTOIL However it is only used in

sp ecications and during typ echecking and is inherently dierent from either class or ob ject typ e

Overall the typ e system of PolyTOIL is veriable sound expressive almost uniform and satises

inheritance requirements However it is static and nonreexive It passes tests COMPARABLE

SORT GENSORT LISTand APPLY and fails the rest The PERSON test fails b ecause while

record subtyping allows metho d typ e redenition record extension do es not

Lo op ESTZ ESTb ESTa is a theoretical language similar to PolyTOIL There are no

explicit typ e annotations in Lo op and the typing is inferred automatically Lo op has a concept of

subclassing where one class inherits from several other classes Subtyping and sub classing in Lo op

are dierent concepts Lo op enjoys provably sound typ echecking and a state semantics given by

its translation to So op Function typ es are present in Lo op however in the absence of explicit

typ e annotations they are only used internally for typ e checking purp oses Lo op classes are mech

anisms for creating ob jects Sub classes do not necessarily corresp ond to subtyp es and class and

typ e inheritance hierarchies are dierent The typ e hierarchy in Lo op is implicit while the class

hierarchy is explicitly sp ecied by the programmer Sub classing can b e multiple and b oth metho ds

and instance variables can b e added inherited or mo died Since Lo op is a theoretical language

it do es not haveany syntactic sugar for sub classing whichmakes Lo op inheritance rather dicult

to use Up dates in Lo op are allowed for instance variables only The semantics of these up dates is

given by their translation to So op Lo op do es not have parametric typ es Subtyping in a similar

system has b een shown to b e decidable in TS The typ e system of Lo op is veriable sound

partially expressive almost uniform partially reexive static and satises the inheritance require

ments It passes the same tests as PolyTOIL The typ e checking mechanism uses constrained typ es

The system do es not attempt to nd a solution to the system of constraints it generates rather it

veries that such a system is noncontradictory The theory guarantees that in this case the system

has a solution and the program is considered to b e typ ecorrect

TL Tyco on Language MS MMS is based on the F system CMMS Car From

F it b orrows constrained b ounded parametric typ es and typ e op erators as well as p olymorphic

functions and partial typ e inference It is also uniform in its treatment of functions including

higherorder ones and atomic values In addition to these features TL has mutable typ es mo dules

and typecase statement Even though TL is designed on the basis of a formal system F its

typ e system features have not b een mathematically proven Thus the questions of soundness and

decidability remain op en for the TL typ e system TL is an orthogonally p ersistent programming

language Since TL is not an ob jectoriented language the tests are not applicable to it

In the To oL language GM an attempt is made to combine the notions of subtyping matching

and b ounded universal quantication The resulting language is quite p owerful in terms of supp orting

dierent kinds of relationships b etween typ es However it has signicant complexity and requires

good anticipation bytyp e sp eciers to correctly cho ose the kind of typ e relationship that is needed

before any sub classes of the class in question are created The theoretical asp ects of the language

do not seem to b e fully develop ed as neither soundness nor decidabilityoftyp e checking has b een

proven To oL supp orts single dispatch Interface and implementation subtyping termed resp ectively

as subtyping and sub classing are dierentinTooL Parametric typ es can b e sp ecied and the typ e

parameters can b e b ounded Information presented in GM is insucient to judge the uniformity

and reexivityofthetyp e system however it seems to b e static and very expressive GM also

states that To oL is a p ersistent language however nothing else is said ab out its p ersistence The

p erformance of this typ e system with resp ect to the test suite is identicaltothatofthetyp e systems

of PolyTOIL and Lo op

The language TOFL QKB is a theoretical ob jectoriented functional language It has multiple

dispatch novariant argument redenition function typ es and parametric typ es TOFL allows

subtyp e sp ecications of the form if x is a subtyp e of Eq then listxisasubtyp e of Eq for any

typ e x All parametric typ es in TOFL are covariant except for functionals whicharenovariant

in their rst argument function argument p osition This is justied since TOFL is a functional

stateless language TOFL has a veriable and provably sound typ e system The TOFL typ e

system is also quite expressive as it passes the tests PERSON POINT SORT GENSORT APPLY

and the union part of the test SET

Conclusions

In this chapter the set of requirements for a typ e system of an ob jectoriented database programming

language was formulated In order to b e able to assess expressibilityofvarious typ e systems a set

of tests was develop ed A large numb er of existing typ e systems and languages was reviewed and

assessed according to their ability to satisfy the requirements and handle the test cases

Of the languages reviewed none was found to completely satisfy the requirements laid down in

Section None of the provably sound typ e systems has passed the ma jority of the tests However

every test was passed by at least one typ e system thus showing that the necessary mechanisms have

already b een develop ed It is their consistent and theoretically sound combination that remains

elusive so far

The typ e system presented in the next chapters is the result of my attempt to pro duce sucha

combination It was a challenging task and its solution will allow us to the develop a theoretically

sound reexive uniform and dynamic p ersistent ob jectoriented programming language

Chapter

The Typ e System Design

This chapter gives an informal description of the typ e system It illustrates the main ideas b ehind

the develop ed typ e system gives examples of its use and discusses design decisions The formal

treatment of the typ e system is given in Chapter

Functionality Behaviors Functions

Implementation functions

Implementation types Classes

Structure Types

Figure Typ e system layers

The typ e system consists of three sp ecication layers Eachlayer consists of two comp onents

one deals with functionality dynamic comp onent and the other with structure static comp onent

This taxonomy is depicted in Figure

The most abstract layer consists of types abstract data and behaviors abstract functionality

This is the interface layer that has no concrete description of ob ject structure and functionality

This layer denes the ob ject interface only and is primarily used for typ echecking purp oses It is

describ ed in Section

The intermediate layer consists of classes highlevel structure and functions highlevel co de

It is this layer that denes most of the co de to b e executed when a program runs Classes are also

used for ob ject creation and extentmaintenance This layer is describ ed in Section

The lowest layer allows the programmer to use a lowlevel language to sp ecify data and func

tionality This is the layer at whichmany system primitives are dened An ordinary programmer

usually do es not need to know or care ab out the existence of this layer unless heavy optimization or

interop erability issues are involved This layer consists of implementation types and implementation

functions that will b e considered in Section

The threelayer design is useful in shielding the user from the internal complexity of the system

Namely an ordinary user p osing queries against a database would only have to b e familiar with the

outermost layer typ es and b ehaviors An application programmer needs to know ab out the second

abstraction layer functions and classes in addition to the rst one Only a database administrator

implementor and designer should op erate at all the three layers using the implementation layer for

lowlevel optimization and integration tasks The advantages of the threelayer design are describ ed

in more detail in Section

In order to supp ort typ e system evolution most of the typ echecking presented here is designed

to b e invariant with resp ect to the covariant transformations describ ed in Section One of the

consequences of this feature is the lo calization of function co de typing A change in a function co de

do es not aect the typing or validity of the program co de outside of the asso ciation that uses the

mo died function This is in contrast with MLstyle typ e inference systems where a lo cal change in

a function co de can p otentially aect the typing of the co de outside the function The dierence lies

in the presence of explicit typ e annotations of b ehavior denitions While typ e inferencing is still

p ossible in the presented system its scop e is restricted to a single asso ciation

The application of the principles and constructs describ ed in this chapter is given in Section

where an example of a basic typ e system designed for the TIGUKAT ob ject mo del Pet is dis

cussed

Typ es and b ehaviors

The notion of a type plays a central role in anytyp e system This section is devoted to typ es their

avors and the typ e sp ecication issues Sp ecial attention is given to the issues related to subtyping

and typ e safety

Typ es are intro duced in Section Then in Section the notion of subtyping is discussed

Section oers a detailed discussion of b ehavior sp ecications redenition and inheritance Sec

tions through discuss various typ e avors presentinthetyp e system Additional exibility

of constrained typ e sp ecications is discussed in Section Interaction b etween subtyping and

inheritance is considered in Section Section concludes the discussion of this layer of

the typ e system

The notion of a typ e

In the typ e system presented here type denotes a concept The concept might originate from the

real world such as p erson or student mathematics integer numb er or set computer

science output stream or character or any other domain For instance a statementisan

integer numb er can b e rephrased as has typ e T Integer In the same way it is p ossible to

sayjohn has typ e T Person meaning that John is a p erson

Each ob ject in a program has a typ e The typ e not only characterizes the conceptual prop erties

of an ob ject it also denes its programmatic interface The presented typ e system is based on a

uniform behavioral object model Pet In this mo del everything is an ob ject and the only wayto

manipulate an ob ject is via behavior applications message sends function applications Therefore

the statement that the typ e denes a programmatic interface for its ob jects is equivalent to the

statement that the typ e denes a set of b ehaviors applicable to a particular ob ject The typ e can

also dene implementations metho ds for one or more of its b ehaviors

Consider for example typ e T Person Ob jects of this typ e haveanagewhich is represented as

a natural numb er a name represented as a string and p ossibly a sp ouse another p erson The

denition of a p erson typ e will have the following format

type TPerson

age TNatural

name TString

spouse TPerson

In the rest of the dissertation typ es will b e prexed by T classes by C and implementation typ es by IT Also

a typewriter font will b e used to denote ob jects that o ccur in the program while normal font will b e used to denote

the realworld ob jects and concepts they are designed to mo del This convention will b e followed through the rest of

the dissertation unless otherwise sp ecied

Given this denition the following b ehavior application is legal provided the typ e of john is

T Person johnage It will return an ob ject of typ e T Natural

While simple this notion of a typ e has certain nontrivial implications Some of them manifest

themselves when subtyping is considered they are discussed later An implication that is immediate

is the absence of ob ject structure denition in a typ e Unlikemany other typ e systems the typ e

system discussed here totally separates ob ject interface from the ob ject structure An ob ject of typ e

T Person might b e implemented as a list of three slots holding age name and a sp ouse it might

also b e implementedasalistofve slots holding date of birth rst second and middle names and

a sp ouse Both ob jects can legally and simultaneously b elong to the typ e T Person as long as they

provide the interface dened in it The advantages of such separation as well as a more detailed

description of the mechanisms that achieve it will b e given in Section

Another implication of the notion of a typ e adopted here is the fact that a typ e is more than

just an interface In other words twotyp es can haveidentical interfaces and still b e considered un

related to each other Such an arrangement is termed as name equivalence as opp osed to structural

equivalence The structural equivalence principle states that twotyp es are equivalent and indis

tinguishable from each other if they haveidentical interfaces In order to illustrate the dierence

between the two approaches let us consider the following example

type TPerson

age TNatural

name TString

type TWine

age TNatural

name TString

Here typ es T Person and T Wine have identical interfaces Under the rules of name equivalence

these twotyp es are distinct and unrelated an attempt to bind a variable declared to b e of typ e

T Person to an ob ject of typ e T Wine will b e considered a compiletime error On the other hand

if structural equivalence rules were in force such an assignmentwould b e considered legal since

in this case b oth T Person and T Wine would b e regarded as two dierent aliases for the same

entitytheinterface The choice b etween name equivalence and structural equivalence is a design

decision Structural equivalence is more p ermissiveasitallows co de sharing b etween semantically

unrelated typ es On the other hand sometimes structural equivalence is to o p ermissive as in the

ab ove example Most of the real languages to day adopt name equivalence as the safer and more

transparent alternativeTable Name equivalence and structural equivalence are two opp osite

ends of a sp ectrum of p ossible design decisions some intermediate approaches are also p ossible An

example of suchanintermediate approach is the notion of semantical or b ehavioral equivalence

NPLW LW In this approach equivalence is dened in terms of observable b ehavior

While quite intuitive and app ealing this approach suers from a ma jor drawback the notion of

b ehavioral equivalence is undecidable in general

Subtyping

The p owerofatyp e system comes in part from its ability to adequately mo del an application

domain In the real world concepts are not indep endentofeach other For example each student

is also a p erson an integer numb er can also b e considered as a sp ecial case of a real numb er In

Person order to mo del this relationship the typ e system provides a notion of subtypingIfatyp e T

mo dels the concept of a p erson a typ e T Student mo dels the concept of a student and each

student isalsoapersonthenthetyp e T Student is called a subtype of the typ e T Person denoted

T Student T Person or type TStudent subtype of TPerson

What do es it mean for a typetobeasubtyp e of another one at a programming language level

Since every ob ject that b elongs to the rst typ e also b elongs to the second subsumption propertya

student is a p erson it is natural to assume that an ob ject of a subtyp e can b e legally used everywhere

an ob ject of its sup ertyp e can This is termed the substitutability property and considered to b e one

of the most p owerful mechanisms for co de reuse in ob jectoriented programming

In the following example a typ e T Student is dened as a subtyp e of the typ e T PersonAn

additional b ehavior studentId is dened for this typ e

type TPerson

age TNatural

name TString

spouse TPerson

type TStudent subtype of TPerson

studentId TNatural

In the presence of these declarations the behavior applications aStudentage and

aStudentstudentId are valid while aPersonstudentId is not every student isalsoaperson

but not every p erson is a student

The term subtyping is sometimes used to denote inheritanceYet there is a considerable dierence

between these two notions Inheritance is the ability to reuse prop erties of a typ e interface co de

structure or anycombination of the ab ove in another typ e Inheritance do es not imply subtyping

but subtyping implies interface inheritance An inheriting typ e mayormay not b e a subtyp e

of the typ e it inherits from Thus inheritance is more general than subtyping On the other

hand subtyping guarantees substitutability inheritance do es not This is discussed further in

Section

The subtyping relationship b etween typ es denes a partial order on the domain of typ es If

there are twotyp es T A and T B such that T A T B T B T Athen T A T B Since subtyping is

userdened the system has to verify that this condition is satised The presence of parametricity

makes suchchecking a nontrivial task as discussed further in Section

Atyp e can subtyp e several typ es multiple subtyping This feature improves the expressibility

of the typ e system and allows straightforward denitions of complicated typ e hierarchies Consider

for example the following typ e hierarchy

type TPerson

age TNatural

name TString

spouse TPerson

type TStudent subtype of TPerson

studentId TNatural

type TTeacher subtype of TPerson

coursesTaught TSetTCourse

type TTeachingAssistant subtype of TStudent TTeacher

Here a teaching assistant is b oth a student and a teacher A teaching assistant is also a p erson so

age name and sp ouse apply Being also a student there is a student id b eing a teacher there is a

set of courses taught

While the situation describ ed here is not uncommon in practice manytyp e systems do not

allowmultiple subtyping Table The ma jor reason for this restriction is the fact that multiple

subtyping incurs signicant complications for systems and languages where subtyping is coupled

with inheritance of co de and structure Multiple subtyping also makes typ e system theory and

dispatch signicantly more complicated

It is assumed that aStudent evaluates to an ob ject of typ e T Student while aPerson evaluates to an ob ject of

Person typ e T

The typ e system presented in this dissertation has multiple subtyping as it increases the mo deling

power of the system Its theoretical treatment will b e discussed in Chapter

When a typ e system is used to design an application it is often necessary to add new sup er

typ es subtyp es or b ehaviors to existing typ es It is often desirable and sometimes required to do

these mo dications without changing the original typespecications Most of to days ob jectoriented

languages allow addition of subtyp es without touching the existing co de However addition of new

b ehaviors andor sup ertyp es can not b e done without changing the original sp ecications

The presented typ e system is designed for database programming languages where the problem

of evolution is even more imp ortant then in traditional languages The ability to reuse legacy co de

while providing new typ es and b ehaviors is therefore crucial for the typ e system

The metho d that is used in the presented typ e system is based on specication combination there

can b e more then one sp ecication of a single typ e and they are all glued together automatically

during compilation The same is true of all other sp ecications used in the presented typ e system

Consider the situation when a typ e T Employee has b een dened in a universitypayroll Later

on new typ es T Student and T TeachingAssistant havetobeintro duced into the system b ecause

it is b eing expanded to handle studentpayments as well The integrated application will haveto

pro duce sets where b oth employees and students are present moreover some b ehaviors previously

dened for employees suchassalaryhave to handle students as well The following is the existing

sp ecication

type TEmployee

salary TAmount implementation

Using the sp ecication combination metho d the following co de has to b e added

type TPerson

name TString

salary TAmount

printSalary implementation nameprint salaryprint

type TEmployee subtype of TPerson

type TStudent subtype of TPerson

salary TAmount implementation

type TTeachingAssistant subtype of TStudent TEmployee

The addition of this co de to the co de ab ove will make T Person a common sup ertyp e of the old

typ e T Employee and the new typ e T Student Figure making it p ossible to op erate on sets of

p ersons for example the following co de would print salary information for all p eople in the database

provided that allStudents evaluates to the set of all students and allEmployees evaluates to the

set of all employees

TSetTPerson allPeople allStudentsunionallEmployees

allPeopleforeachprintSalary

If this mechanism was not available the common sup ertyp e T Person could not b e created Then

the co de to print all names and salaries would not b e able to use union to automatically lter out the

duplicated teaching assistants and extra co de would have to b e written to supp ort this op eration



The imp ortance of the ability to create new sup ertyp es of existing typ es has b een discussed in Holbinthe

context of interop erability T_Person

T_Employee T_Student

T_TeachingAssistant

Figure Person typ e hierarchy

Interface sp ecication and pro duct typ es

The sp ecication of the programmatic interface is the main comp onentofa typ e sp ecication In

the previous sections some examples of interface sp ecication have already b een considered In

the typ e system presented the interface consists of a set of behavior specicationsEach b ehavior

sp ecication lists b ehavior argumenttyp es and sp ecies the return typ e For example the following

sp ecies the typ e T Real and its interface that consists of six b ehavior sp ecications

type TReal

addTReal TReal

subtractTReal TReal

multiplyTReal TReal

divideTReal TReal

negate TReal

The ab ove sp ecication denes the standard arithmetic op erations

Consider the following example where the typ e T ChequingAccount is dened A customer can

dep osit or withdrawcashorcheques tofrom a chequing account and receive a transaction record

type TChequingAccount

depositTCheque TTransactionRecord

depositTCash TTransactionRecord

withdrawTCheque TTransactionRecord

withdrawTCash TTransactionRecord

Here the b ehavior deposit has two dierentinterface sp ecications Multiple interface sp ecications

are allowed as long as they dier in their argumenttyp es A distinction in return typ es only is

disallowed for example the following sp ecication is invalid

type TAccount

depositTCheque TTransactionRecord

depositTCheque

Unit In the second case the return typ e is implicitly assumed to b e a sp ecial predened typ e T

which is analogous to typ e void in C Str and JavaAG

In order to see why return typ e dierences are insucient consider the following example

type TA

beh TC

beh TD

type TC subtype of TB

type TD subtype of TB

TA a

TB b

b abeh

Since at runtime the ob ject b mayhave dynamic typ e T C or T Ditisunclearwhich b ehavior

sp ecication to use Both are legal and none is more sp ecic then the other In order to avoid this

kind of ambiguity it is required that b ehavior sp ecications b e dierent in their argumenttyp es

When a subtyp e is dened the interface sp ecication inherited from its parent can b e mo died

These mo dications should follow the return typecovariance rule in order for the newly dened typ e

to b e a subtyp e of its parent The rule states that the return typeinabehavior sp ecication for

asubtyp e should b e a subtyp e of the return typ e in the sp ecication of the same b ehavior in its

parenttyp e For example the sp ecication

type TReal

type TInteger subtype of TReal

succ TInteger

type TSmallInteger subtype of TInteger

type TPerson

age TInteger

type TChild subtype of TPerson

age TSmallInteger

is allowed while the sp ecication

type TPerson

age TInteger

type TChild subtype of TPerson

age TReal

is not In order to see why this last sp ecication is considered illegal consider the following co de

fragment

TPerson p

TInteger i

p aChild the type of aChild is TChild

i page

i isucc

Person This co de is typ ecorrect the rst assignmentistyp ecorrect since the static typ e of p is T

and the static typ e of aChild is T Child which is declared to b e a subtyp e of T Person The second



A more precise formulation of this rule will b e considered later in this section



Note that this sp ecication is equivalent to an implementation of the test PERSON from the test suite given

in Section

assignmentistyp ecorrect since the return typ e of age dened on the typ e T Person is T Integer

The third assignmentisalsotyp ecorrect as the return typ e of succ is T Integer On the other

hand at runtime the second assignment will put a real numb er of typ e T Realinto the variable

i since the b ehavior sp ecication of age on the typ e T Child has return typ e T Real The call to

succ in the third assignment will then fail with a runtime error since the b ehavior succ is not

dened on T Real

Note that no restrictions are placed on the argument typ es In other words the following deni

tion is legal

type TReal

addTReal TReal

type TInteger subtype of TReal

addTInteger TInteger

succ TInteger

While this denition seems to b e natural its legality requires some explanation

A signicantnumb er of ob jectoriented languages to dayuse single dispatchinwhich the metho d

to execute is chosen according to the typ e of the receiver Table In such languages the ab ove

sp ecication with covariant arguments would not b e typ esafe In order to see why consider the

following co de fragment

type TPoint

getX TReal

getY TReal

compareTPoint x TBoolean implementation

return xgetX getX

and xgetY getY

type TColorPoint subtype of TPoint

getColor TColor

compareTColorPoint x TBoolean implementation

return xgetX getX

and xgetY getY

and xgetColor getColor

TPoint p p

p aPoint

p aColorPoint

pcomparep

If this typ e sp ecication was considered to b e legal then the co de following it would b e typ ecorrect

ColorPoint is declared to b e a subtyp e of T Point and the assignments are typ ecorrect since T

application of compare is typ ecorrect since it compares twopoints The metho ds that implement

comparison are also typ ecorrect since they only rely on b ehaviors that are dened on their argument

typ es However at runtime the application of compare will b e dispatched to the metho d dened

ColorPoint and it will fail at for color p oints according to the typ e of the receiver whichisT

runtime since its argumentisoftyp e T Point which do es not dene the b ehavior getColor

Therefore in all typ esafe singledispatched languages covariant sp ecication of argumenttyp es is

disallowed However such sp ecication is natural and desirable In order to use covariant argument

typ e sp ecication safely multiple dispatch is required

In languages with multiple dispatch the metho d to invoke is determined according to the run

time typ es of al l arguments not just the receiver In such languages the ab ove example with p oints

and color p oints would not fail at runtime b ecause the b ehavior application in question would b e

dispatched to the metho d dened for p oints

The main idea b ehind multiple dispatch is the uniform treatment of all arguments While in

singledispatching languages the receiver has a sp ecial status multiplydispatching languages treat

all arguments as a single unied receiver This concept can b e neatly describ ed by using the notion

of a product type A pro duct typ e is a tuple of the form hT T iwhere T are simple non

n i

pro duct typ es Subtyping b etween pro duct typ es is induced by the subtyping b etween simple typ es

and is dened as

def

hT T ihQ Q i m n T Q for all i n

n m i i

Now every b ehavior can b e considered as having a single argument the tuple of all arguments

dened for it the rst b eing the original receiver Since every b ehavior is always applied to a

pro duct angle brackets are unnecessary and can usually b e omitted

It is p ossible to translate the standard ob jectoriented notation for b ehavior sp ecication and

application into the pro ducttyp e notation The pro ducttyp e notation is mainly used for theoretical

purp oses but it is also useful for the description of multiple dispatch The following co de fragment

is a pro ducttyp e translation of the p oint example ab ove

type TPoint

getXTPoint TReal

getYTPoint TReal

compareTPoint r TPoint x TBoolean implementation

return getXx getXr

and getYx getYr

type TColorPoint subtype of TPoint

getColorTColorPoint TColor

compareTColorPoint r TColorPoint x TBoolean implementation

return getXx getXr

and getYx getYr

and getColorx getColorr

TPoint p p

p aPoint

p aColorPoint

comparep p

Pro ducttyp e notation resembles a pro cedural notation however this is only a sup ercial sim

Point T Pointi ilarity Here the b ehavior compare has metho ds on two pro duct typ es hT

and hT ColorPoint T ColorPointi The runtime argumenttyp e for the b ehavior application

ColorPoint T Pointi whichisasubtyp e of hT Point T Pointi but not comparep p is hT

a subtyp e of hT ColorPoint T ColorPointi according to Equation Therefore the metho d to

execute is the one dened for p oints

Another illustrative example of pro duct typ e dispatch is the dispatchofthebehavior application

pcomparep which will b e translated to pro ducttyp e notation as comparepp Here

the runtime typ e of the argumentis hT ColorPoint T ColorPointi whichisasubtyp e of b oth

hT ColorPoint T ColorPointi and hT Point T Pointi However since the pro duct typ e



This is an implementation of the test POINT from the test suite given in Section

is a subtyp e of the pro duct typ e the metho d asso ciated with the pro duct typ e is chosen

as the more sp ecic one Thus the b ehavior application pcomparep will execute the co de

written for color p oint comparison as exp ected

Having reviewed pro duct typ e notation and dispatch we will now return to the sp ecication of

real and integer numb ers Rewritten in a pro ducttyp e notation the example sp ecication is

type TReal

addTReal TReal TReal

subtractTReal TReal TReal

multiplyTReal TReal TReal

divideTReal TReal TReal

negateTReal TReal

type TInteger subtype of TReal

addTInteger TInteger TInteger

subtractTInteger TInteger TInteger

multiplyTInteger TInteger TInteger

negateTInteger TInteger

succTInteger TInteger

Here there is no co de However in a pro duct typ e world not only the code to execute but also

the specication to use for typ echecking is chosen according to the pro duct typ e of the receiver

Consider the following co de

TInteger i i

iaddisucc

In the pro duct notation the b ehavior application ab ovewillbe succaddi i Since

the static typ e of the tuple i i is hT Integer T Integeri b oth of the sp ecications

addTReal TReal TReal and addTInteger TInteger TInteger are applicable

to it However the second one is more sp ecic than the rst and is therefore chosen for typ e

checking The result typ e of the second sp ecication is T Integer and since the b ehavior succ is

dened on this typ e the whole expression is considered to b e typ ecorrect

On the other hand the following co de will pro duce a typ echecking error

TInteger i

TReal r

iaddrsucc

In this case the call in question will translate to succaddi r and the static typ e of i r

Integer T Reali Therefore of the two sp ecications for the b ehavior add only the rst one is hT

will do the second requires that the receiver typ e b e a subtyp e of h T Integer T Integeri and the

typ e of i r is not The rst sp ecication has a return typ e T Real but the b ehavior succ is not

dened on T Real and the typ echecking rep orts an error This is the exp ected result as adding an

integer to a real yields a real numb er and the successor function is not dened on reals

The ab ove sp ecication of typ es T Integer and T Real can b e signicantly simplied by the

use of selftype which is a reference to the dening typ e that changes covariantly along the typ e

hierarchy The following is a nonpro duct sp ecication that uses selftype

type TReal

addselftype selftype



A more formal treatmentof selftype will b e given in Section

subtractselftype selftype

multiplyselftype selftype

divideselftype TReal

negate selftype

type TInteger subtype of TReal

succ TInteger

Note that the result typ e of the b ehavior divide is sp ecied as T Real not as selftype Ifitwas

sp ecied a selftype the inherited denition in T Integer would b e

type TInteger subtype of TReal

divideselftype selftype

which means that an integer divided byaninteger is always an integer which is not the case

Therefore the result typ e of divide has not b een changed to selftype

Usage of selftype in argumenttyp es is known to b e statically typ eunsafe in languages with

single dispatch Casa BG Howeveritissoconvenient that some language designers chose to

drop static typ e safetyinfavor of it eg Eiel Mey while others chose to drop substitutability

eg LOOM BFP However in a multiplydispatching language covariant sp ecication is typ e

safe so it is p ossible to have it all use of selftypetyp e safety and substitutability CasaBG

With the intro duction of pro duct typ e notation it is now p ossible to give a precise formulation

for the return typ e covariance rule discussed at the b eginning of this section The rule is as follows

for anytwo sp ecications of the same b ehavior if the pro duct receiver typ e of the rst b ehavior

sp ecication is a subtyp e of the pro duct receiver typ e of the second sp ecication then the return

typ e of the rst sp ecication should b e a subtyp e of the return typ e of the second Thus the

following is allowed

type TCash

type TSmallAmountOfCash subtype of TCash

type TTransactionRecord

type TSimplifiedTransactionRecord subtype of TTransactionRecord

type TAccount

depositTCash TTransactionRecord

depositTSmallAmountOfCash TSimplifiedTransactionRecord

This would not b e allowed if T SimplifiedTransactionRecord was not declared to b e a subtyp e of

TransactionRecord since in pro duct notation the two b ehavior sp ecications would read T

depositTAccount TCash TTransactionRecord

depositTAccount TSmallAmountOfCash TSimplifiedTransactionRecord

Account T SmallAmountOfCashihT Account T Cashi it should also b e true that Since hT

T SimplifiedTransactionRecord T TransactionRecord otherwise the rule would b e violated

In this section the interface sp ecications were discussed The problem of b ehavior redenitions

was considered and its solution was outlined The notions of multiple dispatch and product type

notation were intro duced and used to illustrate the mechanisms b ehind the b ehavior redenition

semantics adopted in the presented typ e system

Behavior typ es

Before the intro duction of the ob jectoriented programming paradigm data types were considered

as ob ject structure denitions This p oint of view is present in pro cedural programming languages

suchasPascal JW as well as in database programming where the set of data structure de

nitions for a database is called its schema As the ob jectoriented programming paradigm gained

p opularity the fo cus of data ob ject sp ecications has b een slowly shifting from ob ject structure

to ob ject functionality In the ob jectoriented programming mo del the functionality is the ma jor

characteristic while the ob ject structure plays a secondary role

An ob ject structure sp ecication describ es the logical interpretation of the physical storage the

ob ject o ccupies On the other hand sp ecication of ob ject functionality fo cuses on the things one

can do with a particular ob ject ie the set of actions b ehaviors messages functions that can b e

p erformed applied on a particular ob ject

A unit of structure sp ecication is therefore a eld denition A eld denition describ es b oth the

amountofphysical memory allo cated for a eld and its logical treatment At the same time a unit

of functionality sp ecication is an action b ehavior message Here the action declaration b ehavior

sp ecication can b e viewed as b eing parallel to the logical eld typ e abstract interpretation while

the action denition metho d function co de can b e considered parallel to the physical layout of a

particular eld concrete interpretation Thus the relationship b etween an action declaration and

an action denition is parallel to the relationship b etween eld typ e and its physical layout

It is therefore natural to consider the b ehavior sp ecication as a typ e of the b ehavior for which

such a sp ecication is given In other words when a b ehavior b is sp ecied as b eing applicable to a

certain typ e T tsuch sp ecication contains information ab out b oth the typ e T t and the b ehavior

b Note that the parallel b etween actions and elds go es even further the simplest p ossible concrete

interpretation of elds binary bits is capable of representing any information via binary numb ers

while the simplest p ossible concrete interpretation of actions terms is capable of representing

any computation via calculus Tur

When b ehavior sp ecications are considered as typ es b ehaviors themselves b ecome ob jects

Such an arrangement leads to a truly uniform mo del in which all entities including actions are

ob jects This allows one to extend the notions of subtyping and substitutability to b ehavior typ es

aT rwhere T a is an argument and b ehaviors The standard notation for b ehavior typ es is T

typ e while T r is the result typeofabehavior For example the typ e T RealT Real is the typ e of

functions that pro duce a real result when applied to a real numb er In the example syntax adopted

here the same b ehavior typ e can also b e written as TRealTReal which is parallel to the

syntax of b ehavior sp ecications

Consider the following sp ecication

type TReal

negate TReal

const TReal r

which is equivalentto

type TReal

negateTReal TReal

const TReal r

in pro ducttyp e notation This can b e considered as an abbreviation for

type TReal

const TRealTReal negate

const TReal r

that denes twotyp ed constants negate of typ e TRealTReal and r of typ e T Real This last

sp ecication is in turn equivalentto

type TReal

const TReal TReal negate

const TReal r

Behavior typ es are not atomic they are comp osed from other typ es using the b ehavior typ e

constructor or equivalently much the same way as pro duct typ es are comp osed of other

typ es using the typ e constructor hi Therefore it is relevant to dene the subtyping rules for

the b ehavior typ es based on the subtyping relationship b etween their comp onents The general

subtyping rule for b ehavior typ es is as follows

def

A R A R A A R R

Note that the relationship b etween argumenttyp es is reversed In order to see why this is the case

consider the following example

type TReal

truncate TInteger

type TInteger subtype of TReal

succ TInteger

TRealTInteger rifunc

TIntegerTInteger iifunc

iifunc truncate

iifunc

rifunc succ Compiletime type error

rifunc

Here twovariables rifunc and iifunc are dened The rst one is declared to b e of

typ e T RealT Integer while the second one is dened to b e of typ e T IntegerT Integer

Constants b ehaviors truncate and succ are dened to b e of typ es T RealT Integer and

IntegerT Integer resp ectively The rst assignment in the ab ove co de is statically typ e T

correct since

RealT Integer T IntegerT Integer typ e of iifunc typ e of truncate T

according to the Equation The subsequent application of the b ehavior stored in the variable

iifunc to the integer constant is also statically typ ecorrect since the argumenttyp e of iifunc

is declared to b e T Integer When this b ehavior application is executed truncate is applied to an

integer This is typ ecorrect b ecause truncate is declared to op erate on any real numb er and an

integer is a real

On the other hand the assignmentofsucc to the variable rifunc is not statically typ ecorrect

since it is not true that

typ e of succ T IntegerT Integer T RealT Integer typ e of rifunc

If this assignmentwas allowed the subsequent application of rifunc to the real number would

fail at runtime as the b ehavior succ is not designed to work on real numb ers

So far a single b ehavior sp ecication was used in the examples to sp ecify a typ e of a b ehavior

However a b ehavior can have several sp ecications Section In this case the typ e of a

b ehavior is dened as the greatest lower bound glb of the typ es given by these sp ecications

Consider the following sp ecication



This fact is usually formulated as follows The typ e constructor is contravariant in its rst p osition

type TReal

addTReal TReal

type TInteger subtype of TReal

addTInteger TInteger

or in pro duct typ e notation with b ehavior typ es

type TReal

const TReal TRealTReal add

type TInteger subtype of TReal

const TInteger TIntegerTInteger add

The two sp ecications of the b ehavior constant add are combined and the resulting sp ecication is

type TReal

type TInteger subtype of TReal

const glbTReal TRealTReal TInteger TIntegerTInteger add

Thus the resulting typ e of add is

glbh T Real T RealiT Real hT Integer T IntegeriT Integer

This expression can b e understo o d as follows the b ehavior add pro duces a real result when applied

to a pair of real numb ers and an integer result when applied to a pair of integer numb ers A

b ehavior application add pro duces an integer result while b ehavior applications add

add and add pro duce real results This is so b ecause only the pro ducttyp e

of the argument of the rst b ehavior application is a subtyp e of h T IntegerT Integeri while all

RealT Reali four of the pro ducttyp es of the arguments of these applications are subtyp es of hT

Therefore the results of all four applications are known to b e subtyp es of T Real while the result

of the rst b ehavior application is additionally known to b e a subtyp e of T Integer

Consider the following piece of co de provided that the ab ove sp ecication of the b ehavior add

is in eect

TReal TRealTReal rrfunc

TInteger TIntegerTInteger iifunc

rrfunc add

rrfunc

iifunc add

iifunc

When the assignmentofthebehavior constant add to the variables rrfunc and iifunc is typ e

checked the combined typ e of the b ehavior add is taken into account Therefore b oth assignments

typ echeck

RR hT Real T RealiT Real and T II hT Integer T IntegeriT IntegerThen Let T

typ e of add glb T RR T II T RR typ e of rrfunc

RR T II T II typ e of iifunc typ e of add glb T

Note that in the absence of greatest lower b ounds the ab ovecodewould not typ echeck if the typ e

T RR was assigned to the b ehavior add then the assignment iifunc add would not typ echeck

on the other hand using the typ e T II for the typ e of add would not allowustotyp echeck the

assignment rrfunc add Only the combination of these twotyp es in the form of the greatest

lower b ound enables successful typ echecking of b oth assignments

In this section the notion of a behavior type has b een intro duced Prop erties of b ehavior typ es and

their usage were discussed and the principle of combining b ehavior typ es from dierent sp ecications

using the greatest lower b ound was considered All these notions will b e given a formal treatment

in Chapter

Mutable typ es

The ability to dene any computation in the applicative functional stateless paradigm has led to

the developmentofanumb er of programming languages These languages share several imp ortant

prop erties strict and rigorously dened semantics simplicity of the main programming paradigm

and wellestablished theoretical mechanisms for reasoning ab out programs On the other hand the

biggest disadvantage of these languages from a practical p ersp ective is exactly the same feature that

makes them so attractive from the theoretical viewp oint the inability to deal with state

While there are certain applications that can b e programmed without using the concept of state

most realworld applications rely on the ability of a program to store and retrieve data This is

esp ecially true of database applications as database data have a life span b eyond the execution time

of a program Therefore if a program is unable to deal with state change the data in a database

can never b e up dated

The abilityofa typ e system to deal with mutable data is essential for database programming

However many languages with welldevelop ed and theoretically sound typ e systems either do not

consider mutable data at all or severely restrict their use Section

The ML language MTH is a representative example of the languages in the last categoryItis

based on the functional programming paradigm but provides some imp erative features in the form

of its referencetypeconstructor refHowever due to the problems related to typing of imp erative

features in a functional environment the use of the referencecel ls in ML is much more restricted

than the use of all other typ e constructors An excellent review of this problem is given in App

In imp erative ob jectoriented programming languages the concept of state is usually captured

bytwo separate but related notions the notion of an attribute and the notion of a variableAn

attribute is a slot inside an ob ject that is capable of holding an ob ject or an ob ject reference of

a particular typ e An ob ject can b e put into an attribute assignedtoit or extracted from it A

variable is similar to an attribute in its ability to hold an ob ject On the other hand while an

attribute is a part of an ob ject a variable is not

Here only the issues related to typing of b ehaviors that are used to access or set attributes will

b e discussed The discussion of the other asp ects of state suchastyping of lo cal variables denition

of ob ject structure using a set of attributes and its relationship to the b ehavioral interface et cetera

app ears in Section

In the prop osed typ e system setting an attribute or a variable is an ordinary b ehavior

application The assignment syntax aPersonage is considered as an abbreviation for

aPersonsetage which is in turn an abbreviation for setageaPerson The attribute

sp ecication in this system b elongs to a class not a typethetyp e only sp ecies the interface for

getting and setting the attributes This corresp onds to the absence of public instance variables

The advantages of this approach will b e discussed later in Section Here a familiar notation for

sp ecifying an attribute interface as a part of a typ e will b e intro duced and the typing implications

of this mechanism will b e discussed

The following sp ecication

type TPerson

age TNatural

name TString

sp ecies a typ e T Person that has two assignable attributes a name and an age Note here the

sign that is used to separate the b ehavior arguments from its result typ e It is a combination

of the sign used to sp ecify the return typ e for immutablebehaviors and the sign used for

assignment The sp ecication age TNatural is also p ossible it means that a p ersons age

can not b e read but it can b e assigned to

The ab ove sp ecication makes the following b ehavior applications legal

TPerson p

page pageadd

pname John

The typ e sp ecication for T Person given ab ove is equivalentto

type TPerson

ageTPerson TNatural

setageTPerson TNatural

nameTPerson TString

setnameTPerson TString

and the b ehavior applications are translated into

TPerson p

setagep addagep

setnamep John

Thus the standard pro ducttyp e typing rules describ ed in Section apply to assignmentaswell

A more complicated example of userdened assignment is the denition of the b ehavior at that

is capable of getting the nth element of a list It is also p ossible to assign to an element as in the

following co de

type TMutableList

atTNatural TObject

TMutableList mlist

mlistatprint

mlistat object

The translation of this co de fragmentis

type TMutableList

atTMutableList TNatural TObject

setatTMutableList TNatural TObject

TMutableList mlist

printatmlist

setatmlist object

The rst b ehavior application prints the fourth elementofanarray while the second b ehavior appli

cation sets it to objectThus the treatment of assignment prop osed here allows the programmer

It is more precise to dene T MutableList as a parametric type parameterized by the typ e of its elements Such

a sp ecication will b e considered in Section

to sp ecify custom versions of the assignment op eration including the p ossibility of using additional

arguments

The standard subtyping rule for up datable attributes requires their typing to b e novariant The

following examples illustrate the reasons b ehind this requirement while the subsequent discussion

demonstrates how the attribute novariance requirements are relaxed in the prop osed typ e system

Consider the following sp ecication

type TSmallNatural subtype of TNatural

type TPerson

age TNatural

type TChild subtype of TPerson

age TSmallNatural

Twotyp es are sp ecied T Person and T Child with an up datable attribute age A p ersons age

is a natural numb er while a childs age is a small natural number a subtyp e of natural If the

attribute age was immutable such an arrangementwould b e p erfectly legal However the mutable

nature of this attribute causes a problem that manifests itself in the typing of the following co de

TPerson aPerson

TChild aChild

TNatural n

aPerson aChild

aPersonage n

The ab ovecodeistyp ecorrect However after its execution the age attribute of aChild will contain

a natural numb er rather than a small natural one whichcontradicts the sp ecication of the attribute

age Situations like the one presented in this example are the primary reason for the novariance

requirement for mutable attributes in current ob jectoriented typ e systems

On the other hand there are situations in which the novariance requirement is to o strict Con

sider the following sp ecication

type TCharacterList

substringTNatural start TNatural end TCharacterList

type TString subtype of TCharacterList

substringTNatural start TNatural end TString

translateFromFrench TString

It allows for the following co de to b e successfully typ echecked

TString string

TCharacterList list

string pteit mluot

stringsubstring ul The resulting string

will contain pteit mulot

list e t

stringsubstring list The resulting string

will contain petit mulot

stringsubstringtranslateFromFrench The result will be the

translation of petit ie small

It is assumed that numb ering of arrays and strings starts from not from

If the novariance requirementwas in force the redenition of substring in the typ e T String would

b e disallowed Then the last b ehavior application that p erforms the translation would not typ e

check as the result typ e of substring would b e considered to b e T CharacterList whichdoesnot

have b ehavior translateFromFrench dened on it

The co de ab ove is legal and do es not cause any runtime errors In order to see why the covariant

redenition in the rst example causes problems while the one in the second example do es not details

of pro ducttyp e sp ecications havetobetaken into account In the rst example the translation

will give the b ehavior set age the typ e

glbT Person T NaturalT Unit T Child T SmallNaturalT Unit

which implies that the b ehavior application setageaChildn where the typ e of aChild is

T Child andatyp e of n is T Naturalistyp ecorrect This is so b ecause the pro ducttyp e of

the argumentis hT Child T Naturaliwhichisasubtyp e of hT Person T Naturali However

which co de should b e executed when suchabehavior application is encountered Apparently the

co de that just stores n in the appropriate slot of the ob ject aChild would b e typ eincorrect On

the other hand if co de was provided that caps the natural argumenttomake it a small natural

b efore storing it into the slot the ab ovebehavior application would not cause the runtime error

In the presented typ e system such an alternative code can be provided byusingkeyword in the

asso ciation Therefore it is not the behavior specication that is incorrect rather it is the implicit

assumption that the corresp onding co de directly stores the value into the slot Such an implicit

assumption is never made in the second example b ecause it do es not resemble structure denition

as much as the rst one do es In other words it is not the typ e sp ecication that fails here it is

our intuition

Based on the ab ove discussion it is concluded that this problem can not and should not b e

dealt with at the typeandbehavior specication level but only at the code and structure denition

level If the twolevels interface and structure denitions were coupled as they are in manyof

to days programming languages the novariance constraintwould have to b e enforced However

inatyp e system that provides a clean separation b etween these two levels of abstraction like the

one presented here the novariance restriction can b e lifted at the higher level of b ehavior and typ e

sp ecication This will b e discussed further in Section

In this section mutable typ e sp ecications were discussed A p owerful userdened assignment

sp ecication mechanism was intro duced and its usage as well as its translation to pro ducttyp e

sp ecications were considered The novariance condition usually placed on mutable typ es was also

discussed it was concluded that such a restriction is unnecessary at the typ e level for a typ e system

that provides a clean separation b etween interface and structure denitions

Parametric typ es and b ehaviors sp ecication

Parametricity is one of the most p owerful mechanisms used for precise typ e sp ecication Parametric

polymorphism that is presentintyp e systems that supp ort parametricity is comparable in p ower to

inclusion polymorphism which is due to subtyping and interface inheritance

The distinction b etween the two kinds of p olymorphism is blurred in typ e systems with structural

subtyping BETAMMPN Strongtalk BG TM BBdB ML MTH and its clones On

the other hand the designers of typ esystems with userdened nonstructural subtyping usually

fo cus on only one of the two forms of p olymorphism supp orting the other one only minimallyFor

example the typ e systems of Ada Ada and Napier MMPN fo cus primarily on parametric

p olymorphism while the typ e systems of more traditional ob jectoriented languages C Str

and clones JavaAG fo cus on inclusion p olymorphismAttempts to combine the full p ower

of parametric and inclusion p olymorphisms result in loss of substitutability safety or decidable

typ echecking Java clones Transframe Sha Cecil Cha and clones The only typ e system

that combines safety substitutability decidable typ echecking expressive parametric and inclusion

p olymorphism and userdened subtyping is ML BMa However ML restricts userdened

subtypingtotyp es within the same type class a set of typ es with the same number of typ e arguments

and the same kind of subtyping relationships b etween them has a limited ability to deal with

mutable typ es like other ML clones and do es not provide separation b etween dierent sp ecication

levels interface and implementation

The typ e system presented in this dissertation is unique in that it combines all of the ab ove

prop erties The parametricityinteracts with all the comp onents of the typ e system making its

consistent design a nontrivial task Suchinteractions will b e considered in this section along with

examples showing the p otential problems stemming from these interactions

Consider the example of the sp ecication of the typ e T List

type TList

atTNatural T

catTList TList

Here at extracts the nth element from the list while cat concatenates two lists In typ e systems

that do not supp ort parametricitythetyp e T is usually sp ecied to b e T Object a sup ertyp e

of all typ es However this leads to the container problem exemplied by the following co de

type TPerson

age TNatural

TList list

TPerson person person person

list person person person

listatageprint

Here the last b ehavior application is considered to b e illegal b ecause the typ echecker only has

enough information to conclude that the result of listat will b e T Object and the b ehavior

age is not applicable to just ob jects it is only applicable to p ersons Thus in this case the ab ove

typ e sp ecication is to o restrictive

On the other hand consider the co de fragment

type TPerson

age TNatural

type TWine

age TNatural

TList aWineList

TList aPersonList

TPerson person person person

TWine wine wine wine

aPersonList person person person

aWineList wine wine wine

aPersonList aPersonListcataWineList

The last assignment will store a mix of p ersons and wines in the variable aPersonList a semanti

cally incorrect action However the typ echecker can not detect this incorrectness as its knowledge of

ListOne the typ e of the variables aPersonList and aWineList is limited to the generic list typ e T

PersonList and T WineList can attempt to make the sp ecication more strict by sp ecifying typ es T

as unrelated subtyp es of T List

type TList

atTNatural TObject

catTList TList

type TPersonList subtype of TList

atTNatural TPerson

catTPersonList TPersonList

type TWineList subtype of TList

atTNatural TWine

catTWineList TWineList

TPersonList aPersonList

TWineList aWineList

TPerson person person person

TWine wine wine wine

aPersonList person person person

aWineList wine wine wine

aPersonList aPersonListcataWineList

Then the assignment in question will b ecome typ eincorrect as the result of concatenation of a list of

p ersons and a list of wines will havetyp e T Listwhich is not a subtyp e of T PersonListHowever

this approach requires a programmer to explicitly dene list typ es for every p ossible elementtyp e

an activitywhich is b oth tedious and errorprone

In order to provide static typ e safety in a clear and concise manner the following parametric

typespecication can b e utilized

type TListX

atTNatural X

catTListX TListX

The sp ecication of the typ e T List nowhasa typeparameter X The co de in question will b e

TListTPerson aPersonList

TListTWine aWineList

TPerson person person person

TWine wine wine wine

aPersonList person person person

aWineList wine wine wine

aPersonList aPersonListcataWineList

and the last assignment will not typ echeck Coming back to the container problem example now

the co de

type TPerson

age TNatural

TListTPerson list

TPerson person person person

list person person person

listatageprint

will typ echeck as the typ echecker knows that the result typ e of listat is T Person rather than

just T Object

The numb er of parameters is not limited to one for example it is p ossible to sp ecify a dictionary

typeasfollows

type TMutableDictionaryKeyTypeValueType

atKeyType ValueType

allKeys TListKeyType

allValues TListValueType

and use it in co de like the following

TMutableDictionaryTStringTPerson mdict

TPerson p p

p mdictatJohn

mdictatPeter p

Parameters do not necessarily havetobetyp es they are only required to come from some

lattice a partiallyordered domain with lower and upp er b ounds As an example consider an array

typ e that has a numb er of elements as one of its parameters

type TArrayElementType TNatural UpperBound

atTNatural ElementType

This denes a parametric typ e T Array with two parameters The rst parameter is called

ElementType it represents the typ e of array elements The second one is called UpperBoundit

represents the numb er of elements in the array Since the second parameter is a natural number

rather than a typ e its sp ecication includes the typ e sp ecier T Natural

In this section the parametric typ e sp ecications were describ ed The next question related to

parametric typ es is related to the sp ecication of subtyping rules b etween them Is the typ e of a

list of students a subtyp e of the typ e of a list of p ersons Can a parametric typ e b e a subtyp e of a

nonparametric one or viceversa The answers to these questions are given in the next section

Parametricity and subtyping

Each parametric typ e sp ecication denes a family of parametric typ es that dier only in their

parameters Therefore the issue of subtyping parametric typ es can b e divided into two the issue

of intrafamily subtyping and that of interfamily subtyping

Intrafamily relationships

Intrafamily subtyping is a subtyping relationship b etween typ es that b elong to the same parametric

typ e family Consider an immutable list typ e sp ecied as

type TListX

atTNatural X

catTListX TListX

Let a typ e T Student be a subtyp e of T Person Then every student is also a p erson therefore a

list of students can also b e considered as a list of p ersons since each element of the former can b e

considered a p erson In general it is desirable to have a rule that sp ecies an intrafamily subtyping

relationship in terms of the relationships b etween parameter typ es the same wayitwas sp ecied

for pro duct Equation and b ehavior Equation typ es In particular for the immutable list

typ es it is desirable to have the following rule

def

ListX T ListY X Y T

Ie the immutablelisttyp es are covariant in their rst and only argument This is sp ecied as

type TListcovar X

atTNatural X

catTListX TListX

where the keyword covar is used to denote the covariance of the typ e parameter X

Consider the following co de

TListTPerson aPersonList

TListTStudent aStudentList

aPersonList aStudentListcataPersonList Ok

aStudentList aStudentListcataPersonList Type error

aStudentList aStudentListcataStudentList Ok

aPersonList aStudentListcataStudentList Ok

All these assignments are typ ecorrect except for the second one This is the exp ected result since a

mix of students and p ersons can also b e considered as a list of p ersons every student is a p erson

while it cannot b e considered a list of students not every p erson is a student On the other hand

a list of students can b e considered to b e a list of p ersons

In order to see howthetyp echecker arrives at this conclusion the b ehaviorpro duct typ e trans

lation of the ab ove sp ecication has to b e considered

type TListcovar X

const TListX TNatural X at

const TListX TListX TListX cat

Thus for a b ehavior application catl l to b e valid there should exist a typ e X such that

htyp e of l typ e of lihT ListX T ListXi

and the result of this b ehavior application will then havetyp e T ListX Since the ab ove statement

is true for all typ es X that satisfy the ab ove condition the actual result typ e T R has to b e less than

T ListX for all such X This is equivalent to the statement that

T R glb fX j X satises Equation g

Getting back to our example the rst b ehavior application aStudentListcataPersonList

or cataStudentList aPersonList in pro duct notation has argument pro ducttyp e

hT ListT Student T ListT Personi Therefore the set of typ es X that satisfy Equation

is fT Persong The ab ove is due to covariance of T List T ListT Student T ListT Person

b ecause T Student T Person The greatest lower b ound of this set is T Person and therefore

the result typ e of this b ehavior application is T ListT Personwhich can b e safely assigned

to the variable of typ e T ListT Person the rst assignment but not to the variable of typ e

T ListT Student the second assignment

On the other hand the set of typ es X that satisfy Equation for the second b ehavior appli

cation aStudentListcataStudentList will b e fT Person T Studentg its greatest lower b ound

is T Student therefore the result typ e of this b ehavior application is T ListT Student that can

safely b e assigned to a variable of typ e T ListT Person the third assignment as well as to a

variable of typ e T ListT Student the fourth assignment

The ab ove example dealt with a covariant typ e sp ecication and an immutable list typ e What

happ ens when a mutable list typ e is considered Suchatyp e can no longer b e covariant since the

resulting typ e sp ecication would b e unsound If it was allowed the following co de would typ echeck

type TPerson

type TStudent subtype of TPerson

studentId TNatural

type TMutableListcovar X

atTNatural X

TMutableListTStudent aStudentList

TPerson aPerson

aStudentListat aPerson Should be a type error

aStudentListatstudentId

This co de however will fail at runtime since the b ehavior studentId is not dened on p ersons

The following is the reason whytyp echecking of the assignment succeeds In pro ductb ehavior

typ e notation the ab ovewould read as

const TMutableListX TNatural X at

const TMutableListX TNatural X TUnit setat

TMutableListTStudent aStudentList

TPerson aPerson

setataStudentList aPerson Should be a type error

The set of typ es X such that

argumenttyp e hT MutableListT Student T Natural T Personi

hT MutableListX T Natural Xi argumen ts for which set at is dened

Persong Indeed will b e fT

hT MutableListT Student T Natural T Personi

hT MutableListT Person T Natural T Personi

according to the subtyping rule for pro duct typ es Equation and due to the covariance of list

sp ecication that gives

T MutableListT Student T MutableListT Person

This is the same situation as the one considered in Section if the co de that is written to

implement set at is just storing its argumentinto the array it is not typ ecorrect In order to b e

able to write suchcodeinatyp esafe manner the denition of the parametric typ e T MutableList

should b e novariant

type TPerson

type TStudent subtype of TPerson

studentId TNatural

type TMutableListnovar X

atTNatural X

TMutableListTStudent aStudentList

TPerson aPerson

aStudentListat aPerson Type error

aStudentListatstudentId

The parametric typ e T MutableList is now dened as novariant keyword novar which means

that none of the mutable list typ es is a subtyp e of the other no matter which relationship exists

between the typ e parameters of these list typ es

The typ echecking of this co de fails b ecause Equation that led to successful typ echecking of

the ab ovecodeincovariantmutable list sp ecication is no longer true for novariant sp ecication

Why should a mutable list typebenovariant Informally the typ e T MutableListT Student

can not b e a subtyp e of T MutableListT Person since the second one can accept into it any

p erson while the rst one can not On the other hand the typ e T MutableListT Person can

not b e a subtyp e of T MutableListT Student b ecause students b ehaviors can b e applied to an

ob ject extracted from the list of the second typ e while suchbehaviors can not b e applied to an

ob ject extracted from the list of the rst typ e

So far covariant and novariant sp ecications have b een considered The third p ossibilitya

contravariant sp ecication keyword contravar also exists The following typ e sp ecication uses

contravariance to correctly typ e output streams

type TOutputStreamcontravar X

put X

Note usage of the sp ecier in the sp ecication of b ehavior put it means that this b ehavior can

not b e accessed but only assignedtoContravariance means that

def

T OutputStreamX T OutputStreamY Y X

note the reversed direction of subtyping

Informally b oth a student and a p erson can b e put into an output stream of p ersons a student

is a p erson however only students can b e put into an output stream of students Therefore an

output stream of p ersons can do the same as an output stream of students accept students plus

more accept p ersons Thus the typ e of output streams of p ersons should b e a subtyp e of the typ e

of output streams of students

Therefore in the following co de fragment

type TPerson

type TStudent subtype of TPerson

TOutputStreamTStudent aStudentOS

TOutputStreamTPerson aPersonOS

TPerson aPerson

TStudent aStudent

aPersonOSput aPerson Ok

aPersonOSput aStudent Ok

aStudentOSput aPerson Type error

aStudentOSput aStudent Ok

all assignments are typ ecorrect except for the third one as it attempts to output a p erson to a

stream designed for students

In general readonly entities likeimmutable lists are covariant writeonly entities like output

streams are contravariant and readandwrite entities likemutable lists are novariant

Behavior typ es are examples of a parametric typ e family with twotyp e parameters The rst of

these parameters argument or input typ e is contravariant while the second one result or output

typ e is covariant Equation Thus the b ehavior typ e discussed earlier in Section can b e

sp ecied as

type contravar ArgType covar ResType

applyArgType ResType

This sp ecication allows a programmer to use the b ehavior apply to apply b ehaviors to their ar

guments This is typ esafe b ehavioral reection It also shows how higherorder b ehaviors can b e

sp ecied

Pro duct typ es considered in Section can also b e sp ecied as parametric typ es in whichall

parameters are covariant Equation

Parametric typ es are also used for lo cal variable typ e sp ecication The typ e implicitly used for

Var dened as follows lo cal variables is a novarianttyp e T

type TVarnovar X

val X

Whenever a lo cal variable denition of the form TaType aName is encountereditistrans

lated into const TVarTaType aName Every assignmenttothislocalvariable of the form

aName anExpression is translated into aNameval anExpressionEvery other access to

alocalvariable aName is translated into aNameval The result is of course sub ject to normal

pro ducttyp e pro cessing and expansion

For example the following co de

type TPerson

age TNatural

type TStudent subtype of TPerson

TPerson aPerson

TStudent aStudent

aPerson aStudent

aPersonageprint

in fully expanded form b ecomes

type TPerson

const TPerson TNatural age

type TStudent subtype of TPerson

const TVarTPerson aPerson

const TVarTStudent aStudent

setvalaPersonaStudent

printagevalaPerson

The typ echecking algorithm is therefore free from any sp ecial treatmentoflocalvariables they

are simply regarded as ob jects of one of the T Var typ es The syntactic transformations describ ed

This is an implementation of APPLY test

ab ove do not allow the variables to escap e from their scop e as there is no syntactic waytorefer

to a variable as an ob ject It is straightforward to verify that these transformations indeed give the

intended meaning to the notion and typing of lo cal variables This will b e formalized in Chapter

In this section intrafamily subtyping was considered Concepts of covariance contravariance

and novariance were discussed and examples of their use were presented It has also b een shown

that intrafamilysubtyping is sucient for denition of the fundamental typ es of the prop osed typ e

system as well as for handling of lo cal variables This prop erty demonstrates the p ower and reexive

capabilities of the presented typ e system

Interfamily relationships

Another asp ect of subtyping related to parametric typ es is interfamily subtyping It o ccurs when

a subtyping relationship is established b etween parametric typ es from dierent families

Consider the following sp ecication

type TSetcovar X

isMemberX TBoolean

unionTSetX TSetX

type TListcovar X subtype of TSetX

atTNatural X

It declares the typ e T ListX to b e a subtyp e of T SetX for every typ e XFor example the

following co de is typ ecorrect

TListTStudent aStudentList

TSetTPerson aPersonSet

aPersonSet aPersonSetunionaStudentList

The pro ducttyp e argumenttyp e of the b ehavior application ab oveisoftyp e hT SetT Person

T ListT Studenti The minimal typ e X suchthat

SetT Person T ListT Studenti hT SetX T SetXi hT

as required by the sp ecication of the b ehavior unionis X T Person since

T ListT Student T SetT Student T SetT PersonX

SetT Personwhich is assignable Therefore the result typ e of the b ehavior application ab oveisT

to a variable of the same typ e

In the ab ove example b oth typ es participating in interfamily subtyping relationship had the

same number of typ e parameters with the same variance sp ecication covar None of the ab ove

is required bythetyp e system For example all of the following sp ecications are allowed

type TSetcovar X

type TEmptySet subtype of TSetX

type TListcovar X

type TString subtype of TListTCharacter

type TUpdatableListnovar X subtype of TListX

type TInputStreamcovar X

get X

type TOutputStreamcontravar X

put X

type TIOStreamnovar X subtype of TInputStreamX TOutputStreamX

These sp ecications dene an emptysettyp e that is a common subtyp e of all set typ es a string

typ e whichisasubtyp e of the typ e of character lists and an inputoutput stream typ e whichisa

subtyp e of appropriate input and output stream typ es

Person and its subtyp e T Student is An example streams typ e hierarchy for parameter typ es T

depicted in Figure Note that this is an implementation of the test STREAMS from the test

suite given in Section

T_InputStream(T_Person) T_OutputStream(T_Student)

T_InputStream(T_Student) T_OutputStream(T_Person)

T_IOStream(T_Student) T_IOStream(T_Person)

Figure Stream typ es

Not every set of p ossibly parametric subtyp e declarations results in a valid typ e system For

example the typ e sp ecication

type TMutableListnovar X subtype of TStrange

type TStrange subtype of TMutableListTPerson

is incorrect since there exists a cycle

Strange T MutableListT Person T Strange T

In order to avoid situations like these the following restriction is enforced Let the user typegraph

G b e dened as follows for every parametric typ e family with constructor T X there is a vertex

T X in G For every subtyp e sp ecication of the form TX TY there is a directed

edge from T X to T Y in G

Rule Acyclicity The user typ e graph G is acyclic

For example the user typ e graph for the ab ovetyp e hierarchy will lo ok as follows

Strange T MutableList This graph clearly contains a cycle and therefore this typ e hierarchy T

is rejected

One of the applications of interfamily parametric typ e sp ecications is Fbounded quantication

CCH which can b e eectively used for sp ecication of binary methods Binary metho ds are

b ehaviors with two arguments with identical typ es their sp ecication has always b een a challenge

for ob jectoriented typ e systems BCC

Consider the following situation COMPARABLE test from the test suite given in Section

Number with unrelated subtyp es T Real and T Radix Assume it is necessary to sp ecify typ es T

and T Date with comparison metho ds such that comparing twonumbers or two dates b etween each

other is legal while their crosscomparison is not A standard way of dening a typ e T Comparable

do es not work b ecause it is to o p ermissive For example in the following co de

Person are considered ary constructors Simple typ es like T

type TComparable

lessselftype TBoolean

type TNumber subtype of TComparable

type TDate subtype of TComparable

TNumber n

TDate d

nlessd Should have been a type error

the b ehavior application nlessd is typ ecorrect This is the case b ecause the pro duct argument

typ e for this b ehavior application is hT Number T Datei which is a subtyp e of hT Comparable

T Comparablei that sp ecies one of the argument pro duct typ es where the b ehavior less is dened

The problem can b e solved by using Fb ounded p olymorphism CCH and parametricity The

following typ e sp ecication

type TComparablecontravarX

lessselftype TBoolean

type TNumber subtype of TComparableTNumber

type TReal subtype of TNumber

type TRadix subtype of TNumber

type TDate subtype of TComparableTDate

describ es the necessary typ e hierarchywhich is depicted in Figure

T_Comparable(T_Real) T_Comparable(T_Radix)

T_Comparable(T_Number) T_Comparable(T_Date)

T_Number T_Date

T_Real T_Radix

Figure Comparable typ es

Comparable is contravariant in its only parameter The following is the Note that the typ e T

argumentinfavor of contravariance in this case If an ob ject of a typ e T can b e compared to an

ob ject of typ e X then it can also b e compared to an ob ject of any subtyp e Y of XFor example

since a real number T T Real can b e compared to anynumber X T Number it can also b e

Radix Thus for all typ es T XandY compared to a radix number Y T

T T ComparableX Y X T T ComparableY

Lets put T T ComparableX Then

ComparableX T ComparableY X Y Y X T

which is the denition of contravariance

With the comparable typ e sp ecication given ab ove the co de

TNumber n

TReal re

TRadix ra

TDate d d

nlessre

relessra

ralessn

dlessd

will b e successfully typ echecked while the co de

TNumber n

TDate d

dlessn

will b e rejected

In this section the interactions b etween parametricity and subtyping were considered Both

intrafamily and interfamily relationships were discussed and their p ower was illustrated bya

numb er of examples It was shown that the mechanisms describ ed in this section are p owerful enough

to dene b ehavior typing variable typing and Fb ounded quantication In the next section the

extension of the return typ e covariance rule discussed in Section for the case of parametric

typ es will b e considered

Parametricityandinterface sp ecication

In the presented typ e system there are several rules that are imp osed up on the user typ e sp eci

cations One of them is the requirement of acyclicity of the user typ e graph G Section the

other is the return typ e covariance rule Section

The return typ e covariance rule was formulated only for simple nonparametric typ es A

renement of this rule for parametric typ es is required Parametric sp ecications can intro duce new

problems related to return typ e covariance as can b e seen in the following co de

type TVarnovar X

val X

type TObject

makeRef TVarselftype

type TPerson subtype of TObject

TObject object

It is assumed that the dynamic type of aPerson is TPerson

and the dynamic type of anObject is TObject

object aPerson

objectmakeRefval anObject Dynamic type error

Here b oth assignments are statically typ ecorrect However the second assignment is dynamically

incorrect since it tries to put anObject inside of a p erson reference created bythebehavior applica

tion objectmakeRef The latter creates a person reference rather than an object reference since

Person the dynamic typ e of object is T

The problem here is related to the sp ecication of the b ehavior makeRef The expanded pro duct

typ e denition of this b ehavior for typ es T Object and T Person yields

const TObject TVarTObject makeRef

const TPerson TVarTPerson makeRef

which contradicts the return typ e covariance rule The direct expansion used here is only done for

illustrative purp oses since full expansion is in most cases innite

Therefore the return typ e covariance rule has to b e reformulated to deal with parametric sp eci

cations directly The following is the desired formulation

n

Rule Return typ e covariance If fA B g are the sp eci

i n i n

i i

i

cations for a b ehavior b then

i

n

i n

i

B B A A

i n i i n i

i i

n n

i i

i j i j

n

i n

j

A A B B

i n j i n j

i n i n

j j

where A denotes a parametric typ e with parameters

n n

i i

This rule will b e further rened in Chapter Denitions and to deal with constrained

typ es

The denition of the b ehavior makeRef do es not satisfy Rule since its pro ducttyp e sp eci

cation is T Var and for T Person T Object the rst condition is violated

A T Person T Object A

B T Var T VarT Person T VarT Object T Var B

In ML MTH the typ e constructor ref is dened similarly to the denition of makeRef and

T Var ab ove in ML a typ e constructor plays a dual role it is used for b oth typ e sp ecication and

runtime ob ject creation Therefore its usage causes problems The ML solution to this problem is

to treat this typ e constructor sp ecially severely restricting its p olymorphism In the presented typ e

system no sp ecial treatment is required for anytyp e constructor and the eect of ref as a typ e

constructor is accomplished using the mutable typ es considered in Section

In this section the extension of the return typ e covariance rule for the case of parametric sp ec

ications has b een presented Several examples illustrating the necessity and use of the extended

rule have b een considered

Union and intersection typ es

One of the unique features of database programming languages is the incorp oration of query facilities

Queries are declarative sideeect free computations that are usually based on a variant of SQL

Queries require precise and adequate typing of settheoretic and applicative op erations suchas

union intersection map etc

With the help of parametric typ es it is p ossible to dene the b ehavior union on the typ e of

immutable sets T Set in suchaway that it indeed has the desired prop erties

type TSetcovar X

unionTSetX TSetX

What happ ens if a union of a set of students and a set of p ersons is attempted Such b ehavior

SetT Student T SetPersoni a pro duct application will have a pro ducttyp e argumenttyp e h T



Indeed T VarT Person is not a subtyp e of T VarT Object as T Var is novariant



In ob ject query mo dels a query may not necessarily b e sideeect free however this do es not aect query typing

typ e in the sp ecication of union is hT SetX T SetXi and the greatest lower b ound of typ es X

suchthat

hT SetT Student T SetPersonihT SetX T SetXi

Person Therefore the result typ e of the application will b e T SetT Person It is easy is X T

to show that the result typ e of an application of the b ehavior union to two sets with elementtyp es

A and B will always b e T SetlubA B precise typing for the settheoretic union op eration

The sp ecication of b ehavior map is also p ossible using parametric and b ehavior typ es

type TSetcovar X

map XY TSetY

The b ehavior map takes an argument whichisabehavior applicable to the elements of the set and

returns the set of results of applying this b ehavior elementwise to the elements of the source set

For example

type TReal

negate TReal

TSetTReal s

s

s smapnegate After the assignment s will be

Only the sp ecication of the b ehavior intersect causes problems The result typ e of this

b ehavior should b e the greatest lower b ound of the argumenttyp es b ecause the resulting set contains

only those ob jects that b elong to the two argument sets at once The presented typ e system provides

a programmer with an abilitytousetyp e op erators glb and lub explicitly in typ e sp ecications Using

these additional capabilities the immutable set typ e can b e sp ecied as follows

type TSetcovar X

unionTSetY TSetlubXY

intersectionTSetY TSetglbXY

map XY TSetY

Note that the sp ecication of union given here is equivalent to the sp ecication given ab ove How

ever it describ es the programmers intentions more explicitly and is therefore preferable

Using typ e sp eciers glb and lub together with parametric and b ehavior typ es makes it p ossible

to sp ecify settheoretic op erations with an adequate precision The mechanisms used here are not

designed just for sets they can b e used for all typ es including userdened ones This is in contrast

to the approach taken in Machiavelli BO and Fib onacci AGO where precise typing of set

theoretic op erations is also p ossible but the treatment of sets is sp ecial and the programmer can

not dene new typ es with analogous typing precision

Constrained sp ecications

The parametric typ e sp ecications considered so far were unconstrained in that anytyp e could b e

used as their parameter However sometimes a parametric typ e only makes sense for some parameter

typ es and not for all of them In order to sp ecify such conditions typeconstraints are utilized

The following is a sp ecication of a typ e T OrderedSet that requires that its elements b e com

parable with each other

type TOrderedSetcovar X

where X subtype of TComparableX

subtype of TSetX

maximals TSetX

minimals TSetX

This sp ecication requires the typ e parameter X to b e comparable It also sp ecies that ordered sets

are subtyp es of sets The b ehaviors maximals and minimals are dened to return sets of maximal

and minimal elements of the set Ordered sets are sets and therefore all op erations dened for sets

are also applicable to them

Typ e constraints can also b e used to sp ecify b ehaviors For example if the typ e of ordered sets is

intro duced just to dene b ehaviors maximals and minimals then it is p ossible to do without it and

dene the ab ove b ehaviors on sets by adding the appropriate typ e constraints to their denitions

type TSetcovar X

maximals TSetX where X subtype of TComparableX

minimals TSetX where X subtype of TComparableX

This sp ecication however do es not allow one to declare variables of ordered set typ es while the

previous one did

Constraints that can b e used for typ e or b ehavior sp ecication should not contain variables that

are not used in the rest of the sp ecication They must also b e monotonic Monotonicityhere

means that typ e constraints must b e constructed in a way that do es not violate substitutability

The following is an example of how a nonmonotonic constraint can result in a loss of typ e safety

type TEmployed

type TCEO subtype of TEmployed

type TCompany

fireX where TEmployed subtype of X X subtype of TEmployed

TCompany c

TEmployed e

TCEO ceo

e ceo Ok

cfiree Runtime error

The b ehavior fire is only applicable to employed p ersons that are not CEOs the sp ecication

says that the argumentofthisbehavior must havetyp e T EmployedandT CEO is not equal to

T Employed The code above is statically typ ecorrect e is just an employed p erson and so can

b e red but fails at runtime when an attempt is made to re ceo The reason for this failure is

nonmonotonicity of the constraint placed on the sp ecication of the b ehavior fire an employed

p erson satises it but a CEO do es not even though a CEO is an employed p erson

In order to sp ecify monotonicity requirements a new translation step b esides the pro ducttyp e

translation is intro duced The purp ose of this step is to add any constraints implicitly sp ecied for

selftype to the constraint set Every b ehavior sp ecication that has an o ccurrence of selftype is

translated as follows

All o ccurrences of selftype are replaced byafreshtyp e variable S

A constraint S subtype of T where T is a typ e where the b ehavior is dened is

added to the list of typ e constraints for that b ehavior

For every typ e T that denes a constraint that constraint is added to all b ehavior sp ecications

where typ e T T o ccurs

For example the full translation of the sp ecication of the typ e of ordered sets given ab ove

will b e

type TOrderedSetcovar X

where X subtype of TComparableX

subtype of TSetX

const TOrderedSetX TSetX

where X subtype of TComparableX maximals

const TOrderedSetX TSetX

where X subtype of TComparableX minimals

while the translation of the typ e sp ecication of real numbers typ e

type TReal

addselftype selftype

subtractselftype selftype

multiplyselftype selftype

divideselftype TReal

negate selftype

will b e

type TReal

const S S S where S subtype of TReal add

const S S S where S subtype of TReal subtract

const S S S where S subtype of TReal multiply

const S S TReal where S subtype of TReal divide

const S S where S subtype of TReal negate

Now the monotonicity requirement can b e dened It has two parts one deals with typ e sp ec

ication constraints and the other with constraints placed on b ehaviors If a set of constraints

C is placed on a typ e sp ecication of a typ e T then monotonicity requires

n n

that

C T T C

n n n n n n

OrderedSet is monotonic as Thus the constraint placed on the sp ecication of T

T Comparable T OrderedSet T OrderedSet

T Comparable T Comparable

T Comparable

due to covariance of T OrderedSet and contravariance of T Comparable

If a set of constraints C isplacedonabehavior sp ecication

n

A R

n n

then monotonicity requires that

C A A C

n n n n n n

Thus the constraint placed on the b ehavior sp ecication of maximals is monotonic the same pro of

as for the previous example while the one placed on fire is not

These monotonicity conditions will b e given a more formal treatment in Chapter

In this section constraints and constrained sp ecications were considered The monotonicity

conditions that the constraints must satisfy have b een formulated and illustrated

Subtyping and inheritance

While subtyping is a very p owerful concept sometimes it is to o restrictive There are cases when

it is necessary to reuse an interface without creating a subtyp e An example of such situation is

demonstrated by the LIST test from Section where a single linked list no de typ e and a double

linked list no de typ e havetobespecied

The straightforward approach to this problem

type TLinkedListNode

getNext selftype

attachselftype

type TDoubleLinkedListNode subtype of TLinkedListNode

getPrev selftype

attachLeftselftype

is unsatisfactory b ecause it allows no des of dierenttyp es to b e mixed in a single list This is so b e

cause T DoubleLinkedListNode is sp ecied as a subtyp e of T LinkedListNode and can therefore b e

used everywhere a linked list no de can b e used including a single linked list If a programmer do es

not wanttoallow this b ehavior the ab ove sp ecication will not do In this case Fb ounded p oly

morphism CCH can b e used This solution is analogous to the solution of the COMPARABLE

problem presented in Section

type TLinkedListNodeInterfacenovar X

getNext X

attachX

type TLinkedListNode subtype of TLinkedListNodeInterfaceTLinkedListNode

type TDoubleLinkedListNode

subtype of TLinkedListNodeInterfaceTDoubleLinkedListNode

getPrev TDoubleLinkedListNode

attachLeftTDoubleLinkedListNode

This solution is typ ecorrect and gives the intended typ e semantics to b oth no de typ es However it

is not nearly as elegant as the solution based on matching BFP Another way of representing this

situation will b e given in Section where class extension rather than subtyping will b e utilized

Conclusions

In this section the typ e and b ehavior sp ecications were describ ed The use of subtyping pro duct

typ es b ehavior typ es parametric typ es and constrained typ es was illustrated and discussed Sev

eral transformation techniques used to translate the userdened sp ecications into a more basic

primitive notation were intro duced Examples considered in this section show that the presented

typ e system is capable of typing all tests from Section without sacricing substitutability static

typ e safety and decidable typ echecking as will b e shown in Chapter

Typ e and b ehavior sp ecications form the most abstract layer of the prop osed typ e system

since they deal only with interfaces ignoring ob ject structure the co de implementing b ehaviors

and underlying physical memory layout The middle layer of the presented typ e system consists of

classes that describ e ob ject structure and functions that implement b ehaviors This layer will b e

considered in the next section



Except for the BROWSER test that will b e discussed in the next section

Classes and functions

Interfaces play an imp ortant role in ob jectoriented programming Yet an interface sp ecication is

insucient for programming since b oth ob ject structure and co de implementing the interfaces for a

particular structure has to b e sp ecied b efore a program can b e successfully translated compiled or

interpreted The intermediate layer of abstraction which consists of classes structure and function

co de sp ecications is designed for this purp ose

In this section classes and functions will b e describ ed Issues related to dispatch will also b e

discussed Connections b etween the intermediate layer of abstraction and the higher interface

layer such as corresp ondence b etween classes and typ es b ehaviors and functions and typ echecking

issues will also b e elab orated

Classes

While typ es denote concepts at a very abstract level classes give a more concrete structural view of

ob jects used in a program Every ob ject b elongs to a class as no material ob ject can exist without

a structure A typ e may b e implemented by a single class or by several dierent classes or it may

not b e implemented at all an abstract type Classes sp ecify ob ject structure at an intermediate

level they are not as abstract as typ es yet they are abstract enough not to sp ecify a particular

physical memory layout for the ob jects that b elong to the class The following is an example class

sp ecication

type TPerson

age TNatural

name TString

class CPerson implements TPerson

TNatural age

TString name

age implementation age

name implementation name

The class C Person implements the typ e T Personthebehavior age is implemented by the attribute

age and the b ehavior name is implemented by the attribute name This implementation of the

typ e T Person is rather trivial while the next example shows a nontrivial implementation of the

same typ e

class CPersonNames implements TPerson

TNatural age

TString firstName

TString secondName

TString middleName

age implementation age

name TString implementation fun

return firstName middleName secondName

name TString implementation funarg

firstName argcolumnSeparatedBySpaces

middleName argcolumnSeparatedBySpaces

secondName argcolumnSeparatedBySpaces



The notation attr will b e used for attributes to distinguish them from b ehaviors

Here a p erson is implemented by a class with four attributes The rst one corresp onds to a p ersons

age while the other three represent dierentcomponents of a p ersons name Therefore the b ehavior

name can no longer b e implemented as a simple attribute access instead it is implemented as a pair

of anonymous functions whose b o dies are written in curly braces Two functions are necessary

b ecause the b ehavior name was sp ecied as assignable token One function is used to access

the name and the other is used to set it

It is p erfectly legal for a program to have b oth C Person and C PersonNames implementing the

same typ e T Person Ob jects of b oth classes can exist simultaneously in the program Only the

programmer of the p erson classes needs to know ab out them Users only need to see the typ e For

example the following co de

TPerson person

personname John A Smith

personageprint

personnameprint

will work for ob jects of b oth p erson classes Moreover it will also work for any class that implements

the typ e T Person

The ability of the co de ab ovetowork correctly for all p ossible implementations of T Person is a

consequence of using just types and not classes for variable and argumenttyp e sp ecications Since

the co de never refers to an actual ob ject structure class only the interface sp ecied byatyp e is

used for typ echecking Successfully typ echecked co de therefore relies on interface only and do es not

need to b e changed if the ob ject structure changes

This prop ertyisvery imp ortant for co de reuse in evolving systems such as database applications

where the legacy co de constitutes a signicant p ortion of overall application co de When data

structure evolves the legacy co de is still valid and do es not havetoberewritten

The only place where classes are implicitly used for argument sp ecication is the co de of functions

written for a particular class The functions implementing b ehaviors in a class need to access

attributes of that class Therefore the implicit rst argument of those functions the receiver is

implicitly typ ed by the enclosing class For the purp oses of typ echecking a class translates to a

sp ecial kind of typ e while an attribute translates into a pair of b ehaviors one for getting and the

other for setting the value of the attribute b eing translated

For example the sp ecication of the class C PersonNames given ab ove will b e translated into

type TPerson

age TNatural

setageTNatural

name TString

setnameTString

type CPersonNames subtype of TPerson

translation of the attribute age

age TNatural implementation fun systemdefined code

setageTNatural implementation funarg systemdefined code

translation of the attribute firstName

firstName TString implementation fun systemdefined code

setfirstNameTString implementation funarg systemdefined code

translation of the attribute secondName

secondName TString implementation fun systemdefined code

setsecondNameTString implementation funarg systemdefined code

translation of the attribute middleName

middleName TString implementation fun systemdefined code

setmiddleNameTString implementation funarg systemdefined code

age implementation fun return age

setageTNatural implementation funx age x

name implementation fun

return firstName middleName secondName

setnameTNatural implementation funarg

firstName argcolumnSeparatedBySpaces

middleName argcolumnSeparatedBySpaces

secondName argcolumnSeparatedBySpaces

after class and assignment expansion The implementation clauses are the association specications

they sp ecify the co de function that is asso ciated to a particular b ehavior on arguments of a

particular typ e Functions asso ciations and issues related to their consistency will b e discussed in

Section

In the ab ove example it has b een shown how the class sp ecications can b e translated into

typ e sp ecications for typ e checking purp oses It also shows that classes C PersonNamesare

translated into subtyp es of the typ es they implementT Person so an ob ject of such a class can

b e used everywhere its typ e is required

While a typ e can b e implemented by several classes a class always implements a single typ e A

family of parametric typ es can b e implemented by a family of parametric classes For example the

following sp ecies the family of classes C SetX that implements the family of parametric typ es

SetX T

type TSetcovar X

isElementX TBoolean

unionTSetX TSetX

class CSetX implements TSetX

const TListX list

The set is implemented as a list Since sets are immutable the attribute list was sp ecied as

constant sp ecier constthus disallowing assignment to the attribute This sp ecication allows for

list is sp ecied to haveatype T ListX and will thus work extensive reuse since the attribute

with any p ossible implementation of a list

The parametric class sp ecication is not as elab orate as the parametric typ e sp ecication as

each class has to corresp ond to a single typ e Thus the following class sp ecication is illegal

class CSet implements TSetX

Set corresp ond to al l typ es T SetX The ab ove restriction is imp ortant since since it would make C

classes are resp onsible for object creation If a class could corresp ond to several typ es the typ e of

an ob ject created via that class would b e ambiguous

Another way of parameterizing a class is by explicit use of selftypeFor example the following

is a sp ecication of a linked list no de class

type TLinkedListNode

getNext selftype

attachselftype

class CLinkedListNode implements TLinkedListNode

selftype next

getNext selftype implementation next

attachselftype implementation

The resulting class C LinkedListNode has a mutable attribute next that is typ ed by selftype

The reason for the use of selftype instead of plain T LinkedListNode will b e apparent when the

notions of subclassing and class extension are intro duced in the next section

Sub classing and class extension

Just as subtyping is used to achieve inclusion p olymorphism when typ es are concerned subclassing

can b e used to achieve the same eect for classes Sub classing as well as subtyping implies substi

tutability and the sub classing semantics is the semantics of subtyping given by the translation of

classes to typ es intro duced in the previous section For example the following is a sp ecication of

the class C Student as a sub class of C Person

type TPerson

age TNatural

name TString

class CPerson implements TPerson

TNatural age

TString name

age implementation age

name implementation name

type TStudent subtype of TPerson

studentId TNatural

class CStudent subclass of CPerson implements TStudent

TNatural studentId

studentId implementation studentId

The class C Student has the same attributes as the p erson class C Person as well as the additional

attribute studentId In this case the typ e T Student whichisasubtyp e of T Person is imple

mented by a sub class C Student of the class C Person This relationship is neither necessary nor

required For example the following sp ecies unrelated classes for the same twotyp es

type TPerson

age TNatural

name TString

class CPerson implements TPerson

TNatural age

TString name

age implementation age

name implementation name

type TStudent subtype of TPerson

studentId TNatural

class CStudentNames implements TStudent

TNatural age

TString firstName

TString secondName

TString middleName

TNatural studentId

age implementation age

name TNatural implementation fun

return firstName middleName secondName

name TNatural implementation funarg

firstName argcolumnSeparatedBySpaces

middleName argcolumnSeparatedBySpaces

secondName argcolumnSeparatedBySpaces

studentId implementation studentId

Thus subtyping do es not imply sub classing but sub classing do es imply subtyping

This denition of sub classing is parallel to the denition of subtyping Traditionallyhowever

the term subclassing denotes the notion of class extensioninwhich only the structure is inherited

and no subtyping or substitutability is required In the presented typ e system class extension is a

mechanism for such structure reuse It do es not imply substitutabilityorsubtyping The need for a

relationship that is weaker than subtyping stems from the fact that mutable attributes are novariant

Section For example the following sp ecication is incorrect

type TPerson

age TNatural

name TString

class CPerson implements TPerson

TNatural age

TString name

type TChild

age TSmallNatural

name TString

favoriteToys TSetTToy

class CChild subclass of CPerson implements TChild

TSmallNatural age

TSetTToy ftoys

since the class C Child redenes mutable attribute age and therefore can not b e used everywhere

the class C Person is used

However the following sp ecication is allowed

type TPerson

age TNatural

name TString

class CPerson implements TPerson

TNatural age

TString name

type TChild

age TSmallNatural

name TString

favoriteToys TSetTToy

class CChild extends CPerson implements TChild

TSmallNatural age

TSetTToy ftoys

In this sp ecication the class C Child extends the class C Person rather than subclasses it Therefore

it is p ossible to redene the attribute age while inheriting the attribute name with no mo dication

In the presented typ e system class extension is understo o d as textual rewriting of the class with

automatic substitution of explicit and implicit o ccurrences of selftype in the style of PS The

denitions given in the extending class override the denitions of the class b eing extended just like

the denition of the attribute age in the ab ove example A class can extend several classes and

the conicts have to b e explicitly resolved by the programmer Since class extension do es not imply

subtyping the co de inherited from the class b eing extended needs to b e retyp echecked in the context

of the extending class

The following is the example of usage of class extension along with the selftype mechanism

type TLinkedListNode

getNext selftype

attachselftype

class CLinkedListNode implements TLinkedListNode

selftype next

getNext selftype implementation next

attachselftype implementation

type TDoubleLinkedListNode

getNext selftype

getPrev selftype

attachselftype

attachLeftselftype

class CDoubleLinkedListNode

extends CLinkedListNode

implements TDoubleLinkedListNode

selftype prev

getPrev implementation prev

attachLeftselftype implementation

DoubleLinkedListNode is not a subtyp e of T LinkedListNode and the Even though the typ e T

class C DoubleLinkedListNode is not a sub class of C LinkedListNode it is still p ossible to reuse

the co de and sp ecication of the former in the sp ecication of the latter The programmer do es

not need to rewrite the co de if a subtyp e can not b e pro duced since class extension can b e used

to avoid co de duplication the implementations of b ehaviors attach and next and the attribute

next are inherited from C LinkedNodeType Note that this is another solution of the LIST test

Section whichisinmanyways more elegant and concise than the one given in Section

Class extension need not b e parallel to subtyping in fact they can legally go in opp osite direc

tions Consider the sp ecication of circles and ellipses A circle isa ellipse and therefore its typ e

should b e a subtyp e of that of an ellipse From the structural p ointofviewhowever a circle can

b e represented bycenter and radius ma jor axis while for an ellipse center ma jor axis and minor

axis are needed Therefore the structure of an ellipse is an extension of the structure of a circle



We assume that the ma jor axis is always parallel to Xaxis Otherwise an additional attribute would b e required

This situation is extremely dicult to mo del in most of the to days typ e systems and languages

Yet it can b e elegantly represented in the typ e system describ ed here

type TEllipse

center TPoint

majorAxis TLength

minorAxis TLength

type TCircle subtype of TEllipse

class CCircle implements TCircle

TPoint center

TLength majorAxis

center implementation center

majorAxis implementation majorAxis

minorAxis implementation majorAxis

class CEllipse extends CCircle implements TEllipse

TLength minorAxis

minorAxis implementation minorAxis

Note how the same attribute majorAxis is used in the class C Circle to implement b oth majorAxis

and minorAxis b ehaviors and how the implementation of minorAxis is overridden in C Ellipse to

refer to the new attribute minorAxis instead This sp ecication allows circles to b e used everywhere

ellipses can b e used yet it allows the structure of circles to b e reused for ellipses

In this section b oth sub classing and class extension have b een describ ed Their use was illus

trated byseveral examples It has also b een shown how class sp ecications are transformed into

typ e denitions for typ echecking purp oses

Ob ject creation and extent maintenance

Classes not only dene the ob ject structure they are also used to create ob jects In fact ob jects

can only b e created via classes Since classes themselves are ob jects the ob ject creation is done by

applying the creation b ehavior new to the class ob ject There are two dierences b etween ob ject

creation and regular b ehavior application First the creation b ehavior is predened and do es not

haveany arguments Second when a class is explicitly used the constructor expression can b e

used to initialize its attributes b oth mutable and immutable This is imp ortant as only construc

tor expressions can put values into immutable attributes Consider the following example where

immutable circles and ellipses are dened

type TEllipse

center TPoint

majorAxis TLength

minorAxis TLength

type TCircle subtype of TEllipse

class CCircle implements TCircle

const TPoint center

const TLength majorAxis

center implementation center

majorAxis implementation majorAxis



As a C programmer the author has encounterednumerous situations of this kind Every time either typ e

safety or co de reuse had to b e compromised

minorAxis implementation majorAxis

class CEllipse extends CCircle implements TEllipse

const TLength minorAxis

minorAxis implementation minorAxis

Then the following would create a circle with a unit radius

TCircle aCircle new CCircle

center new CPoint

majorAxis

The inability to redene b ehavior new is not nearly as serious a restriction as it seems to b e Consider

the following sp ecication of a p erson typ e and class

type TPerson

age TNatural

name TString

class CPerson implements TPerson

TNatural age

TString name

name implementation name

age implementation age

initializeTNatural initAge TString initName implementation

if initNameisEmpty or initAgeisEmpty then

raise incorrectInit

age initAge

name initName

Create a new person

TPerson aPerson new CPersoninitialize John Smith

Note that the b ehavior initialize is dened in the class C Person rather than in its typ e This

means that the b ehavior initialize can only b e legally used on ob jects whose class is statically

Person Since classes can not b e explicitly used for any sp ecication the only time known to b e C

the class is statically known is when the ob ject has just b een created as in the example ab ove

Classes are also used for extent maintenance Most of the classes maintain a collection of all their

ob jects the extent automatically The extent can b e used to query over all ob jects of a sp ecied

class The b ehavior extent is dened on classes to return a set of their ob jects It can b e used as

follows

Print all persons created so far

CPersonextentforeachprint

Not all classes allow ob ject creation or supp ort ob ject maintenance In fact there is a taxonomy

of classes Regular classes supp ort ob ject creation and maintain their extents Finite classes supp ort

extents but do not allow ob ject creation classes of characters and b o oleans are examples of nite

classes Manual classes allow ob ject creation but do not automatically supp ort their extents eg

classes of lists and sets Finally innite classes supp ort neither extent nor ob ject creation suchas

classes of real and integer numb ers T_InfiniteClass(X)

T_ManualClass(X) T_FiniteClass(X)

T_Class(X)

Figure Class typ e hierarchy

Since classes are ob jects the ab ove taxonomy can b e neatly expressed in terms of the typ e

hierarchy of classes

type TInfiniteClasscovar X

type TFiniteClasscovar X subtype of TInfiniteClassX

extent TSetX

type TManualClasscovar X subtype of TInfiniteClassX

new X

type TClasscovar X subtype of TManualClassX TFiniteClassX

When a class is sp ecied an appropriate ob ject of one of the ab ovetyp es is created The class typ e

hierarchy is depicted in Figure

Classes representanintermediate layer of structure sp ecication Their functional counterparts

at the intermediate layer are functions considered in the next section

Functions and asso ciations

Behaviors are abstract entities They describ e functionality at the highest level via signatures For

the actual computation however signatures can not b e used and therefore more concrete function

ality sp ecication has to b e provided In the presented typ e system functions play this role A

function denes functionality via a co de fragment that is executed when the function is invoked

The co de that is used in functions is comp osed of a sequence of b ehavior applications Inside

the co de lo cal variable declarations and certain control statements are allowed For the purp oses

of typ echecking only assignment return and typeif discussed later statements are of interest

The following is an example function

funx

TInteger result

result xage age

return result

This function can not b e typ echecked since it sp ecies neither its argument nor return typ e However

functions do not exist by themselves Before a function can b e used it has to b e associated with

a particular b ehavior on a set of argumenttyp es This is an example asso ciation

type TPerson

age TNatural

Except for closures discussed later

ageDifferenceTPerson x TInteger implementation

funx This line can be omitted as it can be

inferred from the behavior signature

TInteger result

result xage age

return result

This asso ciation can b e typ echecked to determine whether the function conforms to the signature

of the b ehavior it is asso ciated with The issues of typ echecking are discussed in Chapter and

its formal underpinnings in Chapter An informal overview of typ echecking and typ e system

capabilities was already given in Section therefore in this section only issues sp ecic to function

asso ciations dispatch and sp ecial statements will b e discussed

A function can also b e asso ciated with a b ehavioronaclass instead of a typ e Such a function

has access to class attributes as in the following example

type TPerson

age TNatural

name TString

class CPersonNames implements TPerson

TNatural age

TString firstName

TString secondName

TString middleName

age implementation age

name TString implementation fun

return firstName middleName secondName

name TString implementation funarg

firstName argcolumnSeparatedBySpaces

middleName argcolumnSeparatedBySpaces

secondName argcolumnSeparatedBySpaces

Here the functions that implementthetwo set and get branches of the b ehavior name are asso ciated

with these branches on the class C PersonNames

Note that the ability to asso ciate functions with b oth typ es and classes is an extension of a

standard ob jectoriented mo del For example JavaAG supp orts separation b etween typ es in

terfaces and classes However it only allows class asso ciations to b e made while providing single

sub classing This is to o restrictive for many practical purp oses Consider the sp ecication of a

printer a fax machine a copier and an allinone machine The rst three devices knowhowto

print fax or copy a do cument while the last device combines the prop erties of the three Since

the metho ds for printing copying and faxing are the same for the corresp onding devices and the

allinone machine it is desirable to reuse the functions written for the typ e of the latter The

following is the required sp ecication

type TPrinter

printTDocument implementation

type TCopier

copyTDocument implementation

type TFax

faxTDocument implementation

type TAllInOne subtype of TPrinter TCopier TFax

AllInOne inherits b oth the b ehavior sp ecications and their implemen In this example the typ e T

tations from its three parenttyp es Such an arrangementwould b e imp ossible in Java and all the

co de would have to b e rep eated twice

What do es it mean for a function to b e inherited It means that the function co de can not

only b e used in the typ e it is sp ecied on but also in subtyp es that do not override the b ehavior

asso ciation for that function The following example illustrates this p oint another example of co de

inheritance was given in Section

type TAccount

withdrawTAmount amount implementation a

type TChequingAccount subtype of TAccount

type TRRSPAccount subtype of TAccount

withdrawTAmount amount implementation b

TAccount anAccount

TChequingAccount aChequingAccount

TRRSPAccount anRRSPAccount

anAccountwithdraw

aChequingAccountwithdraw

anRRSPAccountwithdraw

A generic account allows a p erson to withdraw money and provides an implementation function a

for the b ehavior withdraw The same implementation can b e used for chequing accounts since

the withdrawal pro cedure is the same However registered retirementsavings plan accounts have

a totally dierent withdrawal pro cedure implemented by the function b Therefore the b ehavior

applications and will dispatch to function a while the b ehavior application will dispatchto

function b The same co de is used for typ es T Account and T ChequingAccount

Dispatch

The pro cess of cho osing the function to execute according to the receiver typ e is called dispatchIn

the presented typ e system multiple dispatch Section is adopted

Multiple dispatch is a complicated pro cess The description of dispatch algorithms used for

multiple dispatch is outside the scop e of this dissertation Some of the prop osed algorithms can b e

found in DCG DGC CTK CT and DAS However in a typ echecked program

dispatch should never end with a metho d not understo o d or message ambiguous error The

conditions that the sp ecications are required to meet in order to provide such an assurance are

outlined b elow

Some terminology rst The asso ciation of the form

behaviorproducttype implementation function

denes that a function function is asso ciated with the b ehavior behavior on typ es that par

ticipate in the producttypeFor example the following

compareTPoint TPoint implementation funpoint point

return pointx pointx and pointy pointy

denotes asso ciation b etween the b ehavior compare and the function given on the pro duct typ e

hT Point T Pointi In other words it is assumed that if two p oints are arguments to the b ehavior

application of compare the ab ove function should execute

A b ehavior can haveseveral asso ciations for dierent argumenttyp es In the presented system it

is required that the pro ducttyp es that participate in the asso ciations b e dierent up to parametric

typ e families In other words the following asso ciations can co exist

isEmptyTListX implementation function

isEmptyTSetX implementation function

while the following ones can not

isEmptyTListPerson implementation function

isEmptyTListString implementation function

since in the second case the argumenttyp es are from the same parametric family T List and are

not distinct enough

The reason for the ab ove restriction is the multifold increase in dispatch complexity in case the

restriction is lifted This is due to the necessity to dispatch dierently on typ es from the same

parametric family in the absence of the ab ove restriction Multimetho d dispatch itself is quite

complicated and complicating it even further do es not seem to provide any additional mo deling

power For example the ab ove situation can b e resolved in the following manner

type TSpecialPersonList subtype of TListTPerson

isEmpty TBoolean implementation function

type TSpecialStringList subtype of TListTString

isEmpty TBoolean implementation function

or by using classes

class CPersonList implements TListTPerson

isEmpty implementation function

class CStringList implements TListTPerson

isEmpty implementation function

If P is a pro duct typ e of a b ehavior argumentinabehavior application behaviorargs then

only certain asso ciations will b e relevant An asso ciation

behaviorproducttype implementation function

is called applicable to an argument product type P i P producttypeOfthetwo asso ciations

and applicable to P is called morespecic than for an argument type P i the pro duct typ e

sp ecied in the asso ciation is a subtyp e of the pro duct typ e of the b ehavior asso ciation

A b ehavior is always dispatched according to the most specic asso ciation for a given argument

pro duct typ e P Therefore the typ e system has to verify that for every typ ecorrect b ehavior

application behaviorargs for every P suchthatP static typ e of argsandalltyp es in P

are class typ es the set of the most sp ecic applicable asso ciations has exactly one element

If the set is empty it means that there are no functions that the system should execute during

b ehavior application the situation usually referred to as a message not understo o d error On

the other hand several most sp ecic elements mean that the system can not cho ose which function

to execute message ambiguous error

The requirement that all typ es in P must b e class typ es is due to the fact that ob jects can only

exist inside classes Therefore any set of arguments that app ears during dynamic execution of the

program has a typ e P such that all typ es in P are class typ es

The following example illustrates the discussion ab ove

The typ e system of ML BMa whichisinmanyways similar to the one presented here has a similar restriction

T_Shape

T_Rectangle T_Circle

T_Point

implements

C_Point

extends

C_Rectangle C_Circle

Figure Shap e typ e hierarchy

type TShape

center TPoint

intersectsTShape TBoolean

type TRectangle subtype of TShape

height TReal

width TReal

intersectsTRectangle TBoolean implementation functionRR RR

intersectsTCircle TBoolean implementation functionRC RC

class CRectangle extends CPoint implements TRectangle

type TCircle subtype of TShape

radius TReal

intersectsTCircle TBoolean implementation functionCC CC

intersectsTRectangle TBoolean implementation functionCR CR

class CCircle extends CPoint implements TCircle

type TPoint subtype of TCircle TRectangle

intersectsTPoint TBoolean implementation functionPP PP

class CPoint implements TPoint

The sp ecication denes a hierarchyofshapetyp es and implements a set of intersection functions

The typ e T Shape is an abstract typ e there is no class implementing shap es Typ es T Rectangle

Circle and T Point are concrete typ es The typ e structure for this example is depicted in T

Figure

Consider the following b ehavior application intersectsaPoint aPoint The set of ap

plicable asso ciations include the asso ciations RR CCandPPofwhich the third one is the most

sp ecic

arguments h C Point C PointihT Rectangle T Rectanglei RR

arguments hC Point C Pointi hT Circle T Circlei CC

arguments hC Point C Pointi hT Point T Pointi PP

PP hT Point T PointihT Rectangle T Rectanglei RR

PP h T Point T PointihT Circle T Circlei CC

Therefore the function functionPP will b e executed If the asso ciation PP was removed the set

of applicable asso ciations would consist of RR and CCnoneofwhich is more sp ecic than the other

and the b ehavior application would b e ambiguous

Assume that the asso ciation CR is removed Then the application intersectsaCircle

aRectanglewould not haveany applicable asso ciations even though the application is statically

typ e correct

Note however that the absence of applicable asso ciations for the argumenttyp e hT Shape

T Shapei do es not cause problems since the typ e T Shape is abstract and therefore the argument

Shape T Shapei can never b e an actual argumenttyp e for a b ehavior application typ ed h T

The algorithms for verifying the restrictions describ ed ab ove will b e intro duced in Chapter

and their formal treatment is in Chapter

In this section the dispatch pro cess and the requirements related to its consistency havebeen

discussed Next higherorder functional constructs and their typing will b e considered

Closures and typeif

Behavior application is a p owerful construct that allows a programmer to conveniently express most

of the necessary computations Sometimes however a function needs to b e intro duced for a single

computation only In such cases creation of a b ehavior and binding it to the necessary function

is to o exp ensive to b e tolerated Another more concise construct called a closure provides the

capability to construct such oneuseonly functions on the y

Consider the following sp ecication of a b ehavior map that applies the given argument b ehavior

to all elements of the receiver set and pro duces a set of answers

type TSetX

mapXY TSetY

Assume the programmer wants to use this b ehavior to pro duce a set that consists of all elements of

the receiver set of numb ers increased by The following co de is supp osed to p erform the task

TSetTNumber aSourceSet aDestSet

aDestSet aSourceSetmap

but which b ehavior should b e put in the place of The b ehavior should takea number and

pro duce that numb er increased by While it is p ossible to dene a new b ehavior for that purp ose

type TNumber

add TNumber implementation return add

aDestSet aSourceSetmapadd

such a denition is unnecessary since it is only used once

With closures the ab ove example can b e co ded as

aDestSet aSourceSetmapfunx return xadd

where the anonymous function was intro duced onthey This style of programming is common

in functional languages however it is rarely used in statically typ ed ob jectoriented programming

languages The presented typ e system not only allows the ab ove example to b e programmed it also

infers the typ e of the function from the co de of the function In the example ab ove the typ e inferred

will b e T Number T Number provided that the typ e of the b ehavior add is T Number T Number

Closures allow simplied sp ecication of functions that work the same way on ob jects of all typ es

they are applicable to What happ ens if a b ehavior that is used only once has to b ehave dierently

on dierenttyp es of arguments In this case a sp ecial construct typeif can b e utilized

Consider the following situation there is a set of p ersons and the task is to print out the names

of the p ersons in the set However if a p erson from the set happ ens to b e a student the studentid

numb er has to b e printed as well

It is p ossible to dene a new b ehavior extendedName and implement it dierently for p ersons

and students

type TSetX

foreachXTUnit

type TPerson

name TString

extendedName TString implementation

return name

type TStudent subtype of TPerson

studentId TNatural

extendedName TString implementation

return name student ID studentIdconvertToString

TSetTPerson aSet

let f funx xextendedNameprint in aSetforeachf

However this approach suers from the same drawback as the rst approach used to implement the

previous example Namelytheintro duction of a new b ehavior that is only going to b e used once is

unwarranted

Using the typeif construct the ab ove example can b e rewritten as

TSetTPerson aSet

let f funx

xnameprint

typeif x is TStudent then

studentIDprint

xstudentIdprint

in aSetforeachf

The typeif construct checks if the runtime typ e of the given expression is a subtype of the given

typ e and executes the co de given if it is The co de is typ echecked with the assumption that the

expression is of the typ e given This sp ecial b ehavior of the typeif construct with resp ect to typ e

checking is crucial for static typ e safety The example ab ovewould not typ echeck if the typ echecker

After certain simplications

did not take the given typ e T Student into account as otherwise the typ e of x would b e considered

to b e T Person and the b ehavior application xstudentId would b e considered illegal

The same construct can b e used to co de the BROWSER test from Section

TObject root

typeif root is TNumber then

rootprint

elseif root is TPerson then

rootageprint

else

Something elseprint

Note the usage of else and elseif in the ab ove example

In this section closures and the typeif constructs have b een considered Their use was illustrated

byseveral examples and the issues of their typing were discussed

This concludes the overview of the intermediate abstraction layer consisting of typ es and func

tions In the next section the lowest sp ecication layer will b e describ ed

Implementation typ es

Implementation typ es and functions representthelowest layer of the presented typ e system They

are designed to provide supp ort for interop erability and lowlevel optimizations

Implementation functions represent what is sometimes referred to as foreign or primitive func

tions ie functions that are sp ecied outside of the system Implementation types on the other

hand serve dual purp ose they provide a lowlevel structure sp ecication and they allow for a limited

form of typ echecking of the foreign function interfaces

The way implementation typ es and functions are describ ed is implementationdep endent For ex

ample if the target language is C implementation functions are C functions while implemen

tation typ es are C classes If a target language provides a notion of subtyping implementation

typ es mayhave a subtyping relationship b etween each other otherwise they are unrelated

Implementation typ es can b e used to implement the structure dened by classes For example

the following is the sp ecication of integers and reals under the assumption that the target language

is C

type TReal

addTReal TReal

infinite class CReal implements TReal

implementation type short atomic float

addCReal CReal implementation function

float addRRfloat self float arg return self arg

addCInteger CReal implementation function

float addRIfloat self int arg return self arg

type TInteger

addTInteger TInteger

infinite class CInteger implements TInteger

implementation type short atomic int

addCInteger CInteger implementation function

int addIIint self int arg return self arg

addCReal CReal implementation function

float addIRint self float arg return self arg

Note that the sp ecication ab ove requires classes rather than typ es in argument sp ecications

The reason for that is the fact that the system has to knowhow to convert ob jects into lowlevel

data and that information is only provided by classes

The system veries that all p ossible b ehavior applications can b e dispatched to an appropriate

function or implementation function In the ab ove sp ecication all four combinations had to b e

explicitly sp ecied since C can not dispatch on the data of typ e int The system also makes

sure that substitutability for sub classes is not violated in case the sub class uses an implementation

typ e that is dierent from the one used in the sup erclass

The usage of implementation typ es allows seamless integration of foreign data into the existing

system Once an implementationtyp e and a class that describ e the foreign ob jects are sp ecied those

ob jects can b e manipulated bybehaviors and functions in exactly the same manner as the ob jects

native to the system All co de previously written will work on foreign data with no mo dications

Another use of implementation typ es and functions is related to the sp ecication of socalled

primitive types Unlike other systems the system describ ed here is extensible in that new primitive

typ es can b e easily intro duced The ab ove example can b e seen as a denition of integer and real

primitivetyp es that is done by a programmer rather than by the programming language designer

The interop erability and extensibilityprovided by this system are extremely imp ortant for

database applications that tend to evolveover long p erio ds of time and incorp orate data from dif

ferent sources some of which are b eyond the database designers control Other arguments in favor

of implementation typ es and functions as wellasinfavor of the threelayer typ e system structure

in general can b e found in LOS

An ordinary user may never see or use implementationtyp es and functions This lowlevel

mechanism is provided for administrative purp oses and is not supp osed to b e used by the ordinary

users

While implementation typ es and functions are imp ortantforinterop erability their role in typ e

checking which is the ma jor topic of the presented research is marginal Implementation typ es

and functions describ ed here will not b e considered in any detail in the following chapters that are

devoted primarily to typ echecking

The next section describ es the advantages of the threelayer design and its p ossible applications

in a database system

Threelayer design Advantages and applications

The threelayer design describ ed in this chapter not only allows for a high degree of co de reuse but

also makes the system more transparent for the user by making it p ossible to use the system at

dierent abstraction layers dep ending on the users needs and level of exp ertise

An ordinary user p osing queries against the database using a query language only needs to know

ab out the highest abstraction layer that of b ehaviors and typ es A query maycontain b ehavior

applications aka path expressions and the knowledge of the typ es and b ehaviors dened in the

system is sucient for the purp ose of constructing such b ehavior applications Thus an ordinary user

is completely shielded from any implementation details suchasthelayout of the ob jects involved in

the query and the waybehaviors are implemented This has twomajoradvantages rst the user is

presented with a signicantly simplied yet consistent view of the ob ject mo del Second the user is

provided with a uniform view of ob jects and b ehaviors that is indep endent of their implementation

For example if a p ointtyp e is implemented via two dierent classes p olar and rectangular p oints

the path expression

aPointx

will pro duce the xco ordinate for b oth p olar and rectangular p oints even though the co de that is

executed in b oth cases is completely dierent

The meaning of the sp ecier short atomic is explained in Section B

An application programmer should b e given access to the second abstraction layer consisting of

functions and classes This arrangementwould make it p ossible to implement a new functionality

by writing function co de and new data structures by dening new classes Thus an application

programmer is given the opp ortunitytodevelop the system However an application programmer

is shielded from the dierences in the op erating system functionality and bitlevel data structures

that may exist b etween dierent systems as this functionalityisprovided by implementation typ es

and functions that are not visible at the second abstraction layer The co de develop ed at this

abstraction layer is therefore systemindep endent and p ortable In addition to this if a piece of

co de in an existing system is mo died eg a more ecient implementation of a particular b ehavior

is pro duced such mo dication do es not aect the validity of the user co de written at the rst

abstraction layer as the interfaces are not aected

Finally a database designer would have access to the third abstraction layer implementation

typ es and functions Using this layer involves dealing with native co de which makes it p ossible

to handle tasks involving lowlevel system access access to foreign data and intro duction of new

optimized primitivetyp es eg multimedia typ es such as audio and video It should b e noted that

any developmentdoneatthislayer do es not aect the validity of the co de written earlier by either

ordinary users or application programmers

The basic typ e system

This section describ es an application of the principles and constructs describ ed in this chapter The

basic typ e system for the TIGUKATobjectmodelPet has b een develop ed as a pro of of concept

and the basis for the development of the TIGUKAT programming language

Only ob ject typ es atomic typ es and container typ es will b e describ ed here The complete sp eci

cation of the basic TIGUKATtyp e system including reexive metaclass and metatyp e sp ecications

can b e found in App endix A

Ob ject typ es

In the presented typ e system all typ es can b e separated into three basic categories object types

function typesandproduct types The typ es from dierent categories do not haveany subtyping

relationships with each other This structure is depicted in Figure The typ es and are

purely theoretical concepts they can not b e used by the user in anyway In fact the typ e can b e

understo o d as a typ e of all typ e errors that are guaranteed not to o ccur in a successfully typ echecked

program

T_Unit Object type hierarchy Behavior type hierarchy Product type hierarchies

Figure TIGUKATtyp es

Object types are the typ es of all ob jects in the system except for functions b ehaviors and

pro ducts This is the typ e category that includes almost all user and systemdened typ es in the

system This category will b e discussed in detail later

Product types are typ es of products that are ordered tuples of values Subtyping b etween pro duct

typ es is induced by the subtyping b etween their comp onenttyp es nary pro duct typ es are dened

for all n greater than Pro duct typ es of dierent aritydonothaveany subtyping relationship

with each other Thus there are several unrelated pro duct typ e hierarchies one for each n A

sp ecial typ e T Unit plays the role of a ary pro duct it has no subtyp es or sup ertyp es It is used

primarily for sp ecifying return typ es of b ehaviors that are not supp osed to return a result nary

pro ducts are assumed to have the following denitions

type TProductNcovar X covar X covar XN

project X

project X

projectN XN

for each N greater than

Function and behavior types are dened as follows

type TFunctioncontravar A covar R

type TBehaviorcontravar A covar R subtype of TFunctionAR

These are the only functional typ es in the system

In the ob ject typ e hierarchy there are twotyp es that play a sp ecial role They are T Object and

T Null

The typ e T Object is a common sup ertyp e of all ob ject typ es It do es not dene any b ehaviors

but they can b e added to T Object by the user

The typ e T Null is a common subtype of all ob ject typ es Therefore values of typ e T Null can

b e used everywhere in the program The values of typ e T Null denote uninitialized missing or

otherwise absentnull values Thus T Null is a concrete typ e

Figure depicts the relative placementofvarious ob ject typ es in the ob ject typ e hierarchy

T_Object

Container type hierarchy Class type hierarchy Metatype hierarchy Atomic type hierarchy

T_Null

Figure TIGUKAT ob ject typ es

Even though there is no common sup ertyp e of al l typ es in the system T Object is a common

sup ertyp e of object types but not al l types the parametric nature of the typ e system allows for sp ec

ication of b ehaviors that are uniformly applicable to al l ob jects including pro ducts and b ehaviors

The following is the sp ecication of these b ehaviors

behavior OIDequalXX TBoolean Object identity equality

behavior equalXX TBoolean Equality

Shortcut operator binary

implementation funxy return xOIDequaly

notEqualXX TBoolean Inequality

Shortcut operator binary

implementation funxy return not x y

printXOutputStreamX Print to an output stream

applyXY Y Behavior application

Shortcut operator binary

Due to the fact that in the presented system the notations fab and afb are equivalentand

interchangeable the ab ove co de for equality and inequalityistyp ecorrect and b ehaves as exp ected

The following is the sp ecication of the two sp ecial ob ject typ es

type TObject

type TNull subtype of all object types

class CNull implements TNull

Atomic typ es

Atomic typ es include the standard set of real integer and natural numb ers characters and b o oleans

Numeric T PartiallyOrdered T Orderedand T Discrete abstract out several Abstract typ es T

common prop erties that are likely to b e reused for future extensions

T_PartiallyOrdered(T_Numeric) T_Boolean

T_Ordered(T_Numeric)

T_PartiallyOrdered(T_Character) T_Numeric

T_Ordered(T_Character) T_Discrete T_Real

T_Character T_Integer

T_Natural

Figure TIGUKAT atomic typ es

type TDiscrete subtype of TObject

pred selftype Return the previous element

succ selftype Return the next element

type TPartiallyOrderedcontravar X subtype of TObject

lessselftype TBoolean Antisymmetric comparison

Shortcut operator binary

greaterselftype TBoolean Antisymmetric comparison

Shortcut operator binary

implementation funx return x self

lessOrEqualselftype TBoolean Symmetric comparison

Shortcut operator binary

implementation funx return x self or x self

greaterOrEqualselftype TBoolean Symmetric comparison

Shortcut operator binary

implementation funx return x self

type TOrderedcontravar X subtype of TPartiallyOrderedX

maxselftype selftype Maximum of the two

implementation funx

return if x self then self else x endif

minselftype selftype Minimum of the two

implementation funx

return if x self then x else self endif

type TNumeric subtype of TOrderedTNumeric

abs TNumeric Absolute value

negate TNumeric Negation

Shortcut operator unary

addTNumeric TNumeric Addition

Shortcut operator binary

subtractTNumeric TNumeric Subtraction

Shortcut operator binary

multiplyTNumeric TNumeric Multiplication

Shortcut operator binary

divideTNumeric TNumeric Division

Shortcut operator binary

So far only abstract typ es have b een sp ecied Note how Fb ounded quantication CCH

Section is used in ordered typ e sp ecications to disallowunwanted crosscomparisons such

as comparisons b etween characters and numb ers The sp ecication of ordered typ es also provides a

default implementation for all b ehaviors except for less Once the implementation of that b ehavior

is provided all the other comparison b ehaviors are automatically available

type TBoolean

not TBoolean Negation

orTBoolean TBoolean Logical OR

Shortcut operator binary or

andTBoolean TBoolean Logical AND

Shortcut operator binary and

xorTBoolean TBoolean Logical XOR

Shortcut operator binary xor

ifX X X Ifexpression Shortcut

if then else endif

finite class CBoolean implements TBoolean

implementation type short atomic int

not implementation function

notint self return self

orCBoolean implementation function

andint self int x return self x

type TCharacter subtype of TDiscrete TOrderedTCharacter

ord TNatural Returns the ordinal value

finite class CASCIICharacter implements TCharacter

implementation type short atomic char

finite class CUnicodeCharacter implements TCharacter

implementation type short atomic Unichar

The ab ovetyp es are concrete All of the describ ed classes are finite since they do not allowobject

creation yet maintain their nite extents The parameterized b ehavior if dened on b o oleans

is typ ed in suchawayastoprovide the most static typ e information p ossible it is equivalent

to ifX Y lubX Y There are two separate classes implementing characters a standard

ASCI I character and a Unico de character Since these are classes rather than typesany program

written will b e able to work seamlessly with b oth typ es of characters or any mix of them

type TReal subtype of TNumeric

truncate TInteger Truncate throwing away

the fractional part

round TInteger Round to the nearest

sign TInteger Sign if positive if

negative otherwise

Refined from TNumeric

abs TReal

negate TReal

addTReal TReal

subtractTReal TReal

multiplyTReal TReal

divideTReal TReal

infinite class CReal implements TReal

implementation type short atomic float

infinite class CLongReal implements TReal

implementation type long atomic double

type TInteger subtype of TReal TDiscrete

divTInteger TInteger Integer division

Refined from TReal

abs TNatural

negate TInteger

addTInteger TInteger

subtractTInteger TInteger

multiplyTInteger TInteger

infinite class CInteger implements TInteger

implementation type short atomic int

infinite class CLongInteger implements TInteger

implementation type long atomic long int

type TNatural subtype of TInteger

modTNatural TNatural Remainder

Refined from TInteger

truncate TNatural

round TNatural

sign TNatural

divTNatural TNatural

addTNatural TNatural

multiplyTNatural TNatural

infinite class CNatural implements TNatural

implementation type short atomic unsigned

infinite class CLongNatural implements TNatural

implementation type long atomic long unsigned

The ab ove is the sp ecication of numeric typ es Eachofthetyp es is implemented byseveral classes

all classes are infinite as they have innite extents and do not allow ob ject creation Careful

redenition of binary metho ds along the typ e hierarchy allows for a very precise typing For example

the system will deduce that has the typ e T Natural while has the typ e T Real

Anytwonumerics can b e compared using comparison op erations including p ossible min and max

Numeric and therefore T OrderedT Numeric op erations since all numeric typ es are subtyp es of T

Integers are also discrete subtyp e of T Discrete and therefore the b ehaviors pred and succ can

b e applied to them

Collection typ es

The collection typ e hierarchy is represented here only partially Its full description can b e found in

App endix A The hierarchy describ ed here is depicted in Figure

type TCollectioncovar X

hasElementX TBoolean Checks if the element

is in the collection

cardinality TNatural Cardinality of the collection

pick X Pick an element

mapXY TCollectionY Apply the given function to all

elements and return the

collection of results

filterXTBoolean TCollectionX Filters the receiver

collection using the

argument function as a filter T_Collection(X)

T_Set(X) T_List(X)

all X all X X=T_Character

T_EmptySet T_Array(X) T_EmptyList T_String

Figure TIGUKAT collection typ es

sort where X subtype of TOrderedX TListX Sorts the

elements of the collection

Only applicable to

collections of ordered elements

sortXX TBoolean TListX Sorts the collection using

the supplied sorting function

type TSetcovar X subtype of TCollectionX

subsetTSetY TBoolean Is the receiver

a subset of the argument

unionTSetY TSetlubXY Set union

intersectTSetY TSetglbXY Set intersection

differenceTSetY TSetX Set difference

addElementY TSetlubXY Add an element

removeElementY TSetX Remove an element

Refined from TCollection

mapXY TSetY

filterXTBoolean TSetX

infinite class CSetX implements TSetX

const TListX list

type TEmptySet subtype of TSetX

finite class CEmptySet implements TEmptySet

type TListcovar X subtype of TCollectionX

atTNatural X Get at args position

catTListY TListlubX Y Concatenation

sliceTNatural TNatural TListX Slice from ith

to jth element

Refined from TCollection

mapXY TListY

filterXTBoolean TListX

infinite class CListX implements TListX

type TEmptyList subtype of TListX

finite class CEmptyList implements TEmptyList

type TArraynovar X subtype of TListX

atTNatural X Set at args position

sliceTNatural TNatural TListX Slice set

manual class CArrayX implements TArrayX

type TString subtype of TListTCharacter

Refined from TList

catTString TString

sliceTNatural TNatural TString

filterTCharacterTBoolean TString

infinite class CString implements TString

infinite class CUnicodeString implements TString

This sp ecication denes several immutable parameterized collection typ es and a mutable typ e

T Array The typ e of empty sets lists is a subtyp e of all set list typ es so that a single empty

set list can b e used in all set list op erations The typ e T String is dened as a subtyp e of the

character list typ e that has some additional prop erties

The settheoretic and higherorder map lter sort b ehaviors dened on collections have precise

typings This prop erty can b e used to dene a statically typ echecked version of a query language

over immutable sets

The slice assignment dened on arrays allows one to write the following co de

TArrayTNumber arr

arrslice Assign to elements and

Note that the class that implements arrays is sp ecied as manualItallows creation of new arrays

but do es not maintain the set of all arrays created so far as that would b e very exp ensive

Note also that the class of sets uses T List for implementation of sets The ability to sp ecify

relationships like this is a consequence of the separation b etween interface and implementation in

the presented typ e system

This concludes the overview of the basic TIGUKATtyp e system that was presented as an

example of the application of the presented typ e system to an ob jectoriented ob ject mo del The

resulting basic typ e system provides precise typing for many traditionally problematic areas of ob ject

oriented sp ecication covariant arguments query typing parametricity and binary metho ds Yet

the resulting system is statically typ esafe and has the substitutability prop erty

Conclusions

In this chapter an overview of the prop osed typ e system has b een presented Three layers of

sp ecication typ es and b ehaviors classes and functions implementation typ es and functions have

b een considered Their use was exemplied with a numb er of examples In the pro cess it has b een

shown that the presented typ e system can successfully deal with all the tests describ ed in Section

Finally an example application of the develop ed principles to the TIGUKAT ob ject mo del has b een

describ ed

In the next chapter the typ echecking algorithm will b e describ ed The theorems and pro ofs of

its correctness and termination will b e considered in Chapter

Chapter

The Language and Typ echecking

One of the most imp ortant constituent parts of anytyp e system is its typechecking algorithm The

typ echecking algorithm allows a translator to verify that the program conforms to the given sp ec

ications and issue an error message if it do es not A veriable typ e system has a typ echecking

algorithm that is guaranteed to terminate even if a program b eing checked contains typ e errors

On the other hand a sound typ e system has the prop erty that once a program successfully passes

through a typ echecker it is guaranteed not to pro duce anytyp e errors at runtime

The typ e system presented here is b oth veriable and sound These prop erties will b e proven in

Chapter on the basis of the typ echecking algorithm presented in this chapter

This chapter serves to describ e two imp ortant parts of the typ e system the typ echecking al

gorithm Section that works on a simplied version of the language the target language

Section and the desugaring translation pro cess Section that pro duces a program in

the target language from a given source language program

The heart of the typ echecking algorithm is the algorithm that decides entailment Section

This algorithm is languageindep endent and is part of the typ e system core

In the next section b oth source and target languages will b e considered and the translation

pro cess will b e describ ed

Syntax and translation

Since the b eginning of the computer era there has b een a gap b etween an ecient and human

readable presentation of information The rst form of information presentation is easily pro cessed

by the computers on the other hand the second form is advantageous to human b eings The use

of computers to automate the transformation b etween the two forms of information representation

has b een a cornerstone of the computer revolution

In this section the source and target Section languages will b e describ ed The source

language has a traditional syntax which is familiar to p eople who deal with pro cedural and ob ject

oriented programming The target languages syntax is less standard however it is much more

concise and signicantly more convenient to use in automatic typ echecking

Note that this chapter do es not present a complete source language design Rather it is a pro of

ofconcept design that shows how the presented typ e system can b e used to mo del various features

existing in to days programming languages

Finally in Section the pro cess of automatic translation from source to target language will

b e describ ed The translation pro cess is sometimes called desugaring since it removes syntactic

sugar from the program making it more suitable for further automatic pro cessing

The target language

The target language is a desugared simplied ob jectoriented language that will b e used for typ e

checking It consists of typ e and subtyp e denitions b ehavior declarations and function asso cia

tions Class sp ecications are translated to typ e denitions by the pro cess describ ed in Section

A program in the target language consists of typ e denitions subtyp e denitions b ehavior de

nitions asso ciations and an expression

program defs expr

defs def def

def typedef subtypedef constantdef

behaviordef association

Typ e denitions describ e typ es variance of their parameters and validity conditions They also

sp ecify whether a typ e is concrete or abstract

typedef concretespec type constraints

name typeparspecs

concretespec concrete

typeparspecs typeparspec typeparspec

typeparspec variance name

variance covar contravar novar

constraints constraint constraint

constraint type type

The following are examples of typ e sp ecications

type TNumber

concrete type TBehaviorcontravar Arg covar Result

concrete type TProductcovar X covar X

concrete type TSet covar X

concrete type X TOrderedX TOrderedSet covar X

Atyp e can b e dened only once It is illegal to havetwo denitions of the same typ e typ e

with the same name

Typ es that are used in sp ecications are dened as follows

type name types

glb types

lub types

types type type

typeproper name names

names name name

Examples of typ es are

TNumber

TBehaviorTProductTSetX TSetY TSetlubXY

TDictionaryXTDictionaryTNumberX

The shortcut typeA typeR will b e used for TFunctiontypeA typeR

functional typ es and the shortcut typetypeN will be used for

TProductNtypetypeN pro duct typ es It will also b e assumed that

type type unary pro ducts and typ es are indistinguishable

In the following presentation the concept of freetype variables will b e extensively used The

set of free typ e variables in a typ e expression is dened as a set of names in that expression

minus the set of all names dened in typ e denitions and is denoted as FTV t For example

the set of free typ e variables of the expression TSetX TSetY TSetlubXY

is fX YgAtyp e expression that has an empty set of free typ e variables will b e called a closed

Number type eg T

Subtyp e denitions dene subtyping relationships b etween typ es A subtyp e denition has the

form

subtypedef

constraints simpletype simpletype

simpletype name types

simpletypes simpletype simpletype

The requirement that only simple typ es can o ccur in subtyp e denitions is designed to protect

against userdened subtyping of upp er and lower b ound typ es It is also assumed that no

subtyp e denitions involve T Function T Behavior and T Product at the outermost level

ie that the user is not allowed to dene any additional subtyping relationships for these typ es

Syntactically valid examples of subtyp e denitions are

TReal TNumber

X TOrderedX TSetX TOrderedTSetX

Constant denitions are used to declare constants and their typ es

constantdef const type name

Examples of constant denitions are

const TClassTPerson CPerson

const TInteger nargs

A constant can b e dened only once It is illegal to havetwo denitions of the same constant

The type of a constant should b e a closed one

Behavior denitions are used to declare b ehaviors to b e used in the program They sp ecify

argument and result typ es of a b ehavior as well as validity conditions

behaviordef behaviordefproper

behaviordefproper

behavior constraints type type name

The typ e on the lefthand side of should not contain typ e op erators lub and glb Examples

of b ehavior denitions are

behavior TNumber TNumber add

behavior X TPartiallyOrderedX TSetX TSetX maximals

There can b e several denitions of the same b ehavior For example the following denitions

can app ear in the same program

behavior TNumber TNumber TNumber add

behavior TReal TReal TReal add

behavior TInteger TInteger TInteger add

behavior TNatural TNatural TNatural add

This last prop erty is the reason whybehavior and constant denitions are separated from each

other While duplicate constant denitions are disallowed duplicate b ehavior denitions are

p ossible and the system is resp onsible for checking their consistency and nding out the most

sp ecic typ e for eachbehavior

Asso ciations are used to asso ciate an expression to a b ehavior on a set of typ es The asso ciations

thus provide a link b etween a b ehavior sp ecication and its implementation

association behaviordefproper abstractionexpr

behaviordefproper primitive name

The dierence b etween asso ciations and b ehavior denitions is analogous to the dierence

between abstract and concrete typ es However the former is much more relevant to the

typ echecking than the latter The primitive asso ciations are provided as a to ol that enables the

language designer to provide the primitive lowlevel function denitions to base the language

up on These functions corresp ond to implementation functions of the source language The

conditions that the primitives must satisfy for the typ e system to b e sound are outlined in

Section

Expressions constitute the action part of a program There are several kinds of expressions

describ ed b elow

expr name

productexpr

projectionexpr

letexpr

compoundexpr

applicationexpr

abstractionexpr

Pro duct expressions are used to group several ob jects into one Pro duct expressions are

primarily used to bypass the singleargument restriction for b ehaviors and abstractions

productexpr expr expr

expr expr

A pro duct expression with a single comp onentisequivalent to that comp onent For

example a b is a binary pro duct expression while a is a unary pro duct expression

equivalentto a

Pro jection expressions are used to extract comp onents from pro duct expressions These

expressions are not primitive rather they are understo o d as a shortcut for pro jection

b ehavior applications

projectionexpr expr number

number

For example a b b while a b is illegal An expression exprnumber is

treated as projectnumberexpr where pro jection b ehaviors are dened as follows

behavior project XXn X For all n

behavior project XXn X For all n

behavior projectN XXn XN For all n N

Let expressions make it p ossible to intro duce a new name in the environment Both typ ed

and untyp ed variants are allowed if a variable is untyp ed its typ e is inferred from the

context

letexpr let type name expr in expr

type must b e a closed typ e An abbreviation with multiple bindings will b e used to

denote a sequence of nested let expressions For example

let a fx b gx in ab

is equivalentto

let a fx in let b gx in ab

Comp ound expressions are used to compute expressions in sequence discarding the results

of all but the last one

compoundexpr expr expr

For example the result of a b c is c

Abstractions are anonymous functions abstractions They construct closures that can

b e executed immediately or later on

abstractionexpr fun names

expr return expr

For example

funx return addx

is an abstraction that creates a closure that will b e able to add to its argumentand

return the result Note that there is always a single argument whichmayormaynotbe

a pro duct The keyword return is used to sp ecify the fact that something is returned

from the function If it is absent the function is presumed to implicitly return a sp ecial

Unit ob ject unit of typ e T

Applications are b ehavior and abstraction applications to a given argument They are de

noted by juxtap osition and asso ciate to the left

applicationexpr expr expr

For example fabis equivalentto f a b Note that the last expression makes use

of unary pro ducts of the form x Multiargument function and b ehavior applications

can b e similarly expressed via nary pro duct expressions adda b

In this section the target language has b een describ ed The target language is designed to b e

an intermediate language that has a form convenientfortyp echecking In the next section the

translations of various features of the source language into the target language will b e describ ed

The translation

The source language has b een informallyintro duced in Chapter This section describ es a transla

tion of the source language into the target language describ ed in the previous section

Typ e sp ecications in the source language dene typ es their subtyping relationships b ehaviors

applicable to the ob jects of these typ es and b ehaviortofunction asso ciations The following

is the description of the translation pro cess for the typ e sp ecications of the source language

whose syntax is given b elow

typedef type typedefproper

where constraints

subtype of typespeclist

behaviordeflist

typedefproper

typename typeparspec typeparspec

typeparspec covar contravar novar name

Explicit receiver Every b ehavior sp ecication for the typ e is transformed into a stand

alone b ehavior denition by adding the receiver as an explicit rst argument The added

argumentisgiven the typ e b eing dened if selftype is not used anywhere in the b e

havior sp ecication Otherwise selftype is replaced byafreshtyp e variable S and the

constraint S subtype of typebeingdefined is added to the where clause of the

b ehavior sp ecication Example

type TSetcovar X

unionselftype selftype

pick X

is transformed into

type TSetcovar X

unionSS S where S subtype of TSetX

pickTSetX X

Note how the explicit rst argumenttyping dep ends on the presence or absence of

selftype

Assignment elimination For all b ehavior denitions that use the symbol the b ehavior

denition is split into two one identical to the original but with symbol in place of

and the other with the name obtained from the original one by app ending the prex set

Unit Behavior the additional argument of the return typ e and the new return typ e T

denitions that use the symbol get transformed into the second alternative outlined

ab ove For example

ageTPerson TNatural

putTOutputStreamXX

substrTString TNatural TNatural TString

gets transformed into

ageTPerson TNatural

setageTPerson TNatural TUnit

setputTOutputStreamX X TUnit

substrTString TNatural TNatural TString

setsubstrTString TNatural TNatural TString TUnit

Subtyp e separation Eachtyp e description is split into the typ e sp ecication prop er and

zero or more subtyp e sp ecications whereclauses related to the typ e b eing dened stay

with the typ e while whereclauses related to a typ e in the appropriate subtype ofclause

are kept with the subtyp e sp ecication that is pro duced from the clause For example

type TOrderedPersonSetcovar X where X subtype of TPerson

subtype of TSetX

where X subtype of TOrderedX TSpecialSetX

gets transformed into

type TOrderedPersonSetcovar X where X subtype of TPerson

TOrderedPersonSetX subtype of TSetX

where X subtype of TOrderedX

TOrderedPersonSetX subtype of TSpecialSetX

Type they are not only used for Reexive constants Since typ es are ob jects of typ e T

sp ecication purp oses but can also b e queried at runtime Therefore for eachtyp e

sp ecication the constant declaration

const TType name

is added to the program where name is the name of the typ e b eing sp ecied For

example the typ e sp ecication

type TNumber

results in the addition of the declaration

const TType TNumber

to the program

Syntactic transformations Finally the syntax of the declarations is mo died to t the

syntax of the target language Namely

whereclauses are transformed into lists of constraints

the b ehavior sp ecications get transformed from

nameargtypes restype

into

behavior argtypes restype name

b ehaviors with implementationclauses get transformed into asso ciations

For example

type TOrderedPersonSetcovar X where X subtype of TPerson

TOrderedPersonSetX subtype of TSetX

where X subtype of TOrderedX

TOrderedPersonSetX subtype of TSpecialSetX

unionTOrderedPersonSetX

TOrderedPersonSetX TOrderedPersonSetX

addTInteger r TInteger a TInteger implementation

is transformed into

type X TPerson TOrderedPersonSetcovar X

X TOrderedX TOrderedPersonSetX TSetX

TOrderedPersonSetX TSpecialSetX

behavior TOrderedPersonSetX

TOrderedPersonSetX TOrderedPersonSetX union

association TInteger TInteger TInteger add

funr a

This concludes the description of the typ e denition translation

Class sp ecications in the source language dene classes their abstract structure elds the

class typ e innite nite manual or regular sub classing and class extension b ehaviors

dened on classes and p ossibly their lowlevel structure Syntax of the source language class

denition is given b elow

classdef classspecifier class classproper

implements typeproper

subclass of classes

extends classextlist

fielddeflist

behaviordeflist

classspecifier infinite finite manual regular

classproper classname name name

classextlist classext classext

classext classspec removing namelist

classspec classname classspec classspec

classname name selfclass

classes classproper classproper

Class extension A class extension is a mechanism for textual substitution Therefore cyclic

extension dep endencies b etween classes are not allowed If such a dep endency is detected

it is an error and the translation stops Otherwise classes form a directed acyclic graph

DAG with resp ect to the relationship extends Starting with the ro ots of the DAG

and following the graph edges in the direction opp osite to the one given bytheextends

relationship in suchaway that a no de is visited only when all its parents are visited

widthrst traversal the following op eration is p erformed A class that extends an

other class is expanded bycopying all eld and b ehavior denitions from the class b eing

extended except for the ones whose names are sp ecied in the appropriate removing

clause marking the copied denitions in the pro cess Thus inherited denitions are

marked while native ones are unmarked After the traversal is nished every class that

contains marked denitions is examined If there are identical denitions extra copies

are removed if there are conicting denitions and at least one of them is unmarked

the marked denitions are removed if there are conicting denitions and none of them

is unmarked it is an error and the translation stops The denitions are conicting if

they dene a b ehavior or eld with the same name If there are conicting unmarked

denitions for a eld it is also considered an error Finally extends clauses are removed

from all classes

As an example consider the following class sp ecications

class CCircle implements TCircle

TPoint center

TLength majorAxis

center implementation center

majorAxis implementation majorAxis

minorAxis implementation majorAxis

class CEllipse extends CCircle implements TEllipse

TLength minorAxis

minorAxis implementation minorAxis

At the rst stage it is determined that there is no cyclic dep endency and C Circle is the

ro ot of the DAG The edge from C Ellipse to C Circle is then traversed and the class

C Ellipse is extended After copying it will take the form

class CEllipse extends CCircle implements TEllipse

TPoint center

TLength majorAxis

center implementation center

majorAxis implementation majorAxis

minorAxis implementation majorAxis

TLength minorAxis

minorAxis implementation minorAxis

Then since there are two distinct denitions of the b ehavior minorAxis the marked

inherited one is discarded Finallythe extends clause is removed and the resulting

class takes the form

class CEllipse implements TEllipse

TPoint center

TLength majorAxis

center implementation center

majorAxis implementation majorAxis

TLength minorAxis

minorAxis implementation minorAxis

Note that unmarked native denitions take precedence over marked inherited deni

tions Note also that identical denitions never cause errors even if there are no native

ones additional copies are simply discarded This makes it p ossible to have diamond

shap ed extensions its b ehavior is similar to that of the mechanism of virtual classes in

C Str

Marked inherited denitions are identied by

Field elimination Field denitions in classes are translated to b ehavior denitions Before

it is done the check for sub class conformance is p erformed if sub class dep endencies

are cyclic it is an error Otherwise classes form a DAG with resp ect to the relationship

subclass of and for every class there are nitely many sup erclasses in the graph Then

for each class and each sup erclass it is veried that if a eld is dened in a sup erclass its

denition is either absent from the sub class or has the same typ e or the eld is constant

in the sup erclass and its denition in the sub class sp ecies a typ e class that is a subtyp e

sub class of the one sp ecied in the sup erclass This rule is based on the observation

that constant nonup datable elds are covariant while up datable elds are novariant

For example the following sp ecication is legal

type TSmallNatural subtype of TNatural

class CPerson

const TNatural age

class CChild subclass of CPerson

TSmallNatural age

while the one b elow is not

type TSmallNatural subtype of TNatural

class CPerson

TNatural age

class CChild subclass of CPerson

TSmallNatural age

After the checkabove has b een successfully p erformed constant eld denitions of the

form

const type name

are translated into

name type implementation funx systemdefinedcode

Each nonconstant eld denition is translated into twobehavior denitions

name type implementation funx systemdefinedcode

setnametype TUnit

implementation funxy systemdefinedcode

The implementation clauses that refer to elds are translated as follows

name implementation fieldname

is translated into

name fieldtype implementation fun return fieldname

if fieldname denotes a constant eld and into

name fieldtype implementation fun return fieldname

setnamefieldtype TUnit

implementation funx setfieldnamex

if it denotes a nonconstant eld For example the expanded sp ecication of C Ellipse

given ab ove will b e translated into

class CEllipse implements TEllipse

center TPoint implementation systemdefined

setcenterTPoint TUnit implementation systemdefined

majorAxis TLength implementation systemdefined

setmajorAxisTLength TUnit implementation systemdefined

center TPoint implementation fun return center

setcenterTPoint TUnit

implementation funx setcenterx

majorAxis TLength

implementation fun return majorAxis

setmajorAxisTLength TUnit

implementation funx setmajorAxisx

minorAxis TLength implementation systemdefined

setminorAxisTLength TUnit implementation systemdefined

minorAxis TLength

implementation fun return minorAxis

setminorAxisTLength TUnit

implementation funx setminorAxisx

Translation to typ es Up on completion of the class expansion and eld elimination dis

cussed earlier classes are translated into typ es This translation pro ceeds bychanging

the keyword selfclass into selftypechanging subclass of and implements clauses

into subtype of clauses and changing each class sp ecier into a type sp ecier Then

the standard typ e sp ecication translation is p erformed with the following changes

Instead of a type sp ecication an concrete type sp ecication is pro duced

The generation of reexiveconstants is done according to the rules b elow rather

than according to the rules sp ecied for typ e translation

Note that there are no classes in the target language only abstract and concrete typ es

Typ es in the target language that corresp ond to the classes in the source language have

names of the form C X in order to keep names consistent across the two languages This is

done to simplify typ echecking it do es not haveany eect on the semantics of the notions

of typ e and class For example the class C Ellipse dened ab ove will b e translated into

concrete type CEllipse

CEllipse TEllipse

association CEllipse TPoint center systemdefined

association CEllipse TPoint TUnit

setcenter systemdefined

At this p oint the classes have b een translated into typ es The only dierence b etween

typ es and classes remaining at this p oint is the dierence b etween concrete type and

type typ e sp eciers and b etween T X and C X names

Reexive constants Since classes as well as typ es can b e used in expressions as ob jects

this translation step adds appropriate constant denitions for every class dened in the

program There are four cases

Innite classes If a class C T implementing a typ e T T has b een sp ecied as infinite

the following constant denition is added to the program

const TInfiniteClassTT CT

An innite class do es not have an extent and can not create ob jects

Finite classes If a class C T implementing a typ e T T has b een sp ecied as finite the

translation adds

const TFiniteClassTT CT

A nite class can not create ob jects but it has an extent The typ e T FiniteClassX

denes b ehavior extentT SetX that returns a set of ob jects the extent of the

class

Manual classes Classes sp ecied as manual can create ob jects and do not maintain

extent For eachmanual class C T implementing a typ e T T the following denitions

are generated

const TManualClassTT CT

association TManualClassTT

constfieldtypeconstfieldntype CT

newCT systemdefined

where each constfieldktype is a typ e assigned in the class sp ecication to the

k th constant eld including inherited elds The b ehavior dened here creates a

new ob ject of class C TFor example the class sp ecications

manual class CPerson implements TPerson

const TNatural age

manual class CChild subclass of CPerson implements TChild

const TSetTToy favoriteToys

will eventually generate the denitions

const TManualClassTPerson CPerson

association TManualClassTPerson TNatural CPerson

newCPerson systemdefined

const TManualClassTChild CChild

association TManualClassTChild

TNatural TSetTToy CChild

newCChild systemdefined

Regular classes If a class is sp ecied as a regular class or without an explicit sp ecier

the denitions b eing generated are the same as for the manual class The only change

is in the name of the parametric typ e b eing assigned to the class constant namely

T ClassT T instead of T ManualClassT T Regular classes maintain extents and

are capable of ob ject creation therefore the typ e T ClassX is a subtyp e of b oth

T FiniteClassX and T ManualClassX The class typ e hierarchy is depicted in

Figure

Function co de translation In addition to the translation of typ e b ehavior and class sp ecica

tions the translation of function co de also has to b e p erformed Translation of all interesting

features will b e presented here translation of standard language op erators is trivial and is

therefore omitted

Return elimination If the function co de has the form

expr return expr

it is translated into

expr expr

Otherwise no explicit return it has the form hexpri and is translated into

expr unit

Unit where unit is a predened ob ject of typ e T

Op erator elimination All op erators present in the co de are translated into their equivalent

b ehavioral form with an explicit receiver For example the co de

a b c

will b e translated into

aplusbdividec

Lo cal variables Every lo cal variable declaration

type name

is transformed into

let TVartype name new CVartype in

the rest of the function code up to the closing

Also every o ccurrence of a lo cal variable name x in the simple assignment context

x expr is translated into xsetexpr while every o ccurrence outside of the

simple assignmentcontext is translated into xgetThus the co de

TInteger k l

k kaddl

will b e translated into

let TVarTInteger k new CVarTInteger in

kset kgetaddlget

Assignment elimination Simple assignments of the form

name expr

are transformed into the equivalent b ehavioral form

setnameexpr

All the other assignments have the form

exprnameargs expr

and are transformed into the equivalentbehavioral form

exprsetnameargs expr

Since all lo cal variable assignments have already b een eliminated all the simple assign

ments left are assignments to settable b ehaviors of the implicit receiver The implicit

receiver will b e made explicit later on in the translation pro cess

If there are any assignments left at this stage the program is invalid and is rejected For

example during assignment elimination the following co de

aStringsubstrkl aString

age kaddl

is translated into

aStringsetsubstrklaString

setagekaddl

Explicit receiver Every function that participates in an asso ciation is transformed to take

its explicit receiver as the rst argument The identier self is used to represent the

receiver In the function co de all b ehavior names name that are neither preceded

by a dot nor app ear in the construct protectname are replaced by selfname

Names that app ear as protectname are replaced by nameTheprotect construct

is designed to protect b ehaviors from b eing interpreted as b ehavior applications to the

implicit receiver For example function

funx return funr return ageminusrminusx

will b e transformed into

funself x

return funr return selfageminusrminusx

provided it is a part of an asso ciation On the other hand the function

fun return mapprotectnegate

will b e transformed into

funself return selfmapnegate

rather than into

funself return selfmapselfnegate

b ecause of the presence of protect

Multiple argument elimination Functions are made to accept a single argumentofa prod

uct typ e rather than multiple arguments This transformation is done to simplify typ e

checking It is p ossible b ecause b oth the source and the target language havemultiple

dispatch The co de is transformed in the following manner all denitions

funaaN expr

where N are translated into

funx let a x in let a let aN xN in expr

where x is a fresh variable For example the co de

funself x

return funr return selfageminusrminusx

is translated into

funx let self x in let x x in

return funr return selfageminusrminusx

Ob ject creation Ob ject creation in the source language is done by using op erator new on

classes The translation pro cess transforms the op erator new whose syntaxisgiven b elow

newoperator new classname initializers

initializers initializer initializer

initializer name expr

into a series of b ehavior applications in the following manner First the template for the

co de is generated

let n classnamenewclassnameargs in tail n

where n is a fresh variable and the meaning of args and tail is dened b elow For

each initializer name expr used in a given new op erator two cases are considered

There is a constant immutable eld name dened on or inherited by the class

classname Then the expression expr is added to args in the p osition

corresp onding to the numb er assigned to the eld by the class translation pro cess

describ ed earlier

Otherwise the expression nsetnameexpr is added to the tail

Consider the sp ecication

class CCircle implements TCircle

TPoint center

const TLength majorAxis

class CEllipse implements TEllipse extends CCircle

const TLength minorAxis

and the co de

new CEllipsecenter aPoint

majorAxis axis minorAxis axis

It will b e translated into

let n CEllipsenewCEllipseaxisaxisin

nsetcenteraPoint n

since the eld center is up datable while the other elds are not

typeif expressions These expressions are designed for typ esafe reection and have a sim

plied syntax

typeifexpr

typeif name is type then expr

They check if the runtime of name is a subtyp e of type and execute the expression

expr only if it is In the expression expr it can therefore b e assumed that the typ e

of name is at least type This last feature makes the typeif expressions sp ecial in

terms of their typing

During the translation for each typeif expression the b ehavior asso ciation

association TObject type astype funx systemdefined

is added to the target language program and the expression itself is transformed into

let name nameastype in

if namenotEqualUNDEFINED then expr

The b ehavior astype has the following semantics it returns an ob ject UNDEFINED

of typ e T Null if its receiverhasatyp e that is a subtyp e of type and returns the

receiver otherwise Therefore its result typ e is always at least type

For example as a result of the translation of expression

typeif anObject is TPerson then anObjectage

the asso ciation

association TObject TPerson asTPerson funx systemdefined

will b e added to the program while the expression itself will b e translated into

let anObject anObjectasTPersonin

if anObjectnotEqualUNDEFINED then anObjectage

Dot elimination Finally the dot notation used in the co de so far is dropp ed in favor of

functional notation The b ehavior application expressions of the form

expr exprB expr exprN

are transformed into

exprB expr expr exprN

For example the expressions

aStringsubstring

aPersonage

are transformed into

substringaString

ageaPerson

Final touch The nal step of the translation from the source to the target language consists of

adjustment of the global program structure First typ e subtyp e b ehavior and constant

denitions of the basic system are added Second all denitions are group ed together in the

target program sections typ es subtyp es constants b ehaviors and asso ciations Third dupli

cate denitions are discarded two denitions are duplicates of each other if they are identical

up to whitespace elimination and free variable renaming Finally the named denitions are

analyzed If there are two dierent denitions for the same name it is an error unless both

conicting denitions are b ehavior denitions

In this section the target language has b een describ ed The target language presented is a simpli

ed version of the full language that is sp ecically tailored for typ echecking purp oses Then the

translation from the source language into the target language was describ ed and illustrated In the

next section typ echecking algorithms for the target language will b e presented

Consistency

Typ echecking a program in the target language though signicantly simpler compared to a source

language program is still a complicated task There are several asp ects to the issue of correctness

of a target language program that will b e considered in this section Some of those asp ects are

local in that they can b e veried by considering a single denition others are global and deal with

interactions b etween various denitions given in the program

The entailment algorithm describ ed in Section forms the basis of the algorithms presented

here in a sense target language program typing is simplied even further b efore this core algorithm

is used This section will provide the description of this simplication pro cess

This section is organized as follows First a formal notation for reasoning ab out typ es and certain

basic notions suchastyp es constrained typ es entailment and variance annotations are intro duced

in Section The remaining sections describ e various steps of program verication in the order

they are to b e p erformed First lo cal monotonicitychecking is describ ed in Section Then the

set of typ e sp ecications given by the user is checked for acyclicity and complexity This pro cess is

describ ed in Section After these conditions are checked typ e expansions whichisaformof

typ e expression simplication can b e p erformed This is describ ed in Section After this task

is completed the main algorithms of Section can b e applied These algorithms are used in all

subsequent steps of the verication pro cess Section describ es verication of the usersupplied

constraints After these are veried global b ehavior sp ecication consistency is tested This step

is describ ed in Section The next step describ ed in Section p erforms typ e derivation

and checks consistency of function and program b o dies with resp ect to their sp ecications This is

where most of the typ echecking o ccurs Finally on the last step the dispatch consistency absence

of message not understo o d and message ambiguous errors is veried This last step is describ ed

in Section

Notation

Formal reasoning ab out typ es has an established notation For instance AC BMa GM

QKB AW as wellasmany others use notations based on the common principles that will b e

describ ed in this section

This section presents an informal overview of the theoretical notions b ehind the typ echecking

algorithms It gives sucient information to implement and use the typ echecking algorithms pre

sented in this chapter The formal treatment of all the concepts presented here will b e given in

Chapter

Typ e constructors are represented by either lowercase Latin letters ab or bytyp e names

T A T BTyp e variables are represented by Greek letters and arbitrary typ e expres

sions are represented by upp ercase Latin letters ABC The notation A is used to denote a

typ e expression with free variables and the notation AB denotes a typ e expression

n

A in whichtyp e expressions B have b een substituted for variables The shortcut A A

i i n

will b e used for pro duct typ es T Product A A and the shortcuts AR and A R will b e

n n b

used for functional and b ehavior typ es T FunctionA R and T BehaviorA R resp ectively The

typ e op erators lub and glb will b e used to denote the least upp er b ound and the greatest

lower b ound of a given set of typ es The syntax of typ e expressions is given b elow

A a j j aA A j A A j A A j A A j lubA A j glbA A

n b n n n

The typ e aA A is considered valid i a has arity n The typ e expression a is a shortcut for

n

a and thus requires a to b e of arity

For example b oth A ab dand B db ac are typ e expressions A has a set of

free variables FTV Afg and is open while B has an empty set of free variables and is therefore

closed The term primary functor pfunctor will b e used to denote the outermost typ e constructor

of a simple typ e For example pfunctor Aa and pfunctor B d

In the theoretical part of this dissertation closed typ es are mo delled as regular trees over the

alphab et dened by the set of all typ e constructors plus the typ e op erators lub and glbIntuitively

a regular tree is a closed p ossibly innite typ e expression that can b e describ ed in a nite form

For every closed ground typ e there is a corresp onding regular tree that represents it An example

of an innite regular tree is a solution of the typ e equation bwhich is an innite closed

typ e expression bbb There is a subtyping relationship denoted dened on regular

trees dened in Chapter by the relationships sp ecied by the user in the user typ e graph G see

Section page see also Denition b elow Subtyping is a partial order over the domain

of ground typ es

Constraints and entailment

Constraints are inequalities b etween typ e expressions For example

a a

is a constraint Constraint satisability is dened over the domain of regular trees describ ed earlier

Namely a constraintissatisable if there is a set of regular trees valuation such that when these

regular trees are substituted for variables the constraint in question b ecomes true A sp ecial case

of a constraint is a constraint denoted as TRUE which is considered to b e satised for

n

all values of

n

A constraint set or a constraint conjunction is dened as a conjunction of a nite number of

constraints Satisability of a constraint set is dened as existence of a valuation that turns the

constraint conjunction into a true formula T Integer is an example of an unsatisable

constraint while

T Integer

is an example of a satisable constraint set conjunction Constraint sets will b e denoted C in the

rest of this dissertation

Entailment is a relationship b etween two constraint sets dened as follows

def

C C C C

In other words a constraint set entails another if for eachvaluation of the rst set that turns it into

a true statement there exists a valuation of the second that turns it into a true statementsuchthat

these twovaluations give the same values to variables that participate in b oth of them

The relationship can b e intuitively understo o d as follows If there are two sets of constraints

C and C then C C is true if and only if the second constraint set follows from the rst The

statement C therefore has a meaning that C is satisable Use of subscript G in means that

G

the entailmentischecked in the context of the typ e system dened by the user typ e graph G

For example but Another example of true entailmentis

T Integer

as it states that there exists a typ e that is a subtyp e of T IntegerHowever the formula

TRUE T Integer

is false since it states that anytyp e is a subtyp e of T Integer whichisobviously false

The verication algorithm for will b e given in Section

G

The notion of entailmentintro duced ab oveiscentral to the typ echecking mechanism presented

in this dissertation All typ echecking tasks are ultimately formulated in terms of entailment

Constrained typ es

The typ es and constraints describ ed ab ove are used in the construction of constrainedtypesA

simple constrained typ e has the following form

C A

n

where C is a constraintset A isatyp e and are typ e variables free in A and C The

n

syntax of simple constrained typ es is as follows

X C A

n

C A A j C A A

We will often omit the quantication and write C A instead of C A When the

n

constraints are empty they will also b e omitted For example b oth X b and Y b are

simple constrained typ es Their unabbreviated form is b and b resp ectively

The intuitive meaning of a simple constrained typ e C A can b e understo o d as

n

follows Let S b e the set of all closed typ es ATsuchthatT are closed typ es satisfying the

i

subtyping constraints C T Then the simple constrained typ e C A denotes the set

n

of all greatest lower b ounds of S For example consider the simple constrained typ e b

The set S is the set of all typ es that are sup ertyp es of b The greatest lower b ound of S is b and

therefore b b This can b e directly veried by using Denition

Subtyping dened on ground typ es induces subtyping on simple constrained typ es dened as

follows

Denition Subtyping of simple constrained typ es

def

C A C A C C A A

where the quantication is over the domain of ground typ es

This denes subtyping as a partial order over the domain of simple constrained typ es factored

def

by the equivalence relationship dened as X Y X Y Y X Intuitively the

equivalence relationship allows one to identify syntactically dierent but semantically equivalent

simple constrained typ es like b and b considered ab ove

The following is the intuitive meaning of the ab ovesubtyping denition If X and X are simple

constrained typ es denoting resp ectively sets S and S thenX X i for each element s of S

there is an element s of S suchthats s For example consider the simple constrained typ e

X T Integer

f

X denotes all function typ es that accept an argumentofanytyp e which is a subtyp e of T Integer

f

and pro duce the result of the same typ e as the argument supplied What is the relationship b etween

X and the function typ e X T IntegerT Integer The typ e X corresp onds to a singleton set

f i i

IntegerT Integer itself This element b elongs also to the set denoted by X and consisting of T

f

therefore X X butX X In order to see why this is the case consider using a function f of

f i f i

Integer and pro duces the result of typ e X where X is exp ected f accepts arguments of typ e T

f i

typ e at least T Integer and thus conforms to the sp ecication given by X On the other hand an

i

attempt to use a function i of typ e X where X is exp ected leads to a typ e error since X not only

i f f

Integer but also to b e of at least the same typ e as its argument requires its result typ e to b e T

The sp ecication X guarantees the rst of these two requirements but not the second

i

Note that if C is an unsatisable set of constraints then X C A for any X and AThus

constrained typ es with unsatisable constraint sets play the role of the top typ e in the hierarchy

denoted Typ es of the form on the other hand play the role of the b ottom typ e denoted

The notion of a primary functor is generalized for simple constrained typ es The primary functor

of a simple constrained typ e X C A is dened to b e the primary functor of A

Note that the notation used for typ es and simple constrained typ es intro duced in this section

is parallel to the notation used to sp ecify typ es subtyp es and constraints in the target language

Section This prop erty of the target language will enable the description of consistency

conditions directly in terms of the notation dened here with no additional translation steps

Simple constrained typ es are further generalized to constrainedtypes A constrained typ e has a

form X glb X where X are simple constrained typ es The intuitive meaning is that if eachof

i i

i

X denotes a set of typ es S then X denotes a set of typ es S which is the set of all lower b ounds

i i

S

of the union S Subtyping is also trivially generalized for the constrained typ es as given in the

i

i

following denition

Denition Subtyping of constrained typ es

def

glb X glb X j i X X

i i j j i j

For example

IntegerT Integer T Real T RealT Real glbT

even though

T IntegerT Integer T RealT Real

This generalization is useful in describing b ehavior typ es for b ehaviors that haveseveral typ es

signatures dened for them For example cat concatenation can have b oth signatures

List T ListT List T

and

T String T StringT String

Then the typ e of cat can b e precisely describ ed by the constrained typ e

List T ListT List T String T StringT String glbT

Constrained typ es will b e denoted by the upp ercase Latin letters X Y Z W in the rest of this

dissertation

Variance annotations

Variance annotations are variable annotations that are drawn from the set f g An anno

tated typ e expression is a typ e expression with variables annotated by one of covariance

contravariance or novariance For example ab c is an annotated typ e expression

If a particular o ccurrence of a variable in a typ e expression is annotated by it means

that the typ e expression changes covariantly contravariantlynovariantly with typ es substituted

for that o ccurrence of the variable For example consider a typ e expression A that consists of

and t b e some typ es When weuse t for in A we obtain just a variable ie A Lett

A t when we use twe obtain A t Since

t t A A

the only o ccurrence of in Aiscovariant and should b e annotated by A A more

complicated example is the typ e expression B Here the two o ccurrences of have

dierentvariances Namely consider the rst o ccurrence B t and B t and therefore

t B B t

Thus the rst o ccurrence of in B iscontravariant Consider the second o ccurrence In this

case B t and B t and therefore

t B B t

Table Variance combination

Thus the second o ccurrence is covariant Therefore the annotated expression will b e B

The following algorithm formalizes the pro cess of annotating a given typ e expression Given a

typ e its canonical annotatedformis dened as follows

Denition Canonical annotated form CAF Given a typ e expression A its canonical

annotated form is given by the annotation algorithm given b elow with the call annotateA

a if A a

v

if A

aA A if A aA A

n

n

where A annotateA Var a i v

i

i

annotateA v

lubA A if A lub A A

n

n

where A annotateA v

i

i

glbA A if A glb A A

n

n

where A annotateA v

i

i

Here Var a i is dened according to the predened variance of the ith parameter of the typ e

constructor a as follows it is if the parameter is dened as covariant if it is dened as con

travariant and if it is dened as novariant The commutative binary op eration on variances is

dened byTable

For example the CAF of the expression a b is

annotatea b

annotatea annotateb annotate

annotatea annotateb annotate

a b annotate annotate

a b annotate annotate

a b annotate annotate

a b

since the rst argumentof is dened as contravariant while the second one is dened as

covariant at the same time all arguments of a pro duct typ e are dened as covariant

Once a CAF C of a typ e is computed its variancesetV is dened as a set of tuples of the form

h S i where is a typ e variable and S is a set of all variances assigned to in C S can b e also

thoughtofasamapfromavariable name to a set of all its annotations in a given expression For

example

V a b V a b fh f gi h fgig

There is a partial order strength dened on variance sets A variance set V is stronger then a

variance set V denoted V V i for eachtyp e variable suchthat h S iV there exists

h S iV such that either S S or S or f g S

For example

fh fgi h f gi h fgi h fgig fh f gi h fgi h fgig

but

fh fgig fh fgig

The strength relationship dened ab ove has the following meaning Assume that there are two

typ e expressions A and B that share some typ e variables Then if the variance set V

n A

of A is stronger then the variance set V of B the following holds

B

Ar Ar B r B r

for all closed typ e expressions r r r r For example let T ListX beanovarianttyp e

n

n

Let A T ListandB ThenV fh fgig and V fh f gig and therefore

A B

V V Let us check the prop erty Indeed

A B

Listr Listr T Ar Ar T

r r

r r r r

r r r r

B r B r

On the other hand if wetake A thenV fh fgig and V V In this case Ar r

A A B

and Ar r The prop erty is then formulated as

r r r r r r

which is false eg take r T Integer and r T Real

The notion of a canonical annotatedformis generalized for simple constrained typ es The

canonical annotated form for a simple constrained typ e X C A is dened as follows

Denition Canonical annotated form CAF for simple constrained typ es

def

CAFL U L U A

n n

annotateL annotateU

annotateL annotateU annotateA

n n

For example the CAF of the constrained typ e is The

notion of a variance set is trivially generalized to constrained typ es as well

The ab ove denition states that expressions on the left side of the subtyping relationship are

considered to b e in covariant p ositions while those on the right are considered to b e in contravariant

p ositions The following is the intuitive reason for this to b e true Let C b e a constraint

and let t and t b e suchtyp es that C t t is satised Then

a b a b

t t t t C t t

a b

a b a b

In other words a constraint remains true when the expression on the left changes covariantly and

the expression on the rightchanges contravariantly

Conclusion

In this section the notation for dealing with typ es constrained typ es and variance annotations

has b een established In the following sections this notation will b e used to establish consistency

conditions placed on the typ e system

In the following discussion the concrete typ e sp eciers will b e omitted as they are not relevantto

typ e denition consistency Also asso ciations will b e treated likebehavior denitions their function

part will b e ignored Function asso ciations are only relevant to Section and Section while

the distinction b etween abstract and concrete typ es is only relevant to Section

Lo cal monotonicity

All typ e and b ehavior denitions present in the program are required to b e local ly monotonic Lo cal

monotonicity corresp onds to the intuition that a parametric typ e b ehavior denition has to ensure

that the typ e b ehavior b eing dened maintains its validity in the presence of covariantchanges in

its parameters The conditions for lo cal monotonicity are outlined b elow

Denition Lo cal monotonicity

A typ e denition of the form

v

v

n

type C a

n

is local ly monotonic i

fh fv gig V C

i i

A b ehavior denition of the form

behaviorC AR h namei

is local ly monotonic i

V A V C V R

For example consider the typ e sp ecication

type X TOrderedX TOrderedSetcovar X

Its constraint set is C T Ordered The CAF of the constraint set is C

T Ordered ie T Ordered The variance set of constraints is therefore

V C fh fgig On the other hand the variance set of the b o dy is V fh fgig and

therefore V V C Therefore the typ e sp ecication under consideration is monotonic

On the other hand the typ e sp ecication

type TNatural X TSpecialSetcovar X

Natural thevariance set of con is not monotonic since CAF of the constraints is C T

straints is V C fh fgigthevariance set of the b o dy is V fh fgigandV V C

Therefore the typ e denition ab ove is rejected

In the presence of typ e denitions

type c

type n

the b ehavior denition

behavior c pick

will b e monotonic

V AV c f fgg f fgg V

while the b ehavior denition

behavior n createRef

will not b e considered monotonic

V AV f fgg f fgg V n

and will therefore b e rejected

The lo cal monotonicity condition is never used in the theory and can b e lifted without impacting

its correctness The reason for intro duction of this restriction is not a theoretical but a practical

one Namely while typ echecking will work just as well in the presence of nonmonotonic typ e

sp ecications interpreting its results would b e a challenge To illustrate this p oint consider the

List of up datable lists b e dened as following example Let a typ e T

type TListnovar X

and let inject b e the b ehavior with the following intended semantics inject appliedtoanobject

o of anytyp e X pro duces a list of typ e T ListX thatcontains a single element o The sp ecication

of inject will therefore b e as follows

behavior X TListX inject

The typ e of inject will therefore b e

T T List

b

which is not monotonic The meaning of this typ e as interpreted by the typ e system is drastically

dierent from what the user might exp ect Namelythetyp e system assumes that inject has al l the

typ es denoted by T for dierentvalues of This means that a function that implements inject

Listforany receiver ob ject of typ e is required to pro duce an ob ject of the typ e R glb T

X

X Clearlynoobjectcansimultaneously p ossess typ es T List for all below X and therefore a

function implementing inject can never b e written Thus even though typ echecking of expressions

involving inject pro ceeds almost as exp ected the assumptions that the typ e system makes ab out

the meaning of the typ e T are counterintuitive at b est In order to avoid situations like these the

monotonicity restrictions are placed on all typ e sp ecications app earing in a program

In this section the concept of local monotonicity has b een constructively dened The lo cal

monotonicity denition is at the same time an algorithm for checking lo cal monotonicityoftyp e

b ehavior and function denitions

Simplicity and the user typ e graph

The typ e system and the systems of typ e constraints used in the program should dene subtyping

as a partial order In addition to that the dened order should b e simple enough to guarantee

the termination of the algorithms describ ed in Section In this section it will b e shown how the

ab ove conditions are formulated and veried

In order to formulate and deal with these conditions the notion of the user typegraph G is

intro duced It will b e used later to dene and check acyclicity and simplicity conditions

Denition User typ e graph G G is a directed graph with lab eled edges Vertices in G

are the typ e denitions of the given program G has an edge from a to b i there is a subtyp e

denition of the form

C aA bB

in the program The edge is lab eled by the subtyp e denition ab ove

Thus the user typ e graph is a directed graph with lab eled vertices and edges

It is required that G be acyclic This is a sucient condition for the subtyping dened by the

set of denitions to b e a partial order as will b e shown in Chapter For the theoretical treatment

of typ es and subtyping this is all that is needed However this is insucient to ensure termination

of the core entailment algorithm used for typ e checking

In order to see why this is the case consider the following denitions

type TListnovar X

TSpecialListX TListX TSpecialListX TListX

What this denition is saying is that T SpecialListX is asubtyp e of T ListX if

T SpecialListX is a subtyp e of T ListX an apparent recursion When an algorithm at

tempts to establish whether a given typ e T SpecialListAisasubtyp e of another typ e T ListA

it checks the condition rst thus going into innite lo op Of course this is a trivial example but it

do es show that acyclicity of the typ e graph alone do es not guarantee termination

Therefore it is also required that G has a valid rankingAvalid ranking is informally an as

signment of dierent p ositive complexity indices to all typ e constructors in the graph One typ e

constructor is more complex than the other if the second one can b e used to test some subtyping

hyp othesis involving the rst one As long as this more complex relationship do es not haveany

cycles in the graph assignment of complexity indices is p ossible Considering the ab ove example

with T List and T SpecialListwe can see that T List is more complex than T SpecialList

SpecialListA T ListB For the same since the later is required to verify the hyp othesis T

reason T SpecialList is more complex than T List and therefore the typ e graph dened by this

example do es not haveavalid ranking

The formal denition of valid ranking as well as the algorithm that checks whether a given graph

G has a valid ranking is given b elow

Denition Ranking and valid ranking Ranking is an assignment of p ositiveinteger num

b ers ranksa to all typ e constructors with nonzero arity a in G Avalid ranking is a ranking such

that

For eachpathP between two constructors a and b in the user typ e graph G the following

condition holds

maxE R minfa bgnI

Here E is a union of rank sets for all edges in the path P R is a union of rank sets for all

vertices in the path P and I is the set of all ary typ e constructors in G It is assumed that

max and min The op eration n denotes settheoretical dierence

For nonary typ e constructor a in G the following condition holds

maxE a

a

where E is the rank set of the vertex a in G

a

A rank set for an edge is dened as a set of ranks of all nonary typ e constructors that participate

in the lab el of that edge in p ositions other than primary functors of the principal inequality In other

words if the lab el of the edge is

C aA bB

then the rank set for this edge includes ranks of all nonary typ e constructors participating in

C A and B

A rank set for a vertex is dened as a set of ranks of all nonary constructors participating in

conditions placed on the lab el of the vertex In other words if a vertex a is lab eled with

type C a

then the rank set for this vertex will include ranks of all nonary typ e constructors that participate

in C

Given a set of typ e and subtyp e denitions the set of inequalities b etween constructor ranks

that denes a valid ranking is constructed Each inequality has the form

maxset of ranks S minfa b g

i i i

and can b e represented as

sa sb

i i

sS

i

Avalid ranking is a ranking that satises all inequalities ie satises the formula

sa sb

i i

i

sS

i

This formula has the form

a a a a a a

n n

wherea are not necessarily distinct rankings Such a conjunct denes a directed graph G with

i

verticesa and edgesa a for all inequalitiesa a in the conjunct If G is acyclic there exists

i i j i j

a ranking such that the formula is satised Such ranking is a valid ranking

Thus checking for the existence of a valid ranking is done as follows

A formula of the form describ ed in Equation is constructed

The graph G is constructed and checked for acyclicity If it is acyclic succeed otherwise fail

As an example consider the set of typ e and subtyp e denitions

type TPrintable

type TSetcovar X

X TPrintable TSetX TPrintable

type TOutputStreamcontravar X

type TSetOSnovar X

TSetOSX TSetTOutputStreamX

For brevity p will b e used for T Printable s for T Set o for T OutputStreamand q for T SetOS

The ab ove denition can b e represented in theoretical notation as

type p

type s

p s p

type o

type q

q so

type p type o

p s p

type s

q so

type q

Figure Example user typ e graph G

The user typ e graph G for this hierarchy is presented in Figure

There are three p ossible paths in this graph sp q s and q p Only these paths contribute

to the resulting formula since all vertex rank sets are empty Edge rank sets are fpg for sp and

fsg for q s The inequalities are as follows

s for sp

o minq s for q s

o q for q p

and the formula Equation is

o q o s

This fromula denes an acyclic graph G and therefore a valid ranking exists

In this section acyclicity and simplicity conditions have b een describ ed The notions of the

user typegraph and a valid ranking were dened and used to formulate the ab ove conditions The

algorithm for checking the simplicity condition has b een presented and exemplied

Typ e expansion

In order to p erform the necessary checking the concept of typeexpansion is used Informallya typ e

expression is expanded if it explicitly lists all the constraints implicit in the denitions of typ es that

participate in the expression For example if wehave the denition

type X TPerson TPersonListnovar X

then the following typ e expression is not expanded

T List

while the next one is

T PersonT List

The following is the formal denition of an expanded typ e

Denition Expanded typ e A simple constrained typ e C A a constraint set C is called

expanded if for every sub expression of the form aB that o ccurs is C A a constraint set C the

following holds

if

type C a

is the typ e denition of a then C B C

The pro cess that transforms a typ e into its expanded form is called expansion and is p erformed

by recursively adding appropriate constraints to the constraint set This pro cess is describ ed by the

following algorithm

Algorithm Typ e expansion

Initialize Set S to b e the set of all sub expressions in C and A which are neither variables nor ary

constructors set R to b e equal to C setS to b e the empty set

Add For each expression aB inS do the following

Add C BtoR

Add all sub expressions in C Bwhich are neither variables nor ary constructors to

S

where

type C a

is the typ e denition of a

Iterate S S n S if the resulting set S is empty succeed with the result RA otherwise let

S and continue from step Add

Expansion is guaranteed to terminate if there exists a valid ranking as will b e shown in Chapter

For example given the typ e denitions

type p s

type s q

the following typ e expression is not expanded

q

However it can b e transformed into expanded form as follows

q s q s p q

The expansion function expand provides the expanded form of a typ e expression For exam

G

ple expand q s p q Since the typ e expansion step is p erformed after the

G

existence of a valid ranking for the user typ e graph has b een established the function expand is

G

welldened

Convention From nowonalltyp es in the program are considered to b e expanded

This can b e done by means of the syntactic transformations

Eachtyp e denition

type C a

is transformed into

type C a

where expand C a C a

G

Each subtyp e denition

C A A

is transformed into

C C A A

A

A

where expand C A C A and expand C A C A

G A G

A

Each b ehavior denition

behavior C AR

is transformed into

behavior C C AR

A R

where expand C AC A and expand C RC R

G A G R

Each b ehavior asso ciation is transformed analogously to the b ehavior denition

Note that neither constant denitions

const A hnamei

nor the typedletexpression

let A hnamei

are transformed since A in b oth cases is not allowed to contain typ e variables thus the resulting

constraints C are either inconsistent which will b e rejected by consistency checking or if consistent

C A A

The expansion pro cess is describ ed here since it can only b e done after the user typ e graph is

successfully checked for simplicity existence of valid ranking

Constraint consistency

Constraint consistency checkingisneededtoidentify erroneous unsatisable constraints ie con

straints that can not b e satised byany p ossible typ e This section provides the algorithm for

constraint consistency checking in the given typ e system

An intuitive reason for consistency checking is the fact that constrained typ es of the form C A

are equivalent to the top typ e in the hierarchy when their constraint sets C are unsatisable

Since it is the purp ose of typ echecking to ensure that data of the typ e can never b e generated by

the program the initial conditions describ ed bytyp e sp ecications given explicitely in the program

are also required to sp ecify typ es strictly less than The last requirement is equivalenttothe

requirement of satisfyability of constraints of all typ es sp ecied by the user

Denition Constraint consistency Each of the following constructs

A typ e denition of the form

type C a

A subtyp e denition of the form

C aA bB

A b ehavior denition of the form

behavior C AR

has a consistent constraint i

C

G

It is required that all typ e subtyp e and b ehavior denitions in the program have consistent

constraints

Note that this step can only b e done after simplicitychecking since only in a suciently simple

typ e system is the algorithm of Section guaranteed to terminate

Consider the following sp ecication

type TPerson

type TChild

TChild TPerson

type TChild X TArraynovar X

behavior X TPerson TArrayX X getOldest

For brevity p will b e used for T Person c for T Child a for T Arrayand b for getOldest The

ab ove denition can b e represented in theoretical notation as

type p

type c

c p

type c s

behavior p a b

Consider the question of constraint consistency for the b ehavior sp ecication present in the ab ove

fragment The expanded form is

type p

type c

c p

type c s

behavior p c a b

and the b ehavior constraint set is therefore

C p c

The formula

C p c

G G

is satised since there exists an such that all constraints in C are satised for example c

Therefore the constraint is consistent

On the other hand if the subtyp e denition

TChild TPerson

was removed the ab ove constraintwould b e inconsistent The reason for that is that nowitis

imp ossible to nd an to satisfy the formula

p c

since the latter requires that

c p

and this is no longer the case Therefore the formula

C

G

is not satised and the constraint is inconsistent

In this section the notion of constraint consistency was intro duced The pro cedure for checking

constraint consistency has b een established and exemplied

Global b ehavior consistency

Behavior denitions have to b e consistent Since several b ehavior denitions can collectively dene

a single b ehavior there are two asp ects of consistency lo cal monotonicity a single denition and

global monotonicity a set of all denitions for the same b ehavior The lo cal monotonicity has b een

dened in Section The global consistency related to interaction b etween dierent denitions

of the same b ehavior is describ ed in this section

Note that lo cal monotonicity conditions are not essential for the theory to b e applicable They

are designed to reject the sp ecications that haveacounterintuitive meaning but in their absence

typ echecking algorithms will still b e valid and sub ject reduction will b e provable On the other hand

the global monotonicity considered here is crucial Without it a correctly typ echecked program can

pro duce typ e errors during its execution

Denition Global b ehavior consistency Abehavior b is global ly consistent i for every

two denitions

behavior C A R b

and

behavior C A R b

the following holds

C C fA A g R R

G

All b ehaviors are required to b e globally consistent The algorithm for checking the entailment

will b e presented in Section

Consider the following sp ecications

type TReal

type TInteger

TInteger TReal

behavior TReal TReal TReal add

behavior TInteger TInteger TInteger add

For brevity r will b e used for T Real i for T Integerand b for add The ab ove denition can b e

represented in theoretical notation as

type r

type i

i r

behavior rrr b

behavior i ii b

In order to check the consistency it is neccessary to check b oth directions and

Here C C andrr i i is unsatisable Therefore the consistency

condition is trivially satised

Here C C andi i rr is trivially satised It is left to show that

i r

G

which is immediately true Therefore the consistency condition in this case is also satised

Thus the ab ove b ehavior sp ecications are globally consistent

A more complicated example dealing with parametric typ es will b e considered next

type TSetcovar X

type TArraynovar X

TArrayX TSetX

behavior TSetX TSetX someSubset

behavior TArrayX TArrayX someSubset

For brevity s will b e used for T Set a for T Arrayandb for someSubsetTheabove denition can

b e represented in theoretical notation as

type s

type a

a s

behavior ss b

behavior aa b

Again it is necessary to check b oth directions

Here C C and s a is unsatisable Therefore the consistency

condition is trivially satised

Here C C and a s since for any and

a s It is left to show that

a s

G

which is immediately true Therefore the consistency condition in this case is also satised

Thus the ab ove b ehavior sp ecications are globally consistent

An example of an inconsistentbehavior sp ecication is given b elow

type TSetcovar X

type TMySet

type TPerson

TMySet TSetX

behavior TSetX X pick

behavior TMySet TPerson pick

For brevity s will b e used for T Set m for T MySet p for T Personand b for someSubset The

ab ove denition can b e represented in theoretical notation as

type s

type m

type p

m s

behavior s b

behavior mp b

Checking b oth directions

Then C C and s m is unsatisable Therefore the consistency condition

is trivially satised

Then C C and m s TRUE since the constraint m s trivially

holds for all It is left to showthat

TRUE p

G

which is not true since there exist suchthatp do es not hold Note that the presence

of TRUE on the left side of the turnstyle is crucial

TRUE p p FALSE

G

while

p p TRUE

G

Therefore the consistency condition in this case is not satised

Thus the ab ove b ehavior sp ecications are not globally consistent and will b e rejected In order to

see why these sp ecications are incorrect consider an application of the b ehavior pick to an ob ject

MySet statically declared to b e of typ e T SetT Student Statically the result typ e will of typ e T

b e inferred to b e T Student according to the rst sp ecication However at runtime the call will

b e dispatched to the second asso ciation as T MySet is more sp ecic than T Set However the

second asso ciation is only required to pro duce an ob ject of typ e T Person and not necessarily of

typ e T StudentThus a runtime typ e error will o ccur

In this section the algorithm for checking global b ehavior consistency was describ ed and exem

plied The next section deals with the issue of functional consistencyiechecking whether the

sp ecied function co de corresp onds to the typ e sp ecications given for that function

Functional consistency

In this section typ echecking of function co de will b e describ ed All co de in the target language

except for the main expression of the program is contained in functions and functions are

asso ciated with b ehaviors by associations The algorithm presented in this section ensures that

asso ciations are lo cally consistent ie that the function b eing asso ciated indeed conforms to the

typ e sp ecied for it in the asso ciation

Function consistency checking pro ceeds as follows First the initial environment asso ciating

constants in a program with their declared typ es is constructed Then for each function asso ciation

its typ e is inferred and its validityisveried Finally the main expression of the program is

typ echecked These verication steps are describ ed b elow

Denition Initial environment An environment is dened as a set of nameto

i

typ e bindings of the form v glbC A Theinitial environment for a program is dened as

i

i

follows

For eachconstant denition of the form

const A v

the asso ciation v A is added to

For each b ehavior b the asso ciation v glbX X is added to where there is

N

i

X C A R for eachbehavior denition

i i b i

i

behavior C A R b

i i

and for eachbehavior asso ciation

i

association C A R bfun

i i

The denotation v will b e used to denote if v is unb ound in and the typ e X if v is b ound

and its binding in has the form v X The op eration constructs the new typing

environment that includes all bindings in and those bindings of that are not overridden in

Formally

v if v

v

v if v

For example for a set of denitions

Integer MaxAge const T

behavior T Real T RealT Real add

behavior T Integer T IntegerT Integer add

the initial environment will b e

Integer add glbT Real T Real T Real fMaxAge T

b

T Integer T Integer T Integerg

b

Denition Functional consistency A program is functional ly consistent i

For each function asso ciation of the form

association C AR b funx hexpri

the following holds

X C A R

G

where fun x hexpri X glb C A

i i

i

For the main expression hexpri of the program the following holds

C for at least one i

G i

where hexpri glb C A

i i

i

Note that the condition for the functional expression can b e equivalently written as

i C C A AR

G i i

The inference algorithm computing the relationship is presented in Figure The intuitive

meaning of the statement of the form

expr X

is that the expression expr has typ e X when all constants are typ ed according to The denotation

glb E j j where E j j issometyp e expression dep ending on j j is

n n n

j j

n

dened as

def

E glb glb fE j j j domj domj g

j j j j n n

n j j n

n

i i

u glb C A u

i

Axiom

i i

u glb C A

i

i i

fx g hexpri glb C A

i

Abs

i i

fun x hexpri glb C A

i

where is a fresh typ e variable

j j

i i

hexpri glb C A hexpri glb C A

i j

Appl

j j

i i

hexpri hexpri glb C C fA A g

ij

where is a fresh typ e variable

j j

j j

n n

hexpri glb C A hexpri glb C A

j j n n

n

n

Pro duct

j j

i

j

n

A A hexpri hexpri glb C

i

n j j

i n

n

j j

i i

hexprsi glb C A hexpri glb C A

i j

Seq

j j

i

hexprsi hexpri glb C C A

ij

j j

i i i i

hexpri glb C A fx glb C A g hexpri glb C A

i i j

Let

j j

i

let x hexpri in hexpri glb C C A

ij

j j

i i

A hexpri glb C A fx T g hexpri glb C

i j

Typ edLet

j j

i i

fA T gA let T x hexpri in hexpri glb C C

ij

Figure Typing rules for the target language

Example Consider the following set of sp ecications

Integer MaxAge const T

behavior T Real T RealT Real add

behavior T Integer T IntegerT Integer add

association T IntegerT Integer addMaxAge

funx freturn addx MaxAgeg

The initial environmentis

fMaxAge T Integer

Real T Real T Real add glbT

b

T Integer T Integer T Integer

b

addMaxAge glbT Integer T Integerg

b

In order to typ echeck the body of the behavior addMaxAge it is necessary to nd X such that

funx addx MaxAge X

Let

i i

X glb C A

i

Using the rules in Figure the following derivation is constructed

Using the rule Abs is true if

i i i i

A glb C A glb C

i i

and

fx g addx MaxAge X

where

i i

X glb C A

i

Using the rule Appl the ab ove is true if

i j i j

i i

glb C A glb C C fA A g

i ij

and branch

i i

fx g add glb C A

i

and branch

j j

fx g x MaxAge glb C A

j

Following branch using rule Axiom since add is in the following is proven

i i

Real T Real T Real T Integer T Integer T Integer glb C A glbT

b b

i

Following branch using rule Pro duct

j j j j j j

A A C glb C A glb C

j j j

where branch

j j

fx g x glb C A

j

and branch

j j

C fx g MaxAge glb A

j

Following branch using the rule Axiom since x is in the set of assumptions it is proven

that

j j

glb C A

j

Following branch using the rule Axiom since MaxAge is in it is proven that

j j

T A glb C Integer

j

All branches have successfully terminated Now it is p ossible to synthesize the resulting typ e

expression X by following the derivation tree b ottomup

from

j j

glb C A

j

from

j j

glb Integer C A T

j

from and

j j

T A glb C Integer

j

from

i i

glb C Real T Real T Real A glbT

b

i

T Integer T Integer T Integer

b

from and

i i

Real T Real T Real T Integer glb C A glbT

b

i

T Integer T Integer T Integer T Integer

b

From and

X glbT Real T Real T Real T Integer

b

T Integer T Integer T Integer T Integer

b

The typ e X is the typ e inferred for the function b o dy

Finally from and

Real T Real T Real T Integer X glbT

b

T Integer T Integer T Integer T Integer

b

According to Denition one of the following conditions should b e satised for the sp eci

cation under consideration to b e functionally correct

T Real T Real T Real T Integer T Integer

G b

T IntegerT Integer

or

T Integer T Integer T Integer T Integer T Integer

G b

T IntegerT Integer

where the premises are empty since

IntegerT Integer T IntegerT Integer expand T

G

Formula is false since

T Real T Real T Real T Integer T Integer

G b

T IntegerT Integer

T Integer T Integer T Real T Real

G

Real T Integer T Integer T

T Integer T Real T Real T Integer T Integer

G

T Real T Integer T Integer

G

FALSE

Real T Integer since T

However formula is true since

T Integer T Integer T Integer T Integer T Integer

G b

T IntegerT Integer

T Integer T Integer T Integer T Integer

G

T Integer T Integer T Integer

T Integer T Integer T Integer T Integer T Integer

G

T Integer T Integer

G

TRUE

and therefore there is and such that the ab ove constraint is satised

Therefore the denition of addMaxAge is considered to b e functionally consistent

In this section the notion of functional consistency was intro duced and the algorithm for its

checking has b een describ ed The typ e inferencing rules used in functional consistency checking

were dened The typ e inferencing rules presented in this section together with the entailment

verication algorithm given in Section constitute the core of the typ e and consistency checking

Dispatch consistency

A uniform b ehavioral system in whichevery action is p erformed via a b ehavior application has to

supp ort an ecient runtime dispatchmechanism In theory a dispatchmechanism can b e similar

in expressibilitytothetyp e sp ecication mechanism of a language However the expressiveness

of a dispatchmechanism is inversely prop ortional to its complexity and therefore to its eciency

Considering the fact that the dispatchmechanism is the main runtime engine of a b ehavioral system

a certain compromise b etween expressiveness and eciency is necessary

The material in this section is related to a particular dispatchmechanism that has b een chosen for

the describ ed system This mechanism supp orts multiple dispatch but ignores dierences b etween

dierent parametric typ es from the same parametric typ e familyFor example it is p ossible to

dispatch the calls equalaPointaPoint and equalaPointaColorPoint to dierent functions

However the dispatch of the calls aStudentSetpick and aPersonSetpick is required to yield the

same co de

Note that the validity of the calls can dep end on a particular typ e parameter eg the call

aNumberListsort is typ ecorrect while anObjectListsort is not Once the call is valid however

its dispatch should only dep end on the primary functors of the typ es involved

There are several asp ects related to the dispatch consistency First for every concrete typ e and

anytyp ecorrect b ehavior application involving that typ e the co de to dispatch to should b e dened

no message not understo o d errors on statically typ ecorrect calls Second the co de to execute

should b e unambiguous no message ambiguous errors Finally the dispatchshouldalways yield

a function that was typ echecked with resp ect to typ es of actual arguments or their sup ertyp es

The last issue is the consequence of the compromise b eing made b etween the expressivepower

of dispatch mechanism and its eciencyNamely if the expressiveness of the dispatch mechanism

was equivalent to the expressiveness of the rest of the typ e system this issue would not arise

The following material describ es the algorithms used to check all three asp ects of dispatch con

sistency

Since the dispatch o ccurs at a coarser level concrete primaryfunctor only typ es than a typ e

denition do es for dispatch consistency checking it is necessary to b e able to deal with the b ehavior

asso ciations at b oth levels While the typ e sp ecication is given directly in a b ehavior asso ciation

the concrete form of the typ e has to b e inferred The following algorithms are used to derivethat

form from the typ e sp ecication given

Denition Concrete typ e constructors Atyp e constructor c in G is called concrete i

its corresp onding typ e denition is of the form

concrete type C c

The set of all concrete typ e constructors in a given user typ e graph G is denoted Concrete

G

Denition Constructor pro ducts A tuple hc c i is called aconstructor product

n

over G if eachofc is a typ e constructor in G The relationship dened by the graph G on typ e

i G

constructors is extended to constructor pro ducts in the following way

def

c i h hc c n m c c i c

G G m i

n i

i

n

The set of all constructor pro ducts of arity n is denoted Constr

G

Denition Primary form A primary form of a simple constrained typ e X

C A A is a constructor pro duct denoted primary X dened as follows

N G

pfunctor A if A

def

i i

primary X hc c ijc

G n i

j j

g C g otherwise if A jf u glb fpfunctor u

j i

G

i i

Here the usual convention for unary pro ducts hAiAisused

The primary form is basically a simplication of a given typ e The given typ e is simplied up to

apoint when it can b e presented as a constructor pro duct This simplied form is the one used for

dispatch As an example consider the typ e

X T Integer T Real T List

Integer T Listi Indeed for the rst comp onentwemust compute the Its primary form is hT

greatest lower b ound of T Integer and T RealwhichisT IntegerFor the second the primary

functor T List is taken according to the denition ab ove

Denition Abstract form An abstract form of a constructor pro duct t ht t i

n

denoted abstract t is dened as follows

G

def

Arityt

Arityt

n

abstract t expand t t

G G n

n n

i

where are fresh typ e variables

j

Computing an abstract form of a constructor pro duct is in a sense an inverse to taking a primary

form of a typ e The latter transforms a constrained typ e into a constructor pro duct while the former

transforms a constructor pro duct into a constrained typ e However since some information is lost

when the primary form is obtained abstract form of a primary form of a given constrained typ e

is in general dierent from the original For example the abstract from of a constructor pro duct

Integer T Listi is hT

Integer T List T

which is not the same as X

Denition Concrete set A concrete set for a set of simple constrained typ es fX

i

n n

C A g denoted concrete fX g is dened as follows

i i G i

i i

m

If A A A for all i then

i

i i

def

m

concrete X fc j c Concrete

G G

c primary X c primary X

G G G G n

c concrete X c c c c

G G

C C C A A A A g

i c G c c c c i

i i

otherwise

def

concrete X

G

where C A abstract c and C A abstract c

c c G c c G

Informally a concrete set is a set of concrete constructor pro ducts c that are the maximal

ones b elow all of the typ es X Maximality here is understo o d in the following sense c dominates

i

c in the concrete set if it is ab ove c and its abstract form whichisatyp e X has the prop erty

c

X X glb X where X is the abstract form of c

c i

c i c

Consider the following example Let the following b e the sp ecications given in the program

type TOrderedcontravar X

type TNumeric subtype of TOrderedTNumeric

concrete type TChar subtype of TOrderedTChar

concrete type TReal subtype of TNumeric

concrete type TInteger subtype of TReal

and the constrained typ es X and X given by

X T Ordered

X T Integer T Ordered

The primary form of X is

Ordered T Orderedi hT

while the primary form of X is

hT Integer T Orderedi

The concrete set for X is

Real T Reali hT Real T Chari hT Char T Reali hT Char T Charig fhT

and for X as well for X X

fhT Integer T Reali hT Integer T Charig

Another example that shows how the last condition in Denition works is given b elow

type TA

type TA

type TB

type X TA TCcovar X

TCX TB

type X TA TCcovar X

TCX TCX

The concrete set for the typ e T B will b e fT C T Cg In order to see why T C is in this set even

though it is b elow T Cwe write the elimination condition from Denition here c T C and

c T C

A T A T C T C T C T B T

G

This is not true eg take T A and the lefthand side b ecomes unsatisable as it implies

A T A which is not the case Therefore T C can not b e eliminated from the concrete set for T

T B even though T C is b elow T C in the graph Informally it is not eliminated b ecause there are

typ es of the form T C that are subtyp es of T B but not subtyp es of any of the typ es T C

The b ehavior coverage condition ensures that for every b ehavior denition and for every concrete

pro duct that satises its conditions there is at least one asso ciation for this b ehavior that has its

conditions satised by the same concrete pro duct Informally it means that every b ehavior denition

is covered by at least one b ehavior asso ciation

Denition Behavior coverage A b ehavior b satises coverage condition i

d d

i N t concrete C A j N

d G a

i i

d d a d a

C C fA A g fA A A gC

t t G t

i i j i j

where C A abstract t

t t G

d d d

behavior C A R i N

d

i i i

are the b ehavior denitions for band

a a a

association C A R i N

a

i i i

are the b ehavior asso ciations for b

Consider the following example Let the following b e the sp ecications given in the program

type TOrderedcontravar X

type TNumeric subtype of TOrderedTNumeric

concrete type TChar subtype of TOrderedTChar

concrete type TReal subtype of TNumeric

concrete type TInteger subtype of TReal

behavior TOrderedX TOrderedX TBoolean compare

association TChar TChar TBoolean compare implementation fun

association TReal TReal TBoolean compare implementation fun

Then according to the denition wehave to nd an appropriate asso ciation for eachtyp e in the

Ordered T Ordered using for the free typ e variable X concrete set of the typ e X T

The concrete set is

fhT Real T Reali hT Real T Chari hT Char T Reali hT Char T Charig

Real T Reali and the second asso ciation the condition is For the constructor pro duct hT

T Real T Real T Ordered T Ordered

G

T Real T Real T Ordered T Ordered T Ordered T Ordered

and is immediately satised For the constructor pro duct h T Char T Chari and the rst asso ciation

the condition is

Char T Char T Ordered T Ordered T

G

T Char T Char T Ordered T Ordered T Ordered T Ordered

For the constructor pro duct hT Real T Chari and the rst asso ciation the condition is

T Real T Char T Ordered T Ordered

G

Char T Char T Ordered T Ordered T Ordered T Ordered T

which is satised since

RealT Char T Ordered T Ordered T

T Numeric T Char

Char T Char T Ordered T Ordered T

The conditions for the constructor pro duct hT Char T Reali are satised in the same way

Thus there is at least one asso ciation covering each constructor pro duct in the concrete set

and therefore the coverage condition for the ab ove sp ecication is satised Note that wewere

able to conrm coverage even though there is no asso ciation for h T Numeric T Numerici since this

constructor pro duct is abstract and therefore do es not need to b e covered

The next condition guarantees that there is only one most sp ecic asso ciation for each concrete

typ e This in turn guarantees the absence of message ambiguous errors at runtime This condition

is standard for the systems with multiple dispatch and is formulated in terms of constructor pro ducts

not typ es

Denition Behavior unambiguity Abehavior b satises unambiguity condition i

i j N

a

a a a a a a a a

primary C A primary C A primary C A primary C A

G G G G G G

i i j j j j i i

a a a a

t concrete C A C A

G

i i j j

a a

k N t primary C A

a G G

k k

a a a a

primary C A primary C A

G G G

k k i i

a a a a

primary C A primary C A

G G G

k k j j

where C A abstract tand

t t G

a a a

association C A R i N

a

i i i

are the b ehavior asso ciations for b

The correctness condition is designed to check whether all typ ecorrect b ehavior applications of

a particular b ehavior are dispatched to a function that was typ echecked in accordance with the

actual argumenttyp es This condition is necessary b ecause dispatch o ccurs at a coarser granularity

than do es typ e sp ecication All b ehaviors in the system are required to satisfy this condition

Denition Behavior correctness A b ehavior b satises correctness condition i

a a a a

A primary C A i j N primary C

G G a G

j j i i

a a a a

t concrete C A abstract primary C A

G G G

j j i i

a a a a a

C C fA A g C fA A A g

t t G t

j j i i j

where C A abstract tand

t t G

a a a

association C A R i N

a

i i i

are the b ehavior asso ciations for b

Consider the following set of sp ecications

concrete type TSetcovar X

concrete type TSpecialSetcovar X subtype of TSetX

association TSetX TBoolean isEmpty fun

association X TPerson TSpecialSetX TBoolean isEmpty fun

The second function is only supp osed to b e invoked for sp ecial sets of p ersons or their subtyp es

However since dispatch uses only primary functors of argumenttyp es it is unable to distinguish

SpecialSetT PersonandT SpecialSetT Object and dispatches to the second func between T

tion as the more sp ecic one in b oth cases This causes the b o dy of the second function to b e

executed under more lib eral assumptions then the ones used when its b o dy was typ echecked and can

therefore cause runtime typ e errors Therefore the ab ove set of sp ecications is disallowed Indeed

the b ehavior correctness condition in this case is for the typ e constructor T SpecialSet whichis

in the concrete set of T SetT SpecialSet

SpecialSet T Set T

G

Person T SpecialSet T SpecialSet T Set T

which is equivalentto

TRUE T Person

G

Person do es not hold and is false as there exists an such that T

Denition Dispatch The function dispatch b q BRTyp N is dened as

G G a

follows

b b

i s h s ii S t if jS tj

def

min min

dispatch b q

G

otherwise

where B is the set of all b ehaviors

def

t primary q

G

def

b a a

S t fhs iijs primary C A t sg

G G

i i

def

b b b

t fhs iijhs iiS t hs i iS t s sg S

G

min

and

a a a

association C A R i N

a

i i i

are the b ehavior asso ciations for b

In this denition the notion of runtime type Denition domain RTyp has b een used

G

along with the appropriate extension of primary given in Denition Intuitively a runtime

G

typ e is a typ e of an ob ject that is present during program execution Every runtime typ e is also

atyp e but the opp osite is not true For example an abstract typ e is not a runtime typ e b ecause

an ob ject of suchatyp e can never b e created and thus can not b e present at runtime Some other

restictions also apply

The dispatch pro cess cho oses the most sp ecic asso ciation with resp ect to the typ e

that is obtained by taking the argument typ e and cutting o its leaves For ex

ample the typ e T CollectionT Person b ecomes T Collection while the pro duct typ e

T CollectionT Person T Integer b ecomes hT Collection T Integeri If the most sp ecic

asso ciation do es not exist either there are no suitable asso ciations or there are several suitable

asso ciations that are incomparable to each other then the dispatch fails and returns This can

never happ en in a successfully typ echecked program as will b e proven in Chapter

In this section the notion of dispatch consistency was intro duced The algorithms testing various

asp ects of dispatch consistency were presented and illustrated by examples

The next section intro duces the core algorithm of the presented typ e system

Entailment

The algorithms and notions presented in this section constitute the core of the presented consistency

checking algorithms The algorithms of this section always deal with expanded typ es and constraints

W W

can b e understo o d as a logical formula C C The entailment relationship

j i

j i

C C

i j

i j

where

FTV C n FTV C

i j

i j

and FTV C The task of the main entailment algorithm is to determine whether a logical

j

j

formula of this form is satised in a typ e system dened by the given user typ e graph G

W W

C C b e the entailment that is necessary Algorithm Deciding entailment Let

G

i j

i j

to check The algorithm op erates as follows

W

For each icheck C C in the following manner

G

i j

j

a Check whether C as follows attempt to atten C wrt G If it fails the formula

G

i i

C can not b e proven and the algorithm ends with success a contradiction implies

G

i

everything otherwise continue to the next step

b Change all variables FTV C into ary typ e constructors a Form the extended

k k

i

i

typ e graph G by adding edges corresp onding to constraints from C and vertices corre

e

i

sp onding to typ e constructors a to G

k

i

c If G do es not haveavalid ranking end the algorithm with the result UNKNOWN

e

i

a wrt G If at least one of them succeeds succeed d For each j attempt to atten C

e

j

otherwise fail

If all checks ab ove succeed succeed otherwise fail

For example in order to check the entailment

the entailment is checked rst Since the formula on the right of the turnstyle is

already attened the check succeeds and the algorithm pro ceeds to the next step Here the typ es

a band g are intro duced into the typ e graph G with the following relationships b etween them

e

a b b g

G thus obtained has a valid ranking and the algorithm now attempts to prove

e

a g

G

e

by attening the formula a g wrt G The attening succeeds and therefore the algorithm

e

nishes with success

Algorithm Flatten Let C is the constraint formula to b e attened

Initialization

Create an initially empty set D of already checked constraints

Create an initially empty set E of eliminated variables

For eachvariable create initially empty sets of lower and upp er b ounds L and U

i i i

Create a directed graph G with vertices and initially no edges

i

Create a list of complex constraints C Set C to C arbitrarily ordered

Pro cess For each constraint A B in C do

Remove the constraint from C

Clear the set of new constraints N

If A B or A B D continue to the next constraint

Otherwise add the constrainttoD and do the following

a If A B and there is no path from to in G then do the following

i j i j

i Add the edge to G

i j

ii If the addition of the edge creates cycles in G replace all variables

i i

n

involved in the cycles in all expressions used in the algorithm by the variable

i

Collapse vertices into the single vertex in G New sets U and

i i i

n i

L for this vertex are constucted as follows U U and L U

j i j i

j j

i i i

For eachpairhl uiL U add the constraint l u to N Add the set

i i

n

f g to E

i i

k

k

iii Otherwise no cycles form sets

S L where k fk j there is a path from to in Gg

l k k k i

S U where m fm j there is a path from to in Gg

u m m j m

For eachpairhl uiS S add the constraint l u to N

l u

b Otherwise if A lub A add constraints of the form A B to N

i i i

c Otherwise if B glb B add constraints of the form A B to N

i i

i

d Otherwise if A add B to the set U Form the set

i i

S L where k fk j there is a path from to in Gg

l k k k i

Add constraints of the form l B l S toN

l

e Otherwise if B add A to the set L Form the set

i i

S U where k fk j there is a path from to in Gg

u k k i k

Add constraints of the form A u u U toN

k

Var ai

f Otherwise if A aA andB aB add the constraints A B to N Here

i i

Var a i f g is the dened variance of the ith parameter of typ e constructor

a and addition of a constraint A B is

treated as addition of two constraints A B and B A

g Add constraints in N n C D to the tail of C

h If the current constraintwas not pro cessed on this step remove it from D and put

it backinto the head of C so that the algorithm do es not try to pro cess it now

Resolution Empty the set of sets T For each constraint A B in C do

Remove the constraint from C and add it to D

If A glb A add the set fA B g to T

i i

i

Otherwise if B lub B add the set fA B g to T

i i i

Otherwise A aA and B bB Do the following

i i

a If there is no path from a to b in G fail

b Otherwise for each path P ha c c c bi from a to b in G addC to set

n

T HereC is the set of the following constraints

Var c i

A C

i

i

C C

C C

C C

Var c i

C C

i

C C

C C

C C

Var c i

C C

i

nn

C B

i

i

where

k k k k k k

c C C c C

k k

are the lab els of the edges in P and

k

type C c V

k c i

k

are the lab els of vertices in P All new variables intro duced on this step are considered

to b e fresh

Subgoals Create a crosspro duct of all sets in T T tEmpty the result set RFor each

tT

t T do

Clone the state of the algorithm G GFTV t D D U U L L C C t

i i

i i

E The lower and upp er b ounds sets for the variables in FTV t n vertices Gare

set to empty sets

Solve the resulting task starting from the step Pro cess

If there was a success add the result to R

If none of the tasks ab ove succeeds fail

Finalization If C is empty succeed the attened form is

r l u e

i i i j

r R i uU eE

lL

G

i

i

i j

Otherwise continue from step Pro cess

Example Consider the following sp ecication

type TSetcovar X

type TListnovar X

TListX TSetX

and the formula T List T Set

Initialization D L L U U vertices G f g C

fT List T Set g

Pro cess Skip as the rst and only condition in C do es not have the form suitable for pro cessing at

this step

Resolution T Since the constraint has the form T ListA T SetB andthereisapath

from T List to T Set in G the following conditions form the set C

C f g f g

where is a fresh variable Now T T C C

List T Set g C C nfT

and

List T Set g fT List T Set g D D fT

Subgoals R the new subtask is formed

G G D D U U i f g L L i f g

i i

i i

L U C C T f g

Subgoal

Pro cess Pro cessing the rst constraint c adding edge to Gremoving c from

C inserting c in D

Pro cess Pro cessing the second constraint c an attempt to add the edge to G

leads to a cycle Collapsing and to Removing c from C inserting c in D adding

f g to E

Pro cess Pro cessing the second constraint c note that due to the change made in

the previous step the variable on the left was changed from to adding the edge

to G

Finalization Skipping to nalization since C is empty The result is

The subgoal is achieved returning one level back

There was a success R Rf g f g

Finalization Set C is empty succeed with the result

List T Set inthegiven typ e system was found to b e Thus the attened form of T

F Since is a fresh variable which is not used anywhere else F is equivalentto

In this section the core entailmentattening algorithm was presented A simple example was

used to illustrate the algorithm

Conclusions

In this chapter the typ echecking algorithm for the prop osed typ e system has b een presented The

algorithm works in several stages First the source language program is translated to a simpli

ed target language Second the target language program is analyzed and typ echecked During

typ echecking several asp ects of program consistency are veried For asp ects related to dispatch a

separate algorithm is used The algorithm describ ed in Section is a generalization of algorithms

develop ed in ADL Ghe MHH BSG Casb CGL CL CL QKB Sha

The core of the rest of the typ echecking system is the entailmentattening algorithm presented

in Section which is a generalization of algorithms presented in BMb and Pot

In the next chapter the formal asp ects of the typ e system presented so far will b e discussed

Chapter

The Typ e System Theory

The set of rules and algorithms describ ed in the previous chapter denes a pro cedure for typ echecking

a program in the target language As with anytyp e system two main questions arise

Do es the typ echecking algorithm always terminate decidability

If a program is successfully typ echecked do es it guarantee the absence of typ e errors at run

time correctness

In this chapter b oth of these questions will b e answered It will b e proven that the typ e system

presented in this dissertation is b oth decidable and correct Decidability of the algorithms will b e

discussed in Section

Section presents a theoretical framework for reasoning ab out typ es It will b e proven that

the core entailment algorithms give correct results with resp ect to this framework

In Section the natural semantics of the target language is presented Using the framework

established in the previous section the sub ject reduction theorem for the given semantics of the tar

get language will b e proven This will establish correctness of the typ echecking algorithms presented

in the previous chapter

Section describ es intro duction of imp erativetyp es in the typ e framework established so far

gives semantics to the ob jects of these typ es and proves that the correctness of the typ echecking

is not aected by the intro duction of suchtyp es This section serves a dual purp ose First it

demonstrates howthetyp etheoretical framework established so far can b e extended to deal with

typ es not present in the basic typ e set of the framework Second it shows that the addition of

imp erativetyp es to the target language do es not aect any asp ects of the typ echecking including

algorithms and the correctness results

Section discusses various p ossible extensions to the natural semantics and its handling by the

typ e system While the primary purp ose of this chapter is to develop and presentthetyp e system

theory rather than an ob jectoriented language semantics it is imp ortant to address the typing

issues that might arise during the development of the fulledged version of suchsemantics

In Section various features of the presented theory are discussed and the main results of this

chapter are summarized

Decidability

In this section decidability of Algorithms and will b e proven All the other algorithms in

Chapter are trivially terminating as they are either nonrecursive or their recursion is based on

the structure of a given nite expression

The decidability pro ofs in this section are based on Lemma that will b e proven in the following

section

Finite evolution

Denition Evolution system The evolution system E isatuplehE R I r E R S i

where E is a set elements of this set will b e called eatoms R is a totally ordered set of ranks r

is a ranking function that assigns a rank from R to each elementofE r er I is a nite set

e

of indices and S is the initial state S is a nite subset of E S E

The evolution process is a pro cess of transforming the state of the evolution system

hS S S i

It consists of evolution steps which transform the current state of the system S into its next state

k

S

k

Eachevolution step consists of zero or more repro ductions and exactly one survival where

repro ductions and survival are dened b elow

Individual Repro duction A single eatom parent e is chosen from S and a single index i is

k

N

chosen from I Their pairing he ii results in one or more children fc g such that

i

i

maxfr c g re

i

i

The set of children is added to S

k

Paired Repro duction Two eatoms parents e e are chosen from S Their combination results

k

N

in one or more children fc g suchthat

i

i

maxfr c g minfr e re g

i

i

The set of children is added to S

k

Survival A subset of surviving eatoms S is chosen from S S S and added to S

k k k

In addition eachevolution pro cess has the following prop erty

During an evolution pro cess each pair

ho o iE E E I

can participate in repro duction no more than once Here

def

A B A B B A

An evolution system can b e thought of as a system of living creatures that evolve in discrete

time These creatures p ossess some genetic prop erty rank that diminishes after each repro duction

Since eachevolution step must decrease the ranking there can b e a state in which the system can

no longer evolve If all strictly decreasing sequences in R are nite it is intuitively obvious that any

evolution system will eventually in a nite numb er of steps come to the p oint when the evolution

stops This intuitive observation is supp orted by Lemma The following denition gives precise

meaning to the notion of a downwardnite set whichisintuitively equivalent to an ordered set with

no innitely decreasing sequences

Denition Downwardnite set Aset E is downwardnite if

E is totally ordered

There are no decreasing innite sequences in E ie there are no sets e i e E

i i

such that the following holds ij e e

i j

For example the set of natural numb ers is downwardnite while the set of all real numb ers

between and is not

Lemma Finite evolution If E hE R I r E R S i is an evolution system and the

rank set R is downwardnite then

the number of evolution steps involving repro duction is nite

the union of all states of anygiven evolution pro cess contains a nite numb er of eatoms

if E is such that there can b e no innite sequence of survivalonly steps then there is no innite

evolution pro cess for E ieeachevolution pro cess contains a nite numberofsteps

Proof The second statement of the lemma follows from the rst one the niteness of the initial

state and the fact that eachevolution step adds no more than a nite numb er of eatoms

The third statement of the lemma also trivially follows from the rst one

Thus it is sucienttoprove the rst statement The pro of will pro ceed by constructing a series

of nite sets U and T suchthat

k k

S U

k k

U U T

k k k

T T

k k

T maxfr e j e T g maxfr e j e T g

k k k

Once such sets are constructed the following reasoning is used Let

r max fr e j e T g

k k

Then r r and since R is downwardnite

k k

N i N T

i

and therefore

i N U U

i N

thus

i S U

i N

from which

i S S S I U U U I U

i i i N N N

U is nite since U and I are nite Eachevolution step uses up at least one pair from U

N

Therefore there can b e no more than K repro duction steps where K is the cardinalityof U Thus

the total numb er of repro ductiveevolution steps is nite

In order to complete the pro of it is sucienttoshow that the series of sets T and U satisfying

k k

the conditions can b e constructed for anygiven evolution pro cess

Assume P hS S i is an evolution pro cess for the evolution system E Construct sets T

i

and U in the following way

i

U S

U U T

k k k

T S

S

T C o o

k

h o o iT U T I

k k k

where C o o is the set of children that was pro duced when the pair ho o i was used in re

pro duction during the evolution pro cess P If the pair was never used C o o C o o

is welldened since each pair can b e used no more than once during a given evolution pro cess

according to the denition of the evolution system

Now itwillbeshown that the sets constructed ab ove satisfy the conditions

Condition First an auxiliary statement will b e proven It will b e shown that

C o o U

k

h o o iU U U I

k k k

Pro of by induction

Base k

C o o

h o o iU U U I

C o o

ho o iS S S I

T U T U

Induction Assumption

C o o U

k

ho o iU U U I

k k k

Then

C o o

ho o iU U U I

k k k

C o o

h o o iU U U T T T U I T I

k k k k k k k k

C o o

h o o iU U U I

k k k

C o o

h o o iU T T T U I T I

k k k k k k

U C o o

k

ho o iU T T T U I T I

k k k k k k

U C o o

k

ho o iU T T T I

k k k k

U T U

k k k

Nowitispossibletoshow that the condition is satised The pro of is again by induction

Base k S S U

Induction Assumption S U Let P b e the set of parent pairs of repro ductions at

k k k

the k st step and C o o bethesetofchildren pro duced by the pair ho o i

k

at the k st step Then C o o C o o and

k

P S S S I

k k k k

Thus

S S C o o n S

k k k

k

ho o iP

k

S C o o n S

k

k

ho o iP

k

C o o S

k

ho o iP

k

U C o o

k

ho o iP

k

C o o U

k

ho o iS S S I

k k k

C o o U

k

ho o iU U U I

k k k

U U U

k k k

Condition Immediate from denition of U

k

Condition Immediate from denition of T

k

Condition By denition of repro duction

maxfr c j c C o o g minfr o ro g

Therefore provided T and T

k k

maxfr o j o T g

k

max fr o j o C o o g maxfr o j o T g

k

ho o iT U T I

k k k

Thus it has b een shown that a sequence of sets U and T satisfying the conditions

k k

can b e constructed for anyevolution pro cess Therefore the lemma has b een proven

Termination of expansion algorithm

Algorithm is used to nd an expanded form for a given simple constrained typ e C A wrt the

given user typ e graph G The following theorem establishes the termination of this algorithm for

any constrained typ e provided G has valid ranking see Denition

Theorem Termination of expansion algorithm Algorithm terminates for any con

strained typ e C A provided G has a valid ranking

Proof Letr beavalid ranking in G Dene ranking r foreachtyp e A that is not a typ e variable

or a ary constructor as r r pfunctor A The rank set will b e a set of natural numb ers less

or equal to the maximum rank inr The set S used in Algorithm is an evolution system and

each iteration of the algorithm is its repro duction step Therefore according to Lemma the

algorithm terminates for any simple constrained typ e C A

Termination of attening algorithm

Algorithm is used to nd a attened form for a given constraintsetC wrt the given user typ e

graph G The following theorem establishes the termination of this algorithm for any nite constraint

set provided G has valid ranking see Denition

Theorem Termination of attening algorithm Algorithm terminates for any nite

constraintsetC provided G has a valid ranking

Proof First the niteness of the step Pro cess will b e demonstrated The step Pro cess isacycle

that adds new constraints to the list of constraints C it iterates over it only passes through newly

added constraints that were added to the tail of the list It also mo dies the graph G and the sets

U and L of upp er and lower b ounds for each participating variable For each constraintthatis

i i

added to the tail of the list the algorithm checks whether this constraint has already b een pro cessed

pro cessed constraints are stored in set D Consider the set W of all typ e expressions participating

in constraints in C U L Assume the initial set C is nite Then W is nite as well

i i i i

and therefore there is only a nite numb er of p ossible constraints w w suchthatw and w

l u l u

are sub expressions of some typ e expressions from W Such constraints constitute a nite set X

The algorithm for the step Pro cess never creates new expressions it only decomp oses the typ e

expressions in W to pro duce new constraints Thus

One constraint is eliminated from the remainder of C on every iteration

Every constraintinC is pro cessed no more then once due to the usage of the set of already

pro cessed constraints D

Constraints that are added to the remainder tail of C are taken from the nite set X

The set X is the cycle invariant

Therefore the iteration must stop no later than on its xth step where x is the cardinalityofX

Thus the niteness of the step Pro cess is proven

Next the niteness of the whole algorithm will b e shown First a ranking of typ e expressions will

be intro duced This ranking will later b e used to dene an evolution system related to the algorithm

Lemma will then b e applied to the resolution system to yield the algorithm termination

Letr beavalid ranking in G Let N ibethenumber of typ e constructors c in G suchthat

rciTo eachtyp e constructor c assign a number M c in the range Nrcinsuchaway

that

c d rcrd M c M d

Dene a new ranking

P

ramin rc

cG

M a j N j a is a typ e constructor

j

def

r a

a glb

a lub

This new ranking has two prop erties

It is a valid ranking since it do es not change relative ordering of constructor ranks ie

ra rb r a r b

It assigns a unique number to each nonary typ e constructor in G as wellastotyp e op erators

lub and glb

Letr b e the maximum rank in this new ranking Dene a simpliedtreerepresentation of a

max

typ e as its tree representation stripp ed o ary typ e constructors and dene ranking r for each

typ e A as a tuple hn n iwhere n is the maximum heightofthevertices corresp onding to

r i

max

the typ e constructor a with the rankr a i in the simplied tree representation of typ e A or zero

i i

if the constructor a do es not participate in AFor example ifr ar b and r c

i

thenr a abb h irac h iandr h iLet

the tuples b e lexicographically ordered Then the set of such tuples comprises the ranking set R

whichisdownwardnite

Let I b e the nite set of ary typ e constructors in G Let the connector set of typ e expressions

A aA and B bB along the path P ha c c c bi in G be the set N A B P

n

dened as follows

fA gnI N A B P

i

fC gnI N A B P

i

all typ e expressions in C C n I N A B P

all typ e expressions in C C n I N A B P

all typ e expressions in C C n I N A B P

fC gnI N A B P

i

fC gnI N A B P

all typ e expressions in C C n I N A B P

all typ e expressions in C C n I N A B P

all typ e expressions in C C n I N A B P

gnI N A B P fC

i

fC gnI N A B P

nn

fC gnI N A B P

i

fB gnI N A B P

i

where

k k k k k k

C c C c C

k k

are the lab els of the edges in P and

k

type C c V

k c i

k

are the lab els of vertices in P All new variables intro duced here are considered to b e fresh

From the denition of valid ranking the denition of r above and the denition of connector

set it follows that

fA B gnI minfr t j t fA B gnI g maxfr t j t N A B P g

for anypath P from a to b

Each Resolution step either completes the given branch of the algorithm or creates several

new branches In order to show the algorithm termination it is sucient to demonstrate that all

branches terminate Consider any single branch Consider the sets

n I S all t yp e expressions in T

i

i

for T that o ccur on ith step in the branch under consideration Each step of the algorithm either

i

adds one or more of the following to S to pro duce S or terminates its branch

i i

If lub w w S addfw gnI to S

i i i i i

If glb w w S add fw gnI to S

i i i i

i

If aA A S i I and P is a path from a to i in G addN A i P to S

i i

If aA A S i I and P is a path from i to a in G addN i A P to S

i i

If aA A S bB B S and P is a path from a to b in G addN A B P toS

i i i

Thus each transition from S to S is a repro duction step of the evolution system E

i i

hE R I rS i where E is the set of all p ossible typ e expressions Repro duction steps never

rep eat in a single branch due to the presence of the set of already pro cessed constraints D There

fore the conditions of Lemma are satised and the branch under consideration terminates Due

to the arbitrary choice of the branch this proves the algorithm termination

Termination of entailment algorithm

Algorithm is used to decide entailmentontyp e constraint sets It transforms the task of deciding

entailmentinto the question of p ossibility of attening The transformation is done by creating a new

user typ e graph that is obtained from the original one by adding certain vertices and edges to it Since

attening algorithm terminates whenever the user typ e graph has a valid ranking Theorem and

Algorithm always checks whether a newly generated graph has a valid ranking b efore it makes

an attempt to atten against it the following theorem has b een proven

Theorem Terminationofentailment algorithm If the graph G has a valid ranking then

Algorithm terminates

Thus the termination of all nontrivial algorithms describ ed in Chapter has b een proven The

next section formally intro duces the notions related to typ es and typ e constraints and applies them

to establish correctness prop erties of the main algorithms These prop erties will b e used in the pro of

of sub ject reduction theorem in Section

Typ es

In this section the basic notions of the typ e system theory will b e formally dened These notions

are

Ground typ es represented as regular trees over a nite alphab et a set of typ e constructors

These will b e intro duced in Section

Subtyping dened as a partial preorder on the domain of ground typ es Subtyping is dened

in Section

Entailment as a relationship b etween sets of subtyping constraints will b e intro duced in Sec

tion

Constrained typ es that denote certain sets over the domain of ground typ es will b e dened

in Section The notion of subtyping as well as other notions presented so far will b e

extended to deal with constrained typ es

In Section these notions will b e used to prove that the entailment and attening algorithms

of Chapter are correct with resp ect to the regular tree mo del develop ed so far The attening

algorithm is also proven to b e complete

Regular trees

The mo del that is used for typ e theory develop ed in this dissertation is the mo del of regular trees

dened b elow

Denition Regular trees Let L b e a nite ranked alphab et L fa g with a total

i i

ranking function Arity LNfg Then a tree over L is a partial function N L from

sequences of natural numbers into elements of L that satises the following conditions

hi dom where hi denotes the empty sequence

If a then j is dened for all j f Arity a g and undened for all

i i

jArity a

i

If j is dened then is also dened

A subtree of a tree at where exists is dened as

def

A regular tree is a tree that has a nite numb er of subtrees The domain of all regular trees over L

is denoted Tree L A regular tree that has an additional prop erty that

N N j j N is undened

is called a nite tree The domain of all nite trees over L is denoted as Tree L

n

Denition Contractive regular system of equations Let L b e a ranked alphab et and

TyVar b e a set of ary type variables TyVar L Then

e

i i n

where TyVar e Tree Lf g is called a regular system of equations

i i n n

n

over Tree L If in addition to the ab ove e TyVar for all i then is called a

i n

contractive regular system of equations A tuple ht t i is called a solution of i

n

t e t t

i i n n

where

a if and e

def

ea

e otherwise

Algebraic and top ological prop erties of the domain Tree Lhave b een studied in ANand

Cou Prop erties of systems of contractive regular equations over such domains have b een inves

tigated in Cou Regular trees were also used to mo del recursivetyp es in AC The following

result from the ab ovementioned pap ers will b e used later in this chapter

Theorem Contractive regular system solution If E is a contractive regular system of

equations over Tree L then E has a unique solution in Tree L

In AC it is also shown that Tree L is isomorphic to the domain of nite ground types fgt

n

dened by the grammar

fgt afgt fgt

Arity a

where a L while the domain of recursive ground types rgt dened by the grammar

rgt jargt rgt jrgt

Arity a

where TyVar a L is a sub domain of Tree L From now on the ab ove relationships b etween

tree and typ e domains will b e used to give meaning to the usage of typ es in contexts requiring trees

and vise versa

Subtyping

This section denes subtyping as a partial preorder over the domain of ground pretyp es which

are regular trees satisfying certain conditions Subtyping is dened with resp ect to the typegraph

that is given by the set of constructors their arities and variances and subtyping relationships

between them These subtyping relationships are expressed as constraint systems that are dened

b elow This way of dening subtyping relations is due to Pot but is generalized here to allow

signicantly more exibility in the denition of the basic typ e system

Denition Constraint system Let L be a ranked alphab et and TyVar b e a set of ary

tree variables TyVar L Then

e e

n i n

i

i

where TyVar e Tree Lf g is called a constraint system over

i i n n

n

Tree L denoted C An empty constraint system with free variables is denoted

n

TRUE

n

For example b oth TRUE and ca are constraint systems

Denition Constraint formula A logical formula F built with logical connectives and

is called aconstraint formula over L i every atom in F has one of the forms

e e

n i n

i

or

TRUE

n

or

FALSE

n

where TyVar and e Tree Lf g

i i n n

n

Each constraint system is a constraintformula Moreover each constraintformula can b e repre

sented in the form C where eachofC is a constraint system

i i i

The satisability of a constraintformula system can only b e dened with resp ect to the se

mantics of a given subtyping relationship dened b elow

Denition Typ e graph A typegraph G is a directed acyclic graph with vertices from a

ranked alphab et L LG with ranking function Arity and marked edges together with variance

function Var L Nf g suchthatVar a i is dened for all i from to Arity a Edges

of the graph a a are marked with constraint systems C over L such that

FTV C f g

Arity a

Aritya

The following denes ground pretyp es as regular trees with no innite sequences of b ound

op erators lub and glb

Denition Ground pretyp es If G is a typ e graph then the domain of ground pretypes

PreTyp G over G is dened as the domain of regular trees over LG fglb lubg where Arity glb

Arity lub restricted b y the following condition if is a pretyp e and fj g is an innite

i

i

sequence such that i hj j idom then nin h j j i L

i i

The last condition is designed to eliminate the nonsense trees like

lublublub lublub

Subtyping is dened b elow as a binary relation on ground pretyp es It is dened as the limit of

the innite series of decreasing relations These relations are dened recursively

n

b elow

Denition k subtyping k subtyping for k Nfg is a binary relationship over

PreTyp G PreTyp G denoted dened recursively as follows

k

subtyping for all

V

def

Arity a

a

f Structural a a

k i

Aritya

Arity a i

i

i

if Var a i

k

a

where a LG and f

if Var a i

k

i

if Var a i

k k

Constructors

a a

k

Arity

a

Arity a

jpj

def

p

C

n k n

p p

i

p

i

a p ha a a a ai is a path from a to a in G with edges lab eled with where a

jpj

jpj

p p p

is dened as jandC FTV C i jpj n j C

p

i i i i

Case i

Arity a

def

p

a

C f

j j

j

j

Case i jpj

Arity a

def

p

a

i i

i

f C

j j

j i

j

p

i i i i

C

Aritya

i Arity a j

i Arity a

Arity a

i

i

i

jpj

i

i

and where and i jpj are fresh typ e variables

i

j

j

i

Lub

def

lub

k k k

and

def

lub

k k k

Glb

def

glb

k k k

and

def

glb

k k k

The series is a decreasing sequence of symmetric and transitive relations on PreTyp G

k

This fact immediately follows from case analysis of Denition

Denition Subtyping Subtyping is a binary relation over PreTyp G PreTyp G de

noted dened as

def

k

k

Subtyping is a symmetric and transitive relationship on PreTyp G

Denition denes a generalization of the traditional notion of subtyping of recursivetyp e

trees for the case of varianceannotated nonstructural graph G with conditional subtyping

Denition do es not state that subtyping should b e a partial order it is only required to

b e a preorder Indeed luba a a and a luba a while a luba a as trees Given a typ e

def

graph G the domain of typ es Typ G is dened as PreTyp G where

From now on equality will b e used to denote the relationship just dened

while equivalence will b e used to denote equalitybetween and as regular trees

The equivalence classes of ground pretyp es will b e called ground types and will b e denoted with

aslight abuse of notation by their representatives For example b oth a and luba a denote the

same ground typ e The subtyping relationship over PreTyp G induces partial order subtyping

over Typ G

Entailment

The entailment relationship b etween constraint systems intro duced in this section is central for the

presented typ e theoryEntailment expresses the fact that one constraint system formula follows

from the other in the sense of rstorder logic

and C are constraint Denition Entailment If C

N

N N

formulae over LG flub glbg then C implies C wrt G denoted C C i

G

PreTyp G C PreTyp G

N

N N N

C

N N

N N

For example

is a true statement since for any and suchthat and also holds Another

example of a true statementis

T Integer T Real

G

provided that T Integer T Real Indeed for any that is less than T Integer it is p ossible

G

to take which will automatically satisfy

T Real

An example of a false entailmentis

TRUE T Integer

since not every typ e is a subtyp e of T Integer Note however that T Integer is a true

statement as there exists an such that T Integer

The following are the prop erties of the entailment relationship dened ab ove All of them trivially

follow from Denition

Reexivity C C for any constraint set C

G

False premises If C then C C for any C

G a a G b b

Right elimination If C C C then C C

a G b c a G b

Restricted transitivity If C C C and C C then C C C C provided that

a G b c c G d a G b c d

FTV C n FTV C FTV C FTV C

d c a b

The following lemma establishes the relationship b etween the constraints on the lefthand side

of the turnstyle and the set of constraints implicit in the construction of the graph G

Lemma Extended graph entailment If G is a typ e graph C has a solution in PreTyp G

and C a has a solution in PreTyp G then C C where G is dened as follows

i i e G e

GG

e

For every typ e variable FTV C there is a ary typ e constructor a G suchthat

i i e

a LG

i

For every constraint c T T inC there is an edge from pfunctor T a to

i i

pfunctor T a in G lab eled with ca

i i e i i

Proof Assume M is a solution of C in PreTyp G andM is a solution of C in PreTyp G It

e

will b e shown that M M M a M is a solution of C a in PreTyp G Once this

i i i i

is done the entailment C C will follow directly as it will follow that for any solution M of

G

C there exists a solution M of C suchthatM M In order to showthatM is a solution of

C a in PreTyp G it is sucienttoprovethat

i i e

t t tM a for all i tM a for all i

G i i G i i

e

for all t t PreTyp G Indeed if is satised then

e

C a M C a M M a M C M M a

i i i i i i i i

whichfollows from the fact that M is a solution of C in PreTyp G and from

e

The pro of of is by induction

Basis

t tM a for all i tM a for all i t

G i i G i i

e

is trivially satised since x y is true for all x and y

G

Induction step From k to k If

t t tM a for all i tM a for all i

G i i kG i i

e

then

t tM a for all i tM a for all i t

G i i k G i i

e

There are several p ossible cases

pfunctor t LG n LG In this case t t a and the subtyping is pfunctor t

e i

immediate for all k including k

pfunctor tpfunctor t LG According to the Structural clause of the subtyping

denition

tM a for all i tM a for all i

i i k G i i

n

a

aG

f M a for all i

k i i i

i

i

i

where n Arity a t a t a and On the other hand

a n

a

n

a

t the following is true since t

G

e

n

a

aG

e

for all m f

i m

i

i

i

V

n

aG

a

and therefore by induction assumption for k M a for all i f

i i i k

i

i

i

pfunctor t pfunctor t fpfunctor t pfunctor tg LG According to the clause

e

Constructors of the subtyping denition and to the assumption t t there exists a

G

e

path p from a pfunctor ttoa pfunctor tinG such that jpj and

e

jpj

p

C

n G n

p e p

j

j

p

where C are dened as in the denition of subtyping This is equivalentto

j

jpj

p j j p j j

j

a f g a

p p

G

m e

j j

Aritya Aritya

j j

j

jpj jpj

p p

p

a t a t

p

G G

e e

Aritya

jpj

Aritya

jpj

p

j

PreTyp G and for each j a is a typ e constructor lo cated in j th p osition where

e

m

j

of the path p By induction assumption

jpj

p

C M a for all a

kG n i i i n

p p

j

j

In order to show it is sucient to demonstrate that

jp j

p j j p j j

j

f g a a

k G

m p p

j j

Aritya Aritya

j j

j

p

t a

k G

p

Aritya

jp j jp j

p

a tM a for all i

k G i i

p

jp j

Aritya

jp j

where p p LG This will b e done by separately considering each constraint Each

p p

in the path p Each a constraint in corresp onds to a single edge e a

j

j j

p p

in the path p which a constraint in corresp onds to a single edge e a

j

j j

corresp onds to a segment of the path p There are several p ossible cases

a e G In this case the constraint is immediately satised by

j

b e G fa a gLG By construction of G constraint C marking this edge

j j j e

in G has the following prop erties FTV C and C M a for all i istrue

e i i

p

From this assumption and the construction of C

j

p

C M a for all i

i i

kG

j

From the ab ove and the denition of subtyping

p j j p j j

M a for all i a a

p p

i i k G

j j

Aritya Aritya

j j

c a LG a LG In this case consider the minimal segment s of the path p

j j

such that

e s

j

LG e s s a e

j j j

m m m

s a LG e s e

j j j

m m m

Let s have the length M Then all M vertices inside s are the additional

typ e constructors a and therefore do not b elong to p All constraints marking the

i

internal edges of s therefore have the form a a and are satised in

i

i

a a M a for all i

G i i i

i

by construction of the graph G and the solution M Since all additional constructors

e

p

are ary this also implies that C M a for all i for all internal edges

i i

kG

j

p

M a for all i is satised by Thus For the external edges C

i i

kG

j

j j p j p j

a a M a for all i

k G i i

p p

j j

Aritya Aritya

j j

p p

where a is the rst and a is the last constructor in s Therefore is satised

j j

pfunctor tgflub glbg Since the clauses Lub and Glb are Otherwise fpfunctor t

indep endent of the user typ e graph and the trees under consideration are in PreTyp G

e

the subtyping clause under consideration can b e equivalently formulated as

N

A A

j j

k G

j

where

fpfunctor A pfunctor A gflub glbg

j j

For each of these subtyping constraints holds by one of the previously considered

cases and therefore holds for this case as well

In this section the notion of entailmentwas intro duced and its prop erties were studied In the

following section correctness and completeness of the attening algorithm and the correctness of

the entailment algorithm will b e demonstrated

Prop erties of entailment and attening algorithms

Before the algorithm prop erties can b e established it is necessary to sp ecify how the user typ e graph

dened by the program according to Denition can b e translated into the typ e graph dened

and used in this section Denition

Let G b e a user typ e graph dened by Denition The typ e graph G is constructed from

u

G as follows

u

For eachtyp e denition in G there is a typ e constructor in LG and resp ectivelyavertex

u

in G with arity and variance dened bythetyp e denition

For each edge in G from a to a marked with constraints C there is a corresp onding edge in

u

G marked with C C C where C and C are constraints in typ e denitions of a and a

a a

a a

resp ectively

G is then a typ e graph in terms of Denition

Theorem Correctness and completeness of Algorithm attening If G is the

u

user typ e graph G is its corresp onding typ e graph and C is a constraint system over G then

If F atten C then

G

a The set of solutions of C is the same as the set of solutions of F in PreTyp G

b Each disjunct in F has a solution in PreTyp G

If FAIL atten C then there is no solution to C in PreTyp G

G

Proof

Pointa Follows from the denition of subtyping and the algorithm by a simple induction on

all cases since each step of the algorithm replaces a constraintby an equivalent constraint

formula

Point b The formula F has the from

F l u

j j k m k m

i i i i

i j

G E

lL uU

k m k m

j j

where

i i

i j s L U s aa LG

j j

i i i

i j s L U FTV s vertices G

j j j

i

i G is acyclic

i n k n E

m m m m i

n k k

i i

FTV s f g

m m

U jsL

n

j j

It will b e shown that each disjunct in has a solution Let D b e a disjunct in

i

The presence of subformula

k m

i

E

k m

do es not change the set of solutions of D due to the condition Thus it is sucientto

demonstrate that

D l u

i i k m

i

lL uU G

i i k m

where

i s L U s aa LG

i i

i s L U FTV s vertices G

i i

G is acyclic

admits a solution

S

L and I fi j L gLetE b e the system of equations constructed Let L

j

i i

j

j G i

as follows

E f lub l j I g

i j ii

lL

i

It will b e shown that

E has a solution in PreTyp G

Any solution of E can b e extended to form a solution of D

S

e e e

L that i I s Let be Let S b e the set of all such sub expressions s of

i k

i

iI

e e

the set of fresh variables such that there is one variable for every sub expression s S Then

E can b e equivalently rewritten as

for all i I lub

k i k

in i

E

for all k a

k k

k k

k

kArity a

k

e

where a is the primary functor of the expression s that corresp onds to the variable The

k k

k

ab ove system of equations is regular and contractive and therefore by Theorem admits

a solution M M is a map from the set f g f g to the domain of regular trees over

i iI k k

LG flub glbgLett b e the regular trees mapp ed to the variables by this solution Then

i i

they satisfy E since E and E are equivalent and therefore

t lub l t

i i i

lL

i

iI

S

Since l L L and D is a disjunct in the resulting formula pro duced by

j

i

j

j G i

Algorithm each l has the form a where a vertices G Thus

i i

t lub s s

i

n

iI

i i

where each s has the form a Therefore each path in t consists of a p ossibly innite

i

j j

numberofsegments such that

The length of each segment is less then or equal to the maximum depth of typ e variable

i i

in the expression lubs s

n

i

Each segmentcontains at least one of a

j

Therefore by Denition t PreTyp G Since this argumentworks for all i

i

M fh t ig i t PreTyp G

i i iI i

is a solution for E

Nowitislefttoprovethat M can b e extended to a solution for D Lets form the map

M M fh ig This map is a variable assignment for all variables in D It will b e

i

iI

shown that M satises all constraints in D

Constraints of the form l Since l L l L is true and therefore L thus

i i

i i

i I Therefore

l M for all k M for all k M t

k k i k k i i

lub l M for all k

k k

lL

i

which is true by denition of subtyping for lub

Constraints of the form If i I then L L and therefore L j I

i j

i j j

Thus there are three p ossible cases

i I j I Then the constraint under consideration b ecomes whichis

trivially satised

i I j I Then the constraint under consideration b ecomes M whichis

j

trivially satised

i I j I Then the constraint under consideration b ecomes

M t lub l M for all k

i i k k

lL

i

l M for all k t M lub

k k j i

lL

j

whichistrueby the denition of subtyping and the fact that L L

i j

Constraints of the form u There are two p ossible cases

i

i I Then the constraint under consideration b ecomes uM for all k

k k

which is trivially satised

i I The constraint under consideration b ecomes

l M for all k uM for all k M t lub

k k k k i i

lL

i

which is equivalentto

l M for all k uM for all k

k k k k

lL

i

Consider a single conjunct of the ab ove constraint

l M for all k uM for all k

k k k k

S

where l L L Sinceu U and the ab ove constraint is a part of

j i

i

j

j G i

the disjunct D pro duced by the nal step of the algorithm there must exist a step

Pro cess of the algorithm on which the constraint l u is pro duced and added to

N This implies that at some p oint of the algorithm execution the constraint l u is

in the set C Since l a andu a where a a LG and the algorithm

l u l u

has terminated the constraint had to b e pro cessed on the step Pro cessf if a

l

a or on step Resolution if a a The step Pro cessf is parallel to the

u l u

case Structural of the subtyping denition and thus pro duces the constraint set C

such that every k solution of C is a k solution of l u The step Resolution

is parallel to the case Constructors of the subtyping denition and therefore it also

pro duces the set of constraints C such that every k solution of C is a k solution

of l u Since each step of the algorithm pro duces equivalent constraint sets and all

steps of the algorithm except Resolution and Pro cessf pro duce k equivalent

constraint sets for all k the following statement is true

if M is a k solution of D itisak solution of l u and therefore since the

D

ab ove argumentworks for all l and i M is a k solution of all constraints of the

D

form u in D

i

Pro of by induction The solution M is a solution of D since is universal Assume M

is a k solution of D Then M is a k solution of all constraints of the form u in D

i

It has b een shown already that M is a solution of all the constraints other then those of the

form u Thus M is a k solution of all constraints in D all constraints except

i

by the statements already proven constraints by induction assumption Therefore M

is a solution of D for all k which is equivalent to the statementthat M is a solution of D

Thus it has b een shown that D has a solution in PreTyp G

Point Follows from p oint a and the denition of subtyping as the algorithm only fails when an

unsatisable constraint is pro duced in all conjuncts of the resulting formula

Thus correctness and completeness of Algorithm have b een demonstrated

Theorem Correctness of Algorithm entailment If G is the user typ e graph G is

u

its corresp onding typ e graph and C C are constraint systems over G then

i j

W W W W

C C C C then If Algorithm succeeds on input

G G

i j i j

i j i j

Proof Assume Algorithm has succeeded It means that for each i one and only one of the

following is true

Algorithm fails while trying to atten C wrt G

i

Algorithm successfully attens C wrt G and also successfully attens at least one of C

i j

i

wrt G

e

In the rst case the constraint set C has no solutions by Theorem and can therefore b e

i

removed from the set of constraints on the left of the turnstyle without changing the truth value

W

of the entailment If this is the case for all i the constraintformula C has no solutions and

i

i

therefore the entailment is trivially satised Thus it is left to provethat

C C

G

i j

i j

under the assumption that for each i C has a solution in PreTyp G and there exists j suchthat

i

i

i

C has a solution in PreTyp G However the ab ove statementfollows directly from Lemma

j e

i

Theorem and the denition of entailment

Note that while the attening algorithm is b oth correct and complete the entailment algorithm

is correct but not complete There are two reasons for the incompleteness First the extended typ e

graph pro duced by the algorithm at some p ointmight not haveavalid ranking In this case the

algorithm returns the UNKNOWN answer whichisinterpreted as FALSE bythetyp e system even

though the entailment might b e true Second the formula on the lefthand side of the turnstyle is

not attened b efore the construction of the extended graph which leads to rejection of certain typ es

of correct formulae This is intentional as it makes this algorithm invarianttocovarianttyp e system

transformations whichplay a ma jor role in typ e system evolution see Section

Constrained typ es

In this section the theory of constrained typ es will b e develop ed Constrained typ es are sometimes

called type schemes eg in Pot

Denition Simple constrained pretyp e A simple constrainedpretype over a graph G

is dened as

C A

n

where C is a constraint system over G FTV C f g and A is a typ e over

n

LG f g

n

The quantication part of the simple constrained pretyp e sp ecication will often b e omitted in

cases when the context determines the set of variables b ound in the constrained typ e For example

t will often b e written as t

A simple constrained pretyp e can b e interpreted as the lower b ound of the set of ground typ es

that it denotes For example if t is a ground typ e then t and t are equivalent

Denition Constrained pretyp e A constrainedpretype X over a graph G is dened as

follows

n

i i i i

X glb C A

i

i

n

i i i i

C A are simple constrained pretyp es where

i

n

Thus a constrained pretyp e is a greatest lower b ound of a nite numb er of simple constrained

pretyp es

Denition Subtyping of constrained pretyp es If

i i

X glb C A

i

j j

X glb C A

j

are constrained pretyp es the subtyping relationship b etween them is dened as follows

def

j j

i i

X X j i C C A A

G

This subtyping relationship is transitive and reexive on the domain of constrained pretyp es

As with typ es the domain of constrained pretyp es is factored by the equality relationship dened

as follows

def

X X X X X X

Thus each constrained pretyp e falls into one and only one equivalence class These equivalence

classes will b e called constrainedtypesThesubtyping relationship dened ab ove is a partial order

over the domain of constrained typ es Again byaslight abuse of notation these equivalence classes

will b e denoted by their representatives

A constrained pretyp e with n is a simple constrained pret yp e since glbAA Therefore

simple constrained pretyp es form a subset of constrained pretyp es Ground typ es can also b e

viewed as a subset of constrained typ es Namelyif t is a ground typ e a constrained typ e glbt

can b e formed Let t and t b e ground typ es Then

glbt glbt t t t t

G

by the denition of subtyping and entailment

Note that all constrained typ es with unsatisable sets of constraints are equivalent and playa

role of the top typ e denoted in the constrained typ e hierarchy Indeed let X C A and

X glb C A where C is unsatisable Then

i

i i

X X i C C A A TRUE

G

i i

for all C A and A by the denition of entailment

i i

The equivalence class therefore has invalid or empty typ es as its representatives The

statement that a particular constrained typ e X glb C A do es not b elong to this class will b e

i i

i

written as

X

G

with the interpretation

def

X X i C

G G i

the last equivalence follows from the denitions of equalitysubtyping and the class

On the other hand a constrained typ e of the form plays a role of the b ottom typ e denoted

since for any constrained typ e X glb C A

i i

i

X i C A TRUE

i G i

since FTV C FTV A and thus it is p ossible to cho ose A to satisfy the entailment

i i i

In order to emphasize that a subtyping relationship b etween two constrained typ es X and X

dep ends on a given typ e graph G the entailment will often b e written as X X instead of

G

just X X

So far all the basic notions of the typ e system theory have b een dened and the validity of the

core entailment algorithms with resp ect to the given interpretation of subtyping constraints has b een

demonstrated In the following section these results and notions will b e used to prove the sub ject

reduction theorem that establishes correctness of the typ echecking

Sub ject reduction

The sub ject reduction theorem is the most imp ortant result of this chapter as it proves that a

successfully typ echecked program do es not generate typ e errors at runtime

One of the preliminary results that is needed to prove sub ject reduction is the static subsumption

theorem It states that a more precise typ e sp ecication leads to a more precise typing of the result

of the computation This result is proven in Section

In order to prove the correctness of a typ echecking algorithm for any language its semantics has

to b e formally dened This is done in Section

The denition of typ e errors and the way reduction interacts with typing is determined by the

typ es of the runtime ob jects that are pro cessed during program execution Questions related to

runtime ob ject typing its denition and semantics are considered in Section

Issues related to semantics and correctness of the b ehavior dispatch pro cess are formally devel

op ed in Section A theorem stating that a correctly typ echecked b ehavior application always

dispatches correctly no message not understo o d or message ambiguous errors is also proven

in this section

Finally Section presents the pro of of the sub ject reduction theorem

Static subsumption

In this section the static subsumption theorem will b e proven The intuitive meaning of this theorem

is as follows

Assume that an expression is givenatyp e bythetyping rules in Figure under certain assumptions

ab out the typ es of variables participating in the expression Assume further that a new set of

is formed in suchaway that for every variable it gives the same or lesser typ e then assumptions

the old assumption set did Then the theorem states the same expression will also b e typable in the

new environment In addition to that the typ e inferred for the expression in the new environment

will b e a subtyp e of the typ e inferred for the expression in the old environment

Before the pro of of the static subsumption theorem can b e given two additional lemmas haveto

b e proven The rst one simply states that dierent branches of typ e inference algorithm intro duce

indep endentsetsoftyp e variables The next one shows howsubtyping relationship b etween individ

ual simple constrained typ es that take part in two dierent constrained typ es leads to a subtyping

relationship b etween the constrained typ es themselves

Lemma Indep endentfreevariables Sets of free typ e variables intro duced by dierent

branches of typ e inference pro cess haveanemptyintersection

Proof Immediate from the rules in Figure

Lemma Entailment conjunction If

j

j

j j

A glb C i C f g glb C A

i

i j J i i

i i

j J

i

i

C f gX

N N

i N

i N

i

X

N N

N

N

FTV X f g

N

N

FTV C f g

N N

N

N

N

i i F f gF f g

i i

i i

f gF i i i F

i i i

F f gF i i i

i i i

where

def

j j

F A n FTV C FTV C

i

i i

j J

i

j j

def

F FTV C A n FTV C

i

i i

j J

i

then

j j j

i N

A A X C glb C

N

N j j J J

N

i N

N

N

i

j j j

i N

glb X C A A

N N

i N N

j j J J

N N

i

Proof Let X C A Then the conclusion of the lemma is equivalentto

X X

N

A A C C

N N X

N N

j J J j

J J

N N

N

N

j j j

i

N i

C C A A C

X N

i N N

i

N

i i

j j

N

N

A A A A A A

N N X X N

N N N N

N

In order to prove this it is sucienttoshowthat

j j J J

N

N

i

N

C C A A C

N X N

N N i

i

J J

N

N

j j j

N i

A C C A

N X

N N

i

N

i

j j

N

N

A A A A A A

X N N N X

N N N N

N

On the other hand condition is equivalentto

j j

C A i gC A C f

i

i i i

i i

j J

J

i

i

from which

j j

i i

A C C f i j gC A J

i

i i i i

i i

i

J

i

Thus

j j

i i

gC A C f j j J A J i C

i

N i i i

i i

N

J

i

In order to prove it is sucienttoshow that for each J J and

N

N

anytyp e variable assignment S that satises

N i

C C A A C

X N N

N N i

i

there exists an extension S that satises

e

j j j

N i

C A A C

X N

N

N

N i

i

j j

N

N

A A A A A A

X N N X N

N N N N

N

J J b e arbitrary indices and S an arbitrary typ e assignmentthat Let

N

N

satises If no such S exists the statement is trivially true Dene

if S

i

i

S

i

S otherwise

S is an extension of S since

i

A

FTV C FTV A C FTV

i i i

J

i

satises from conditions and of the lemma Furthermore S

i

i

C C

i

i i

for all i from and From this and there exists an extension S of S that

i i

satises

j j

i i

A A C

i

i i

Let

n

S

S if domS

i i

This denition is valid since

dom S domS i i i domS

i i

from conditions and of the lemma and

S S domS ii S

i i

since S are extensions of S S thus dened is an extension of S and S for each i It also

i i

satises by denition of S and S

i

j

i

i

Let A A and Then condition implies that

i i

i i

i

i

j

i N

i

gC A A A C fA

X N N

i N N

i

i

j j

N

A C A

N X N

N

N

j j

N

N

A A A A A A

N X X N N N

N N N

N

The variable assignment S satises

j

i N

i

C fA A gC A A

X N N

i N N

i

i

by and and therefore there exists an extension S of S suchthatS satises

e e

j j

N

A C A

N X N

N

N

j j

N

N

A A A A A A

X N N N N X

N N N

N

it follows from However

i S S

i e e

i

by denition of S and from the fact that S is an extension of S for all i Therefore since S

e e

i i

satises it also satises

j j

N

A C A

N X

N

N

N

j j

N

N

A A A A A A

N X X N N

N N N N

N

From this and S satises

e

J J and anytyp e variable Thus it has b een shown that for any

N

N

assignment S that satises there exists an extension S that satises if the conditions

e

of the lemma are satised This proves the statement of the lemma

The following denes subtyping relationship b etween typing environments as a straightforward

extension of subtyping relationship b etween typ es

Denition Typing environment ordering If andare typing environments then

def

hnamei Id C hnamei hnamei C

Theorem Static subsumption If

hexpri X

C

then

hexpri X

X C X

Proof Theproofisdoneby transforming the derivation of into the derivation of This

is done by induction on the depth of the derivation tree Since the expression is the same in b oth

cases it is p ossible to apply the same rules in the same order to obtain the necessary derivation

Base The derivation of has depth Thus the derivation includes only one application of

the rule Axiom the expression hexpri consists of a single variable u and uX Then

uX and C X X since C Thus it is p ossible to build the derivation

of as a single application of the rule Axiom where the derived typ e is X Since C

X X the base case is proven

Induction step Assume that for all derivations of of depth less or equal to n n

the statement of the theorem is proven It will b e shown that in this case the statementof

the theorem is also true for all derivations of depth n The pro of is by cases dep ending on the

rst ro ot rule applied in the derivation of

The general schema is as follows rst it is shown that the typing environments in the premises

of eachrulehave the same relationships as the ones in the rule conclusion Then the induc

tion assumption is used to establish the subtyping relationship b etween typ es inferred for the

premises of the rule Finally Lemma is used to derive the subtyping relationship b etween

the typ es derived in the conclusion of the rule In all cases conditions

and of Lemma follow from Lemma and the fact that new variables intro duced

in the derivation are always fresh Condition is always a consequence of the induction

hyp othesis Condition is satised by the appropriate choice of X The only condition

that has to b e proven individually for each case is the condition The set of indices i

for each rule is the set of numb ers from to N where N is the numb er of premises in the rule

under consideration

Rule Axiom Cant happ en since if the ro ot rule is Axiomthen n

Rule Abs The detailed pro of will b e given for this case only since all other cases are similar

and dier primarily in denition of X used in Lemma

Since this rule is the ro ot one the expression under consideration is fun x hexpri

First it will b e shown that if C then

g fx g fx g C f

y where are fresh Since yand y y for all y x it is sucient

x to showthatC f g x ie C f g whichis

gFTV C Thus equation has b een proven always true as f

Since the rule Abs has b een successfully used its conditions are satised and therefore

hexpri X

where the derivation of equation has depth n By induction assumption and

from equation

hexpri X

and

C f g X X

Therefore

fun x hexpri X

where

i i

X glb C A

i

i

i

X A glb C

i

From the original derivation it is also known that

fun x hexpri X

i i

X glb C A

i

i

i

X glb C A

i

The only thing left to prove is therefore

X C X

This can b e obtained by using Lemma with N and

def

X

In order to use Lemma it has to b e shown that condition is satised ie

C X X

This follows from the fact that

whichisimmediately true

Rule Appl Here N andX is chosen to b e

def

X

Condition necessary for the applicability of Lemma follows from

whichisimmediately true as

Rule Pro duct Here N n and X is chosen to b e

def

X

n n n

Condition necessary for the applicability of Lemma follows from

i n

i n

i

i i

i i

i i

whichisimmediately true

Rule Seq Here N andX is chosen to b e

def

X

Condition necessary for the applicability of Lemma follows from

whichisimmediately true

Rule Let Before Lemma can b e used here it has to b e shown that

fx X fx X g g

where

hexpri X

hexpri X

then However if

fx X g fx X g

follows from equations induction hyp othesis and the denition of Thus

is proven and it is now p ossible to use Lemma Let

def

X

Then condition necessary for the applicability of Lemma follows from

whichisimmediately true

Rule Typ edLet Before Lemma can b e used here it has to b e shown that

fx T g fx T g

def

expand T However if where T then

G

fx T g fx T g

follows from the denition of Thus is provenanditisnowpossibletouse

Lemma Let

def

X T

Then condition necessary for the applicability of Lemma follows from

T T

T T

whichisimmediately true as

T

Thus for all cases it has b een shown that the induction assumption for all n N where N

implies the statement of the theorem for N The induction base for N has also b een pro ven

and therefore the statement of the theorem is true for all N

Natural semantics

This section denes the natural semantics of the target language that will b e used to show the

soundness of the presented typ echecking algorithm

The runtime ob jects rtobjects of the language comprise the set O Rtob jects will b e denoted

Type as a b c Each rtob ject of the language has a typ e This will b e written as object T

Rtob jects of the language are

Atomic constants These are constants explicitly dened by the program and the initial environ

ment suchas unit etc Behaviors declared in the program are considered to b e atomic

constants as well The set BO is the set of all b ehaviors declared by the program

Pro ducts A pro duct ob ject is an ordered list of runtime ob jects

a a

n

where a PO Pro ducts of rtob jects comprise the set P O As usual it is assumed that

i

a a

and therefore OPO

Closures Closures are function abstractions together with the environment they are dened in

They are denoted as closure E x expr Here E is the environment x is the formal argument

and expr is the b o dy of the abstraction

Runtime ob jects are irreducible and can app ear as the nal result of a successful program execution

reduction

The runtime environment rtenvironment E is a set of nametortob ject bindings of the form

hnamei a where name Id set of identiers and a OGiven an rtenvironment E E hnamei

denotes the rtob ject a in the binding of the form hnamei a in E or if hnamei is unb ound in E

The op eration E E constructs the new rtenvironment that includes all bindings in E and

those bindings of E that are not overridden in E Formally

E hnamei if E hnamei

E E hnamei

E hnamei if E hnamei

The store S is an unsp ecied entity that represents the storage space of the program For the

purp oses of this section it is sucient to state that there exists a predicate Valid S dened on

all p ossible stores an initial store S suchthatValid S TRUE and a set of primitive functions

fprimitive gThevalidityofa storemayormay not dep end on the typing environment

i

Primitive functions are intro duced to mo del lowlevel system primitives Each primitive function

is a partial function that maps pairs S atoS a This mapping has the following meaning if

primitive S aS a then the primitive function primitive applied to an rtob ject a in the

i i

presence of the store S pro duces the result a and changes the store to b ecome S

Primitive functions are the most basic execution primitives and corresp ond to lowlevel implemen

tation functions Their correctness is not checked rather it is assumed The right set of primitive

functions along with their denitions and the pro of of their correctness is the resp onsibility of the

language designer

Before the natural semantics can b e dened certain assumptions ab out the underlying user typ e

graph G need to b e established It is assumed that G has the following prop erties

Pro ducts It is assumed that the following denitions are given

concrete type TProductNcovar X covar XN

for all N from to M where M is the maximum arity of pro duct expressions in the program

M is nite since every program is a nite text at the same time pro ducts can not grow

dynamically in the prop osed semantics Existence of the typ e denition

concrete type TUnit

Unit can b e thought of as a ary pro duct typ e It is further is also assumed The typ e T

assumed that none of the ab ove pro duct typ es has anysubtyp es or concrete sup ertyp es The

existence of a predened rtob ject unit of typ e T Unit is also assumed

Functionals It is assumed that b ehavior and function typ es are dened as

concrete type TFunctioncontravar A covar R

concrete type TBehaviorcontravar A covar R

subtype of TFunctionA R

It is assumed that there are no concrete subtyp es of T Behavior and that the only concrete

subtyp e of T Function is T Behavior Instead of T FunctionA RandT BehaviorA R the

denotations AR and A R resp ectively will b e used

b

The assumptions ab out the pro duct typ es play a crucial role in denitions of b ehavior consistency

and the treatmentandtyping of pro duct expressions Assumptions ab out functional typ es are

used in typing and treatment of abstraction and application expressions The assumptions ab out

nonexistence of concrete subtyp es of the functional typ es can b e lifted provided the appropriate

reduction rule for application expression is added

The natural semantics of the target language is dened in Figure The statement of the form

S E hexpri S a

G

means that the expression hexpri evaluated in the environment E with the store S reduces to

rtob ject a and changes the store to b ecome S

The function dispatch b aBOO is dened by Denition

In this section natural semantics of the target language has b een dened The next section

discusses issues related to runtime ob ject typing

Execution state typing

In this section typing of runtime ob jects and correctness of a particular state of program execution

will b e dened The correctness condition placed up on primitive functions and their asso ciations

will also b e formulated

Denition Extended typing environment An extended typing environment isaset

of pairs a X where X is a typ e and a IdO

An extended typing environment is a straightforward extension of typing environment designed

to handle typing of runtime ob jects In this section the term typing environment will b e used

to mean extended typing environment The notion of initial extended typing environment is

dened as a straightforward extension of initial typing environment Denition

Denition Runtime ob ject typing If is a typing environment Denition and

a is an rtob ject then its typing is dened by the rules depicted in Figure which augment the

rules in Figure Here E denotes the environment obtained as follows

X if E hnamei and EhnameiX

Ehnamei

otherwise

Denition RTsimilarity Twotyp es A and A are called rtsimilar i one of the fol

lowing is true

E hnamei

RedAxiom

S E hnamei S E hnamei

G

RedFunction

S E fun x hexpri S closure E x hexpri

G

S Ehexpri S a S Ehexpri S a

G n G n n

n

RedPro duct

S Ehexpri hexpri S a a

G n n

n

S Ehexpri S a S Efhnamei a g hexpri S a

G G

RedLet

S Elet T hnameihexpri in hexpri S a

G

S Ehexprsi S a S Ehexpri S a

G G

RedSequence

S Ehexprsi hexpri S a

G

S Ehexpri S closure E x hexpri S Ehexpri S a

G G

S EE fx a g hexpri S a

G

RedFuncApplication

S Ehexpri hexpri S a

G

S Ehexpri S behavior behavior B

G

S Ehexpri S a

G

dispatch behavior a fun x hexpri

S E fun x hexpri a S a

G

RedBehApplication

S Ehexpri hexpri S a

G

S Ehexpri S behavior behavior B

G

S Ehexpri S a

G

dispatch behavior a primitive

i

primitive S a S a

i

RedBehPrimApplication

S Ehexpri hexpri S a

G

Figure Natural semantics of the target language

a X

RTAxiom

a X

j j

j j

n n

a glb C A A a glb C

n

j n n j

n

RTPro duct

j j

i

j

n

a a glb C A A

n i

j j

n

i

n

E fun x hexpri X

RTClosure

closure E x hexpriX

Figure Typing rules for rtob jects

A A

Arity a Arity a

i i

and for each iA is rtsimilar to A A aA A A aA A

Arity a Arity a

A aA A A aA A and a f g

b

Rtsimilarity requires that twotyp es b e identical when their leaves related to functional typ es

are cut o For example a bc de is rtsimilar to a f g de but a b c deisnot

rtsimilar to a f g de

Denition Runtime pretyp es Runtime pretype p over G is dened recursively as fol

lows

If p A where A is a typ e over GFTV such that pfunctor A Concrete and

G

pfunctor A f gFTV A

b

then p is a runtime pretyp e

If p p p where p are runtime pretyp es suchthat

n i

i j i FTV p FTV p

i j

then p is a runtime pretyp e

Thus a runtime pretyp e can contain variables in the leaves of functional typ es onlyThus

abc is a runtime pretyp e while abc is not

Denition Runtime typ es Runtime type q over G is dened as follows

i

q glb C p

i

i

is a runtime typ e i the following holds

i p is a runtime pretyp e

i

i

i C

G

i j p and p are RTsimilar

i j

The set of all runtime typ es is denoted RTyp

G

Runtime typ es are thus greatest lower b ounds of a nite numb er of rtsimilar consistent runtime

pretyp es For example

glb a ab

is a runtime typ e while

glb a a

is not

Denition Primary form of runtime typ es extended from page ab ove

primary is extended to work for runtime typ es in the following manner

G

def

i

for some ig primary q fhc c ijc pfunctor q

G n j

j

where

i i i

q glb C q q

i n

i

This denition is valid since pfunctor q is indep endentofi according to For example

j

the primary form of the typ e is hi

Having dened the runtime ob ject typing it is now p ossible to formally sp ecify the requirements

placed on primitive functions The primitive functions are assumed to b e correct in the following

sense

Denition Primitive function correctness A primitive function primitive is correct

i

wrt i for every b ehavior asso ciation of the form

behavior C AR hnamei primitive

i

a a

for any store S such that Valid S TRUE for each rtob ject a suchthat a X X

a

glb C A and

i

i

i

a

C A A i C

i G

i

the following holds

primitive S aS r

i

Valid S TRUE

r r

R r X glb C

j

j j

a r

i j C C A A C R R

i G j

i j

In other words the primitive functions are required to b ehavejustasgoodastyp echecked non

primitive ones wrt their typ e sp ecications Note that there is no denition of store consistency

here as it dep ends up on the semantics of primitive functions However the results of this chapter

do not dep end on the denition of store consistency It is only required that correct applications

of primitive functions do not disturb it as stated in the ab ove denition An example of a set of

primitive functions satisfying these conditions is given in Section

In this section execution state runtime ob ject typing was dened Next section provesaset

of correctness prop erties for b ehavior dispatch pro cess

Dispatch correctness

In this section several prop erties of dispatch function used in Figure are proven The ultimate

goal is to prove that in a correctly typ echecked expression the dispatch is always valid and correct

no message not understo o d or message ambiguous errors

Lemma Argument prop erty If q RTyp then

G

q q

i C C A A primary q primary C A

G G G G

i i

q q q

qp qp

i C C A A C A A A

G

i i i

q q q

t t

i t concrete C A C C A A C A A A

G G

i i i

q q

t t qp qp

where q glb C A abstract primary t C A and abstract primary q C A

G G G G

i

i i

Proof The statement can b e equivalently formulated as follows

q q

A primary q primary C A A i C C

G G G G

i i

Then all three statements of this lemma have to b e proven for all i Let i b e suchthat

q q

C C A A

G

i i

For such i all three statements are trivially satised false premises imply any conclusion In the

rest of the pro of it will b e assumed that i is suchthat

q q

A A C C

G

i i

is satised The ab ove condition is equivalent to the following statement

q q

C C A A

i i

def

q q q

Then A A Let A A Assume without loss of generality that A A

n

i i i

A A and

n

q

A A for all j from to n

j

j

i

q

from the denition of subtyping and the variance of the pro duct Since A is an narity pro duct its

i

q q

q

primary form is also an narity pro duct Let primary q ht t i Note that t Concrete

G G

n

j

from the ab ove denition the denition of a runtime typ e and the fact that q RTyp Then

G

t t t

A A A by denition of abstract

G

n

q

Each A by denition of a runtime typ e has a primary functor which b elongs to Concrete

j G

i

q q

Thus A c r r where c is a concrete typ e constructor Then t and therefore c

j

Arityc

i j

q

t

A c At the same time A c for some c and since A A and from the denition

j

j j j

i

c Since A c either A c orA for some k IfA of subtyping c

G j j k j k

j

then since C is true by denition of the following is true

glb fc j c C g pfunctor A

G k

j G

q

and therefore since A A

j

j

i

q

glb fc j c C g t

G k

G

j

q

On the other hand if A c c then t cTo sum up the following statementhavebeen

G

j

j

shown to b e true

glb fc j c C g if A is a variable

k j

q

G

t

G

j

c if A c

j

and the ab ove case analysis is exhaustive wrt the form of A The ab ove is equivalentto

j

q

t primary C A

G G j

j

and due to the fact that j was arbitraryto

q

q

i hprimary C A primary C A i primary C A t primary q ht

G G G n G G

n

which proves

In order to show that is true it is sucienttoput

i

r

k jk

j

where

q

i i

r c A r

j

Arity c

j j

i

Then the following is satised by denitions of primary abstract and a runtime typ e

G G

q p

q

A A

j

i j

q

qp

C C

i

from which

q q

qp qp

A A C C

i i

Since and were chosen under the only assumption that

q q

C C A A

i i

was satised the following is true

q q q

qp qp

C C A A A A C

i i i

This implies

Consider primary q Since primary q primary C A and according to the denition

G G G G

of concrete there are only two p ossibilities

G

primary q concrete C A In this case the statement is immediate

G G

qp t qp t t t

t concrete C A primary q t C C C A A AwhereC A

G G G G

abstract t In this case by

G

q q q

qp qp t qp t

t concrete C A C C A A C A A A C A A A

G G

i i i

which implies

q q q

t t

A A A C A A t concrete C A C C

G G

i i i

that is equivalent to

The following theorem shows that indeed a dispatchofatyp ecorrect b ehavior application yields

a correctly dispatched function

Theorem Dispatch correctness If q RTyp is a runtime typ e b is a b ehavior that

G

satises coverage unambiguity and correctness conditions

d d d

behavior C A R i N

d

i i i

are the b ehavior denitions for b

a a a

association C A R i N

a

i i i

are the b ehavior asso ciations for b

x

x fa dgi N C

x G

i

and

q q

x x

C A A x fa dgi N j C

x G

i i

j j

then the following holds

k dispatch b q

G

q q q

x x a a x

x fa dgi N j C C A A C A A A

x G

i i k k i

j j j

q q

a a

j C C A A

G

k k

j j

q q

where q glb C A and t primary q

G

j

j j

Proof

Point According to denition in order to show k it is necessary to sho w that

b

S t

b

jS tj

min

Point There are two p ossible cases

q q

a a

i j C C A A In this case the statement of Lemma can

G

i i

j j

b e applied to deduce that

a a

t primary C A

G G

i i

b

which ensures that S t

q q

d d

The statement of Lemma can b e applied A A C i j C

G

i i

j j

to deduce that

q q q

t d t d d d d

A A C A A A C C A t concrete C

G G

i i i i i

j j j

t t

where C A abstract t From the b ehavior coverage condition

G

t d t d a t a d

C C A A C A A A

G

i i l l i

From this and

q q q

t a d t a d d

A A C A A A C A A C

G

l i l i i

j j j

Thus

q q q q

d d a d a

l C C A A C A A A C

G

i i l i l

j j j j

and since

q q

d d

A A C C

G

i i

j j

by the condition of this case the following is true

q q

a a

C l C A A

G

l l

j j

The statement of Lemma is then used to deduce

a a

l t primary C A

G G

l l

whichproves the statement under consideration

b b

Point In order to show jS tj it is sucien ttoshowthat S t whichhas

min

already b een proven and

a a a a

A t primary C A i j i t primary C

G G G G

j j i i

a a

k t primary C A

G G

k k

a a a a

A primary C A primary C

G G G

i i k k

a a a a

primary C A primary C A

G G G

k k j j

where t primary q From the denition of runtime typ e

G

n

q RTyp t primary q t Concrete for some n

G G G

Let t b e such that the premises of are satised Then

n

a a a a

t primary C A t primary C A t Concrete

G G G G G

i i j j

From this and the denition of concrete

G

a a a a

u concrete C A C A t u

G G

i i j j

From this and the b ehavior unambiguity condition

a a a a a a a a

primary C A primary C A primary C A primary C A

G G G G G G

i i j j j j i i

a a

k u primary C A

G G

i i

a a a a

primary C A primary C A

G G G

k k i i

a a a a

primary C A primary C A

G G G

k k i i

There are three p ossible cases

a a a a

primary C A primary C A Let k i Then k satises

G G G

i i j j

a a a a

primary C A primary C A Let k j Then k satises

G G G

j j i i

a a a a a a

k u primary C A primary C A primary C A

G G G G G

i i i i

k k

a a a a

primary C A primary C A In this case let k k Then k

G G G

i i

k k

satises

b

tj has b een sho wn In all cases k that satises has b een found Thus jS

min

b

tj Th us the p oint It has b een shown that under the conditions of the theorem jS

min

has b een proven

Point Assume that x i j are such that

q

x x

C C q A

G

i i

j

Then the statement is trivially satised In the rest of the pro of it will therefore b e

assumed that x i j are suchthat

q

x x

C q A C

G

i i

j

is satised There are two p ossible cases

x a In this case

q q

a a

C C A A

G

i i

j j

Then k from statemen t If k i the statement is immediate Let

k i Then

a a a a

A primary C A t primary C

G G G G

i i k k

b

from the denition of dispatch and S t From the statement of Lemma

min

q q q

a a qp qp a

C C A A C A A A

G

i i i

j j j

qp qp u a a

where abstract primary q C A Let X abstract primary C A

G G G G

k k k

Then

u a a

primary X A t primary C

G G G G

k k k

a a

A t primary C

G G

i i

from and the denition of primary andabstract and therefore there are

G G

by denition of concrete two p ossible cases

G

qp qp a a u

a primary C A concrete C A X From this and

G G

i i

k

q q q

a a u a a t t a

t concrete C A X C C A A C A A A

G G

i i k i i i

j j j

qp qp

cho ose t primary C A

G

a a u qp a t qp t a

b t concrete C A X t t C C C A A A

G G G

i i i i

k

qp qp t t

where t primary C A andC A abstract t From and the

G G

entailmentabove

q q q

a a t qp t a

C C A A C A A A A

G

i i i

j j j

which is equivalent to cho ose t t

Thus it has b een shown that in b oth cases is satised From the b ehavior correct

ness condition and

t a t a a t a a

C C A A C A A A

G

i i k k i

From this and

q q q

a t a a a a

A A A A C A A C C

G

i k k i i

j j j

whichproves statement of the theorem for this case

x dFrom the pro of of the second case of statement

q q q q

a d a d d

A A C A A C A l C C

G

l i l i i

j j j j

From the previous case let x d i l

q q q

a a a a a

C C A A C A A A

G

l l k k l

j j j

From this and

q q q

d d a a a d

l C C A A C A A A A

G

i i k k l i

j j j

whichimplies

q q q

d d a a d

C C A A C A A A

G

i i k k i

j j j

that proves in this case

Point Immediate consequence of statement and the theorem conditions

In this section it has b een proven that in a correctly typ echecked expression the dispatchisalways

valid and correct no message not understo o d or message ambiguous errors Next section is

the pro of of the sub ject reduction theorem

Sub ject reduction

The sub ject reduction theorem that is proven b elow is the main result of this chapter It shows that

a correctly typ echecked program do es not pro duce typ e or dispatch errors during execution

Lemma Expanded typ e propagation If all typ es in are expanded Denition E

is an rtenvironment o Expressions O andE o X then X is expanded

Proof By simple induction on the derivation of E o X Follows from the fact that none

of the rules in Figure and Figure can pro duce nonexpanded typ es provided their premises

do not contain them

A consistent triple dened b elow can also b e termed as a consistent computation state

Denition Consistent triple A triple S E hexpri is called consistent in a given typing

environment if the following conditions are satised

Valid S TRUE

E hnamei a hnamei X a X X X

n a G a n

o IdO E o X X

G

E hexpri X X

G

This denition requires that all typ es of rtob jects that participate in a given environmentare

valid and so is the typ e derived for the expression expr It also requires the validity of the store S

Finally the sub ject reduction theorem can b e formulated and proven

Theorem Sub ject reduction If do es not contain nonexpanded typ es and a triple

S E hexpriisconsistent in then the following holds

The next reduction step for S E hexpri exists and is unique The reduction step is under

sto o d as a step from the conclusion of the rule to its premise or from one of the premises of

the rule to the next one in the order these premises are listed

If in addition S E hexpri S a then the following holds

G

a Valid S TRUE

b a X

c X X where E hexpri X

G

Proof

Point The pro of is by induction over the derivation of S E hexpri S a It will b e

G

shown that if the theorem is satised for the premises of a reduction rule and the triple in the

conclusion of the rule is consistent then the pair that this triple reduces to according to the

conclusion of the rule in question will also satisfy the theorem

Rule RedAxiom Since S E hnamei is consistent Valid S TRUE Let E hnameia

E hnamei exists since otherwise the rule in question would not b e applicable Then

hnamei X

n

a X

a

X X

G a n

from the denition of triple consistency It is left to showthatE hnamei X

and X X Since hnameiX and hnameiIdE hnamei X by

G n n a

denition of E and the op eration Thus X X From this and equation

a

X X

G n

Thus the pair S a satises the conclusions of the theorem

Rule RedFunction Immediate from the rule RTClosure in Figure

Rule RedPro duct First it will b e shown that if S Ehexpri hexpri is consistent

m

and Valid S TRUE thenS Ehexpri is consistent It is sucient to showthat

i

under these conditions

n

E hexpri X

i

i

n

X

G

i

From the denition of consistency

n

E hexpri hexpri X

m

X

G

Consider the derivation of Itfollows the rules of Figure and the last applied

rule has to b e the rule Pro ductThus

n

E hexpri X

i

i

where

n n

n n j n j

i i

X glb n C A

i j i i

i

n n n

n j n j n j n

i m

C A A X glb n

n

i

i m j j

m

Thus equation is proven Since

n n n

n j n j n j n

i m

C A A X glb n

n

i G G

j j

i m

m

n n n

n j n j n j

i m

C A A

G i

i m

n

n

j j

m

n

n j

i

C

G i

i

n

n

j j

m

n

n j

i

C

G

i

n

n

i j j

m

n

n j

i

C

G

i

n

i j

i

n n

n j n j

i i

C A

G

i i

n

i j

i

n n

n j n j

i i

A glb n C

G

i j i

i

i

n

X

G

i

i

the equation is proven as well equivalences and are due to the fact that

all typ es are expanded which follows from Lemma and the conditions of the theorem

Therefore S Ehexpri is consistent as long as Valid S TRUE Since S

i

TRUE by assumption S Ehexpri is consistent Therefore by induction assumption

Valid S TRUE Thismakes S Ehexpri consistent and S valid After n

steps it is shown that all triples S Ehexpri are consistent Then by induction

i

i

assumption

a

a X

i

i

n a

X X

G

i i

It is left to show that

a

a a X

n

a n

X X

G

From equation and the rule RTPro duct Figure

a

a a X

n

where

a a

a a j a j

i i

X glb a C A

j

i i i

i

a a a

a a j a j a j

i m

X glb a C A A

a

i

j j i m

m

Thus equation is proven Equation is equivalentto

n n n a a a

n j n j n j a j a j a j

m i m i

A A glb n C A A glb a C

n a

i G i

m j j i m j j i

m m

a a a n n n

a j a j a j n j n j n j

i m i m

C A A C A A

G i i

i m i m

n a

n a

j j j j

m m

n a a a n n

n j a j a j a j n j n j

i i m m

C C fA A A A g

i G i

i i m m

a n

a n

j j j j

m m

n a a n

n j a j a j n j

i i i i

C C fA A g

i G i i

i i i i

a n

a n

j j j j

m m

n a a n

n j a j a j n j

i i i i

C C fA A g

G

i i i i

a n

a n

j j j j i

m m

n a a n

n j a j a j n j

i i i i

C C fA A g

G

i i i i

a n

i j j

i i

n n a a

n j n j a j a j

i i i i

A C A C

G

i i i i

a n

i j j

i i

n n a a

n j n j a j a j

i i i i

A glb n C A glb a C

G

j j

i i i i

i i

i

a n

X X

G

i i

i

However the equation is the same as and therefore the equation is

proven The ab ove derivation used equations and The step is a

n a

direct consequence of Lemma and the fact that the derivation of X X o ccurs in

i i

n a

a branch dierent from the one used to derive X X ifi j

j j

Thus it has b een shown that S a a satises the conclusion of the theorem

n n

Rule RedLet First it will b e shown that if

S Elet T hnameihexpri in hexpri

is consistent then so is

S Ehexpri

Store validity is immediate thus it remains to show that

n

E hexpri X

n

X

G

under the conditions that

n

E let T hnameihexpri in hexpri X

n

X

G

The outermost rule in the derivation of is either Let or Typ edLet Therefore

n i n i n

E hexpri X glb C A

i

j j

n n n

Efhnamei Y g hexpri X glb C A

j

where

i n i n

glb C A if the rule Let was used

i

Y

expand T if the rule Typ edLet was used

G

whichproves On the other hand

j j

n i n n n

X glb C C c A

i

ij

where

TRUE if the rule Let was used

c

i

i n

A expand T if the rule Typ edLet was used

G

and therefore from

j j

n i n n n

X glb C C c A

G G i

ij

j j

i n n n

C C c A

G i

i j

j

i n n

C C c

G i

i j

i n

C

G

i

i n i n

C A

G

i

i n i n

glb C A

G

i

n

X

G

whichproves Therefore

S Ehexpri

is consistent and by the induction assumption

Valid S TRUE

a

a X

a n

X X

G

From this and the conditions of the theorem it will b e shown that

S Efhnamei a g hexpri

is also consistent Indeed S is valid by It remains to show that

n

Efhnamei a g hexpri X

a

n

X

G

a

Consider two p ossibilities

n n

Rule Let was applied In this case Y X and therefore X Y

G

Rule Typ edLet was applied In this case Y expand T and

G

j j

n i n n i n n

X glb C C A expand T A

G G G

ij

i n i n

C A expand T

G G

i

n

X expand T

G G

n

X Y

G

n a n

Thus in b oth cases X Y is satised However from X X and

G G

a

therefore X Y This together with proves that

G

Efhnamei a g Efhnamei Y g

From this and the static subsumption theorem the following is true

The statement is true

The following statement is true

n n

X X

G

a

from which is also true

Thus

S Efhnamei a g hexpri

is consistent and therefore by induction assumption

Valid S TRUE

a

a X

a n

X X

G

a

It remains to show that

n a

X X

G

n a n n n

where X is dened by Since X X by and X X

G G

a a

n n

by it remain to show that X X Indeed

G

j j

n i n n n

X glb C C c A

i

ij

j j

n n n

X glb C A

j

and since

j j j j

i n n n n n

C C c C A A

i G

n n

X whichproves for all i j by Denition X

G

Rule RedSequenc e First it will b e shown that if

S Ehexpri hexpri

is consistent then so is

S Ehexpri

Store validity is immediate thus it remains to show that

n

E hexpri X

n

X

G

under the conditions that

n

E hexpri hexpri X

n

X

G

The outermost rule in the derivation of is Seq therefore

n i n i n

E hexpri X glb C A

i

j j

n n n

E hexpri X glb C A

j

whichproves On the other hand

j j

n i n n n

X glb C C A

ij

and therefore from

j j

n i n n n

X glb C C A

G G

ij

j j

i n n n

C C A

G

i j

j

i n n

C C

G

i j

i n

C

G

i

i n i n

C A

G

i

i n i n

glb C A

G

i

n

X

G

whichproves Therefore

S Ehexpri

is consistent and by the induction assumption

Valid S TRUE

a

a X

n a

X X

G

From this and the conditions of the theorem it will b e shown that

S Ehexpri

is also consistent Indeed S is valid by It remains to show that

n

E hexpri X

n

X

G

The statement is equivalent to and is therefore true From

j j

n i n n n

X glb C C A

G G

ij

j j

i n n n

C C A

G

i j

j

i n n

C C

G

i j

i n

C

G

i

i n n

C A

G

i

n

X

G

whichproves Thus

S Ehexpri

is consistent and therefore by induction assumption

Valid S TRUE

a

a X

a n

X X

G

It remains to show that

a n

X X

G

n a n

where X is dened by Since X X by it remain to showthat

G

n n

X Indeed X

G

j j

n i n n n

X glb C C A

ij

j j

n n n

X glb C A

j

and since

j j j j

i n n n n n

C C C A A

G

n n

for all i j by Denition X X whichproves

G

Rule RedFuncApplication First it will b e shown that if

S Ehexpri hexpri

is consistent then so is

S Ehexpri

Store validity is immediate thus it remains to show that

n

E hexpri X

n

X

G

under the conditions that

n

E hexpri hexpri X

n

X

G

The outermost rule in the derivation of is Appl therefore

n i n i n

E hexpri X glb C A

i

j j

n n n

E hexpri X glb C A

j

whichproves On the other hand

j j

n i n n i n n

X glb C C A A

ij

and therefore from

j j

n i n n i n n

X glb C C A A

G G

ij

j j

i n n i n n

C C A A

G

i j

j j

i n n i n n

C C A A

G

i j

i n

C

G

i

i n i n

C A

G

i

i n i n

glb C A

G

i

n

X

G

whichproves Therefore

S Ehexpri is consistent

and by the induction assumption

Valid S TRUE

a

closure E x hexpriX

n a

X X

G

From this and the conditions of the theorem it will b e shown that

S Ehexpri

is also consistent Indeed S is valid by It remains to show that

n

E hexpri X

n

X

G

The statement is equivalent to and is therefore true From

j j

n i n n i n n

X glb C C A A

G G

ij

j j

i n n i n n

C C A A

G

i j

j j

i n n i n n

C C A A

G

i j

j

n

C

G

j

j j

n n

C A

G

i

j j

n n

glb C A

G

j

n

X

G

whichproves Thus

S Ehexpri

is consistent and therefore by induction assumption

Valid S TRUE

a

a X

a n

X X

G

Nowitispossibletodemonstratethat

S EE fx a g hexpri

is consistent S is valid by It has to b e shown that

n

EE fx a g hexpri X

n

X

G

From

a

closure E x hexpriX

and therefore by the rule RTClosure for rtob jects Figure

a

E fun x hexpri X

The outermost rule in the ab ove derivation must b e the rule Abs and therefore

i i

E fx g hexpri X glb C A

e

i e e

a i i

X glb C A

i e e

where is a fresh typ e variable From and

j j

n i n n i n n

X glb C C A A

G

ij

and therefore

I n J n I n J n

I J C C A A

G

By denition of subtyping

a a

X X

G

and therefore since is true

a

X EE fx a g E fx g

G

From this and the static subsumption theorem

n

EE fx a g hexpri X

n a

X X X

e G

which implies is equivalentto

k n

k C

G

Since is equivalentto

k n k n j i a i a j

C A A i j k C A C

G

e e

by denition of subtyping in order to prove it is sucient to showthat

i a i a j

i j C A C

G

e

From

j j j

i n a a n

i C C A A

G

j

and from and

j

i n j i n

i C C A A

G

e e

j

From the ab ovetwo equations and

j j j j

I n J n I n J n a a n j I n

C C A A C A A C A A

G

e e

j j

whichimplies

I n J n I n J n J a J a J n I I I n

C C A A C A A C A A

G

e e

which is equivalent due to the variance of and transitivityofsubtyping to

I n J n J a I I n J n J a J n I I n

C C C C A A A A A A

G

e e

J n I J a

A A A

e

This implies

J a J a I

C A C

G

e

and therefore

Thus

S EE fx a g hexpri

is consistent and therefore by induction assumption

Valid S TRUE

a

a X

n a

X X

G

It remains to show that

a n

X X

G

n a n

where X is dened by Since X X by it is sucienttodemon

G

strate that

n n

X X

G

From by denition of subtyping

i n i a i a i n

i i C C A A

G

whichisby equivalentto

i n i i n i

A A i i C C

G

e e

From the ab ove and the denition of subtyping the following is true

j j

i n i i n n i n n i

A A i j i C C A A C

G

e e

Using the prop erties of entailment

j j

i n n i n n

i j i C C A A

G

j j

i n i i n i n n

C C A A A A

e e

from whichby transitivityofsubtyping

j j j j

n n i i n n i n n i

A C A i j i C C A A C

G

e e

and byvariance of the typ e constructor

j j j j

i n n i n n i n n i

i j i C C A A C C A A

G

e e

On the other hand from and it follows that

n n

X X X

G e

which is equivalentto

j j

n n i k n k n i

i j k C A C C A A

G

e e

from which and

j j

i n n i n n

i j i k C C A A

G

j j

k n k n i n n i i

C A A C A A C

e e e

which implies by transitivity

j j

i n n i n n

i j i k C C A A

G

j j

i n n i k n k n i k n

C C A A C A A A

e e e

which in turn implies

j j

n k n k n n i n i n

C A A A i j k C C

G

which is equivalentto

n n

X X

G

due to Thus and therefore are proven

Rule RedBehApplication The rst two premises of this rule are the same as those in the

rule RedFuncApplication Therefore the equations are proven in the same

way Since hexpri reduces to a b ehavior behavior the following is true

a

E behavior X

where

i a i a a

glb C A X

i

and

i i a i

R A A

b

b b

From this and

a n i n l a l a l n

X X i l C C A A

G

i n l a l l i n

i l C C A R A

G b

b b

From and

j j

i n n i n n

i j C C A A

G

and from this and

j j

i n n i n n l a l l i n

i j l C C A A C A R A

G b

b b

from whichduetovariance of and and their subtyping relationship in G

b

j j

i n n l a n l l

i j l C C C A A R

G

b b

From

j j

n n m a m a

C A A j m C

G

and from this and

j j

i n n l a m a m a n l l

i j l m C C C C A A A R

G

b b

whichimplies

l a m a m a l

l m C C A A

G

b

From this and the dispatch correctness theorem

k dispatch behavior a

G

m a l a m a l k a m a k l

l m C C A A C A A A

G

b b b

k a m a m a k

m C C A A

G

b

There are two p ossibilities the dispatchmight pro duce a function or a primitive The

rst case is handled by the rule RedBehApplication while the second is handled by the

rule RedBehPrimApplication Here only the rst alternative is considered the second one

will b e considered later on Assume that the dispatch pro duced a function F Then by

the functional consistency condition

F X

f

k k a k

R C A X

G

b b f

Since for anyvalid by the static subsumption theorem

p p

E F X glb C A

f

p

f f

X X

G f

f

and therefore

k k a k

R X C A

G f

b b

By using the rule Appl it is concluded that

p p

m a m a n

glb C C A A E Fa X

mp

f f

a

where o ccurs in X only in places denoted explicitly ab ove as it is fresh when the

rule Appl is applied

It is now left to show that

S E funx hexpri a

is consistent and that the result typ e conforms to the third condition of the theorem S

is valid by In order to show triple consistency it is left to demonstrate that

n

E F a X

n

X

G

def

where F fun x hexpri

follows from is equivalentto

p p

m a m a

m p C C A A

G

f f

From

p p

k k k a

A R A p C C

G

b b

f f

and from this and

p p

k k k a m a m a k

R A A C m p C C A A

G

b b b

f f

k

which implies let R Thus the triple

b

S E funx hexpri a

is consistent and therefore by induction assumption

Valid S TRUE

a

a X

a n

X X

G

In order to complete the pro of of this case it is necessary to showthat

a n

X X

G

a n

Since X X by it is sucienttoshowthat

G

n n

X X

G

which is equivalentto

j j p p

i n n i n n m a m a

i j m p C C A A C C A A

G

f f

By the denition of subtyping

j j j j

n n i n n i n n i n i n

A A C C A A i j C C

G

From this and

j j

i n n i n n

i j l C C A A

G

j j

i n l i n n i n n l a l

A R C C A A C A

b

b b

from which and

j j

i n n i n n

i j l m C C A A

G

j j j

i n n i n n l a l l i n m a m a n

C C A A C A R A C A A

b

b b

from which and

j j

i n n i n n

i j l m C C A A

G

j j j

i n n i n n l a l l i n m a m a n

C C A A C A R A C A A

b

b b

k a m a k l

C A A A

b b

From this and

j j

i n n i n n

i j l m p C C A A

G

j j j

i n n i n n l a l l i n m a m a n

C C A A C A R A C A A

b

b b

p p

k a m a k l k k

C A A A C A A R

b b b b

f f

From this and the global b ehavior consistency condition

j j

i n n i n n

i j l m p C C A A

G

j j j

i n m a m a n l i n n i n n l a l

A C A A R C C A A C A

b

b b

p p

l k k k l k a m a k

R R R C A A A C A A

b b b b b b

f f

From this transitivity and relationship b etween and

b

j j p p

l i n n i n n m a m a l

R i j l m C C A A C C A A R

G

b b

f f

l

which implies put R

b

Rule RedBehPrimApplication This rule is identical to RedBehPrimApplication up to the p oint

where the dispatched function is applied Therefore the equations

and are proven in the same way

It now remains to show that under these conditions

primitive S a

i

is dened the resulting store S is consistent and the typ e of the resulting ob ject is less

then the typ e derived initially for the expression

a m a m a

a X glb C A

m

n a

X X

G

S is valid by Since

m a m a a

glb C A a X

m

k a m a m a k

m C C A A

G

b

by and resp ectively and

primitive S a S a

i

Valid S TRUE

j p

a a a

glb C A a X

p

p p

a a k k a m a m a k

C A R m p C C A A

G

b b

by the primitive function correctness condition Nowitislefttoshow that

a n

X X

G

which is equivalentto

j j p p

i n n i n n a a

i j p C C A A C A

G

From the denition of subtyping

j j j j

i n n i n n i n n i n n

i j C C A A C C A A

G

From this and

j j

i n n i n n

i j l C C A A

G

j j

i n n i n n l a l l i n

C C A A C A R A

b

b b

From this and

j j

i n n i n n

i j l m C C A A

G

j j j

i n m a m a n l i n n i n n l a l

A C A A R C C A A C A

b

b b

From the ab ove the transitivityofsubtyping relationship b etween and and their

b

variance

j j

i n n i n n

i j l m C C A A

G

j j j

i n n l a m a m a n n l l

C C C C A A A A R

b b

from which and

j j

i n n i n n

i j l m C C A A

G

j j j

l i n n l a m a m a n n l

R C C C C A A A A

b b

k a m a k l

C A A A

b b

From this and

j j

i n n i n n

i j l m p C C A A

G

j j j

n l n l n l a m a m a i n

A A R C C A A C C

b b

p p

a a k l k a m a k

C A R A C A A

b b b

From the ab ove and the global b ehavior consistency condition

j j

n n i n i n

A A i j l m p C C

G

j j j

i n n l a m a m a n n l l

C C C C A A A A R

b b

p p

k k a a k l k a m a k

R R C A R A C A A

l b b b b

from which and the transitivityofsubtyping

j j

i n n i n n

i j l m p C C A A

G

j j j

l k a m a k i n n l a m a m a n n l

A C A A C C C C A A A A

b b b

p p

a a

A C

which implies

Point Since the triple S E hexpri is consistent hexpri is syntactically valid The reduction

rules are structural with the following exceptions

Rule RedAxiom additionally requires that E hnamei

An application expression can b e pro cessed by one of the rules RedFuncApplication Red

BehApplicationorRedBehPrimApplication These rules have additional nonstructural

premises

Assume that hexpri hnamei as is required for the rule RedAxiom to b e applicable Assume

E hnamei Then E hnamei which contradicts the assumption ab out triple

consistency since Thus the rule RedAxiom works for all correctly typ echecked names

G

Assume that hexpri hexpri hexpri The rst premise of all three rules is identical It will b e

shown that under these conditions the rst expression if it reduces reduces to either a closure

in which case the rule RulFunApplication is applicable and its second premise is checked or a

b ehavior in this case an additional analysis is needed Indeed by triple consistency

j j

n i n n i n n

X C C A A

G G

i j

i n i n

C A

G

i

where is a fresh typ e variable and equation is satised Also from triple consis

tency is true and therefore

S Ehexpri S a

G

Valid S TRUE

l a l a a

glb C A a X

l

a n

X X

G

From and transitivity

l a

il A

G

a a

Since X is a concrete typ e the primary functor of X must b e concrete The only concrete

a

typ es c such that c are and itself Thus the primary functor of X is either

G b

or The only rtob jects that can haveatyp e with a primary functor of are clo

b

sures At the same time the only rtob jects that can haveatyp e with a primary functor of

b

are b ehaviors Thus a must b e either a closure in which case the rule RedFuncApplication is

applicable or a b ehavior

If o is a b ehavior its dispatch fourth premise of the rules RedBehApplication and RedBeh

PrimApplicationcan

Pro duce a function In this case the rule RedBehApplication will work

Pro duce a primitive In this case the rule RedBehPrimApplication will work

Pro duce an error In this case no rule is applicable

Thus it is sucienttoshow that under these conditions the dispatch will never yield

However this statement has already b een proven in

Thus the statement of the theorem has also b een proven

In this section the main result of this chapter the sub ject reduction theorem has b een proven

The next section describ es incorp oration of imp erativetyp es into the typ e system develop ed so far

Imp erativetyp es

In this section it will b e shown that it is p ossible to consistently intro duce state in the frame

work describ ed ab ove Interestingly state do es not require any sp ecial typ e treatment The set

of appropriate primitive functions along with a particular treatment of store and store validityis

sucient

This is in sharp contrast to MLbased typ e system where imp erativetyp es typ e constructor

ref are treated sp ecially by the typ e system This sp ecial treatmenthastwo main disadvantages

It restricts the use of imp erativetyp es by applying less p ermissivetyp e discipline to them

It signicantly complicates the development of a system with several dierent imp erativetyp es

as for such a system the base typ e theory has to b e mo died

The family of imp erativetyp es T VarX is intro duced as follows

type TVarnovar X

behavior TVarX X get primitive

behavior TVarXX TUnit set primitive

Var with the additional constraint that there are no concrete typ es b elow T

Let

V fo j o O o T Varg

b e the set of all ob jects with imp erativetyp es The store S is then dened as a partial function from

V into O For eachvariable an ob ject of typ e T Var the store gives its contents an ob ject

stored in it

The store validity predicate Valid S is dened in the following manner

def

v v

Var Valid S v V glb C V i C V T

i G i

i i i

S vo

o

o O glb C O

j

j j

o v

Var C O i j C V T

G j i

j i

An intuitive meaning of the ab ove denition is that a store is valid if for every variable there is a

value stored in it and that value is of the same or smaller typ e as the typ e of the variable

The semantics of primitive functions is then dened as follows

primitive S vS S v

getting the valueofavariable v and

primitive S v a S S va unit

setting the value of a variable v to a In the latter case

S o if o v

def

S S vao

a if o v

In order to show that this denition is valid and that in the system extended with imp erative

typ es in this manner the sub ject reduction theorem still holds it is sucient to demonstrate that

the ab ove primitives ob ey the primitive function correctness condition

Getting a value It is necessary to showthatifS is a store and v is an rtob ject such that

Valid S TRUE

v v v

A v X X glb C

i

i i

v

A T i C Var

i G

i

then the following holds

primitive S vS a where a S v

Valid S TRUE

a a

a X glb C R

j

j

j

a v

Var C R i j C A T

G j i

j i

In order to show it is sucient to demonstrate that S v exists From the

v

fact that X is an rttyp e and the condition that there are no concrete typ es b elow T Var it

follows that

v

VarT X T

where T is some typ e expression From this and the validityof S by

S va

a a

a X glb C R

j

j j

a

j T VarT T Var C R

G j

j

By S v exists and therefore is proven is equivalent to The

validityof S is trivial by getting a value do es not change the store is

equivalent to and is therefore proven

Thus consistency of the rst primitive getting a value has b een demonstrated

Setting a value It is necessary to show that if S is a store and p is an rtob ject such that

Valid S TRUE

p

p p

P p X X glb C

i

i

i

p

P T i C Var

i G

i

then the following holds

primitive S pS unit

Valid S TRUE

u

unit X

p

u

Var X T Unit i C P T

G i

i

The statements and are immediately true as unit T Unit Thus it

remains to showthevalidity of and

p

Product the following Since X is a runtime typ e and there are no concrete typ es b elow T

is true

i P V S

i i i

At the same time from and the denition of a runtime ob ject

p vs

On the other hand from and it follows that

p

Var i C V T

G i

i

and from the rule RTPro duct

v v

V v X glb C

l l l

s s

S s X glb C

m m m

p v s

X glb C C V S

lm l m l m

From this and

P V S for some l m

i

l m

p

v s

C C for some l m C

l m

i

from which and

V V for some l

i

l

S S for some m

i

m

Let us denote the indices that satisfy the ab ove equations as l and m To sum up the

i i

following statements havebeenproven

p v s

p X glb C C V S

l m

i i

i l m

i i

p vs

v v

v X glb C V

l

i l i

i

s s

s X glb C S

m

i i

m

i

From this and the fact that there are no concrete typ es b elow T Var it follows that

i V T VarU

l i

i

From this and the semantics of primitive

primitive S pS unit

where S S S vs

Thus is true It remains to show that S is valid Since S is valid and S can only b e

dierentfromitonv it is sucient to demonstrate that

v s

T V S l m C Var C

G

l m l m

v

Var from and therefore FTV U X is a runtime typ e with primary functor T

i

for all i Also from the denition of a runtime typ e U U for some U and all iFrom this

i

v

T V and satisability of runtime typ e constraints C VarU Thus that weare

l l

attempting to prove is equivalentto

s

m T VarU T Var C S

G

m m

which is equivalentto

s

m U C S

G

m m

Var Thisisinturnequivalentto due to novariance of T

s

m C S U

G

m m

s

by denition of entailment and the fact that FTV C S andFTV U

m m

At the same time the condition is equivalentto

s

VarU S Var T i C T

m G

i

m

i

which implies byvariance of pro duct and denition of m

i

s

T m C VarU T Var S

G m

m

which is equivalentto

s

m C U S

G m

m

Var This is equivalentto byvariance of T

s

m C S U

G m

m

s

due to the fact that FTV C S However the last statementisequivalent to

m

m

Thus has b een proven

It has b een demonstrated that imp erativetyp es can b e treated consistentlyintheframework

presented in this dissertation The denitions of the typ e T Var b ehaviors get and set along

with their related primitives given at the b eginning of this section were proven to comply with the

requirements set forth for typ e system consistency It follows that the sub ject reduction theorem

holds for the typ e system with imp erativetyp es intro duced in this manner

Extensions

In this section I will describ e several extensions to the simple semantics considered ab ove All these

extensions will b e considered from the p oint of view of their impact on the typ e system

Errors nulls and exceptions

While the typ echecking algorithm guarantees the absence of typ e errors at runtime other errors

may still arise A practical programming language has to b e able to deal with these errors in a

consistent and sound manner

Example Consider a primitive function that implements an integer division

associate TInteger TInteger TInteger divide primitiveIntDiv

Division of some number by zero is certainly typ ecorrect

var TInteger ij

i

j

idividejprint

What should b e the result of such a program Apparently there is no integer numb er that could

meaningfully b e printed by the last statement

If primitive functions were not allowed this problem would not arise since in the absence of

primitives every terminating computation is valid as long as the program is typ echecked In real

programminghowever the ability of a program and ideally the formal semantics and the typ e

system to deal with this kind of errors is crucial There are several p ossible solutions to this problem

These solutions are not mutually exclusive but usually the presence of one of them is sucient

The notion of a null value is a wellestablished notion in the database community Surprisingly

in the programming languages community it did not receive nearly as much theoretical attention

even though it is constantly utilized in practical programming A null value is in a sense a common

placeholder for missing insucient or incorrect information Thus there can b e many dierentnull

values eg uninitialized incorrect or absent In Example for example the division func

tion would return some null value indicating incorrect result That value will b e printed probably

as a string and the program will pro ceed normally

This approach is in fact adopted by the IEEE standard for oating arithmetic IEE The role

of null values is played bysuchentities as NaN Unfortunatelynosuch standard exists for integer

arithmetics

From the p ointofviewofthetyp e system the following question needs to b e answered what are

the typ es of the null values The simplest consistent approachwould b e to create a concrete typ e

T Null at the b ottom of the typ e hierarchyandmake all null ob jects to share that typ e Then every

function andor b ehavior would b e able to pro duce suchavalue without violating the typ e discipline

There are however certain problems related to this approach First the natural semantics has to

b e extended to deal with null values in functional p ositions since T Null is at the b ottom of the

hierarchy it is a subtyp e of all b ehavior and function typ es and therefore null values can legally

app ear where functions and b ehaviors can If the imp erativetyp es are present the semantics of

extracting a value from a null value p osing as a variable ob ject also has to b e sp ecied Finally

since T Null is also a subtyp e of all pro duct typ es the distinction b etween b ehaviors that take one

argument and the ones taking several arguments is blurred which requires a signicant additional

runtime supp ort For example consider the following co de

behavior TPoint TInteger TInteger intCoords

behavior TInteger TInteger TInteger plus

var TPoint p

pintCoordsplusprint

The last statement is supp osed to print the sum of the integer co ordinates of the given p oint

However the variable p may contain a null value in whichcase pintCoords is likely to pro duce

by default a single null value rather than a pair of them From the p ointofviewoftyp echecking

this is correct But now the b ehavior plus is applied in a typ ecorrect manner to a single ob ject

instead of a pair Thus a runtime system has to b e able to deal with situations like these

The idea of null values and null typ es can b e taken further Namelyitispossibletointro duce

several null typ es each for its own purp ose For example one can establish a common subtyp e of

all numeric typ es T NumNull and make ob jects suchasNaN instances of this typ e This approach

allows one to sp ecify precisely what kind of null values can b e exp ected in a particular place in the

program However it still requires additional semantics for functionb ehavior applications if at least

one null typeisasubtyp e of these functional typ es

Going even further along this path ob jects of null typ es can have some sp ecial b ehaviors dened

on them These b ehaviors will dep end on the typ e of nulls These b ehaviors can b e used for example

to extract some information stored in the null ob ject at the time of its creation The resulting null

ob jects will then b ehavemuchlike exceptions in most mo dern programming languages

Note that the main problems related to the intro duction of various null typ es and values are

related to the language semantics and implementation Typ e system issues can b e neatly solved by

placing null typ es b elowthetyp es of ob jects the null values are designed to replace Thus the typ e

system can handle not only null values but also exceptions or at least a mechanism quite similar

to them

Lo cal variables and dynamic scoping

The only dierence b etween null values with attributes and the traditional exceptions is the lexical

scoping of the lo cal variables in the exception pro cessing co de This problem manifests itself in many

other and more imp ortant places as well Namely consider the following co de

Example

afunx

var TInteger i

ix

return fun y return i y

aprint

This co de rst calls the anonymous function stored in a with the argument The result is a

function that is called with the argument The result of that application is printed According

to the semantics sp ecied in this chapter this co de is valid and should print since the closure

always keeps a copy of its environment In practice however lo cal variables are not kept b eyond

the existence of the stack frame of their function invo cation and therefore an attempt to access i

will fail and return a garbage value The situation can b e even worse

Example

afunx

var TInteger i

ix

var b fun y return i y

i

return b

aprint

According to the sp ecied semantics this co de should print since the last value stored in i is

Even though it is p ossible to implement a language with suchsemantics eg LISP and some

other functional languages it usually comes at considerable execution and memory costs

In order to avoid situations like these it is p ossible to create a semantics in which all lo cal

variable values accessed inside a lo cal function in their scop e will b e evaluated eagerly rather than

lazilyAt the same time assignmenttosuchvariables within such functions would b e disallowed

Such semantics would corresp ond to the b ehavior of the most to days imp erative languages

In order to see how this semantic change can b e supp orted by the typ e system consider program

transformations of the program given in Example The following is the standard transformation

TVarTFunction a newTVarTFunction

asetfun x

TVarTInteger i newTVarTInteger

isetx

return fun y return igetplusy

agetprint

that corresp onds to the original semantics The following translation corresp onds to the mo died

semantics

TVarTFunction a newTVarTFunction

asetfun x

TVarTInteger i newTVarTInteger

isetx

return let ival iget in fun y return ivalplusy

agetprint

Here the value of i is extracted eagerly This allows the implementation to discard the variable i

while the function that refers to its value is still around Note that this translation automatically

ensures that no assignments to i are made inside the b o dy of the inner function as the typ e of ival

is not a variable typ e

Thus it has b een shown that the typ e discipline presented can supp ort b oth functional lazy

evaluation and imp erative eager evaluation styles

Nonlo cal returns

Another common feature of imp erative programming languages that has not yet b een addressed is

the presence of nonlo cal returns In the presented semantics the return expression has to b e the

last expression in the function b o dy In imp erative programming this restriction is to o severe to b e

practical The semantic approach to nonlo cal returns is the usage of continuationsTyping in the

presence of continuations is quite straightforward however their presence unnecessarily complicates

the semantics Since the primary purp ose of this dissertation is the developmentofthetyp e system

continuations were not formally treated here

Handling ob ject creation

Ob ject creationdeletion can b e handled within the presented framework analogously to the handling

of imp erativetyp es Section An existential predicate has to b e intro duced as an additional

part of the state and the ob ject creation primitive function semantics has to b e sp ecied to change

the value of that predicate at a particular p oint Once this is done no changes to the typ e system

are required to deal with ob ject creation The typ e system already in place will ensure absence of

typ e errors in a correctly typ echecked program

In this section several p ossible semantical extensions and their inuence on the typ e system have

b een addressed Next section discusses some key theoretical features of the prop osed typ e system

compares it to other works in the area and outlines future research direction with resp ect to further

development of the typ e system theory

Discussion

In this section several additional asp ects of the presented typ e theory will b e discussed Section

describ es the mo dularity of the theory presented so far Section discusses the eect that a typ e

system transformation mayhaveonvarious stages of the typ e checking It also uses the ab ove

discussion to showhowtyp e system evolution can b e supp orted by the presented typ e system

Section lists engineering tradeos related to the usage of the presented typ e system Finally

Section presents a summary of the ma jor features of the presented typ e system from the

theoretical p oint of view

Extensibility

One of the signicant dierences b etween the theory develop ed in this chapter and other typ e theories

develop ed so far is its mo dularity The main part of the theory including the entailment algorithms

and the sub ject reduction theorem dep end only on a very limited set of assumptions ab out the user

typ e graph and the primitive function semantics No assumptions at all are made ab out the store

except for its initial validity This prop ertygives the language designer a very exible and robust

system in which almost any store and primitive function semantics can b e plugged in with very little

eort

As an example a typ e system that includes imp erativetyp es and statepreserving ob jects known

to b e a challenge for typ e systems combining parametric and inclusion p olymorphism has b een fully

develop ed in Section The only part of this theory that required some work was the pro of of

consistency of the primitive functions If a primitive function do es not change the store the pro ofs

of validity b ecome even simpler

Typ e system evolution

So far the user typ e graph was considered to b e constructed at the b eginning of the program

analysis pro cess and used later during program typ echecking This assumption mightbevalid in

theoretical settings but it is quite impractical as big programs are usually built from smaller blo cks

libraries that are typ echecked and veried b efore the complete program is assembled The question

that can b e asked of a typ e system with resp ect to the ab ove scenario is what are the program

transformations that do not invalidate typ e checking or invalidate only a part of it

In this section various asp ects of program verication presented in Section will b e evaluated

from this p oint of view Before it is done an imp ortant class of program transformations called

covariant transformations is intro duced

Covariant transformations include

Adding a new typ e

Adding a new subsup ertyp e link under the condition that the user typ e graph remains

acyclic

Adding a new b ehavior

Adding a new b ehavior denition or asso ciation to an existing b ehavior

Replacing an existing b ehavior denition asso ciation with a denition asso ciation with a

subtyp e of the original

Adding a new constant denition

Replacing an existing constant denition with a denition with a subtyp e of the original

Changing a function in an existing asso ciation

These transformations are called covariant b ecause they covariantly change the initial typing en

vironment They are imp ortant b ecause covariantchange of the initial typing environmentgives

each expression the same or lesser typ e than the typ e given to that expression in the presence of

the original typing environment In a sense covariant transformations assure that all ob jects in the

program continue to conform to their original sp ecications

Lo cal monotonicity dened in Section is invariant with resp ect to covariant transformations

in the following sense if a new denition is added it has to b e checked for lo cal monotonicity but no

old denitions havetoberechecked This notion of invariance will b e used throughout this section

in the analysis of various asp ects of typ e consistency

Existence of a valid ranking for the user typ e graph dened in Section is invariant with

resp ect to all covariant transformations except for typ e and subtyp e link additions Typ e and link

additions do not aect existence of a valid ranking as long as the added typ es and links do not have

constraints and the added links do not intro duce new paths b etween typ es in the original graph

If any of the ab ove conditions are violated the existence of the valid ranking for the user typ e

graph needs to b e rechecked Note that since existence of the valid ranking is required for algorithm

termination but not for its correctness in some situations it may b e feasible to skip this checkas

long as there is a safeguard such as a time constraint that ensures termination of the typ e checker

Constraint consistency as dened in Section is invariant with resp ect to covariant transfor

mations This follows from the prop erties of entailment discussed later in this section

Global b ehavior consistency Section describ es the conditions placed on the relationships

between argument and result typ es of dierent denitions given for the same b ehavior It is based

on entailment and is therefore invariant with resp ect to covariant transformations

Functional consistency describ ed in Section is in a sense the typ echecking prop er as it checks

the conformance of the program to its sp ecication Functional consistency is also entailmentbased

and thus invariant with resp ect to covariant transformations This is in contrast to MLstyle typ e

inference systems where a lo cal change in a function b o dy can p otentially aect typing of other

functions in the program

Dispatch consistency conditions Section are invariant to all covariant transformations

except for subtyp esup ertyp e link additions and b ehavior denition asso ciation additions and

changes These conditions are the most volatile with resp ect to program transformations since they

are based on the notion of a concrete set which is in eect a set of concrete typ e constructors below

agiven one Thus an addition of a subtyp e can change concrete sets for all its sup ertyp es and

thus violate dispatch consistency conditions The conservative approach to dispatch consistency

rechecking is as follows

If a subtyp e link is added let S b e the set of typ e constructors that acquire new concrete

typ e constructors as children as a result of this addition Then every b ehaviorthathastyp e

constructors from S in the primary form of the argument of at least one of its denitions or

asso ciations has to b e fully rechecked for dispatch consistencyFull rechecking here means

that al l denitions and asso ciations for this b ehavior havetoberechecked

If a b ehavior denition or asso ciation is added or its typ e is changed for a particular b ehavior

that b ehavior has to b e fully rechecked

Thus adding a subtyp e link at the b ottom of the hierarchy leads to full rechecking for a lot of

b ehaviors This is unfortunate and most probably unnecessary There are two p ossible approaches

to this problem The rst one is to create more precise rules ab out rechecking b ehaviors in this case

that would eliminate unnecessary rechecking in simple cases which are likely to constitute at least

of all b ehavior denitions The second one is to ignore the p otential danger of not rechecking the

b ehaviors thus op ening the p ossibility of message not understo o d and message ambiguous errors

in the program that is build incrementally While this last approach clearly defeats the purp ose of

typ e checking it can b e practical in prototyping stage of program development when the p ossibility

of runtime errors can b e traded for faster development time In this case the whole program will

havetoberechecked at the pro duction stage Other hybrid approaches are also p ossible

Most of the consistency checks describ ed ab ove are invariant with resp ect to covarianttyp e trans

formations b ecause they are based on the entailment algorithms of Section that pro duce results

invariant with resp ect to covariant transformations This follows from Lemma and Theorem

Note that the entailment testing algorithm could have b een made signicantly faster but

still correct if it was allowed to use the attened form of the premises already computed on the

rst step for the construction of extended typ e graph However such mo dication would lead to

the loss of invariance with resp ect to covariant transformations Consider the following example

Let the following denitions b e given

type bcovar X

type ccovar X

type d

X d cX bX

These sp ecify that c bif d Let the entailmenttobechecked b e

c b d

The currententailment algorithm after verifying that c b will attempt to prove that

ca ba a d

in a typ e graph with an additional typ e constructor a and an additional subtyping relationship

ca ba This will fail as even a d is not true Thus the algorithm will conclude that

is not true

The mo died algorithm on the other hand will rst infer the attened form of c b

whichis

d

which is equivalentto

d

Thus the mo died algorithm will attempt to prove

a d

in a typ e system with an additional typ e constructor a and an additional subtyping relationship

a d This immediately succeeds and thus the mo died algorithm with conclude that is

true

Consider now the following covariant transformation of the original typ e system

type bcovar X

type ccovar X

type d

X d cX bX

type e

e bX

cX e

In other words a new typ e e was inserted b etween b and cNow the entailment is false

Indeed consider eThen

cce e beb

but

e d

Since b oth original and mo died algorithms are correct they return negativeanswer to

in this case Thus the mo died algorithm returns the result dierent from that returned for the

original typ e system and therefore the mo died algorithm is not invariant with resp ect to covariant

transformations

In this section the b ehavior of various stages of program verication with resp ect to covariant

program transformations was examined The conditions under which these stages do not haveto

b e rep eated for the mo died program have b een established The next section briey discusses the

main engineering tradeos of the prop osed typ e system

Engineering tradeos

The expressivepower of this typ e system comes at a price First the prop osed typ e system is

signicantly more complex than most of the typ e systems reviewed in Section The user is shielded

from this increased complexityby the layered design but a language implementor or database

designer would still have to cop e with it System uniformity and orthogonality will reduce the

necessary education time but it may still b e quite substantial

Second the uniform treatment of all the ob jects in the system also has its price tag Since every

entity including numbers characters strings etc is an ob ject and therefore can havebehaviors

that are dynamically dispatched on its typ e the typ e indicator sucient for dispatch purp oses has

to b e maintained at runtime This has an impact on memory requirements

Third multiple dispatch utilized in this typ e system has a negative impact on execution p er

formance Even in the presence of ecientmultimetho d dispatchtechniques multiple dispatchis

still inherently slower than single dispatch However a go o d optimizing compiler can p otentially

optimize away most of the necessary dynamic metho d dispatchby carefully analyzing the context

of the call sites or their runtime prop erties as demonstrated in DGC DDG HU

In the next section the brief summary of the imp ortant features of the theory develop ed in this

chapter will b e presented

Summary

The approachtaken in this chapter can b e summarized as follows The program is analyzed to yield

asetofconstrainedtypes and relationships b etween them These relationships are translated into

sets of subtyping constraints A program typ echecks if these sets admit a solution This solution

do es not have to b e found since mere fact of its existence is sucient to ensure runtime correctness

Thus the algorithms attempt to nd inconsistencies in the given constraint sets rather than nd their

solution The constraints are interpreted in the domain of regular trees equipp ed with a subtyping

relationship and lower and upp er b ound op erators

The main features of the presented theory are

Inclusion p olymorphism substitutability

Parametric p olymorphism

Partial typ e inference only b ehavior typ es need to b e explicitly sp ecied

Provable decidability and correctness

Explicit typ e constraints

Supp ort for union and intersection typ es

Mo dularity primitive functions and store semantics can b e easily mo died

Supp ort for imp erativetyp es

Supp ort for typ e system evolution covariant transformations

The ability to deal with subtyping b etween typ es of dierentvariances

Supp ort for distinction b etween b ehavior denitions and asso ciations

Dispatchgranularity dierent from the typ e sp ecication granularity

This concludes the presentation of the typ e system theory Inthischapter decidabilityand

correctness of the algorithms and techniques presented in Chapter has b een proven The eect of

various semantical extensions on the theory and the algorithms has b een considered Issues related

to the typ e system evolution and its eect on typ echecking were also discussed Finally a summary

of the ma jor theoretical features of the presented typ e system has b een given The review of various

theoretical typ e systems has b een presented earlier in Section The next chapter concludes the

dissertation and discusses its main contributions as well as directions for future research

Chapter

Conclusions

Summary and contributions

In this dissertation a typ e system for an ob jectoriented programming language has b een develop ed

Analysis of theoretical and practical requirements placed on the typ e system by the language and

database comp onents of the system was p erformed to yield a set of requirements the typ e system

should satisfyAnumb er of existing and prop osed typ e systems have b een examined and evaluated

from the p oint of view of these requirements This extensive analysis is the rst contribution of

this dissertation as it covers a very broad sp ectrum of typ e systems yet evaluates them from the

same uniform standp oint the set of requirements obtained by the previous analysis It is shown

that for each required feature there is at least one typ e system that has it However the desired

combination of features remains elusiveinthatnotyp e system theoretical or practical existing in

a programming language or prop osed has all the features necessary for the consistent and uniform

treatment of ob jectoriented database programming

Based on these requirements a typ e system is designed and various asp ects of it are discussed

This featurerich design of the typ e system is the second contribution of this work The design pro cess

yields a consistent and uniform typ e system that satises the requirements develop ed earlier and

successfully passes the tests from the typ e system expressibility test suite The main design features

of the develop ed typ e system are consistentcombination of parametric and inclusion p olymorphism

an elab orate and precise mechanism for b ehavior message typing handling of precise and complex

typ es of database query op erations uniform integration of imp erative features provisions for schema

evolution and a clean separation b etween interface implementation co de and representation

data layout The threelayer typ e system design provides additional exibility in sp ecication

and use of typ es and facilitates b etter co de reuse A ma jor motivation for the layered design is

understandability and usabilityofthetyp e system by programmers The system can b e used at

all the three layers the deep er the layer the more p ower it provides and the greater complexityit

involves

The designed typ e system is used in a prototyp e ob jectoriented programming language termed

source language throughout this dissertation This language is more then just a testb ed for the

develop ed typ e system it is p owerful enough to describ e all the ma jor comp onents of ob jectoriented

programming and design including typ e and function sp ecication and verication handling of

dynamic and imp erativetyp es and ob jects of these typ es multiple dispatch separation b etween

b ehavior declarations and denitions on b oth the typ e and implementation level and enco ding of

database queries via precisely typ ed b ehavior applications This source language can b e used as a

core of a real ob jectoriented database programming language as it includes the dispatch pro cedure

for multiple dispatch of b ehaviors dened in the language A program written in the source language

is veried by rst translating it into a more theoretical and simplied target language and then

applying the typ echecking techniques and verication pro cedures to the resulting program The

main typ echecking algorithms functional consistency checking are local in that a co de change

inside a function b o dy do es not aect the typing or validity of the other functions in the program

The third contribution of this dissertation is the development of the source language along with the

algorithms and pro cedures for verication and typ echecking of the programs written in it

Finally a theory has b een develop ed to rigorously provethevalidity of the presented typ echecking

mechanisms This theory includes a mo del of typ es as regular trees formal treatment of subtyping

constrainttyp es and entailment It also includes a natural semantics of the target language designed

to formalize and reason ab out its runtime prop erties Both algorithm termination and sub ject

reduction have b een proven The theory was develop ed in a mo dular fashion so as to allow its

application to other languages and systems The pro of of the validity of the handling of imp erative

typ es in the target language was presented as a nontrivial example of utilization of the p ower

inherent in this mo dular approach The theory was further examined by lo oking at the ways it

can b e extended to supp ort semantic extensions needed for a fulledged programming language

Another p oint of discussion was related to the b ehavior of the presented algorithms in the presence of

typ e system changes An imp ortant class of typ e system transformations covariant transformations

has b een identied and their impact on typ echecking and program verication has b een carefully

examined The theory has thus b een shown to b e mo dular extensible and incremental to a certain

degree The develop ed theory also supp orts all ma jor typ e system and design features of the source

and target language including parametric and inclusion p olymorphism imp erative union and

intersection typ es typ e constraintsavery lib eral notion of subtyping dierent granularity for typ e

and dispatch sp ecications and separation b etween interface typ e and implementation co de It

also features partial typ e inference that is known to reduce the burden of writing typ e annotations

for every ob ject in a program At the same time typ e inference is lo calized in order to contain

the eect of function co de mo dications The developmentofthistyp e theory and the pro ofs of

decidability and correctness of the typ echecking algorithms are the fourth ma jor contribution of this

dissertation

Future research

While signicantwork has b een done to achieve the primary goal of this dissertation there is still

a considerable ro om for future research

On the practical side making the main verication algorithms more ecient is quite imp ortant

While the algorithms presented herein are correct the main entailment algorithm app ears to b e

exp onential and thus needs to b e improved up on b efore it can b e used in a practical language

Implementation of the source and target languages as well as an ecient implementation of trans

lation and verication algorithms remain to b e accomplished Another interesting and promising

researchvenue is related to the development of an ecient dispatch strategy at a ner granularity

In this dissertation the dispatch on parametric typ es do es not dep end on typ e parameter This

is done to utilize the existing ecientmultimetho d dispatchtechniques However if an ecient

mechanism capable of taking into accounttyp e parameters can b e develop ed it will greatly simplify

the theory and make the language more p owerful Finallydevelopment of a database programming

language based on this typ e system presents a whole new set of challenges such as the semantics of

p ersistence handling of p ersistenttyp es b ehaviors and functions and ecient implementationof

database queries and up dates

From the design prosp ective addition of exceptions into the language seems to b e an interesting

and p otentially rewarding research direction Another design p ossibilityworth pursuing is the addi

tion of a mo dule system to the source language From the database prosp ective adding transaction

supp ort directly into the language seems to b e a promising idea Yet another interesting research

direction is incorp oration of algebraic types typ e constructors that serve alsoasvalue constructors

as in Standard ML MTH into the typ e system

From the theoretical p oint of view there are a numb er of issues that warrant further studyOne

of the most imp ortant theoretical research directions is a study into the p ossibility of lifting or sig

nicantly relaxing the valid ranking requirementplacedontheusertyp e graph The author b elieves

it can b e accomplished without sacricing decidability Another theoretical research p ossibilityis

researchinto the complexity of the presented algorithms and its theoretical limits Finally develop

ment of the fulledged language semantics with continuations and the necessary mo dication of

the relevantproofsisachallenging task

The last task is just one of the integral parts of a larger problem of developing a p owerful

theoretically sound ecient and practical ob jectoriented database programming language for the

next millennium I b elievesuchadevelopment will b e undertaken and the result will probably

exceed the exp ectations of b oth research and industrial communities My hop e is that the research

presented in this dissertation is a step along this long and dicult road

Bibliography

AB M PAtkinson and O P Buneman Typ es and p ersistence in database programming

languages ACM Computing Surveys June

ABD M Atkinson F Banchilon D DeWitt K Dittrich D Maier and S Zdonik The

ob jectoriented database system manifesto In F Banchilon C Delob el and P Kanel

lakis editors Building an ObjectOriented Database System The Story of O

AC R M Amadio and L Cardelli Subtyping recursivetyp es ACM Transactions on

Programming Languages and Systems

AC M Abadi and L Cardelli ATheory of Objects Monographs in Computer Science

Springer

ACO A Albano L Cardelli and R Orsini Galileo A stronglytyp ed interactive conceptual

language ACM Transactions on Database Systems June

Ada Ada Reference Manual Available electronically

URL httpwwwadahomecomrm

ADL R Agrawal L G DeMichiel and B G Lindsay Static typ e checking of multimetho ds

ACM SIGPLAN Notices Novemb er In Pro c of OOPSLA

AFM O Agesen S N Freund and J C Mitchell Adding typ e parametrization to the Java

language In Proceedings of the OOPSLA

AG R Agrawal and N H Gehani ODE ob ject database and environment The lan

guage and the data mo del In Proceedings of the ACMSIGMOD International

Conference on Management of Data pages

AG K Arnold and J Gosling The Java Language Specication AddisonWesleyth

edition ISBN

AGO A Albano G Ghelli and R Orsini Fib onacci A programming language for ob ject

databases VLDB Journal

AM M Atkinson and R Morrison Orthogonally p ersistent ob ject systems VLDB Journal

AN A Arnold and M Nivat The metric space of innite trees Algebraic and top ological

prop erties Fundamenta Informaticae III pages

App A W App el A critique of standard ML Technical Rep ort CSTR Princeton

UniversityNovember

App Apple Computer Inc Dylan Interim Reference Manual

AVWW J Armstrong R Virding C Wikstrom and M Williams Concurrent Programming

in Erlang Prentice Hall nd edition

AW A AikenandELWimmers Typ e inclusion constraints and typ e inference Technical

Rep ort RJ IBM Research Division August

AWL A Aiken E L Wimmers and T K Lakshman Soft typing with conditional typ es

In ConferenceRecord of POPL st ACM SIGPLANSIGACT Symposium on

Principles of Programming Languages pages ACM Press

BBdB R Bal H Balsters R A de By A Bosschaart J Flokstra M V Keulen

J Skowronek and B Termorshuizen The TM ManualDecemb er Version

revision C Available electronically

URL ftpftpcsutwentenlpubdocTM

BC J Boyland and G Castagna Typ esafe compilation of covariant sp ecialization A

practical case Technical Rep ort UCBCSD University of California Computer

Science Division EECS Berkeley California Novemb er

BC J Boyland and G Castagna Parasitic metho ds An implementationofmultimetho ds

in Java SIGPLAN Notices Pro ceedings of OOPSLA

URL ftpftpensfrpubdmiuserscastagnaoopslapsgz

BCC K Bruce L Cardelli G Castagna The Hopkins Ob ject Group G Leavens and

B Pierce On binary metho ds Theory and Practice of Object Systems

BDG D G Bobrow L G DeMichiel R P Gabriel S E Keene G Kiczales and D A

Mo on Common Lisp Ob ject System sp ecication June XJ Do cument

R

BDMN G M Birtwistle OJ Dahl B Myhrhaug and K Nygaard Simula Begin Studentlit

teratur Lund Sweden Bratt Institute Fuer Neues Lerned Go ch FRG Chartwell

Bratt Ltd Kent England

BFP K B Bruce A Fiech and L Petersen Subtyping is not a go o d match for ob ject

oriented languages In Informal Proceedings of The Fourth Workshop on Foundations

of ObjectOrientedLanguages FOOL Contributed talk

BG G Bracha and D Griswold Strongtalk Typ echecking Smalltalk in a pro duction

environment In Proceedings of the ACM Conference on ObjectOrientedProgramming

Systems Languages and Applications

BG M F Barrett and M E Giguere A note on covariance and contravariance unication

ACM SIGPLAN Notices January

BLR G Baumgartner K Laufer and V F Russo Interaction of ob jectoriented design

patterns and programming languages Technical Rep ort CSDTR Deptartment

of Computer Sciences Purdue University

BMa F Bourdoncle and S Merz Typ e checking higherorder p olymorphic multimetho ds

In Proceedings of the th ACM Conference on Principles of Programming Languages

POPL

BMb F Bourdoncle and S Merz Primitivesubtyping implicit p olymorphism ob ject

orientation In Foundations of ObjectOrientedLanguages Extended abstract

BO P Buneman and A Ohori Polymorphism and typ e inference in database programming

ACM Transactions on Database Systems March

BOSWa G Bracha M Odersky D Stoutamire and PWadler GJ Extending the Javapro

gramming language with typ e parameters Manuscript March Revised August

BOSWb G Bracha M Odersky D Stoutamire and PWadler GJ sp ecication Manuscript

May

BOSWc G Bracha M Odersky D Stoutamire and PWadler Making the future safe for

the past Adding genericitytotheJava programming language In Proceedings of the

th Annual ACM SIGPLAN Conference on ObjectOrientedProgramming Systems

Languages and Applications OOPSLA pages Octob er

BOW K B Bruce M OderskyandPWadler A statically safe alternativetovirtual

typ es In Proceedings of the European Conference on ObjectOrientedProgram

ming ECOOP

BP A Black and J Palsb erg Foundations of ob jectoriented languages ACM SIGPLAN

Notices Workshop Rep ort

BP P Buneman and B Pierce Union typ es for semistructured data Technical Rep ort

MSCIS DepartmentofCISUniversityofPennsylvania

Bra G Bracha The Programming Language Jigsaw Mixins Modularity And Multiple

Inheritance PhD thesis University of Utah Department of Computer Science March

Bru K K Bruce Typing in ob jectoriented languages Achieving expressibility and safety

URL ftpcswilliamsedupubKimStaticps

BSG K B Bruce A Schuett and R V Gent A typ esafe p olymorphic ob jectoriented

language Accessible byanonymous FTP July

URL ftpcswilliamsedupubkimPolyTOILdvi

BSG K B Bruce A Schuett and R V Gent PolyTOIL A typ esafe p olymorphic ob ject

oriented language In W Oltho editor Proceedings of the th European Conference

on ObjectOrientedProgramming ECOOP Aarhus Denmark August LNCS

Springer Extended abstract

Cara L Cardelli Amb er In G Cousineau PL Curien and B Robinet editors Combina

tors and Functional Programming Languages SpringerVerlag LNCS

Carb L Cardelli A p olymorphic calculus with Typ eTyp eTechnical Rep ort DEC

SRC Lytton Avenue Palo Alto CA May SRC Research Rep ort

Car L Cardelli A semantics of multiple inheritance Information and Computation

Car L Cardelli Typ eful programming In E J Neuhold and M Paul editors Formal

Description of Programming Concepts IFIP State of the Art Rep orts Series Springer

Verlag February

URL httpwwwlucademoncoukBibliographyhtml

Car L Cardelli An implementation of F Technical Rep ort DEC Systems Research

Center February

Car L Cardelli Typ e systems In A B Tucker editor The Computer Science and Engi

neering Handbookchapter CRC Press

URL httpwwwlucademoncoukBibliographyhtml

Casa G Castagna Covariance and contravariance Conict without a cause ACM Trans

actionsonProgramming Languages and Systems May

Casb G Castagna A metalanguage for typ ed ob jectoriented languages Theoretical Com

puter Science November

Cas G Castagna ObjectOrientedProgramming A UniedFoundationchapter Typ e

Systems for Ob jectOriented Programming Progress in Theoretical Computer Science

Birkauzer Boston

CBB R G G Cattell D Barry D Bartels M Berler J Eastman S Gamerman D Jordan

A Springer H Strickland and D Wade The Object Database Standard ODMG

Morgan Kaufmann Publishers Los Altos CA USA

CCH P Canning W Co ok W Hill W Oltho and J C Mitchell Fb ounded p olymor

phism for ob jectoriented programming In Proceedings of the ACM Conferenceon

Functional Programming and Computer Architecture pages

CGL G Castagna G Ghelli and G Longo A calculus for overloaded functions with sub

typing Information and Computation February

Chaa C Chamb ers The Design and Implementation of the SELF Compiler an Optimizing

Compiler for ObjectOrientedProgramming Languages PhD thesis Stanford Univer

sity March

Chab C Chamb ers Ob jectoriented multimetho ds in Cecil In O L Madsen editor ECOOP

European Conference on ObjectOrientedProgramming Utrecht The Netherlands

volume of Lecture Notes in Computer Science pages SpringerVerlag New

York NY

Cha C Chambers The Cecil language Sp ecication and rationale Technical Rep ort

TR Department of Computer Science and Engineering FR Universityof

Washington March

CL C Chamb ers and G T Leavens Typ echecking and mo dules for multimetho ds ACM

Transactions on Programming Languages and Systems November

CL C Chamb ers and G T Leavens BeCecil A core ob jectoriented language with blo ck

structure and multimetho ds Semantics and typing Technical Rep ort Depart

ment of Computer Science Iowa State University Decemb er

CL C Chamb ers and G T Leavens BeCecil A core ob jectoriented language with blo ck

structure and multimetho ds Semantics and typing In FOOL The Fourth Interna

tional Workshop on Foundations of ObjectOrientedLanguages Paris France January

CMM R C H Connor D J McNally and R Morrison Subtyping and assignmentin

database programming languages In Proceedings of the rd International Workshop

on Database Programming Languages Naplon Greece

CMMS L Cardelli S Martini J C Mitchell and A Scedrov An extension of system F with

subtyping In T Ito and A R Meyer editors International Conference on Theoretical

Aspects of Computer Software pages Lecture Notes in Computer Science

CO K Chen and M OderskyAtyp e system for a lamb da calculus with assignment In

Proc Theoretical Aspects of Computer Science Sendai Japan April Spinger

LNCS

Cou B Courcelle Fundamental prop erties of innite trees Theoretical Computer Science

Cou B Courcelle Equivalence and transformation of regular systems applications to

recursive program schemes and grammars Theoretical Computer Science

CT W Chen and V Turau Multiple dispatching based on automata Journal of Theory

and Practice of Object Systems

CTK W Chen V Turau and W Klas Ecient dynamic lo okup strategy for multimetho ds

In M Tokoro and R Pareschi editors ECOOP European Conference on Object

OrientedProgrammingvolume of Lecture Notes in Computer Science pages

New York NY July SpringerVerlag

DAS E Dujardin E Amiel and E Simon Fast algorithms for compressed multimetho d dis

patch tables generation ACM Transactions on Programming Languages and Systems

DCG J Dean C Chamb ers and D Grove Identifying protable sp ecialization in ob ject

oriented languages Technical Rep ort Department of Computer Science and

Engineering FR UniversityofWashington February

DDG J Dean G DeFouw D Grove V Livinov and C Chamb ers Vortex an optimiz

ing compiler for ob jectoriented languages ACM SIGPLAN Notices

Octob er

DE S Drossop oulou and S Eisenbach Javaistyp e safe probablyInProceedings of the

th European ConferenceonObject OrientedProgramming ECOOP June

DGC J Dean D Grove and C Chamb ers Optimization of ob jectoriented programs using

static class hierarchy analysis In W Oltho editor Proceedings of the th European

Conference on ObjectOrientedProgramming ECOOP Aarhus Denmark August

LNCS Springer

DGLM M Day R Grub er B Liskov and A C Myers Subtyp es vs where clauses Constrain

ing parametric p olymorphism SIGPLAN Notices Octob er

ESTa J Eifrig S Smith and V Trifonov Sound p olymorphic typ e inference for ob jects

SIGPLAN Notices Octob er

ESTb J Eifrig S Smith and V Trifonov Typ e inference for recursively constrained typ es

and its application to OOP Electronic Notes in Theoretical Computer Science

URL httpwwwelseviernllocateentcsvolumehtml

ESTZ J Eifrig S Smith V Trifonov and A Zwarico An interpretation of typ ed OOP in a

language with state LISP and Symbolic Computation

FM K Fisher and J C Mitchell The developmentoftyp e systems for ob jectoriented

languages Theory and Practice of Object Systems

URL ftptheorystanfordedupubjcmpaperstaposps

Fra M Franz The programming language Lago ona A fresh lo ok at ob jectorientation

Software Concepts and Tools

Ghe G Ghelli A static typ e system for message passing ACM SIGPLAN Notices

Novemb er In Pro c of OOPSLA

GM A Gawecki and F Matthes Integrating subtyping matching and typ e quantication

A practical p ersp ective In Proceedings of the th European Conference on Object

OrientedProgramming Linz Austria July Springer Verlag

GR A Goldb erg and D Robson ST The Language AddisonWesley

Har S P Harbison Modula Prentice Hall

Hau F J Hauck Towards the implementation of a uniform ob ject mo del In A Bo de and

M D Cin editors Paral lel Computer Architectures Theory Hardware Software and

Applications SFB Col loquium SFB and SFB numb er in Lecture Notes

in Computer Science pages Springer Octob er

HJW P Hudak S PJonesPWadler B Boutel J Fairbairn J Fasel M M Guzman

K Hammond J Hughes T Johnsson D Kieburtz R Nikhil W Partain and J Peter

son Report on the Programming Language Haskel l March Version Available

electronically

URL httpwwwhaskellorgdefinitionhaskellreportpsgz

HLPS W Holst Y Leontiev C Pang and D Szafron Multimetho d dispatch using pro duct

typ e tries Technical Rep ort TR University of Alb erta

Hola W Holst Mo dular Smalltalk A rst implementation Technical Rep ort TR

Department of Computing Science University of Alb erta

Holb U Holzle Integrating indep endentlydevelop ed comp onents in ob jectoriented lan

guages In Proceedings of ECOOP

HSPL W Holst D Szafron C Pang and Y Leontiev Multimetho d dispatch using single

receiver pro jections Technical Rep ort TR University of Alb erta

HU U Holzle and D Ungar Reconciling resp onsiveness with p erformance in pure ob

ject oriented languages ACM Transactions on Programming Languages and Systems

July

IEE IEEE standard for binary oatingp oint arithmetic ANSIIEEE Standard

Institute of Electrical and Electronics Engineers August

JW K Jensen and N Wirth The Programming Language Pascal SpringerVerlag

KCMS G N C Kirby R C H Connor R Morrison and D Stemple Using reection to sup

port typ esafe evolution in p ersistent systems Technical Rep ort CS University

of St Andrews

Kim W Kim Ob jectoriented database systems Promises reality and future In Proceed

ings of the th VLDB Conference pages

KT W Klas and V Turau Persistence in the ob jectoriented database programming lan

guage VML Technical Rep ort TR International Computer Science Institute

Center St Suite Berkeley CA July

LCD B Liskov D Curtis M Day S Ghemawat R Grub er P Johnson and A C Meyers

Theta Reference Manual MIT Lab oratory for Computer Science Cambridge MA

February

URL httpwwwpmglcsmitedupapersthetaref

Lit V Litvinov Constraintbased p olymorphism in Cecil Towards a practical and static

typ e system In Proceedings of the ConferenceonObjectOrientedProgramming

Systems Languages and Applications OOPSLA

LM G T Leavens and T D Millstein Multiple dispatchasdispatchontuplesInPro

ceedings of the Conference on ObjectOrientedProgramming Systems Languages and

Applications OOPSLA pages Octob er

URL httpwwwcswashingtoneduhomestoddpapersoopslaps

LML V G Lutiy A B Merkov Y V Leontiev E J Gawrilow N A Ivanova M E

Ionova M L Paklin and A K Ho dataev DBMS ModulaK RAN Data Pro cessing

Center Moscow in Russian Sistema Programmirovaniya Baz Dannyh Mo dula

K

LOS Y Leontiev M T Ozsu and D Szafron On separation b etween interface implemen

tation and representation in ob ject DBMSs In Proceedings of TOOLSSanta

Barbara California August

LP W R LaLonde and J Pugh Sub classing subt yping isa Journal of Object

OrientedProgramming January

LRV C Lecluse P Richard and F Velez O an ob jectoriented data mo del In F Ban

chilon C Delob el and P Kanellakis editors Building an ObjectOrientedDatabase

System The Story of O

LW B Liskov and J M Wing A b ehavioral notion of subtyping ACM Transactions on

Programming Languages and Systems November

LW G T Leavens and W E Weihl Sp ecication and verication of ob ject oriented pro

grams using sup ertyp e abstraction ACTA Informatica November

MBC R Morrison F Brown R Connor Q Cutts A Dearle G Kirby and D Munro

Napier Reference ManualUniversity of St Andrews March Release

MBL A C Myers J A Bank and B Liskov Parameterized typ es for Java In Proceedings

of the th ACM Simposium on Principles of Programming Languages POPL

January

Mey B Meyer Eiel the language PrenticeHall

MHH W B Mugridge J Hamer and J G Hosking Multimetho ds in a staticallytyp ed

programming language In P America editor ECOOP pages Geneva

Switzerland July LNCS

MMPN O L Madsen B MllerPedersen and K Nygaard ObjectOrientedProgramming in

the BETAProgramming Language AddisonWesley ISBN

MMS F Matthes S Muig and J W Schmidt Persistent p olymorphic programming in

Tyco on An intro duction FIDE Technical Rep ort Series FIDE Department

of Computing Sciences University of Glasgow Glasgow GQQ August

MS F Matthes and J Schmidt Bulk typ es Builtin or addon In Proceedings of the

Third International Workshop on Database Programming Languages Morgan Kauf

mann Publishers September

MS F Matthes and J Schmidt Denition of the Tyco on language a preliminary rep ort

Technical Rep ort FBIHHB Universitat Hamburg Octob er

MTH R Miller M Tofte and R Harp er The Denition of StandardML MIT Press

MW H Mossenbok and N Wirth The programming language Ob eron Manuscript

Octob er Institut fur Computersysteme ETH Zuric h

MW S MarlowandPWadler A practical subtyping system for Erlang In Proceedings

of the Second International ConferenceonFunctional Programming Amsterdam June

NP O Nierstrasz and M Papathomas Towards a typ e theory for active ob jects ACM

OOPS Messenger April Pro ceedings of the OOPSLAECOOP

Workshop on Ob jectBased Concurrent Systems

OBBT A Ohori P Buneman and V BreazuTannen Database programming in Machiavelli

a p olymorphic language with static typ e inference SIGMOD Record

OL M Odersky and K Laufer Putting typ e annotations to work In Proc rdACM

Symposium on Principles of Programming Languages pages January

OPS M T Ozsu R J Peters D Szafron B Irani A Lipka and A Munoz TIGUKAT A

uniform b ehavioral ob jectbase management system The VLDB Journal

July

OW M Odersky and PWadler Pizza into Java Translating theory into practice In

Proceedings of the th ACM Simposium on Principles of Programming Languages

POPL January

Pet R J Peters TIGUKAT A uniform b ehavioral ob jectbase management system Tech

nical Rep ort TR Department of Computing Science University of Alb erta April

PHLS C Pang W Holst Y Leontiev and D Szafron Multimetho d dispatch using multi

ple row displacement In Proceedings of the European Conference on ObjectOriented

Programming ECOOP

Pot F Pottier Simplifying subtyping constraints ACM SIGPLAN Notices

June

Pot F Pottier Type InferenceinthePresence of Subtyping from Theory to PracticePhD

thesis UniversiteParis VI I April

PS J Palsb erg and M I Schwartzbach ObjectOrientedTypeSystems John Wiley

Sons

QKB Z Qian and B KriegBrueckner Typ ed OO functional programming with late binding

In P Cointe editor Proceedings of the th European Conference on ObjectOriented

Programmingvolume of LNCS pages Springer July

RCS J E Richardson M J Carey and D T Schuh The design of the E programming

language ACM Transactions on Programming Languages and Systems

July

Reh J Rehof The Complexity of Simple Subtyping Systems PhD thesis DIKU Department

of Computer Science University of Cop enhagen

RS P Ro e and C Szyp erski Lightweight parametric p olymorphism for Ob eron In Pro

ceedings of the Joint Modular Languages Conference

RTL R K Ra j E Temp ero H M LevyAP Black N C Hutchinson and E Jul Emerald

A generalpurp ose programming language SoftwarePractice and Experience

January

RW M Reiser and N Wirth Programming in Oberon Steps beyond Pascal and Modula

AddisonWesley

Sar V Saraswat Javaisnottyp esafe Available electronically

URL httpwwwresearchattcomvjbughtml

Seq D Sequeira TypeInference with Bounded Quantication PhD thesis Departmentof

Computer Science UniversityofEdinburgh Also Technical Rep ort ECSLFCS

Sha D Shang Transframe The AnnotatedReference Software Systems Research Lab ora

tory Motorola Inc Schaumburg Illinois January Draft

SM J W Schmidt and F Matthes The DBPL pro ject Advances in mo dular database

programming Information Systems

SO D Stoutamire and S Omohundro The Sather sp ecication Technical Rep ort

TR International Computer Science Institute at Berkeley August

Str B Stroustrup The C Programming Language AddisonWesley

Tai A Taivalsaari On the notion of inheritance ACM Computing Surveys

Septemb er

Tho K K Thorup GenericityinJava with virtual typ es In Proceedings of the

European Conference on ObjectOrientedProgramming ECOOP

TNG D Tsichritzis O Nierstrasz and S Gibbs Beyond ob jects Ob jects International

Journal of Intel ligent and Cooperative Information Systems March

TS V Trifonov and S Smith Subtyping constrained typ es In Proceedings of the rd

International Static Analysis Symposium pages May Lecture Notes in

Computer Science

TT L Thorup and M Tofte Ob jectoriented programming and Standard ML In J H

Reppy editor Record of the ACM SIGPLAN Workshop on ML and its Applica

tions Orlando Floridanumb er in Rapp ort de recherche pages INRIA

June

Tur A M Turing Computabilityand denability Journal of Symbolic Logic

Wir N Wirth Programming in Modula SpringerVerlag nd edition

Wri A K Wright Polymorphism for imp erative languages without imp erativetyp es Tech

nical Rep ort TR Department of Computer Science Rice UniversityFebruary

App endix A

The Basic TIGUKAT Typ e System

This chapter gives a full description of the basic TIGUKATtyp e system Classes and implementation

typ es are not fully describ ed as their details are implementationsp ecic

A Common b ehaviors

behavior typeOfX TConstrainedType Object type

behavior classOfX TInfiniteClassX Object class

behavior itypeOfX TImplementationType Object implementation type

behavior OIDequalXX TBoolean Object identity equality

behavior equalX xX y TBoolean Equality

Shortcut operator binary

implementation return xOIDequaly

notEqualX xX y TBoolean Inequality

Shortcut operator binary

implementation return not x y

printXOutputStreamX Print to an output stream

applyX XY Y Function application

Shortcuts operator binary

juxtaposition

A Pro duct typ es

type TUnit

type TProductNcovar X covar X covar XN

project X

project X

projectN XN

for each N greater than

A Functional typ es

type TFunctioncontravar A covar R

nargs TNatural number of arguments

code TString function code may be empty

class CFunction implements TFunctionA R

type TBehaviorcontravar A covar R subtype of TFunctionA R

name TString behavior name

description TString Documentation

definitions TConstrainedType all definitions

associations TSetTBehaviorAssociationAR all associations

dispatchTListTType TFunctionA R dispatch

class CBehavior implements TBehaviorA R

The typ e TFunctionAR can b e abbreviated as AR or as AR The following is the typ e

necessary for b ehavior typ e denition

type TBehaviorAssociationcontravar A covar R subtype of TObject

type TSimpleConstrainedType type

function TFunctionAR associated function

class CBehaviorAssociation implements TBehaviorAssociationAR

The following is the typ e of lowlevel implementation functions

type TImplementationFunction subtype of TObject

description TString Documentation

declaration TString host language declaration

definition TString host language definition

argtype TListTImplementationType required implementation types

of all arguments

class CImplementationFunction implements TImplementationFunction

A Ob ject typ es

A Sp ecial typ es

type TObject

type TNull subtype of all object types

class CNull implements TNull

A Atomic typ es

type TDiscrete subtype of TObject

pred selftype Return the previous element

succ selftype Return the next element

type TPartiallyOrderedcontravar X subtype of TObject

lessselftype TBoolean Antisymmetric comparison

Shortcut operator binary

greaterselftype x TBoolean Antisymmetric comparison

Shortcut operator binary

implementation return x self

lessOrEqualselftype x TBoolean Symmetric comparison

Shortcut operator binary

implementation return x self or x self

greaterOrEqualselftype x TBoolean Symmetric comparison

Shortcut operator binary

implementation return x self

type TOrderedcontravar X subtype of TPartiallyOrderedX

maxselftype x selftype Maximum of the two

implementation

return if x self then self else x endif

minselftype x selftype Minimum of the two

implementation

return if x self then x else self endif

type TNumeric subtype of TOrderedTNumeric

abs TNumeric Absolute value

negate TNumeric Negation

Shortcut operator unary

addTNumeric TNumeric Addition

Shortcut operator binary

subtractTNumeric TNumeric Subtraction

Shortcut operator binary

multiplyTNumeric TNumeric Multiplication

Shortcut operator binary

divideTNumeric TNumeric Division

Shortcut operator binary

type TBoolean subtype of TObject

not TBoolean Negation

orTBoolean TBoolean Logical OR

Shortcut operator binary or

andTBoolean TBoolean Logical AND

Shortcut operator binary and

xorTBoolean TBoolean Logical XOR

Shortcut operator binary xor

ifX X X Ifexpression Shortcut

if then else endif

finite class CBoolean implements TBoolean

implementation type short atomic int

not implementation function

notint self return self

orCBoolean implementation function

andint self int x return self x

type TCharacter subtype of TDiscrete TOrderedTCharacter

ord TNatural Returns the ordinal value

finite class CASCIICharacter implements TCharacter

implementation type short atomic char

finite class CUnicodeCharacter implements TCharacter

implementation type short atomic Unichar

type TReal subtype of TNumeric

truncate TInteger Truncate throwing away

the fractional part

round TInteger Round to the nearest

sign TInteger Sign if positive if

negative otherwise

Refined from TNumeric

abs TReal

negate TReal

addTReal TReal

subtractTReal TReal

multiplyTReal TReal

divideTReal TReal

infinite class CReal implements TReal

implementation type short atomic float

infinite class CLongReal implements TReal

implementation type long atomic double

type TInteger subtype of TReal TDiscrete

divTInteger TInteger Integer division

Refined from TReal

abs TNatural

negate TInteger

addTInteger TInteger

subtractTInteger TInteger

multiplyTInteger TInteger

infinite class CInteger implements TInteger

implementation type short atomic int

infinite class CLongInteger implements TInteger

implementation type long atomic long int

type TNatural subtype of TInteger

modTNatural TNatural Remainder

Refined from TInteger

truncate TNatural

round TNatural

sign TNatural

divTNatural TNatural

addTNatural TNatural

multiplyTNatural TNatural

infinite class CNatural implements TNatural

implementation type short atomic unsigned

infinite class CLongNatural implements TNatural

implementation type long atomic long unsigned

A Collection typ es

type TCollectioncovar X subtype of TObject

hasElementX TBoolean Checks if the element

is in the collection

cardinality TNatural Collection cardinality

pick X Pick an element

mapXY TCollectionY Apply the given function to all

elements and return the

collection of results

filterXTBoolean TCollectionX Filters the receiver

collection using the

argument function as a filter

sort where X subtype of TOrderedX TListX Sorts

the elements of the

collection Only applicable to

collections of ordered elements

sortXX TBoolean TListX Sorts the collection using

the supplied sorting function

type TSetcovar X subtype of TCollectionX

subsetTSetY TBoolean Is the receiver a subset

of the argument

unionTSetY TSetlubXY Set union

intersectTSetY TSetglbXY Set intersection

differenceTSetY TSetX Set difference

addElementX TSetX Add an element

removeElementY TSetX Remove an element

Refined from TCollection

mapXY TSetY

filterXTBoolean TSetX

infinite class CSet implements TSetX

const TListX list

type TEmptySet subtype of TSetX

finite class CEmptySet implements TEmptySet

type TUSetnovar X subtype of TSetX

unionTSetX Destructive set union

intersectTSetY Destructive set intersection

differenceTSetY Destructive difference

addElementX Destructively add an element

removeElementY TBoolean Destructively remove an element

Returns if it was removed

removeAll Remove all elements

mapXX Replace all objects in the set by their images

obtained by application of the given function

manual class CUSet implements TUSetX

const TArrayX array

type TListcovar X subtype of TCollectionX

atTNatural X Get at args position

catX TListX Concatenation

sliceTNatural TNatural TListX Slice from ith

to jth element

Refined from TCollection

mapXY TListY

filterXTBoolean TListX

infinite class CList implements TListX

type TEmptyList subtype of TListX

finite class CEmptyList implements TEmptyList

type TArraynovar X subtype of TListX

Refined from TList

atTNatural X Set at args position

sliceTNatural TNatural TListX Slice set

manual class CArray implements TArrayX

type TString subtype of TListTCharacter

Refined from TList

catTString TString

sliceTNatural TNatural TString

filterTCharacterTBoolean TString

infinite class CString implements TString

infinite class CUnicodeString implements TString

A Imp erativetyp es

type TVarnovar X subtype of TObject

get X Get the value

setX Set the value

destructiveXX See the note below

manual class CVarX implements TVarX

The b ehavior destructive is designed to replace the value stored in the variable by the value

generated from the old contents of that variable by the function passed in as an argument In other

words

vdestructivef

is equivalentto

vsetvgetf

For example

Integer v

v

vdestructivenegate

vprintstdout

will print while

Integer v

v

vdestructivefun x return xplus

vprintstdout

will print

A Metatyp es

type TConstrainedType subtype of TPartiallyOrderedTConstrainedType

components TSetTSimpleConstrainedType Components of this type

type TSimpleConstrainedType subtype of TConstrainedType

constraints TSetTTypeConstraint Constraints placed on this type

variables TSetTTypeVariable Set of type variables

root TOpenTypeOrTV Root of the type tree

type TType subtype of TSimpleConstrainedType

name TString The name

description TString Documentation

numParameters TNatural Number of type parameters

varTNatural n TVariance Variance of the nth type parameter

classes TSetTClass All associated classes

subtypes TSetTType Primary functors of immediate subtypes

supertypes TSetTType Primary functors of

immediate supertypes

subtypings TSetTTypeConstraint All subtype definitions

involving this type

deepExtent TSetTObject All enumerable objects of this

type and its subtypes

class CType implements TType

infinite class CConstrainedType implements TConstrainedType

infinite class CSimpleConstrainedType implements TSimpleConstrainedType

The partial order on typ es is subtyping

The users only dene typ es of the typ e T Type that corresp onds to a typ e explicitely declared in

the program All the other typ es can only b e generated automatically usually during typ echecking

The typ es dened b elow are not metatyp es as such but are used in metatyp e construction They

are here for completeness of the sp ecication

type TOpenTypeOrTV subtype of TObject

type TOpenType subtype of TOpenTypeOrTV

primaryFunctor TType Primary functor

children TListTOpenTypeOrTV Children

type TTypeVariable subtype of TOpenTypeOrTV

type TTypeConstraint

left TOpenTypeOrTV left side of the constraint

right TOpenTypeOrTV right side of the constraint

infinite class COpenType implements TOpenType

infinite class CTypeVariable implements TTypeVariable

infinite class CTypeConstraint implements TTypeConstraint

The following is the typ e of implementation typ es

type TImplementationType subtype of TPartiallyOrderedTImplementationType

name TString The name

description TString Documentation

classes TSetTClass All associated classes

subtypes TSetTImplementationType Immediate subtypes

supertypes TSetTImplementationType Immediate supertypes

layout TString host language description

of an object layout

class CImplementationType implements TImplementationType

A Class typ es and the metaclasses

type TInfiniteClasscovar X subtype of TObject

name TString The name

type TType Associated type

containsTObject TBoolean Is this an object of this class

itype TImplementationType Associated implementation type

extends TSetTInfiniteClassTObject Classes that

this one extends

class CInfiniteClass implements TInfiniteClass

type TFiniteClasscovar X subtype of TInfiniteClassX

extent TSetX Shallow extent

class CFiniteClass implements TFiniteClass

type TManualClasscovar X subtype of TInfiniteClassX

basicNew X Object creation

class CManualClass implements TManualClass

type TClasscovar X subtype of TFiniteClassX TManualClassX

class CClass implements TClass

App endix B

Implementation Notes

In this section design considerations related to various asp ects of implementation of a database

programming language with the typ e system describ ed in this dissertation are presented Most of

these design decisions were conceived discussed and tried out during implementation of the pilot

version of TIGUKAT OODBMS describ ed in OPS and Pet

One of the main goals of the TIGUKAT OODBMS is to provide a uniform ob jectoriented

environment In this environment every entity is an ob ject that p ossesses a typ e that denes its

interface and an implementation typ e that denes its memory layout An ob ject is referred to by

its unique object identieroranOID The only elementary actions are b ehavior applications and

lowerlevel invisible for the user readwrite op erations on ob ject comp onents attributes

Section B discusses inmemory OID structure and the ob ject addressing in general Section B

provides several references on ecientmultimetho d dispatchtechniques Section B describ es the

role implementation typ es play in the system Finally Section B briey discusses the eects of

adding p ersistence to the language

B Ob ject identiers

Since the only elementary action explicitly available in the prop osed language is b ehavior applica

tion eciency of the language is crucially dep endent on the eciency of the dispatch mechanism

Since dynamic typ es of ob jects are required for the dispatch to op erate access to the ob ject typ e

information sucient for dispatch purp oses should b e made as ecient as p ossible The most e

cient access to typ e information can b e achieved when it is enco ded directly within an OID Then

in order to dispatch on a particular ob ject this ob ject do es not have to b e accessed at all in fact

it may not b e in the application memory as long as its OID is available

Thus the rst part of an OID is a typeindexAtyp e index do es not enco de the complete ob ject

typ e Rather it denotes a pair of which the rst comp onent is a primary functor of the ob jects run

time typ e and the second comp onent is the ob jects implementation typ e Since only the primary

functors make a dierence for the dispatch pro cess the information denoted by the typ e index is

sucient to p erform dispatch The typ e index is in fact an index into a global type table hence

the name Eachentry in the typ e table is a pair denoted by the resp ectivetyp e index In the

current implementation the size of the typ e index eld is bytes which allows for distinct

typ e indices Since only concrete typ es receivetyp e indices this number is likely to b e more than

sucient

The second part of the OID is the ob ject identier prop er called contents The rst two bits

of this eld identify one of three ob ject varieties For eachvariety the rest of the contents eld is

interpreted dierently In the current implementation the size of the contents eld is bytes

Short atomic ob jects are the ob jects that do not maintain state are immutableandhave small

enough size to t into the contents eld entirely An example of suchanobjectisaninteger number

By enco ding short atomic ob jects in this manner their identity is automatically guaranteed For

example no matter how many times an ob ject app ears in the program all its o ccurrences will have

the same OID and will thus b e indistinguishable from one another An OID of a short atomic ob ject

can b e p erceived as a reference into a constant innite p o ol of predened ob jects The user can

intro duce his own short atomic ob jects by dening an appropriate implementation typ e for them

Long atomic ob jects are immutable ob jects but with size large enough not to t into the

contents eld For such ob jects the contents eld represents the address on the heap where the

ob ject is lo cated Since long atomic ob jects are immutable reference sharing problems do not arise

Immutable sets and strings are examples of systemdened long atomic ob jects The user can also

intro duce his own long atomic ob jects

Regular ob jects are mutable ob jects For these ob jects the contents eld represents an index

into the global object tableAnentry in the ob ject table enco des along with other information the

address of the ob ject on the heap The advantage of this indirect approach is the ability to resize

and move ob jects freely including moving tofrom p ersistent storage and delete ob jects in a safe

manner The disadvantage is the impact on eciency made by an additional indirection during each

access Most if not all userdened ob ject typ es will fall into this category

An implementation typ e can sp ecify the desired interpretation of the contents eld of its ob

ject identiers by using sp eciers short atomic long atomicand regular This sp ecication is

placed in implementation typ es since it is a lowlevel prop erty not essential for interface or structure

sp ecications

In this section the organization of OIDs was describ ed The next section outlines ecient

dispatch techniques suited for the language in question

B Multiple dispatch

Since the language under consideration features multiple dispatch that requires that dispatch b e done

on the typ es of all arguments rather than on the typ e of the receiver onlysomeofthewellknown

ecient dispatchtechniques such as vtables do not apply

Multimetho d dispatch techniques can b e separated into two broad classes cachebased and

tablebased Cachebased techniques rely on a sort of a branch prediction mechanism to cache in

the most common case but can take a while to dispatch if a cache miss o ccurs The technique

used in Cecil language is cachebased Chaa DCG DGC oers some improvements in

nonreexive case

Tablebased techniques rely on some sort of a table where all p ossible dispatchvariants are stored

The organization and access to this table is the dierentiating factor b etween the techniques from

this group These techniques are describ ed in CT DAS HSPL HLPS and PHLS

Out of these the technique describ ed in HLPS is the simplest to implementandworks very well

in the presence of typ e system changes Techniques describ ed in HSPL and PHLS are more

ecientO k where k is the b ehavior arity but an additional work is required to adapt them for

a reexive system

In the next section the usage of implementation typ es in lowlevel sp ecications is describ ed

B Implementation typ es and functions

An implementation typ e is a description of the ob jects memory layout A sp ecial predened im

plementation typ e IT TgObject corresp onds to the implementation of a regular TIGUKAT ob ject

The ob jects of this implementationtyp e have an array of slots that can b e accessed byasetof

primitive functions Ob jects that haveanumb er of sp ecic elds in addition to the array of slots

are represented as instances of implementation subtyp es of IT TgObject

Atomic ob jects that are represented directly bycontents of OIDs are instances of implementation

TgObject The subtyping relationships b etween these typ es is typ es that are not subtyp es of IT

determined by their Cimplementation For example IT Character and IT Natural are subtyp es

of IT Integer b ecause in C the host language for our implementation anycharacter and any

unsigned numb er can b e treated as an integer On the other hand C integers can not b e treated

as C real numb ers and therefore IT Integer is not an implementation subtyp e of IT Real

Every implementation typ e provides a function to retrieve a full ob ject typ e This is necessary

as the typ e index only gives information necessary for dispatch purp oses which is in general less

then the full typ e eg a lists OID typ e index would tell this is an ob ject of typ e T ListX for

some X but it will not b e able to pro duce the value of X

B Adding p ersistence

Persistence has an eect on b oth global tables and ob ject representation In order to make databases

machineindep endent the following approachwas adopted The representation of an ob ject in the

database on disk and in memory are dierent The translation is provided by a pair of functions

pack and unpack asso ciated with an implementation typ e Thus each implementation typ e may

p otentially haveitsown disk representation Disk OIDs also dier from inmemory ones On disk

there are only regular OIDs as b oth short and long atomic OIDs are converted into inline tagged

data Another distinction lies in the size of typ e and ob ject indices Disk structures havemuch

larger index size indices are converted at the moment the ob ject is packed unpacked Thus each

entry of b oth ob ject table and typ e index table contains in addition to other information the long

disk version of the index or if that index has b een created by the program and do es not have

any disk equivalentyet Disk indices are assigned at the time a table entry is packed usually at

transaction commit time

Since schema ob jects liketyp es b ehaviors etc can also b e made p ersistent they have their own

typ e indices and are packed and unpacked by their resp ectivepackunpack routines Dep endencies

between schema ob jects make it necessary to provide a set of rules that determine which ob jects

are to b e made p ersistentwhenaschema ob ject b ecomes p ersistent For example if an ob ject is

made p ersistent its typ e and class b ecome p ersistentaswell These rules are describ ed in detail

in OPS

In this section various implementationandlowlevel system design issues were briey discussed

When completed the full implementation of the TIGUKAT OODBMS and its language will most

probably pro duce much more elab orate texts theses or otherwise describing its design

In the current implementation the disk version of an OID is bytes long

App endix C

Mo dule System

This chapter describ es the mo dule system prop osed for the TIGUKAT OODBPL It manages name

spaces in a manner that is orthogonal to the typ e system thus allowing the typ e system to b e free

of name space managementissues

The concept of a module as a unit of name scoping and information hiding was rst intro duced

in Mo dula and its much b etter known ospring Mo dula Wir This concept is extensively used

in the mo dern language design

Languages that make use of this p owerful concept include those of PascalMo dula family such

as Ada Ada under the name of packages DBPL SM Ob eron RW Ob eron MW

Mo dula LML and Mo dula Har

Languages from ML language family also make use of the mo dules Mo dules in these languages

however are interface sp ecications rather than mo dules as such It has b een shown that ML

mo dules can b e used in place of interface typ es in ob jectoriented programming TT This

family of languages includes Standard ML MTH Galileo ACO Amb er Cara and Haskell

HJW

Other languages that utilize mo dules include TM BBdB LOOM BFP Theta LCD

Dylan App Mo dular Smalltalk Hola TL MMS BETA MMPN under the name of

fragments JavaAG and Pizza OW the latter two use the name package

In CL the usage of mo dules in BeCecil is describ ed and their interaction with various ob ject

oriented constructs is investigated

In Jigsaw Bra mo dules are used as one of the central language concepts It is argued that

mo dules b e used instead of classes

Mo dularity and the use of mo dules is also advo cated in TNG

This chapter is organized as follows Section C discusses the problems related to the coupling

of inheritance and name space management in the current ob jectoriented languages Section C

illustrates the concepts of mo dule exp ort and imp ort Inner mo dules are intro duced in Section C

The algorithm for name resolution in the presence of inner mo dules is presented in Section C

Finally Section C briey discusses issues related to the mo dule p ersistence

C Information hiding and sharing

Traditionally in ob jectoriented languages classes were used as a unit of information sharing and

hiding The b est known example of this approach is C Str with its use of public private

and protected keywords Even though there are no comp elling reasons for coupling inheritance

with name space management this approachwas also adopted in JavaAG However due to

wellknown problems related to this approach Java has a complementary mechanism for dealing

with name space management namely that of packagesPackages eliminate the need for cum

b ersome friend constructs that are used in C to overcome the problems related to the coupling

of inheritance and name space management units

In order to illustrate the problems related to such coupling consider the following example Let

T Bank T InvestmentCompany and T InsuranceCompany b e the typ es that dene interface of their

resp ective realworld entities Consider a nancial group that has a bank an investment company

and an insurance company as its comp onents Let FinancialRecords b e a message that can b e sent

to any bank or company to receive nancial records of a given institution Wewould like to make

FinancialRecords available inside the nancial group but not outside of it In the absence of mo d

ules there is no way to accomplish this functionality unless a new wrapp er typ e T FinancialGroup

is dened However in this case all access to the bank and the investment and insurance company

has to go through the nancial group which means that all public interfaces of the bank investment

and insurance company has to b e duplicated in T FinancialGroupFor example if banks and com

panies have a publicly accessible metho d WithdrawFunds that will necessitate the creation of three

metho ds in T FinancialGroup namely WithdrawFundsFromBank WithdrawFundsFromInvestment

and WithdrawFundsFromInsurance This makes the interface denition unnecessarily complex and

any further interface mo dication complicated and errorprone In the presence of mo dules how

ever a nancial group can b e represented as a module rather than a class That mo dule may exp ort

the bank investment and insurance companies together with their public interfaces but not the

message FinancialRecords

In the prop osed typ e system only the question of message b ehavior hiding is relevant as all

instance variables are hidden and can not b e directly accessed byanytyp e Thus the following

discussion concentrates on the mo dular mechanisms for b ehavior hiding

C Exp ort and imp ort

Every mo dule contains export and import lists A mo dule can b e understo o d a membrane that stops

everything but the names listed in the imp ort list from getting in and it also stops all names except

for those listed in the exp ort lists from getting out

Every entry in the exp ort table is organized as follows It has a qualied name of the symbol to

exp ort its p ossibly empty alias that will b e used outside the exp orting mo dule and a ag that

indicates whether all names are to b e exp orted The ag only makes sense if this entry exp orts a

mo dule

An entry in the imp ort table also consists of the qualied name of the imp orted symb ol its

p ossibly empty alias to b e used inside the imp orting mo dule and a ag that indicates whether all

names are to b e imp orted The ag only makes sense if this entry imp orts a mo dule

Example

module MBank

import all MFinance MFinancialInstitution

import MFinancialInstitutionTFinancialInstitution as TRoot

export MBankTBank MBankWithdrawFunds

export all MFinancialInstitution

type TBank subtype of TRoot

module MMain

import all MBank

TBank bank

bankWithdrawFunds

Here the mo dule M Bank imp orts everything that is exp orted by b oth M FinancialInstitution

and M Finance lo cally renaming T FinancialInstitution imp orted from

M FinancialInstitution as T Root It exp orts the typ e T Bankthebehavior WithdrawFunds

and all symb ols exp orted by M FinancialInstitution The mo dule M Main imp orts all symbols

exp orted by M Bank and can therefore use b oth T Bank and WithdrawFunds

Note that this arrangement allows one to dene reexp ort of imp orted symb ols p ossibly renaming

them along the way This makes it p ossible to dene more restrictiveversions of existing mo dules

views For example the following denes a customer view of a bank

module MCustomerBank

import all MBank

export MBankTBank MBankWithdrawFunds

Bank and M CustomerBank is that the latter only allows the usage of banks The dierence b etween M

metho ds but not those of a nancial institution

C Inner mo dules

In order to design hierarchical systems a notion of inner module is intro duced An inner mo dule

is dened inside another parent mo dule thus the hierarchy of inner mo dules forms a tree The

imp ort list of the inner mo dule contains a sp ecial entry named PARENTIfthisentry has its all

ag turned on the inner mo dule imp orts all symb ols from its parent mo dule including ones that

are not exp orted Thus an inner mo dule has an access to the internals of its parent mo dule

On the other hand the parent mo dule has access to all symb ols exp orted by the inner mo dule

It do es not have access to the symb ols that the inner mo dule do es not exp ort

There is an additional restriction placed on the inner mo dule exp ort list An inner mo dule can

not exp ort imp orted symb ols that are not explicitly exp orted by its parent mo dule This is done to

disallowbypassing exp ort lists by using inner mo dules

Example

module MBank

import all MFinance MFinancialInstitution

import MFinancialInstitutionTFinancialInstitution as TRoot

export MBankTBank MBankWithdrawFunds

export all MFinancialInstitution

type TBank subtype of TRoot

module MVault

import all PARENT

export TVault Get Put

type TVault

GetTMoney request TMoney received implementation

SecurityStandBy

module MSecurity

import all PARENT

export SecurityStandBy

Bank only b ehaviors Get and Put of the typ e T Vault can b e used However inside M Vault Inside M

all b ehaviors dened inside M Bank can b e used including the b ehavior SecurityStandBy exp orted

into the name space of M Bank by the mo dule M Security

The next section gives the algorithm for name search in the presence of inner mo dules

type TModule

Parent TModule Reference to the parent module

NameTable TNameTable Name table

ImportTable TImportTable Import table

ExportTable TExportTable Export table

type TNameTable subtype of TSetTNameTableEntry

type TNameTableEntry

Name TString Name being defined

NameDef TNameDef The definition for use by compiler

Module TModule Module reference nonNULL

if this is a name of an inner module

type TImportTable subtype of TSetTIETableEntry

type TExportTable subtype of TSetTIETableEntry

type TIETableEntry

QName TString Qualified name being imported exported

Alias TString Its alias can be NULL

All TBoolean Are all names imported exported

Only makes sense if this entry

refers to a module

Figure C Mo dule data structures

C Name search

Figures C C C and C dene the algorithm and the data structures used for name search

in the presence of multiple mo dules The entry p oint of the algorithm is the b ehavior FindSymbol

Figure C For the purp oses of this algorithm it is assumed that every mo dule has a parent

mo dule except for a sp ecial ro ot mo dule that has no imp orts or exp orts This ro ot mo dule is

considered to b e a parent of all mo dules dened in the global scop e It is also assumed that imp ort

table of every mo dule has an entry marked with a predened name PARENT that refers to the

parent of the given mo dule

The algorithm either pro duces the variable denition along with the mo dule it is lo cated in or

one of two error conditions UNDEFINED or AMBIGUOUS There is a builtin ambiguity resolution that

assigns lower priority to symb ols implicitly imp orted from inner mo dules However this is the only

case when one denition sup ersedes another In all other cases the AMBIGUOUS error o ccurs

Function TModuleFindSymbol

Purpose find a symbol in the given module

Input

self the receiver module to locate symbol in

qname qualified name of the symbol to search for

Output

pair of modulenameDef where

module module where the found name definition is located

nameDef name definition for use by compiler

Errors

Can throw one of

AMBIGUOUS the name is ambiguous

UNDEFINED the name is undefined

TModuleFindSymbolTString qname TNameDef TModule implementation

TSetTModuleTString trace

TUSetTNumber TNameDef TModule results

TNameDef resultND

TModule resultMod

TNumber resultPri MAXNUM

TBoolean resultAmbiguous FALSE

FindHereqname TRUE trace results

if resultsIsEmpty then throw UNDEFINED

Choose the result with the highest priority

If there is more than one this symbol is ambiguous

for each e in results do

TNumber priority

TNameDef nameDef

TModule module

priority nameDef module e

if priority resultPri then

resultAmbiguous FALSE

resultPri resultND resultMod priority nameDef module

elseif priority resultPri then

resultAmbiguous TRUE

if resultAmbiguous then

throw AMBIGUOUS

else

return resultND resultMod

Figure C Name search

Function TModuleFindHere

Purpose find all symbol definitions available in the given module

Input

self the receiver module to locate symbol in

qname qualified name of the symbol to search for

priority current search priority is the highest

parentSearch a boolean flag that indicates whether

the enclosing module should be searched

trace set of modulename pairs already tried

InputOutput

results updatable set of results Each result is a triple

that consists of

priority the priority of the successful search

nameDef name definition

module module where the found name definition is located

TModuleFindHere TString qname TNumber priority TBoolean parentSearch

TSetTModule TString trace

TUSetTNumber TNameDef TModule results implementation

Attempt to locate the symbol in the name table

and inner modules

for each e in NameTable do

if eName qname then

resultsinsertpriorityeNameDefself

elseif eModule NULL then

if eNameIsPrefixOfqname then

TString nameTail qnameRemovePrefixeName

eModuleFindExternalnameTailprioritytraceresults

else

eModuleFindExternalqnamepriority traceresults

Attempt to locate the symbol among imports

for each e in ImportTable do

if eQName PARENT and not parentSearch then continue

TString name if eAlias NULL then eAlias else eQName

if nameIsPrefixOfqname then

TString nameTail qnameRemovePrefixname

if eAll or nameTail then

TSetTModuleTString newTrace selfqname

ParentFindHereeQName nameTailpriorityTRUEnewTraceresults

Figure C Name search in the given mo dule

Function TModuleFindExternal

Purpose find all symbol definitions exported by the given module

Input

self the receiver module to locate symbol in

qname qualified name of the symbol to search for

priority current search priority is the highest

trace set of modulename pairs already tried

InputOutput

results updatable set of results Each result is a triple

that consists of

priority the priority of the successful search

nameDef name definition

module module where the found name definition is located

TModuleFindExternal TString qname TNumber priority

TSetTModule TString trace

TUSetTNumber TNameDef TModule results implementation

Fail if already visited this place

if traceIncludesselfqname then

return

else

traceInsertselfqname

for each e in ExportTable do

TString name if eAlias NULL then eAlias else eQName

if nameIsPrefixOfqname then

TString nameTail qnameRemovePrefixname

if eAll OR nameTail then

FindHereeQName nameTail priority FALSE trace results

Figure C External name search in the given mo dule

Due to the restriction mentioned in the previous section an inner mo dule can not exp ort symbols

from its parent the b ehavior FindHere has an additional argument parentSearch whichissetto

FALSE every time an external search is p erformed This prevents the algorithm from searching the

parent hierarchyofagiven mo dule

The trace is necessary to avoid innite recursion The reason whysuch a situation can o ccur

is the fact that there are no acyclicity restrictions placed on the imp ort mo dule hierarchy This

signicantly facilitates the design pro cess The trace is reset in FindHere when the search pro ceeds

to the parent mo dule to reduce the amount of testing required This optimization is valid since only

internal searches are allowed to lo ok in the parent mo dule thus innite cycles do not o ccur when

the algorithm go es up the parent hierarchy

The data structures depicted in Figure C are related to a single mo dule The name table

contains the set of names dened in the given mo dule including any inner mo dules present The

imp ort exp ort table represents the set of all imp orts exp orts of the given mo dule Parent refers

to the parentmodule

C Adding p ersistence

Mo dules typ es b ehaviors and all the other schema entities are ob jects and can therefore b e stored

in the database and retrieved from it In order to indicate that a particular mo dule is p ersistent

the PERSISTENT keyword can b e added to its denition If a mo dule is p ersistent then all typ es

b ehaviors classes functions and inner mo dules dened in it are also p ersistent Only toplevel

mo dules can b e declared p ersistent If a mo dule is p ersistent then all mo dules from which it imp orts

should also b e declared p ersistent These restrictions ensure that p ersistent mo dules dep endencies

p ersist along with the mo dule itself

In this chapter the mo dule system and the algorithm for name resolution have b een describ ed

This mo dule system is orthogonal to the typ e system and therefore do es not aect typ echecking At

the same time the elab orate imp ortexp ort mechanism along with inner mo dules provides a p owerful

way to deal with information hiding and sharing at the mo dule level The mo dule system is also

capable of mo deling views which is one of the ma jor schema information managementmechanisms

in traditional database management systems