Undecidability of D

Undecidability of D<: and Its Decidable Fragments

Jason Z.S. HuUniversity of Waterloo −→

McGill [email protected]

Ondřej LhotákUniversity of [email protected]

mailto:[email protected]

mailto:[email protected]

1

IntroductionHistorical Overview: Scala and Dependent Object Types

I Scala was first released in 2004.

I Formalization of Scala is a long running process (Odersky et al., 2003; Cremet et al.,2006; Moors et al., 2008; Amin et al., 2012; Rompf and Amin, 2016; Amin et al., 2016;Rapoport et al., 2017).

I How do type soundness proofs help to implement the compiler directly?

We consider the decidability of path dependent types,and this theoretical result also benefits the implementation.

Hu and Lhoták | Undecidability of D<: and Its Decidable Fragments

1

IntroductionHistorical Overview: Scala and Dependent Object Types

I Scala was first released in 2004.I Formalization of Scala is a long running process (Odersky et al., 2003; Cremet et al.,

2006; Moors et al., 2008; Amin et al., 2012; Rompf and Amin, 2016; Amin et al., 2016;Rapoport et al., 2017).

I How do type soundness proofs help to implement the compiler directly?

We consider the decidability of path dependent types,and this theoretical result also benefits the implementation.


2

Path Dependent Types: An ExampleTrait Definitions

trait Account

trait Bank { self =>type A <: Accountdef createAccount(initialBalance : Long = 0) : Adef transfer(amount : Long, from : self.A,

toBank : Bank, to : toBank.A) : Unit}

toBank.A depends on a previous parameter.


3

Path Dependent Types: An ExampleA Tiny Program

def transfer(amount : Long, from : self.A,toBank : Bank, to : toBank.A) : Unit

object BankOfWaterloo extends Bank { /* ... */ }object McGillBank extends Bank { /* ... */ }val david : BankOfWaterloo.A = BankOfWaterloo.createAccount(200)val elly : McGillBank.A = McGillBank.createAccount(300)


3




BankOfWaterloo.transfer(10, david, McGillBank, elly)

This program works and transfers 10 dollars from David to Elly.


3





BankOfWaterloo.transfer(10, david, BankOfWaterloo, elly)

What about this program?


3





BankOfWaterloo.transfer(10, david, BankOfWaterloo, elly)found: McGillBank.A

expect: BankOfWaterloo.A


4

Research Questions

We can see that path dependent types are very expressive, but ...

I Is type checking decidable with path dependent types?

I Is subtyping decidable with path dependent types?


5

Definition of D<: (Amin et al., 2016)Path Dependent Types

Γ `D<:T <: >

TOPΓ `D<:

⊥ <: TBOT

Γ `D<:T <: T

REFL

Γ `D<:S2 <: S1

Γ `D<:U1 <: U2

Γ `D<:{A : S1..U1} <: {A : S2..U2}

BND

Γ `D<:S2 <: S1

Γ; x : S2 `D<:U1 <: U2

Γ `D<:∀(x : S1)U1 <: ∀(x : S2)U2

ALL

Γ `D<:Γ(x) <: {A : S..>}

Γ `D<:S <: x .A

SEL1’Γ `D<:

Γ(x) <: {A : ⊥..U}Γ `D<:

x .A <: USEL2’

Γ `D<:S <: T Γ `D<:

T <: UΓ `D<:

S <: UTRANS


6

Outline of Our Undecidability Proof

The actual proof is quite tricky, e.g. the TRANS rule doesn’t provide strong enoughinductive hypothesis.

To establish the proof, we1 find a suitable undecidable problem to reduce from,2 define D<: normal form by restricting the TRANS rule,3 show the equivalence between D<: and D<: normal form,4 conclude undecidability of D<:.


6



To establish the proof, we

1 find a suitable undecidable problem to reduce from,2 define D<: normal form by restricting the TRANS rule,3 show the equivalence between D<: and D<: normal form,4 conclude undecidability of D<:.


6



To establish the proof, we1 find a suitable undecidable problem to reduce from,

2 define D<: normal form by restricting the TRANS rule,3 show the equivalence between D<: and D<: normal form,4 conclude undecidability of D<:.


6



To establish the proof, we1 find a suitable undecidable problem to reduce from,2 define D<: normal form by restricting the TRANS rule,

3 show the equivalence between D<: and D<: normal form,4 conclude undecidability of D<:.


6



To establish the proof, we1 find a suitable undecidable problem to reduce from,2 define D<: normal form by restricting the TRANS rule,3 show the equivalence between D<: and D<: normal form,

4 conclude undecidability of D<:.


6



To establish the proof, we1 find a suitable undecidable problem to reduce from,2 define D<: normal form by restricting the TRANS rule,3 show the equivalence between D<: and D<: normal form,4 conclude undecidability of D<:.


7

Finding An Undecidable ProblemStep 1

function types

universal types

F<:F−<: D<:

dependent functiontypes

??????

Amin et al. (2016) presents an attempt.

TheoremSubtyping of F−

<: is undecidable.


7

Finding An Undecidable ProblemStep 1

function types

universal types

F<:F−<: D<:

dependent functiontypes

??????

TheoremSubtyping of F−

<: is undecidable.


8

Transitivity and Subtyping ReflectionStep 2

The TRANS rule induces an unexpected phenomenon:

assume Γ(x) = {A : S..U}Γ `D<:

Γ(x) <: {A : S..>}Γ `D<:

S <: x .ASEL1’

Γ `D<:Γ(x) <: {A : ⊥..U}

Γ `D<:x .A <: U

SEL2’

Γ `D<:S <: U

TRANS

Type declarations reflect bounds into the subtyping relation.This phenomenon is called “subtyping reflection” (or “bad bounds” in the previousliterature).


8




Γ(x) <: {A : S..>}Γ `D<:

S <: x .ASEL1’

Γ `D<:Γ(x) <: {A : ⊥..U}

Γ `D<:x .A <: U

SEL2’

Γ `D<:S <: U

TRANS

Type declarations reflect bounds into the subtyping relation.

This phenomenon is called “subtyping reflection” (or “bad bounds” in the previousliterature).


8




Γ(x) <: {A : S..>}Γ `D<:

S <: x .ASEL1’

Γ `D<:Γ(x) <: {A : ⊥..U}

Γ `D<:x .A <: U

SEL2’

Γ `D<:S <: U

TRANS

Type declarations reflect bounds into the subtyping relation.This phenomenon is called “subtyping reflection” (or “bad bounds” in the previousliterature).


9

D<: Normal FormStep 2

Subtyping reflection is captured by the following rule:

Γ `D<:Γ(x) <: {A : S..>} Γ `D<:

Γ(x) <: {A : ⊥..U} (for some x)Γ `D<:

S <: USR

We replace the TRANS rule with this rule.

The resulting calculus is called D<: normal form.


10

Properties of D<: Normal FormStep 3

TheoremD<: normal form admits transitivity.

TheoremSubtyping in the original D<: definition and in D<: normal form is equivalent.


11

Undecidability of D<: SubtypingStep 4

F−<:D<:

normal form D<:

easy

equivalence???

TheoremSubtyping in D<: normal form is undecidable.

TheoremD<: subtyping is undecidable.


12

A Thought about D<:

Subtyping reflection and transitivity are two sides of the same coin.


13

Step toward Decidable Fragments

Capturing subtyping reflection inspires us to a straightforward study of decidablefragments of D<:.


14

Kernel D<:

Consider the following rules from D<: normal form:

Γ `D<:S2 <: S1 Γ; x : S2 `D<:

U1 <: U2

Γ `D<:∀(x : S1)U1 <: ∀(x : S2)U2

ALL

Γ `D<:Γ(x) <: {A : S..>} Γ `D<:

Γ(x) <: {A : ⊥..U} (for some x)Γ `D<:

S <: USR

These modifications define kernel D<:.


14

Kernel D<:


Γ `D<:S2 <: S1 Γ; x : S2 `D<:

U1 <: U2

Γ `D<:∀(x : S1)U1 <: ∀(x : S2)U2

ALL

Γ `D<:Γ(x) <: {A : S..>} Γ `D<:

Γ(x) <: {A : ⊥..U} (for some x)Γ `D<:

S <: USR

(((((((((((((((((((((hhhhhhhhhhhhhhhhhhhhh



14

Kernel D<:


Γ; x : S `D<:K U1 <: U2

Γ `D<:K ∀(x : S)U1 <: ∀(x : S)U2K-ALL

Γ `D<:Γ(x) <: {A : S..>} Γ `D<:

Γ(x) <: {A : ⊥..U} (for some x)Γ `D<:

S <: USR

(((((((((((((((((((((hhhhhhhhhhhhhhhhhhhhh



15

Kernel D<:Decidability

TheoremKernel D<: is decidable.

Proof.The decision procedure is step subtyping designed by Nieto (2017).


16

A Limitation of Kernel D<:

x : {A : >..>} `D<:∀(y : x .A)> <: ∀(y : >)>

is rejected by kernel D<:.


17

Asymmetry and Symmetry

We want to lift the previous limitation.

The undecidability proof indicates the problem being the asymmetry of the parametertypes of dependent function types.

The idea is to recover the symmetry by operating on two contexts at the same time.


18

Strong Kernel D<:

Γ `D<:K S <: U ⇒ (Γ1 ` S) <: (U a Γ2)

Kernel D<: Strong kernel D<:

In (Γ1 ` S) <: (U a Γ2), a type only concerns the context on its side:

(Γ1 ` Γ1(x)) <: ({A : ⊥..U} a Γ2)

(Γ1 ` x .A) <: (U a Γ2)SK-SEL2

(Γ2 ` S2) <: (S1 a Γ1) (Γ1; x : S1 ` U1) <: (U2 a Γ2; x : S2)

(Γ1 ` ∀(x : S1)U1) <: (∀(x : S2)U2 a Γ2)SK-ALL


19

Strong Kernel D<:Properties

TheoremStrong kernel D<: is decidable.

Proof.The decision procedure is stare-at subtyping (defined in the paper).


19


TheoremStrong kernel D<: is strictly stronger than kernel D<:.

x : {A : >..>} `D<:∀(y : x .A)> <: ∀(y : >)>

becomes admissible.

let Γ = x : {A : >..>}

(Γ ` >) <: (x .A a Γ) (Γ; y : x .A ` >) <: (> a Γ; y : >)

(Γ ` ∀(y : x .A)>) <: (∀(y : >)> a Γ)SK-ALL


19


TheoremStrong kernel D<: is strictly stronger than kernel D<:.

x : {A : >..>} `D<:∀(y : x .A)> <: ∀(y : >)>

becomes admissible.let Γ = x : {A : >..>}

(Γ ` >) <: (x .A a Γ) (Γ; y : x .A ` >) <: (> a Γ; y : >)

(Γ ` ∀(y : x .A)>) <: (∀(y : >)> a Γ)SK-ALL


20

Summary

− +

Kernel D<: Strong kernel D<: D<: without SR(full) D<:

D<: normal form

Decidable Undecidable

Expressive Power

I For theorists: we present a systematic way of investigating (un)decidability!I For practitioners: we develop algorithms for path dependent types!


21

References

Nada Amin, Samuel Grütter, Martin Odersky, Tiark Rompf, and Sandro Stucki. 2016. The Essence of Dependent Object Types. In A List of Successes That Can Change the World -Essays Dedicated to Philip Wadler on the Occasion of His 60th Birthday (Lecture Notes in Computer Science), Sam Lindley, Conor McBride, Philip W. Trinder, and DonaldSannella (Eds.), Vol. 9600. Springer, 249–272. https://doi.org/10.1007/978-3-319-30936-1_14

Nada Amin, Adriaan Moors, and Martin Odersky. 2012. Dependent object types. In 19th International Workshop on Foundations of Object-Oriented Languages.

Vincent Cremet, François Garillot, Sergueï Lenglet, and Martin Odersky. 2006. A Core Calculus for Scala Type Checking. In Mathematical Foundations of Computer Science 2006,Rastislav Královic and Paweł Urzyczyn (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1–23.

Adriaan Moors, Frank Piessens, and Martin Odersky. 2008. Safe type-level abstraction in Scala. In Proceedings of the International Workshop on Foundations of Object-OrientedLanguages (FOOL 2008). 1–13.

Abel Nieto. 2017. Towards Algorithmic Typing for DOT (Short Paper). In Proceedings of the 8th ACM SIGPLAN International Symposium on Scala (SCALA 2017). ACM, New York,NY, USA, 2–7. https://doi.org/10.1145/3136000.3136003

Martin Odersky, Vincent Cremet, Christine Röckl, and Matthias Zenger. 2003. A Nominal Theory of Objects with Dependent Types. In ECOOP 2003 - Object-Oriented Programming,17th European Conference, Darmstadt, Germany, July 21-25, 2003, Proceedings (Lecture Notes in Computer Science), Luca Cardelli (Ed.), Vol. 2743. Springer, 201–224.https://doi.org/10.1007/978-3-540-45070-2_10

Marianna Rapoport, Ifaz Kabir, Paul He, and Ondrej Lhoták. 2017. A Simple Soundness Proof for Dependent Object Types. Proc. ACM Program. Lang. 1, OOPSLA, Article 46 (Oct.2017), 27 pages. https://doi.org/10.1145/3133870

Tiark Rompf and Nada Amin. 2016. Type Soundness for Dependent Object Types (DOT). In Proceedings of the 2016 ACM SIGPLAN International Conference on Object-OrientedProgramming, Systems, Languages, and Applications (OOPSLA 2016). ACM, New York, NY, USA, 624–641. https://doi.org/10.1145/2983990.2984008


https://doi.org/10.1007/978-3-319-30936-1_14

https://doi.org/10.1145/3136000.3136003

https://doi.org/10.1007/978-3-540-45070-2_10

https://doi.org/10.1145/3133870

https://doi.org/10.1145/2983990.2984008

22

ExamplesWorks for D<: but not strong kernel

`D<:{A : ⊥..⊥} <: {A : ⊥..>} x : {A : ⊥..⊥} `D<:

x .A <: ⊥`D<:

∀(x : {A : ⊥..>})x .A <: ∀(x : {A : ⊥..⊥})⊥ALL

This judgment is not admissible in strong kernel, because when comparing the returntypes, the following judgment is required:

(x : {A : ⊥..>} ` x .A) <: (?⊥ a x : {A : ⊥..⊥})

Notice that on the left only x .A <: > is known so it is not admissible.


23

Definition of D<: Normal Form

Γ `D<:T <: >

TOPΓ `D<:

⊥ <: TBOT

Γ `D<:T <: T

REFL

Γ `D<:S2 <: S1

Γ `D<:U1 <: U2

Γ `D<:{A : S1..U1} <: {A : S2..U2}

BND

Γ `D<:S2 <: S1

Γ; x : S2 `D<:U1 <: U2

Γ `D<:∀(x : S1)U1 <: ∀(x : S2)U2

ALL

Γ `D<:Γ(x) <: {A : S..>}

Γ `D<:S <: x .A

SEL1’Γ `D<:

Γ(x) <: {A : ⊥..U}Γ `D<:

x .A <: USEL2’

Γ `D<:Γ(x) <: {A : S..>} Γ `D<:

Γ(x) <: {A : ⊥..U} (for some x)Γ `D<:

S <: USR


24

Summary Table

Name the ALL rule the SR rule DecidabilityD<: and D<: normal form full ALL X undecidable

full ALL × undecidableStrong kernel D<: SK-ALL × decidableKernel D<: K-ALL × decidable

K-ALL or SK-ALL X unknown

One future work is to check whether kernel D<: + SR is decidable or not.We don’t really understand much about subtyping reflection.


Undecidability of D

Documents

Transcript of Undecidability of D