Properties of the Assumptions - Proving Correctness of the Incremental System

Environment Snapshot 3:

3.3 Proving Correctness of the Incremental System

3.3.2 Properties of the Assumptions

Before we go into the details of proving algorithm

W

¹ correct, let us rst examine the charac-teristics and signicance of the upper bound type assumptions (M) we collect for each of the

This is because the bindings actually get rearranged in topological order in the complete program system,

generic top-level identiers via algorithm

W

⁰. By denition, these assumptions record all the generic type instances created from the top-level type-schemes within the call to

W

⁰. They serve as an exact type specication of the interface between the current top-level denition and other denitions.

Below, we dene these assumption sets in a general setting and then examine their properties in the context of algorithm

W

⁰, which will help us later in the correctness proofs.

Notation 3.3

Given a typing TE ^`

e

and its associated derivation tree, we write

A

^TE^`

e

, or simply

A

e

(when TE is clear by context), as another typing representing the same derivation tree that explicitly records all type instances of its free (external) identiers.

A

^TE is the set of assumptions constructed inductively as below¹⁶.

Case 1: |

e

⁾

x

| Dene

A

^TE=^f(

x

^7!

)^g.

Case 2: |

e

⁾

x:e

¹ | If inductively,

A

^TE⁰ ^`

e

¹ :

¹ represents the typing for the body

e

¹ where TE⁰= TE +^f

x

^7!

²^g, then dene

A

^TE =

A

^TE⁰ⁿ^fx^g.

Case 3: |

e

⁾

e

² | If inductively,

A

^TE¹ ^`

e

¹ :

² ^!

¹ and

A

^TE² ^`

e

² :

², then dene

A

^TE=

A

^TE¹ ^[

A

^TE² .

Case 4: |

e

⁾ ^let

x

e

¹ ⁱⁿ

e

² | If inductively,

A

^TE¹ ^`

e

¹ :

¹ and

A

^TE² ⁰ ^`

e

² :

² where TE⁰= TE +^f

x

^7!close(TE

;

¹)^g, then dene

A

^TE =

A

^TE¹ ^[

A

^TE² ⁰ⁿ^f_x^g.

Informally, the typing

A

^TE^`

e

simply collects the actual type instances assigned to each occurrence of an external identier inside the derivation tree of the typing TE ^`

e

into the assumption set

A

^TE.

A

^TEis a special multi-set mapping in the sense that several type instance may be recorded for the same identier

x

corresponding to its various occurrences within

e

, and also because it always refers to a particular derivation tree expansion of the typing TE ^`

e

, recording a specic set of type instances used within it.

Note that

A

^TE is not a type environment in itself, but it serves as a cumulative record of the use of the free identiers (FId) of the expression

e

during the derivation of the typing TE ^`

e

. Note that the notation respects the scoping rules for free identiers of an expression;

the identiers bound locally via a ^let or a

-construct are free internally but bound in the whole expression, therefore, the assumptions collected for these identiers are discarded as soon as they become bound.

16Unless it is necessary to specify the assumer explicitly, we treat a set of assumptions as a mapping from the assumee to the assumed value. The identier on LHS of the current top-level binding is implicitly taken to be the assumer.

Now we dene operations on these assumption sets and show some of their properties.

Denition 3.4

Let

A

be a set of assumptions collected for the typing TE ^`

e

as dened above. Then, for a specic occurrence of a free identier

x

within

e

, dene

A

(

x

) =

x if and only if (

x

^7!

x) ²

A

and this is the assumption corresponding to the specied occurrence of

x

as recorded in

A

e

It is usually clear by context which occurrence of

x

is being referred to in

A

(

x

)¹⁷because it makes sense to use an assumption set

A

only as prescribed by the derivation tree of

A

e

Denition 3.5

Given an assumption set

A

collected for a typing TE ^`

e

and another type environment TE⁰, we dene TE⁰

A

if and only if Dom(

A

)Dom(TE⁰) and⁸(

x

^7!

x)²

A

with TE⁰(

x

) =

x, we have

x. Note that TE

A

by construction.

The above denition provides a meaningful way to compare an assumption set with type environments other than that for which it was originally collected. The following two lemmas follow directly from this denition.

Lemma 3.1

Given an assumption set

A

collected for the typing TE ^`

e

and another type environment TE⁰ satisfying TE⁰

A

according to denition 3.5, then TE⁰ ^`

e

is also a valid typing.

Proof:

By denition,

A

records the actual type instances of all the free identiers used within the derivation tree of the typing TE ^`

e

. So, any type environment capable of generating those external type instances is an acceptable candidate for preserving the derivation tree.

In other words, any type environment TE⁰ satisfying TE⁰

A

will be able to regenerate the same derivation tree and hence produce a valid typing. ² Note that in the above lemma, the original type environment TE may be incomparable to the given environment TE⁰, but as long as they can instantiate the same assumption set, both are able to generate the same typing. This further corroborates the notion that the assumption sets can be used as a minimal description of a typing with respect to the types of the free identiers used in it.

Lemma 3.2

Given an assumption set

A

collected for a typing TE ^`

e

and another type environment TE⁰, if TE⁰

A

then for all substitutions

S

(TE⁰)

S

(

A

Proof:

It follows trivially from denition 3.5 above and by pointwise extension of lemma 2.2.

We may note that the range of an assumption set is a set of types, and in general, may contain several type variables all of which are free. In order to reason about substitutions as applied to assumption sets, we partition these type variables into the following categories.

Notation 3.6

The set of all type variables in Ran(

A

^TE) denoted by tyvars(

A

^TE) is partitioned into three categories.

1. First, there may be some type variables that occur free in TE as well. These are represented by,

freevars(

A

^TE) = tyvars(

A

^TE)^\tyvars(TE)

2. There may be some type variables that are closed over by the generalization operation (denition 2.8) of the LET rule while typing some ^let-construct within the expression

e

. By denition of generalization, these have to be disjoint from the free type variables of TE and become bound in that branch of the derivation tree. These type variables are represented by genvars(

A

^TE).

3. All other type variables that are neither free in TE nor appear bound in any branch of the derivation tree are simply fresh type variables used in the derivation tree that have not yet been closed over and are denoted by othervars(

A

^TE).

By denition, we have,

tyvars(

A

^TE) = freevars(

A

^TE)^[genvars(

A

^TE)^[othervars(

A

^TE)

In order to make the partitioning clear, consider the following simple example in mini-language. The expression

e

in equation 3.8 has a typing 3.9 while we collect the assumptions as shown in equation 3.10. We have superscripted all identiers with their types for clarity.

e

::= ^let

f

⁽^list⁾^;=^nil⁽list⁾

;y

^{in nil}⁽^list⁾; (3.8)

TE+^f

y

^7!

^g ^`

e

: (list

) (3.9)

A

= ^f^nil^7!(list

)

;y

^7!

;

^nil^7!(list

)^g (3.10) Among the type variables of the assumption set

A

is a free variable since it occurs free in the supplied type environment as well,

is a generic variable since it is closed over in the

let-binding of

f

(assuming that

is not free in TE as well), and

belongs to neither of the above two categories. Also note that there are two assumptions for ^nil corresponding to its two occurrences within

e

as expected.

The following lemma forms the backbone of the assumption based reasoning in the subse-quent proofs for correctness of our incremental system.

Lemma 3.3

Let

A

^TE ^`

e

be a typing corresponding to TE ^`

e

denedvia notation 3.3.

Then for any substitution

S

that does not involve genvars(

A

) in its domain or range,

S

(

A

^TE)^`

e

S

is also a valid typing corresponding to

S

(TE)^`

e

S

Proof:

Using lemma 2.3 we obtain,

TE ^`

e

=⁾

S

(TE) ^`

e

S

(3.11)

We only have to show that the assumption set

A

^S⁽^TE⁾ corresponding to typing 3.11 is the same as

S

(

A

^TE). We will prove this inductively by traversing the derivation tree of typing 3.11 and verifying that the assumption set

A

^S⁽^TE⁾ generated at each step (via notation 3.3) satises the condition

A

^S⁽^TE⁾=

S

(

A

^TE).

Case1: |

e

⁾

x

| Typing 3.11 directly generates an assumption set

A

^S⁽^TE⁾ =^f

x

^7!

S

^g which is the same as

S

(

A

^TE).

Case2: |

e

⁾

x:e

¹ | If inductively,

A

^S⁽^TE⁰⁾ =

S

(

A

^TE⁰) for the antecedent

S

(TE⁰)^`

e

¹ :

S

¹ where TE⁰= TE +^f

x

^7!

²^g, then

A

^S⁽^TE⁾ =

A

^S⁽^TE⁰⁾ⁿ^f_x^g =

S

(

A

^TE⁰)ⁿ^fx^g=

S

(

A

^TE) using notation 3.3.

Case3: |

e

⁾

e

² | If inductively,

A

^S¹⁽^TE⁾ =

S

(

A

^TE¹ ) and

A

^S²⁽^TE⁾ =

S

(

A

^TE² ) for the antecedents

S

(TE)^`

e

¹ :

S

(

²^!

¹) and

S

(TE) ^`

e

² :

S

² respectively, then

A

^S⁽^TE⁾=

A

^S¹⁽^TE⁾^[

A

^S²⁽^TE⁾=

S

(

A

^TE¹ )^[

S

(

A

^TE² ) =

S

(

A

^TE) using notation 3.3.

Case4: |

e

⁾ ^let

x

e

¹ ⁱⁿ

e

² | We expand the immediate antecedents of typing 3.11 for this case¹⁸.

TE⁰^`

e

¹ :

S

⁰

¹ TE⁰+^f

x

^7!close(TE⁰

;S

⁰

¹)^g^`

e

² :

S

TE⁰^`^let

x

e

¹ ⁱⁿ

e

² :

S

² ^(3.12)

18For a proof of how these antecedents were arrived at, see [57], pages 18{20.

where,

TE⁰ =

S

(TE) =

S

⁰(TE)

and

S

⁰ =

S

^#_tyvars⁽_TE⁾

=⁾

S

(close(TE

;

¹)) = close(TE⁰

;S

⁰

¹)

We are given that the substitution

S

does not involve any generic type variables that are closed over in any branch of the derivation tree. In other words,

S

may involve only those type variables that are not allowed to be closed over as far as this typing is concerned. So we must have,

S

(close(TE

;

¹)) = close(

S

(TE)

;S

¹)

Thus, we can replace

S

⁰ with

S

in typing 3.12 and use the inductive assumption for the two antecedents, yielding the desired result

A

^S⁽^TE⁾=

S

(

A

^TE) via notation 3.3.

The above lemma provides a way to use the assumption sets to obtain new correct typings from old typings for the same expression. We can compare this with the lemma 2.3 which establishes the substitution transformation using the type environments.

Now we come back to the algorithm

W

⁰ (refer gure 3.6) and show that the assumptions collected there actually correspond to the typing generated by the algorithm. The proof of this lemma is very similar to that of the soundness theorem 2.7.

Lemma 3.4

If assumption set

A

is collected in the call

W

⁰(TE

;e

) = (

S;;A

) then

A

e

is a valid typing that corresponds to the typing

S

(TE)^`

e

generated through the soundness theorem 2.7.

Proof:

We prove this by structural induction on the expression

e

Case1: |

e

⁾

x

| From gure 3.6,

W

⁰(TE

;x

) = (

ID;

⁰

;

^f(

x

^7!

⁰)^g). Clearly,^f(

x

^7!

⁰)^g^`

x

⁰ is a valid typing corresponding to ID(TE)^`

x

⁰ directly from its denition in notation 3.3.

Case2: |

e

⁾

x:e

¹ | From gure 3.6, the internal recursive call to

W

⁰ for the body

e

yields (

S

;

;A

¹). So, inductively we obtain the following valid typing,

A

¹ ^`

e

¹ :

where

S

¹(TE) +^f

x

^7!

S

^g ^`

e

¹ :

Using notation 3.3 for the above typing, we arrive at the following,

A

¹ⁿ^f_x^g ^`

x:e

¹:

S

¹ (3.13)

where

S

¹(TE) ^`

x:e

¹:

S

As we can see from gure 3.6,

A

¹ⁿ^f_x^g is exactly the assumption set returned from

W

⁰, so that typing 3.13 is what we want.

Case3: |

e

⁾

e

² | Again, the internal recursive calls to

W

⁰ inductively yield the following,

A

¹ ^`

e

¹ :

¹ (3.14)

where

S

¹(TE) ^`

e

¹ :

and

A

² ^`

e

² :

² (3.15)

where

S

¹(TE) ^`

e

² :

The substitution

S

² does not involve any type variable from genvars(

A

¹) (see nota-tion 3.6) because its type variables can only come from either the free type variables of TE, or absolutely fresh type variables generated while typing

e

². Similarly, the substitu-tion

S

³ =

U

(

S

;

² ^!

) does not involve any type variables from either genvars(

A

¹) or genvars(

A

²). Therefore, lemma 3.3 can be applied to the typings 3.14 and 3.15 giving,

S

²(

A

¹) ^`

e

¹:

S

=⁾

S

²(

A

¹) ^`

e

¹:

S

²^!

S

(3.16)

and

S

³(

A

²) ^`

e

²:

S

² (3.17)

Using notation 3.3 and the typings 3.16 and 3.17 we obtain the following valid typing,

S

²(

A

¹)^[

S

³(

A

²) ^`

e

² :

S

where

S

¹(TE) ^`

e

² :

S

which exactly corrresponds to the assumption set returned from the outer call to

W

⁰. Case4: |

e

⁾^let

x

e

¹ ⁱⁿ

e

² | Just like in the last case, the internal recursive calls to

W

⁰inductively yield the following,

A

¹ ^`

e

¹ :

¹ (3.18)

where

S

¹(TE) ^`

e

¹ :

and

A

² ^`

e

² :

² (3.19)

where

S

¹(TE) +^f

x

^7!

^g ^`

e

² :

and

= close(

S

¹(TE)

;S

¹) As in lemma 3.3.

We always allocate fresh type variables in generating instances of previously closed type-schemes, including the type-scheme generated from the current^let-binding. There-fore, the type variables of

S

² are either from these fresh type variables or from the free type variables of TE, neither of which can appear in genvars(

A

¹). So just like the pre-vious case, we can apply

S

² to typing 3.18 using lemma 3.3 and then combine it with typing 3.19 using notation 3.3 to obtain the following valid typing,

S

²(

A

¹)^[

A

²ⁿ^f_x^g ^` ^let

x

e

¹ ⁱⁿ

e

² :

² where

S

¹(TE) ^` ^let

x

e

¹ ⁱⁿ

e

² :

which exactly corresponds to the assumption set returned from the outer call to

W

⁰.

The above lemma validates the assumptions collected by algorithm

W

⁰ in the sense that the collected assumptions denote a valid typing. The fact that these assumptions describe a minimum specication of the interface between the binding currently being processed and the external environment (lemma 3.1), and that we can manipulate them as pseudo-type environ-ments (lemma 3.3), permits us to use them as the basis of our incremental book-keeping.

Dans le document An Incremental Type Inference System for the Programming Language Id (Page 72-79)