Type Systems for Programming Languages, Fall 2008

Lecture 14: Progress & Preservation w/ State

September 10

Progress, Take 1

If (S,e) : τ, then either e is a value or (S,e) -> (S',e).

Note, this doesn't work right off the bat, because we can't really induct on the thing we want. So we "explode" the lemma based on the one rule for (S,e):&tau:

    [Σ]S:Σ   [Σ]e:τ
    --------------------- t-state
    (S,e) : τ

Progress, Take 2

If [Σ]S:Σ and [Σ]e:τ, then either e is a value or (S,e) -> (S',e).

Modifying old cases

Now we can proceed by induction over the derivation of [Σ]e:τ. we'll do two representative cases of the old proof, it really doesn't change at all.

Case t-lam (e = λx:τ₁.e, and τ = τ₂)

    x:τ₁ |- [Σ]e:τ₂
    ----------------------- t-lam
    [&Sigma](λx:τ₁.e) : τ₁ -> τ₂

Proof is immediate, λx:τ₁.e is a value by rule.

Case t-app (e = e₁(e₂))

    [Σ]e₁:τ' -> τ 
    [Σ]e₂:τ'
    ----------------------- t-app
    [&Sigma] e₁(e₂) : τ

By the induction hypothesis, either e₁ steps or is a value

Subcase (S,e₁) -> (S',e'₁) - we are done, because (S,e₁(e₂)) -> (S',e'₁(e₂)) by rule.

Subcase e₁ value - by the induction hypothesis, either e₂ steps or is a value.

Sub-subcase (S,e₂) -> (S',e'₂) - we are done, because (S,e₁(e₂)) -> (S',e₁(e'₂)) by rule.

Sub-subcase e₂ value - by canonical forms on the facts [Σ]e₁:τ' -> τ and e₁ value, we know e₁ = λx:τ.e₀.
We know (S,(λx:τ.e₀)(e₂)) -> (S,[e₂/x]e₀), by rule (because e₂ value) so we are done.

Canonical Forms

Our canonical forms lemmas change somewhat, and we need a new canonical forms lemma.

If e value and [Σ]e : τ₁ -> τ₂, then e = λx:τ₁.e₀
If e value and [Σ]e : τ ref, then e = l (for some l) and Σ(l) = τ
...

Store domain Lemma

We also need a lemma - which we can prove by induction on the store typing rules - that says that locations in a store type are in a store!

If [Σ₁]S : Σ₂ and l is in the domain of Σ, then l is in the domain of S.

New cases

We have four new cases we need to deal with (recall the rules from the previous lecture):

Case (e = l, τ = τ' ref)

    Σ(l) = τ'
    -------------------------------------- t-loc
    [Σ]l : τ' ref

We are done: l value by rule.

Case (e = ref e', τ = τ' ref)

    [Σ]e' : τ'
    -------------------------------------- t-ref
    [Σ]ref e' : τ' ref

By the induction hypothesis, e' steps or is a value

Subcase (S,e') -> (S',e") - we are done, because (S,ref e') -> (S',ref e") by rule.

Subcase e' value - we are done, because we can come with l fresh and then (S, ref e') -> ((S,l=e'), l) by rule.

Note: this doesn't really follow the pattern of previous cases, because we reduced the subterm to a value but didn't rely on canonical forms.

Preservation

[Σ]S : Σ,
[Σ]e : τ, and
(S, e) -> (S', e'),

then

[Σ']S' : Σ',
[Σ']e' : τ, and
Σ' extends Σ.

The interesting thing here are the lemmas we need:

Monotonicity

If Γ |- [Σ] e : τ and Σ' extends Σ, then Γ |- [Σ'] e : τ.

If [Σ₁] S : Σ₂ and Σ' extends Σ₁, then Γ |- [Σ'] S : Σ₂.

This proof is pretty boring, the interesting cases are the variable rule t-var or t-assume and the location typing case t-loc. Monotonicity is one of these "big lemmas" like inversion or canonical forms, but it only shows up when our state is more interesting than just a single expression e

Substitution

If Γ, x:τ₁ |- [Σ] e₂ : τ₂ and [Σ] e₁:τ₁, then Γ |- [Σ] [e₁/x]e₂ : τ₂.

Old cases

Case e-appabs (e = λx:τ₁.e₁)e₂, and e' = [e₂/x]e₁)

    e₂ value
    -------------------------------------- e-appabs
    (S, (λx:τ.e₁)e₂) -> (S, [e₂/x]e₁)

By assumption, [Σ](λx:τ.e₁)e₂ : τ.
To show: [Σ] [e₂/x]e₁ : τ. (everything else is obvious)
By inversion, [Σ] λx:τ₁.e₁ : τ' -> &tau and [Σ]e₂ : τ'.
By inversion, τ' -> τ = τ₁ -> τ₂ and x : τ₁ |- [Σ]e₁ : τ₂. Therefore, τ' = τ₁ and τ = τ₂.
By substitution, we have [Σ][e₂/x]e₁ : τ₂, which is what we needed to show.

$LastChangedDate: 2008-11-10 11:52:21 -0500 (Mon, 10 Nov 2008) $
$Author: rjsimmon $
$Rev: 1029 $