Practical Datatype Specializations with Phantom Types and Recursion Schemes

Datatype specialization is a form of subtyping that captures program invariants on data structures that are expressed using the convenient and intuitive datatype notation. Of particular interest are structural invariants such as well-formedness. We investigate the use of phantom types for describing datatype specializations. We show that it is possible to express statically-checked specializations within the type system of Standard ML. We also show that this can be done in a way that does not lose useful programming facilities such as pattern matching in case expressions.Comment: 25 pages. Appeared in the Proc. of the 2005 ACM SIGPLAN Workshop on M

Featherweight Generic Confinement

Existing approaches to object encapsulation either rely on ad hoc syntactic restrictions or require the use of specialised type systems. Syntactic restrictions are difficult to scale and to prove correct, while specialised type systems require extensive changes to programming languages. We demonstrate that confinement can be enforced cheaply in Featherweight Generic Java, with no essential change to the underlying language or type system. This result demonstrates that polymorphic type parameters can simultaneously act as ownership parameters and should facilitate the adoption of confinement and ownership type systems in general-purpose programming languages

Catch me if you can Looking for type-safe, hierarchical, lightweight, polymorphic and efficient error management in OCaml

International audienceThis is the year 2008 and ML-style exceptions are everywhere. Most modern languages, whether academic or industrial, feature some variant of this mechanism. Languages such as Java even feature static coverage-checking for such exceptions, something not available for ML languages, at least not without resorting to external tools. In this document, we demonstrate a design principle and a tiny library for managing errors in a functional manner, with static coverage-checking, automatically-inferred, structurally typed and hierarchical exceptional cases, with a reasonable run-time penalty. Our work is based on OCaml and features monads, polymorphic variants, compile-time code rewriting and trace elements of black magic

Sound and complete bidirectional typechecking for higher-rank polymorphism with existentials and indexed types

Bidirectional typechecking, in which terms either synthesize a type or are checked against a known type, has become popular for its applicability to a variety of type systems, its error reporting, and its ease of implementation. Following principles from proof theory, bidirectional typing can be applied to many type constructs. The principles underlying a bidirectional approach to indexed types (generalized algebraic datatypes) are less clear. Building on proof-theoretic treatments of equality, we give a declarative specification of typing based on focalization. This approach permits declarative rules for coverage of pattern matching, as well as support for first-class existential types using a focalized subtyping judgment. We use refinement types to avoid explicitly passing equality proofs in our term syntax, making our calculus similar to languages such as Haskell and OCaml. We also extend the declarative specification with an explicit rules for deducing when a type is principal, permitting us to give a complete declarative specification for a rich type system with significant type inference. We also give a set of algorithmic typing rules, and prove that it is sound and complete with respect to the declarative system. The proof requires a number of technical innovations, including proving soundness and completeness in a mutually recursive fashion.EPSRC grant EP/N02706X/

Des types aux assertions logiques : preuve automatique ou assistée de propriétés sur les programmes fonctionnels.

This work studies two approaches to improve the safety of computer programs using static analysis.The first one is typing which guarantees that the evaluation of program cannot fail. The functionallanguage ML has a very rich type system and also an algorithm that infers automatically the types.We focus on its adaptation to generalized algebraic data types (GADTs). In this setting, efficientcomputation of a most general type is impossible. We propose a stratification of the language thatretain the usual characteristics of the ML fragment and make explicit the use of GADTs. The re-sulting language, MLGX, entails a burden on the programmer who must annotate its programs toomuch. A second stratum, MLGI, offers a mechanism to infer locally, in a predictable and efficient way,incomplete yet, most of the type annotations. The first part concludes on an illustration of the expres-siveness of GADTs to encode the invariants of pushdown automata used in LR parsing. The secondapproach augments the language with logic assertions that enables arbitrarily complex specificationsto be expressed. We check the compliance of the program semantics with respect to these specifica-tions thanks to a method called Hoare logic and thanks to semi-automatic computer-based proofs.The design choices permit to handle first-class functions. They are directed by an implementationwhich is illustrated by the certification of a module of trees that denote finite sets.Cette thèse étudie deux approches fondées sur l’analyse statique pour augmenter la sûreté defonctionnement et la correction des programmes informatiques.La première approche est le typage qui permet de prouver automatiquement qu’un programmes’évalue sans échouer. Le langage fonctionnel ML possède un système de type très riche et un algorithmeeffectuant une synthèse automatique de ces types. On s’intéresse à l’adaptation de cet algorithme auxtypes algébriques généralisés (GADT), une forme restreinte des inductifs de Coq, qui ont été introduitspar Hongwei Xi en 2003.Dans ce cadre, le calcul efficace d’un type plus général est impossible. On propose une stratificationqui maintient les caractéristiques habituelles sur le fragment ML et qui isole le traitement des GADTen explicitant leur utilisation. Le langage obtenu, MLGX, nécessite des annotations de type qui alour-dissent les programmes. Une seconde strate, MLGI, offre au programmeur un mécanisme de synthèselocale, prédictible et efficace bien qu’incomplet, de la plupart de ces annotations. La première parties’achève avec une démonstration de l’expressivité des GADT pour coder les invariants des automatesà pile utilisés par l’analyse syntaxique LR.La seconde approche augmente le langage de programmation par des assertions logiques permettantd’exprimer des spécifications de complexité arbitraire dans la logique d’ordre supérieur polymorphi-quement typée. On vérifie statiquement la conformité de la sémantique du programme vis-à-vis de cesspécifications à l’aide d’une technique appelée logique de Hoare qui consiste à engendrer un ensembled’obligations de preuves à partir d’un programme annoté. Une fois ces obligations de preuve traitées,si un programme est utilisé correctement et si il renvoie une valeur alors il est certain que celle-ci estcorrecte.Habituellement, cette technique est employée sur les langages impératifs. Avec un langage fonc-tionnel pur, les problèmes liés à l’état de la mémoire d’évanouissent tandis que l’ordre supérieur etle polymorphisme en posent de nouveaux. Nos choix de conceptions cherchent à maximiser les op-portunités d’utilisation de prouveurs automatiques en traduisant minutieusement les objets d’ordresupérieur en objets du premier ordre. Une implantation prototype du système en fournit une illustra-tion dans la preuve presque totalement automatique d’un module CAML d’arbres équilibrés dénotantdes ensembles finis

Under consideration for publication in J. Functional Programming 1 Phantom Types and Subtyping

We investigate a technique from the literature, called the phantom-types technique, that uses parametric polymorphism, type constraints, and unification of polymorphic types to model a subtyping hierarchy. Hindley-Milner type systems, such as the one found in Standard ML, can be used to enforce the subtyping relation, at least for first-order values. We show that this technique can be used to encode any finite subtyping hierarchy (including hierarchies arising from multiple interface inheritance). We formally demonstrate the suitability of the phantom-types technique for capturing first-order subtyping by exhibiting a type-preserving translation from a simple calculus with bounded polymorphism to a calculus embodying the type system of SML.