VIP: Implement lexical block level scoping in Viper #545
Viper should correctly implement block-level scoping semantics while fully disallowing shadowing to avoid misleading and error-prone code.
The semantics of variable scoping is very important for a programming language because the scoping determines how a (variable) name binds to the actual object. The current Viper compiler mixes different scoping approaches and makes it very hard to reason about programs. We propose uniform use of lexical block-level scoping.
The principles behind Viper are security, simplicity and auditability. However, the current scoping in Viper is not clear and can make the code misleading and error-prone.
In Viper, a local variable is accessible throughout the whole function after it is declared.
However, index variables are treated differently from other local variables.
What's more, an annotated assignment
With the current scoping rules, a program which declares a variable inside the
is equivalent to
The difference is that for the second program, one can negate the
Situations like the above make it unnecessarily difficult to reason about programs and program equivalence.
Since global variables have their own namespace
Variable declaration and initialization
A variable can be declared only with a statement of the form
A block scope is created by a function declaration, a conditional
and so should be the following
But the following program is valid:
However, the following program is not allowed because
Shadowing is so evil and correctness is so paramount in Viper, that we encourage the language designers to consider an event stronger discipline than in other languages. We propose to even disallow programs like the following one:
In java, similar programs are allowed, because, technically, the second declaration of
This change is backward compatible with some Viper programs. This includes all programs that, for instance, declare variables at the beginning of their functions, or do not use blocks (or declarations in blocks) in their functions. Some Viper programs will need to be minorly modified for compatibility with these new rules.
Copyright and related rights waived via CC0
The text was updated successfully, but these errors were encountered:
Agree strongly. There should only be one instance of a given variable name allowed between a given scope and all of the scopes surrounding it. So: