<div align="center"><h1>Applications of type theory in imperative programming languages</h1></div>

<br>
<br>

<div align="center"><h3>Complexity and Real Computation Seminar</h3></div>
<div align="center"><h4>KAIST, Nov. 19, 2020</h4></div>

<br>

<div align="center"><h4>Gyesik Lee</h4></div>
<div align="center"><h4>Hankyong National University</h4></div>

## Main reference

* Didier Remy. Type systems for programming languages, lecture notes, 2020. http://cristal.inria.fr/~remy/mpri/cours.pdf

# Overview

### Untyped languages

* Although all the programming languages we study are typed, their underlying computational model is the untyped λ-calculus That is, types can be dropped after type checking and before evaluation.

* Therefore, the course starts with a few reminders about the untyped λ-calculus, even though those are assumed to be known. We show how to extend the pure λ-calculus with constants and primitives and a few other constructs to make it a small programming lan- guage. This is also an opportunity to present source program transformations and compilation techniques for function languages, which do not depend much on types.

### Typed languages

* Types play a central role in the design of modern programming lan- guages, so they also play a key role in this course. In fact, once we restrict our study to functional languages, the main differences between languages lie more often in the differences between their type systems than between other aspects of their design.

* Hence, the course is primarily structured around type systems. We remind the simply- typed λ-calculus, the simplest of type systems for functional languages, and show how to extend it with other fundamental constructs of programming languages.

* We introduce polymorphism with System F. We present ML as a restriction of System F for which type reconstruction is simple and efficient. We actually introduce a slight gener- alization HM(X) of ML to ease and generalize the study of type reconstruction for ML. We discuss techniques for type reconstruction in System F—but without formalizing the details.

* We present existential types, first in the context of System F, and then discuss their integration in ML.

* Finally, we study the problem of overloading. Overloading differs from other language constructs as the semantics of source programs depend on their types, even though types should be erased at runtime! We thus use overloading as an example of elaboration of source terms, whose semantics is typed, into an internal language, whose semantics is untyped.

### Subtyping

* Semantic subtyping allows for very precise types that can be used to describe semi-structured data. 

### Towards program proofs

* Types, as in ML or System F, ensure type soundness, i.e. that programs do not go wrong. However useful, this remains a weak property of programs. One often wishes to write more accurate specifications of the actual behavior of programs and prove the implementation correct with respect to them. Finer invariants of data-structures may be expressed within types using Generalized Algebraic Data Types (GADT); or one step further using dependent types. However, one may also describe the behavior of programs outside of proper types per se, by writing logic formulas as pre and post conditions, and verifying them mechanically, e.g. with a proof assistant. This spectrum of solutions will be presented by Yann Regis-Gianas.

### About Functional Programming

* The term functional programming means various things. Functional programming views functions as ordinary data which, in particular, can be passed as arguments to other functions and stored in data structures.

* A common idea behind functional programming is that repetitive patterns can be ab- stracted away as functions that may be called several times so as to avoid code duplication. For this reason, functional programming also often loosely or strongly discourages the use of modifiable data, in favor of effect-free transformations of data. (In contrast, the main- stream object-oriented programming languages view objects as the primary kind of data and encourage the use of modifiable data.)

* Functional programming languages are traditionally typed (Scheme and Erlang are ex- ceptions) and have close connections with logic. We will focus on typed languages. Because functional programming puts emphasis on reusability and sharing multiple uses of the same code, even in different contexts, they require and make heavy use of polymorphism; when programming in the large, abstraction over implementation details relies on an expressive module system. Types unquestionably play a central role, as explained next.

* Functional programming languages are usually given a precise and formal semantics de- rived from the one of the λ-calculus. The semantics of languages differ in that some are strict (ML) and some are lazy (Haskell) Hughes (1989). This difference has a large impact on the language design and on the programming style, but has usually little impact on typing.

* Functional programming languages are usually sequential languages, whose model of evaluation is not concurrent, even if core languages may then be extended with primitives to support concurrency.

## About Types

* A type is a concise, formal description of the behavior of a program fragment. For instance, int describes an expression that evaluates to an integer; int → bool describes a function that maps an integer argument to a boolean result; (int → bool) → (list int → list int) describes a function that maps an integer predicate to an integer list transformer.

* Types must be sound. That is, programs must behave as prescribed by their types. Hence, types must be checked and ill-typed programs must be rejected.

* Types are useful for quite different reasons: They first serve as machine-checked docu- mentation. More importantly, they provide a safety guarantee. As stated by Milner (1978), “Well-typed expressions do not go wrong.” Advanced type systems can also guarantee vari- ous forms of security, resource usage, complexity, etc. Types encourage separate compilation, modularity, and abstraction. Reynolds (1983) said: “Type structure is a syntactic discipline for enforcing levels of abstraction.” Types can be abstract. Even seemingly non-abstract types offer a degree of abstraction. For example, a function type does not tell how a function is represented at the machine level. Types can also be used to drive compiler optimizations.

* Type-checking is compositional: type-checking an application depends on the type of the function and the type of the argument and not on their code. This is a key to modularity and code maintenance: replacing a function by another one of the same type will preserve well-typedness of the whole program.

### Type-preserving compilation 

* Types make sense in low-level programming languages as well—even assembly languages can be statically typed! as first popularized by Morrisett et al. (1999). In a type-preserving compiler, every intermediate language is typed, and every compilation phase maps typed programs to typed programs. Preserving types provides in- sight into a transformation, helps debug it, and paves the way to a semantics preservation proof (Chlipala, 2007). Interestingly enough, lower-level programming languages often re- quire richer type systems than their high-level counterparts.

### Typed or untyped? 

* Reynolds (1985) nicely sums up a long and rather acrimonious de- bate: “One side claims that untyped languages preclude compile-time error checking and are succinct to the point of unintelligibility, while the other side claims that typed languages preclude a variety of powerful programming techniques and are verbose to the point of un- intelligibility.” A sound type system with decidable type-checking (and possibly decidable type inference) must be conservative.

* Later, Reynolds also settles the debate: “From the theorist’s point of view, both sides are right, and their arguments are the motivation for seeking type systems that are more flexible and succinct than those of existing typed languages.”

* Today, the question is rather whether to use basic types (e.g. as in ML or System F) or sophiscated types (e.g. with dependent types, logical assertions, afine types, capabililties and ownership, etc.) or full program proofs as in the compcert project (Leroy, 2006)!

### Explicit v.s. implicit types? 

* The typed v.s. untyped flavor of a programming language should not be confused with the question of whether types of a programming language are explicit or implicit.

* Annotating programs with types can lead to a lot of redundancies. Types can even become extremely cumbersome when they have to be explicitly and repeatedly provided. In some pathological cases, they may even increase the size of source terms non linearly. This creates a need for a certain degree of type reconstruction (also called type inference), where the source program may contain some—but not all—type information.

* When the semantics is untyped, i.e. types could in principle be entirely left implicit, even if the language is typed. A well-typed program is then one that is the type erasure of a (well-typed) explicitly-typed program. However, full type reconstruction is undecidable for expressive type systems, leading to partial type reconstruction algorithms.

* An important issue with type reconstruction is its robustness to small program changes. Because type systems are compositional, a type inference problem can often be expressed as a constraint solving problem, where constraints are made up of predicates about types, conjunction, and existential quantification.

# The untyped $\lambda$-calculus

* In this course, λ-calculus is the underlying computational language. The λ-calculus supports natural encodings of many programming languages (Landin, 1965), and as such provides a suitable setting for studying type systems. Following Church’s thesis, any Turing-complete language can be used to encode any programming language. However, these encodings might not be natural or simple enough to help us in understanding their typing discipline. Using λ- calculus, most of our results can also be applied to other languages (Java, assembly language, etc.).

* The untyped λ-calculus and its extension with the main constructs of programming lan- guages have been presented in the first part of the course taught by Xavier Leroy. Hereafter, we just recall some of the notations and concepts used in our part of the course.

## Syntax

#### $\lambda$-terms

<div align="center"><img src="./images/kaist-11.png" width="170"/></div>

* The “. . . ” is just a place holder for more term constructs that will be introduced later on.

<div align="center"><img src="./images/kaist-12.png" width="170"/></div>

<div align="center"><img src="./images/kaist-13.png" width="240"/></div>

* $\lambda x.a$ binds variable $x$ in $a$.

* Terms are considered equal up to the renaming of bound variables.

$$
\lambda x_1. \lambda x_2. x_1 (x_1 x_2) \equiv \lambda y.\lambda x. y(y x)
$$

* Convention: $x_1 \neq x_2$ and $x \neq y$

## Semantics

* The semantics of the λ-calculus is given by a small-step operational semantics, i.e. a reduc- tion relation between λ-terms. It is also called the dynamic semantics since it describes the behavior of programs at runtime, i.e. when programs are executed.

### Weak reduction strategies

##### Call-by-value

* A strategy where arguments are reduced before being substituted for the formal parameter of functions.

##### Call-by-name

* A strategy that delays the evaluation of arguments until they are actually used.

##### Call-by-need

* A strategy, which as call-by-name delays the evaluation of arguments, but as call-by-value shares this evaluation: that is, the occurrence of an argument that is used requires its evaluation, but all other occurrences of the argument see the result of the evaluation and do not have to reevaluate the argument if needed. 

* This is however more delicate to formalize and one often uses call-by-name semantics as an approximation of call-by-need semantics.

#### Call-by-value semantics

* When explaining references, exceptions, or other forms of side effects, this choice matters. Otherwise, most of the type-theoretic machinery applies to call-by-name or call-by-need—actually to any weak reduction strategy—just as well.

##### values

$$
v ::= \lambda x.a \mid \dots
$$

##### Reduction relation

* $a_1 \to a_2$ is inductively defined:

<div align="center"><img src="./images/kaist-14.png" width="400"/></div>

* $[x \mapsto V]$ is the capture avoiding substitution of $V$ for $x$. 

* We write $[x \mapsto V ]a$ its application to a term $a$. 

##### Call-by-value evaluation contexts

$$
e ::= [\,]\, a \mid v\, [\,] \mid ...
$$

### Recursion

* Recursion is inherent in $\lambda$-calculus, 
    hence reduction may not terminate. For example, the term 

    $$\Delta = (\lambda x. x x) (\lambda x. x x)$$
    
    reduces to itself, and so may reduce forever.

* A slight variation on $\Delta$ is 
    the fix-point combinator $Y$ , defined as 
    
    $$\lambda g. (λx. x x) (λz. g (z z))$$

* Whenever applied to a functional $G$, 
    it reduces in a few steps to $G (Y G)$, 
    which is not yet a value. 

* In a call-by-value setting, this term actually reduces 
    forever—before even performing any interesting computation step. 

* Therefore, we instead use its $\eta$-expanded version $Z$ 
    that guards the duplication of the generator $G$:

    $$Z = \lambda g.(\lambda x.x x) (λ\lambda.g (\lambda v.z z v))$$

# Simply-typed lambda-calculus

* It is an introduction to typed languages.

* But we will see many factors of (imperative) programming languages.

## Syntax

##### terms

$$
M ::= x \mid \lambda x:\tau. M \mid M\, M\mid \dots
$$

##### types

$$
\tau ::= \alpha \mid \tau -> \tau \mid \dots
$$

## Dynamic semantics

##### Values

$$
V ::= \lambda x:\tau. M \mid \dots
$$

##### Equation contexts

$$
E ::= [\,]\, M \mid V \, [\,] \mid \dots
$$

##### Reduction relation

* $M_1 \to M_2$ is inductively defined by

<div align="center"><img src="./images/kaist-15.png" width="400"/></div>

* The semantics of simply-typed λ-calculus is obviously type erasing.

## Type system

* Not all syntactically well-formed programs are accepted—only well-typed programs are. 

* Well-typedness is defined as a 3-place predicate 

    $$\Gamma \vdash M ∶ \tau$$
    
    called a typing judgment.

* The typing context $\Gamma$ is a finite sequence of binding of 
    program variables to types.
    
    $$
    \Gamma = x_1:\tau_1, \dots, x_n:\tau_n
    $$
    
    where $x_1, \dots, x_n$ are mutually different.

* If $x:\tau \in \Gamma$, we write $\Gamma(x) = \tau$.

#### Typing judgments

* Typing judgments are defined inductively by the following inference rules:

<div align="center"><img src="./images/kaist-16.png" width="500"/></div>

* the definition is syntax-directed. That is, at most one rule applies for an expression; hence, the shape of the derivation tree for proving a judgment Γ ⊢ M ∶ τ is fully determined by the shape of the expression M. This is not true of all type systems.

#### Typing derivation

* Typing derivation is a proof tree that witnesses the validity of a typing judgment: each node is the application of a typing rule.

*  proof tree is either a single node composed of an axiom (a typing rule without premises) or a typing rule with as many proof-subtrees as typing judgment premises.

##### Examples

* The derivation below is valid for any choice of τ1 and τ2:

<div align="center"><img src="./images/kaist-17.png" width="500"/></div>

## Type soundness

#### Theorem (Type Soundness)

Well-typed expressions do not go wrong, i.e., they don't reduce to a stuck term.

* The proof of type soundness is by combination of Subject Reduction
    and Progress.

#### Theorem (Subject reduction)

Reduction preserves types: if $M_1 \to M_2$, then for any type $τ$ such that $\emptyset \vdash M_1 ∶ \tau$, we also have $\emptyset \vdash M_2 ∶ \tau$.

#### Theorem (Progress)

A well-typed, closed term is either reducible or a value: 

if $\emptyset \vdash M ∶ \tau$, then there exists $M′$ such that 
$M \to M′$ or $M$ is a value.

* A closed, well-typed irreducible term is a value.

* Progress also says that no stuck term is well-typed. 

#### Main points of the Subject reduction

#### Lemma (Value substitution)

If $x ∶ \tau, \Gamma \vdash M ∶ \tau_0$ and 
$\emptyset \vdash V ∶ \tau$, 
then $\Gamma \vdash [x \mapsto V ] M ∶ \tau_0$.

#### Lemma (Weakening)

If $\Gamma \vdash M ∶ \tau$ and $y \not\in dom(\Gamma)$, 
then $\Gamma, y ∶ \tau′ \vdash M ∶ \tau$.

#### Lemma (Compositionality)

If $\emptyset \vdash E[M] ∶ \tau$, 
then there exists $\tau′$ such that: 

* $\emptyset \vdash M ∶ \tau′$, and
* for every term $M′$ such that $\emptyset \vdash M′ ∶ τ′$,
    we have $\emptyset \vdash E[M′] ∶ \tau$.

### Soundness versus completeness

* Because the $\lambda$-calculus is a Turing-complete programming language, whether a program goes wrong is an undecidable property. 

* As a consequence, any sound, decidable type system must be incomplete, that is, it must reject some valid programs.

* In case of simply-typed lambda calculus, 
    only polynomial functions with case distinction can be defined.
    (H. Schwichtenberg, 1976)

## Simple Extensions

* We introduce simple extensions to the calculus, mainly adding new constants and new primitives. 

### Unit

* We just introduce a new type `unit` and a constant value `()` of that type.

<div align="center"><img src="./images/kaist-18.png" width="450"/></div>

* Reduction rules are unchanged, since `()` is already a value. 

* The following typing rule is introduced:

<div align="center"><img src="./images/kaist-19.png" width="100"/></div>

* Several computer programming languages provide a unit type to specify the result type of a function with the sole purpose of causing a side effect, and the argument type of a function that does not require arguments.

* Haskell: `():()`
* Python: `None:NoneType`
* JavaScript: `null` and `undefined` are built-in unit types.
* C, Java: `void` simulates some roles of unit type.

### Boolean

* New values and terms

<div align="center"><img src="./images/kaist-20.png" width="500"/></div>

* New evaluation contexts

<div align="center"><img src="./images/kaist-21.png" width="250"/></div>

* New reductions rules

<div align="center"><img src="./images/kaist-22.png" width="500"/></div>

* New types

<div align="center"><img src="./images/kaist-23.png" width="120"/></div>

* New typing rules

<div align="center"><img src="./images/kaist-24.png" width="600"/></div>

### Pairs

<div align="center"><img src="./images/kaist-25.png" width="550"/></div>

<div align="center"><img src="./images/kaist-26.png" width="150"/></div>

<div align="center"><img src="./images/kaist-27.png" width="550"/></div>

### Sums

<div align="center"><img src="./images/kaist-28.png" width="600"/></div>

<div align="center"><img src="./images/kaist-29.png" width="220"/></div>

<div align="center"><img src="./images/kaist-30.png" width="120"/></div>

<div align="center"><img src="./images/kaist-31.png" width=600"/></div>

### Recursion functions

<div align="center"><img src="./images/kaist-32.png" width="450"/></div>

<div align="center"><img src="./images/kaist-33.png" width="370"/></div>

<div align="center"><img src="./images/kaist-34.png" width="270"/></div>

### let-bindings

* The let-binding construct 
    "$\textsf{let } x ∶ \tau = M_1 \textsf{ in } M_2$" 
    can be viewed as syntactic sugar for the $\beta$-redex 
    
    $$(\lambda x∶\tau.M_2) M_1$$

* The corresponding derived rule:

<div align="center"><img src="./images/kaist-35.png" width="250"/></div>

### Sequences

* The sequence "$M1;M2$" is a derived construct of let-bindings

    $$
    \textsf{let } x ∶ \text{unit} = M_1 \textsf{ in } M_2
    $$
    
    where $x$ is fresh.

## Exceptions

* Exceptions are a mechanism for changing the normal order of evaluation.

* When an exception is raised, the evaluation does not continue as usual: Shortcutting normal evaluation rules, the exception is propagated up into the evaluation context until some handler is found at which the evaluation resumes with the exceptional value received; if no handler is found, the exception reaches the toplevel and the result of the evaluation is the exception instead of a value.

### Syntax

<div align="center"><img src="./images/kaist-36.png" width="550"/></div>

### Semantics

<div align="center"><img src="./images/kaist-37.png" width="650"/></div>

##### Examples

Assume that $K = \lambda x. \lambda y. y$ and $M \to V$. 
We have the following reduction:

<div align="center"><img src="./images/kaist-38.png" width="500"/></div>

### Typing rules

* Let `exn` be a fixed type for exceptional values.

<div align="center"><img src="./images/kaist-39.png" width="450"/></div>

#### Type of exceptions

* What can we choose for exn? Well, any type could do. Choosing unit, exceptions would carry no information. Choosing int, exceptions would carry an integer that could be used, e.g., to report some error code. Choosing string, exceptions would carry a string that could be used to report error messages. Or better, exception could be of a sum type to allow any of these alternatives to be chosen when the exception is raised.

#### Type soundness

#### Theorem (Progress)

A well-typed, irreducible closed term is either a value
or an uncaught exception: 

if $\emptyset \vdash M ∶ \tau$ and $M \not\to $, then $M$ is either 
a value $v$ or $\textsf{raise } v$ for some value $v$.

#### Remark

Not all well-typed closed programs terminate in the presence of exceptions.

##### Examples

* Let $\textsf{exn} = (\textsf{unit} \to \textsf{unit}) \to(\textsf{unit} \to \textsf{unit})$.

<div align="center"><img src="./images/kaist-40.png" width="450"/></div>

* Then $\omega \, (\textsf{fold }\omega)$ does not terminate, where

    $$
    \omega = \lambda x.(\textsf{unfold }x)\, x
    $$

## References

### Syntax

* Terms and evaluations

<div align="center"><img src="./images/kaist-41.png" width="530"/></div>

* Terms for memory locations

<div align="center"><img src="./images/kaist-42.png" width="320"/></div>

### Semantics

#### Store(memory)

* The value found at a location l is obtained by indirection through a store (or memory).

* A memory $\mu$ is a finite mapping of locations to closed values. 

* A configuration is a pair $M\, /\, \mu$ of a term and a store. 

* The operational semantics (given next) reduces configurations instead of expressions.

##### No-dangling-pointers invariant

* The locations that appear in M or in the image of $\mu$ are in the domain of $\mu$.

#### Reduction

<div align="center"><img src="./images/kaist-43.png" width="420"/></div>

<div align="center"><img src="./images/kaist-44.png" width="330"/></div>

### Type system

* New types

<div align="center"><img src="./images/kaist-45.png" width="150"/></div>

* New typing rules

<div align="center"><img src="./images/kaist-46.png" width="600"/></div>

* Typing rules for memory locations and configurations

* Typing judgments now have the form 

    $$
    \Sigma, \Gamma \vdash M : \tau
    $$

    where $\Sigma$ is a store mapping.

<div align="center"><img src="./images/kaist-47.png" width="150"/></div>

<div align="center"><img src="./images/kaist-48.png" width="550"/></div>

### Type soundness

* The type soundness statements are slightly modified in the presence of the store, since we now reduce configurations.

#### Theorem (Subject reduction)

Reduction preserves types: 

if $M\,/\, \mu \to M'\, / \, \mu'$
and $\vdash M\, /\, \mu ∶ \tau$, 
then $ \vdash M'\, /\, \mu'∶ \tau$.

#### Theorem (Progress)

If $M\, / \mu$ is a well-typed, irreducible configuration, 
then $M$ is a value.

# References

1. Martín Abadi and Luca Cardelli. A Theory of Objects. Springer-Verlag, 1996.
1. John C. Mitchell. Foundations for Programming Languages. The MIT Press, Cambridge, MA, 1996.
1. Benjamin Pierce. Type systems for programming languages, preprint, 2000. http://ropas.snu.ac.kr/~kwang/520/pierce_book.pdf
1. Didier Remy. Type systems for programming languages, lecture notes, 2020. http://cristal.inria.fr/~remy/mpri/cours.pdf