1. 1 Space-Efficient Gradual Typing David Herman Northeastern University Aaron Tomb, Cormac Flanagan University of California, Santa Cruz

2. 2 The point Naïve type conversions in functional programming languages are not safe for space. But they can and should be.

3. 3 Gradual Typing: Software evolution via hybrid type checking

4. 4 Dynamic vs. static typing Dynamic Typing Static Typing

5. 5 Gradual typing Dynamic Typing Static Typing

6. 6 Type checking let x = f() in … let y : Int = x - 3 in …

7. 7 Type checking let x : ? = f() in … let y : Int = x - 3 in …

8. 8 Type checking let x : ? = f() in … let y : Int = x - 3 in … - : Int × Int → Int

9. 9 Type checking let x : ? = f() in … let y : Int = x - 3 in …

10. 10 Type checking let x : ? = f() in … let y : Int = x - 3 in … Int

11. 11 Evaluation let x : ? = f() in … let y : Int = x - 3 in …

12. 12 Evaluation let x : ? = 45 in … let y : Int = x - 3 in …

13. 13 Evaluation let y : Int = 45 - 3 in …

14. 14 Evaluation let y : Int = 45 - 3 in …

15. 15 Evaluation let y : Int = 42 in …

16. 16 Evaluation (take 2) let x : ? = f() in … let y : Int = x - 3 in …

17. 17 Evaluation (take 2) let x : ? = true in … let y : Int = x - 3 in …

18. 18 Evaluation (take 2) let y : Int = true - 3 in …

19. 19 Evaluation (take 2) error: “true is not an Int”

20. 20 Static semantics (Siek & Taha) Type compatibility E ⊢ e 1 : (S → T)E ⊢ e 2 : S ′ S ′ ~: S E ⊢ (e 1 e 2 ) : T

21. 21 Static semantics (Siek & Taha) Type compatibility E ⊢ e 1 : (S → T)E ⊢ e 2 : S ′ S ′ ~: S E ⊢ (e 1 e 2 ) : T

22. 22 Static semantics (Siek & Taha) Type compatibility ≠ subtyping! T ~: TT ~: ?? ~: T T 1 ~: S 1 S 2 ~: T 2 (S 1 → S 2 ) ~: (T 1 → T 2 )

23. 23 Static semantics (Siek & Taha) Cast insertion E ⊢ e 1 ↪ t 1 : (S → T) E ⊢ e 2 ↪ t 2 : S ′ S ′ ~: S E ⊢ (e 1 e 2 ) ↪ (t 1 ( t 2 )) : T E ⊢ e ↪ t : T cast argument expression

24. 24 Space Leaks

25. 25 Space leaks fun even(n) = if (n = 0) then true else odd(n - 1) fun odd(n) = if (n = 0) then false else even(n - 1)

26. 26 Space leaks fun even(n : Int) = if (n = 0) then true else odd(n - 1) fun odd(n : Int) : Bool = if (n = 0) then false else even(n - 1)

27. 27 Space leaks fun even(n : Int) = if (n = 0) then true else odd(n - 1) fun odd(n : Int) : Bool = if (n = 0) then false else even(n - 1)

28. 28 Space leaks fun even(n : Int) = if (n = 0) then true else odd(n - 1) fun odd(n : Int) : Bool = if (n = 0) then false else even(n - 1) non-tail call!

29. 29 Space leaks even(n) →* odd(n - 1) →* even(n - 2) →* odd(n - 3) →* even(n - 4) →* odd(n - 5) →* even(n - 6) →* … 

30. 30 Naïve Function Casts

31. 31 Casts in functional languages n → n v → error: “v not an Int ” (if v ∉ Int ) λx:?.e → …

32. 32 Casts in functional languages n → n v → error: “v not an Int ” (if v ∉ Int ) λx:?.e → λz:σ. ((λx:?.e) z) Very useful, very popular… unsafe for space. fresh, typed proxy cast result

33. 33 More space leaks fun evenk(n : Int, k : ? → ?) = if (n = 0) then k(true) else oddk(n – 1, k) fun oddk(n : Int, k : Bool → Bool) = if (n = 0) then k(false) else evenk(n – 1, k)

34. 34 More space leaks fun evenk(n : Int, k : ? → ?) = if (n = 0) then k(true) else oddk(n – 1, k) fun oddk(n : Int, k : Bool → Bool) = if (n = 0) then k(false) else evenk(n – 1, k)

35. 35 More space leaks evenk(n, k 0 ) →* oddk(n - 1, k 0 ) →* oddk(n - 1, λz:Bool. k 0 (z)) →* evenk(n - 2, λz:Bool. k 0 (z)) →* evenk(n - 2, λy:?.(λz:Bool. k 0 (z))(y)) →* oddk(n - 3, λy:?.(λz:Bool. k 0 (z))(y)) →* oddk(n – 3, λx:Bool.(λy:?.(λz:Bool. k 0 (z))(y))(x)) →* evenk(n - 4, λx:Bool.(λy:?.(λz:Bool. k 0 (z))(y))(x)) →* evenk(n - 4, λw:?.(λx:Bool.(λy:?.(λz:Bool. k 0 (z))(y))(x))(w)) →* oddk(n - 5, λw:?.(λx:Bool.(λy:?.(λz:Bool. k 0 (z))(y))(x))(w)) →* oddk(n - 5, λv:Bool. (λw:?.(λx:Bool.(λy:?.(λz:Bool. k 0 (z))(y))(x))(w))(v)) →* … (…without even using k 0 !) 

36. 36 Space-Efficient Gradual Typing

37. 37 Intuition Casts are like function restrictions (Findler and Blume, 2006) Can their representation exploit the properties of restrictions?

38. 38 Exploiting algebraic properties Closure under composition: ( v) = ( ◦ ) v

39. 39 Exploiting algebraic properties Idempotence: ( v) = ( ◦ ) v = v

40. 40 Exploiting algebraic properties Distributivity: ( ◦ ) v = v

41. 41 Space-efficient gradual typing Generalize casts to coercions (Henglein, 1994) Change representation of casts from to Merge casts at runtime: ( e) → e merged before evaluating e This coercion can be simplified!

42. 42 Space-efficient gradual typing Generalize casts to coercions (Henglein, 1994) Change representation of casts from to Merge casts at runtime: ( e) → e →

43. 43 Static semantics Type compatibility E ⊢ e 1 : (S → T)E ⊢ e 2 : S ′ S ′ ~: S E ⊢ (e 1 e 2 ) : T

44. 44 Static semantics Type compatibility T ~: TT ~: ?? ~: T T 1 ~: S 1 S 2 ~: T 2 (S 1 → S 2 ) ~: (T 1 → T 2 )

45. 45 Static semantics Cast insertion E ⊢ e 1 ↪ t 1 : (S → T) E ⊢ e 2 ↪ t 2 : S ′ c=coerce(S ′, S) E ⊢ (e 1 e 2 ) ↪ (t 1 ( t 2 )) : T E ⊢ e ↪ t : T computes a type coercion replaces the type cast with a coercion

46. 46 Henglein’s coercions c ::= Succ | Fail | D! | D? | Fun c c | c ◦ c D ::= Int | Bool | Fun coerce(T, T) = Succ coerce( Int, ?) = Int ! coerce(?, Int ) = Int ?

47. 47 Henglein’s coercions c ::= Succ | Fail | D! | D? | Fun c c | c ◦ c D ::= Int | Bool | Fun coerce(S 1 → S 2, T 1 → T 2 ) = Fun coerce(T 1, S 1 ) coerce(S 2, T 2 ) coerce(?, T 1 → T 2 ) = coerce(? → ?, T 1 → T 2 ) ◦ Fun ? coerce(T 1 → T 2, ?) = Fun ! ◦ coerce(T 1 → T 2, ? → ?)

48. 48 Coercion normalization c ◦ Succ = c Succ ◦ c = c c ◦ Fail = Fail Fail ◦ c = Fail D? ◦ D! = Succ Int ? ◦ Bool ! = Fail (Fun d 1 d 2 ) ◦ (Fun c 1 c 2 ) = Fun (c 1 ◦ d 1 ) (d 2 ◦ c 2 )

49. 49 Dynamic semantics v ::= u | u u ::= n | b | λ x:S.t

50. 50 Dynamic semantics E ::= [] | (E t) | (v E) | P P ::= [] | (E t) | (v E) E[ ( t)] → E[ t] E[( λ x:S.t) v] → E[t[v/x]] E[( u) v] → E[ (u ( v))] E[ u] → E[u] (if E ≠ E ′ [ []]) E[ u] → error (if E ≠ E ′ [ []])

51. 51 Tail recursion even(n) →* odd(n - 1) →* even(n - 2) →* odd(n - 3) →* even(n - 4) →* odd(n - 5) →* even(n - 6) →* …

52. 52 Bounded proxies evenk(n, k 0 ) →* oddk(n - 1, k 0 ) →* evenk(n - 2, k 0 ) →* oddk(n - 3, k 0 ) →* evenk(n - 4, k 0 ) →* oddk(n - 5, k 0 ) →* …

53. 53 Guaranteed. Theorem: any program state S during evaluation of a program P is bounded by k P · size OR (S) size OR (S) = size of S without any casts

54. 54 Earlier error detection ( e) → e → error: “ Int→Int ≠ Bool→Bool ”

55. 55 Earlier error detection E ::= [] | (E t) | (v E) | P P ::= [] | (E t) | (v E) E[ ( t)] → E[ t] E[( λ x:S.t) v] → E[t[v/x]] E[( u) v] → E[ (u ( v))] E[ u] → E[u] (if E ≠ E ′ [ []]) E[ t] → error (if E ≠ E ′ [ []]) why bother evaluating t ?

56. 56 Implementation

57. 57 Coercions as continuation marks E [ e] E

58. 58 Coercions as continuation marks E [ e] E ?→??→?

59. 59 Coercions as continuation marks E [ e] E ?→??→?

60. 60 Coercions as continuation marks E [ e] E Bool→Bool

61. 61 Coercions as continuation marks E [e] E Bool→Bool

62. 62 Alternative approaches Coercion-passing style λ(x,c).f(x,simplify(c ◦ d)) Trampoline λ(x).(d,λ().f(x))

63. 63 Parting Thoughts

64. 64 Related work Gradual typing  Siek and Taha (2006, 2007) Function proxies  Findler and Felleisen (1998, 2006): Software contracts  Gronski, Knowles, Tomb, Freund, Flanagan (2006): Hybrid typing, Sage  Tobin-Hochstadt and Felleisen (2006): Interlanguage migration Coercions  Henglein (1994): Dynamic typing Space efficiency  Clinger (1998): Proper tail recursion  Clements (2004): Security-passing style

65. 65 Contributions Space-safe representation and semantics of casts for functional languages Supports function casts and tail recursion Earlier error detection Proof of space efficiency Three implementation strategies

66. 66 The point, again Naïve type conversions in functional programming languages are not safe for space. But they can and should be. Thank you. dherman@ccs.neu.edu