research-article

Open access

Scala step-by-step: soundness for DOT with step-indexed logical relations in Iris

Authors:

Paolo G. Giarrusso,

Léo Stefanesco,

Robbert KrebbersAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 4, Issue ICFP

Article No.: 114, Pages 1 - 29

https://doi.org/10.1145/3408996

Published: 03 August 2020 Publication History

Abstract

The metatheory of Scala’s core type system—the Dependent Object Types (DOT) calculus—is hard to extend, like the metatheory of other type systems combining subtyping and dependent types. Soundness of important Scala features therefore remains an open problem in theory and in practice. To address some of these problems, we use a semantics-first approach to develop a logical relations model for a new version of DOT, called guarded DOT (gDOT). Our logical relations model makes use of an abstract form of step-indexing, as supported by the Iris framework, to model various forms of recursion in gDOT. To demonstrate the expressiveness of gDOT, we show that it handles Scala examples that could not be handled by previous versions of DOT, and prove using our logical relations model that gDOT provides the desired data abstraction. The gDOT type system, its semantic model, its soundness proofs, and all examples in the paper have been mechanized in Coq.

Supplementary Material

Presentation at ICFP '20 (a114-giarrusso-presentation.mp4)

Download
79.48 MB

References

[1]

Amal Ahmed. 2004. Semantics of Types for Mutable State. Ph.D. Dissertation. Princeton University.

Digital Library

[2]

Pierre America and Jan J. M. M. Rutten. 1989. Solving reflexive domain equations in a category of complete metric spaces. JCSS 39, 3 ( 1989 ), 343-375.

[3]

Nada Amin. 2016. Dependent Object Types. Ph.D. Dissertation. EPFL.

[4]

Nada Amin, Samuel Grütter, Martin Odersky, Tiark Rompf, and Sandro Stucki. 2016. The essence of dependent object types. In WadlerFest (LNCS, Vol. 9600 ). 249-272.

[5]

Nada Amin, Adriaan Moors, and Martin Odersky. 2012. Dependent object types. In FOOL.

[6]

Nada Amin and Tiark Rompf. 2017. Type soundness proofs with definitional interpreters. In POPL. 666-679.

Digital Library

[7]

Andrew W. Appel and David A. McAllester. 2001. An indexed model of recursive types for foundational proof-carrying code. TOPLAS 23, 5 ( 2001 ), 657-683.

[8]

Andrew W. Appel, Paul-André Melliès, Christopher D. Richards, and Jérôme Vouillon. 2007. A very modal model of a modern, major, general type system. In POPL. 109-122.

[9]

Lars Birkedal, Bernhard Reus, Jan Schwinghammer, Kristian Støvring, Jacob Thamsborg, and Hongseok Yang. 2011. Stepindexed Kripke models over recursive worlds. In POPL. 119-132.

[10]

Lars Birkedal, Kristian Støvring, and Jacob Thamsborg. 2010. The category-theoretic solution of recursive metric-space equations. TCS 411, 47 ( 2010 ), 4102-4122.

[11]

Michael Brandt and Fritz Henglein. 1998. Coinductive axiomatization of recursive type equality and subtyping. Fundamenta Informaticae 33, 4 ( 1998 ), 309-338.

[12]

Dave Clarke, Sophia Drossopoulou, James Noble, and Tobias Wrigstad. 2007. Tribe: a simple virtual class calculus. In AOSD, Vol. 208. 121-134.

Digital Library

[13]

Karl Crary. 2017. Modules, abstraction, and parametric polymorphism. In POPL. 100-113.

[14]

Karl Crary, Robert Harper, and Sidd Puri. 1999. What is a recursive module?. In PLDI. 50-63.

Digital Library

[15]

Vincent Cremet, François Garillot, Sergueï Lenglet, and Martin Odersky. 2006. A core calculus for Scala type checking. In MFCS (LNCS, Vol. 4162 ). 1-23.

Digital Library

[16]

Erik Ernst, Klaus Ostermann, and William R. Cook. 2006. A virtual class calculus. In POPL. 270-282.

[17]

Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency. In LICS. 442-451.

Digital Library

[18]

Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2020. Compositional Non-Interference for Fine-Grained Concurrent Programs. To appear in S&P' 21.

[19]

Peng Fu and Aaron Stump. 2014. Self types for dependently typed lambda encodings. In RTA-TLCA (LNCS, Vol. 8560 ). 224-239.

[20]

Paolo G. Giarrusso. 2019. Can we prove that type constructors are “distributive”? Github issue, https://web.archive.org/ web/20200304175526/https://github.com/lampepfl/dotty-feature-requests/issues/51, archived on 04 March 2020.

[21]

Paolo G. Giarrusso, Léo Stefanesco, Amin Timany, Lars Birkedal, and Robbert Krebbers. 2020. Scala Step-by-Step : Soundness for DOT with Step-Indexed Logical Relations in Iris-Extended Version and Coq Mechanization. Available online at https://dot-iris.github.io/, archived version of the Coq development available at https://doi.org/10.5281/zenodo.3926703.

[22]

Robert Harper and Mark Lillibridge. 1994. A type-theoretic approach to higher-order modules with sharing. In POPL. 123-137.

[23]

Robert Harper and John C. Mitchell. 1993. On the type structure of Standard ML. TOPLAS 15, 2 ( 1993 ), 211-252.

[24]

Jason Z. S. Hu and Ondřej Lhoták. 2020. Undecidability of D<: and its decidable fragments. PACMPL 4, POPL ( 2020 ), 9 : 1-9 : 30.

[25]

DeLesley S. Hutchins. 2010. Pure subtype systems. In POPL. 287-298.

[26]

Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018a. RustBelt: Securing the foundations of the Rust programming language. PACMPL 2, POPL ( 2018 ), 66 : 1-66 : 34.

[27]

Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2020. Safe systems programming in Rust: The promise and the challenge. To appear in CACM.

[28]

Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In ICFP. 256-269.

[29]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018b. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. JFP 28 ( 2018 ), e20.

[30]

Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL. 637-650.

Digital Library

[31]

Ifaz Kabir and Ondřej Lhoták. 2018. DOT: Scaling DOT with mutation and constructors. In SCALA@ICFP. 40-50.

[32]

Alexei Kopylov. 2003. Dependent intersection: A new way of defining records in type theory. In LICS. 86-95.

[33]

Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. PACMPL 2, ICFP ( 2018 ), 77 : 1-77 : 30.

[34]

Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017a. The essence of higher-order concurrent separation logic. In ESOP (LNCS, Vol. 10201 ). 696-723.

Digital Library

[35]

Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017b. Interactive proofs in higher-order concurrent separation logic. In POPL. 205-217.

Digital Library

[36]

Morten Krogh-Jespersen, Kasper Svendsen, and Lars Birkedal. 2017. A relational model of types-and-efects in higher-order concurrent separation logic. In POPL. 218-231.

[37]

Robin Milner. 1978. A theory of type polymorphism in programming. JCSS 17, 3 ( 1978 ), 348-375.

[38]

Hiroshi Nakano. 2000. A Modality for Recursion. In LICS. 255-266.

Digital Library

[39]

Abel Nieto. 2017. Towards algorithmic typing for DOT (short paper). In SCALA@SPLASH. 2-7.

[40]

Martin Odersky. 2016. DOT with higher-kinded types. Github discussion, https://web.archive.org/web/20200304175613/https: //gist.github. com/odersky/36aee4b7fe6716d1016ed37051caae95, archived on 04 March 2020.

[41]

Martin Odersky, Guillaume Martres, and Dmitry Petrashko. 2016. Implementing higher-kinded types in Dotty. In SCALA@SPLASH. 51-60.

[42]

Marianna Rapoport, Ifaz Kabir, Paul He, and Ondřej Lhoták. 2017. A simple soundness proof for dependent object types. PACMPL 1, OOPSLA ( 2017 ), 46 : 1-46 : 27.

[43]

Marianna Rapoport and Ondřej Lhoták. 2016. Mutable WadlerFest DOT. Technical Report. University of Waterloo. http://arxiv.org/abs/1611.07610

[44]

Marianna Rapoport and Ondřej Lhoták. 2019. A path to DOT: formalizing fully path-dependent types. PACMPL 3, OOPSLA ( 2019 ), 145 : 1-145 : 29.

[45]

Tiark Rompf and Nada Amin. 2016. Type soundness for dependent object types (DOT). In OOPSLA. 624-641.

[46]

Steven Schäfer, Tobias Tebbi, and Gert Smolka. 2015. Autosubst: reasoning with de Bruijn terms and parallel substitutions. In ITP (LNCS, Vol. 9236 ). 359-374.

[47]

Paula Severi. 2019. A light modality for recursion. LMCS 15, 1 ( 2019 ).

[48]

Kathrin Stark, Steven Schäfer, and Jonas Kaiser. 2019. Autosubst 2: reasoning with multi-sorted de Bruijn terms and vector substitutions. In CPP. 166-180.

[49]

Sandro Stucki. 2016. DOT with higher-kinded types-A sketch. Github discussion, https://web.archive.org/web/ 20200304175148/https://gist.github. com/sstucki/3fa46d2c4ce6f54dc61c3d33fc898098, archived on 04 March 2020.

[50]

Sandro Stucki. 2017. Higher-Order Subtyping with Type Intervals. Ph.D. Dissertation. School of Computer and Communication Sciences, École polytechnique fédérale de Lausanne, Lausanne, Switzerland. https://doi.org/10.5075/epfl-thesis-8014 EPFL thesis no. 8014.

[51]

David Swasey, Deepak Garg, and Derek Dreyer. 2017. Robust and compositional verification of object capability patterns. PACMPL 1, OOPSLA ( 2017 ), 89 : 1-89 : 26.

[52]

Joseph Tassarotti, Ralf Jung, and Robert Harper. 2017. A Higher-Order Logic for Concurrent Termination-Preserving Refinement. In ESOP (LNCS, Vol. 10201 ). 909-936.

Digital Library

[53]

Amin Timany, Léo Stefanesco, Morten Krogh-Jespersen, and Lars Birkedal. 2018. A logical relation for monadic encapsulation of state: Proving contextual equivalences in the presence of runST. PACMPL 2, POPL ( 2018 ), 64 : 1-64 : 28.

[54]

Fei Wang and Tiark Rompf. 2017. Towards strong normalization for dependent object types (DOT). In ECOOP (LIPIcs, Vol. 74 ). 27 : 1-27 : 25.

[55]

Yanpeng Yang and Bruno C. d. S. Oliveira. 2017. Unifying typing and subtyping. PACMPL 1, OOPSLA ( 2017 ), 47 : 1-47 : 26.

Cited By

Goncharov SMilius STsampas SUrbat HSobocinski PLago UEsparza J(2024)Bialgebraic Reasoning on Higher-order Program EquivalenceProceedings of the 39th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3661814.3662099(1-15)Online publication date: 8-Jul-2024
https://dl.acm.org/doi/10.1145/3661814.3662099
Goncharov SSantamaria ASchröder LTsampas SUrbat H(2024)Logical Predicates in Higher-Order Mathematical Operational SemanticsFoundations of Software Science and Computation Structures10.1007/978-3-031-57231-9_3(47-69)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57231-9_3
Boruch-Gruszecki AWaśko RXu YParreaux L(2022)A case for DOT: theoretical foundations for objects with pattern matching and GADT-style reasoningProceedings of the ACM on Programming Languages10.1145/35633426:OOPSLA2(1526-1555)Online publication date: 31-Oct-2022
https://dl.acm.org/doi/10.1145/3563342
Show More Cited By

Index Terms

Scala step-by-step: soundness for DOT with step-indexed logical relations in Iris
1. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning
      1. Program verification

Recommendations

Type soundness proofs with definitional interpreters
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

While type soundness proofs are taught in every graduate PL class, the gap between realistic languages and what is accessible to formal proofs is large. In the case of Scala, it has been shown that its formal model, the Dependent Object Types (DOT) ...
A Logical Approach to Type Soundness
Type soundness, which asserts that “well-typed programs cannot go wrong”, is widely viewed as the canonical theorem one must prove to establish that a type system is doing its job. It is commonly proved using the so-called syntactic approach (aka progress ...
Type soundness for dependent object types (DOT)
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications

Scala’s type system unifies aspects of ML modules, object- oriented, and functional programming. The Dependent Object Types (DOT) family of calculi has been proposed as a new theoretic foundation for Scala and similar expressive languages. ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 4, Issue ICFP

August 2020

1070 pages

EISSN:2475-1421

DOI:10.1145/3415018

Issue’s Table of Contents

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 August 2020

Published in PACMPL Volume 4, Issue ICFP

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Villum Fonden
Natur og Univers, Det Frie Forskningsråd
Nederlandse Organisatie voor Wetenschappelijk Onderzoek
Fonds Wetenschappelijk Onderzoek

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
614
Total Downloads

Downloads (Last 12 months)98
Downloads (Last 6 weeks)10

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Goncharov SMilius STsampas SUrbat HSobocinski PLago UEsparza J(2024)Bialgebraic Reasoning on Higher-order Program EquivalenceProceedings of the 39th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3661814.3662099(1-15)Online publication date: 8-Jul-2024
https://dl.acm.org/doi/10.1145/3661814.3662099
Goncharov SSantamaria ASchröder LTsampas SUrbat H(2024)Logical Predicates in Higher-Order Mathematical Operational SemanticsFoundations of Software Science and Computation Structures10.1007/978-3-031-57231-9_3(47-69)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57231-9_3
Boruch-Gruszecki AWaśko RXu YParreaux L(2022)A case for DOT: theoretical foundations for objects with pattern matching and GADT-style reasoningProceedings of the ACM on Programming Languages10.1145/35633426:OOPSLA2(1526-1555)Online publication date: 31-Oct-2022
https://dl.acm.org/doi/10.1145/3563342
Spies SGäher LTassarotti JJung RKrebbers RBirkedal LDreyer D(2022)Later credits: resourceful reasoning for the later modalityProceedings of the ACM on Programming Languages10.1145/35476316:ICFP(283-311)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547631
Blanvillain OBrachthäuser JKjaer MOdersky M(2022)Type-level programming with match typesProceedings of the ACM on Programming Languages10.1145/34986986:POPL(1-24)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498698
Martres GRichard-Foy JDoeraene S(2021)Pathless Scala: a calculus for the rest of ScalaProceedings of the 12th ACM SIGPLAN International Symposium on Scala10.1145/3486610.3486894(12-21)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1145/3486610.3486894
Stucki SGiarrusso P(2021)A theory of higher-order subtyping with type intervalsProceedings of the ACM on Programming Languages10.1145/34735745:ICFP(1-30)Online publication date: 19-Aug-2021
https://dl.acm.org/doi/10.1145/3473574
Spies SGäher LGratzer DTassarotti JKrebbers RDreyer DBirkedal LFreund SYahav E(2021)Transfinite Iris: resolving an existential dilemma of step-indexed separation logicProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454031(80-95)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454031

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents