Homework Five Is Alive Simply-Typed • Ocaml now installed on dept Lambda Calculus linux/solaris machines in /usr/cs (e.g., /usr/cs/bin/ocamlc) • There will be no Number Six #1 #2 Back to School Lecture Schedule •Thu Oct 13 –Today • What is operational semantics? When would • Tue Oct 14 – Monomorphic Type Systems you use contextual (small-step) semantics? • Thu Oct 12 – Exceptions, Continuations, Rec Types • What is denotational semantics? • Tue Oct 17 – Subtyping – Homework 5 Due • What is axiomatic semantics? What is a •Thu Oct 19 –No Class verification condition? •Tue Oct 24 –2nd Order Types | Dependent Types – Double Lecture – Food? – Project Status Update Due •Thu Oct 26 –No Class • Tue Oct 31 – Theorem Proving, Proof Checking #3 #4 Today’s (Short?) Cunning Plan Why Typed Languages? • Type System Overview • Development • First-Order Type Systems – Type checking catches early many mistakes •Typing Rules – Reduced debugging time •Typing Derivations – Typed signatures are a powerful basis for design – Typed signatures enable separate compilation • Type Safety • Maintenance – Types act as checked specifications – Types can enforce abstraction •Execution – Static checking reduces the need for dynamic checking – Safe languages are easier to analyze statically • the compiler can generate better code #5 #6 1 Why Not Typed Languages? Safe Languages • There are typed languages that are not safe • Static type checking imposes constraints on the (“weakly typed languages”) programmer – Some valid programs might be rejected • All safe languages use types (static or dynamic) – But often they can be made well-typed easily Typed Untyped – Hard to step outside the language (e.g. OO programming Static Dynamic in a non-OO language, but cf. Ruby, OCaml, etc.) • Dynamic safety checks can be costly Safe ML, Java, Lisp, Scheme, Ruby, λ-calculus Ada, C#, Perl, Smalltalk, – 50% is a possible cost of bounds-checking in a tight loop Haskell, ... PHP, Python, … • In practice, the overall cost is much smaller – Memory management must be automatic ⇒ need a Unsafe C, C++, ? Assembly garbage collector with the associated run-time costs Pascal, ... – Some applications are justified in using weakly-typed • We focus on statically typed languages languages (e.g., by external safety proof) #7 #8 Properties of Type Systems Why Formal Type Systems? • How do types differ from other program • Many typed languages have informal annotations? descriptions of the type systems (e.g., in –Types are more precise than comments language reference manuals) –Types are more easily mechanizable than • A fair amount of careful analysis is required program specifications to avoid false claims of type safety • Expected properties of type systems: • A formal presentation of a type system is a – Types should be enforceable precise specification of the type checker – And allows formal proofs of type safety –Types should be checkable algorithmically • But even informal knowledge of the – Typing rules should be transparent principles of type systems help • Should be easy to see why a program is not well-typed #9 #10 Formalizing a Type System Typing Judgments 1. Syntax •Judgment(recall) • Of expressions (programs) – A statement J about certain formal entities •Of types – Has a truth value ² J • Issues of binding and scoping – Has a derivation ` J (= “a proof”) 2. Static semantics (typing rules) • A common form of typing judgment: • Define the typing judgment and its derivation rules Γ ` e : τ (e is an expression and τ is a type) 3. Dynamic semantics (e.g., operational) • Γ (Gamma) is a set of type assignments for the free • Define the evaluation judgment and its derivation rules variables of e 4. Type soundness – Defined by the grammar Γ ::= · | Γ, x : τ • Relates the static and dynamic semantics – Type assignments for variables not free in e are not • State and prove the soundness theorem relevant – e.g, x : int, y : int ` x + y : int #11 #12 2 Typing rules Typing Derivations •Typing rulesare used to derive typing •A typing derivation is a derivation of a typing judgment (big surprise there …) judgments •Example: •Examples: •We say Γ ` e : τ to mean there exists a derivation of this typing judgment (= “we can prove it”) • Type checking: given Γ, e and τ find a derivation •Type inference: given Γ and e, find τ and a derivation #13 #14 Proving Type Soundness Upcoming Exciting Episodes • A typing judgment is either true or false • We will give formal description of first-order type • Define what it means for a value to have a type systems (no type variables) v ∈ k τ k – Function types (simply typed λ-calculus) (e.g. 5 ∈ k int k and true ∈ k bool k ) – Simple types (integers and booleans) • Define what it means for an expression to have a – Structured types (products and sums) type – Imperative types (references and exceptions) e ∈ | τ | iff ∀v. (e ⇓ v ⇒ v ∈ k τ k) – Recursive types (linked lists and trees) •Prove type soundness If ·`e : τ then e ∈ | τ | • The type systems of most common languages are or equivalently first-order If ·`e : τ and e ⇓ v then v ∈ k τ k •Then we move to second-order type systems • This implies safe execution (since the result of a – Polymorphism and abstract types unsafe execution is not in k τ k for any τ) #15 #16 Simply-Typed Lambda Calculus Static Semantics of F1 •Syntax: Notice :τ • The typing judgment λ τ Terms e ::= x | x: . e | e1 e2 Γ ` e : τ | n | e1 + e2 | iszero e | true | false | not e • Some (simpler) typing rules: | if e1 then e2 else e3 Types τ ::= int | bool | τ1 → τ2 • τ1 → τ2 is the function type • → associates to the right • Arguments have typing annotations :τ • This language is also called F1 #17 #18 3 More Static Semantics of F1 Typing Derivation in F1 • Consider the term λx : int. λb : bool. if b then f x else x – With the initial typing assignment f : int → Int Why do we leave this mysterious gap? I don’t know either! –Where Γ = f : int → int, x : int, b : bool #19 #20 Type Checking in F1 Operational Semantics of F1 • Type checking is easy because •Judgment: –Typing rules are syntax directed –Typing rules are compositional (what does this mean?) e ⇓ v – All local variables are annotated with types •Values: v ::= n | true | false | λx:τ. e •In fact, type inference is also easy for F1 • Without type annotations an expression may have • The evaluation rules … no unique type – Audience participation time: raise your hand and ·`λx. x : int → int give me an evaluation rule. ·`λx. x : bool → bool #21 #22 Opsem of F1 (Cont.) Type Soundness for F1 • Call-by-value evaluation rules (sample) •Theorem: If ·`e : τ and e ⇓ v then ·`v : τ Where is the Call-By-Value? – Also called, subject reduction theorem, type How might we preservation theorem change it? • This is one of the most important sorts of theorems in PL • Whenever you make up a new safe language Evaluation is you are expected to prove this undefined for ill- – Examples: Vault, TAL, CCured, … typed programs ! • Proof: next time! #23 #24 4 Homework • Read Wright and Felleisen article • Work on your projects! The reading is – Status Update Due Soon not optional. • Work on Homework 5 #25 5.