Foundations for Dynamic Object Re-classication

Foundations for Dynamic Object Re-classification

ALBERTO CIAFFAGLIONE and PIETRO DI GIANANTONIO and FURIO HONSELL

Dipartimento di Matematica ed Informatica, Universita di Udine (Italia)

and

LUIGI LIQUORI

INRIA Sophia Antipolis (France)

Abstract

We investigate, in the context of functional prototype-based languages, objects whichmight extend themselves upon receiving a message. The possibility for an objectof extending its own “self”, referred to by Cardelli as a self-inflicted operation, isnovel in the context of typed object-based languages. We present a sound type sys-tem for this calculus which guarantees that evaluating a well-typed expression willnever yield a message-not-found run-time error. The resulting calculus appearsto be also a good starting point for a rigorous mathematical analysis of class-basedlanguages.

Our contribute can be viewed as a sound foundations for dynamic object re-classification underpinned on functional programming paradigm. Re-classificationchanges at run-time the class membership of an object while retaining its identity.An imperative approach to re-classification, suggesting language features, has beenundertaken through the language Fickle [Drossopoulou et al. 2001; 2002].

The present work is based on the paper “A Lambda Calculus of Objects withSelf-Inflicted Extension”, by the last three authors, which appeared in Proceedingsof ACM-SIGPLAN OOPSLA-98, International Symposium on Object Oriented,Programming, System, Languages and Applications, Vancouver, British Columbia,ACM Press, 1998. With respect to that contribution, in the present work thereduction semantics has been slightly changed, the type system refined and theproofs are fully documented.

1. INTRODUCTION

An untyped lambda calculus extended with object primitives, together with a soundtype assignment system, were introduced by Fisher, Honsell, and Mitchell [Fisheret al. 1994], as a solid foundation for functional typed object-oriented languages. Inthis system, called the Lambda Calculus of Objects (λObj), objects are untyped, anda new object may be created by modifying or extending an existing prototype. Thenew object thereby inherits properties from the original one in a controlled manner.Objects can be viewed as lists of pairs (method name, method body) where themethod body is (or reduces to) a lambda abstraction whose first formal parameteris always self (or this in C++, Java).

The type assignment system of λObj is set up so as to prevent the unfortunatemessage-not-found run-time error. Types of methods are allowed to be specializedto the type of the inheriting objects. This feature, usually referred to as “Mytypemethod specialization”, reinterprets the symbol self in the type of the inheriting

2 · Ciaffaglione, Di Gianantonio, Honsell, Liquori

object. This high mutability of method bodies is accommodated in the type systemvia an implicit form of higher-order polymorphism, inspired by the the work of Wandon extensible records [Wand 1987].

The calculus λObj has spurred an intense research in type assignment systems forobject calculi. Several calculi inspired by λObj, which accommodate various extrafeatures such as incomplete objects, subtyping, encapsulation, imperative features,have appeared in the literature in recent years (see e.g. [Fisher and Mitchell 1995;Bono and Liquori 1995; Fisher 1996; Bono et al. 1996; Bono et al. 1997; Fisher andMitchell 1998; Bono and Fisher 1998]).

Independently, Abadi and Cardelli have introduced, with the same foundationalspirit, the Object Calculus [Abadi and Cardelli 1996]. This is a calculus of typedobjects and allows for a natural treatment of subtyping and hence of code reuse.

The essential differences between λObj and the Object Calculus of Abadi andCardelli, are that objects in the latter calculus are typed and have a fixed size, whileobjects, in λObj, are untyped, and can be extended, thereby changing dynamicallytheir shape.

More specifically, λObj supports two operations which may change the shape ofan object: method addition and method override. One of the most powerful featuresof the typing system is to allow for the typing of method bodies in objects whichcan modify their own self. Cardelli referred to this capability of a method ofoperating directly on its own self as a self-inflicted operation [Cardelli 1995].

Example 1.1. Consider the method set x belonging to a point object point withan x field:

point4= 〈x = λself.1,

set x = λself.λv.〈self←− x = λself.v〉,. . .〉.

When we send set x to point with an argument 3, written as point⇐ set x (3),then we produce as a result a new object where the x field has been set (i.e. overrid-den) to 3. Notice the self-inflicted operation of object override (i.e. ←−) performedby the method set x.

However, in all the type systems for lambda calculi of objects, both those derivedfrom λObj, and those derived from the Object Calculus, the type system preventsthe possibility for a method to self-inflict an extension to the host object. Wefeel that this is an unpleasant limitation if the message-passing paradigm is to betaken in full generality. Moreover, in λObj, this limitation appears arbitrary, giventhat the operational semantics supports without difficulty self-inflicted extensionmethods.

There are plenty of situations, both in programming, and in real life, where itwould be convenient to have objects which modify their interface upon an executionof a message. Consider for instance the following situations:

—in typed class-based languages we can modify the structure of the class onlystatically. If we need to add a new method to an instance of a class we areforced to re-compile the class and to make the modification needlessly availableto all the class-instances, thereby wasting memory. If a class had a self-extension

Foundations for Dynamic Object Re-classification · 3

method, only the instances of the class which have dynamically executed thismethod would allocate new memory without the need of any re-compilation;

—many sub-class declarations could be easily explained away if suitable self-exten-sion methods in the parent class were available;

—down-casting could be smoothly implementable on objects with self-extensionmethods. For example, the following type expression could be made to type-check:

col point⇐ equal (point⇐ add set col (black)),

where add set col is a self-extension method of poiint, and equal is the nameof the standard binary “equality” method;

—an alternative principled explanation of the SmallTalk-80 class methods addin-stancevariable and addclassvariable could be given naturally using self-extension;

—the process of learning could be easily modeled using an object which can react tothe “teacher’s message” by extending its capability of performing, in the future,a new task in response to a new request from the environment (an old dog couldappear to learn new tricks if in his youth he had been taught a “self-extension”trick);

—the process of “vaccination” against the virus X can be viewed as the act ofextending the capability of the immune system of producing, in the future, anew kind of “X -antibodies” upon receiving the message that an X -infection is inprogress.

The objective of this paper is that of introducing λObj+, a lambda calculusof objects in the style of λObj, together with a type assignment system. Thetype assignment system allows self-inflicted object extension still catching staticallythe message-not-found run-time error. This system can be further extended toaccommodate other “subtyping” features. By way of example we present a width-subtyping relation, that permits sound method override and a limited form of objectextension.

The calculus λObj+can be seen as a sound foundations for dynamic object re-classification [Drossopoulou et al. 2001; 2002].

Self-inflicted Extension. To enable the λObj+ calculus to perform self-inflictedextensions, two modifications of the system in [Fisher et al. 1994] are necessary.The first is, in effect, a simplification of the original syntax of the language. Thesecond is much more substantial and it involves the type discipline.

As far as the syntax of the language is concerned, we are forced to unify into asingle operator, denoted by ≺−− , the two original object operators of λObj, i.e.object extension (←−+) and object override (←−). This is due to the fact that,when iterating the execution of a self-extension method, only the first time we havea genuine object extension, the second time we have just a simple object override.


Example 1.2. Consider the method add set col of point, that adds and sets acol field:

point4= 〈add set col = λself.λv.

〈self≺−− col = v〉,. . .〉.

When we send add set col to point with argument white, i.e. point⇐ add setcol (white), then we produce as a result a new object col point where the col fieldhas been added to point and set to white. If we send twice add set col to pointwith an argument black, i.e.

col point⇐ add set col (black)

then, since the field col is already present in col point, the field col is now over-ridden with black.

As far as types are concerned, we add two new kinds of types, namely τ /m, whichcan be seen as the semantic counterpart of the syntactic 〈e1≺−− m = e2〉 one, andpro t.〈〈R〉〉, which is derived from the original class t.R in [Fisher et al. 1994] (Ris a row which contains all methods and related types present in the object-typeclass t.R).

If the type pro t.〈〈R〉〉/m1 . . ./mn is assigned to an object e, then e can respond toall the methods m1 . . . mn. The list R contains all the methods m1 . . . mn toghether thecorresponding types, moreover R can contains some reserved methods, i.e. methodsthat can be added to e either by ordinary object-extension, or by a method in Rwhich performs a self-inflicted extension.

Example 1.3. Consider an object e which is assigned the type pro t.〈〈m : t / n, n :int〉〉 / m. Then e ⇐ m produces the effect of adding the field n to the interface of e,and of updating the type of e to pro t.〈〈m : t / n, n : int〉〉 / m / n.

The list of “reserved” methods in an object-type is crucial to enforce the consis-tency of the type assignment system. Consider for instance an object containingtwo methods, add n 1, and add n 2, say, each of them self-inflicting the extensionof a new method n. The type assignment system has to carry enough informationso as to enforce that the same type will be assigned to n whatever self-inflictedextension has been executed.

The typing system that we introduce ensures that we can always dynamicallyadd new fresh methods for pro-types, thus leaving intact the original “philosophy”of rapid prototyping, peculiar to object calculi.

In order to model specialization of inherited methods, we use the notion of match-ing or type extension, originally introduced by Bruce [Bruce 1994], and later appliedto the Object Calculus [Abadi and Cardelli 1996] and to λObj [Bono and Bugliesi1997]. At the price of a little more mathematical overhead, we could have used alsothe implicit higher-order polymorphism of [Fisher et al. 1994].

Object Subsumption.. As it is well-known, see e.g. [Abadi and Cardelli 1996;Fisher and Michell 1994], the introduction of a subsumption relation over object-types makes the type system unsound. In particular, width-subtyping clashes withobject extension, and depth-subtyping clashes with object override. In fact on pro-types no subtyping is possible. In order to accommodate subtyping, we add another


kind of object-type, viz. obj t.〈〈R〉〉, which behaves like pro t.〈〈R〉〉 except that it canbe assigned to objects that can be extended only by methods in R′1. On obj-typesa (covariant) width-subtyping is permitted.

This paper is organized as follows. In Section 2 we introduce the calculus λObj+;we present both a “Small-Step” reduction relation and an input/output, viz “Big-Step”, operational semantics. Some intuitive examples are given, in order to illus-trate the idea of a self-inflicted object extension. In Section 3 we introduce the typesystem for λObj+. The intended meaning of the most interesting rules is discussedin detail. In Section 4 we show how our type system is compatible with a width-subtyping relation. A collection of examples is presented in Section 5. In Section 6we state our soundness result, namely that every closed and well-typed expressionwill not produce wrong results. In Section 7, we outline a possible application ofour type system to the Object Calculus, in the style of [Liquori 1997]. The completeset of type assignment rules appears in the Appendix.

2. THE LAMBDA CALCULUS OF OBJECTS

In this section, we present the Lambda Calculus of Objects λObj+. The terms aredefined by the following abstract grammar:

e ::= c | x | λx.e | e1 e2 | (λ-calculus)

〈〉 | 〈e1≺−− m = e2〉 | e ⇐ m | (object terms)

Sel(e1, m, e2), (aux. operation)

where c is a meta-variable ranging over a set of constants, x is a meta-variableranging over a set of variables and m is a meta-variable ranging over a set of meth-ods names. As usual, terms that differ only in the names of bound variables areidentified. The intended meaning of the object terms is the following: 〈〉 stands forthe empty object; e ⇐ m stands for the result of sending the message m to the objecte; 〈e1≺−− m = e2〉 stands for extending/overriding the object e1 with a method mwhose body is e2.

The auxiliary operation Sel(e1, m, e2) searches the body of the m method withinthe object e1. In the recursive search of the method m, Sel(e1, m, e2) removesmethod from the object e1. For this reason we need to introduce the expressione2 that denotes a functions that applied to e1 reconstructs the original objectswith the complete list of methods. This function is peculiar to the operationalsemantics and, in practice, could be made not to be available to the programmer.The operation Sel was first introduced in [Paladin 1993; Belle 1994; Bono andLiquori 1995]. In this article we use a new version of Sel, slightly different from theoriginal one. The new version is more suitable in the presence of type systems withobject subsumtion, as it is our case. Note that the operation Sel provides a moredirect dynamic method lookup than the bookkeeping reductions used in the originalpaper [Fisher et al. 1994].

As we said in the introduction, the main difference between the syntax of λObj+and that of λObj ([Fisher et al. 1994]) lies in the use of a single operator ≺−− , for

1The pro and obj terminology is borrowed from Fisher and Mitchell [Fisher and Mitchell 1995;1998].


(Beta) (λx.e1) e2ev→ [e2/x]e1

(Select) e ⇐ mev→ Sel(e, m, λx. x)

(Success) Sel(〈e1≺−− m = e2〉, m, e)ev→ e2 (e 〈e1≺−− m = e2〉)

(Next) Sel(〈e1≺−− n = e2〉, m, e)ev→ Sel(e1, m, λx. e 〈x≺−− n = e2〉), m 6= n

Fig. 1. Reduction Semantics (Small-Step)

building an object from an existing prototype. If the object e1 contains m, then≺−− denotes an object override, otherwise ≺−− denotes an object extension.

2.1 Operational Semantics

In this section, we define the evaluation of the terms of λObj+. We present twooperational semantics. The first is given in terms of reduction rules (Small-Step),while the second is an input/output relation (Big-Step).

Reduction Semantics.. The core of the Small-Step reduction is given by the re-duction rules of Figure 2.1. The evaluation relation →ev→ is then taken to be thesymmetric, reflexive, transitive and contextual closure of ev→.

In addition to the standard (Beta) rule for lambda calculus, the main operationon objects is method invocation, whose reduction is defined by the (Select) rule.Sending a message m to an object e containing a method m reduces to Sel(e, m, e),where the arguments of Sel have the following intuitive meanings:

—(1st-arg) is a sub-object of the receiver of the message;—(2nd-arg) is the message we want to send to the receiver of the message;—(3rd-arg) a function that transform the first argument in the receiver (or recipient)

of the message.

By looking at the last two rewriting rules, one may note that the Sel function“scans” the recipient of the message until it finds the definition of the method wewant to use. When it finds the body of the method, it applies this body to therecipient of the message. N otice how the Sel function carries over, in its search,all the informations necessary to reconstruct the original receiver of the message.

Using standard techniques in term rewriting systems we have:

Proposition 2.1. The ev→ reduction is Church-Rosser.

Big-Step Operational Semantics. We define an operational semantics by meansof a natural proof deduction system a la Plotkin [Plotkin 1981], which maps everyinput term (i.e. a closed term) to its output (i.e. a value). This semantics enforcesa “lazy” evaluation strategy over terms. It is worth noticing that this semanticsis deterministic and hence it specifies the behavior of a “possible interpreter” forλObj+.

The set of values is defined as follows:obj ::= 〈〉 | 〈e1≺−− m = e2〉 |v ::= c | λx.e | obj


The deduction rules are presented in Figure 2.1. The Big-Step operational se-mantics is sound with respect to the Small-Step reduction in the following sense:

Proposition Soundness of ⇓. If e ⇓ v, then e→ev→ v.

Proof. By induction on the structure of the derivation of e ⇓ v.

We conjecture also the following:

Conjecture Completeness of ⇓. If e→ev→ v, then there exists v′ such that e ⇓v′.

2.2 A Collection of Examples

Let

〈m1 = e1, . . . , mk = ek〉be syntactic sugar for

〈. . . 〈〈〉≺−− m1 = e1〉 . . . ≺−− mk = ek〉,for k ≥ 1. In the next examples we show three objects, each of one performing,respectively:

—one self-inflicted extension;—two (nested) self-inflicted extensions;—a “self-inflicted extension” on the fly.

Example 2.1. Consider the object self ext defined as follows:

self ext4= 〈add n = λself.〈self≺−− n = λs.1〉〉.

If we send the message add n to self ext, then we have the following computation:

self ext⇐ add nev→ Sel(self ext, add n, λx.x)

→ev→ (λself.〈self≺−− n = λs.1〉) self extev→〈self ext≺−− n = λs.1〉,

v ⇓ v(Big−V alue)

e1 ⇓ λx.e′1 [e2/x]e′1 ⇓ v

e1 e2 ⇓ v(Big−Beta)

e ⇓ obj Sel(obj, m, λx.x) ⇓ v

e ⇐ m ⇓ v(Big−Select)

e2(e〈e1≺−− m = e2〉) ⇓ v

Sel(〈e1≺−− m = e2〉, m, e) ⇓ v(Big−Success)

e1 ⇓ obj Sel(obj, m, λx.e〈x≺−− n = e2〉) ⇓ v m 6= n

Sel(〈e1≺−− n = e2〉, m, e) ⇓ v(Big−Next)


i.e. the method n has been added to self ext. On the other hand, if we send themessage add n twice to self ext, instead, the method n is only overridden withthe same body; hence we obtain an object which is “operationally equivalent” to theprevious one.

Example 2.2. Consider the object inner ext defined as follows:

inner ext4= 〈add m n = λself.〈self≺−− m = λs.〈s≺−− n = λs′.1〉〉〉.

If we send the message add m n to inner ext, then we obtain:

inner ext⇐ add m n→ev→〈inner ext≺−− m = λs.〈s≺−− n = λs′.1〉〉,

i.e. the method m has been added to inner ext. On the other hand, if we sendfirst the message add m n, and then m to inner ext, we obtain the addition of bothmethods m and n:

(inner ext⇐ add m n) ⇐ m→ev→〈add m n = λself.〈self≺−− m = λs.〈s≺−− n = λs′.1〉〉,m = λself.〈self≺−− n = λs′.1〉,n = λself.1〉

Example 2.3. Consider the object fly ext defined as follows:

fly ext4=

〈f = λself.λp.p⇐ n,get f = λself.(self⇐ f)〈self≺−− n = λs.1〉〉.

If we send the message get f to fly ext, then we have the following computation:

fly ext⇐ get fev→ Sel(fly ext, get f, fly ext)

ev→ (λself.(self⇐ f)〈self≺−− n = λs.1〉) fly extev→ (fly ext⇐ f)〈fly ext≺−− n = λs.1〉ev→ Sel(fly ext, f, λx.x) 〈fly ext≺−− n = λs.1〉→ev→ (λself.λp.p⇐ n) fly ext 〈fly ext≺−− n = λs.1〉→ev→ 〈fly ext≺−− n = λs.1〉 ⇐ n

→ev→ 1,

i.e. the following steps are performed:

(1 ) the method get f calls the method f with actual parameter the object itselfaugmented with the n method;

(2 ) the f method takes as input the host object augmented with the n method, andsends to this object the message n which simply returns the integer 1.

3. THE TYPE SYSTEM

In this section, we will introduce the syntax of types, together with the most in-teresting type rules. In the sake of simplicity, we prefer to first present the typesystem without the rules related with object subsumption (they will be discussedin Section 4). The complete syntax and set of rules can be found in the Appendix.


3.1 Types

The type expressions are described by the following grammar:

τ ::= ι | τ → τ | ρρ ::= t | pro t.〈〈R〉〉 | ρ / m

R ::= ε | R, m : σ

κ ::= T

In the rest of the article we will use τ and υ as meta-variables ranging over generictypes, ι as meta-variable over constant types, ρ and ξ as metavariables over objecttypes, and σ as metavariable over types of methods. Moreover, t is a type variable,R a metavariable ranging over rows, m a method label and κ a metavariable rangingover the unique kind of types T .

If M is a list of method labels (M ≡ m1, . . . , mn), then we will use ρ /〈M〉 assyntactic sugar for (. . . ((ρ / m1) / m2) . . . / mn).

A row is an unordered set of pairs (method label, method type). Object-typesin the form pro t.〈〈R〉〉 /〈M〉 are called pro-types, where pro is a binder for thetype-variable t. As in [Fisher et al. 1994], we may consider object-types as a formof recursively-defined types. In this paper we will freely use α-conversion of type-variables bound by pro.

The intended meaning of an object-type:

pro t.〈〈m1 : σ1 . . . mh : σh〉〉 / mi1 / . . . / min

is the following:

—m1, . . . , mh are the methods present of the object-type;—the methods that belong also to the list mi1 , . . . , min are the methods that are

available and can be invoked. Therefore, the object-type pro t.〈〈m1 : σ1 . . . mh :σh〉〉 /〈m1, . . . , mh〉 is the counterpart of the object-type class t.〈〈m1 : σ1 . . . mh :σh〉〉 of [Fisher et al. 1994];

—the methods that do not appear in the list mi1 , . . . , min are methods that cannotbe invoked; they are just reserved. We can extend an object e with a new methodm having type σ only if it is possible to assign to e an object-type of the formpro t.〈〈R, m : σ〉〉 /〈M〉. As we remarked in the introduction, this reservationmechanism is crucial to guarantee the consistency of the type system.

The operator / is used to make active and usable those methods that were pre-viously just reserved in an object-type; essentially, / is the “type counterpart” ofthe operator ≺−− .

3.2 Contexts and Judgments

The contexts have the following shape:

Γ ::= ε | Γ, x : τ | Γ, t<#ρ

Our type assignment system uses judgments of the following shapes:

Γ ` ok, Γ ` τ : T, Γ ` e : τ, Γ ` ξ <# ρ,


The intended meaning of the first three judgments is the natural one: well-formedcontexts and types, and assignment of σ to an expression e.

The intended meaning of the judgment Γ ` ξ <#ρ is that ξ is the type of a possibleextension of an object having type ρ. As in [Bruce 1994; Bono and Bugliesi 1997],this judgment formalises the notion of method-specialisation (or protocol-extension),i.e. the capability to “inherit” the type of the methods of the prototype.

The type rules for well-formed contexts are quite standard. We just comment thatin the rule (Cont−t) we impose that the object types used to bound variables arenot variables types themselves: this condition does not have any serious restrictions,and has been set in the type system in order to make the proof of its propertiessimpler.

3.3 Well-formed Types Rules

In the following we will indicate with M(m1 : σ1, . . . , mh : σh) the set {m1, . . . , mh}.The (Type−Pro) rule

Γ, t<#pro t.〈〈R〉〉 ` σ : T m 6∈ M(R)

Γ ` pro t.〈〈R, m : σ〉〉 : T

asserts that the object-type pro t.〈〈R, m : σ〉〉 is well-formed if the object-typepro t.〈〈R〉〉 is well-formed, and the type σ is well-formed under the hypothesis thatt is an object-type containing the methods in M(R). Since σ may contain subex-pression of form t / n, with n ∈ M(R), we need to introduce in the context thehypothesis t<#pro t.〈〈R〉〉 in order to prove that t / n is a well-formed type.

The (Type−Extend) rule

Γ ` ρ<#pro t.〈〈R〉〉 {M} ⊆ M(R)

Γ ` ρ /〈M〉 : T

asserts that in order to activate the methods M in the object type ρ, the methodsM need to be present (reserved) in ρ.

3.4 Matching Type Rules

The (Match−Pro) rule

Γ ` pro t.〈〈R′〉〉 /〈M ′〉 : T Γ ` pro t.〈〈R〉〉 /〈M〉 : T R ⊆ R′ {M} ⊆ {M ′}Γ ` pro t.〈〈R′〉〉 /〈M ′〉<#pro t.〈〈R〉〉 /〈M〉

asserts that an object-type with more reserved and more available methods spe-cialises an object-type with less reserved and less available methods.

The (Match−V ar) rule

Γ, t<#ρ, Γ′ ` ρ /〈M〉<# ξ

Γ, t<# ρ,Γ′ ` t /〈M〉<# ξ

makes available the matching judgments present in the context. It asserts that,if a context contains the hypothesis that a type variable t specialises a type ρ,and ρ itself, incremented with a set of methods M , specialises a type ξ, then,


by transitivity of the matching relation, t, incremented by the methods in M ,specialises ξ.

The (Match−t) rule

Γ ` t /〈M ′〉 : T {M} ⊆ {M ′}Γ ` t /〈M ′〉<# t /〈M〉

concerns object-types built from the same type variable, simply asserting that anobject-type with more available methods specialises an object-type with less avail-able methods.

3.5 Type Rules for Terms

The set of type rules for lambda terms are self-explanatory and hence they needno further justification. The (Empty) rule assigns to an empty object an emptypro-type.

The (Pre−Extend) rule

Γ ` e : pro t.〈〈R〉〉 /〈M〉 Γ ` pro t.〈〈R, R′〉〉 /〈M〉 : T

Γ ` e : pro t.〈〈R, R′〉〉 /〈M〉(Pre−Extend)

asserts that an object having type pro t.〈〈R〉〉 /〈M〉 can be considered also as anobject having type e : pro t.〈〈R, R′〉〉 /〈M〉. This rule has to be used in conjunctionwith the (Extend) rule: it ensures that we can dynamically add fresh methods.This rule cannot be applied when e is the variable self. In fact, as explained inRemark 3.1, the type of self can only be a type variable. This fact is crucial forthe soundness of the type system.

The (Extend) rule

Γ ` e1 : ρ

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M〉Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : t → σ

Γ ` 〈e1≺−− m = e2〉 : ρ / m(Extend)

can be applied in the following cases:

(1) when the object e1 has type pro t.〈〈R, m : σ〉〉 /〈M〉 (or, by a previous applicationof the (Pre-Extend) rule, pro t.〈〈R〉〉 /〈M〉). In this case the object e1 is extendedwith the (fresh) method m;

(2) when τ is a type variable t. In this case e1 can be the variable self and thereis a self-inflicted extension.

The bound for t is the same as the final type for the object 〈e1≺−− m = e2〉; thisguarantees that the method m specialises its type for every future extension of〈e1≺−− m = e2〉.


The (Override) rule

Γ ` e1 : ρ

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : t → σ

Γ ` 〈e1≺−− m = e2〉 : ρ(Override)

is quite similar to the (Extend) rule, and is applied when the method m is alreadypresent in the object e1, and the body of m is overridden with a new method body.

Remark 3.1. By inspecting the (Extend) and (Override) rules one can see whythe type of self is always a type variable. In fact the body e2 of the new addedmethod needs to have type t → σ. Therefore, if e2 reduces to a value, this valueneeds to be a lambda abstraction in the form λself.e′2. It follows that, in assigningtype to e′2, we must use a context containing the hypothesis self : t. Since nosubsumption rule is available, the only type we can deduce for self is t.

The (Send) rule

Γ ` e : ρ Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉Γ ` e ⇐ m : σ[ρ/t]

is the standard rule one can expect in a type system based on matching. We requirethat the method we are invoking is present in the interface part of the recipient ofthe message.

The (Select) is the following:

Γ ` e1 : ρ

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉Γ, s<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : s → (s / N)

Γ ` Sel(e1, m, e2) : σ[(ρ / N)/t]

The first two conditions ensure that method m is in the interface part of the objecte1, while the last condition ensures that e2 is a function that transforms an objectin a more refined one.

4. ADDING OBJECT SUBSUMPTION

In this section we propose an extension of the type assignment system for λObj+to accommodate width-subtyping.

It is well known that adding a subsumption rule over terms, that is the rule(Subsume)

Γ ` e : σ Γ ` σ <# τ

Γ ` e : τ

clearly increases the set of expressions which are typable in the type system. Unfor-tunately, this rule is unsound in the presence of object extension; in fact, we could(by subsumption) first hide a method in an object, and then add it again with a


type incompatible with the previous one, see [Abadi and Cardelli 1996; Fisher andMichell 1994].

Therefore, in order to include subsumption rules in our type assignment system,we need to introduce another “kind” of object-types, namely:

obj t.〈〈R / R′〉〉,The main difference between the pro-types and the obj-types consists in the fact

that the (Pre-Extend) rule cannot be applied when an object has type obj t.〈〈R/R′〉〉;it follows that the type obj t.〈〈R / R′〉〉 permits extensions of an object only withrespect to the method names listed in the reservation part R′. This approach tosubsumption is reminiscent of the one in [Fisher and Mitchell 1995; Liquori 1997].

We also define a sub-kind of the kind T of types, termed Rgd, whose intendedmeaning is the subset of the rigid, i.e. non-extensible types.

Therefore, the new syntax of types and kinds is:

σ, τ ::= . . . | obj t.〈〈R / R′〉〉κ ::= T | Rgd.

The subset of rigid types contains the obj-types and is closed under the arrowconstructor. In order to axiomatize this we introduce a new form of judgment

Γ ` σ : Rgd.

The intuitive typing rules related with this judgment are presented in the Appendix.The (Subsume) rule is valid only when the type in the conclusion is rigid. It isimportant to point out that, by so doing, we do not need to introduce another partialorder on types, i.e. an ordinary subtyping relation, to deal with subsumption. Byintroducing the sub-kind of rigid types, we make the matching relation compatiblewith subsumption, and hence we can make it play the role of the width-subtypingrelation. This is in sharp contrast with the uses of matching proposed so far inthe literature ([Bruce 1994; Bruce et al. 1997; Bono and Bugliesi 1997]). Hence wecan suggestively say that in our type assignment system “matching is a relation ontypes compatible with a limited subsumption rule”.

4.1 Extra Rules for Subsumption

Extra rules for the obj-types are necessary. Most of these rules are simply a rephras-ing of the rules presented so far, replacing the binder pro by the binder obj. Themost important new rules are (Rgd−Obj) and (Promote).

The (Rgd−Obj) rule

Γ ` obj t.〈〈R〉〉 /〈M〉 : T t covariant in R Γ ` R : Rgd

Γ ` obj t.〈〈R〉〉 /〈M〉 : Rgd

asserts that subsumption is unsound for methods having t in contravariant positionwith respect to the arrow type constructor. Therefore, the variable t is forced tooccur only covariantly in the methods of R, and R′. Hence, binary methods arelost. This is, unfortunately, a common price to pay in order to have a fully statictype system with subtyping (see [Bruce et al. 1996; Castagna 1995; 1996]).


The (Promote) rule

Γ ` pro t.〈〈R′〉〉 /〈M ′〉 : T Γ ` obj t.〈〈R〉〉 /〈M〉 : T R ⊆ R′ {M} ⊆ {M ′}Γ ` pro t.〈〈R′〉〉 /〈M ′〉<#obj t.〈〈R〉〉 /〈M〉

“promotes” a fully-specializable pro-type into a limitedly specializable obj-type.When the methods in R′ are added to the object assigned to an obj-type, theobject in question becomes fixed, as in the Object Calculus.

5. A COLLECTION OF EXAMPLES

In this section, we give the types of the examples presented so far in Subsection 2.2together with some other (hopefully) motivating examples.

The objects self ext, inner ext, and fly ext, of Examples 2.1 and 2.2 and 2.3can be given the following types:

self ext : pro t.〈〈add n : t / n, n : int〉〉 / add n,

inner ext : pro t.〈〈add m n : t / m, m : t / n, n : int〉〉 / addmn

fly ext : pro t.〈〈f : t / n, get f : (t / n) → int, n : int〉〉 /〈f, get f〉.A possible derivation for self ext is presented in Figure 5.

Example 5.1. This example shows how class declaration can be simulated in theLambda Calculus of Objects and how using the self-inflicted extension we can fac-torize in a single declaration the definition of a hierarchy of classes. Let the methodadd set col be defined as in Example 1.2, and let us consider the simple classdefinition of PointClass:

PointClass4= 〈new = λs.〈x = λself.1, add set col = . . .〉〉.

The object PointClass can be used to create instances of both points and coloredpoints, by using the expressions:PointClass⇐ new and(PointClass⇐ new) ⇐ add set col.

Γ ` s : v Γ ` v <#pro t.〈〈n : int〉〉 Γ, w <#pro t.〈〈n : int〉〉 / n ` λs′.1 : w → int

Γ ` 〈s≺−− n = λs′.1〉 : v / n(Extend)

v <# τ / add n ` λs.〈s≺−− n = λs′.1〉 : (v → (v / n))(Abs)

ε ` 〈〉 : τ∗ ε ` τ <# τ

ε ` 〈add n = λs.〈s≺−− n = λs′.1〉〉 : τ / add n(Extend)

where τ ≡ pro t.〈〈add n : t / n, n : int〉〉 Γ ≡ v <# τ / add n, s : v and the judgment(∗) is derivable by the (Pre−Extend) rule.

Fig. 2. A derivation for self ext


Example Subsumption 1. This example shows how subsumption can interact withobject extension. Let:

P′ 4= obj t.〈〈x : int, col : bool〉〉 / x

CP4= obj t.〈〈x : int, col : bool〉〉 /〈x, col〉

g4= λp.〈p≺−− col = λs.true〉

and point and col point of type P′ and CP, respectively.By the type assignment rules we have:

ε ` CP<#P′

ε ` g : P′ → CP

ε ` g (col point) : CP

ε ` (λf.f(point) ⇐ col == f(col point) ⇐ col) g : bool

Notice that the object:

(λf.f(point) ⇐ col == f(col point) ⇐ col)

would not be typable without the subsumption rules.

Example Subsumption 2. This example shows how a self-inflicted extension caninteract with object subsumption. Let:

P4= obj t.〈〈x : int〉〉 / x

o4= 〈copy x = λself.λp.〈self≺−− x = λs.p⇐ x〉〉

By the type assignment rules we have:

ε ` o : pro t.〈〈copy x : P→ (t / x), x : int〉〉 / copy x

ε ` o⇐ copy x (col point) : ξ,

ε ` o⇐ copy x (col point) ⇐ copy x (point) : ξ,

where ξ4= pro t.〈〈x : int, copy x : P→ t〉〉 /〈x, copy x〉.

The object: o ⇐ copy x (point) ⇐ copy x (col point) would not be typablewithout the subsumption rules.

Example Downcasting. The self-inflicted extension permits to perform explicitdowncasting simply by method calling. A simple example is the following: let pointand a col point be objects with equal methods (checking the values of x, andx, col, respectively) and a self-extension method add set col method, as presentedin Example 1.2.

ε ` point : pro t.R and ε ` col point : pro t.R / col,

where R is

〈〈x : int, equal : t → bool, add set col : t / col, col : bool〉〉 /〈x, add set col〉The following judgments are derivable:

ε ` col point⇐ equal : pro t.R / col→ bool


ε ` point⇐ add set col : pro t.R / col

ε ` col point⇐ equal(point⇐ add set col) : bool.

6. SOUNDNESS OF THE TYPE SYSTEM

In this section we prove the crucial property of our type system, i.e. Theorem 6.9,the Subject Reduction Theorem. First we need a series of technical lemmata pre-senting the basic and technical properties of our type system, which are proved bycomplex, albeit standard, inductive arguments. As a corollary of the Theorem 6.9,we shall derive the fundamental result of the paper, i.e. the Type Soundness of ourtyping discipline.

We will first consider the plain type assignment system not containing subtyping,and then we will extend the Subject Reduction Theorem to the whole type system.

In the presentation of the properties and theorems, we will use A as metavariableranging on the statements in the form ok, τ : T , ρ<# ξ and e : τ ; we will use C asmetavariable for statements in the form x : τ and t<# ρ.

Lemma 6.1. (Sub-derivation)

(i) If ∆ is a derivation of Γ, Γ′ ` A, then there exists a sub-derivation ∆′ ⊆ ∆ ofΓ ` ok.

(ii) If ∆ is a derivation of Γ, x : σ, Γ′ ` A, then there exists a sub-derivation∆′ ⊆ ∆ of Γ ` σ : T .

(iii) If ∆ is a derivation of Γ, t<#σ,Γ′ ` A, then there exists a sub-derivation∆′ ⊆ ∆ of Γ ` σ : T .

Proof. The three points are proved, separately, by structural induction on thederivation ∆.

(i) The only cases where the inductive hypothesis cannot be applied are the caseswhere the last rule in ∆ is a context rule, that is, the only kind of rule that canincrease the context, and Γ′ is empty. In these cases the thesis coincides with thehypothesis. For all the other cases the thesis follows immediately by an applicationof the inductive hypothesis.

(ii) As in point (i), either we conclude immediately by inductive hypothesis orwe are in the case where Γ′ is empty and the last rule in ∆ is a context rule. In thislatter case the last rule in ∆ is necessarily a rule (Cont−x) deriving Γ, x : σ ` ok,and the first premise of this rule coincides with the thesis.

(iii) The proof works similarly to point (ii). utLemma 6.2. (Weakening)

(i) If Γ,Γ′ ` A and Γ, C, Γ′ ` ok, then Γ, C, Γ′ ` A.(ii) If Γ ` A and Γ, Γ′ ` ok, then Γ, Γ′ ` A.

Proof. (i) By structural induction on the derivation ∆ of Γ, Γ′ ` A. If the lastrule in ∆ has the context in the conclusion identical to the context of the premise(s),then it is possible to apply the inductive hypothesis, thus deriving almost imme-diately the point. For the other cases, if the last rule in ∆ is a rule (Cont−x) or(Cont−t), then the proof is trivial, since the second hypothesis coincides with the


thesis. The remaining cases concern the rules (Type−Pro), (Abs), (Extend) and(Override). These cases require a more careful treatment. We detail here the prooffor (Type−Pro), since the other cases are handled in a similar way.

In the case of (Type−Pro), the hypothesis Γ,Γ′ ` pro t.〈〈R, m : σ〉〉 : T followsfrom the judgment

Γ, Γ′, t<#pro t.〈〈R〉〉 ` σ : T (1)

Let us briefly remark that if the statement C of the second hypothesis is equalto t<# ρ, for some type ρ, then it is convenient to α-convert the object typepro t.〈〈R, m : σ〉〉 to avoid clash of variables. In any case, from Lemma 6.2.(i)(Weakening), by Lemma 6.1.(iii) (Sub-derivation), there exists a sub-derivationof ∆ deriving Γ, Γ′ ` pro t.〈〈R〉〉 : T , from which, by inductive hypothesis, Γ, C, Γ′ `pro t.〈〈R〉〉 : T , from which, by the rule (Cont−t), Γ, C, Γ′, t<#pro t.〈〈R〉〉 ` ok. By(1) and inductive hypothesis we have Γ, C, Γ′, t<#pro t.〈〈R〉〉 ` σ : T . Finally wehave the thesis using the rule (Type−Pro).

(ii) By induction on the length of Γ′, the proof uses the previous point andLemma 6.1.(i) (Sub-derivation). ut

In the sequel we use the following notations. Given two rows R, S and a list M :

M(R) , {m | (m : σ) ∈ R}R, S , R ∪ S

{M} , the set of methods contained in the list MM − m , the list M with the the occurrences of m removed

Lemma 6.3. (Well-formed types)

(i) Γ ` pro t.〈〈R〉〉 /〈M〉 : T if and only if Γ ` pro t.〈〈R〉〉 : T and {M} ⊆ M(R).(ii) Γ ` t /〈M〉 : T , if and only if Γ contains t<#pro t.〈〈R〉〉 /〈N〉 with {M} ⊆M(R).

Proof. Point (i) can be proved by inspection on the rules for well-formed typesand matching. Point (ii) can be proved by inspection on the rules for well-formedcontext, well-formed types and matching. ut

Notice that in the following proofs we often do not refer explicitly to the previousproperties, considering intuitive their derivation.

Proposition 6.4. (Matching has well-formed types)

If Γ ` ξ <#ρ, then Γ ` ξ : T and Γ ` ρ : T .

Proof. By structural induction on the derivation ∆ of Γ ` ξ <#ρ. The premisesof the rule (Match−Pro) are exactly the thesis. If the last rule in ∆ is a (Match−t)rule, we can conclude using the premise of the rule and Lemma 6.3.(ii) (Well-formed types). If the last rule applied in ∆ is a (Match−V ar) rule , then thejudgment Γ, t<# ξ, Γ′ ` t /〈M〉<#ρ is derived from the judgment Γ, t<# ξ, Γ′ `ξ /〈M〉<#ρ. By inductive hypothesis, ρ is well-typed, and Γ, t<# ξ, Γ′ ` ξ /〈M〉 : T .By the side condition in (Cont−t) rule, ξ must be in the form pro t.〈〈R〉〉 /〈M ′〉,and, by Lemma 6.3.(i) (Well-formed types), {M} ⊆ M(R). We can now concludeΓ, t<# ξ, Γ′ ` t /〈M〉 : T via the rule (Type−Extend). ut


Lemma 6.5. (Matching)

(i) Γ ` pro t.〈〈R〉〉 /〈M〉<#ρ if and only if Γ ` pro t.〈〈R〉〉 /〈M〉 : T , Γ ` ρ : T andρ ≡ pro t.〈〈R′〉〉 /〈M ′〉, with R′ ⊆ R and {M ′} ⊆ {M}.

(ii) Γ ` ρ<# t /〈M〉 if and only if Γ ` ρ : T and ρ ≡ t /〈M ′〉, with {M} ⊆ {M ′}.(iii) Γ ` t /〈M〉<#pro t.〈〈R〉〉 /〈N〉 if and only if Γ contains t<#pro t.〈〈R′〉〉 /〈M ′〉

with R ⊂ R′ and {M} ⊂ {M ′}.(iv) (Reflexivity) If Γ ` ρ : T then Γ ` ρ<# ρ.(v) (Transitivity) If Γ ` ρ1 <#ρ2 and Γ ` ρ2 <# ρ3, then Γ ` ρ1 <#ρ3.(vi) (Uniqueness) If Γ ` ρ<#pro t.〈〈R,m : σ〉〉 and Γ ` ρ<#pro t.〈〈R′,m : σ′〉〉,

then σ ≡ σ′.(vii) If Γ ` ρ<# ξ and Γ ` ξ / m : T , then Γ ` ρ / m<# ξ / m.(viii) If Γ ` ρ / m<#pro t.〈〈R〉〉 /〈M〉, then Γ ` ρ<#pro t.〈〈R〉〉 /〈M − m〉.(ix) If Γ ` ρ / m : T then Γ ` ρ / m<#ρ.

Proof. (i) (ii) (iii) Immediate by inspection on the matching rules.(iv) By cases on the form of ρ. The thesis can be derived immediately using

either the (Match−Pro) rule or the (Match−t) rule.(v) By cases on the form of ρ1, ρ2, ρ3, using points (i), (ii), (iii) above. If

ρ1 ≡ pro t.〈〈R〉〉 /〈M〉, we conclude by a triple application of point (i). If ρ3 ≡t /〈M〉, we conclude by three applications of point (ii). If ρ1 ≡ t /〈M〉 andρ3 ≡ pro t.〈〈R〉〉 /〈M〉, we conclude reasoning on the form of ρ2, using points (i),(ii), (iii) above.

(vi) By cases on the form of ρ, using either point (i) or point (iii) above.(vii) By cases on the form of ρ. If ρ ≡ pro t.〈〈R〉〉 /〈M〉, we have the thesis by

point (i) above and Lemma 6.3.(i) (Well-formed types). If ρ ≡ t /〈M〉 then wereason by cases on the form of ξ: if ξ ≡ pro t.〈〈S〉〉 /〈N〉, then we have the thesis bypoint (iii) above, and the validity of thesis for constant object types; if ξ ≡ t′ /〈N〉we have the thesis by point (ii) above.

(viii) By cases on the form of ρ, using either point (i) or point (iii) above.(ix) By cases on the form of ρ, using either point (i) above or point (ii) above

and Lemma 6.3.(ii) (Well-formed types). utLemma 6.6. (Match Weakening)

(i) If Γ, t<# ρ,Γ′ ` A, Γ ` ξ <# ρ and ξ is a constant object type, then Γ, t<# ξ, Γ′ `A.

(ii) If Γ ` pro t.〈〈R, m : σ〉〉 /〈M〉 : T , then Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M〉 ` σ : T .

Proof. (i) By structural induction on the derivation ∆ of Γ, t<#ρ, Γ′ ` A. Theonly case where the inductive hypothesis cannot be applied is when Γ′ is emptyand the last rule in ∆ is a rule increasing the length of the context (context rule).In this latter case Γ, t<#ρ ` ok has been derived via the rule (Cont−t). We havetherefore t 6∈ dom(Γ); and, by the second hypothesis and Lemma 6.4, Γ ` ξ : T ,from which we derive the thesis using the (Cont−t) rule.

For all the other cases but one the application of the inductive hypothesis andthe derivation of the thesis is immediate, since the last rule in ∆ does not usethe hypothesis t<# ρ in the context. The only rule that can use this hypothesis is


the rule (Match−V ar). If the last rule in ∆ is (Match−V ar), then Γ, t<#ρ, Γ′ `t /〈M〉<#ρ′ derives from the premise Γ, t<#ρ, Γ′ ` ρ /〈M〉<#ρ′. By inductivehypothesis, we have Γ, t<# ξ, Γ′ ` ρ /〈M〉<#ρ′. Moreover, from Γ ` ξ <# ρ and theWeakening Lemma we can derive Γ, t<# ξ, Γ′ ` ξ <#ρ, from which by Lemma 6.5(vi)Γ, t<# ξ, Γ′ ` ξ /〈M〉<#ρ /〈M〉. Finally, by the transitivity of matching we haveΓ, t<# ξ, Γ′ ` ξ /〈M〉<#ρ′, and by an application of the (Match−V ar) rule weobtain the thesis.

(ii) First observe that there exists S ⊆ R such that Γ, t<#pro t.〈〈S〉〉 ` σ : T .In fact, by Lemma 6.3.(i) (Well-formed types), we have Γ ` pro t.〈〈R, m : σ〉〉 : T ,that can only be derived by an application of the (Type−Pro) rule, therefore wehave either our point or Γ, t<#pro t.〈〈R′, m : σ〉〉 ` σ′ : T , for a suitable R′, suchthat R ≡ R′,m′ : σ′. By Lemma 6.1.(iii) (Sub-derivation), it follows that Γ `pro t.〈〈R′,m : σ〉〉 : T , and, by repeating these last two arguments, we concludethe existence of S. Now, from Γ, t<#pro t.〈〈S〉〉 ` σ : T , using Lemma 6.1.(iii)(Sub-derivation), (Match−Pro) rule and point (i), we have the thesis. ut

Proposition 6.7. (Substitution)

(i) If Γ, x : τ, Γ′ ` A and Γ ` e : τ , then Γ,Γ′ ` A[e/x].(ii) If Γ, t<# ρ,Γ′, Γ′′ ` A and Γ, t<#ρ, Γ′ ` ξ <# ρ, then Γ, t<#ρ, Γ′,Γ′′[ξ/t] `

A[ξ/t].(iii) If Γ, t<# ρ,Γ′ ` A and Γ ` ξ <#ρ, then Γ, Γ′[ξ/t] ` A[ρ/t].

Proof. (i) By induction on the derivation ∆ of Γ, x : τ, Γ′ ` A. The cases wherethe inductive hypothesis cannot be immediately applied are the ones where the lastrule in ∆ is a context rule and Γ′ is empty. In this case Γ, x : τ ` ok is derived fromΓ ` τ : T , from which, by Lemma 6.1.(i) (Sub-derivation), we have the thesis.

The only not obvious case is the one where the last rule in ∆ is (V ar) rule andthe variable x coincides with the one dealt by the rule. In this case the conclusionΓ, x : τ, Γ′ ` x : τ derives from the premise Γ, x : τ, Γ′ ` ok, and so, by induction,Γ, Γ′ ` ok. By the second hypothesis Γ ` e : τ and Lemma 6.2 (Weakening), wededuce Γ, Γ′ ` e : τ , which coincides with our thesis. All the remaining cases canbe easily proved by applying the inductive hypothesis.

(ii) By induction on the derivation ∆ of Γ, t<# ρ,Γ′, Γ′′ ` A. As for the previouspoint, the only cases where the inductive hypothesis cannot be applied are the oneswhere the last rule in ∆ is a context rule (Γ′, Γ′′ are empty), but these cases aretrivial, since the hypothesis coincides with the thesis.

About the remaining cases, the only not trivial one is when the last rule in∆ is (Match−V ar) (the only rule that can use the judgment t<#ρ, containedin the context) and the type variable t coincides with the one dealt by the rule.In this case the conclusion Γ, t<#ρ, Γ′,Γ′′ ` t /〈M〉<#ρ′ derives from the premiseΓ, t<#ρ, Γ′, Γ′′ ` ρ /〈M〉<# ρ′; then, by inductive hypothesis, Γ, t<#ρ, Γ′, Γ′′[ξ/t] `(ρ /〈M〉<#ρ′)[ξ/t]). By the side condition on (Cont− t) rule, t cannot be free in ρ,therefore the above judgment can be written as Γ, t<#ρ, Γ′, Γ′′[ξ/t] ` ρ /〈M〉<# ρ′

[ξ/t]. On the other hand, from the hypothesis Γ, t<#ρ, Γ′ ` ξ <# ρ, we can de-rive Γ, t<#ρ, Γ′,Γ′′[ξ/t] ` ξ /〈M〉<# ρ /〈M〉 by Lemma 6.2.(ii) (Weakening) andLemma 6.5.(vii), and from the transitivity of the matching (Lemma 6.5.(v)) wehave Γ, t<#ρ, Γ′Γ′′[ξ/t] ` ξ /〈M〉<# ρ′, which is our thesis.


(iii) By the previous point we can derive Γ, t<#ρ, Γ′[ξ/t] ` A[ρ/t]. By a straight-forward induction argument one can then prove that if Γ, t<#ρ, Γ′ ` A and t doesnot appear free in Γ′ and A, then Γ, Γ′ ` A. From this we have immediately thethesis. ut

Proposition 6.8. (Types of expressions are well-formed)If Γ ` e : τ , then Γ ` τ : T .

Proof. By structural induction on the derivation ∆ of Γ ` e : τ . In this proofwe need to consider explicitly all the possible cases for the last rule in ∆, each caseis quite simple but needs specific arguments.

If the last rule in ∆ is (Const), we derive the thesis using the (Type−Const)rule. If the last rule in ∆ is (V ar), we use Lemma 6.1.(ii) (Sub-derivation) andLemma 6.2.(i) (Weakening). For the rule (Abs), one applies inductive hypothesis,Lemma 6.1.(ii) (Sub-derivation), Lemma 6.7.(i) (Substitution) and (Type−Arrow)rule. For the rule (Appl), one applies the inductive hypothesis, obtaining Γ ` σ →τ : T . This judgment can only be derived through the rule (Type−Arrow), whosesecond premise is just the thesis.

Next we consider the rules for object terms. The thesis is trivial for the rules(Empty), (Pre−Extend) and (Override). In the case of rule (Extend), Γ `〈e1≺−− m = e2〉 : ρ / m is derived from Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M〉; we haveΓ ` ρ / m<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 by Lemma 6.5.(iii), and so we conclude byProposition 6.4.

The two remaining cases are more complex. (Send): by hypothesis we havederived Γ ` e ⇐ m : σ[τ/t]. From the premise Γ ` τ <#pro t.〈〈R, m : σ〉〉 /〈M, m〉and Proposition 6.4 we have Γ ` pro t.〈〈R, m : σ〉〉 /〈M, m〉 : T , from which, byLemma 6.6.(ii), Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` σ : T ; finally, by Lemma 6.7.(iii)(Substitution), we can conclude Γ ` σ[τ/t] : T . (Select): in this case we havederived Γ ` Sel(e1, m, e2) : σ[(ξ[ρ/s])/t] from the premises Γ, s<#pro t.〈〈R, m :σ〉〉 ` ξ <# s and Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉. By transitivity of matchingand Substitution, we can derive Γ ` ξ[ρ/s]<#ρ and Γ ` ξ[ρ/s]<#pro t.〈〈R, m :σ〉〉 /〈M, m〉, and, by repeating the steps followed for the (Send) rule, we can derivethe thesis. ut

Finally we can state the key Subject Reduction property for our type system.

Theorem 6.9. (Subject Reduction) If Γ ` e : τ and eev→ e′, then Γ ` e′ : τ .

Proof. We prove that the type is preserved by each of the four reduction rules(Beta), (Selection), (Success) and (Next).

(Beta) The derivation ∆ of Γ ` (λx.e1)e2 : τ needs to terminate with a rule(Appl), deriving Γ ` (λx.e1)e2 : τ ′, eventually followed by some applications of(Pre−Extend). Let the premises of (Abs) be Γ ` (λx.e1) : υ → τ ′ and Γ ` e2 : υwith a suitable υ; in turn, the first judgment has to be deduced from Γ, x : υ `e1 : τ ′ via (Abs) rule. By Proposition 6.7.(ii) (Substitution), we conclude Γ ` (e1 :τ)[e2/x] ≡ e1[e2/x] : τ , and, by some eventual applications of (Pre−Extend), wehave the thesis.

(Selection) The derivation ∆ of Γ ` e ⇐ m : τ needs to terminate with arule (Send), deriving Γ ` e ⇐ m : σ[ρ/t], eventually followed by some applica-


tions of (Pre−Extend). The premises of the (Send) rule are Γ ` e : ρ and Γ `ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉. From this latter judgment, by Lemma 6.4 (Matchinghas well-formed types) and the rules (Cont− t), (Match−V ar), (Type−Extend),(Cont − x), and (Abs), one can derive Γ, s<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` λx. x :s → s. From the above premises, by applying the (Select) rule, we derive Γ `Sel(e, m, λx. x) : σ[ρ/t], and, by some eventual applications of (Pre−Extend), wehave the thesis.

(Success) The derivation ∆ of Γ ` Sel(〈e1≺−− m = e2〉, m, e) : τ needs to ter-minate with a rule (Select), deriving Γ ` Sel(〈e1≺−− m = e2〉, m, e) : σ[(ρ /〈N〉)/t],eventually followed by some applications of (Pre−Extend) rule. The premises ofthe (Select) rule are:

Γ ` 〈e1≺−− m = e2〉 : ρ (2)

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 (3)

Γ, s<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e : s → (s /〈N〉) (4)

From judgments (3) and (4), by Substitution, we have Γ ` e : ρ → (ρ /〈N〉); fromthis judgment and (2), by the rule (Appl), we have:

Γ ` e〈e1≺−− m = e2〉 : ρ /〈N〉 (5)

Judgment (2) can only be derived using either the (Extend) rule or the (Override)rule, eventually followed by some applications of the (Pre−Extend) rule. Here wewill consider only the case where the (Extend) rule is applied, since the case for(Overrride) can be proved using the same arguments, with the only difference thatfor some aspects the proof is simpler. So we assume that the rule (Extend) derivesΓ ` 〈e1≺−− m = e2〉 : ρ′ / m using as premises:

Γ ` e1 : ρ′

Γ ` ρ′<#pro t.〈〈R′, m : σ′〉〉 /〈M ′〉 (6)

Γ, t<#pro t.〈〈R′, m : σ′〉〉 /〈M ′, m〉 ` e2 : t → σ′ (7)

By inspection on the (Pre−Extend) rule we can readily derive Γ ` ρ<#ρ′/m. Fromjudgment (6), by Lemma 6.5.(vii), we have Γ ` ρ′ / m<#pro t.〈〈R′, m : σ′〉〉 /〈M ′, m〉,and, by transitivity of matching, we derive Γ ` ρ<#pro t.〈〈R′, m : σ′〉〉 /〈M ′, m〉.From this judgment and (3), by Lemma 6.5.(vi)(Matching uniqueness), it followsthat σ ≡ σ′. Moreover, by Lemma 6.5.(ix), we have Γ ` ρ /〈N〉<# ρ and, by tran-sitivity of matching, Γ ` ρ /〈N〉<#pro t.〈〈R′, m : σ〉〉 /〈M ′, m〉. From this judgmentand (7), by Substitution, we have, Γ ` e2 : ρ /〈N〉 → σ[(ρ /〈N〉)/t], and from thisand (5), by the rule (Appl), we have Γ ` e2 (e〈e1≺−− m = e2〉) : σ[(ρ /〈N〉)/t], and,by some eventual applications of (Pre−Extend) rule, we have the thesis.

(Next) As argued for the rule (Success), the derivation ∆ of Γ ` Sel(〈e1≺−− n =e2〉, m, e) : τ needs to terminate with a rule (Select), deriving Γ ` Sel(〈e1≺−− n =e2〉, m, e) : σ[(ρ /〈N〉)/t], eventually followed by some applications of (Pre−Extend)rule. Let the premises of the (Select) rule be:

Γ ` 〈e1≺−− n = e2〉 : ρ (8)


Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 (9)

Γ, s<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e : s → (s /〈N〉) (10)

The judgment (8) can only be derived using either the (Extend) rule or the (Override)rule, eventually followed by some applications of the (Pre−Extend) rule. Here weonly consider the case where (Extend) and (Pre−Extend) rules are applied; theother case can be derived with a similar pattern.

Since (Pre−Extend) has been applied, and (8) holds, the type ρ must be on theform pro t.〈〈R′, m : σ, n : σ′〉〉 /〈M ′, m, n〉. So let (8) be derived by (Pre − Extend),from:

Γ ` 〈e1≺−− n = e2〉 : pro t.〈〈R′′, m : σ, n : σ′〉〉 /〈M ′, m, n〉(with R′′ ⊆ R′), which, in turn, is derived by the (Extend) rule from the premises:

Γ ` e1 : pro t.〈〈R′′, m : σ, n : σ′〉〉 /〈M ′, m〉 (11)

Γ ` pro t.〈〈R′′, m : σ, n : σ′〉〉 /〈M ′, m〉<#pro t.〈〈R′′′, m : σ, n : σ′〉〉 /〈M ′′′, m〉 (12)

Γ ` t<#pro t.〈〈R′′′, m : σ, n : σ′〉〉 /〈M ′′′, m, n〉 ` e2 : t → σ′ (13)

Moreover, let ρ′ indicate the type pro t.〈〈R′, m : σ, n : σ′〉〉 /〈M ′, m〉, i.e. ρ ≡ ρ′ / n.From judgment (11), by the (Pre−Extend) rule, we can derive:

Γ ` e1 : ρ′ (14)

By (Match−Pro) rule, we have Γ ` ρ′ /n<#pro t.〈〈R′′, m : σ, n : σ′〉〉 /〈M ′, m〉; fromthis judgment, (12) and (13), by transitivity of matching and weakening lemma,we have Γ, t<#ρ′ / n ` e2 : t → σ′. From this judgment it is not difficult to prove,using the (Extend) rule, that Γ, s<# ρ′, x : s ` 〈x≺−− n = e2〉 : s / n. From (10),by substitution, we obtain Γ, s<# ρ′ ` e : (s / n) → s / n /〈N〉. From the two lastjudgments, by (Appl) and (Abs) rules we have:

Γ, s<#ρ′ ` λx.e〈x≺−− n = e2〉 : s → s / n /〈N〉This judgment, together with (14), allows an application of the (Select) rule, thusderiving:

Γ ` Sel(e1, m, λx.e〈x≺−− n = e2〉) : σ[(ρ′ / n /〈N〉)/t]

Therefore we can readily obtain the thesis. utWe conclude by deducing the Type Soundness theorem: it will guarantee, among

other, that every closed and well typed expression will not produce the message-not-found run-time error. This error arises whenever we search a message m into anexpression that does not reduce to an object which has the method m in its interface.

Definition 6.10. Define the set of wrong terms as follows:

wrong ::= Sel(〈〉, m, e) | Sel((λx.e), m, e′) | Sel(c, m, e)

By a direct inspection of the typing rules for terms, one can immediately see thatwrong cannot be typed. Hence, Type Soundness follows as a corollary of the SubjectReduction theorem.

Corollary 6.11. (Type Soundness) If ε ` e : τ , then e 6→ev→ C[wrong], where C[ ]is a generic context in λObj+, i.e. a term with an “hole” inside it.


6.1 Soundness of the Type System with Subsumption

The proof of Subject Reduction for the type assignment system with subsumptionis quite similar to the corresponding proof for the original type system. In particu-lar, all the preliminary lemmata and their corresponding proof remains almost thesame; only the final proof of the Subject Reduction theorem needs to be modifiedsignificantly. Since that, we do not present here the whole proof, but just remarkand present the points where new arguments are needed.

Therefore, Lemmata 6.1 (Sub-derivation), 6.2 (Weakening), 6.4 (Matching haswell-formed types), 6.7 (Substitution), 6.8 (Types of expressions are well-formed)are valid also for the type assignment system with subsumption. Conservely, weneed to reformulate Lemmata 6.3 (Well-formed types), 6.5 (Matching), 6.6 (MatchWeakening) as follows.

In Lemma (Well-formed types) 6.3, point (ii) needs to be rewritten as:

(iii) Γ ` t /〈M〉 : T if and only if Γcontains t<#pro t.〈〈R〉〉 /〈N〉 or t<#obj t.〈〈R〉〉 /〈N〉, with {M} ⊆ M(R).

In Lemma (Matching) 6.5, point (vi) needs to be rewritten as:

(vi) (Uniqueness) if Γ ` ρ<#obj t.〈〈R,m : σ〉〉 and Γ ` ρ<#obj t.〈〈R′,m : σ′〉〉,then σ ≡ σ′

Moreover, the following points need to be added:

(i’) Γ ` obj t.〈〈R〉〉 /〈M〉<#ρ if and only if Γ ` pro t.〈〈R〉〉 /〈M〉 : T , Γ ` ρ : T andρ ≡ obj t.〈〈R′〉〉 /〈M ′〉}, with R′ ⊆ R and {M ′} ⊆ {M}.

(iii’) Γ ` t /〈M〉<#obj t.〈〈R〉〉 /〈N〉 if and only if Γ contains t<#obj t.〈〈R′〉〉 /〈M ′〉or t<#pro t.〈〈R′〉〉 /〈M ′〉, with R ⊂ R′ and {M} ⊂ {M ′}.

(viii’) If Γ ` ρ / m<#obj t.〈〈R〉〉 /〈M〉, then Γ ` ρ<#obj t.〈〈R〉〉 /〈M − m〉.In the Lemma (Match Weakening) 6.6, point (ii) needs to be rewritten as:

(ii) If Γ ` pro t.〈〈R, m : σ〉〉 /〈M〉 : T or Γ ` obj t.〈〈R, m : σ〉〉 /〈M〉 : T , thenΓ, t<#obj t.〈〈R, m : σ〉〉 /〈M〉 ` σ : T .

A new lemma, stating some elementary properties of types with covariant vari-ables and rigid types is necessary.

Lemma 6.12. (Covariant variables and Rigid types)

(i) If t is covariant in σ, and Γ ` σ : Rgd, and Γ ` ξ <# ρ, then Γ ` σ[ξ/t]<#σ[ρ/t].(ii) If Γ ` σ : Rgd, and Γ ` ρ : Rgd then Γ ` σ[ρ/t] : Rgd.

The Subject Reduction has the usual formulation but it needs a more complexproof.

Theorem 6.13. (Subject Reduction, full λObj+) If Γ ` e : τ and eev→ e′, then

Γ ` e′ : τ .

Proof. Similarly to the proof of Subject Reduction 6.9, we prove that the typeis preserved by each of the four reduction rules (Beta), (Selection), (Success) and(Next). In the present case we have the extra difficulty of considering the possibleapplication of the (Subsume) rule.


(Beta) The derivation of Γ ` (λx.e1)e2 : τ needs to terminate with a rule(Appl), deriving Γ ` (λx.e1)e2 : ξ, eventually followed by some applications of(Pre−Extend) and (Subsume) rules. The premises of (Appl) must be Γ ` (λx.e1) :υ → ξ and Γ ` e2 : υ for a suitable υ; in turn, the first judgment has to be deducedvia (Abs) rule, eventually followed by (Subsume) rule. Let Γ ` (λx.e1) : υ′ → ξ′

be the conclusion of the (Abs) rule, and:

Γ, x : υ′ ` e1 : ξ′ (15)

its premise. Since the (Subsume) rule has been applied, we have Γ ` υ′ → ξ′<#υ →ξ and Γ ` υ → ξ : Rgd, therefore Γ ` υ <#υ′ and Γ ` υ′ : Rgd and Γ ` ξ′<# ξand Γ ` ξ : Rdg. Using these judgments and (15), it is not difficult to prove,by structural induction, that Γ, x : υ ` e1 : ξ′. By substitution, we have thenΓ ` e1[e2/x] : ξ′, and, by the (Subsume) rule, Γ ` e1[e2/x] : ξ, from which thethesis.

(Selection) This case works as for the system without subsumption.

(Success) Repeating the arguments used for the Subject Reduction 6.9, we cansay that the derivation ∆ of Γ ` Sel(〈e1≺−− m = e2〉, m, e) : τ needs to terminatewith a rule (Select), deriving Γ ` Sel(〈e1≺−− m = e2〉, m, e) : σ[(ρ /〈N〉)/t], even-tually followed by some applications of (Pre−Extend) and (Subsume) rules. Thepremises of the (Select) rule are:

Γ ` 〈e1≺−− m = e2〉 : ρ (16)

Γ ` ρ<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 (17)

Γ, s<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 ` e : s → (s /〈N〉) (18)

If the judgment (16) is not derived by an application of the (Subsume) rule, it ispossible to repeat the arguments used for the type system without subsumption.So we consider only the case where (16) is derived by a single application of the(Subsume) rule. Notice that it is sufficient to consider a single application, sinceconsecutive (multiple) applications of (Subsume) can always be compacted in asingle one. So let the premises of (Subsume) be:

Γ ` 〈e1≺−− m = e2〉 : ξ (19)

Γ ` ξ <#ρ (20)

Γ ` ρ : Rgd (21)

From judgments (17), (20) and (18), by transitivity and Substitution, we haveΓ ` e : ξ → (ξ /〈N〉). From this and (19), by the rule (Appl), we have:

Γ ` e〈e1≺−− m = e2〉 : ξ /〈N〉 (22)

By repeating the same arguments used for the previous version of the theorem 6.9(case analysis on the derivation of (19)), we can prove that:

Γ ` e2 (e〈e1≺−− m = e2〉) : σ[(ξ /〈N〉)/t]


Moreover, from (17) and (21) we can derive that t is covariant in σ and Γ `σ : Rdg. By Lemma 6.12, it follows that Γ ` σ[(ξ /〈N〉)/t]<#σ[(ρ /〈N〉)/t] andΓ ` σ[(ρ /〈N〉)/t] : Rgd so, by an application of the (Subsume) rule, we haveΓ ` e2 (e〈e1≺−− m = e2〉) : σ[(ρ /〈N〉)/t], and from this the thesis.

(Next) Also in this case we can just repeat the arguments used for the other ver-sion of the theorem, thus taking care of the possible applications of the (Subsume)rule. So we argue that the derivation ∆ of Γ ` Sel(〈e1≺−− n = e2〉, m, e) : τneeds to terminate with a rule (Select), deriving Γ ` Sel(〈e1≺−− n = e2〉, m, e) :σ[(ρ /〈N〉)/t], eventually followed by some applications of rule (Pre−Extend) and(Subsume) rules. Let the premises of the (Select) rule be:

Γ ` 〈e1≺−− n = e2〉 : ρ (23)

Γ ` ρ<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 (24)

Γ, s<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 ` e : s → (s /〈N〉) (25)

If judgment (23) is not derived by an application of the (Subsume) rule, it is possibleto repeat the arguments used for the type assignment system without subsumption.So we consider only the case where (16) is derived by a single application of the(Subsume) rule, having as premises:

Γ ` 〈e1≺−− m = e2〉 : ξ (26)

Γ ` ξ <#ρ (27)

Γ ` ρ : Rgd (28)

From these judgments, by repeating the same arguments used for the proof withoutsubsumption (case analysis on the derivation of the judgment (26)), we can provethat:

Γ ` Sel(e1, m, λx.e〈x≺−− n = e2〉) : σ[(ξ / n /〈N〉)/t]

Therefore, by repeating the final arguments used for the (Success) case, i.e applyLemma 6.12 and (Subsume) rule, we can derive the thesis. ut7. PLUG’N-PLAY IN THE OBJECT CALCULUS

In [Liquori 1997] we are presented with a first-order extension of the Object Calculusof Abadi and Cardelli ([Abadi and Cardelli 1996]) that supports method extensionin presence of object subsumption.

We conjecture that, with a little effort, the type system of λObj+ could beadapted to the extended Object Calculus, of course taking into account that objectsare sets of pairs instead of lists in λObj+. In order to adapt the type system ofλObj+ to the extended Object Calculus we need to:

—remove the (Select) rule;—add the following (Object) rule in order to build an object from scratch:

Γ, t<#pro t.〈〈R〉〉 /〈M〉, s : t ` ei : σi mi : σi ∈ R ∀ mi ∈ M

Γ ` 〈mi = ς(si : t<#pro t.〈〈R〉〉 /〈M〉)ei〉 i∈I : pro t.〈〈R〉〉 /〈M〉


Typed Syntax. e ::= s | 〈mi = ς(si : t<# τ)ei〉 i∈I | e.m | e1.m≺−− ς(s : t<# τ)e2

Operational Semantics. Let e4= 〈mi = ς(si : t<# τ ′)ei〉i∈I

(Sending) e.mjev→ ej{e/sj} (j ∈ I)

(Object) e.mj ≺−− ς(sj : t<# τ / mj)e′ev→ 〈mi = ς(si : t<# τ / mj)ei, mj =

ς(sj : t<# τ / mj)e′〉i∈I−{j} (j ∈ I)

Fig. 3. Typed Syntax and Small-Step Semantics for the Extended Object Calculus

—modify the (Extend) rule as follows:

Γ ` e1 : τ

Γ ` τ <#pro t.〈〈R, m : σ〉〉 /〈M〉Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉, s : t ` e2 : σ

Γ ` e1.m≺−− ς(s : t<# τ / m)e2 : τ / m


A. THE TYPE ASSIGNMENT RULES

Well-formed Contexts

ε ` ok(Cont−ε)

Γ ` τ : T x 6∈ dom(Γ)

Γ, x : τ ` ok(Cont−x)

Γ ` ρ : T t 6∈ dom(Γ) ρ a constant object type

Γ, t<# ρ ` ok(Cont−t)

Well-formed Types

Γ ` ok

Γ ` pro t.〈〈ε〉〉 : T(Type−Pro〈〈〉〉)

Γ, t<#pro t.〈〈R〉〉 ` σ : T m 6∈ M(R)

Γ ` pro t.〈〈R, m : σ〉〉 : T(Type−Pro)

Γ ` ρ<#pro t.〈〈R〉〉 {M} ⊆ M(R)

Γ ` ρ /〈M〉 : T(Type−Extend)

Γ ` τ : T Γ ` υ : T

Γ ` τ → υ : T(Type−Arrow)

Γ ` ok

Γ ` ι : T(Type−Const)

Matching Rules

Γ ` pro t.〈〈R′〉〉 /〈M ′〉 : T Γ ` pro t.〈〈R〉〉 /〈M〉 : T R ⊆ R′ {M} ⊆ {M ′}Γ ` pro t.〈〈R′〉〉 /〈M ′〉<#pro t.〈〈R〉〉 /〈M〉

(Match−Pro)

Γ, t<#ρ, Γ′ ` ρ /〈M〉<# ξ

Γ, t<# ρ,Γ′ ` t /〈M〉<# ξ(Match−V ar)

Γ ` t /〈M ′〉 : T {M} ⊆ {M ′}Γ ` t /〈M ′〉<# t /〈M〉

(Match−t)


Type Rules for Lambda Terms

Γ ` ok

Γ ` c : ι(Const)

Γ, x : τ, Γ′ ` ok

Γ, x : τ, Γ′ ` x : σ(V ar)

Γ, x : σ ` e : υ

Γ ` λx.e : τ → υ(Abs)

Γ ` e1 : τ → υ Γ ` e2 : υ

Γ ` e1 e2 : υ(Appl)

Type Rules for Object Terms

Γ ` ok

Γ ` 〈〉 : pro t.〈〈ε〉〉(Empty)

Γ ` e : pro t.〈〈R〉〉 /〈M〉 Γ ` pro t.〈〈R,R′〉〉 /〈M〉 : T

Γ ` e : pro t.〈〈R, R′〉〉 /〈M〉(Pre−Extend)

Γ ` e1 : ρ

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M〉Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : t → σ

Γ ` 〈e1≺−− m = e2〉 : ρ / m(Extend)

Γ ` e1 : ρ

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : t → σ

Γ ` 〈e1≺−− m = e2〉 : ρ(Override)

Γ ` e : ρ Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉Γ ` e ⇐ m : σ[ρ/t]

(Send)

Γ ` e1 : ρ

Γ ` ρ<#pro t.〈〈R, m : σ〉〉 /〈M, m〉Γ, t<#pro t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : s → (s /〈N〉)

Γ ` Sel(e1, m, e2) : σ[(ρ /〈N〉)/t](Select)


B. THE EXTRA RULES FOR SUBSUMPTION

Extra Well-formed Types

Γ ` pro t.〈〈R〉〉 /〈M〉 : T

Γ ` obj t.〈〈R〉〉 /〈M〉 : T(Type−Obj)

Γ ` τ <#obj t.〈〈R〉〉 : T {M} ⊆ M(R)

Γ ` τ /〈M〉 : T(New − Type−Extend)

Extra Matching Rules

Γ ` pro t.〈〈R′〉〉 /〈M ′〉 : T Γ ` pro t.〈〈R〉〉 /〈M〉 : T R ⊆ R′ {M} ⊆ {M ′}Γ ` pro t.〈〈R′〉〉 /〈M ′〉<#obj t.〈〈R〉〉 /〈M〉

(Promote)

Γ ` pro t.〈〈R′〉〉 /〈M ′〉 : T Γ ` pro t.〈〈R〉〉 /〈M〉 : T R ⊆ R′ {M} ⊆ {M ′}Γ ` obj t.〈〈R′〉〉 /〈M ′〉<#obj t.〈〈R〉〉 /〈M〉

(Match−Obj)

Γ ` υ′<#υ Γ ` τ <# τ ′ Γ ` υ : Rdg

Γ ` υ → τ <#υ′ → τ ′(Match−Arrow)

New Type Rules for Expressions

Γ ` e : ξ Γ ` ξ <#ρ Γ ` ρ : Rgd

Γ ` e : ρ(Subsume)

Γ ` e1 : ρ

Γ ` ρ<#obj t.〈〈R, m : σ〉〉 /〈M〉Γ, t<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : t → σ

Γ ` 〈e1≺−− m = e2〉 : ρ / m(New−Extend)

Γ ` e1 : ρ

Γ ` ρ<#obj t.〈〈R, m : σ〉〉 /〈M, m〉Γ, t<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : t → σ

Γ ` 〈e1≺−− m = e2〉 : ρ(New−Override)

Γ ` e : ρ Γ ` ρ<#obj t.〈〈R, m : σ〉〉 /〈M, m〉Γ ` e ⇐ m : σ[ρ/t]

(New−Send)


Γ ` e1 : ρ

Γ ` ρ<#obj t.〈〈R, m : σ〉〉 /〈M, m〉Γ, s<#obj t.〈〈R, m : σ〉〉 /〈M, m〉 ` e2 : s → (s /〈N〉)

Γ ` Sel(e1, m, e2) : σ[(ρ /〈N〉)/t](New−Select)

Rules for Fixed Types

Γ ` ok

Γ ` ι : Rgd(Rgd−Const)

Γ ` obj t.〈〈R〉〉 /〈M〉 : T t covariant in R Γ ` R : Rgd

Γ ` obj t.〈〈R〉〉 /〈M〉 : Rgd(Rgd−Obj)

Γ, t<#obj t.〈〈R〉〉 /〈M〉, Γ′ ` t /〈N〉 : T t covariant in R

Γ, t<#obj t.〈〈R〉〉 /〈M〉, Γ′ ` t /〈N〉 : Rgd(Rgd−V ar)

Γ ` υ : Rgd

Γ ` τ → υ : Rgd(Rgd−Arrow)

REFERENCES

Abadi, M. and Cardelli, L. 1996. A Theory of Objects. Springer-Verlag.

Belle, G. 1994. Some Remarks on Lambda Calculus of Objects. Tech. rep., Dipartimento diMatematica ed Informatica, Universita di Udine.

Bono, V. and Bugliesi, M. 1997. Matching Constraints for the Lambda Calculus of Objects. InProc. of TLCA. Lecture Notes in Computer Science, vol. 1210. Springer-Verlag, 46–62.

Bono, V., Bugliesi, M., Dezani-Ciancaglini, M., and Liquori, L. 1997. Subtyping Constraintfor Incomplete Objects. In Proc. of TAPSOFT/CAAP. Lecture Notes in Computer Science,vol. 1214. Springer-Verlag, 465–477.

Bono, V., Bugliesi, M., and Liquori, L. 1996. A Lambda Calculus of Incomplete Objects. InProc. of MFCS. Lecture Notes in Computer Science, vol. 1113. Springer-Verlag, 218–229.

Bono, V. and Fisher, K. 1998. An Imperative. First-Order Calculus with Object Extension. InProc. of ECOOP. Lecture Notes in Computer Science. Springer-Verlag. To appear.

Bono, V. and Liquori, L. 1995. A Subtyping for the Fisher-Honsell-Mitchell Lambda Calculusof Objects. In Proc. of CSL. Lecture Notes in Computer Science, vol. 933. Springer-Verlag,16–30.

Bruce, K. 1994. A Paradigmatic Object–Oriented Programming Language: Design, Static Typingand Semantics. Journal of Functional Programming 4, 2, 127–206.

Bruce, K., Cardelli, L., Castagna, G., Group, T. H. O., Leavens, G., and Pierce, B. 1996.On Binary Methods. Theory and Practice of Object Systems 1, 3.

Bruce, K., Petersen, L., and Fiech, A. 1997. Subtyping Is Not a Good “Match” for Object-Oriented Languages. In Proc. of ECOOP. Lecture Notes in Computer Science, vol. 1241.Springer-Verlag, 104–127.

Cardelli, L. 1995. A Language with Distributed Scope. Computing System 8, 1, 27–59.

Castagna, G. 1995. Covariance and contravariance: conflict without a cause. ACM Transactionson Programming Languages and Systems 17, 3, 431–447.


Castagna, G. 1996. Object-Oriented Programming: A Unified Foundation. Progress in Theoret-ical Computer Science. Birkauser, Boston.

Drossopoulou, S., Damiani, F., Dezani-Ciancaglini, M., and Giannini, P. 2001.Fickle: Dynamic object re-classification. In Electronic proceedings of FOOL8(http://www.cs.williams.edu/ kim/FOOL/).

Drossopoulou, S., Damiani, F., Dezani-Ciancaglini, M., and Giannini, P. 2002. More dy-namic object re-classification: Fickleii. ACM Transactions On Programming Languages andSystems 24, 2, 153–191.

Fisher, K. 1996. Type System for Object-Oriented Programming Languages. Ph.D. thesis,University of Stanford.

Fisher, K., Honsell, F., and Mitchell, J. C. 1994. A Lambda Calculus of Objects and MethodSpecialization. Nordic Journal of Computing 1, 1, 3–37.

Fisher, K. and Michell, J. C. 1994. Notes on Typed Object-Oriented Programming. In Proc.of TACS. Lecture Notes in Computer Science, vol. 789. Springer-Verlag, 844–885.

Fisher, K. and Mitchell, J. C. 1995. A Delegation-based Object Calculus with Subtyping. InProc. of FCT. Lecture Notes in Computer Science, vol. 965. Springer-Verlag, 42–61.

Fisher, K. and Mitchell, J. C. 1998. On the relationship between classes, objects, and dataabstraction. Theory and Practice of Object Systems. To appear.

Liquori, L. 1997. An Extended Theory of Primitive Objects: First Order System. In Proc. ofECOOP. Lecture Notes in Computer Science, vol. 1241. Springer-Verlag, 146–169.

Paladin, P. 1993. Teoremi di Congruenza per Lambda-Calcoli Orientati agli Oggetti. M.S. thesis,Dipartimento di Matematica ed Informatica, Universita di Udine. In Italian.

Plotkin, G. 1981. A Structural Approach to Operational Semantics. Tech. Rep. DAIMI FN-19,Computer Science Department, Aarhus University, Denmark.

Wand, M. 1987. Complete Type Inference for Simple Objects. In Proc. of LICS. IEEE Press,37–44.

Foundations for Dynamic Object Re-classication

Documents

Transcript of Foundations for Dynamic Object Re-classication