An Accidental Simula User Luca Cardelli Microsoft Research

ECOOP 2007 Dahl-Nygaard Senior Prize 2007-08-02

http://LucaCardelli.name ● ● program verification for both procedural and object and for both procedural verification program of the by still over area yet, from bloomingas witnessed is the story far And cultures. both object the end, in But impossiblycomplicated. any unification Reynolds, that made described by well procedures, and objects between seemed mismatch to beadeep fundamental task hand. at to the helpedwhile.Typefor theory hadbe at leastfor unexpectedly, a recast rather theory domain the way, Along programming. functional and developed procedural for being methods the that formalwere with that philosophyefforts difficultto reconcile and the gradual and philosophy different of programming, embodiment of a radically that The slow amgoing totell realization I very the story isvery, object being call improvedall, an it was Still, little classes). to do with seemed to haveconfusingly types (which data and abstract semantics (which well, nothing is perfect. Hot topicsthose the in freshly were invented days classes) and compilation(prefix Separate processing. string proper collection, and typing, garbage come to closeNothing could Simula’67.and COBOL, PL/1, 1.5, Lisp Fortran, 370 inthe 70’s, APL,between on IBM an really,a simpleIt choice,was - by Simula - name. So, it became my first favorite language, for every reason other it other than reason for every language, favorite my first So, itbecame name. - - coroutines oriented and procedural programming have benefited from the clash of of the from clash benefited have programming procedural and oriented after because, to get something done choicecomfortablyobvious was the oriented. Landin’s Simula lambda Algol were nice bonuses. And then there were these ... “objects” these but, were then there And nice bonuses. were didn’t have), formal type systems (which objects didn’t have), have), didn’t type objects systems formal (whichdidn’t have), . It even supported the functional programming feature of of feature programming the It functional even supported . - reductionism had to be partially abandoned. Always, there there Always, abandoned. to partiallyhad be reductionism Abstract - oriented languages. oriented Simula’s combination of strong strong of combination Simula was the was the denotational 2007 - 08 - 02

2 Luca Cardelli ● ● ● Only two things really Hence, apersonalperspective: I am underno pressureto present newresults – – – – – Simula Simula 67 did O How did Iget How here? (I understand.) - calculus le - Johan Dahl Johan marked and and Outline Kristen Kristen me as anundergraduate: Nygaard influence influence my work? 2007 - 08 - 02

3 Luca Cardelli I: Functions 2007 - 08 - 02

4 Luca Cardelli ● ● “Structured Programming” Programming” “Structured book [Dahl, Functional Programming – – – – Dahl type and typesconstructors) (data structuring” Hoare: “Data Dijkstra denotation etc. etc. semantics, - ● ● calculus, Scheme, abstract machines, program transformations, transformations, machines, program abstract Scheme, calculus, Note: Note: “ attributes of a new class or block. Concatenation consists in a classes A or and B, a classA and and results in a block C, formation the “Concatenation [ to the class bodyarecalled as survive call its will be as a known “A which procedure is capable of giving rise to block instances which & Hoare: “Hierarchical Program Structures” ( Structures” Program & Hoare:“Hierarchical objects : “Structured Programming” (nested program structures) program (nested Programming” : “Structured this Things I Learned in Pisa of both components, of both components, and the of that class” ...of that “Any local variables declaredor procedures ” is in examples used but never discussed. subclassing ] is between an two operation defined attributes Dijkstra class , and the instances , and instances the will be known of that class”. of that , Hoare] (1972) Hoare], composition composition or their actions Simula 67 Simula ): merging merging of the 2007 - 08 .” - 02

5 Luca Cardelli ● ● ● Conversely, John Reynolds: But Simula’67 available was (on IBM 370) useAlgol’68! to I wanted – – – – – – – and had to useAlgol!and had too expensive, it was but Wanted to useSimula BUT SIMULA CHOICE NO (reasonable) But did I not the buyo mostlyof because So, I didin most of programming my Lisp PL/1. 1.5, APL, Fortran, tried: I Other languages on IBM machines. availablenot out, it was as it turned But luckily, language. algorithmic overdesigned) (way State of the art ● ● for separate compilation (via a rather weird mode of classprefixing) to obtain heap Things I Used in Pisa - allocated, garbage collected, data structures garbage collection garbage - o propaganda; I exploitedjust o propaganda;it: Simula 67 Simula and strong typing strong , [Wikipedia] TOPS CDC 3000 System/360 UNIVAC 1100 Simula: of implementations main fourwere there seventiesearly the and sixties late theIn - 10 by by and ENEA ENEA AB Yucc University of Oslo of University by System/370 NCC and ! gross! ! strings by Swedish Research Institute for National for InstituteSwedishResearchby 's Joint Computer Installation at Installation Computer Joint 's ! Courtesy Rune of (left) Kristen and SIMULA AlwaysFirst! Ole Kjeller Nygaard Myhre Defence 2007 , , 1982. , Dagbladet - - 08 Johan DahlJohan - (FOA) 02 . Luca Cardelli ● ● My Master Thesis To categorize all program constructions – – – – – – Mildly influenced by Simula:Mildlyby influenced language a single in concepts “all” program Tried to capture languages of semantics programming On denotational [Plotkin]). Semantics to beOperational out later turned or something (which [Scott semantics or denotational give them them to And translate ● ● But But I realized there was a more lot to it. Had a section on classes and subtyping by explicit injections. The Goals ofthe Times - calculus [ calculus Landin ] - Strachey] 2007 - 08 - 02

7 Luca Cardelli ● ● ● ● ● From From Robin Milner DavidPark): (and From Plotkin: Gordon Pascal ML Polymorphism – – – – – – – – – – – – Bisimulation Systems of CalculusCommunicating semantics Operational duality Product/sum Contravariance languages. functional from slope awaySo aslippery began types. enumeration and No nice objects, but records a nice Finally, Interactive products). binary No (just not objects, and even records language!programmingFinally,a nice types”. belongs that tomany“AHmm...familiar?? function Things I Learned in Edinburgh (in a way more “object away (in (later, unlikely, useful for recursive types) recursive for useful unlikely,(later, implementation from Category Theory Category from (records/variants) from Category Theory Category from (records/variants) (on a slippery slope away from denotational) from slope away(on a slippery language! (To implement ML!) language! - oriented” than batch Simula). than batch oriented” (how not to be a slave of to of a slave not be (how - calculus) 2007 - 08 - 02

8 Luca Cardelli ● ● (and (and Ghelli back in student) as a Pisa. Galileo ML extensions – – – – – – example of undecidability of of F<:. example of undecidability the first the providing of subtyping, theory Ghellito laterimportant madecontributions With Simula constructs (map/filter). With ML variants) and (with records A little industry.) a became(This later up. gave but inference, by type subtyping record Tried to add to ML. variants and Added records DataBase , with Albano and - inspired typing and aggregation/bulk aggregation/bulk typing and inspired But Still Bugged by Simula - programming language language programming inspired subtyping (for OODB). (for subtyping inspired Orsini slides Contemporary 2007 - 08 - 02

9 Luca Cardelli ● ● Instead, a Instead, clash of cultures: Where the was Theory ofObject – – – – – – – – – The latter had plenty of mathematical justification. plenty of mathematicalThe had latter “ “ Object languages: Modular Imperative languages: languages: Functional languages: Database Logic languages: Everything is a function is a Everything is object an Everything A Gaping Gap in the Literature - oriented languages: languages: oriented -- > Predicate logic Predicate> -- -- > Algebraic semantics Algebraic> -- -- > Relational calculusRelational > > ” (Smalltalk) > Hoare Logic / Weakest Weakest Preconditions / Logic Hoare > ” ( - calculus -- - calculus) > ??? > - Oriented Languages Languages Oriented ?!? 2007 - 08 - 02 10 Luca Cardelli ● ● ● ● ... not to mention ... not mention to Smalltalk or modules No types, abstract data No formal type system No denotational semantics – – – – – – – What Simula did not Have (or Need?) the need of a whole framework in which to study inheritance. to study whichin the whole framework need of a But had did not even Which a have misunderstood. widelywas architecture to software approachComputing Center The Norwegian [ modulesthe Are classes sameas types [ data abstract the Are classes sameas semantics. proof denotational via of type safety type a formalsystem and hada ML of) subset (a but Pascal), unlike (and ML like safe to be language, a was believed Simula correct. the are type that rulesbut, to check useful e.g. itself in useful Not necessarily Super inheritance instead of of Simula’sinstead inheritance syntax , a semantics!! let alone Parnas ]? Liskov Inner , indicating ]? 2007 August August 1981 - 08 - 02 11 Luca Cardelli ● ● ● ● So many So many quasi But is any essential of that or incidental? My Simula Closer functional to programming to than programming: imperative – – – – – – – – – The Reynolds duality: extending code by adding functions or by addingobjects. The or by adding functionsextending code byReynolds duality: related? functions for objects and Are polymorphismfor Can o we do o in programming Can functional we do Lots to of set work simpleup first Lots to set data types simpleof work up inductive Need higher types (to model self) Need recursive Need first ● ● “Anonymous “Anonymous delegates” in C#. A dummy virtual But O vs - - class function spaces (to spaces(to model function methods) class ML experience: O - - o in functional programming? o functional in connections order logics invariants) (to model class order - superclass O “Higher too is with with oflots subclasses that never inherit. - o is a lot more o ismore “ a lot - class functions - o? heavywheight - Order” ” 2007 - 08 - 02 12 Luca Cardelli ● ● ● ● In the mist of that confusion, I moved to BellLabs... Hence, question #1 time): What the issubtyping? (at Simula lots had of interesting My pickwas: features. To simple to build start youhave a theory – – – – – – – So, what is subtyping? So, subtyping? is what stated that DahlHoare clearly & oddly,that: believe Conversely mathematicians, believe that: oddly Mathematicians, inheritance) for #2 afoundation (as this/self hierarchies) class for afoundation (as #1 subtyping to o unique that are the simplestWhat are features ● ● ● ● “Any object ofalso theprefix a to class” belongs subclass (Uh? but wantwe that!) The set of 3 that!) want (Uh? don’t functions records? subtypes of we A function space is a subset of a What’s “Important” about O - tuples is tuples not a subset of the set of 2 cartesian product - tuples. - o? (apparently (apparently edited by Kim Bruce) A slide from a much later time - O? 2007 - 08 - 02 13 Luca Cardelli II: Records 2007 - 08 - 02 14 Luca Cardelli ● ● The Systems programming (Unix group) – – – – – – – Therefore enabling: Therefore non of (via subtyping subset a provided So, it accidentally was modeledwhich“big intersection” of as a domains. polymorphism, for semantics as a was designed TheModel Ideal not set, did subtyping. support value which universal the models, of “retracts” types were denotational In early But Using C ML systems not good for “as such” programming MacQueen ● ● ● ● ● ● ● never Had Had a pretty careful definition Pointer arithmetic? What’s that?? record subtyping as set inclusion of function spaces record types as domains (label records as functions (well The rumor was that he was trying to turn C into Simula. N.B.: ( Things I Learned at Bell Labs yucc Bjorne C++ (mostly out of induced disgust with C) disgust with (mostly of out induced C++ ! gross! but at least you can see see the metal)can you least gross! at but ! - Sethi just down the corridor. - - empty intersections between domains) empty between intersections Plotkin Model Plotkin Ideal - known lisp lisp known hack) - dependent function types) - based denotational semantics denotational based Systems Programming in C Programming inSystems 2007 - 08 - 02 15 Luca Cardelli ● ● Historical Footnotes “A Semantics of Multiple Inheritance” paper – – – – – – – quantification. about A Curtis paper this by question Pavel ledto bounded the focus which real of rules, paper. the were the type it allowed justify to butme It a“semantics”,was “Inheritance muchlater! written not is was subtyping” famous “Inheritance”paperthe “Subtyping”: means here the to belongs also subtype context.) term a different in theorem ( the in system. named) The (later The model self/this. “ It introduced types Function Variant, Record, for Subtyping contravariance Semantics of Subtyping objects as recursive records as recursive objects subsumption rule was introduced here. introduced was rule Ait - supertype Kaci Any value of a a of value Any rule was a rule used that used that . ” to ” “singleton” type. could belong to a Hence a “pair” record 2007 - 08 - 02 16 Luca Cardelli ● ● Contravariance At my first OOPSLA – – – – – – in a typesystem to deployit ways different many are But there failed to adopt it they because unsound were Some languages objects/methodsBut aboutnot necessarily him. from back to hear I still am waiting Meyer wrote his nameon of a piecepaper: I but about, talking he was what I no idea had it, you,it” I’llfix fix I’ll I promiseproblem, but have a paper. I I know Ah! Cardelli:“Luca something like: said and lookedat badge my animated guy o French a new booth about exhibition an at I looking was Contravariance . - o programming language. A rather A rather language. o programming is a Contravariance fact about functions ! I read your I ! Becomes (Un)Popular Bertrand Bertrand 2007 - 08 - 02 17 Luca Cardelli ● ● Extending Extending toSubtyping Quantifiers (SOL Type quantifiers After “mission” Ihada that, – – – – – – – – restricted bounded quantification rule. quantification bounded restricted type added rules at the last minute, with a with Appendix article.a “survey” N.B. this was Polymorphism” and Types,Abstraction, Data understanding Bounded Quantification [ Both modulesgive youtogether [Mitchell data abstraction to just captureshown quantifiers Existential [Reynolds] polymorphism captured quantifiers Universal were... functions and variants, records, after Next linein (subtyping). Simulawith (polymorphism)E.g. ML to mix type constructors. for subtyping To investigate and boldlygo with Peter Wegner). Peter with was born ( born was - Plotkin] MacQueen “On all ] 2007 - 08 - 02 ) 18 Luca Cardelli ● ● ● Around Around this time Seriously studying Theory Type Distributed O – – – – – – Named the Named the “ symbolsubtyping “ I the (ASCII!!) invented Proper of types theory the real Type was theory a start Denotational was semantics Network Objects ● ● ● Reynolds (polymorphism and data abstraction) Girard (second Martin contravariant - Loef - subsumption O Programming Things I Learned at DEC (dependent (dependent types) - order order rule for for quantifiers rule ” rule. - calculus) <: ” 2007 - 08 - 02 19 Luca Cardelli ● Quest ( – oriented programming oriented programming through subtyping. Setting design to out a language unify functional that would object and Qu antifiers On A Long & s ub t ypes) - Term Quest 2007 - - 08 - 02 20 Luca Cardelli ● ● System F were simplifying SOL Pierre While I was “moving to higher kinds” – – – – cutting cutting it down. They thought they were loosing by power No records: justfunctions. Wanted a simpler F system study: to POPL on Types Power paper - Louis Curien and Giorgio Ghelli <: (Pure Bounded Quantification) <: 2007 - 08 - 02 21 Luca Cardelli ● But nothing was lost! – – – [Pierce] Etc. Mitchell et. al.:F Much followedon that basis work [Cook, study subtyping. That established system” to F<: asa “core subtyping in pure F<:. typing record encode and to I how showed System F - bounded quantification] quantification] bounded <: was Enough 2007 - 08 - 02 22 Luca Cardelli ● ● ● soundness soundness and completeness Now, with finally Amadio, we proved its The Amber Rule Back the to “mission”: Recursive Types – – – – – – spirit. bisimulation in original the grounds [Pierce], set on it was And proper still later efficiency. typechecking people [ several Later CCS.in bisimulation for rule aproof inspired by It that was seemed ruleto work. I up a made types, went: “uhand recursive subtyping for at case the arrived first Amber (a up the At Labs, coding Bell rules? subtyping their are Hence what to model(?!?) Self. They necessary should be Finally: RecursiveSubtyping Types - order language with subtyping) I subtyping) with language order - oh... now now what?”. oh... Palsberg typechecker ] studied its studied its ] coinductive for for 2007 - 08 - 02 23 Luca Cardelli III: Real Languages 2007 - 08 - 02 24 Luca Cardelli ● At DEC I got in theinvolved design of Modula – Industrial Yes, But What About O - strength strength Modula - 2 for systems (o 2 - o) programming o) - 3 - O? 2007 - 08 - 02 25 Luca Cardelli ● ● ● Reuniting Reuniting existentials types to (somewhatbounded akin revelation” “partialin Innovating to use was ok and itit. when the ( set” “valuerule on discussions Driven by extensive Simula67 Particularly, Modula ). and subsumption Algol68 ! ) - 3 Types 2007 - 08 - 02 26 Luca Cardelli ● ● ● Basically, something wasn’t clicking. But lots more was now happening Mission accomplished! – – – – – find a way towards objects. find towards a way Operations on Records [with Mitchell] to Polymorphic Row Variables[Wand] recursive POPL’92 Tutorial: puzzling out [Cook HillCanning ’90] “Inheritance is not Subtyping” (classical) constructors. type We subtyping had rules for all ColorPoints Signs of Trouble . 2007 - 08 - 02 27 Luca Cardelli ● ● ● Reductionism in trouble By the early90’s... In the 80’s... – – – – – – – – workshops], was becoming workshops], becoming was “heavy”. But great that approach, activity despiteand great progress [FOOL understand type rulesthe for classes. objects and We hoping were that reducing object typed types to objectsuntyped untyped to We reduce could Handling “self” in still a typedcalculuswas puzzle. a major ColorPoints increasingly baroque activity. The and typed semantics ofobjectsa widespread and classeswas classes. still But once we got those, we difficultieshad modeling objects and We been had focusing on “getting the right”. foundations Something FishyAbout Self became the became the factorial of O - O Type Theory. O Type - calculus in many ways. - calculus would help 2007 - 08 - 02 28 Luca Cardelli ● ● Ok, I will dosomething useful Apparently... – – – – It It will are not useful) have whatsoever (types no types It will have are useful) objects (objects “Why youdosomething don’t useful?” My bosses thought so as well: was getting lost in type theory I not the was only tosuspectone I that Meanwhile, backin theReal World 2007 - 08 - 02 29 Luca Cardelli ● ● Born out of schizophrenia An – – – – – – “Most Influential Award” POPL Paper Strikingly similar to object But: same the calculus the time). at (done to manage objects.network Using the A For programming. (LAN) distributed (I still was scared ofclasses.) object ● ● ● scripting language scripting Because this was my “useful” work. Not to confused! mybe work. “useful”this was Because to present I refused to to give type theory I or semantics refused - based - calculus notion notion of lexical calculus scoping language to complement Modula Obliq as an implementation of implementation of calculus.the as an object Obliq 2005 2005 (for 1995) - 3. Obliq (others did). (others 2007 - 08 - 02 30 Luca Cardelli IV: Objects 2007 - 08 - 02 31 Luca Cardelli ● ● The Object Calculus Enough already with – – – – – – – are objects objects too” are bothered to show that nobody had object” Despite is of an “everything the credo it”. “had we it, then we knew in and calculus to encode how out Very soon we figure on the whiteboard. untyped calculusobject the original we had I Withinrecall, as hour, ½ than more out there that was there Weinspired by were it to relates lambda should object calculus invent an don’t Thiswe just Why is too hard. encodings objects in pain of the about a conversation We had a o simplified Modula“Babyinvented had AbadiMartin have , and then then , and - o language to study. o language , with , A Break withTradition . - calculus? - its own its calculus! later - - calculus and we went: and calculus calculus in the in the sense calculus we figure out how we figure rules, the rules, the rules “functions “functions - calculus! - - 3”, as 3”, it it 2007 - 08 - 02 32 Luca Cardelli except in philosophy. “theories of objects”, there were no other (1995!) revealed that A very early web search ● Rapid progress[with Martin Abadi] – – – 1996: 1996: TheoryBook “A ofObjects” 1994 “A ESOP: Theory ofPrimitive Objects” (first of many papers) 1992 Tutorial: POPL lost in type theory. A Theory ofObjects 2007 - 08 - 02 33 Luca Cardelli ... the problemin hindsight could not be be done!could not it himwe ittold after student)(thenfound a Ramesh Viswanathan 2007 - 08 - 02 34 Luca Cardelli ● Finally, Finally, ofSelf covariance Types – – – To give a covariant Self TypeSelf Tocovariant give a subtypes With recursive bounded By combining ● ● ● I Which are naturally covariant With With recursion going knew Finally Nailed Object Types they would be needed someday! Existantials through the bound! the through 2007 - 08 - 02 35 Luca Cardelli ● ● ● Reductionism By this years) (after 20 time In In the chapters later of ourbook – – – – – – – class of flavors for different type rules and general interesting derive systematically But we can we stopped. That’s where again? Is toreduce/encodegood it a idea at leastnot into (but object calculi Bruce) and ones due to the Mitchell(e.g. calculi of It’s classencoding still a“reductionist” subtyping. we encode object calculus. we encode almost read) (whichnobody classes. Simula’sto tackle About ready - based languages. Matching Selfwith ClassTypes What About Classes? [Bruce] as [Bruce] third - type - ). order , into , into 2007 - 08 - 02 36 Luca Cardelli V: Mainstream 2007 - 08 - 02 37 Luca Cardelli ● ● But progressnonetheless Java eventuallykills Modula – – – – – mainstream mainstream o The original true comes dream to another, narrowly avoiding the entire ofC++age ! from safe language move one Java meto type allowed (Modula I Gosling hear that our Modula “carefully read” As I discoveredwhen trying to translate my Modula Without being obviously superior ● ● ● ● Apart from Apart from Modules subtyping) (with TypesAbstract Programs -- -- - > ?!? Packages ?!? ?!? ?!? > Packages o language language o [Drossopoulou, > Programs > bytecode verification Post - 3 Yucc : proofs of type soundness : proofsoftypea soundness for (subsets of) - ! gross! ! -- > Interfaces > Book Eisenbach - 3 tech reports. 3 ] - 3 programs to Java. 3 - 3) 3) 2007 - 08 - 02 38 Luca Cardelli ● ● ● Turning Turning concurrency to (didn’t Simula ...) Still a bit killed that Java pissedModula Generics in and .NET C# – – – – – – – concurrency. but that not for kind of the readywas world by inspired originally Gordon), Andy (with Calculus Ambient Working on then them C# Java!) copiedfrom (Unfortunately, threads were DEC that at experience from extensive personal Javacopied have. I to didn’twork on Javawanted somethat feature type theory. about out bit And burned a Kennedy]. [Don Andrew and Syme programmers! Thanks MLto (former) polymorphismo into mainstream comes true Another dream threads a big big a At CambridgeMicrosoft yucc from Modulafrom Obliq ! gross! ! : full parametricfull : object mobility,object to work with work to - o. - 3, and I and 3, - knew 3 . 2007 J. J. - Stolfi 08 - 02 39 Luca Cardelli ● ● Polyphonic Polyphonic C#,and programming. Looking again for inspiration to functional – – – – – – I still think it is a widely underappreciated idea. underappreciated I widely itthink stillis a for join concurrency. of C# out extension an we worked ClaudioRusso) then (and Benton Nick and Fournet With Cedric in the o naturally fits extremely JoinCalculus Amazingly, the o be What could monitors. Hoare and coroutines since Simula programming concurrent ideain Thenew only [Gonthier & Fournet] elegant very more and convenient as the much INRIA) (at programming functional ( Concurrency - o framework. No threads required! No threads o framework. - calculus C - o version o Join Calculus?of version ) had been been adopted in had ) Join CalculusJoin Joins 2007 - 08 - 02 40 Luca Cardelli VI: Epilogue 2007 - 08 - 02 41 Luca Cardelli ● ● ● ● The true powerand the true difficulty We still this seedevelopingtoday trend A goal of functional programming A goal of Simula Beta) (and – – – – – – – This is legacy the of both Simula and together. Is mixed in and computation data meaning: passing functions orinside data. asdata around Is in higher And soon type inference! O Functional languages (F#) talk to object frameworks. has into functions, been data and embed unify to them has been functions embed to and unify into data, them - o languages o languages acquire parametric (C#)polymorphism, closures. and Morale: EmbraceHigher - order structures - calculus. - Order 2007 - 08 - 02 42 Luca Cardelli ● ● ● And most of all... A (veryincomplete) fragment of a fragment of history. An accidental Simula user – – – – – Never throw away old slides! They know more than slides! Never than They old more you do...throw away know Apologies EVERYBODY!to Too many and acknowledge! peopleideas to Too many things forgotten! I have o How - o snuck behind behind o snuck a functional programmer hit him and in the head. Conclusions 2007 - 08 - 02 43 Luca Cardelli