Types for Programs and Proofs

Lecture 1

What are types?

• int, float, char, …, arrays • types of procedures, functions, references,

records, objects, ... • recursive types, • polymorphic types, • abstract types,• dependent types, • subtypes,• …

Purpose of types

• Specification. To define what the program should do. – For example, read an array of integers and return a double. – To document the programmer's intentions. It is better than

comments, which are not checked by the compiler• Bug-finding. To guarantee that the program is

meaningful. – For example that it does not add a string to an integer – and that variables are declared before they are used

• Optimization. To optimize the use of hardware. – To reserve the minimal amount of memory, but not more.– To use the most appropriate machine instructions

What belongs to type checking?

Depending on the language, the type checker can prevent - the application of a function to the wrong number of arguments- the application of integer functions to floats- The use of undeclared variables in expressions,- division by zero- array indices out of bounds,- non-terminating recursion,- sorting algorithms that don't sort...Languages differ greatly: none of the things above is checked by all

programming languages! The more static checking in the compiler, the less need for manual debugging.

Types help detect errors

E g applying a function to too few arguments, indexing array out of bounds, variable out of scope

• good to detect errors early rather than at run time• can expose a surprisingly wide range of errors• if the type system is rich programs tend "to just work" when

type-checked (not only trivial mental slips but also deeper conceptual errors are exposed)

• the strength of this effect depends on the richness of the type system as well as the nature of the task. For example, do we manipulate many data structures? Coding everything in terms of lists will expose fewer errors than if we use different types for different data structures.

Maintenance tool

• modify a type and the type checker will detect where type-checking fails

• For example “Anno Domini”, Copenhagen 2000

Abstraction, modularity

• structure programs using abstract data types• enforce disciplined programming • type systems form the backbone of module

languages used to package and tie together components

• structuring large systems in terms of modules with clear interfaces leads to abstract design.

Code reuse

• Polymorphism in Haskell• Generics in Java

Language safetya language is safe if it protects its own abstractions. - High-level languages have abstractions of machine services. Safety

means that the language protects these abstractions - you expect that an array can be changed just by the update operation and not by writing past the end of some other data structure, etc.

- In an unsafe language you need to keep track of low level details (C, C++) depending on the implementation. Such languages cannot be understood by the reading the language manual only

- Checks can happen both at type-checking time and at run-time (Lisp, Scheme, Perl do run-time checks)

- Array-bounds-checking is normally done at run-time, doing it statically is a long-standing problem ("dependent types" offer the solution, but this is still research topic) - escape hatches (foreign function calls)

New applications

• Computer and network security (one aspect of programming language based security is type-systems)

• Program analysis (Anno Domini)• Automated theorem proving (Propositions as types)• Databases, web metadata (static type system for

XML)• Computational linguistics (types in computational

linguistics)