COP 5021 Lecture -*- Outline -*-

* Introduction to type checking

	idea: (static) analysis to verify certain program properties
		ostensibly to prevent run-time type errors

** What is a "type"?

        Q: Can we define a type in a language independent way?
                  it's an (over)approximation to an expression's value

        a type is a set of values (that a user defines)
                operations go with these, hence it corresponds to an ADT.

** What is a type error?
        Q: what is a type error?
	assignment of variable of type S a value of type T?
		so what?
	treating a S as a T? (why do we care?)
		what is meant by "treating" - calling an operation

	Donahue: all objects are bit strings,
		want to make sure don't misinterpret them

        You can view it as a kind of consistency checking,
              but is there a principled way to think about it?

*** Preservation of invariants by modules in data
	want inductive proofs of properties (basis: constructors...)
		e.g., safety properties like no duplicates in a list
	for data type induction to be sound,
		need to find all places that data can be
			created or mutated
*** Seals (Morris 1973)
        way to describe invariant preservation
	want module to be able to seal data before passing it to world
**** prevent: alteration, discovery, impersonation
	alteration: change of state without use of operations
	discovery: access to components without use of ops
	impersonation: some object not created by ops acts as if it was.

	describe how this would cause problems for a program:
		e.g., a table kept in sorted order

        Q: Does an OO language prevent impersonation?

**** seal mechanism
	createSeal -> (seal_t, unseal_t)
		gives unique seal function and matching key
			e.g., cryptosystem
	unseal_t(seal_t(x)) = x
	unseal_t(anything else) is an error

**** allows invariant preservation:
	want to prove for all x: P(unseal_t(x))
	must show that for all y:
		if seal_t is applied to y, then P(y) holds.

	idea: limit use of seal_t to a small area of code

*** Type error: attempt to access sealed data without proper capability

	each object sealed according to its type (seal_t).
	set of primitive operations have access to unseal_t

**** containers (variables) and pointers
	- typed containers:
	        container of type T may only point to T objects
		allows errors to be caught earlier
		seals unnecessary for objects in container
			e.g., savings for arrays
	- typed objects only:
		containers untyped
		can only catch errors on access to contained object
		seals must be stored with object