Chap16Metatheory ofSubtyping

AlgorithmicSubtypingAlgorithmicTypingJoinsandMeets

Developinganalgorithmic

subtypingrelation

SubtypeRelation

IssuesinSubtypingFor a given subtyping statement, there are multiple rulesthat could be used in a derivation.1. The conclusions of S-RcdWidth, S-RcdDepth, and S-RcdPerm overlap with each other.

2. S-REFL and S-TRANS overlap with every other rule.

Whattodo?We'll turn the declarative version of subtyping into thealgorithmic version.

The problem was that we don't have an algorithm todecide when S <: T or Γ ⊢ t ∶ T.

Both sets of rules are not syntax-directed.

Syntax-directedrulesInthesimplytypedlambda-calculus(withoutsubtyping),eachrulecanbe“readfrombottomtotop”inastraightforwardway.

Syntax-directedrulesInthesimplytypedlambda-calculus(withoutsubtyping),eachrulecanbe“readfrombottomtotop”inastraightforwardway.

IfwearegivensomeΓ andsometoftheformt=t> ,wecantrytofindatypefort by1. finding(recursively)atypefort=2. checkingthatithastheformT== ⟶ T=>3. finding(recursively)atypefort>4. checkingthatitisthesameasT==

Syntax-directedrulesTechnically, the reason this works is that we can divide the“positions” of the typing relation into input positions (i.e.,Γ and t) and output positions (T).– For the input positions, all metavariables appearing in the

premises also appear in the conclusion (so we can calculateinputs to the “subgoals” from the subexpressions of inputs tothe main goal)

– For the output positions, all metavariables appearing in theconclusions also appear in the premises (so we can calculateoutputs from the main goal from the outputs of the subgoals)

Syntax-directedsetsofrulesThe second important point about the simply typedlambda-calculus is that the set of typing rules is syntax-directed, in the sense that, for every “input” Γ and t, thereis one rule that can be used to derive typing statementsinvolving t.E.g., if t is an application, then we must proceed by tryingto use T-App. If we succeed, then we have found a type(indeed, the unique type) for t. If it fails, then we knowthat t is not typable.⟹no backtracking!

Non-syntax-directednessoftypingWhen we extend the system with subtyping, both aspectsof syntax-directedness get broken.1. The set of typing rules now includes two rules that can be used

to give a type to terms of a given shape (the old one plus T−SUB)

2. Worse yet, the new rule T-SUB itself is not syntax directed: theinputs to the left-hand subgoal are exactly the same as theinputs to the main goal!(Hence, if we translated the typing rules naively into atypechecking function, the case corresponding to T-SUB wouldcause divergence.)

Non-syntax-directednessofsubtypingMoreover, the subtyping relation is not syntax directedeither.1. There are lots of ways to derive a given subtyping

statement.2. The transitivity rule

is badly non-syntax-directed: the premises contain ametavariable (in an “input position”) that does notappear at all in the conclusion.To implement this rule naively, we have to guess avalue for U!

Whattodo?1. Observation: We don’t need lots of ways to prove a

given typing or subtyping statement — one is enough.⟶ Think more carefully about the typing andsubtyping systems to see where we can get rid ofexcess flexibility.

2. Use the resulting intuitions to formulate new“algorithmic” (i.e., syntax-directed) typing andsubtyping relations.

3. Prove that the algorithmic relations are “the same as”the original ones in an appropriate sense.

AlgorithmicSubtyping

WhattodoHow do we change the rules deriving S <: T to besyntax-directed?

There are lots of ways to derive a given subtypingstatement S <: T.The general idea is to change this system so that there isonly one way to derive it.

Step1:simplifyrecordsubtypingIdea: combine all three record subtyping rules into one“macro rule” that captures all of their effects

Simplersubtyperelation

Step2: GetridofreflexivityObservation: S-REFL is unnecessary.Lemma: S <: Scan be derived for every type S withoutusing S-REFL.

Evensimplersubtyperelation

Step3:GetridoftransitivityObservation: S-Trans is unnecessary.Lemma: If S <: T can be derived, then it can be derivedwithout using S-Trans .

Evensimplersubtyperelation

“Algorithmic”subtyperelation

SoundnessandcompletenessTheorem: S <: T iff ↦ S <: T

Terminology:

– The algorithmic presentation of subtyping is sound withrespect to the original, if ↦ S <: T implies S <: T .(Everything validated by the algorithm is actually true.)

– The algorithmic presentation of subtyping is complete withrespect to the original, if S <: T implies ↦ S <:T .(Everything true is validatedby the algorithm.)

DecisionProceduresA decision procedure for a relation 𝑅 ⊆ 𝑈 is a totalfunction 𝑝 from𝑈 to {true, false} such that 𝑝(𝑢) = 𝑡𝑟𝑢𝑒iff 𝑢 ∈ 𝑅.

DecisionProceduresRecall: A decision procedure for a relation 𝑅 ⊆ 𝑈 is a totalfunction 𝑝 from𝑈 to {true, false} such that 𝑝(𝑢) = 𝑡𝑟𝑢𝑒iff 𝑢 ∈ 𝑅.Isoursubtype functionadecisionprocedure?

DecisionProceduresRecall: A decision procedure for a relation 𝑅 ⊆ 𝑈 is atotal function 𝑝 from𝑈 to {true, false} such that 𝑝(𝑢) =𝑡𝑟𝑢𝑒 iff 𝑢 ∈ 𝑅.Is our subtype function a decision procedure?

Since subtype is just an implementation of thealgorithmic subtyping rules, we have1. if 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑡𝑟𝑢𝑒, then↦ S <:T (hence, by

soundness of the algorithmic rules, S <: T)2. if 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑓𝑎𝑙𝑠𝑒, then not↦ S <: T (hence, by

completeness of the algorithmic rules, not S <: T)

DecisionProceduresRecall:Adecisionprocedureforarelation𝑅 ⊆ 𝑈 isatotalfunction𝑝 from𝑈 to{true,false}suchthat𝑝(𝑢) =𝑡𝑟𝑢𝑒 iff𝑢 ∈ 𝑅.Isoursubtype functionadecisionprocedure?

Since subtype is just an implementation of thealgorithmic subtyping rules, we have1. if 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑡𝑟𝑢𝑒, then↦ S <:T (hence, by

soundness of the algorithmic rules, S <: T)2. if 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑓𝑎𝑙𝑠𝑒, then not↦ S <: T

(hence, by completeness of the algorithmic rules, not S <: T)

Q: What’s missing?

DecisionProceduresRecall:Adecisionprocedureforarelation𝑅 ⊆ 𝑈 isatotalfunction𝑝 from𝑈 to{true,false}suchthat𝑝(𝑢) = 𝑡𝑟𝑢𝑒iff𝑢 ∈ 𝑅.Isoursubtype functionadecisionprocedure?Sincesubtype isjustanimplementationofthealgorithmicsubtypingrules,wehave1. if𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑡𝑟𝑢𝑒,then↦ S <:T (hence,by

soundness ofthealgorithmicrules,S <: T)2. if𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑓𝑎𝑙𝑠𝑒,thennot↦ S <: T (hence,by

completeness ofthealgorithmicrules,notS <: T)

Q:What’smissing?A:Howdoweknowthatsubtype isatotalfunction?

DecisionProceduresRecall: A decision procedure for a relation 𝑅 ⊆ 𝑈 is a totalfunction 𝑝 from 𝑈 to {true, false} such that 𝑝(𝑢) = 𝑡𝑟𝑢𝑒 iff𝑢 ∈ 𝑅.Is our subtype function a decision procedure?Since subtype is just an implementation of the algorithmicsubtyping rules, we have1. if 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑡𝑟𝑢𝑒, then↦ S <:T (hence, by soundness of

the algorithmic rules, S <: T)2. if 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S, T) = 𝑓𝑎𝑙𝑠𝑒, then not↦ S <:T (hence, by

completeness of the algorithmic rules, not S <: T)

Q: What’s missing?A: How do we know that subtype is a total function?Prove it!

DecisionProceduresRecall: A decision procedure for a relation 𝑅 ⊆ 𝑈 is a totalfunction 𝑝 from𝑈 to {true, false} such that 𝑝(𝑢) = 𝑡𝑟𝑢𝑒iff 𝑢 ∈ 𝑅.Example:

𝑈 = 1, 2, 3𝑅 = {(1, 2), (2, 3)}

Note that, we are saying nothing about computability.

DecisionProceduresRecall: A decision procedure for a relation 𝑅 ⊆ 𝑈 is a totalfunction 𝑝 from 𝑈 to {true, false} such that 𝑝(𝑢) = 𝑡𝑟𝑢𝑒 iff𝑢 ∈ 𝑅.

Example:𝑈 = 1, 2, 3𝑅 = {(1, 2), (2, 3)}

Thefunction𝑝 whosegraphis

{((1,2),true),((2,3),true),((1,1),false),((1,3),false),((2,1),false),((2,2),false),((3,1),false),((3,2),false),((3,3),false)}

isadecisionfunctionfor𝑅.

DecisionProceduresRecall: A decision procedure for a relation 𝑅 ⊆ 𝑈 is a totalfunction 𝑝 from𝑈 to {true, false} such that 𝑝(𝑢) = 𝑡𝑟𝑢𝑒iff 𝑢 ∈ 𝑅.Example:

𝑈 = 1, 2, 3𝑅 = {(1, 2), (2, 3)}

Thefunction𝑝′ whosegraphis{((1,2),true),((2,3),true)}

isnot adecisionfunctionfor𝑅.

DecisionProceduresRecall:Adecisionprocedureforarelation𝑅 ⊆ 𝑈 isatotalfunction𝑝 from𝑈 to{true,false}suchthat𝑝(𝑢) = 𝑡𝑟𝑢𝑒iff𝑢 ∈ 𝑅.

Example:𝑈 = {1, 2, 3}𝑅 = {(1, 2), (2, 3)}

Thefunction𝑝′′ whosegraphis{((1,2),true),((2,3),true),((1,3),false)}

isalsonot adecisionfunctionfor𝑅.

DecisionProcedures(take2)We want a decision procedure to be a procedure.

A decision procedure for a relation 𝑅 ⊆ 𝑈 is a computabletotal function 𝑝 from 𝑈 to {true, false} such that 𝑝(𝑢) =𝑡𝑟𝑢𝑒 iff u ∈ 𝑅.

Example𝑈 = {1, 2, 3}𝑅 = {(1, 2), (2, 3)}

Thefunction𝑝(𝑥, 𝑦) = 𝑖𝑓𝑥 = 2𝑎𝑛𝑑𝑦 = 3𝑡ℎ𝑒𝑛𝑡𝑟𝑢𝑒

𝑒𝑙𝑠𝑒𝑖𝑓𝑥 = 1𝑎𝑛𝑑𝑦 = 2𝑡ℎ𝑒𝑛𝑡𝑟𝑢𝑒𝑒𝑙𝑠𝑒𝑓𝑎𝑙𝑠𝑒

whosegraphis{((1,2),true),((2,3),true),((1,1),false),((1,3),false),((2,1),false),((2,2),false),((3,1),false),((3,2),false),((3,3),false)}

isadecisionprocedurefor𝑅.

Example𝑈 = {1, 2, 3}𝑅 = {(1, 2), (2, 3)}

Therecursivelydefinedpartialfunction𝑝(𝑥, 𝑦) = 𝑖𝑓𝑥 = 2𝑎𝑛𝑑𝑦 = 3𝑡ℎ𝑒𝑛𝑡𝑟𝑢𝑒

𝑒𝑙𝑠𝑒𝑖𝑓𝑥 = 1𝑎𝑛𝑑𝑦 = 2𝑡ℎ𝑒𝑛𝑡𝑟𝑢𝑒𝑒𝑙𝑠𝑒𝑖𝑓𝑥 = 1𝑎𝑛𝑑𝑦 = 3𝑡ℎ𝑒𝑛𝑓𝑎𝑙𝑠𝑒𝑒𝑙𝑠𝑒𝑝(𝑥, 𝑦)

Example𝑈 = 1, 2, 3𝑅 = {(1, 2), (2, 3)}

Therecursivelydefinedpartialfunction𝑝(𝑥, 𝑦) = 𝑖𝑓𝑥 = 2𝑎𝑛𝑑𝑦 = 3𝑡ℎ𝑒𝑛𝑡𝑟𝑢𝑒

𝑒𝑙𝑠𝑒𝑖𝑓𝑥 = 1𝑎𝑛𝑑𝑦 = 2𝑡ℎ𝑒𝑛𝑡𝑟𝑢𝑒𝑒𝑙𝑠𝑒𝑖𝑓𝑥 = 1𝑎𝑛𝑑𝑦 = 3𝑡ℎ𝑒𝑛𝑓𝑎𝑙𝑠𝑒𝑒𝑙𝑠𝑒𝑝(𝑥, 𝑦)

whosegraphis{((1,2),true),((2,3),true), ((1,3),false)}

is not adecisionprocedurefor𝑅.

SubtypingAlgorithmThis recursively defined total function is a decisionprocedure for the subtype relation:

subtype(S,T) =ifT = Top,thentrueelseifS = S= ⟶ S> andT =T= ⟶ T>then𝑠𝑢𝑏𝑡𝑦𝑝𝑒 T=, S= ∧ 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S>, T>)

elseifS = {kj:Sjj∈=..l}andT = {ln:Tin∈=..o}

then{lnn∈=..p} ⊆ {kjj∈=..l}∧ forall𝑖 ∈ 1. . 𝑛thereissome𝑗 ∈ 1. .𝑚withkj = ln

and𝑠𝑢𝑏𝑡𝑦𝑝𝑒(Sj, Tn)elsefalse.

SubtypingAlgorithmThis recursively defined total function is a decisionprocedure for the subtype relation:subtype(S,T)=

ifT = Top,thentrueelseifS = S= ⟶ S> andT = T= ⟶ T>then𝑠𝑢𝑏𝑡𝑦𝑝𝑒 T=, S= ∧ 𝑠𝑢𝑏𝑡𝑦𝑝𝑒(S>, T>)

elseifS = {kj:Sjj∈=..l}andT = {ln: Tin∈=..o}

then{lnn∈=..p} ⊆ {kj

j∈=..l}∧ forall𝑖 ∈ 1. . 𝑛thereissome𝑗 ∈ 1. . 𝑚 withkj = ln

and𝑠𝑢𝑏𝑡𝑦𝑝𝑒(Sj, Tn)elsefalse.

Toshowthis,weneedtoprove:1. thatitreturnstrue wheneverS <: T,and2. thatitreturnseither𝑡𝑟𝑢𝑒orfalse onallinputs.

AlgorithmicTyping

AlgorithmictypingHow do we implement a type checker for the lambda-calculus with subtyping?

Given a context Γ and a term t, how do we determine itstype T, such that Γ ⊢ t ∶ T?

IssueForthetypingrelation,wehavejustoneproblematic ruletodealwith: subsumption rule

Q:whereisthisrulereallyneeded?

IssueForthetypingrelation,wehavejustoneproblematicruletodealwith:subsumption

Q:whereisthisrulereallyneeded?Forapplications,e.g.,theterm

(λr: {x:Nat}. r. x){x = 0, y = 1}isnottypable withoutusingsubsumption.

IssueForthetypingrelation,wehavejustoneproblematicruletodealwith:subsumption

Q:whereisthisrulereallyneeded?

Forapplications,e.g.,theterm(λr: {x:Nat}. r. x){x = 0, y = 1}

isnottypable withoutusingsubsumption.

Whereelse??

IssueFor the typing relation, we have just one problematic rule todeal with: subsumption

Q: where is this rule really needed?

For applications, e.g., the term(λr: {x: Nat}. r. x){x = 0, y = 1}

is not typable without using subsumption.

Where else??

Nowhere else!Uses of subsumption to help typecheck applications are theonly interestingones.

Plan1. Investigate how subsumption is used in typing

derivations by looking at examples of how it can be“pushed through” other rules

2. Use the intuitions gained from these examples todesign a new, algorithmic typing relation that– Omits subsumption– Compensates for its absence by enriching theapplication rule

3. Show that the algorithmic typing relation is essentiallyequivalent to the original, declarative one

Example(T-ABS)

Example(T-ABS)

becomes

IntuitionsThese examples show that we do not need T-SUB to “enable”T-ABS : given any typing derivation, we can construct aderivation with the same conclusion in which T-SUB is neverused immediately before T-ABS.

What about T-APP?We’ve already observed that T-SUB is required fortypechecking some applications.So we expect to find that we cannot play the same game withT-APP as we’ve done with T-ABS.

Let’s see why.

Example(T−SubwithT-APPontheleft)

becomes

Example(T−SubwithT-APP ontheright)

becomes

ObservationsSowe’veseenthatusesofsubsumption canbe“pushed”fromoneofimmediatelybeforeT-APP’spremisestotheother,butcannotbecompletelyeliminated.

Example(nestedusesofT-Sub)

Example(nestedusesofT-Sub)

becomes

SummaryWhatwe’velearned:– UsesoftheT-Sub rulecanbe“pusheddown”throughtyping

derivationsuntiltheyencountereither1. auseofT-App or2. therootofthederivationtree.

– Inbothcases,multipleusesofT-Sub canbecoalescedintoasingleone.

SummaryWhatwe’velearned:– UsesoftheT-Sub rulecanbe“pusheddown”throughtypingderivationsuntiltheyencountereither1. auseofT-App or2. therootofthederivationtree.

– Inbothcases,multipleusesofT-Sub canbecollapsedintoasingleone.

Thissuggestsanotionof“normalform”fortypingderivations,inwhichthereis– exactlyoneuseofT-Sub beforeeachuseofT-App– oneuseofT-Sub attheveryend ofthederivation– nousesofT T-Sub anywhereelse.

AlgorithmicTypingThe next step is to “build in” the use of subsumption in applicationrules, by changing the T-App rule to incorporate a subtypingpremise.

Given any typing derivation, we can now1. normalize it, to move all uses of subsumption to either just

before applications (in the right-hand premise) or at the veryend

2. replace uses of T-App with T-SUB in the right-hand premiseby uses of the extended rule above

This yields a derivation in which there is just one use ofsubsumption, at the very end!

MinimalTypesBut... if subsumption is only used at the very end ofderivations, then it is actually not needed in order to showthat any term is typable!It is just used to give more types to terms that have alreadybeen shown to have a type.

In other words, if we dropped subsumption completely (afterrefining the application rule), we would still be able to givetypes to exactly the same set of terms — we just would notbe able to give as many types to some of them.

If we drop subsumption, then the remaining rules will assign aunique, minimal type to each typable term.For purposes of building a typechecking algorithm, this isenough.

FinalAlgorithmicTypingRules

CompletenessofthealgorithmicrulesTheorem [MinimalTyping]: IfΓ ⊢ t ∶ T,thenΓ ↦ t ∶ S forsomeS <: T.

CompletenessofthealgorithmicrulesTheorem [Minimal Typing]: If Γ ⊢ t ∶ T, then Γ ↦ t ∶ S forsome S <: T.Proof: Induction on typing derivation.

(N.b.: All the messing around with transformingderivations was just to build intuitions and decide whatalgorithmic rules to write down and what property toprove: the proof itself is a straightforward induction ontyping derivations.)

MeetsandJoins

AddingBooleansSuppose we want to add booleans and conditionals to thelanguage we have been discussing.For the declarative presentation of the system, we justadd in the appropriate syntactic forms, evaluation rules,and typing rules.

AProblemwithConditionalExpressions

For the algorithmic presentation of the system, however,we encounter a little difficulty.

What is the minimal type of

𝑖𝑓𝑡𝑟𝑢𝑒𝑡ℎ𝑒𝑛 𝑥 = 𝑡𝑟𝑢𝑒, 𝑦 = 𝑓𝑎𝑙𝑠𝑒 𝑒𝑙𝑠𝑒 𝑥 = 𝑡𝑟𝑢𝑒, 𝑧 = 𝑡𝑢𝑟𝑒 ?

TheAlgorithmicConditionalRuleMore generally, we can use subsumption to give anexpression

ift1thent2elset3any type that is a possible type of both t2 and t3.

So the minimal type of the conditional is the leastcommon supertype (or join) of the minimal type of t2 andthe minimal type of t3.

TheAlgorithmicConditionalRuleMore generally, we can use subsumption to give anexpression

ift1thent2elset3any type that is a possible type of both t2 and t3.So the minimal type of the conditional is the leastcommon supertype (or join) of the minimal type of t2 andthe minimal type of t3.

Q:DoessuchatypeexistforeveryT2 andT3??

ExistenceofJoinsTheorem:ForeverypairoftypesSandT,thereisatypeJsuchthat

1. S <: J2. T <: J3. IfK isatypesuchthatS <: KandT <: K,thenJ <: K.

i.e.,J isthesmallesttypethatisasupertype ofbothSandT.

Howtoproveit?

ExamplesWhatarethejoinsofthefollowingpairsoftypes?

1. {x:Bool, y: Bool}and{y: Bool, z: Bool}?2. {x:Bool}and{y:Bool}?3. {x: {a: Bool, b: Bool}}and{x: {b: Bool, c: Bool}, y: Bool}?4. {}andBool?5. {x: {}}and{x: Bool}?6. Top⟶ {x: Bool}andTop⟶ {y: Bool}?7. x:Bool ⟶ Topand{y:Bool} ⟶ Top?

MeetsTocalculatejoinsofarrowtypes,wealsoneedtobeabletocalculatemeets(greatestlowerbounds)!

Unlikejoins,meetsdonotnecessarilyexist.E.g.,Bool ⟶ Booland{}havenocommonsubtypes,sotheycertainlydon’thaveagreatestone!

However...

ExistenceofMeetsTheorem:ForeverypairoftypesSandT, ifthereisanytypeNsuchthatN <: S and N <: T,thenthereisatypeM suchthat

1. M <: S2. M <: T3. IfO isatypesuchthatO <: SandO <:T,thenO <:M.

i.e.,M (whenitexists)isthelargesttypethatisasubtypeofbothSandT.

ExistenceofMeetsTheorem:ForeverypairoftypesSandT, ifthereisanytypeN suchthatN <:S andN <:T,thenthereisatypeM suchthat

1. M <: S2. M <:T3. IfO isatypesuchthatO <: SandO <:T,thenO <:M.

i.e.,M (whenitexists)isthelargesttypethatisasubtypeofbothSandT.

Jargon:Inthesimplytypedlambdacalculuswithsubtyping,records,andbooleans...

Ø Thesubtyperelationhas joinsØ Thesubtyperelationhasboundedmeets

ExamplesWhatarethemeetsofthefollowingpairsoftypes?

1. {x:Bool, y: Bool}and{y: Bool, z: Bool}?2. {x:Bool}and{y:Bool}?3. {x: {a: Bool, b: Bool}}and{x: {b: Bool, c: Bool}, y: Bool}?4. {}andBool?5. {x: {}}and{x: Bool}?6. Top⟶ {x: Bool}andTop⟶ {y: Bool}?7. x:Bool ⟶ Topand{y:Bool} ⟶ Top?

CalculatingJoins

CalculatingMeets

HomeworkJ• Readanddigestchapter16&17

• HW:16.1.2;16.2.6