✬ ✩ ✬ ✩ Announcements CIS 500 � Midterm II is one week from Wednesday (November 16). Software Foundations � It will cover TAPL chapters 8-14 (except 12). � Recitations this week will be review for midterm. Fall 2005 � No in class review. � Homework 6 due today. 7 November � Homework 7 out today, due November 14. ✫ ✪ ✫ ✪ CIS 500, 7 November 1 CIS 500, 7 November 2 ✬ ✩ ✬ ✩ Another example BoolArray = Ref (Nat → Bool); newarray = λ _:Unit. ref ( λ n:Nat.false); References : Unit → BoolArray lookup = λ a:BoolArray. λ n:Nat. (!a) n; : BoolArray → Nat → Bool update = λ a:BoolArray. λ m:Nat. λ v:Bool. let oldf = !a in a := ( λ n:Nat. if equal m n then v else oldf n); : BoolArray → Nat → Bool → Unit let a = newarray () in print (lookup a 3); update a 3 true; ✫ ✪ ✫ ✪ lookup a 3 CIS 500, 7 November 3 CIS 500, 7 November 4
✬ ✩ ✬ ✩ Syntax Evaluation An assignment t 1 :=t 2 first evaluates t 1 and t 2 until they become values... ::= terms t unit unit constant → t ′ 1 | µ ′ t 1 | µ − x variable ( E-Assign1 ) λ x:T.t abstraction → t ′ 1 :=t 2 | µ ′ t 1 :=t 2 | µ − application t t ref t reference creation → t ′ 2 | µ ′ t 2 | µ − ( E-Assign2 ) !t dereference → v 1 :=t ′ 2 | µ ′ v 1 :=t 2 | µ − t:=t assignment l store location ... and then returns unit and updates the store: ::= v values ( E-Assign ) l :=v 2 | µ − → unit | [ l � → v 2 ] µ unit unit constant λ x:T.t abstraction value l store location ✫ ✪ ✫ ✪ CIS 500, 7 November 5 CIS 500, 7 November 6 ✬ ✩ ✬ ✩ A term of the form ref t 1 first evaluates inside t 1 until it becomes a value... A term !t 1 first evaluates in t 1 until it becomes a value... t 1 | µ − → t ′ 1 | µ ′ t 1 | µ − → t ′ 1 | µ ′ ( E-Ref ) ( E-Deref ) ref t 1 | µ − → ref t ′ 1 | µ ′ !t 1 | µ − → !t ′ 1 | µ ′ ... and then chooses (allocates) a fresh location l , augments the store with a ... and then looks up this value (which must be a location, if the original term binding from l to v 1 , and returns l : was well typed) and returns its contents in the current store: l / ∈ dom ( µ ) µ ( l ) = v ( E-RefV ) ( E-DerefLoc ) ref v 1 | µ − → l | ( µ, l � → v 1 ) ! l | µ − → v | µ ✫ ✪ ✫ ✪ CIS 500, 7 November 7 CIS 500, 7 November 8
✬ ✩ ✬ ✩ Evaluation rules for function abstraction and application are augmented with stores, but don’t do anything with them directly. t 1 | µ − → t ′ 1 | µ ′ ( E-App1 ) Store Typings t 1 t 2 | µ − → t ′ 1 t 2 | µ ′ t 2 | µ − → t ′ 2 | µ ′ ( E-App2 ) v 1 t 2 | µ − → v 1 t ′ 2 | µ ′ ( E-AppAbs ) ( λ x:T 11 .t 12 ) v 2 | µ − → [ x � → v 2 ] t 12 | µ ✫ ✪ ✫ ✪ CIS 500, 7 November 9 CIS 500, 7 November 10 ✬ ✩ ✬ ✩ Typing Locations Typing Locations Q: What is the type of a location? Q: What is the type of a location? A: It depends on the store! E.g., in the store ( l 1 � → unit , l 2 � → unit ) , the term ! l 2 has type Unit . But in the store ( l 1 � → unit , l 2 � → λ x:Unit.x ) , the term ! l 2 has type Unit → Unit . ✫ ✪ ✫ ✪ CIS 500, 7 November 11 CIS 500, 7 November 11-a
✬ ✩ ✬ ✩ Typing Locations — first try Typing Locations — first try Roughly: Roughly: Γ ⊢ µ ( l ) : T 1 Γ ⊢ µ ( l ) : T 1 Γ ⊢ l : Ref T 1 Γ ⊢ l : Ref T 1 More precisely: Γ | µ ⊢ µ ( l ) : T 1 Γ | µ ⊢ l : Ref T 1 I.e., typing is now a four-place relation (between contexts, stores, terms, and types). ✫ ✪ ✫ ✪ CIS 500, 7 November 12 CIS 500, 7 November 12-a ✬ ✩ ✬ ✩ Problem Problem! However, this rule is not completely satisfactory. For one thing, it can make But wait... it gets worse. Suppose typing derivations very large! ( µ = l 1 � → λ x:Nat. ! l 2 x , E.g., if l 2 � → λ x:Nat. ! l 1 x ) , ( µ = l 1 � → λ x:Nat. 999 , Now how big is the typing derivation for ! l 2 ? l 2 � → λ x:Nat. ! l 1 (! l 1 x) , l 3 � → λ x:Nat. ! l 2 (! l 2 x) , l 4 � → λ x:Nat. ! l 3 (! l 3 x) , l 5 � → λ x:Nat. ! l 4 (! l 4 x) ) , then how big is the typing derivation for ! l 5 ? ✫ ✪ ✫ ✪ CIS 500, 7 November 13 CIS 500, 7 November 14
✬ ✩ ✬ ✩ Store Typings E.g., for µ = ( l 1 � → λ x:Nat. 999 , Observation: The typing rules we have chosen for references guarantee that a l 2 � → λ x:Nat. ! l 1 (! l 1 x) , given location in the store is always used to hold values of the same type. l 3 � → λ x:Nat. ! l 2 (! l 2 x) , These intended types can be collected into a store typing — a partial function l 4 � → λ x:Nat. ! l 3 (! l 3 x) , from locations to types. l 5 � → λ x:Nat. ! l 4 (! l 4 x) ) , A reasonable store typing would be Σ = ( l 1 � → Nat → Nat , l 2 � → Nat → Nat , l 3 � → Nat → Nat , l 4 � → Nat → Nat , l 5 � → Nat → Nat ) ✫ ✪ ✫ ✪ CIS 500, 7 November 15 CIS 500, 7 November 16 ✬ ✩ ✬ ✩ Now, suppose we are given a store typing Σ describing the store µ in which we Final typing rules intend to evaluate some term t . Then we can use Σ to look up the types of locations in t instead of calculating them from the values in µ . Σ ( l ) = T 1 ( T-Loc ) Σ ( l ) = T 1 Γ | Σ ⊢ l : Ref T 1 ( T-Loc ) Γ | Σ ⊢ l : Ref T 1 Γ | Σ ⊢ t 1 : T 1 ( T-Ref ) I.e., typing is now a four-place relation between between contexts, store Γ | Σ ⊢ ref t 1 : Ref T 1 typings, terms, and types. Γ | Σ ⊢ t 1 : Ref T 11 ( T-Deref ) Γ | Σ ⊢ !t 1 : T 11 Γ | Σ ⊢ t 1 : Ref T 11 Γ | Σ ⊢ t 2 : T 11 ( T-Assign ) Γ | Σ ⊢ t 1 :=t 2 : Unit ✫ ✪ ✫ ✪ CIS 500, 7 November 17 CIS 500, 7 November 18
✬ ✩ ✬ ✩ Q: Where do these store typings come from? Q: Where do these store typings come from? A: When we first typecheck a program, there will be no explicit locations, so we can use an empty store typing. So, when a new location is created during evaluation, ∈ dom ( µ ) l / ( E-RefV ) ref v 1 | µ − → l | ( µ, l � → v 1 ) we can observe the type of v 1 and extend the “current store typing” appropriately. ✫ ✪ ✫ ✪ CIS 500, 7 November 19 CIS 500, 7 November 19-a ✬ ✩ ✬ ✩ Proving type safety Proving type safety Stating the presevation theorem is a little trickier now. What is wrong with Stating the presevation theorem is a little trickier now. What is wrong with this statement of preservation? this statement of preservation? → t ′ | µ ′ then Γ | Σ ⊢ t ′ : T . → t ′ | µ ′ then Γ | Σ ⊢ t ′ : T . If Γ | Σ ⊢ t : T and t | µ − If Γ | Σ ⊢ t : T and t | µ − We need to talk about how stores can be typed! There is no connection between Σ and µ . ✫ ✪ ✫ ✪ CIS 500, 7 November 20 CIS 500, 7 November 20-a
✬ ✩ ✬ ✩ Store typing Preservation theorem, second try A store µ is said to be well-typed with respect to a typing context Γ and a What is wrong with this statement of the preservation theorem? store typing Σ , written Γ | Σ ⊢ µ , if → t ′ | µ ′ then If Γ | Σ ⊢ t : T and Γ | Σ ⊢ µ and t | µ − Γ | Σ ⊢ t ′ : T dom ( µ ) = dom ( Σ ) and Γ | Σ ⊢ µ ( l ) : Σ ( l ) for every l ∈ dom ( µ ) ✫ ✪ ✫ ✪ CIS 500, 7 November 21 CIS 500, 7 November 22 ✬ ✩ ✬ ✩ Preservation theorem New lemmas for preservation → t ′ | µ ′ then, If Γ | Σ ⊢ t : T and Γ | Σ ⊢ µ and t | µ − Substitution for stores: If Γ | Σ ⊢ µ and Σ ( l ) = T and Γ | Σ ⊢ v : T then for some Σ ′ ⊇ Σ, Γ | Σ ′ ⊢ t ′ : T Γ | Σ ⊢ [ l � → v ] µ ✫ ✪ ✫ ✪ CIS 500, 7 November 23 CIS 500, 7 November 24
✬ ✩ ✬ ✩ New lemmas for preservation Progress theorem Substitution for stores: Suppose that ∅ | Σ ⊢ t : T then either If Γ | Σ ⊢ µ and Σ ( l ) = T and Γ | Σ ⊢ v : T then 1. t is a value, or else 2. for any store µ such that ∅ | Σ ⊢ µ , there is some t ′ and store µ ′ with Γ | Σ ⊢ [ l � → v ] µ → t ′ | µ ′ . t | µ − Weakening for stores: If Γ | Σ ⊢ t : T and Σ ′ ⊇ Σ , then Γ | Σ ′ ⊢ t : T ✫ ✪ ✫ ✪ CIS 500, 7 November 24-a CIS 500, 7 November 25 ✬ ✩ ✬ ✩ Progress theorem Safety ∗ t ′ | µ and t ′ | µ � − Suppose that ∅ | Σ ⊢ t : T then either If ∅ | ∅ ⊢ t : T and t | ∅ − → then t is a value. → 1. t is a value, or else 2. for any store µ such that ∅ | Σ ⊢ µ , there is some t ′ and store µ ′ with → t ′ | µ ′ . t | µ − Why isn’t Σ required to be empty? ✫ ✪ ✫ ✪ CIS 500, 7 November 25-a CIS 500, 7 November 26
Recommend
More recommend
