CS 541 Meeting -*- Outline -*- * Theory of OO typing ** record typing (adapted and simplified from Cardelli 88) Gary T. Leavens and Don Pigozzi. Class-Based and Algebraic Models of Objects. In Rance Cleaveland and Michael Mislove and Philip Mulry (eds.), US---Brazil Joint Workshops on the Formal Foundations of Software Systems, Electronic Notes in Theoretical Computer Science, vol. 14 *** denotational semantics Ignoring the possibility of mutation, a record model tailored to static, class-based languages can be defined with the following semantic domains. **** syntax ------------------------------------------ SIMPLIFIED EXPRESSIONS FOR OBJECT-ORIENTED LANGUAGES E ::= I | E_0.l(E_1) | (E_1, ..., E_n) where n >= 0 ------------------------------------------ **** domains ------------------------------------------ RECORD MODEL OF OBJECTS DOMAINS (\rho_r,\rho_c) \in REnvironment = (Identifier \FINITEARROW Data) \times (ClassId \FINITEARROW RMethDict) I \in Identifier d \in Data = Int + Bool + Object + Data* o \in Object = ClassId \times Record r \in Record = (Label \FINITEARROW Data) l,g \in Label = Identifier t \in ClassId = Identifier c \in RMethDict = (Label \FINITEARROW Method) m \in Method = Data -> (Data \union \bot) ------------------------------------------ explain meditation, especially sum domains and injection notation, and cases notation ------------------------------------------ SEMANTIC FUNCTIONS V[[-]] \colon Expression -> REnvironment -> (Data \union \bot) V[[I]](\rho_r,\rho_c) = \rho_r(I) V[[E_0.l(E_1)]](\rho_r,\rho_c) = cases V[[E_0]](\rho_r,\rho_c)} of isObject(I,r) -> \rho_c(I)(l) (inData*(inObject(I,r), V[[E_1]](\rho_r,\rho_c))) else -> \bot end V[[(E_1,...,E_n)]](\rho_r,\rho_c) = inData*(V[[E_1]](\rho_r,\rho_c), ..., V[[E_n]](\rho_r,\rho_c)) ------------------------------------------ explain injection notation, and cases notation work an example *** type system **** abstract syntax ------------------------------------------ ABSTRACT SYNTAX OF TYPE ATTRIBUTES RT,T,S,U \in RecordModelType D \in DataType M \in MethodType RMD \in RecordMethDictType I \in Identifier l \in Label T ::= D | M | RMD D ::= int | bool | I | (D_1, ..., D_n) where n >= 0 M ::= D_1 -> D_2 RMD ::= [l_1: M_1, ..., l_n : M_n] where n >= 0 ------------------------------------------ **** type environments ------------------------------------------ TYPE ENVIRONMENTS (\pi_r, \pi_c) \in RTypeEnv = (Identifier \FINITEARROW DataType) \times (ClassId \FINITEARROW RecordMethDictType) ------------------------------------------ Q: How do these compare to the dynamic environment? **** meaning of type attributes ------------------------------------------ MEANING OF TYPE ATTRIBUTES TM{|-|}: RecordModelType -> (ClassId \FINITEARROW RecordMethDictType) -> Powerset(Data) TM{|int|}(\pi_c) = {inInt(i) | i \in Int} TM{|bool|}(\pi_c) = {inBool(b) | b \in Bool} TM{|I|}(\pi_c) = {inObject(I,r) | r \in RM(\pi_c(I))(\pi_c)} TM{|(D_1,...,D_n|}(\pi_c) = {inData*(d1,...dn) | n >= 0, d1 \in TM{|D_1|}(\pi_c), ..., dn \in TM{|D_n|}(\pi_c)} TM{|M|}(\pi_c) = {} TM{|RMD|}(\pi_c) = RM{|RMD|}(\pi_c) RM{|[l_1:M_1, ..., l_n:M_n]|}(\pi_c) = {r | dom(r) \supseteq {l_1, ..., l_n}, r(l_1) \in MM{|M_1|}(r,\pi_c), ..., r(l_n) \in MM{|M_n|}(r,\pi_c)} MM{|D_1 -> D_2|}(r,\pi_c) = { m | (\forall d1 :: d1 \in TM{|D_1|}(\pi_c) ==> m(inData*(r,d1)) \in (TM{|D_2|}(\pi_c) \union \bot)) } ------------------------------------------ To support subtyping, it's key that RM{|RMD|} allow records with larger domains than the set of labels required, thus allowing subtypes to be subset. Another way to do this would be to allow coercions in the statement of the soundness theorem and its proof below. **** type of environments ------------------------------------------ TYPE OF ENVIRONMENTS def: (\rho_r, \rho_c) : (\pi_r, \pi_c) iff dom(\pi_r) = dom(\rho_r), dom(\pi_c) = dom(\rho_c), (\forall I \in dom(\pi_r) :: \rho_r(I) \in TM{|\pi_r(I)|}(\pi_c)), (\forall I \in dom(\pi_c) :: \rho_c(I) \in RM{|\pi_c(I)|}(\pi_c)). ------------------------------------------ Q: What does that mean? give examples **** subtyping rules ------------------------------------------ SUBTYPING RULES [refl] \pi_c |- T <: T \pi_c |- S <: U, \pi_c |- U <: T [tran] ---------------------------------- \pi_c |- S <: T \pi_c |- S <: T [id-1] ---------------- if (I,S) \in \pi_c \pi_c |- I <: T \pi_c |- T <: S [id-2] ---------------- if (I,S) \in \pi_c \pi_c |- T <: I \pi_c |- T' <: T, |- S <: S' [fun] ------------------------------ \pi_c |- (T -> S) <: (T' -> S') \pi_c |- T_1 <: T'_1, ..., \pi_c |- T_n <: T'_n [prod] -------------------------- if n>=0 \pi_c |- (T_1, ..., T_n) <: (T'_1, ..., T'_n) \pi_c |- T_1 <: T'_1, ..., \pi_c |- T_n <: T'_n [rmd] -------------------------- if 0<=n S], (\pi_r,\pi_c) |- E_0: T_0, (\pi_r,\pi_c) |- E_1: T_1 [msg] -------------------------------- (\pi_r,\pi_c) |- E_0.l(E_1): S (\pi_r,\pi_c) |- E_1: T_1, ..., (\pi_r,\pi_c) |- E_n: T_n [tup] -------------------------- if n>=0 (\pi_r,\pi_c) |- (E_1,...,E_n) : (T_1, ..., T_n) Lemma: If (\pi_r,\pi_c) |- E : T, then T \in DataType. ------------------------------------------ **** soundness of the subtyping rules ------------------------------------------ SOUNDNESS OF THE SUBTYPING RULES Lemma: If \pi_c |- S <: T then TM{|S|}(\pi_c) \subseteq TM{|T|}(\pi_c) ------------------------------------------ The proof is by induction on the typing rules (i.e., on proofs of typings). We leave that as an exercise. **** soundness ------------------------------------------ SOUNDNESS OF THE TYPE SYSTEM Theorem: If (\pi_r,\pi_c) |- E : S and (\rho_r,\rho_c) : (\pi_r,\pi_c), then either V[[E]](\rho_r,\rho_c) = \bot or V[[E]](\rho_r,\rho_c) \in TM{|S|}(\pi_c). ------------------------------------------ Proof: (by structural induction over Expressions) Suppose that (\pi_r,\pi_c) |- E : S and (\rho_r,\rho_c) : (\pi_r,\pi_c). For the base case, suppose that E = I. Because (\pi_r,\pi_c) |- I : S, I \in dom(\pi_r). Since dom(\pi_r) = dom(\rho_r), I \in dom(\rho_r), and so V[[E]](\rho_r,\rho_c) = \rho_r(I). Because (\rho_r,\rho_c) : (\pi_r,\pi_c), it follows that \rho_r(I) \in \in TM{|S|}(\pi_c). For the inductive cases, we assume that the theorem holds for all subexpressions. If E = (E_1,...,E_n), the result follows directly from the inductive hypothesis and the definitions. So suppose E = E_0.l(E_1). By the hypothesis, (\pi_r,\pi_c) |- E_0.l(E_1) : S, so there are types T_0 and T_1 such that (\pi_r,\pi_c) |- E_0 : T_0, (\pi_r,\pi_c) |- E_1 : T_1, and \pi_c |- T_0 <: [l:T_1 -> S]. By the inductive hypothesis we know that V[[E_0]](\rho_r, \rho_c) \in (TM{|T_0|}(\pi_c) \union {\bot}) and V[[E_1]](\rho_r, \rho_c) \in (TM{|T_1|}(\pi_c) \union {\bot}). If either of these is \bot, then the meaning of the whole expression is \bot, and so we are done. So suppose that V[[E_0]](\rho_r, \rho_c) \in TM{|T_0|}(\pi_c) and V[[E_1]](\rho_r, \rho_c) \in TM{|T_1|}(\pi_c). By the structure of the subtyping rules, T_0 must be an identifier in the domain of \pi_c. By (\rho_r,\rho_c) : (\pi_r,\pi_c), this means that T_0 is in the domain of \rho_c. Thus V[[E_0]](\rho_r, \rho_c) = inObject(T_0, r), where r is in TM{|T_0|}(\pi_c). By the lemma giving the soundness of the subtyping rules, we know that TM{|T_0|}(\pi_c) \subseteq RM{|[l:T_1 -> S]|}(\pi_c) and thus r(l) is a method, m, in MM{|T_1 -> S|}(\pi_c, r). By definition, this means that m(inData*(r, V[[E_1]](\rho_r, \rho_c)) is either \bot or is in TM{|S|}(\pi_c). QED