![Page 1: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/1.jpg)
Compiler ConstructionTypes and Type Soundness
University of Freiburg
Matthias Keil, Peter Thiemann
University of Freiburg
21. November 2016
![Page 2: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/2.jpg)
OutlineUniversity of Freiburg
1 Specification with TypesExcursion: Scripting LanguagesUltra-Brief JavaScript TutorialThesis
2 Types and Type CorrectnessJAUS: Java-ExpressionsEvaluation of ExpressionsType correctnessResult
3 Featherweight JavaThe language shown in examplesFormal DefinitionOperational SemanticsTyping Rules
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 2 / 79
![Page 3: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/3.jpg)
Excursion to a World Without Types:Scripting Languages
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 3 / 79
![Page 4: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/4.jpg)
Scripting LanguagesUniversity of Freiburg
Lightweight programming languages evolved from commandlanguages
Lightweight data structures hashmap (object), strings
Lightweight syntax familiar, no semicolon, (often not wellspecified), . . .
Lightweight typing dynamic, weak, duck typing
Lightweight metaprogramming
Lightweight implementation interpreted, few tools
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 4 / 79
![Page 5: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/5.jpg)
JavaScript, a Typical Scripting LanguageUniversity of Freiburg
Initially developed by Brendan Eich of Netscape Corp.
Standardized as ECMAScript (ECMA-262 Edition 6)
Application areas (scripting targets)
client-side web scripting (dynamic HTML, SVG, XUL, GWT)server-side scripting (Whitebeam, Cocoon, iPlanet, nodejs)animation scripting (diablo, dim3, k3d)cloud scripting (Google Apps Script)
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 5 / 79
![Page 6: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/6.jpg)
JavaScript, TechnicallyUniversity of Freiburg
Java-style syntax
Object-based imperative language
no classes, but prototype conceptobjects are hashtables
First-class functions
a functional language
Weak, dynamic type system
Slogan Any type can be converted to any other reasonabletype
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 6 / 79
![Page 7: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/7.jpg)
JavaScript, The Good and the Bad PartsUniversity of Freiburg
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 7 / 79
![Page 8: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/8.jpg)
Problems with JavaScriptUniversity of Freiburg
Symptomatic for other scripting languages
No module system
No namespace managementNo interface descriptions
No static type system
No application specific datatypesprimitive datatypes, strings, hashtables
Type conversions are sometimes surprising“A scripting language should never throw an exception [thescript should just continue]” (Rob Pike, Google)
Few development tools (debugger)
⇒ Conceived for small applications, but . . .
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 8 / 79
![Page 9: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/9.jpg)
Specific Problems with JavaScriptUniversity of Freiburg
Most popular applications
client-side scriptingAJAX
Dynamic modification of page content via DOM interface
DOM = document object modelW3C standard interface for accessing and modifying XMLMainly used in web browers
Incompatible DOM implementations in Web browsers
⇒ programming recipes instead of techniques
⇒ platform independent libraries like jQuery
Security holes via dynamically loaded code or XSS
⇒ sandboxing, analysis
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 9 / 79
![Page 10: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/10.jpg)
Specific Problems with JavaScriptUniversity of Freiburg
Most popular applications
client-side scriptingAJAX
Dynamic modification of page content via DOM interface
DOM = document object modelW3C standard interface for accessing and modifying XMLMainly used in web browers
Incompatible DOM implementations in Web browsers
⇒ programming recipes instead of techniques
⇒ platform independent libraries like jQuery
Security holes via dynamically loaded code or XSS
⇒ sandboxing, analysis
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 9 / 79
![Page 11: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/11.jpg)
Can You Write Reliable Programs in JavaScript?University of Freiburg
Struggle with the lack of e.g. a module system
Ad-hoc structuring of large programsNaming conventionsWorking in a team
Work around DOM incompatibilities
Use existing JavaScript frameworks (widgets, networking)Frameworks are also incompatible
Wonder about unexpected results
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 10 / 79
![Page 12: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/12.jpg)
An Ultra-Brief JavaScript TutorialUniversity of Freiburg
Rule 1:
JavaScript is object-based. An object is a hash table that mapsnamed properties to values.
Rule 2:
Every value has a type. For most reasonable combinations, valuescan be converted from one type to another type.
Rule 3:
Types include null, boolean, number, string, object, andfunction.
Rule 4:
‘Undefined’ is a value (and a type).
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 11 / 79
![Page 13: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/13.jpg)
An Ultra-Brief JavaScript TutorialUniversity of Freiburg
Rule 1:
JavaScript is object-based. An object is a hash table that mapsnamed properties to values.
Rule 2:
Every value has a type. For most reasonable combinations, valuescan be converted from one type to another type.
Rule 3:
Types include null, boolean, number, string, object, andfunction.
Rule 4:
‘Undefined’ is a value (and a type).
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 11 / 79
![Page 14: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/14.jpg)
An Ultra-Brief JavaScript TutorialUniversity of Freiburg
Rule 1:
JavaScript is object-based. An object is a hash table that mapsnamed properties to values.
Rule 2:
Every value has a type. For most reasonable combinations, valuescan be converted from one type to another type.
Rule 3:
Types include null, boolean, number, string, object, andfunction.
Rule 4:
‘Undefined’ is a value (and a type).
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 11 / 79
![Page 15: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/15.jpg)
An Ultra-Brief JavaScript TutorialUniversity of Freiburg
Rule 1:
JavaScript is object-based. An object is a hash table that mapsnamed properties to values.
Rule 2:
Every value has a type. For most reasonable combinations, valuescan be converted from one type to another type.
Rule 3:
Types include null, boolean, number, string, object, andfunction.
Rule 4:
‘Undefined’ is a value (and a type).
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 11 / 79
![Page 16: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/16.jpg)
Some Quick QuestionsUniversity of Freiburg
Let’s define an object obj: var obj = { x: 1 }What are the values/outputs of
obj.x
obj.y
print(obj.y)
obj.y.z
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 12 / 79
![Page 17: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/17.jpg)
AnswersUniversity of Freiburg
var obj = {x:1}obj.x
→ 1
obj.y
→print(obj.y)
→ undefined
obj.y.z
→ “<stdin>”, line 12: uncaught JavaScript exception:ConversionError: The undefined value has no properties.(<stdin>; line 12)
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 13 / 79
![Page 18: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/18.jpg)
Weak, Dynamic Types in JavaScript IIUniversity of Freiburg
Rule 5:
An object is really a dynamic mapping from strings to values.
var x = ’x’
obj[x]
→ 1
obj.undefined = ’gotcha’
→ gotcha
obj[obj.y]
What is the effect/result of the last expression?
→ obj[obj.y]== obj[undefined]==
obj[’undefined’]==obj.undefined==’gotcha’
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 14 / 79
![Page 19: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/19.jpg)
Weak, Dynamic Types in JavaScript IIUniversity of Freiburg
Rule 5:
An object is really a dynamic mapping from strings to values.
var x = ’x’
obj[x]
→ 1
obj.undefined = ’gotcha’
→ gotcha
obj[obj.y]
What is the effect/result of the last expression?
→ obj[obj.y]== obj[undefined]==
obj[’undefined’]==obj.undefined==’gotcha’
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 14 / 79
![Page 20: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/20.jpg)
Weak, Dynamic Types in JavaScript IIIUniversity of Freiburg
Recall Rule 2:
Every value has a type. For most reasonable combinations, valuescan be converted from one type to another type.
var a = 17
a.x = 42
→ 42
a.x
→
What is the effect/result of the last expression?
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 15 / 79
![Page 21: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/21.jpg)
Weak, Dynamic Types in JavaScript IIIUniversity of Freiburg
Wrapper objects for numbers
m = new Number (17); n = new Number (4)
m+n
→ 21
Wrapper objects for booleans
flag = new Boolean(false);
result = flag ? true : false;
What is the value of result?
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 16 / 79
![Page 22: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/22.jpg)
Weak, Dynamic Types in JavaScript IIIUniversity of Freiburg
Wrapper objects for numbers
m = new Number (17); n = new Number (4)
m+n
→ 21
Wrapper objects for booleans
flag = new Boolean(false);
result = flag ? true : false;
What is the value of result?
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 16 / 79
![Page 23: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/23.jpg)
Weak, Dynamic Types in JavaScript IVUniversity of Freiburg
Rule 6:
Functions are first-class, but behave differently when used asmethods or as constructors.
function f () { return this.x }f()
→ x
obj.f = f
→ function f() { return this.x; }obj.f()
→ 1
new f()
→ [object Object]
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 17 / 79
![Page 24: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/24.jpg)
Distinguishing Absence and Undefinedness IUniversity of Freiburg
obju = { u : {}.xx }→ [object Object]
objv = { v : {}.xx }→ [object Object]
print(obju.u)
→ undefined
print(objv.u)
→ undefined
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 18 / 79
![Page 25: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/25.jpg)
Distinguishing Absence and Undefinedness IIUniversity of Freiburg
Rule 7:
The with construct puts its argument object on top of thecurrent environment stack.
u = ’defined’
→ defined
with (obju) print(u)
→ undefined
with (objv) print(u)
→ defined
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 19 / 79
![Page 26: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/26.jpg)
Distinguishing Absence and Undefinedness IIIUniversity of Freiburg
Rule 8:
The for construct has an in operator to range over all definedindexes.
for (i in obju) print(i)
→ u
for (i in objv) print(i)
→ v
delete objv.v
→ true
for (i in objv) print(i)
→delete objv.v
→ true
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 20 / 79
![Page 27: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/27.jpg)
ThesisUniversity of Freiburg
Common errors such as
using non-objects as objects, e.g. using numbers as functionsinvoking non-existing methodsaccessing non-existing fieldssurprising conversions
can all be caught by a
Static Type System
and much more.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 21 / 79
![Page 28: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/28.jpg)
Types and Type CorrectnessUniversity of Freiburg
Large software systems: many people involved
project manager, designer, programmer, tester, . . .
Essential: divide into components with clear definedinterfaces and specifications
How to divide the problem?How to divide the work?How to divide the tests?
Problems
Are suitable libraries available?Do the components match each other?Do the components fulfill their specification?
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79
![Page 29: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/29.jpg)
RequirementsUniversity of Freiburg
Programming language/environment has to ensure:
each component implements its interfacesthe implementation fulfills the specificationeach component is used correctly
Main problem: meet the interfaces and specifications
Minimal interface: management of namesWhich operations does the component offer?Minimal specification: typesWhich types do the arguments and the result of theoperations have?See interfaces in Java
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 23 / 79
![Page 30: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/30.jpg)
QuestionsUniversity of Freiburg
Which kind of security do types provide?
Which kind of errors can be detected by using types?
How do we provide type safety?
How can we formalize type safety?
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 24 / 79
![Page 31: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/31.jpg)
JAUS: Java-ExpressionsUniversity of Freiburg
Grammar for a subset of Java expressions
x ::= . . . variablesn ::= 0 | 1 | . . . numbersb ::= true | false truth valuese ::= x | n | b | e+e | !e expressions
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 25 / 79
![Page 32: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/32.jpg)
Correct and Incorrect ExpressionsUniversity of Freiburg
Type correct expressions
1 boolean flag;
2 int num;
3 0
4 true
5 17+4
6 !flag
Expressions with type errors
1 !num
2 flag+1
3 17+(! false)
4 !(2+3)
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 26 / 79
![Page 33: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/33.jpg)
Typing RulesUniversity of Freiburg
For each kind of expression a typing rule defines
if an expression is type correct andhow to obtain the result type of the expression from thetypes of the subexpressions.
Five kinds of expressions
Constant numbers have type int.Truth values have type boolean.The expression e1+e2 has type int, if e1 and e2 have typeint.The expression !e has type boolean, if e has type boolean.A variable x has the type, with which it was declared.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 27 / 79
![Page 34: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/34.jpg)
Formalization of “Type Correct Expressions”University of Freiburg
The Language of Types
τ ::= int | boolean types
Typing judgment: expression e has type τ
` e : τ
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 28 / 79
![Page 35: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/35.jpg)
Formalization of “Typing Rules”University of Freiburg
A typing judgment is valid, if it is derivable according to thetyping rules.
To infer a valid typing judgment J we use a deductionsystem.
A deduction system consists of a set of typing judgmentsand a set of typing rules.
A typing rule (inference rule) is a pair (J1 . . . Jn, J0) whichconsists of a list of judgments (assumptions, J1 . . . Jn) and ajudgment (conclusion, J0) that is written as
J1 . . . Jn
J0
If n = 0, a rule (ε, J0) is an axiom.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 29 / 79
![Page 36: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/36.jpg)
Example: Typing Rules for JAUSUniversity of Freiburg
A number n has type int.
(INT)
` n : int
A truth value has type boolean.
(BOOL)
` b : boolean
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 30 / 79
![Page 37: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/37.jpg)
Example: Typing Rules for JAUS (cont’d)University of Freiburg
An expression e1+e2 has type int if e1 and e2 have typeint.
(ADD)
` e1 : int ` e2 : int
` e1+e2 : int
An expression !e has type boolean, if e has type boolean.
(NOT)
` e : boolean
` !e : boolean
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 31 / 79
![Page 38: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/38.jpg)
Derivation Trees and ValidityUniversity of Freiburg
A judgment J is valid if a derivation tree for J exists.
Definition: A derivation tree for the judgment J is either
1 J, if J is an instance of an axiom, or
2J1 . . .Jn
J, if
J1 . . . Jn
Jis an instance of a rule and each Jk is
a derivation tree for Jk .
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 32 / 79
![Page 39: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/39.jpg)
Example: Derivation TreesUniversity of Freiburg
(INT)
` 0 : int is a derivation tree for judgment ` 0 : int.
(BOOL)
` true : boolean is a derivation tree for ` true : boolean.
The judgment ` 17 + 4 : int holds, because of thederivation tree
(ADD)(INT)
` 17 : int
(INT)
` 4 : int
` 17 + 4 : int
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 33 / 79
![Page 40: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/40.jpg)
VariableUniversity of Freiburg
Programs declare variables
Programs use variables according to their declaration
Declarations are collected in a type environment.
Γ ::= ∅ | Γ, x : τ type environment
An open typing judgment contains a type environment: Theexpression e has the type t in the type environment Γ.
Γ ` e : τ
Typing rule for variables:A variable has the type, with which it is declared.
(VAR)
x : τ ∈ Γ
Γ ` x : τ
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 34 / 79
![Page 41: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/41.jpg)
Extension of the Remaining Typing RulesUniversity of Freiburg
The typing rules propagate the typing environment.
(INT)
Γ ` n : int
(BOOL)
Γ ` b : int
(ADD)
Γ ` e1 : int Γ ` e2 : int
Γ ` e1+e2 : int
(NOT)
Γ ` !e : boolean
Γ ` e : boolean
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 35 / 79
![Page 42: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/42.jpg)
Example: Derivation with VariableUniversity of Freiburg
The declaration boolean flag; matches the type assumption
Γ = ∅, flag : boolean
Hence the derivation
flag : boolean ∈ Γ
Γ ` flag : boolean
Γ ` ! flag : boolean
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 36 / 79
![Page 43: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/43.jpg)
Intermediate ResultUniversity of Freiburg
Formal system for
syntax of expressions and types (CFG, BNF)typing judgmentsvalidity of typing judgments
Open questions
How to evaluate expressions?Connection between evaluation and typing judgments
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 37 / 79
![Page 44: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/44.jpg)
Evaluation of Expressions
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 38 / 79
![Page 45: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/45.jpg)
Approach: Syntactic RewritingUniversity of Freiburg
Define a binary reduction relation e −→ e ′ over expressions
Expression e reduces in one step to e ′ (Notation: e −→ e ′) ifone computational step leads from e to e ′.
Example:
5+2 −→ 7
(5+2)+14 −→ 7+14
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 39 / 79
![Page 46: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/46.jpg)
Result of ComputationsUniversity of Freiburg
A value v is a number or a truth value.
An expression can reach a value after many steps:
0 steps: 01 step: 5+2 −→ 7
2 steps: (5+2)+14 −→ 7+14 −→ 21
but
!47111+false
(1+2)+false −→ 3+false
These expressions cannot perform a reduction step. Theycorrespond to run-time errors.
Observation: these errors are type errors!
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 40 / 79
![Page 47: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/47.jpg)
Formalization: Results and Reduction StepsUniversity of Freiburg
A value is a number or a truth value.
v ::= n | b values
One reduction stepIf the two operands are numbers, we can add the twonumbers to obtain a number as result.
(B-ADD)
dn1e+dn2e −→ dn1 + n2e
dne stands for the syntactic representation of the number n.If the operand of a negation is a truth value, the negationcan be performed.
(B-TRUE)
!true −→ false
(B-FALSE)
!false −→ true
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 41 / 79
![Page 48: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/48.jpg)
Formalization: Nested ExpressionsUniversity of Freiburg
What happens if the operands of operations are not values?Evaluate the subexpressions first.
Negation(B-NEG)
e −→ e ′
!e −→ !e ′
Addition, first operand
(B-ADD-L)
e1 −→ e ′1
e1+e2 −→ e ′1+e2
Addition, second operand (only evaluate the second, if thefirst is a value)
(B-ADD-R)
e −→ e ′
v+e −→ v+e ′
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 42 / 79
![Page 49: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/49.jpg)
VariableUniversity of Freiburg
An expression that contains variables cannot be evaluatedwith the reduction steps.
Eliminate variables with substitution, i.e., replace eachvariable with a value. Then reduction can proceed.
Applying a substitution [v1/x1, . . . vn/xn] to an expression e,written as
e[v1/x1, . . . vn/xn]
changes in e each occurrence of xi to the correspondingvalue vi .
Example:
(!flag)[false/flag] ≡ !false(m+n)[25/m, 17/n] ≡ 25+17
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 43 / 79
![Page 50: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/50.jpg)
Type Correctness InformallyUniversity of Freiburg
Type correctness: If there exists a type for an expression e,then e evaluates to a value in a finite number of steps.
In particular, no run-time error happens.
For the language JAUS the converse also holds (this is notcorrect in general, like in full Java).
Prove in two steps (after Wright and Felleisen)Assume e has a type, then it holds:
Progress: Either e is a value or there exists a reductionstep for e.
Preservation: If e −→ e ′, then e ′ and e have the same type.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 44 / 79
![Page 51: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/51.jpg)
Theorem: Type Soundness of JAUSUniversity of Freiburg
If ` e : τ , then there exists a value v with ` v : τ andreduction steps
e0 −→ e1, e1 −→ e2, . . . , en−1 −→ en
with e ≡ e0 and en ≡ v .
If e contains variables, then we have to substitute them withsuitable values (choose values with same types as thevariables).
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 45 / 79
![Page 52: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/52.jpg)
Type Safety of JavaUniversity of Freiburg
1995 public presentation of Java
Obtained importance very quickly
Questions
Type safety?Semantics of Java?
1997/98 resolved
Drossopoulou/EisenbachFlatt/Krishnamurthi/FelleisenIgarashi/Pierce/Wadler (Featherweight Java, FJ)
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 46 / 79
![Page 53: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/53.jpg)
Featherweight JavaUniversity of Freiburg
Construction of a formal model:consideration of completeness and compactness
FJ: minimal model (compactness)
complete definition: one page
ambition:
the most important language featuresshort proof of type soundnessFJ ⊆ Java
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 47 / 79
![Page 54: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/54.jpg)
The Language FJUniversity of Freiburg
class definition
object creation new
method call (dynamic dispatch), recursion with this
field access
type cast
method override
subtypes
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 48 / 79
![Page 55: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/55.jpg)
OmittedUniversity of Freiburg
assignment
interfaces
overloading
super-calls
null-references
primitive types
abstract methods
inner classes
shadowing of fields of super classes
access control (private, public, protected)
exceptions
concurrency
reflection, generics, variable argument lists
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 49 / 79
![Page 56: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/56.jpg)
Example ProgramsUniversity of Freiburg
1 class A extends Object { A() { super (); } }
2
3 class B extends Object { B() { super (); } }
4
5 class Pair extends Object {
6 Object fst;
7 Object snd;
8 // Constructor
9 Pair (Object fst , Object snd) {
10 super(); this.fst = fst; this.snd = snd;
11 }
12 // Method definition
13 Pair setfst (Object newfst) {
14 return new Pair (newfst , this.snd);
15 }
16 }
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 50 / 79
![Page 57: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/57.jpg)
ExplanationUniversity of Freiburg
Class definition: always define super class
Constructors:
one per class, always definedarguments correspond to fieldsalways the same form:super-call, then copy the arguments into the fields
method body: always in the form return. . .
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 51 / 79
![Page 58: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/58.jpg)
Guarantees of Java’s Type SystemUniversity of Freiburg
If a Java program is type correct, then
all field accesses refer to existing fields
all method calls refer to existing methods,
but failing type casts are possible.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 52 / 79
![Page 59: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/59.jpg)
Formal Definition
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 53 / 79
![Page 60: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/60.jpg)
SyntaxUniversity of Freiburg
CL ::= class definitionclass C extends D {C1 f1; . . . K M1 . . . }
K ::= constructor definitionC(C1 f1, . . . ) {super(g1, . . . ); this.f1 = f1; . . . }
M ::= method definitionC m(C1 x1, . . . ) {return t; }
t ::= expressionsx variablet.f field accesst.m(t1, . . . ) method callnew C(t1, . . . ) object creation
(C) t type castv ::= values
new C(v1, . . . ) object creation
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 54 / 79
![Page 61: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/61.jpg)
Syntax—ConventionsUniversity of Freiburg
this
special variable, do not use it as field name or parameterimplicit bound in each method body
sequences of field names, parameter names and methodnames include no repetition
class C extends D {C1 f1; . . . K M1 . . . }defines class C as subclass of Dfields f1 . . . with types C1 . . .constructor Kmethods M1 . . .fields from D will be added to C, shadowing is not supported
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 55 / 79
![Page 62: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/62.jpg)
Syntax—ConventionsUniversity of Freiburg
C(D1 g1, . . . ,C1 f1, . . . ) {super(g1, . . . ); this.f1 = f1; . . . }define the constructor of class Cfully specified by the fields of C and the fields of the superclasses.number of parameters is equal to number of fields in C andall its super classes.body start with super(g1, . . . ), where g1, . . . corresponds tothe fields of the super classes
D m(C1 x1, . . . ) {return t; }defines method mresult type Dparameter x1 . . . with types C1 . . .body is a return statement
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 56 / 79
![Page 63: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/63.jpg)
Class TableUniversity of Freiburg
The class table CT is a map from class names to classdefinitions
⇒ each class has exactly one definitionthe CT is global, it corresponds to the program“arbitrary but fixed”
Each class except Object has a superclass
Object is not part of CTObject has no fieldsObject has no methods ( 6= Java)
The class table defines a subtype relation C <: D over classnames: the reflexive and transitive closure of subclassdefinitions.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 57 / 79
![Page 64: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/64.jpg)
Subtype RelationUniversity of Freiburg
REFLC <: C
TRANSC <: D D <: E
C <: E
EXTCT(C) = class C extends D . . .
C <: D
Java: Assignment compatibility
If C <: D, then
a C-value can be assigned to a D-variable and
a C-value can be passed as a D-parameter.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 58 / 79
![Page 65: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/65.jpg)
Subtype RelationUniversity of Freiburg
REFLC <: C
TRANSC <: D D <: E
C <: E
EXTCT(C) = class C extends D . . .
C <: D
Java: Assignment compatibility
If C <: D, then
a C-value can be assigned to a D-variable and
a C-value can be passed as a D-parameter.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 58 / 79
![Page 66: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/66.jpg)
Intermezzo: Extension for InterfacesNot part of FJUniversity of Freiburg
IMPLCT(C) = class C implements I . . .
C <: I
IEXTCT(I) = interface I extends J . . .
I <: J
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 59 / 79
![Page 67: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/67.jpg)
Consistency of CTUniversity of Freiburg
1 CT(C) = class C . . . for all C ∈ dom(CT)
2 Object /∈ dom(CT)
3 For each class name C mentioned in CT :C ∈ dom(CT) ∪ {Object}
4 The relation <: is antisymmetric (no cycles)
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 60 / 79
![Page 68: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/68.jpg)
Example: Classes Do Refer to Each OtherUniversity of Freiburg
1 class Author extends Object {
2 String name; Book bk;
3
4 Author (String name , Book bk) {
5 super();
6 this.name = name;
7 this.bk = bk;
8 }
9 }
10 class Book extends Object {
11 String title; Author ath;
12
13 Book (String title , Author ath) {
14 super();
15 this.title = title;
16 this.ath = ath;
17 }
18 }Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 61 / 79
![Page 69: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/69.jpg)
Auxiliary DefinitionsCollect fields of classesUniversity of Freiburg
fields(Object) = •
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }fields(D) = D1 g1, . . .
fields(C) = D1 g1, . . . ,C1 f1, . . .
• — empty list
fields(Author) = String name; Book bk;
Usage: evaluation steps, typing rules
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 62 / 79
![Page 70: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/70.jpg)
Auxiliary DefinitionsCompute type of a methodUniversity of Freiburg
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }Mj = E m(E1 x1, . . . ) {return t; }
mtype(m,C) = (E1, . . . )→ E
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }(∀j) Mj 6= F m(F1 x1, . . . ) {return t; }
mtype(m,D) = (E1, . . . )→ E
mtype(m,C) = (E1, . . . )→ E
Usage: typing rules
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 63 / 79
![Page 71: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/71.jpg)
Auxiliary DefinitionsDetermine body of a methodUniversity of Freiburg
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }Mj = E m(E1 x1, . . . ) {return t; }
mbody(m,C) = (x1 . . . , t)
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }(∀j) Mj 6= F m(F1 x1, . . . ) {return t; }
mbody(m,D) = (y1 . . . , u)
mbody(m,C) = (y1 . . . , u)
Usage: evaluation steps
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 64 / 79
![Page 72: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/72.jpg)
Auxiliary DefinitionsCorrect overriding of a methodUniversity of Freiburg
override(m,Object, (E1 . . . )→ E)
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }Mj = E m(E1 x1, . . . ) {return t; }
override(m,C, (E1 . . . )→ E)
CT(C) = class C extends D {C1 f1; . . . K M1 . . . }(∀j) Mj 6= F m(F1 x1, . . . ) {return t; }
override(m,D, (E1, . . . )→ E)
override(m,C, (E1, . . . )→ E)
Usage: typing rules
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 65 / 79
![Page 73: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/73.jpg)
Operational Semantics(definition of the evaluation steps)
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 66 / 79
![Page 74: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/74.jpg)
Direct Evaluation StepsUniversity of Freiburg
Evaluation: relation t −→ t ′ for one evaluation step
E-ProjNewfields(C) = C1 f1, . . .
(new C(v1, . . . )).fi −→ vi
E-InvkNewmbody(m,C) = (x1 . . . , t)
(new C(v1, . . . )).m(u1, . . . )−→ t[new C(v1, . . . )/this, u1, . . . /x1, . . . ]
E-CastNewC <: D
(D)(new C(v1, . . . )) −→ new C(v1, . . . )
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 67 / 79
![Page 75: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/75.jpg)
Evaluation Steps in ContextUniversity of Freiburg
E-Fieldt −→ t′
t.f −→ t′.f
E-Invk-Recvt −→ t′
t.m(t1, . . . ) −→ t′.m(t1, . . . )
E-Invk-Argti −→ t′i
v.m(v1, . . . , ti , . . . ) −→ v.m(v1, . . . , t′i , . . . )
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 68 / 79
![Page 76: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/76.jpg)
Evaluation Steps in Context (cont’d)University of Freiburg
E-New-Argti −→ t′i
new C(v1, . . . , ti , . . . ) −→ new C(v1, . . . , t′i , . . . )
E-Castt −→ t′
(C)t −→ (C)t ′
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 69 / 79
![Page 77: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/77.jpg)
Typing Rules
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 70 / 79
![Page 78: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/78.jpg)
Typing RulesUniversity of Freiburg
Overview of typing judgments
C <: DC is subtype of D
A ` t : CUnder type assumption A, the expression t has type C.
F m(C1 x1, . . . ) {return t; } OK in CMethod declaration is accepted in class C.
class C extends D {C1 f1; . . . K M1 . . . } OKClass declaration is accepted
Type assumptions defined by
A ::= ∅ | A, x : C
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 71 / 79
![Page 79: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/79.jpg)
Accepted Class DeclarationUniversity of Freiburg
K = C(D1 g1, . . . ,C1 f1, . . . ) {super(g1, . . . ); this.f1 = f1; . . . }fields(D) = D1 g1 . . . (∀j) Mj OK in C
class C extends D {C1 f1; . . . K M1 . . . }
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 72 / 79
![Page 80: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/80.jpg)
Accepted Method DeclarationUniversity of Freiburg
x1 : C1, . . . , this : C ` t : EE <: F CT(C) = class C extends D . . .
override(m,D, (C1, . . . )→ F)
F m(C1 x1, . . . ) {return t; } OK in C
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 73 / 79
![Page 81: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/81.jpg)
Expression Has TypeUniversity of Freiburg
T-Varx : C ∈ A
A ` x : C
T-FieldA ` t : C fields(C) = C1 f1, . . .
A ` t.fi : Ci
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 74 / 79
![Page 82: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/82.jpg)
Expression Has Type (cont’d)University of Freiburg
F-InvkA ` t : C (∀i) A ` ti : Ci (∀i) Ci <: Di
mtype(m,C) = (D1, . . . )→ D
A ` t.m(t1, . . . ) : D
F-New(∀i) A ` ti : Ci (∀i) Ci <: Di fields(C) = D1 f1, . . .
A ` new C(t1, . . . ) : C
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 75 / 79
![Page 83: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/83.jpg)
Type Rules for Type CastsUniversity of Freiburg
T-UCastA ` t : D D <: C
A ` (C)t : C
T-DCastA ` t : D C <: D C 6= D
A ` (C)t : C
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 76 / 79
![Page 84: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/84.jpg)
Type Safety for Featherweight JavaUniversity of Freiburg
“Preservation” and “Progress” yields type safety
“Preservation”:If A ` t : C and t −→ t ′, then A ` t ′ : C ′ with C ′ <: C .
“Progress”: (short version)If A ` t : C , then t −→ t ′, for some t ′, or t ≡ v is a value,or t contains a subexpression e ′
e ′ ≡ (C )(new D(v1, . . . ))
with D 6<:C .
⇒ All method calls and field accesses evaluate without errors.Type casts can fail.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 77 / 79
![Page 85: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/85.jpg)
Problems in the Preservation ProofType casts destroy preservationUniversity of Freiburg
Consider the expression (A) ((Object)new B())
It holds that ∅ `(A) ((Object)new B()): A
It holds that (A) ((Object)new B()) −→ (A) (new B())
But (A) (new B()) has no type!
Workaround: add additional rule for this case “stupid cast”—subsequent evaluation step fails
T-SCastA ` t : D C 6<:D D 6<:C
A ` (C)t : C
We can prove preservation with this rule.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 78 / 79
![Page 86: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/86.jpg)
Problems in the Preservation ProofType casts destroy preservationUniversity of Freiburg
Consider the expression (A) ((Object)new B())
It holds that ∅ `(A) ((Object)new B()): A
It holds that (A) ((Object)new B()) −→ (A) (new B())
But (A) (new B()) has no type!
Workaround: add additional rule for this case “stupid cast”—subsequent evaluation step fails
T-SCastA ` t : D C 6<:D D 6<:C
A ` (C)t : C
We can prove preservation with this rule.
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 78 / 79
![Page 87: Compiler Construction - Types and Type Soundness · Do the components ful ll their speci cation? Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 22 / 79. Requirements](https://reader035.vdocument.in/reader035/viewer/2022071007/5fc4598e7e44954b32070802/html5/thumbnails/87.jpg)
Statement of Type SafetyUniversity of Freiburg
If A ` t : C , then one of the following cases applies:
1 t does not terminatei.e., there exists an infinite sequence of evaluation steps
t = t0 −→ t1 −→ t2 −→ . . .
2 t evaluates to a value v after a finite number of evaluationstepsi.e., there exists a finite sequence of evaluation steps
t = t0 −→ t1 −→ . . . −→ tn = v
3 t gets stuck at a failing casti.e., there exists a finite sequence of evaluation steps
t = t0 −→ t1 −→ . . . −→ tn
where tn contains a subterm (C )(new D(v1, . . . )) such thatD 6<:C .
Matthias Keil, Peter Thiemann Compiler Construction 21. November 2016 79 / 79