CS 541 Meeting -*- Outline -*-
* Theory of OO typing
** record typing (adapted and simplified from Cardelli 88)
Gary T. Leavens and Don Pigozzi.
Class-Based and Algebraic Models of Objects.
In Rance Cleaveland and Michael Mislove and Philip Mulry (eds.),
US---Brazil Joint Workshops on the Formal Foundations of Software Systems,
Electronic Notes in Theoretical Computer Science, vol. 14
*** denotational semantics
Ignoring the possibility of mutation, a record model tailored to
static, class-based languages can be defined with the following
semantic domains.
**** syntax
------------------------------------------
SIMPLIFIED
EXPRESSIONS FOR OBJECT-ORIENTED LANGUAGES
E ::= I
| E_0.l(E_1)
| (E_1, ..., E_n)
where n >= 0
------------------------------------------
**** domains
------------------------------------------
RECORD MODEL OF OBJECTS
DOMAINS
(\rho_r,\rho_c) \in REnvironment =
(Identifier \FINITEARROW Data)
\times (ClassId \FINITEARROW RMethDict)
I \in Identifier
d \in Data = Int + Bool + Object + Data*
o \in Object = ClassId \times Record
r \in Record = (Label \FINITEARROW Data)
l,g \in Label = Identifier
t \in ClassId = Identifier
c \in RMethDict =
(Label \FINITEARROW Method)
m \in Method = Data -> (Data \union \bot)
------------------------------------------
explain meditation, especially
sum domains and injection notation,
and cases notation
------------------------------------------
SEMANTIC FUNCTIONS
V[[-]] \colon Expression -> REnvironment
-> (Data \union \bot)
V[[I]](\rho_r,\rho_c) = \rho_r(I)
V[[E_0.l(E_1)]](\rho_r,\rho_c) =
cases V[[E_0]](\rho_r,\rho_c)} of
isObject(I,r) ->
\rho_c(I)(l)
(inData*(inObject(I,r),
V[[E_1]](\rho_r,\rho_c)))
else -> \bot
end
V[[(E_1,...,E_n)]](\rho_r,\rho_c) =
inData*(V[[E_1]](\rho_r,\rho_c), ...,
V[[E_n]](\rho_r,\rho_c))
------------------------------------------
explain injection notation, and cases notation
work an example
*** type system
**** abstract syntax
------------------------------------------
ABSTRACT SYNTAX OF TYPE ATTRIBUTES
RT,T,S,U \in RecordModelType
D \in DataType
M \in MethodType
RMD \in RecordMethDictType
I \in Identifier
l \in Label
T ::= D | M | RMD
D ::= int | bool | I | (D_1, ..., D_n)
where n >= 0
M ::= D_1 -> D_2
RMD ::= [l_1: M_1, ..., l_n : M_n]
where n >= 0
------------------------------------------
**** type environments
------------------------------------------
TYPE ENVIRONMENTS
(\pi_r, \pi_c) \in RTypeEnv =
(Identifier \FINITEARROW DataType)
\times (ClassId
\FINITEARROW RecordMethDictType)
------------------------------------------
Q: How do these compare to the dynamic environment?
**** meaning of type attributes
------------------------------------------
MEANING OF TYPE ATTRIBUTES
TM{|-|}: RecordModelType
-> (ClassId
\FINITEARROW RecordMethDictType)
-> Powerset(Data)
TM{|int|}(\pi_c) =
{inInt(i) | i \in Int}
TM{|bool|}(\pi_c) =
{inBool(b) | b \in Bool}
TM{|I|}(\pi_c) =
{inObject(I,r)
| r \in RM(\pi_c(I))(\pi_c)}
TM{|(D_1,...,D_n|}(\pi_c) =
{inData*(d1,...dn) | n >= 0,
d1 \in TM{|D_1|}(\pi_c),
...,
dn \in TM{|D_n|}(\pi_c)}
TM{|M|}(\pi_c) = {}
TM{|RMD|}(\pi_c) = RM{|RMD|}(\pi_c)
RM{|[l_1:M_1, ..., l_n:M_n]|}(\pi_c) =
{r | dom(r) \supseteq {l_1, ..., l_n},
r(l_1) \in MM{|M_1|}(r,\pi_c),
...,
r(l_n) \in MM{|M_n|}(r,\pi_c)}
MM{|D_1 -> D_2|}(r,\pi_c) =
{ m |
(\forall d1 ::
d1 \in TM{|D_1|}(\pi_c)
==> m(inData*(r,d1)) \in
(TM{|D_2|}(\pi_c) \union \bot))
}
------------------------------------------
To support subtyping, it's key that RM{|RMD|} allow records
with larger domains than the set of labels required, thus
allowing subtypes to be subset. Another way to do this would
be to allow coercions in the statement of the soundness
theorem and its proof below.
**** type of environments
------------------------------------------
TYPE OF ENVIRONMENTS
def: (\rho_r, \rho_c) : (\pi_r, \pi_c)
iff
dom(\pi_r) = dom(\rho_r),
dom(\pi_c) = dom(\rho_c),
(\forall I \in dom(\pi_r) ::
\rho_r(I)
\in TM{|\pi_r(I)|}(\pi_c)),
(\forall I \in dom(\pi_c) ::
\rho_c(I)
\in RM{|\pi_c(I)|}(\pi_c)).
------------------------------------------
Q: What does that mean?
give examples
**** subtyping rules
------------------------------------------
SUBTYPING RULES
[refl] \pi_c |- T <: T
\pi_c |- S <: U, \pi_c |- U <: T
[tran] ----------------------------------
\pi_c |- S <: T
\pi_c |- S <: T
[id-1] ---------------- if (I,S) \in \pi_c
\pi_c |- I <: T
\pi_c |- T <: S
[id-2] ---------------- if (I,S) \in \pi_c
\pi_c |- T <: I
\pi_c |- T' <: T, |- S <: S'
[fun] ------------------------------
\pi_c |- (T -> S) <: (T' -> S')
\pi_c |- T_1 <: T'_1, ...,
\pi_c |- T_n <: T'_n
[prod] -------------------------- if n>=0
\pi_c |- (T_1, ..., T_n)
<: (T'_1, ..., T'_n)
\pi_c |- T_1 <: T'_1, ...,
\pi_c |- T_n <: T'_n
[rmd] -------------------------- if 0<=n S],
(\pi_r,\pi_c) |- E_0: T_0,
(\pi_r,\pi_c) |- E_1: T_1
[msg] --------------------------------
(\pi_r,\pi_c) |- E_0.l(E_1): S
(\pi_r,\pi_c) |- E_1: T_1,
...,
(\pi_r,\pi_c) |- E_n: T_n
[tup] -------------------------- if n>=0
(\pi_r,\pi_c) |- (E_1,...,E_n)
: (T_1, ..., T_n)
Lemma: If (\pi_r,\pi_c) |- E : T,
then T \in DataType.
------------------------------------------
**** soundness of the subtyping rules
------------------------------------------
SOUNDNESS OF THE SUBTYPING RULES
Lemma: If
\pi_c |- S <: T
then
TM{|S|}(\pi_c)
\subseteq
TM{|T|}(\pi_c)
------------------------------------------
The proof is by induction on the typing rules (i.e., on proofs of
typings). We leave that as an exercise.
**** soundness
------------------------------------------
SOUNDNESS OF THE TYPE SYSTEM
Theorem: If
(\pi_r,\pi_c) |- E : S
and
(\rho_r,\rho_c) : (\pi_r,\pi_c),
then either
V[[E]](\rho_r,\rho_c) = \bot
or
V[[E]](\rho_r,\rho_c)
\in TM{|S|}(\pi_c).
------------------------------------------
Proof: (by structural induction over Expressions)
Suppose that (\pi_r,\pi_c) |- E : S
and (\rho_r,\rho_c) : (\pi_r,\pi_c).
For the base case, suppose that E = I.
Because (\pi_r,\pi_c) |- I : S, I \in dom(\pi_r).
Since dom(\pi_r) = dom(\rho_r), I \in dom(\rho_r),
and so V[[E]](\rho_r,\rho_c) = \rho_r(I).
Because (\rho_r,\rho_c) : (\pi_r,\pi_c),
it follows that \rho_r(I) \in \in TM{|S|}(\pi_c).
For the inductive cases, we assume that the theorem holds for all
subexpressions.
If E = (E_1,...,E_n), the result follows directly from the inductive
hypothesis and the definitions.
So suppose E = E_0.l(E_1). By the hypothesis,
(\pi_r,\pi_c) |- E_0.l(E_1) : S,
so there are types T_0 and T_1 such that
(\pi_r,\pi_c) |- E_0 : T_0,
(\pi_r,\pi_c) |- E_1 : T_1,
and \pi_c |- T_0 <: [l:T_1 -> S].
By the inductive hypothesis we know that
V[[E_0]](\rho_r, \rho_c) \in (TM{|T_0|}(\pi_c) \union {\bot}) and
V[[E_1]](\rho_r, \rho_c) \in (TM{|T_1|}(\pi_c) \union {\bot}).
If either of these is \bot, then the meaning of the whole expression
is \bot, and so we are done. So suppose that
V[[E_0]](\rho_r, \rho_c) \in TM{|T_0|}(\pi_c) and
V[[E_1]](\rho_r, \rho_c) \in TM{|T_1|}(\pi_c).
By the structure of the subtyping rules, T_0 must be an
identifier in the domain of \pi_c.
By (\rho_r,\rho_c) : (\pi_r,\pi_c), this means that T_0 is in the
domain of \rho_c.
Thus V[[E_0]](\rho_r, \rho_c) = inObject(T_0, r),
where r is in TM{|T_0|}(\pi_c).
By the lemma giving the soundness of the subtyping rules, we know that
TM{|T_0|}(\pi_c) \subseteq RM{|[l:T_1 -> S]|}(\pi_c) and thus
r(l) is a method, m, in MM{|T_1 -> S|}(\pi_c, r). By definition, this
means that m(inData*(r, V[[E_1]](\rho_r, \rho_c)) is either \bot or
is in TM{|S|}(\pi_c).
QED