Labelled Reductions, Runtime Errors, and Operational ... - CiteSeerX

Labelled Reductions, Runtime Errors, and Operational Subsumption Laurent Dami Centre Universitaire d'Informatique, Universite de Geneve 24, rue General-Dufour, CH-1211 Geneve 4, Switzerland http: //cuiwww.unige.ch/~dami

1 Introduction Consider the \name-switching" function F def = x:fl1 = x:l2; l2 = x:l1g in a calculus with records. Most type systems would reject program (F fl1 = 3g):l2 because the type of F is fl1 : X; l2 : Y g ! fl2 : Y; l1 : X g and fl1 : X; l2 : Y g cannot be uni ed with fl1 : Intg, the type of the record argument. However this program reduces to 3 without error. This shows that the common notion of \erroneous" terms, as implemented in most typed languages, is sometimes overrestrictive. Here we propose a general framework for studying the semantics of programs containing \uncatchable" errors, and a language-independent classi cation of error propagation properties; this is then applied to a comparison of various -calculi. In this approach, errors (written ") can be passed around as any other value, sometimes in a lazy way, and therefore an error occurring inside a term is not necessarily propagated to the top level; a term is considered \erroneous" if and only if it always generates ". We de ne an operational ordering of terms, called \subsumption", which gives a formal foundation for the notion of \substitutability" or \safe replacement" often used informally in the objectoriented literature: a term subsumes another i it generates fewer errors in all program contexts. Subsumption often implies and sometimes equals the usual approximation ordering (Theorems 21, 26); its main interest is to directly interpret subtyping in a term model, which is simpler than the partial equivalence relations (PERs) of [6] or the coercion functions of [5]. Since we require that errors are \absorbing" (any attempt to interact with an error yields an error again), " is the top element. Therefore the semantic structure is a lattice, like in the original work of Scott [19]. For the technical development below we make heavy use labelled reductions, an old idea used in the -calculus to restrict the interaction behaviour of a term to a nite number of steps. Here this is generalised in an abstract way to other reduction systems. Labelled reductions allow us to classify both terms and contexts according to the number of interaction steps they can perform, and therefore introduce an operational notion of nite approximation. This in turn can be used as an alternative to the contractive maps of [15] or the embeddingprojection pairs of [7] for solving recursive type equations.

2 Basic de nitions: error generation and preservation This section de nes a number of abstract notions, independent of any particular language. However, since some concepts need illustrations, informal examples will be drawn from the standard -calculus extended with constants and records. Precise de nitions for this calculus and other calculi will be given later in Section 5. Prior knowledge of the -calculus and the notions of callby-name (CBN), call-by-value (CBV) and lazy evaluation is assumed; standard references are [3,17,1]. As a reminder, common abbreviations for -terms are I def = x:x; K def = xy:x;
def = x:xx; def =

; Y def = f:(x:f(xx))(x:f(xx)); furthermore x:a abbreviates Y(x:a). Notation. We consider languages of the form (T ; V ; !) where T is a set of terms, V  T is the set of values, and ! is a binary relation on terms (one-step reduction ) satisfying 8v 2 V ; v ! v0 =) v0 2 V . The letters a; b; c range over arbitrary terms, v; u range over values. We assume a set X  T of variables

and standard notions of bound and free variables; the function FV : T ! 2X gives the free variables of a term; letters x; y; z range over X . T C and V C denote the sets of closed terms and values, i.e. those for which FV returns the empty set. The substitution of b for free occurrences of x in a is written a[x := b] Contexts are terms possibly containing occurrences of a \hole" [?]; if C[?] is a context, then C[a] is the term obtained by lling the hole in C[?] with a, possibly capturing variables. The set of contexts is written T [?]; since there is no restriction on the number of holes, we have T  T [?]. A subterm of a is a term a0 such that a  C[a0] for some C[?]. The re exive, transitive closure of ! is written ! and = is its symmetric closure; (a !) is an abbreviation for 9b; a ! b. Finally, if v is one of the operational ordering relations de ned below, with  representing any collection of subscripts/superscripts, then  = is its symmetric closure and 0.

Lemma 16 (context decomposition). C[?] 2 C k+1 =) 9C1[C2[?]] = C[?]; C1[?] 2 C 1 ^ C2 [?] 2 C k

Proof. If k = 0, there is an easy solution C1[?]  C[?]; C2[?]  [?]. If k > 0,

we know i) 9a; v; C[ak+2] ! v and ii) 8b; C[bk+1] *. Suppose v  C 0[a0k+2], with C[?] ! C 0[?]; a ! a0 . Then by de nition C 0 [a0k+1] must be a value, contradicting ii). So necessarily C[ak+2] ! D1 [D2[a0k+2]] ! D1 [bk+1] ! v where D2 [a0k+2] ! bk+1 is an instance of a labelled reduction rule. Now by rule (lab1), D1 [(D2 [a0k+2])k+1] ! v, so D1 [?] 2 C k ; moreover D2 [a02] ! b1 +, which implies D2 2 C 1 . ut Now we can use relevance indices of contexts to measure the interactivity of terms; intuitively, a term is k-interactive if it can performe k interaction steps. De nition 17 (k-interactivity). 1. every term is 0-interactive 2. a is (k + 1)-interactive i 9C[?] 2 C k ; C[a] +. 3. the interactivity index of a term a, written II(a), is the biggest k such that a is k-interactive, or 1 if a is k-interactive for every k. 4. T k denotes the set fa 2 T jII(a)  kg. Example 18. { In the lazy -calculus [1] all -abstractions are values, so the

term x: is 1-interactive, as well as (x:a)1 for any function x:a. { In the standard call-by-name -calculus, the term x:x is 1-interactive.

As demonstrated by these examples, the notion of k-interactivity not only applies to labelled terms, but also to unlabelled ones. Labels are used as an auxiliary study tool, but then the results can be extracted and give information about the unlabelled language.

4 Erroneous Terms and Subsumption We want to allow some errors to occur inside terms, because of the assumption that these will not necessarily be propagated to the top level. However, if a term contains only errors, then it is observationally not dierent from an error itself. For example, the term x:" is not -equal to ", but only yields errors in any context . By contrast, lazy systems admit unsolvable values like x:y:x; x:fl = xg which can interact without ever generating errors. Hence we come to de ne the erroneous terms are those which always yield errors after a nite number of interaction steps: De nition 19 (Erroneous terms). A term a is k-erroneous, written ayk , i  C[a] ! " for every context C[?] 2 C k . A term a is erroneous, written ay, i it is k-erroneous for some k. Clearly 0-erroneous terms must belong to the class faja ! "g. Examples of 1-erroneous terms are x:" or fl = "g. .

De nition 20 (Subsumption). A term a subsumes another term b, written a v" b, i it generates fewer errors in all program contexts: a v" b () 8C[?]; C[a]y =) C[b]y As for v+ , we have v" a v" " for any a in error-preserving languages. The

obvious question then is how the two orderings relate. This in general depends on the language properties, as shown through several examples in the next section. Nevertheless, a general result can be stated already:

Theorem 21. In an error-complete language, a v" b =) a v+ b. Proof. We will show (a v" b) =) (8C[?]; C[b] * =) C[a] *), from which (a v+ b) directly follows by de nition. Suppose a v" b. For any context C[?], furthermore suppose C[b] * and C[a] +. If the language is error-complete, then there exists a relevant context D[?] with D[C[a]]y0; but since D[?] is relevant, D[C[b]] *, contradicting a v" b. Hence C[a] must diverge. ut

5 Comparing various lambda calculi We will now apply our abstract framework to several languages, all related to the -calculus, but with various kinds of extensions, and with two dierent notions of values: head normal forms (terms withouth a head redex) or lazy values (terms with an outermost abstraction construct). These are described by fairly standard rules, given in the appendix. Head and lazy versions are distinguished by the superscripts H and L . For the pure -calculus  the relation  =" clearly is inconsistent since there are no errors. By contrast, v+ on H is the usual approximation relation, and its re exive closure  =+ is the sensible theory of [3], equating all unsolvable terms;  =+ on L is the semi-sensible, lazy theory of [1], which equates unsolvable terms of the same order. So in H we have  =+ YK v+ a for every a, while in L we have v+ a v+ YK. A detailed discussion of these dierent relations can be found in [1].

Lemma 22. 1. x:a v+ x:b () a v+ b  2. x:a v+ b =) (b ! x:b0) ^ (a v+ b0 ) 5.1 Standard -calculus with " " is the pure -calculus with an added constant " and corresponding reduction rule "a ! ".

Lemma 23. In ", ay () a ! x1 : : :xn:" Proof. ((=): easy, x1 : : :xn :" is n-erroneous. (=)): a must be k-erroneous for some k, so we can use induction on k. ut

Lemma 24. 1. " is not error-generating, but is error-preserving. 2. L" j= YK  =+ ". 3. H" is error-complete, but not L" .

Proof. 1: Easy by inspection of rules and ". 2: Both are ever-convergent. 3: Values in H" are -terms in head normal form, or ". Since HNFs are solvable, for every v there is always a context C[?] such that C[v]y0. By contrast, value x: in L" never reduces to an error. ut

Lemma 25. H" j= a v" b () L" j= a v" b. Proof. By the Lemma 23 the error terms in both calculi are the same.

ut

Theorem 26. 1. In both H" and L", a v+ b =) a v" b 2. In H" , a v+ b () a v" b Proof. 1: suppose a v+ b. By Lemma 23, for any context C[?], if C[a]y then C[a] ! x1 : : :xn:". Therefore by Lemma 22 C[b] ! x1 : : :xn:b0 with " v+ b0, so C[b]y. 2: (=)):preceding part of the theorem. ((=): from Theorem 21, knowing that H" is error-complete. ut 5.2 -calculus with records The -calculus is now extended with records, i.e. collections of bindings from names to terms. As usual, these are written with curly braces; we use the vector notation fli = aig to denote the record with nite list of elds l1 = a1; : : :; ln = an, with all li distinct. The expression (li = ai n l) denotes removal of eld l (if present) in a collection of bindings. Here all records are considered as values, which is perhaps a debatable choice, but conforms to an often similar choice in calculi with tuples [16].

Lemma 27. 1. fg is error-generating, error-complete and error-preserving for both the head and the lazy calculus. 2. Hfg j= a v" b () Lfg j= a v" b.

Proof. 1: Error-generating: obvious. Error-complete: each closed value is either of record shape or of functional shape. In each case there is a context ([?]a) or [?]:l which generates an error. Error-preserving: easy by inspection of the reduction rules. 2: As for " (Lemma 25): the error terms are the same (although the proof here is slightly more complex, as error terms may also be of record shape). ut

Since now even the lazy calculus is error-complete, the \ogre" YK has a dierent status than in " : Proposition 28. In fg; :(YK =+ ")

Proof. Because Lfg is error-complete and because of Theorem 21, it suces to

show :(YK  =" "). In the empty context [?], there is no k such that YK is k-erroneous, because it can consume an in nite number of arguments without yielding an error. ut On the other hand there is a new term which is erroneous, namely the empty record: Proposition 29. In fg; fg =" " Proof. By inspection of the reduction rules, fg cannot interact without yielding an error, so it is 1-erroneous. ut However if the calculus is augmented with a record extension construct a( )l = b (like in [18,21]) then the empty record becomes solvable: for any value v there is a relevant context ([?]( )l = v):l yielding that value, so in that case fg is not equal to ".

6 Types This section illustrates the usefulness of both subsumption and labelled reductions for the semantics of types : subsumption is a natural foundation for interpreting subtyping, and labelled terms are a natural foundation for interpreting recursive types, following the approach of [7]. This is just an appetizer, as lack of space prevents us from going through full technical developments. Nevertheless the general approach borrows well-known techniques and therefore should be easy to follow. Types are interpreted as non-empty, downward-closed subsets of terms in the v" ordering. Let Tset denote the set of such subsets. For any t 2 Tset, tn denotes the set fanja 2 tg ( nite projection). A type environment  is a mapping from Tvar to Tset. Given a type environment, a type interpretation function Ti[?] maps types to members of Tset. We will illustrate this approach on the fg calculus of the previous section, considering types of the following syntax. T; U ::= > j X j T ! U j fli : Ti g j X:T Type assignment rules and subtyping rules are not displayed here: standard rules are assumed (see for example [8]). We also assume a rule (top) assigning type > to any term. Figure 1 gives the type interpretation. A well-known diculty associated with recursive types is the fact that arrow types are contravariant on the left. The ideal model of [15] solves the problem through contractive maps on ideals in the semantic domain; this requires some conditions on the syntax of type expressions to enforce contractiveness. By contrast we follow here the idea of [7], using a family of indexed type interpretations, where the index denotes nite approximations. In this approach non-contractive type expressions are naturally mapped to the bottom type (the one containing only divergent terms), without any syntactic constraints. With labelled terms this can be done in an operational way, without needing to resort to denotational semantics.

[T ]0 = faja v" g n+1 = T n+1 Ti[>] n+1 =  (X )n+1 Ti[X ] n+1 = fa 2 T n+1 jb 2 Ti[T ]n =) a(b) 2 Ti[U ]n g Ti[T ! U ]   n +1 n +1 n Ti[fli : Ti g] = fa 2 T j8i;a:li 2 Ti[Ti ] g n +1 Ti[X:T ] = Ti[T ]n[+1 X 7!Ti[X:T ]n ] Ti

[T ] = faj8n 2 !;an 2 Ti[T ]n g

Ti

Fig. 1.

Type interpretation for functions and records

Lemma 30. 8T; ; Ti[T] 2 Tset. Lemma 31. T  U =) Ti[T]  Ti[U] . De nition 32. A closing substitution  satis es a basis ?, written  j= ?, i, 8; 8x 2 dom(?); (x) 2 Ti[?(x)] . Theorem 33. ? ` a : T =) (8 j= ?; a 2 Ti[T]). De nition 34 (Trivial types). The set Triv of trivial types is de ned inductively as: Triv = > [ fT ! U jU 2 Trivg [ ffli : Ti gj8i; Ti 2 Trivg [ f(X)T jT 2 Trivg

Lemma 35. In any non-trivial type environment, non-trivial types do not contain erroneous terms. ( is non-trivial i " 62 (X) for each type variable X in

dom())

Theorem 36. If ? ` a : T and T 62 Triv, then 8 j= ?; :(ay). Proof. Consequence of the preceding lemma and of subject reduction, shown using standard techniques. ut

Lemma 37. The following equality between record types is sound: fl : >; li : Ti g = fli : Ti g Proof. Since " 2 Ti[>], the condition a:li 2 Ti[Ti ] on eld l is always satis ed, even for records where eld l is absent. ut Example 38. The example of the introduction

(x:fl1 = x:l2; l2 = x:l1g)fl1 = 3g has type fl1 : >; l2 : Intg, which is equal to fl2 : Intg and is non-trivial.

References 1. Samson Abramsky and C.-H. Luke Ong. Full Abstraction in the Lazy Lambda Calculus. Information and Computation, 105:159-267, 1993. 2. Martin Abadi, Benjamin Pierce and Gordon Plotkin. Faithful Ideal Models for Recursive Polymorphic Types. Int. J. of Foundations for Computer Science, 2(1):121, 1991. 3. Henk Barendregt. The Lambda-Calculus, its Syntax and Semantics. Studies in Logic and the Foundations of Mathematics, North-Holland, 1984. 4. Baard Bloom. Can LCF Be Topped? Flat Lattice Models of Typed -calculus. Information and Computation 87:264-301, 1990. 5. Val Breazu-Tannen, Thierry Coquand, Carl A. Gunter, and Andre Scedrov. Inheritance as Implicit Coercion. Information and Computation 93:172-221, 1991. Also in [11], pp 197-245. 6. A Modest Model of Records, Inheritance, and Bounded Quanti cation. Information and Computation 87:196-240, 1990. Also in [11], pp 151-195. 7. Felice Cardone and Mario Coppo. Two extensions of Curry's Type Inference System. In Logic and Computer Science, P. Odifreddi(ed), pp 19-75. Academic Press, 1990. 8. Luca Cardelli and John Mitchell. Operations on Records. In [11], pp 295-350. First appeared in Math. Structures in Comp. Sc., 1991, pp 3-48. 9. Laurent Dami. A Lambda-Calculus for Dynamic Binding. To appear in Theoretical Comp. Sc., special issue on Coordination, 1997. 10. Laurent Dami. Labelled Reductions, Runtime Errors, and Operational Subsumption. Technical Report, U. of Geneva, 1997. Currently available at http://cuiwww.unige.ch/~dami. 11. Carl A. Gunter and John C. Mitchell, eds. Theoretical aspects of object-oriented programming: types,semantics, and language design. MIT Press, Foundations of computing series, 1994. 12. D. J. Howe. Equality in lazy computation systems. In Proc. 4th IEEE Symp. on Logic in Comp. Sc., pp 198-203, 1989. 13. Trevor Jim and Albert R. Meyer. Full Abstraction and the Context Lemma. SIAM J. on Computing 25(3):663-696, June 1996. 14. Jan W. Klop, Vincent van Oostrom and Femke van Raamsdonk. Combinatory reduction systems: introduction and survey. Theoretical Computer Science, 121:279308, 1993. 15. David MacQueen, Gordon Plotkin and Ravi Sethi. An Ideal Model for Recursive Polymorphic Types. Information and Control, 71:95-130, 1986. 16. Ian A. Mason, Scott F. Smith and Carolyn L. Talcott. From Operational Semantics to Domain Theory. In Information and Computation, 128:26-47, 1996. 17. Gordon Plotkin. Call-by-name, call-by-value and the -calculus. Theoretical Computer Science, 1:125-159, 1975. 18. Didier Remy. Typechecking records and variants in a natural extension of ML. In Proceedings ACM POPL'89, pp 242-249. Also in [11], pp 67-96. 19. Dana Scott. Data types as lattices. SIAM J. of Computing, 5:522-587, 1976. 20. C. Talcott, A Theory of Binding Structures and Applications to Rewriting, Theoretical Computer Science, 112:99-143, 1993. 21. Mitchell Wand. Type Inference for Record Concatenation and Multiple Inheritance. Information and Computation, 93(1):1-15, 1991.

A Language Rules

A.1 Standard -calculus with " Syntax

Red. Rules

Values

X;a 2 T () x 2x:a 2T

() xx 22 XT

a; b 2 T ( ) (ab) 2T

(") " 2 T

!b ( ) (x:a)b ! a[x := b] (jj) x:aa ! x:b (") ("a) ! " a!b x 2 X ; a 2 T ; x 62 FV (a) !b (j 1j) (ac)a ! (bc) (j 2j) (ca) ! (cb) () x:ax ! a

H; a 2 T ( ) v 2(va) 2H

() x 2 H

v2V (H ) x:v 2V

a2T (L ) x:a 2V

() vv 22 H V (") " 2 V

A.2 -calculus with records Syntax

Red. Rules

() fl8i;=aai 2g 2T T i

i

a2T () a:l 2T

j ( ) fl =9j;alg:l l! aj i i

lj (" ) fl 8=j;al 6 g :l i i !"

() (x:a):l ! "

(  ) (fl = a g b) ! " i i

! a0i (jj) f : : :; l = a ; : : :agi ! f : : :; li = a0i ; : : : g i i

! a0 (jj) a:la ! a0 :l

(" ) ":l ! " Values

a2H (1) fl8j;=aaj g22T R (2) aa 22 R () a:l V 2H i i