A Simpli ed AccountofPolymorphic References Rob ert Harp er June, 1993 CMU-CS-93-169 Scho ol of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Abstract A pro of of the soundness of Tofte's imp erativetyp e discipline with resp ect to a structured op erational semantics is given. The presentation is based on a semantic formalism that combines the b ene ts of the approaches considered byWrightandFelleisen, and byTofte, leading to a particularly simple pro of of soundness of Tofte's typ e discipline. This researchwas sp onsored by the Defense Advanced Research Pro jects Agency, CSTO, under the title \The Fox Pro ject: Advanced Development of Systems Software", ARPA Order No. 8313, issued by ESD/AVS under Contract No. F19628-91-C-0168. The views and conclusions contained in this do cument are those of the author and should not b e interpreted as representing ocial p olicies, either expressed or implied, of the Defense Advanced Research Pro jects Agency or the U.S. Government. Keywords: lamb da calculus, typ e theory, functional programming, references and assignment 1 Intro duction The extension of Damas and Milner's p olymorphic typ e system for pure functional programs [2] to accomo- date mutable cells has proved to b e problematic. The nave extension of the pure language with op erations to allo cate a cell, and to retrieve and mo dify its contents is unsound [11]. The problem has received consid- erable attention, notably by Damas [3], Tofte [10,11], and LeroyandWeiss [7]. Tofte's solution is based on a greatest xed p oint construction to de ne the semantic typing relation [11] (see also [8]). This metho d has b een subsequently used by Leroy and Weiss [7]andTalpin and Jouvelot [9]. It was subsequently noted by Wright and Felleisen [13] that the pro of of soundness can b e substantially simpli ed if the argument is made by induction on the length of an execution sequence, rather than on the structure of the typing derivation. Using this metho d they establish the soundness of a restriction of the language to require that let-b ound expressions b e values. In this note we present an alternative pro of of the soundness of Tofte's imp erativetyp e discipline using a semantic framework that is intermediate b etween that of WrightandFelleisen and that of Tofte. The formalism considered admits a very simple and intuitively app ealing pro of of the soundness of Tofte's typ e discipline, and may b e of some use in subsequent studies of this and related problems. 2 A Language with Mutable Data Structures The syntax of our illustrative language is given by the following grammar: expressions e ::= x j l j unit j ref e j e := e j ! e j x:e j e e j let x be e in e 1 2 1 2 1 2 values v ::= x j l j unit j x:e The meta-variable x ranges over a countably in nite set of variables, and the meta-variable l ranges over a countably in nite set of locations. In the ab ove grammar unit is a constant, ref and ! are one-argument primitive op erations, and :=isatwo-argument primitive op eration. Capture-avoiding substitution of a value v for a free variable x in an expression e is written [v=x]e. The syntax of typeexpressions is given by the following grammar: monotypes ::= t j unit j ref j ! 1 2 polytypes ::= j8t: The meta-variable t ranges over a countably in nite set of type variables. The symbol unit is a distinguished base typ e, and typ es of the form ref stand for the typ e of references to values of typ e . The set FTV( ) of typ e variables o ccurring freely in a p olytyp e is de ned as usual, as is the op eration of capture-avoiding substitution of a monotyp e for free o ccurrences of a typ e variable t in a p olytyp e , written [=t] . A variable typing is a function mapping a nite set of variables to p olytyp es. The meta-variable ranges over variable typings. The p olytyp e assigned to a variable x in a variable typing is (x), and the variable 0 typing [x: ] is de ned so that the variable x is assigned the p olytyp e ,anda variable x 6= x is assigned 0 the p olytyp e (x ). The set of typ e variables o ccuring freely in a variable typing , written FTV ( ), is S de ned to b e FTV ( (x)). A location typing is a function mapping a nite set of lo cations to x2dom( ) monotyp es. The meta-variable ranges over lo cation typings. Notational conventions similar to those for variable typings are used for lo cation typings. Polymorphic typ e assignment is de ned by a set of rules for deriving judgements of the form ; ` e : , with the intended meaning that the expression e has typ e under the assumption that the lo cations in e have the monotyp es ascrib ed by , and the free variables in e have the p olytyp es ascrib ed by . The rules of inference are given in Table 1. These rules make use of two auxiliary notions. The polymorphic 0 instance relation is de ned to hold i is a p olytyp e of the form 8t : ...:8t : and is a monotyp e 1 n 0 of the form [ ; ...; =t ; ...;t ] ,where , ..., are monotyp es. This relation is extended to p olytyp es 1 n 1 n 1 n 0 0 by de ning i whenever . The polymorphic generalization of a monotyp e relative to a lo cation typing and variable typing , Close ( ), is the p olytyp e 8t : ...:8t : , where FTV ( ) n ; 1 n (FTV () [ FTV( )) = f t ; ...;t g. As a notational convenience, we sometimes write ` e : for ; ;` e : 1 n and Close ( ) for Close ( ). ;; The following lemma summarizes some imp ortant prop erties of the typ e system: 1 ; ` x : ( (x) ) (var) ; ` l : ref ((l )= ) (loc) ; ` unit : unit (triv) ; ` e : (ref) ; ` ref e : ref ; ` e : ref ; ` e : 1 2 (assign) ; ` e := e : unit 1 2 ; ` e : ref (retrieve) ; ` ! e : ; [x: ] ` e : 1 2 (x 62 dom( )) (abs) ; ` x:e : ! 1 2 ; ` e : ! ; ` e : 1 2 2 2 (app) ; ` e e : 1 2 ; ` e : ; [x: Close ( )] ` e : 1 1 ; 1 2 2 (x 62 dom( )) (let) ; ` let x be e in e : 1 2 2 Table 1: Polymorphic Typ e Assignment 2 ` v ) v; (val) 0 ` e ) v; 0 (l 62 dom( )) (alloc) 0 ` ref e ) l; [l :=v ] 0 ` e ) l; (contents) 0 0 ` ! e ) (l ); ` e ) l; ` e ) v; 1 1 1 2 2 (update) ` e := e ) unit; [l :=v ] 1 2 2 0 0 0 ` e ) x:e ; ` e ) v ; ` [v =x]e ) v; 1 1 1 2 2 2 2 2 1 1 (apply) 0 ` e e ) v; 1 2 ` e ) v ; ` [v =x]e ) v ; 1 1 1 1 1 2 2 2 (bind) ` let x be e in e ) v ; 1 2 2 2 Table 2: Op erational Semantics for References Lemma 2.1 1. (Weakening) Suppose that ; ` e : .Ifl 62 dom(), then [l : ]; ` e : ,andifx 62 dom( ), then ; [x: ] ` e : . 0 0 0 0 2. (Substitution) If ; ` v : and ; [x: ] ` e : , and if Close ( ) , then ; ` [v=x]e : ; 0 0 3. (Specialization) If ; ` e : and Close ( ) , the ; ` e : . ; The pro ofs are routine inductions on the structure of typing derivations. Substitution is stated only for values, in recognition of the fact that in a call-by-value language only values are ever substituted for variables during evaluation. 3 Semantics and Soundness A memory is a partial function mapping a nite set of lo cations to values. The contents ofalocation l 2 dom()isthevalue (l ), and we write [l :=v ] for the memory which assigns to lo cation l the value v 0 0 and to a lo cation l 6= l the value (l ). Notice that the result may either b e an update of (if l 2 dom()) or an extension of (if l 62 dom()). The op erational semantics of the language is de ned by a collection of rules for deriving judgements of 0 the form ` e ) v; ,withtheintended meaning that the closed expression e,whenevaluated in memory 0 , results in value v and memory . The rules of the semantics are given in Table 2. The typing relation is extended to memories and lo cation typings by de ning : to hold i dom()= dom(), and for every l 2 dom(), ` l : (l ). Notice that the typing relation is de ned so that (l ) may mention lo cations whose typ e is de ned by . (Compare Tofte's account [11].) For example, supp ose that is the memory sending lo cation l to x:x + 1, and lo cation l to y :(! l ) y + 1, and supp ose that 0 1 0 is the lo cation typing assigning the typ e int !int to b oth l and l .Theveri cation that : requires 0 1 checking that ` y :(! l ) y +1 : int!int,which requires determining the typ e assigned to lo cation l by . 0 0 0 As p ointed out byTofte [11], the memory which assigns (l ) to b oth l and l can arise as a result of 1 0 1 0 an assignment statement. Toverify that : requires checking that ` (l ):(l ), which itself relies 0 0 on (l )! Tofte employs a \greatest xed p oint" construction to account for this p ossibility, but no such 0 machinery is needed here.