Wellgoing programs can be typed

1
Well-going programs can be typed

• Stefan Kahrs
• University of Kent at Canterbury

2
Background

• There is a quote attributed to Robin Milner
• Well-typed programs dont go wrong!
• Essentially, this is asserting the soundness of
  the type system of some programming language.
• In Logic, where there is a concept of soundness,
  there is typically also a dual concept of
  completeness.

3
In a nutshell

• a type system is complete if it does not prevent
  us from writing any good programs, programs
  expressible through the operational semantics
• this concept of goodness is relative to the type
  at which we want to use the program
• we are interested in this question modulo
  observational equivalence

(we never get completeness on the nose because
of dead code etc.)
4
Standard ML

• ...is incomplete Kahrs 1996.
• The problem there was that SMLs sublanguage of
  type definitions permits the definition of
  so-called nested datatypes, but its type-system
  is too weak to express any non-trivial functions
  traversing or building data for such types.

5
What about a positive result?

• I am going to show that PCF is complete, i.e.
  that every untyped PCF program that behaves well
  at a PCF type is expressible by an equivalent
  typed PCF program

6
What is PCF, actually?

• PCF is a very simple functional programming
  language it supports
• natural numbers (0, succ, pred, ifZero)
• typed ?-abstraction and application
• general recursion
• ...and that is it its types are base type ? and
  it is closed under building function types

7
Proof Idea

• we write an implementation of untyped PCF in
  typed PCF
• essentially, it evaluates (the Gödel-number of)
  an untyped PCF expression at some type ?
• interpret? e is indistinguishable from e,
  provided (i) e is sound at ? (ii) we only compare
  the expressions at that type

8
Hang on...

• isnt this trivial, Turing-completeness,
  blahblahblah?
• No (remember SML!). Turing-completeness only
  means that we can run an encoded program. What
  failed in SML where the provision of
  program-internal encoding and decoding.
• The problem here is the decoding if our
  expression is interpreted at a function type of
  the form (???)?? then its argument is a function
  which we cannot decode functions are ADTs in
  PCF.

9
PCF Expressions

• data Exp
• Var Int
• App Exp Exp Lam Exp
• Fix Exp
• Zero Succ Exp Pred Exp
• If0 Exp Exp Exp

10
Normal Forms

• data NForm
• Hnf Int Exp
• Abst Exp
• Con Int Pr NForm Su NForm
• Test NForm Exp Exp

normalize Exp -gt NForm Routine it could
crash though
11
Evaluation in an Environment

• evaluate an expression with free variables of
  some type ?, and expected result of type ?
• for this to work, ? needs certain properties
• class SelfEmbed a where
• apply a -gt (a -gt a)
• lambd (a -gt a) -gt a
• class IntEmbed a where
• a2int a -gt Int
• int2a Int -gt a

lambd ? apply id
a2int ? int2a id
12
Aside Classes in PCF?

• of course, not!
• Haskell classes permit us do give a uniform
  presentation of the implementation
• in PCF we would get a new implementation for
  every type!
• the class members would have to be passed on as
  extra arguments

13
The meaty bits...

• evalNForm (SelfEmbed a,IntEmbed a) gt a -gt
  NForm -gt a
• evalNForm xs (Hnf n es)
• apMany (xs!!n) evalExp xs eelt-es
• evalNForm xs (Abst e)
• lamb (\a-gtevalExp (axs) e)
• ...
• apMany x x
• apMany x (yys) apMany (apply x y) ys

14
Implementation Target

• class Run a where
• interpret Exp -gt a
• ...is our implementation target
• instance Run Int where ...
• ...is easy
• instance Run (a-gtb) where...
• ...is difficult

15
Putting things together

• instance (LUB a b c, Full c d) gt Run (a-gtb)
  where
• interpret e a
• pro (evalExp emb a (expand e))
• where
• pro (projectc-gtb).(projectd-gtc)
• emb (embedc-gtd) . (embeda-gtc)
• Admittedly, this might require some further
  explanation...

16
General Idea

• interpret the expression as a function in the
  following manner
• wait for the argument
• shove it onto the stack
• evaluate the suitably modified expression
• expand e App (lift e) (Var 0)
• problem the types dont fit
• so we have to make them fit

17
Retractions

• class Retraction a b where
• embed a -gt b
• project b -gt a
• ...where project embed ida
• Essentially, when we have a retraction then we
  can lift things without loss of information

18
Not the same type? No problem!

• class (Retraction a c,Retraction b c) gt LUB a b
  c a b -gt c
• instance (LUB a c e, LUB b d f) gt LUB
  (a-gtb)(c-gtd)(e-gtf)
• ...
• Idea if argument and result type are different
  (which evalExp does not like) then we just
  compute their least upper bound in the retraction
  pre-order.

19
Remarks

• this class LUB has no members, i.e. no code of
  its own
• it does require though the presence of two
  retractions
• we can view it as a proof tool for the existence
  of certain least upper bounds
• the implementation uses it to figure out which
  retractions to pass along as arguments

20
Problem

• this deals with the inequality of argument and
  result type, but it does not give us
  self-embeddings (in general)
• we need to find a type where we can do that and
  into which we can embed everything

21
...and we get it like that

• class (SelfEmbed b, IntEmbed b, Retraction a b)
  gt Full a b a -gt b
• Again, this is a member-less class. The idea is
  that in Full ? ? the type ? is an arbitrary PCF
  type and ? is the smallest self-embedding type
  into which we can embed it.
• instance (Full a x,Full b y,LUB x y z,
• Retraction a z, Retraction b z) gt
• Full (a-gtb) (d-gtd)

22
Looking at this again

• instance (LUB a b c, Full c d) gt Run (a-gtb)
  where
• interpret e a
• pro (evalExp emb a (expand e))
• where
• pro (projectc-gtb).(projectd-gtc)
• emb (embedc-gtd) . (embeda-gtc)
• note the type annotations are necessary to
  resolve the overloading (impossible in Hugs,
  requires GHC)

23
So we have an implementation...

• ...but does it give us the same results?
• After all, these embeddings are typed! They
  could do some harm to untyped stuff!
• However, the function I??? given as
• ?f ?a.proj??? (apply? (emb??????? f)(emb??? a))
• is the identity at type ???. Thus, if an
  expression e is well behaved at this type then
  the expression I??? e is also well-behaved and
  gives the same results.

24
Actually

• the previous is an argument about a partial
  logical equivalence on the term model
  (type-indexed family of partial equivalences)
• the bad expressions are not related by it
• the good ones (at that type) are related to ones
  with the same behaviour
• each of its equivalence classes is inhabited by a
  well-typed term