The Duality of Subtyping

Subtyping is a concept frequently encountered in many programming languages and calculi. Various forms of subtyping exist for different type system features, including intersection types, union types or bounded quantification. Normally these features are designed independently of each other, without exploiting obvious similarities (or dualities) between features. This paper proposes a novel methodology for designing subtyping relations that exploits duality between features. At the core of our methodology is a generalization of subtyping relations, which we call Duotyping. Duotyping is parameterized by the mode of the relation. One of these modes is the usual subtyping, while another mode is supertyping (the dual of subtyping). Using the mode it is possible to generalize the usual rules of subtyping to account not only for the intended behaviour of one particular language construct, but also of its dual. Duotyping brings multiple benefits, including: shorter specifications and implementations, dual features that come essentially for free, as well as new proof techniques for various properties of subtyping. To evaluate a design based on Duotyping against traditional designs, we formalized various calculi with common OOP features (including union types, intersection types and bounded quantification) in Coq in both styles. Our results show that the metatheory when using Duotyping does not come at a significant cost: the metatheory with Duotyping has similar complexity and size compared to the metatheory for traditional designs. However, we discover new features as duals to well-known features. Furthermore, we also show that Duotyping can significantly simplify transitivity proofs for many of the calculi studied by us

Set-theoretic Types for Erlang

Erlang is a functional programming language with dynamic typing. The language offers great flexibility for destructing values through pattern matching and dynamic type tests. Erlang also comes with a type language supporting parametric polymorphism, equi-recursive types, as well as union and a limited form of intersection types. However, type signatures only serve as documentation, there is no check that a function body conforms to its signature. Set-theoretic types and semantic subtyping fit Erlang's feature set very well. They allow expressing nearly all constructs of its type language and provide means for statically checking type signatures. This article brings set-theoretic types to Erlang and demonstrates how existing Erlang code can be statically typechecked without or with only minor modifications to the code. Further, the article formalizes the main ingredients of the type system in a small core calculus, reports on an implementation of the system, and compares it with other static typecheckers for Erlang.Comment: 14 pages, 9 figures, IFL 2022; latexmk -pdf to buil

SFJ: an Implementation of Semantic Featherweight Java

There are two approaches to defining subtyping relations: the syntactic and the semantic approach. In semantic subtyping, one defines a model of the language and an interpretation of types as subsets of this model. Subtyping is defined as inclusion of subsets denoting types. An orthogonal subtyping question, typical of object-oriented languages, is the nominal versus the structural subtyping. Dardha et al. [11, 12] defined boolean types and semantic subtyping for Featherweight Java (FJ) and integrated both nominal and structural subtyping, thus exploiting the benefits of both approaches. However, these benefits were illustrated only at a theoretical level, but not exploited practically. We present SFJ—Semantic Featherweight Java, an implementation of FJ which features boolean types, semantic subtyping and integrates nominal as well as structural subtyping. The benefits of SFJ, illustrated in the paper and the accompanying video (with audio/subtitles) [27], show how static type-checking of boolean types and semantic subtyping gives higher guarantees of program correctness, more flexibility and compactness of program writing

Simple Reference Immutability for System F-sub

Reference immutability is a type based technique for taming mutation that has long been studied in the context of object-oriented languages, like Java. Recently, though, languages like Scala have blurred the lines between functional programming languages and object oriented programming languages. We explore how reference immutability interacts with features commonly found in these hybrid languages, in particular with higher-order functions -- polymorphism -- and subtyping. We construct a calculus System F-sub-M which encodes a reference immutability system as a simple extension of F-sub and prove that it satisfies the standard soundness and immutability safety properties.Comment: 25 page

Decidable Tag-Based Semantic Subtyping for Nominal Types, Tuples, and Unions

Semantic subtyping enables simple, set-theoretical reasoning about types by interpreting a type as the set of its values. Previously, semantic subtyping has been studied primarily in the context of statically typed languages with structural typing. In this paper, we explore the applicability of semantic subtyping in the context of a dynamic language with nominal types. Instead of static type checking, dynamic languages rely on run-time checking of type tags associated with values, so we propose using the tags for semantic subtyping. We base our work on a fragment of the Julia language and present tag-based semantic subtyping for nominal types, tuples, and unions, where types are interpreted set-theoretically, as sets of type tags. The proposed subtyping relation is shown to be decidable, and a corresponding analytic definition is provided. The implications of using semantic subtyping for multiple dispatch are also discussed.Comment: Published at FTfJP'1

Polymorphic set-theoretic types for functional languages

We study set-theoretic types: types that include union, intersection, and negation connectives. Set-theoretic types, coupled with a suitable subtyping relation, are useful to type several programming language constructs \u2013 including conditional branching, pattern matching, and function overloading \u2013 very precisely. We define subtyping following the semantic subtyping approach, which interprets types as sets and defines subtyping as set inclusion. Our set-theoretic types are polymorphic, that is, they contain type variables to allow parametric polymorphism. We extend previous work on set-theoretic types and semantic subtyping by showing how to adapt them to new settings and apply them to type various features of functional languages. More precisely, we integrate semantic subtyping with three important language features. In Part I we study implicitly typed languages with let-polymorphism and type inference (previous work on semantic subtyping focused on explicitly typed languages). We describe an implicitly typed lambda-calculus and a declarative type system for which we prove soundness. We study type inference and prove results of soundness and completeness. Then, we show how to make type inference more precise when programs are partially annotated with types. In Part II we study gradual typing. We describe a new approach to add gradual typing to a static type system; the novelty is that we give a declarative presentation of the type system, while previous work considered algorithmic presentations. We first illustrate the approach on a Hindley-Milner type system without subtyping. We describe declarative typing, compilation to a cast language, and sound and complete type inference. Then, we add set-theoretic types, defining a subtyping relation on set-theoretic gradual types, and we describe sound type inference for the extended system. In Part III we consider non-strict semantics. The existing semantic subtyping systems are designed for call-by-value languages and are unsound for non-strict semantics. We adapt them to obtain soundness for call-by-need. To do so, we introduce an explicit representation for divergence in the types, allowing the type system to distinguish the expressions that are already evaluated from those that are computations which might diverge.Cette th\ue8se porte sur l'\ue9tude des types ensemblistes : des types qui contiennent des connecteurs d'union, d'intersection et de n\ue9gation. Les types ensemblistes permettent de typer de mani\ue8re tr\ue8s pr\ue9cise plusieurs constructions des langages de programmation (comme par exemple les branches conditionnelles, le filtrage par motif et la surcharge des fonctions) lorsqu'ils sont utilis\ue9s avec une notion appropri\ue9e de sous-typage. Pour d\ue9finir celle-ci, nous utilisons l'approche du sous-typage s\ue9mantique, dans laquelle les types sont interpr\ue9t\ue9s comme des ensembles, et o\uf9 le sous-typage est d\ue9fini comme l'inclusion ensembliste. Dans la plupart de cette th\ue8se, les types ensemblistes sont polymorphes, dans le sens o\uf9 ils contiennent des variables de type pour permettre le polymorphisme param\ue9trique. La th\ue8se \ue9tend les travaux pr\ue9c\ue9dents sur les types ensemblistes et le sous-typage s\ue9mantique en montrant comment les adapter \ue0 des nouveaux contextes et comment les utiliser pour typer plusieurs aspects des langages fonctionnels. Elle se compose de trois parties. La premi\ue8re partie porte sur une \ue9tude des langages typ\ue9s de mani\ue8re implicite avec polymorphisme du "let" et inf\ue9rence de types (contrairement aux travaux pr\ue9c\ue9dents sur le sous-typage s\ue9mantique qui \ue9tudiaient des langages typ\ue9s explicitement). Nous y d\ue9crivons un lambda-calcul typ\ue9 implicitement avec un syst\ue8me de types dont nous d\ue9montrons la correction. De m\ueame, nous y \ue9tudions l'inf\ue9rence de types dont nous d\ue9montrons la correction et la compl\ue9tude. Enfin, nous montrons comment rendre l'inf\ue9rence plus pr\ue9cise quand les programmes sont partiellement annot\ue9s avec des types. La deuxi\ue8me partie d\ue9crit une nouvelle approche permettant d'\ue9tendre un syst\ue8me de types statique avec du typage graduel; l'originalit\ue9 venant du fait que nous d\ue9crivons le syst\ue8me de types de fa\ue7on d\ue9clarative, lorsque les syst\ue8mes existants proposent des descriptions algorithmiques. Nous illustrons cette approche en ajoutant le typage graduel \ue0 un syst\ue8me de types \ue0 la Hindley-Milner sans sous-typage. Nous d\ue9crivons pour cela un syst\ue8me de types d\ue9claratif, un processus de compilation vers un langage avec v\ue9rifications de type dynamiques (ou "casts"), et nous pr\ue9sentons un syst\ue8me d'inf\ue9rence de types correct et complet. Ensuite, nous y ajoutons les types ensemblistes, en d\ue9finissant une relation de sous-typage sur les types graduel ensemblistes, puis en pr\ue9sentant un syst\ue8me d'inf\ue9rence de types correct pour le syst\ue8me \ue9tendu. La troisi\ue8me partie porte sur l'\ue9tude des s\ue9mantiques non-strictes. Les syst\ue8mes existants qui utilisent le sous-typage s\ue9mantique ont \ue9t\ue9 d\ue9velopp\ue9s pour des langages avec appel par valeur et ne sont pas s\ufbrs pour des s\ue9mantiques non-strictes. Nous montrons ici comment les adapter pour garantir leur s\ufbret\ue9 en appel par n\ue9cessit\ue9. Pour faire \ue7a, nous introduisons dans les types une repr\ue9sentation explicite de la divergence, afin que le syst\ue8me des types puisse distinguer les expressions qui ne demandent pas d'\ue9valuation de celles qui la demandent et pourraient ainsi diverger

On Leveraging Tests to Infer Nullable Annotations

Issues related to the dereferencing of null pointers are a pervasive and widely studied problem, and numerous static analyses have been proposed for this purpose. These are typically based on dataflow analysis, and take advantage of annotations indicating whether a type is nullable or not. The presence of such annotations can significantly improve the accuracy of null checkers. However, most code found in the wild is not annotated, and tools must fall back on default assumptions, leading to both false positives and false negatives. Manually annotating code is a laborious task and requires deep knowledge of how a program interacts with clients and components. We propose to infer nullable annotations from an analysis of existing test cases. For this purpose, we execute instrumented tests and capture nullable API interactions. Those recorded interactions are then refined (santitised and propagated) in order to improve their precision and recall. We evaluate our approach on seven projects from the spring ecosystems and two google projects which have been extensively manually annotated with thousands of @Nullable annotations. We find that our approach has a high precision, and can find around half of the existing @Nullable annotations. This suggests that the method proposed is useful to mechanise a significant part of the very labour-intensive annotation task

Programming Languages and Systems

This open access book constitutes the proceedings of the 28th European Symposium on Programming, ESOP 2019, which took place in Prague, Czech Republic, in April 2019, held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019

Formal foundations for hybrid effect analysis

Type-and-effect systems are a powerful tool for program construction and verification. Type-and-effect systems are useful because it can help reduce bugs in computer programs, enable compiler optimizations and also provide sort of program documentation. As software systems increasingly embrace dynamic features and complex modes of compilation, static effect systems have to reconcile over competing goals such as precision, soundness, modularity, and programmer productivity. In this thesis, we propose the idea of combining static and dynamic analysis for effect systems to improve precision and flexibility. We describe intensional effect polymorphism, a new foundation for effect systems that integrates static and dynamic effect checking. Our system allows the effect of polymorphic code to be intensionally inspected. It supports a highly precise notion of effect polymorphism through a lightweight notion of dynamic typing. When coupled with parametric polymorphism, the powerful system utilizes runtime information to enable precise effect reasoning, while at the same time retains strong type safety guarantees. The technical innovations of our design include a relational notion of effect checking, the use of bounded existential types to capture the subtle interactions between static typing and dynamic typing, and a differential alignment strategy to achieve efficiency in dynamic typing. We introduce the idea of first-class effects, where the computational effect of an expression can be programmatically reflected, passed around as values, and analyzed at run time. A broad range of designs “hard-coded in existing effect-guided analyses can be supported through intuitive programming abstractions. The core technical development is a type system with a couple of features. Our type system provides static guarantees to application-specific effect management properties through refinement types, promoting “correct-by-design effect-guided programming. Also, our type system computes not only the over-approximation of effects, but also their under-approximation. The duality unifies the common theme of permission vs. obligation in effect reasoning. Finally, we show the potential benefit of intensional effects by applying it to an event-driven system to obtain safe concurrency. The technical innovations of our system include a novel effect system to soundly approximate the dynamism introduced by runtime handlers registration, a static analysis to precompute the effects and a dynamic analysis that uses the precomputed effects to improve concurrency. Our design simplifies modular concurrency reasoning and avoids concurrency hazards