Consistent Subtyping for All

Transcription

1 Consistent Subtyping for All Ningning Xie Xuan Bi Bruno C. d. S. Oliveira 11 May, 2018 The University of Hong Kong 1

2 Background There has been ongoing debate about which language paradigm, static typing or dynamic typing, is better 2

3 Background 1 Some people are in favor of static typing: Communication Reliability Efficiency Productivity 1 Adapted from POPL2017 tutorial. 3

4 Background 1 Some people are in favor of static typing: Communication Reliability Efficiency Productivity the other prefer dynamic typing: Don t have to write type annotations Expressiveness Cognitive load Learning curve 1 Adapted from POPL2017 tutorial. 3

5 Gradual Typing From a Programmer s View Gradual typing enables the evolution of programs from untyped to typed, and provides fine-grained control over which parts are statically checked. 2 2 Examples courtesy of Garcia s slides at POPL 16 4

6 Gradual Typing From a Programmer s View Gradual typing enables the evolution of programs from untyped to typed, and provides fine-grained control over which parts are statically checked. 2 Program with no type information (dynamic checking) def f(x) = x + 2 def h(g) = g(1) h f 2 Examples courtesy of Garcia s slides at POPL 16 4

7 Gradual Typing From a Programmer s View Gradual typing enables the evolution of programs from untyped to typed, and provides fine-grained control over which parts are statically checked. 2 Program with no type information (dynamic checking) def f(x) = x + 2 def h(g) = g(1) h f Program with full type information (static checking) def f(x : Int) = x + 2 def h(g : Int Int) = g(1) h f 2 Examples courtesy of Garcia s slides at POPL 16 4

8 Gradual Typing From a Programmer s View Gradual typing enables the evolution of programs from untyped to typed, and provides fine-grained control over which parts are statically checked. 2 Program with no type information (dynamic checking) def f(x) = x + 2 def h(g) = g(1) h f Program with full type information (static checking) def f(x : Int) = x + 2 def h(g : Int Int) = g(1) h f Program with some type information (mixed checking) def f(x : Int) = x + 2 def h(g) = g(1) h f 2 Examples courtesy of Garcia s slides at POPL 16 4

9 Gradual Typing 101 A gradual type system enforces static type discipline whenever possible: def f(x : Bool) = x + 2 def h (g) = g(1) h f -- static error 5

10 Gradual Typing 101 A gradual type system enforces static type discipline whenever possible: def f(x : Bool) = x + 2 def h (g) = g(1) h f -- static error Inside every gradual language is a small static language struggling to get out... Anonymous 5

11 Gradual Typing 101 A gradual type system enforces static type discipline whenever possible: def f(x : Bool) = x + 2 def h (g) = g(1) h f -- static error Inside every gradual language is a small static language struggling to get out... Anonymous When the type information is not available, it delegates to dynamic checking at runtime: def f(x : Int) = x + 2 def h(g) = g(true) h f -- runtime error 5

12 Gradual Typing 101 The key external feature of every gradual type system is the unknown type. f (x : Int) = x + 2 h (g : ) = g 1 h f -- static checking -- dynamic checking Central to gradual typing is type consistency, which relaxes type equality: Int, Int Int,... Int = Int Bool = Bool Int Bool extend === Int Int Bool Bool Int Bool Int Int Int... 6

13 Gradual Typing 101 The key external feature of every gradual type system is the unknown type. f (x : Int) = x + 2 h (g : ) = g 1 h f -- static checking -- dynamic checking Central to gradual typing is type consistency, which relaxes type equality: Int, Int Int,... Dynamic semantics is defined by type-directed translation to an internal language with runtime casts: ( g) ( Int 1) 6

14 Many Successes Gradual typing has seen great popularity both in academia and industry. Over the years, there emerge many gradual type disciplines: Subtyping Parametric Polymorphism Type inference Security Typing Effects... 7

15 Many Successes, But... Gradual typing has seen great popularity both in academia and industry. Over the years, there emerge many gradual type disciplines: Subtyping Parametric Polymorphism Type inference Security Typing Effects... R As type systems get more complex, it becomes more difficult to adapt notions of gradual typing. [Garcia et al., 2016] 7

16 Problem Can we design a gradual type system with implicit higher-rank polymorphism? 8

17 Problem Can we design a gradual type system with implicit higher-rank polymorphism? State-of-art techniques are inadequate. 8

18 Why It Is interesting Haskell supports implicit higher-rank polymorphism, but some safe programs are rejected: foo :: ([Int], [Char]) foo = let f x = (x [1, 2], x [ a, b ]) in f reverse -- GHC rejects 9

19 Why It Is interesting Haskell supports implicit higher-rank polymorphism, but some safe programs are rejected: foo :: ([Int], [Char]) foo = let f x = (x [1, 2], x [ a, b ]) in f reverse -- GHC rejects If we had gradual typing... let f (x : ) = (x [1, 2], x [ a, b ]) in f reverse 9

20 Why It Is interesting Haskell supports implicit higher-rank polymorphism, but some safe programs are rejected: foo :: ([Int], [Char]) foo = let f x = (x [1, 2], x [ a, b ]) in f reverse -- GHC rejects If we had gradual typing... let f (x : ) = (x [1, 2], x [ a, b ]) in f reverse Moving to more precised version still type checks, but with more static safety guarantee: let f (x : a. [a] [a]) = (x [1, 2], x [ a, b ]) in f reverse 9

21 Contributions A new specification of consistent subtyping that works for implicit higher-rank polymorphism An easy-to-follow recipe for turning subtyping into consistent subtyping A gradually typed calculus with implicit higher-rank polymorphism Satisfies correctness criteria (formalized in Coq) A sound and complete algorithm 10

22 What Is Consistent Subtyping Consistent subtyping ( ) is the extension of subtyping to gradual types. [Siek and Taha, 2007] 11

23 What Is Consistent Subtyping Consistent subtyping ( ) is the extension of subtyping to gradual types. [Siek and Taha, 2007] A static subtyping relation (<:) over gradual types, with the key insight that is neutral to subtyping ( <: ) 11

24 What Is Consistent Subtyping Consistent subtyping ( ) is the extension of subtyping to gradual types. [Siek and Taha, 2007] A static subtyping relation (<:) over gradual types, with the key insight that is neutral to subtyping ( <: ) Definition (Consistent Subtyping à la Siek and Taha) The following two are equivalent: 1. A B if and only if A C and C <: B for some C. 2. A B if and only if A <: C and C B for some C. 11

25 Design Principle R Gradual typing and subtyping are orthogonal and can be combined in a principled fashion. Siek and Taha 12

26 Challenge Polymorphic types induce a subtyping relation: a. a a <: Int Int Design consistent subtyping that combines 1) consistency 2) subtyping 3) polymorphism. 13

27 Challenge Polymorphic types induce a subtyping relation: a. a a <: Int Int Design consistent subtyping that combines 1) consistency 2) subtyping 3) polymorphism. R Gradual typing and polymorphism are orthogonal and can be combined in a principled fashion. 3 3 Note that here we are mostly concerned with static semantics. 13

28 Problem with Existing Definition

29 Odersky-Läufer Type System The underlying static language is the well-established type system for higher-rank types. [Odersky and Läufer, 1996] Types A, B ::= Int a A B a. A Monotypes τ, σ ::= Int a τ σ Terms e ::= x n λx : A. e λx. e e 1 e 2 Contexts Ψ ::= Ψ, x : A Ψ, a 14

30 Subtyping Ψ A <: B (Subtyping) a Ψ Ψ a <: a Ψ τ Ψ Int <: Int Ψ A[a τ] <: B Ψ a. A <: B Ψ B 1 <: A 1 Ψ A 2 <: B 2 Ψ A 1 A 2 <: B 1 B 2 Ψ, a A <: B Ψ A <: a. B 15

31 Subtyping with Unknown Types Ψ A <: B (Subtyping) a Ψ Ψ a <: a Ψ τ Ψ Int <: Int Ψ A[a τ] <: B Ψ a. A <: B Ψ B 1 <: A 1 Ψ A 2 <: B 2 Ψ A 1 A 2 <: B 1 B 2 Ψ, a A <: B Ψ A <: a. B Ψ <: 15

32 Type Consistency A B (Type Consistency) A A A A A 1 B 1 A 2 B 2 A 1 A 2 B 1 B 2 16

33 Type Consistency with Polymorphic Types A B (Type Consistency) A A A A A 1 B 1 A 2 B 2 A 1 A 2 B 1 B 2 A B a. A a. B 16

34 Type Consistency with Polymorphic Types A B (Type Consistency) A A A A A 1 B 1 A 2 B 2 A 1 A 2 B 1 B 2 A B a. A a. B R The simplicity comes from the orthogonality between consistency and subtyping! 16

35 Bad News Definition (Consistent Subtyping à la Siek and Taha) The following two are equivalent: 1. A B if and only if A C and C <: B for some C. 2. A B if and only if A <: C and C B for some C. R Equivalence is broken in the polymorphic setting! 17

36 Bad News Definition (Consistent Subtyping à la Siek and Taha) The following two are equivalent: 1. A B if and only if A C and C <: B for some C. 2. A B if and only if A <: C and C B for some C. R Equivalence is broken in the polymorphic setting! ( Int) Int <: <: ( a.a Int) Int ( a. Int) Int 17

37 Bad News Definition (Consistent Subtyping à la Siek and Taha) The following two are equivalent: 1. A B if and only if A C and C <: B for some C. 2. A B if and only if A <: C and C B for some C. R Equivalence is broken in the polymorphic setting! Int Int Int <: <: a.a 17

38 Bad News Definition (Consistent Subtyping à la Siek and Taha) The following two are equivalent: 1. A B if and only if A C and C <: B for some C. 2. A B if and only if A <: C and C B for some C. R Equivalence is broken in the polymorphic setting! ( (( Int) Int) Bool) (Int ) <: <: ( (( a.a Int) Int) Bool) ( a.a) 17

39 Revisiting Consistent Subtyping

40 Consistent Subtyping vs. Subtyping Subtyping validates the subsumption principle Ψ e : A Ψ e : B A <: B 18

41 Consistent Subtyping vs. Subtyping Subtyping validates the subsumption principle, so should consistent subtyping Ψ e : A Ψ e : B A B 18

42 Consistent Subtyping vs. Subtyping Subtyping validates the subsumption principle, so should consistent subtyping Ψ e : A Ψ e : B A B Subtyping is transitive, but consistent subtyping is not 18

43 Observations Observation (I) If A <: B and B C, then A C. <: T 1 <: C <: B T 2 A 19

44 Observations Observation (I) If A <: B and B C, then A C. <: T 1 <: C <: B T 2 A 19

45 Observations Observation (I) If A <: B and B C, then A C. <: T 1 <: C B T 2 <: A 19

46 Observations Observation (I) If A <: B and B C, then A C. Observation (II) If C B and B <: A, then C A. <: T 1 C <: B T 2 <: A <: T 1 B <: <: A C T 2 19

47 Observations Observation (I) If A <: B and B C, then A C. Observation (II) If C B and B <: A, then C A. <: T 1 C <: B T 2 <: A <: T 1 B <: <: A C T 2 19

48 Consistent Subtyping, the Specification Definition (Generalized Consistent Subtyping) Ψ A B def = Ψ A <: A, A B and Ψ B <: B for some A and B. <: B A B <: A 20

49 Consistent Subtyping, the Specification Definition (Generalized Consistent Subtyping) Ψ A B def = Ψ A <: A, A B and Ψ B <: B for some A and B. ((( Int) Int) Bool) (Int ) A <: B <: ((( a.a Int) Int) Bool) ( a.a) A = (( a.a Int) Int) Bool) (Int Int) B = (( a. Int) Int) Bool) (Int ) 20

50 Non-Determinism Definition (Generalized Consistent Subtyping) Ψ A B def = Ψ A <: A, A B and Ψ B <: B for some A and B. Two sources of non-determinism: 1. Two intermediate types A and B 21

51 Non-Determinism Definition (Generalized Consistent Subtyping) Ψ A B def = Ψ A <: A, A B and Ψ B <: B for some A and B. Two sources of non-determinism: 1. Two intermediate types A and B 2. Guessing monotypes Ψ τ Ψ A[a τ] <: B Ψ a. A <: B 21

52 Non-Determinism Definition (Generalized Consistent Subtyping) Ψ A B def = Ψ A <: A, A B and Ψ B <: B for some A and B. Two sources of non-determinism: 1. Two intermediate types A and B R We can derive a syntax-directed inductive definition without resorting to subtyping or consistency at all! 21

53 Consistent Subtyping Without Existentials Notice Ψ A always holds ( <: A <: A), and vise versa (Ψ A ) 22

54 Consistent Subtyping Without Existentials: First Step 1. Replace <: with Ψ A <: B a Ψ Ψ a <: a Ψ τ Ψ Int <: Int Ψ A[a τ] <: B Ψ a. A <: B (Subtyping) Ψ B 1 <: A 1 Ψ A 2 <: B 2 Ψ A 1 A 2 <: B 1 B 2 Ψ, a A <: B Ψ A <: a. B Ψ <: 22

55 Consistent Subtyping Without Existentials: First Step 1. Replace <: with Ψ A B a Ψ Ψ a a Ψ τ Ψ Int Int Ψ A[a τ] B Ψ a. A B (Consistent Subtyping, not yet) Ψ B 1 A 1 Ψ A 2 B 2 Ψ A 1 A 2 B 1 B 2 Ψ, a A B Ψ A a. B Ψ 22

56 Consistent Subtyping Without Existentials: Second Step 1. Replace <: with 2. Replace Ψ with Ψ A and Ψ A Ψ A B (Consistent Subtyping, not yet) a Ψ Ψ a a Ψ Int Int Ψ B 1 A 1 Ψ A 2 B 2 Ψ A 1 A 2 B 1 B 2 Ψ τ Ψ A[a τ] B Ψ a. A B Ψ, a A B Ψ A a. B Ψ 22

57 Consistent Subtyping Without Existentials: Second Step 1. Replace <: with 2. Replace Ψ with Ψ A and Ψ A Ψ A B (Consistent Subtyping) a Ψ Ψ a a Ψ Int Int Ψ B 1 A 1 Ψ A 2 B 2 Ψ A 1 A 2 B 1 B 2 Ψ τ Ψ A[a τ] B Ψ a. A B Ψ, a A B Ψ A a. B Ψ A Ψ A 22

58 Definition Meets Specification Theorem Ψ A B iff Ψ A <: A, A B and Ψ B <: B for some A and B. 23

59 Declarative Type System

60 Type System Ψ e : A Ψ, a e : A Ψ e : a. A u-gen (Typing, selected rules) Ψ, x : A e : B Ψ λx : A. e : A B u-lamann Ψ, x : τ e : B Ψ λx. e : τ B u-lam Ψ e 1 : A Ψ A A 1 A 2 Ψ e 2 : A 3 Ψ A 3 A 1 Ψ e 1 e 2 : A 2 u-app 24

61 Type System Ψ e 1 : A Ψ A A 1 A 2 Ψ e 2 : A 3 Ψ A 3 A 1 Ψ e 1 e 2 : A 2 u-app Ψ A A 1 A 2 (Matching) Ψ τ Ψ A[a τ] A 1 A 2 Ψ a. A A 1 A 2 m-forall Ψ A 1 A 2 A 1 A 2 m-arr Ψ m-unknown 24

62 Dynamic Semantics Type-directed translation into an intermediate language with runtime casts (Ψ e : A s) We translate to the Polymorphic Blame Calculus (PBC) [Ahmed et al., 2011] PBC terms 4 s ::= x n λx : A. s Λa. s s 1 s 2 A B s 4 Only a subst of PBC terms are used 25

63 Correctness Criteria Conservative extension: for all static Ψ, e, and A, if Ψ OL e : A, then there exists B, such that Ψ e : B, and Ψ B <: A. if Ψ e : A, then Ψ OL e : A Monotonicity w.r.t. precision: for all Ψ, e, e, A, if Ψ e : A, and e e, then Ψ e : B, and B A for some B. Type Preservation of cast insertion: for all Ψ, e, A, if Ψ e : A, then Ψ e : A s, and Ψ B s : A for some s. Monotonicity of cast insertion: for all Ψ, e 1, e 2, s 1, s 2, A, if Ψ e 1 : A s 1, and Ψ e 2 : A s 2, and e 1 e 2, then Ψ Ψ s 1 B s 2. 26

64 Correctness Criteria Conservative extension: for all static Ψ, e, and A, if Ψ OL e : A, then there exists B, such that Ψ e : B, and Ψ B <: A. if Ψ e : A, then Ψ OL e : A Monotonicity w.r.t. precision: for all Ψ, e, e, A, if Ψ e : A, and e e, then Ψ e : B, and B A for some B. Type Preservation of cast insertion: for all Ψ, e, A, if Ψ e : A, then Ψ e : A s, and Ψ B s : A for some s. Monotonicity of cast insertion: for all Ψ, e 1, e 2, s 1, s 2, A, if Ψ e 1 : A s 1, and Ψ e 2 : A s 2, and e 1 e 2, then Ψ Ψ s 1 B s 2. R Proved in Coq! 26

65 Recap Gradual Language with Implict Higher-Rank Polymorphism <translate> Cast Language PBC <Gradualize> Static Language Criteria 27

66 More in the Paper A bidirectional account of the algorithmic type system (inspired by [Dunfield and Krishnaswami, 2013]) Extension to top types Discussion and comparison with other approaches (AGT [Garcia et al., 2016], Directed Consistency [Jafery and Dunfield, 2017]) Discussion of dynamic guarantee 28

67 Future Work Fix the issue with dynamic guarantee (partially) More features: fancy types, etc. 29

68 References A. Ahmed, R. B. Findler, J. G. Siek, and P. Wadler. Blame for all. In POPL, J. Dunfield and N. R. Krishnaswami. Complete and easy bidirectional typechecking for higher-rank polymorphism. In ICFP, R. Garcia, A. M. Clark, and É. Tanter. Abstracting gradual typing. In POPL, K. A. Jafery and J. Dunfield. Sums of uncertainty: Refinements go gradual. In POPL, M. Odersky and K. Läufer. Putting type annotations to work. In POPL, J. G. Siek and W. Taha. Gradual typing for objects. In ECOOP,

69 Consistent Subtyping for All Ningning Xie Xuan Bi Bruno C. d. S. Oliveira 11 May, 2018 The University of Hong Kong 31

70 Backup Slides

71 Dynamic Guarantee Changes to the annotations of a gradually typed program should not change the dynamic behaviour of the program. The declarative system breaks it... (λf : a. a Int. λx : Int. f x) (λx. 1) 3 3 (λf : a. a Int. λx :. f x) (λx. 1) 3? A common problem in gradual type inference, see [Garcia and Cimini 2015]. Static and gradual type parameters may help. A more sophisticated term precision is needed in PBC. [Igarashi et al. 2017]