Abstract
The metatheory of Scala’s core type system—the Dependent Object Types (DOT) calculus—is hard to extend, like the metatheory of other type systems combining subtyping and dependent types. Soundness of important Scala features therefore remains an open problem in theory and in practice. To address some of these problems, we use a semantics-first approach to develop a logical relations model for a new version of DOT, called guarded DOT (gDOT). Our logical relations model makes use of an abstract form of step-indexing, as supported by the Iris framework, to model various forms of recursion in gDOT. To demonstrate the expressiveness of gDOT, we show that it handles Scala examples that could not be handled by previous versions of DOT, and prove using our logical relations model that gDOT provides the desired data abstraction. The gDOT type system, its semantic model, its soundness proofs, and all examples in the paper have been mechanized in Coq.
Supplemental Material
- Amal Ahmed. 2004. Semantics of Types for Mutable State. Ph.D. Dissertation. Princeton University.Google Scholar
Digital Library
- Pierre America and Jan J. M. M. Rutten. 1989. Solving reflexive domain equations in a category of complete metric spaces. JCSS 39, 3 ( 1989 ), 343-375.Google Scholar
- Nada Amin. 2016. Dependent Object Types. Ph.D. Dissertation. EPFL.Google Scholar
- Nada Amin, Samuel Grütter, Martin Odersky, Tiark Rompf, and Sandro Stucki. 2016. The essence of dependent object types. In WadlerFest (LNCS, Vol. 9600 ). 249-272.Google Scholar
Cross Ref
- Nada Amin, Adriaan Moors, and Martin Odersky. 2012. Dependent object types. In FOOL.Google Scholar
- Nada Amin and Tiark Rompf. 2017. Type soundness proofs with definitional interpreters. In POPL. 666-679.Google Scholar
Digital Library
- Andrew W. Appel and David A. McAllester. 2001. An indexed model of recursive types for foundational proof-carrying code. TOPLAS 23, 5 ( 2001 ), 657-683.Google Scholar
- Andrew W. Appel, Paul-André Melliès, Christopher D. Richards, and Jérôme Vouillon. 2007. A very modal model of a modern, major, general type system. In POPL. 109-122.Google Scholar
- Lars Birkedal, Bernhard Reus, Jan Schwinghammer, Kristian Støvring, Jacob Thamsborg, and Hongseok Yang. 2011. Stepindexed Kripke models over recursive worlds. In POPL. 119-132.Google Scholar
- Lars Birkedal, Kristian Støvring, and Jacob Thamsborg. 2010. The category-theoretic solution of recursive metric-space equations. TCS 411, 47 ( 2010 ), 4102-4122.Google Scholar
- Michael Brandt and Fritz Henglein. 1998. Coinductive axiomatization of recursive type equality and subtyping. Fundamenta Informaticae 33, 4 ( 1998 ), 309-338.Google Scholar
- Dave Clarke, Sophia Drossopoulou, James Noble, and Tobias Wrigstad. 2007. Tribe: a simple virtual class calculus. In AOSD, Vol. 208. 121-134.Google Scholar
Digital Library
- Karl Crary. 2017. Modules, abstraction, and parametric polymorphism. In POPL. 100-113.Google Scholar
- Karl Crary, Robert Harper, and Sidd Puri. 1999. What is a recursive module?. In PLDI. 50-63.Google Scholar
Digital Library
- Vincent Cremet, François Garillot, Sergueï Lenglet, and Martin Odersky. 2006. A core calculus for Scala type checking. In MFCS (LNCS, Vol. 4162 ). 1-23.Google Scholar
Digital Library
- Erik Ernst, Klaus Ostermann, and William R. Cook. 2006. A virtual class calculus. In POPL. 270-282.Google Scholar
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency. In LICS. 442-451.Google Scholar
Digital Library
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2020. Compositional Non-Interference for Fine-Grained Concurrent Programs. To appear in S&P' 21.Google Scholar
- Peng Fu and Aaron Stump. 2014. Self types for dependently typed lambda encodings. In RTA-TLCA (LNCS, Vol. 8560 ). 224-239.Google Scholar
Cross Ref
- Paolo G. Giarrusso. 2019. Can we prove that type constructors are “distributive”? Github issue, https://web.archive.org/ web/20200304175526/https://github.com/lampepfl/dotty-feature-requests/issues/51, archived on 04 March 2020.Google Scholar
- Paolo G. Giarrusso, Léo Stefanesco, Amin Timany, Lars Birkedal, and Robbert Krebbers. 2020. Scala Step-by-Step : Soundness for DOT with Step-Indexed Logical Relations in Iris-Extended Version and Coq Mechanization. Available online at https://dot-iris.github.io/, archived version of the Coq development available at https://doi.org/10.5281/zenodo.3926703. Google Scholar
Cross Ref
- Robert Harper and Mark Lillibridge. 1994. A type-theoretic approach to higher-order modules with sharing. In POPL. 123-137.Google Scholar
- Robert Harper and John C. Mitchell. 1993. On the type structure of Standard ML. TOPLAS 15, 2 ( 1993 ), 211-252.Google Scholar
- Jason Z. S. Hu and Ondřej Lhoták. 2020. Undecidability of D<: and its decidable fragments. PACMPL 4, POPL ( 2020 ), 9 : 1-9 : 30.Google Scholar
- DeLesley S. Hutchins. 2010. Pure subtype systems. In POPL. 287-298.Google Scholar
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018a. RustBelt: Securing the foundations of the Rust programming language. PACMPL 2, POPL ( 2018 ), 66 : 1-66 : 34.Google Scholar
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2020. Safe systems programming in Rust: The promise and the challenge. To appear in CACM.Google Scholar
- Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In ICFP. 256-269.Google Scholar
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018b. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. JFP 28 ( 2018 ), e20.Google Scholar
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL. 637-650.Google Scholar
Digital Library
- Ifaz Kabir and Ondřej Lhoták. 2018. DOT: Scaling DOT with mutation and constructors. In [email protected]. 40-50.Google Scholar
- Alexei Kopylov. 2003. Dependent intersection: A new way of defining records in type theory. In LICS. 86-95.Google Scholar
- Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. PACMPL 2, ICFP ( 2018 ), 77 : 1-77 : 30.Google Scholar
- Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017a. The essence of higher-order concurrent separation logic. In ESOP (LNCS, Vol. 10201 ). 696-723.Google Scholar
Digital Library
- Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017b. Interactive proofs in higher-order concurrent separation logic. In POPL. 205-217.Google Scholar
Digital Library
- Morten Krogh-Jespersen, Kasper Svendsen, and Lars Birkedal. 2017. A relational model of types-and-efects in higher-order concurrent separation logic. In POPL. 218-231.Google Scholar
- Robin Milner. 1978. A theory of type polymorphism in programming. JCSS 17, 3 ( 1978 ), 348-375.Google Scholar
- Hiroshi Nakano. 2000. A Modality for Recursion. In LICS. 255-266.Google Scholar
Digital Library
- Abel Nieto. 2017. Towards algorithmic typing for DOT (short paper). In [email protected]. 2-7.Google Scholar
- Martin Odersky. 2016. DOT with higher-kinded types. Github discussion, https://web.archive.org/web/20200304175613/https: //gist.github. com/odersky/36aee4b7fe6716d1016ed37051caae95, archived on 04 March 2020.Google Scholar
- Martin Odersky, Guillaume Martres, and Dmitry Petrashko. 2016. Implementing higher-kinded types in Dotty. In [email protected]. 51-60.Google Scholar
- Marianna Rapoport, Ifaz Kabir, Paul He, and Ondřej Lhoták. 2017. A simple soundness proof for dependent object types. PACMPL 1, OOPSLA ( 2017 ), 46 : 1-46 : 27.Google Scholar
- Marianna Rapoport and Ondřej Lhoták. 2016. Mutable WadlerFest DOT. Technical Report. University of Waterloo. http://arxiv.org/abs/1611.07610Google Scholar
- Marianna Rapoport and Ondřej Lhoták. 2019. A path to DOT: formalizing fully path-dependent types. PACMPL 3, OOPSLA ( 2019 ), 145 : 1-145 : 29.Google Scholar
- Tiark Rompf and Nada Amin. 2016. Type soundness for dependent object types (DOT). In OOPSLA. 624-641.Google Scholar
- Steven Schäfer, Tobias Tebbi, and Gert Smolka. 2015. Autosubst: reasoning with de Bruijn terms and parallel substitutions. In ITP (LNCS, Vol. 9236 ). 359-374.Google Scholar
Cross Ref
- Paula Severi. 2019. A light modality for recursion. LMCS 15, 1 ( 2019 ).Google Scholar
- Kathrin Stark, Steven Schäfer, and Jonas Kaiser. 2019. Autosubst 2: reasoning with multi-sorted de Bruijn terms and vector substitutions. In CPP. 166-180.Google Scholar
- Sandro Stucki. 2016. DOT with higher-kinded types-A sketch. Github discussion, https://web.archive.org/web/ 20200304175148/https://gist.github. com/sstucki/3fa46d2c4ce6f54dc61c3d33fc898098, archived on 04 March 2020.Google Scholar
- Sandro Stucki. 2017. Higher-Order Subtyping with Type Intervals. Ph.D. Dissertation. School of Computer and Communication Sciences, École polytechnique fédérale de Lausanne, Lausanne, Switzerland. https://doi.org/10.5075/epfl-thesis-8014 EPFL thesis no. 8014. Google Scholar
Cross Ref
- David Swasey, Deepak Garg, and Derek Dreyer. 2017. Robust and compositional verification of object capability patterns. PACMPL 1, OOPSLA ( 2017 ), 89 : 1-89 : 26.Google Scholar
- Joseph Tassarotti, Ralf Jung, and Robert Harper. 2017. A Higher-Order Logic for Concurrent Termination-Preserving Refinement. In ESOP (LNCS, Vol. 10201 ). 909-936.Google Scholar
Digital Library
- Amin Timany, Léo Stefanesco, Morten Krogh-Jespersen, and Lars Birkedal. 2018. A logical relation for monadic encapsulation of state: Proving contextual equivalences in the presence of runST. PACMPL 2, POPL ( 2018 ), 64 : 1-64 : 28.Google Scholar
- Fei Wang and Tiark Rompf. 2017. Towards strong normalization for dependent object types (DOT). In ECOOP (LIPIcs, Vol. 74 ). 27 : 1-27 : 25.Google Scholar
- Yanpeng Yang and Bruno C. d. S. Oliveira. 2017. Unifying typing and subtyping. PACMPL 1, OOPSLA ( 2017 ), 47 : 1-47 : 26.Google Scholar
Index Terms
Scala step-by-step: soundness for DOT with step-indexed logical relations in Iris
Recommendations
Type soundness proofs with definitional interpreters
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhile type soundness proofs are taught in every graduate PL class, the gap between realistic languages and what is accessible to formal proofs is large. In the case of Scala, it has been shown that its formal model, the Dependent Object Types (DOT) ...
Logical Step-Indexed Logical Relations
LICS '09: Proceedings of the 2009 24th Annual IEEE Symposium on Logic In Computer ScienceWe show how to reason about "step-indexed" logical relations in an abstract way, avoiding the tedious, error-prone, and proof-obscuring step-index arithmetic that seems superficially to be an essential element of the method. Specifically, we define a ...
Type soundness proofs with definitional interpreters
POPL '17While type soundness proofs are taught in every graduate PL class, the gap between realistic languages and what is accessible to formal proofs is large. In the case of Scala, it has been shown that its formal model, the Dependent Object Types (DOT) ...






Comments