We present a general algorithm for solving systems of inclusion constraints over type expressions. The constraint language includes function types, constructor types, and liberal intersection and union types. We illustrate the application of our constraint solving algorithm with a type inference system for the lambda calculus with constants. In this system, every pure lambda term has a (computable) type and every term typable in the Hindley/Milner system has all of its Hindley/Milner types. Thus, the inference system is an extension of the Hindley/Milner system that can type a very large set of lambda terms. 1 Introduction Type inference systems for functional languages are based on solving systems of type constraints. The best known and most widely used type inference algorithm was first discovered by Hindley and later independently by Milner [Hin69, Mil78]. In its simplest form, the algorithm generates type equations from the program text and then solves the equations. If the equati...

We present a simple and powerful type inference method for dynamically typed languages where no type information is supplied by the user. Type inference is reduced to the problem of solvability of a system of type inclusion constraints over a type language that includes function types, constructor types, union, intersection, and recursive types, and conditional types. Conditional types enable us to analyze control flow using type inference, thus facilitating computation of accurate types. We demonstrate the power and practicrdity of the method with examples and performance results from an implementation. 1

Proof-carrying code is a framework for proving the safety of machine-language programs with a machinecheckable proof. Such proofs have previously defined type-checking rules as part of the logic. We show a universal type framework for proof-carrying code that will allow a code producer to choose a programming language, prove the type rules for that language as lemmas in higher-order logic, then use those lemmas to prove the safety of a particular program. We show how to handle traversal, allocation, and initialization of values in a wide variety of types, including functions, records, unions, existentials, and covariant recursive types. 1

The proofs of "traditional" proof carrying code (PCC) are type-specialized in the sense that they require axioms about a specific type system. In contrast, the proofs of foundational PCC explicitly define all required types and explicitly prove all the required properties of those types assuming only a fixed foundation of mathematics such as higher-order logic. Foundational PCC is both more flexible and more secure than type-specialized PCC.

Proof-carrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of low-level typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, low-level type systems by providing machine-checkable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the oper-ational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higher-order logic. I also show how to construct an indexed possible-worlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a full-fledged low-level typed assembly language. Finally, I present a semantic model for a region calculus that supports type-invariant references as well as memory reuse. iii

There is a tension in program analysis between precision and efficiency. In constraint-based program analysis, at one extreme methods based on unification of equality constraints over terms are very fast but often imprecise. At the other extreme, methods based on the resolution of inclusion constraints over set expressions are quite precise, but are often inefficient in practice. We describe a parameterized framework for constraint-based program analyses that allows the analysis designer to embed terms and set expressions within each other. Constraints over these mixed expressions are partially between equality and inclusion, which enables an entire spectrum of program analyses with varying degrees of precision and efficiency to be expressed. We also show that there are interesting analyses that take advantage of this mixture. In particular, we report on the design and implementation of an uncaught exception analysis for core ML. Our results show that the analysis approaches...

Many type inference and program analysis systems include notions of subtyping and parametric polymorphism. When used together, these two features induce equivalences that allow types to be simplified by eliminating quantified variables. Eliminating variables both improves the readability of types and the performance of algorithms whose complexity depends on the number of type variables. We present an algorithm for simplifying quantified types in the presence of subtyping and prove it is sound and complete for non-recursive and recursive types.

Typed Assembly Languages (TALs) are used to validate the safety of machine-language programs. The Foundational Proof-Carrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semantics. This paper proposes general semantic foundations that permit modular proofs of the soundness of TALs. These semantic foundations include Typed Machine Language (TML), a type theory for specifying properties of low-level data with powerful and orthogonal type constructors, and Lc, a compositional logic for specifying properties of machine instructions with simplified reasoning about unstructured control flow. Both of these components, whose semantics we specify using higher-order logic, are useful for proving the soundness of TALs. We demonstrate this by using TML and Lc to verify the soundness of a low-level, typed assembly language, LTAL, which is the target of our core-ML-to-sparc compiler. To prove the soundness of the TML type system we have successfully applied a new approach, that of step-indexed logical relations. This approach provides the first semantic model for a type system with updatable references to values of impredicative quantified types. Both impredicative polymorphism and mutable references are essential when representing function closures in compilers with typed closure conversion, or when compiling objects to simpler typed primitives.

Dynamic typing is a program analysis targeted at removing runtime tagging and untagging operations in dynamically typed languages. This paper shows that dynamic typing at least as powerful as Henglein's system [Hen92b] can be expressed using set constraints. 1 Introduction This paper presents a study of Henglein's dynamic typing discipline [Hen92a, Hen92b]. Dynamic typing extends conventional static types with a single new type Dynamic. Special functions called coercions inject values into and project values from type Dynamic. Currently, the main application of dynamic typing is the optimization of programs written in dynamically typed languages (such as Lisp and Scheme) by removing runtime tests of type tags where they are provably unnecessary (so-called soft typing [CF91, WC94]). A remarkable, and to our knowledge unique, aspect of dynamic typing is that it not only permits the removal of dynamic type tag tests, but also allows the elimination of type tagging operations themselves...

One of the aims of Foundational Proof-Carrying Code (FPCC) is to incorporate a completely semantic description of types into the Proof-Carrying Code framework. FPCC describes types as complex predicates, some of which require properties like contractiveness, representability,andextensionality to hold. We keep track of these properties by encoding them within kinds. In this paper, we give a syntactic kinding system with semantic proofs.