<div align="center"><h1>Applications of type theory in imperative programming languages</h1></div>

<br>
<br>

<div align="center"><h3>Complexity and Real Computation Seminar</h3></div>
<div align="center"><h4>KAIST, Nov. 19, 2020</h4></div>

<br>

<div align="center"><h4>Gyesik Lee</h4></div>
<div align="center"><h4>Hankyong National University</h4></div>

# Motivations

* From Python

<div align="center"><img src="./images/kaist-49.png" width="650"/></div>

* From Tensorflow

<div align="center"><img src="./images/kaist-50.png" width="650"/></div>

# Main reference

* Didier Remy. Type systems for programming languages, lecture notes, 2020. http://cristal.inria.fr/~remy/mpri/cours.pdf

# Overview

### Untyped languages

* The underlying computational model of any type systems is 
    the untyped $\lambda$-calculus.

* The talk starts with a few reminders about 
    the untyped $\lambda$-calculus.

### Typed languages

* Types play a central role in the design of modern programming languages.

* We use the simply-typed $\lambda$-calculus to demonstrate how to extend it with other fundamental constructs of programming languages.

## About Types

* A type is a concise, formal description of the behavior of a program fragment. 

* Examples
    * 'int' describes an expression that evaluates to an integer
    * 'int $\to$ bool' describes a function 
        that maps an integer argument to a boolean result.

* Types must be sound.
    That is, programs must behave as prescribed by their types. 

* Usefulness of types
    * machine-checked documentation
    * safety guarantee

# The untyped $\lambda$-calculus

* The $\lambda$-calculus supports natural encodings of many programming languages (Landin, 1965)

* Following Church’s thesis, any Turing-complete language can be used to encode any programming language.

## Syntax

#### $\lambda$-terms

<div align="center"><img src="./images/kaist-11.png" width="170"/></div>

* The “. . . ” is just a place holder for more term constructs that will be introduced later on.

<div align="center"><img src="./images/kaist-12.png" width="170"/></div>

<div align="center"><img src="./images/kaist-13.png" width="240"/></div>

* $\lambda x.a$ binds variable $x$ in $a$.

* Terms are considered equal up to the renaming of bound variables.

$$
\lambda x_1. \lambda x_2. x_1 (x_1 x_2) \equiv \lambda y.\lambda x. y(y x)
$$

* Convention: $x_1 \neq x_2$ and $x \neq y$

## Small-step operationsl semantics

* Small-step operational semantics: a reduction relation between $\lambda$-terms.

* We introduce the "weak reduction strategies".

##### Call-by-value strategy

* Arguments are reduced before being substituted for the formal parameter of functions.

##### Call-by-name strategy

* A strategy that delays the evaluation of arguments until they are actually used.

### Call-by-value semantics

##### values

$$
v ::= \lambda x.a \mid \dots
$$

##### Call-by-value evaluation contexts

$$
e ::= [\,]\, a \mid v\, [\,] \mid ...
$$

##### Reduction relation

* $a_1 \to a_2$ is inductively defined:

<div align="center"><img src="./images/kaist-14.png" width="400"/></div>

* $[x \mapsto V]$ is the capture avoiding substitution of $V$ for $x$. 

* We write $[x \mapsto V ]a$ its application to a term $a$. 

### Recursion

* Recursion is inherent in $\lambda$-calculus, 
    hence reduction may not terminate. 
    

* For example, the term 

    $$\Delta = (\lambda x. x x) (\lambda x. x x)$$
    
    reduces to itself, and so may reduce forever.

* A slight variation on $\Delta$ is 
    the fix-point combinator $Y$ , defined as 
    
    $$\lambda g. (λx. x x) (λz. g (z z))$$

* Whenever applied to a functional $G$, 
    it reduces in a few steps to $G (Y G)$, 
    which is not yet a value. 

* In a call-by-value setting, this term actually reduces forever.

* Therefore, we instead use its $\eta$-expanded version $Z$ 
    that guards the duplication of the generator $G$:

    $$Z = \lambda g.(\lambda x.x x) (λ\lambda.g (\lambda v.z z v))$$

# Simply-typed lambda-calculus

* It is an introduction to typed languages.

* But we will see many factors of (imperative) programming languages.

## Syntax

##### terms

$$
M ::= x \mid \lambda x:\tau. M \mid M\, M\mid \dots
$$

##### types

$$
\tau ::= \alpha \mid \tau \to \tau \mid \dots
$$

## Dynamic semantics

##### Values

$$
V ::= \lambda x:\tau. M \mid \dots
$$

##### Evaluation contexts

$$
E ::= [\,]\, M \mid V \, [\,] \mid \dots
$$

##### Reduction relation

* $M_1 \to M_2$ is inductively defined by

<div align="center"><img src="./images/kaist-15.png" width="400"/></div>

## Type system

* Not all syntactically well-formed programs are accepted—only well-typed programs are. 

* Well-typedness is defined as a 3-place predicate 

    $$\Gamma \vdash M ∶ \tau$$
    
    called a typing judgment.

* The typing context $\Gamma$ is a finite sequence of binding of 
    program variables to types.
    
    $$
    \Gamma = x_1:\tau_1, \dots, x_n:\tau_n
    $$
    
    where $x_1, \dots, x_n$ are mutually different.

* If $x:\tau \in \Gamma$, we write $\Gamma(x) = \tau$.

### Typing judgments

* Typing judgments are defined inductively by the following inference rules:

<div align="center"><img src="./images/kaist-16.png" width="550"/></div>

#### Typing derivation

* Typing derivation is a proof tree that witnesses the validity of a typing judgment: each node is the application of a typing rule.

##### Examples

* The derivation below is valid for any choice of τ1 and τ2:

<div align="center"><img src="./images/kaist-17.png" width="500"/></div>

## Type soundness

#### Theorem (Type Soundness)

Well-typed expressions do not go wrong, i.e., they don't reduce to a stuck term.

* The proof of type soundness is by combination of Subject Reduction
    and Progress.

#### Theorem (Subject reduction)

Reduction preserves types: if $M_1 \to M_2$, then for any type $τ$ such that $\emptyset \vdash M_1 ∶ \tau$, we also have $\emptyset \vdash M_2 ∶ \tau$.

#### Theorem (Progress)

A well-typed, closed term is either reducible or a value: 

if $\emptyset \vdash M ∶ \tau$, then there exists $M′$ such that 
$M \to M′$ or $M$ is a value.

* A closed, well-typed irreducible term is a value.

* Progress also says that no stuck term is well-typed. 

### Soundness versus completeness

* Because the $\lambda$-calculus is a Turing-complete programming language, whether a program goes wrong is an undecidable property. 

* As a consequence, any sound, decidable type system must be incomplete, that is, it must reject some valid programs.

* In case of simply-typed lambda calculus, 
    only polynomial functions with case distinction can be defined.
    (H. Schwichtenberg, 1976)

## Simple Extensions

* We introduce simple extensions to the calculus, mainly adding new constants and new primitives. 

### Unit

* We just introduce a new type `unit` and a constant value `()` of that type.

<div align="center"><img src="./images/kaist-18.png" width="450"/></div>

* Reduction rules are unchanged, since `()` is already a value. 

* The following typing rule is introduced:

<div align="center"><img src="./images/kaist-19.png" width="100"/></div>

#### Applications of unit type

* Haskell: `():()`
* Python: `None:NoneType`
* JavaScript: `null` and `undefined` are built-in unit types.
* C, Java: `void` simulates some roles of unit type.

### Boolean

* New values and terms

<div align="center"><img src="./images/kaist-20.png" width="500"/></div>

* New evaluation contexts

<div align="center"><img src="./images/kaist-21.png" width="250"/></div>

* New reductions rules

<div align="center"><img src="./images/kaist-22.png" width="500"/></div>

* New types

<div align="center"><img src="./images/kaist-23.png" width="120"/></div>

* New typing rules

<div align="center"><img src="./images/kaist-24.png" width="650"/></div>

### Pairs

<div align="center"><img src="./images/kaist-25.png" width="550"/></div>

<div align="center"><img src="./images/kaist-26.png" width="150"/></div>

<div align="center"><img src="./images/kaist-27.png" width="550"/></div>

### Sums

<div align="center"><img src="./images/kaist-28.png" width="600"/></div>

<div align="center"><img src="./images/kaist-29.png" width="220"/></div>

<div align="center"><img src="./images/kaist-30.png" width="120"/></div>

<div align="center"><img src="./images/kaist-31.png" width=600"/></div>

### Recursive functions

<div align="center"><img src="./images/kaist-32.png" width="450"/></div>

<div align="center"><img src="./images/kaist-33.png" width="370"/></div>

<div align="center"><img src="./images/kaist-34.png" width="270"/></div>

### let-bindings

* The let-binding construct 

    $$\textsf{let } x ∶ \tau = M_1 \textsf{ in } M_2$$

    can be viewed as syntactic sugar for the $\beta$-redex 
    
    $$(\lambda x∶\tau.M_2) M_1$$

* The corresponding derived rule:

<div align="center"><img src="./images/kaist-35.png" width="250"/></div>

### Sequences

* The sequence "$M_1;M_2$" is a derived construct of let-bindings

    $$
    \textsf{let } x∶\text{unit} = M_1 \textsf{ in } M_2
    $$
    
    where $x$ is fresh.

## Exceptions

* Exceptions are a mechanism for changing the normal order of evaluation.

* When an exception is raised, the evaluation does not continue as usual.

* Shortcutting normal evaluation rules, the exception is propagated up into the evaluation context until some handler is found at which the evaluation resumes with the exceptional value received.

* If no handler is found, the exception reaches the toplevel and the result of the evaluation is the exception instead of a value.

### Syntax

<div align="center"><img src="./images/kaist-36.png" width="550"/></div>

### Semantics

<div align="center"><img src="./images/kaist-37.png" width="650"/></div>

##### Examples

Assume that $K = \lambda x. \lambda y. y$ and $M \to V$. 
We have the following reduction:

<div align="center"><img src="./images/kaist-38.png" width="500"/></div>

### Typing rules

* Let `exn` be a fixed type for exceptional values.

<div align="center"><img src="./images/kaist-39.png" width="450"/></div>

#### Type soundness

#### Theorem (Progress)

A well-typed, irreducible closed term is either a value
or an uncaught exception: 

if $\emptyset \vdash M ∶ \tau$ and $M \not\to $, then $M$ is either 
a value $v$ or $\textsf{raise } v$ for some value $v$.

#### Remark

Not all well-typed closed programs terminate in the presence of exceptions.

##### Examples

* Let 
    $$\textsf{exn} = (\textsf{unit} \to \textsf{unit}) \to(\textsf{unit} \to \textsf{unit})$$

<div align="center"><img src="./images/kaist-40.png" width="450"/></div>

* Then $\omega \, (\textsf{fold }\omega)$ does not terminate, where

    $$
    \omega = \lambda x.(\textsf{unfold }x)\, x
    $$

## References

### Syntax

* Terms and evaluations

<div align="center"><img src="./images/kaist-41.png" width="530"/></div>

* Terms for memory locations

<div align="center"><img src="./images/kaist-42.png" width="320"/></div>

### Semantics

#### Store(memory)

* The value found at a location l is obtained by indirection through a store (or memory).

* A memory $\mu$ is a finite mapping of locations to closed values. 

* A configuration is a pair $M\, /\, \mu$ of a term and a store. 

* The operational semantics (given next) reduces configurations instead of expressions.

##### No-dangling-pointers invariant

* The locations that appear in M or in the image of $\mu$ are in the domain of $\mu$.

#### Reduction

<div align="center"><img src="./images/kaist-43.png" width="420"/></div>

<div align="center"><img src="./images/kaist-44.png" width="330"/></div>

### Type system

* New types

<div align="center"><img src="./images/kaist-45.png" width="150"/></div>

* New typing rules

<div align="center"><img src="./images/kaist-46.png" width="600"/></div>

#### Typing rules for memory locations and configurations

* Typing judgments now have the form 

    $$
    \Sigma, \Gamma \vdash M : \tau
    $$

    where $\Sigma$ is a store mapping.

<div align="center"><img src="./images/kaist-47.png" width="150"/></div>

<div align="center"><img src="./images/kaist-48.png" width="550"/></div>

### Type soundness

* The type soundness statements are slightly modified in the presence of the store, since we now reduce configurations.

#### Theorem (Subject reduction)

Reduction preserves types: 

if $M\,/\, \mu \to M'\, / \, \mu'$
and $\vdash M\, /\, \mu ∶ \tau$, 
then $ \vdash M'\, /\, \mu'∶ \tau$.

#### Theorem (Progress)

If $M\, / \mu$ is a well-typed, irreducible configuration, 
then $M$ is a value.