type safety kangwon national university 임현승 programming languages
TRANSCRIPT
Type Safety
Kangwon National University
임현승
Programming Languages
2
Abstract Syntax
3
Operational Semantics
4
Reduction Rules for Booleans
5
Typing Rules
6
Typing Rules for Booleans
7
Type Safety• Slogan
"well-typed expressions never go wrong"
• Two theorems– Type preservation:
"A well-typed expression reduces to another expression of the same type."
– Progress:"A well-typed expression does not get stuck: either it is a value or
reduces to another expression."
8
Type Preservation + Progress• A well-typed expression e:
– If it is a value, we are finished.– If it is not,
• it reduces to another e' [Progress]• e' has the same type as e. [Type
preservation]
Inductive Proof Recap
9
Inductive Definition• A technique of defining a set by specifying an
element of the set using another element.• Needs a base case.• Starting from the base elements, builds more
elements.– E.g.,
• Recursively defined data structures such as lists and trees can be seen also inductively defined.– E.g., type ‘a list = Nil | Cons of ‘a * ‘a list
10
Inductive Proof• A method of proving properties of recursive functions
defined on inductively (or recursively) defined data structures.
• Apply natural (or structural) induction on the argument of the function
# let rec fact n = if n = 0 then 1
else n * fact (n – 1)
# let rec pow2 n = if n = 0 then 1
else 2 * pow2 (n – 1)
• Prove fact n >= pow2 n when n >= 4!
11
Proof of fact n >= pow2 n• By mathematical induction on n• Base case: n = 4
fact 4 >= pow2 4 by simple calculation
• Inductive case: n = (k + 1)
fact (k + 1)
= (k + 1) * fact k by definition of fact
>= (k + 1) * pow2 k by induction hypothesis
> 2 * pow2 k by simple calculation
= pow2 (k + 1) by definition of pow2
12
Proof by Structural Inductionlet rec concat xs ys = match xs with | [] -> ys | z :: zs -> z :: (concat zs ys)
•We obtain the following equations:Nil ++ ys = ys
(x :: xs) ++ ys = x :: (xs ++ ys)
•Prove the identity of Nil and associativity of ++:xs ++ Nil = xsNil ++ xs = xs
(xs ++ ys) ++ zs = xs ++ (ys ++ zs)
•Can be proved by structural induction on xs 13
Proof of xs ++ Nil = xs• By structural induction on xs• Base case: xs = Nil
Nil ++ Nil = Nil by definition of ++
• Inductive case: xs = z :: zs
(z :: zs) ++ Nil
= z :: (zs ++ Nil) by definition of ++
= z :: zs by induction hypothesis
14
(xs ++ ys) ++ zs = xs ++ (ys ++ zs)
• By structural induction on xs• Base case: xs = Nil
LHS:
(Nil ++ ys) ++ zs
= (ys) ++ zs by definition of ++
RHS:
Nil ++ (ys ++ zs)
= (ys ++ zs) by definition of ++
15
Inductive Case: xs = v :: vs• We can use induction hypothesis on vs• LHS:
((v :: vs) ++ ys) ++ zs
= (v :: (vs ++ ys)) ++ zs by definition of ++
= v :: ((vs ++ ys) ++ zs) by definition of ++
= v :: (vs ++ (ys ++ zs)) by IH
= (v :: vs) ++ (ys ++ zs) by definition of ++
: RHS• This inductive reasoning can also be applied to
judgments and inference rules as they also define a set in an inductive manner.
16
Back to the Type Safety
17
18
Type Safety• Type preservation
• Progress
19
20
21
22
23
24
25
Canonical Forms Lemma• Required by the proof of the progress theorem
"How" is boring.But "what" is not boring.
27
Type Preservation
• Apply rule induction to:
28
Which case first?
29
Some theorem to prove• Case the easiest • ...• Case easy• ...• Case difficult• ...• Case the most difficult
Which case first?
30
Some theorem to refute• Case the easiest• ...• Case easy• ...• Case difficult• ...• Case the most difficult
Which case first?
31
So the most difficult case App first!
32
33
Substitution Lemma
• Apply rule induction to
Why ? •
– analyzes the structure of , not .– searches for every occurrence of variable in
only to replace it by .– thus, does not need to know the structure of .
• Proof of substitution lemma – By rule induction on – Proof can be found in Section 4.4.2 of POSTECH
PL Course Notes.34