What Is Subtyping?

A subtype relation is a pre-order on types that validates the subsumption principle.

CMPSCI 630: Programming Languages Notation: σ <: τ. Subtyping •

Spring 2009 Pre-order: reflexive and transitive binary relation. (with thanks to Robert Harper) •

Subsumption Principle: if σ <: τ, then an expression of • type σ suffices whenever one of type τ is required.

1

What Is Subtyping? What Is Subtyping?

The subsumption principle codifies a principle of code re-use. To decide whether a subtype relation σ <: τ is reasonable, we must check the subsumption principle.

Every use of a value of type τ must make sense when given • a value of type σ. Allows you to “re-use” a value of type σ in a τ context whenever σ <: τ. Must consider all possible uses of values of type τ. • Subsumption is sometimes called inheritance, but it is best not to confuse notions. That is, need to determine whether every introductory form of the subtype can be safely manipulated by every eliminatory form of the supertype. 2 3

Subsumption Numeric Subtyping

To ensure that subtyping is a pre-order we insist that the follow- Good way to get subtyping wrong is to equate it with subsetting ing structural rules be admissible: of values. ρ <: σσ<: τ τ <: τ ρ <: τ For example, it’s tempting to postulate the subtyping relation- ship: Either tacitly include these rules as primitive or prove they are int <: rat <: real admissible for a given set of subtyping rules

The subsumption rule is the fundamental definition of subtyping: Motivated by the inclusion Z Q R. ⊆ ⊆ Γ e : σσ<: τ ! Γ e : τ ! But this is unrealistic due to nature of floating point represen- tation! NB: the typing relation is no longer syntax-directed! 4 5 Product Subtyping Product Subtyping

One form of subtyping for tuples, called width subtyping, is In the common case where the index sets are initial segments of specified by the subtyping rule: the natural numbers, this specializes to: J I m n ⊆ ≥ Πi Iτi <: Πj Jτj <τ1, ...,τm> <: <τ1, ... ,τn> ∈ ∈

The wider tuple is a subtype of the narrower! The wider tuple is a subtype of the narrower!

Projections from a narrow tuple apply also to a wide tuple. Projections from a narrow tuple apply also to a wide tuple. • •

Conversely, a 9-tuple has no 10th component. Conversely, a 9-tuple has no 10th component. • •

6 7

Record Subtyping Record Subtyping

Width subtyping rule for records, where the index sets are finite Evaluation of record projection: sets of symbols, is: l v 1 1 · i %→ i m n <:≥ 1 1 m m 1 1 n n But how do we find the field labelled li?

Meaning depends on whether record types are ordered (C-like) Without subtyping we can use the type of the record to • or unordered (ML-like): predict the position of any field.

With subtyping the type does not reveal the shape of the Ordered: can drop fields at the end of a record. • • record; there may be many more fields than the type spec- ifies! Options include mapping (e.g., hash) functions and Unordered: can drop fields anywhere within a record. coercion (immutable records only). • 8 9

Sum Subtyping Sum Subtyping

What is the appropriate width subtyping rule for finite sums? In the common case where the index sets are initial segments of I J the natural numbers, this specializes to: ⊆ Σi Iτi <: Σj Jτj m n ∈ ∈ ≤ [l1 : τ1, ... ,lm : τm] <: [l1 : τ1, ... ,ln : τn] The smaller sum is the subtype. Why? An element in[l ](e) of the smaller is also an element of the • i larger. An element in[l ](e) of the smaller is also an element of the • i larger. Case analysis on the supertype covers the subtype. • Case analysis on the supertype covers the subtype. •

10 11 Variance Principles Product Subtyping

A variance principle tells how a type constructor interacts with Subtyping rule for tuple types specifies that tuples are covariant: subtyping in each position. ( i I) σ <: τ ∀ ∈ i i Πi Iσi <: Πi Iτi ∈ ∈ Covariance: the constructor preserves subtyping. • Subtyping is preserved in each field of the tuple.

Contravariance: the constructor reverses subtyping. • Called depth subtyping since it applies subtyping within com- ponents. Invariance: the constructor precludes subtyping. •

12 13

Product Subtyping Record Subtyping

For n-tuples the rule specializes to: Covariant depth subtyping also applies to record types.:

σ1 <: τ1 ... σn <: τn <: σ1 <: τ1 ... σn <: τn 1 1 1 1 <σ1, ...,σn> <: <τ1, ... ,τn> Subtyping is preserved in each field of the record.

14 15

Product Variance Sum Subtyping

Why is covariance safe? Depth subtyping for sums is also based on covariance: ( i I) σ <: τ ∀ ∈ i i Must check that it validates subsumption. Σi Iσi <: Σi Iτi • ∈ ∈

What can we do with a value of type <τ , ... ,τn>? Check: case analysis on the supertype. • 1

– Extract ith component and use it as a value of type τi. The ith case expects a value of type τ ; • i If we actually have a value of type <σ , ...,σn>, the ith com- • 1 ponent is a σi. By subsumption it is OK to provide a value of type σ . • i – But we can use it as a τi!

16 17 Sum Subtyping Function Subtyping

When specialized to symbolic labels as index sets, the covariance What variance principles should apply to σ τ? → principle for sum types takes the following form:

When is it sensible to have σ1 <: τ1 ... σn <: τn • [l1 : σ1, ...,ln : σn] <: [l1 : τ1, ... ,ln : τn] σ τ <: σ τ ? → ) → )

What can we do with a value of the supertype? Is a value of • the subtype acceptable?

18 19

Function Variance Function Variance

What can we do with a value of type σ τ ? Suppose now that f : σ τ. ) → ) →

Apply it to an argument of type σ . When does it make sense to apply it to a value of type σ ? • ) • ) Only if σ) <: σ!

Use the result as a value of type τ . • ) When does it make sense to use its result as a value of type • τ )? Only if τ <: τ )!

20 21

Function Variance Safety for Subtyping

The function type constructor is Proving safety in the presence of subtyping is a bit delicate.

Subsumption means that static type only reveals partial informa- Covariant in the range. • tion regarding underlying values.

Contravariant in the domain. So proof of preservation and progress, and statements and proofs • of underlying lemmas, change accordingly.

The variance rule for functions is Illustrated here by considering safety of product types in isolation. σ) <: στ<: τ ) σ τ <: σ τ → ) → )

22 23 Tuple Types: Static Semantics Safety for Tuples

Lemma 1 (Structurality) ( i I) Γ e : τ ∀ ∈ ! i i 1. The tuple subtyping relation is reflexive and transitive. Γ i I : Πi Iτi ! ∈ ∈ Γ e : Πi Iτi j I ! ∈ ∈ 2. The typing judgement Γ e : τ is closed under weakening Γ e j : τj ! ! · and substitution. Γ e : σσ<: τ ! Γ e : τ ! m n <τ1, ...,τm> <:≥ <τ1, ... ,τn>

σ1 <: τ1 ... σn <: τn <σ1, ...,σn> <: <τ1, ... ,τn>

24 25

Safety for Tuples Tuple Types: Dynamic Semantics Lemma 2 (Inversion) 1. If e j : τ then e : Πi Iτi, j I, and τj <: τ. ( i I) ei val · ∈ ∈ { ∀ ∈ } val

2. If i I : τ then Πi Iσi <: τ where ei : σi for each i I. ej ej) ( i = j) ei) = ei ∈ ∈ ∈ %→ ∀ * { } 1 i %→ 1) i) 3. If σ <: Πj Jτj, then σ = Πi Iσi for some I and some types σi ∈ ∈ e e) for i I. e j %→ e j ∈ · %→ ) · val 4. If Πi Iσi <: Πj Jτj, then J I and σj <: τj for each j J. j e ∈ ∈ ⊆ ∈ i · %→ j Proof: By induction on the typing rules, taking special care Bracketed rule omitted for lazy semantics and included for eager with the subsumption rule. ! semantics.

26 27

Safety for Tuples Safety for Tuples Theorem 4 (Canonical Forms) Theorem 3 (Preservation) If e val and e : Πj Jτj, then e is of the form i I where J I If e : τ and e e), then e) : τ. ∈ ∈ ⊆ %→ and e : τ for each j J. j j ∈ Proof: By induction on dynamic semantics. ! Proof: By induction on static semantics, taking account of the definition of values. Note that the value of a tuple type is, in general, larger than is predicted by its type. !

28 29 Safety for Records Summary Theorem 5 (Progress) If e : τ, then either e val, or there exists e such that e e . Subtyping supports code reuse by subsumption. ) %→ )

Choosing subtyping principles is tricky. Proof: By induction on static semantics. !

Unsoundness. •

Potential for inefficiency. •

30 31