Type Safety Kangwon National University 임현승 Programming Languages

2 Abstract Syntax

3 Operational Semantics

4 Reduction Rules for Booleans

5 Typing Rules

6 Typing Rules for Booleans

7 Type Safety Slogan "well-typed expressions never go wrong" Two theorems –Type preservation: "A well-typed expression reduces to another expression of the same type." –Progress: "A well-typed expression does not get stuck: either it is a value or reduces to another expression."

8 Type Preservation + Progress A well-typed expression e : –If it is a value, we are finished. –If it is not, it reduces to another e' [Progress] e' has the same type as e.[Type preservation]

Inductive Proof Recap 9

Inductive Definition A technique of defining a set by specifying an element of the set using another element. Needs a base case. Starting from the base elements, builds more elements. –E.g., Recursively defined data structures such as lists and trees can be seen also inductively defined. –E.g., type ‘a list = Nil | Cons of ‘a * ‘a list 10

Inductive Proof A method of proving properties of recursive functions defined on inductively (or recursively) defined data structures. Apply natural (or structural) induction on the argument of the function # let rec fact n = if n = 0 then 1 else n * fact (n – 1) # let rec pow2 n = if n = 0 then 1 else 2 * pow2 (n – 1) Prove fact n >= pow2 nwhen n >= 4! 11

Proof of fact n >= pow2 n By mathematical induction on n Base case: n = 4 fact 4 >= pow2 4by simple calculation Inductive case: n = (k + 1) fact (k + 1) = (k + 1) * fact k by definition of fact >= (k + 1) * pow2 kby induction hypothesis > 2 * pow2 k by simple calculation = pow2 (k + 1)by definition of pow2 12

Proof by Structural Induction let rec concat xs ys = match xs with | [] -> ys | z :: zs -> z :: (concat zs ys) We obtain the following equations: Nil ++ ys = ys (x :: xs) ++ ys = x :: (xs ++ ys) Prove the identity of Nil and associativity of ++ : xs ++ Nil = xs Nil ++ xs = xs (xs ++ ys) ++ zs = xs ++ (ys ++ zs) Can be proved by structural induction on xs 13

Proof of xs ++ Nil = xs By structural induction on xs Base case: xs = Nil Nil ++ Nil = Nilby definition of ++ Inductive case: xs = z :: zs (z :: zs) ++ Nil = z :: (zs ++ Nil)by definition of ++ = z :: zsby induction hypothesis 14

(xs ++ ys) ++ zs = xs ++ (ys ++ zs) By structural induction on xs Base case: xs = Nil LHS: (Nil ++ ys) ++ zs = (ys) ++ zs by definition of ++ RHS: Nil ++ (ys ++ zs) = (ys ++ zs) by definition of ++ 15

Inductive Case: xs = v :: vs We can use induction hypothesis on vs LHS: ((v :: vs) ++ ys) ++ zs = (v :: (vs ++ ys)) ++ zsby definition of ++ = v :: ((vs ++ ys) ++ zs)by definition of ++ = v :: (vs ++ (ys ++ zs))by IH = (v :: vs) ++ (ys ++ zs)by definition of ++ : RHS This inductive reasoning can also be applied to judgments and inference rules as they also define a set in an inductive manner. 16

Back to the Type Safety 17

18 Type Safety Type preservation Progress

19

20

21

22

23

24

25 Canonical Forms Lemma Required by the proof of the progress theorem

"How" is boring. But "what" is not boring.

27 Type Preservation Apply rule induction to:

28 Which case first?

29 Some theorem to prove Case the easiest... Case easy... Case difficult... Case the most difficult Which case first?

30 Some theorem to refute Case the easiest... Case easy... Case difficult... Case the most difficult Which case first?

31 So the most difficult case App first!

32

33 Substitution Lemma Apply rule induction to

Why ? –analyzes the structure of, not. –searches for every occurrence of variable in only to replace it by. –thus, does not need to know the structure of. Proof of substitution lemma –By rule induction on –Proof can be found in Section of POSTECH PL Course Notes. 34