## Ur: Statically-Typed Metaprogramming with Type-Level Record Computation (2010)

Citations: | 22 - 1 self |

### BibTeX

@MISC{Chlipala10ur:statically-typed,

author = {Adam Chlipala},

title = {Ur: Statically-Typed Metaprogramming with Type-Level Record Computation},

year = {2010}

}

### OpenURL

### Abstract

Dependent types provide a strong foundation for specifying and verifying rich properties of programs through type-checking. The earliest implementations combined dependency, which allows types to mention program variables; with type-level computation, which facilitates expressive specifications that compute with recursive functions over types. While many recent applications of dependent types omit the latter facility, we argue in this paper that it deserves more attention, even when implemented without dependency. In particular, the ability to use functional programs as specifications enables statically-typed metaprogramming: programs write programs, and static type-checking guarantees that the generating process never produces invalid code. Since our focus is on generic validity properties rather than full correctness verification, it is possible to engineer type inference systems that are very effective in narrow domains. As a demonstration, we present Ur, a programming language designed to facilitate metaprogramming with first-class records and names. On top of Ur, we implement Ur/Web, a special standard library that enables the development of modern Web applications. Ad-hoc code generation is already in wide use in the popular Web application frameworks, and we show how that generation may be tamed using types, without forcing metaprogram authors to write proofs or forcing metaprogram users to write any fancy types.

### Citations

469 |
Interactive Theorem Proving and Program Development, Coq’Art: The Calculus of Inductive Constructions
- Bertot, Castéran
- 2004
(Show Context)
Citation Context ... up momentum in practical language design. A dependent type system allows types to refer to program variables whose values are not determined until runtime. The classical approach, exemplified by Coq =-=[3]-=- and Agda [17], is based on dependent type theory. These languages combine dependent typing with rich facilities for type-level comPermission to make digital or hard copies of all or part of this work... |

216 | Cayenne - a language with dependent types
- Augustsson
- 1998
(Show Context)
Citation Context ...and open type functions [26]. An alternative strategy is to design a new programming language, picking and choosing features inspired by traditional dependentlytyped languages. Languages like Cayenne =-=[2]-=- and Sage [14] sacrifice decidable type-checking but keep all three of dependent types, type-level computation, and broad applicability. Another popular approach is to introduce some form of dependent... |

197 | Modules for standard ml
- MacQueen
- 1984
(Show Context)
Citation Context ...e implemented ORM as a richly-typed generic component in Ur/Web. Here are two example invocations of our component. These examples use the Ur module system, which is inspired by the ML module systems =-=[16]-=-, with few surprises encountered in adapting that idea to Ur’s base language. structure T = Table(struct val cols = {A = local [int], B = local [string]} end) structure S = Table(struct val cols = {C ... |

171 | Towards a practical programming language based on dependent type theory
- Norell
- 2007
(Show Context)
Citation Context ...in practical language design. A dependent type system allows types to refer to program variables whose values are not determined until runtime. The classical approach, exemplified by Coq [3] and Agda =-=[17]-=-, is based on dependent type theory. These languages combine dependent typing with rich facilities for type-level comPermission to make digital or hard copies of all or part of this work for personal ... |

163 | Inductive definitions in the system Coq; rules and properties
- Paulin-Mohring
(Show Context)
Citation Context ...on by construction. Since CIC has been proved type-sound, Featherweight Ur is typesound, too, almost by definition. This formalization also inherits other properties of CIC, like strong normalization =-=[20]-=-, that do not hold of the full Ur language. This elaboration is meant only to specify the semantics of Ur, rather than an implementation technique. The actual Ur/Web compiler works more traditionally,... |

156 | Type classes with functional dependencies
- Jones
- 2000
(Show Context)
Citation Context ...particular, features once associated only with dependently-typed languages have recently been added to Haskell, in the form of extensions like multiparameter type classes with functional dependencies =-=[12]-=-, generalized algebraic datatypes [27], and open type functions [26]. An alternative strategy is to design a new programming language, picking and choosing features inspired by traditional dependently... |

127 | Domain specific embedded compilers
- Leijen, Meijer
- 1999
(Show Context)
Citation Context ...s levels of static assurance. Ohori and Buneman [19] added explicit support for typing associated with database operations to an ML-like language while maintaining principal typing. Leijen and Meijer =-=[15]-=- embedded a subset of SQL in an extension of Haskell, with static validation of a subset of the properties enforced by Ur/Web. Silva and Visser [30] later completed a similar project with broader stat... |

114 | Type inference for record concatenation and multiple inheritance
- Wand
- 1991
(Show Context)
Citation Context ...hat is mostly restricted to formulas of linear arithmetic. There have been many investigations into the inclusion of extensible records in statically-typed languages. Wand’s initial work on row types =-=[31]-=- has inspired many follow-ups. The work of Rémy [24] is also well-known, as it has directly influenced the object system and polymorphic variant facilities of Objective Caml. Ohori [18] developed a co... |

83 | Combining Programming with Theorem Proving
- Chen, Xi
- 2005
(Show Context)
Citation Context ...but keep all three of dependent types, type-level computation, and broad applicability. Another popular approach is to introduce some form of dependent types without type-level computation, as in ATS =-=[5]-=-, Deputy [6], and liquid types [25]. Finally, a language can support rich type-level computation without dependent typing, as in Ωmega [29]. Considering classical tools like Coq and Agda, Haskell exte... |

81 | Partial polymorphic type inference and higher-order unification
- Pfenning
- 1988
(Show Context)
Citation Context ...zing type inference performance by applying techniques from the type-preserving compilation literature [28]. Higher-order unification is a well-studied subject with some standard heuristic approaches =-=[21]-=-. There, the key problem is inferring type-level functions. In contrast, the Ur/Web implementation has more in common with the GHC Haskell compiler, in that only first-order unification techniques are... |

72 | A polymorphic record calculus and its compilation
- Ohori
- 1995
(Show Context)
Citation Context ...k on row types [31] has inspired many follow-ups. The work of Rémy [24] is also well-known, as it has directly influenced the object system and polymorphic variant facilities of Objective Caml. Ohori =-=[18]-=- developed a compiler for a language with extensible records, demonstrating an index-passing encoding that facilitates separate compilation. Harper and Pierce [10] defined a calculus supporting genera... |

70 | A Polymorphic Type System for Extensible Records and Variants
- Gaster, Jones
- 1996
(Show Context)
Citation Context ...a calculus supporting general record concatenation, via row-quantified types that include general disjointness constraints like those in Ur, but without discussion of type inference. Gaster and Jones =-=[9]-=- define a system for extensible records and variants, achieving a complete type inference algorithm by restricting constraints to the form “label l is not present in row r.” Pottier [23] demonstrated ... |

69 | Languages of the future
- Sheard
- 2004
(Show Context)
Citation Context ... of dependent types without type-level computation, as in ATS [5], Deputy [6], and liquid types [25]. Finally, a language can support rich type-level computation without dependent typing, as in Ωmega =-=[29]-=-. Considering classical tools like Coq and Agda, Haskell extensions, and the previous paragraph’s new languages, there is a serious common weakness. They do not provide very good support for the const... |

60 | Implementing typed intermediate languages
- Shao, League, et al.
- 1998
(Show Context)
Citation Context ...normalize and compare those subterms, and so on. There is no doubt further opportunity for optimizing type inference performance by applying techniques from the type-preserving compilation literature =-=[28]-=-. Higher-order unification is a well-studied subject with some standard heuristic approaches [21]. There, the key problem is inferring type-level functions. In contrast, the Ur/Web implementation has ... |

59 | Dependent types for low-level programming
- Condit, Harren, et al.
- 2007
(Show Context)
Citation Context ... three of dependent types, type-level computation, and broad applicability. Another popular approach is to introduce some form of dependent types without type-level computation, as in ATS [5], Deputy =-=[6]-=-, and liquid types [25]. Finally, a language can support rich type-level computation without dependent typing, as in Ωmega [29]. Considering classical tools like Coq and Agda, Haskell extensions, and ... |

59 | A Records Calculus Based on Symmetric Concatenation
- Harper, Pierce
- 1991
(Show Context)
Citation Context ... facilities of Objective Caml. Ohori [18] developed a compiler for a language with extensible records, demonstrating an index-passing encoding that facilitates separate compilation. Harper and Pierce =-=[10]-=- defined a calculus supporting general record concatenation, via row-quantified types that include general disjointness constraints like those in Ur, but without discussion of type inference. Gaster a... |

58 | Typability and Type Checking in System F are Equivalent and Undecidable
- Wells
- 1999
(Show Context)
Citation Context ...be reduced to type inference in such rich type systems, with unification variables standing for mathematical proofs encoded syntactically. Even type inference for System F has been proved undecidable =-=[32]-=-, and impredicative (or “firstclass”) polymorphism is crucial to Ur’s usefulness, as the example of folder functions demonstrates. To this already undecidable base, Ur adds the type-level computation ... |

52 | Generic programming within dependently typed programming
- Altenkirch, McBride
- 2003
(Show Context)
Citation Context ...ed heavily by our experience with programming in Coq [3]. The possibilities for generic programming in dependently-typed languages have been recognized and implemented for several years now, at least =-=[1]-=-. This body of work has tended to focus on more involved examples like generation of parsers and pretty-printers for arbitrary algebraic datatypes. We mean to argue that Ur, by focusing on a specific ... |

37 | Type checking with open type functions
- Schrijvers, Jones, et al.
- 2008
(Show Context)
Citation Context ...guages have recently been added to Haskell, in the form of extensions like multiparameter type classes with functional dependencies [12], generalized algebraic datatypes [27], and open type functions =-=[26]-=-. An alternative strategy is to design a new programming language, picking and choosing features inspired by traditional dependentlytyped languages. Languages like Cayenne [2] and Sage [14] sacrifice ... |

29 |
Type inference in a database programming language
- Buneman
- 1988
(Show Context)
Citation Context ...level computation, in the form of Fω features and type-level map. Embedding SQL syntax in general-purpose languages has been studied before, with various levels of static assurance. Ohori and Buneman =-=[19]-=- added explicit support for typing associated with database operations to an ML-like language while maintaining principal typing. Leijen and Meijer [15] embedded a subset of SQL in an extension of Has... |

18 |
Dependent ML: an approach to practical programming with dependent types
- Xi
(Show Context)
Citation Context ...g on a specific domain, provides a much more user-friendly experience to programmers, both attracting a broader range of developers and enhancing productivity of those who are attracted. Dependent ML =-=[33]-=- follows a similar path, with convenient automated reasoning that is mostly restricted to formulas of linear arithmetic. There have been many investigations into the inclusion of extensible records in... |

11 | Reflective Program Generation with Patterns
- FÄHNDRICH, CARBIN, et al.
- 2006
(Show Context)
Citation Context ...ject-oriented and procedural programming, and the standard techniques in this area suffer from lack of static validation of metaprograms. Recent language extensions like Compile-Time Reflection (CTR) =-=[8]-=- for C# and MorphJ [11] for Java address this shortcoming for programs that inspect and generate classes in stylized ways. Similar issues of name disjointness checking arise in these tools. One signif... |

11 | Sage: Unified hybrid checking for first-class types, general refinement types, and dynamic
- Knowles, Tomb, et al.
- 2006
(Show Context)
Citation Context ... functions [26]. An alternative strategy is to design a new programming language, picking and choosing features inspired by traditional dependentlytyped languages. Languages like Cayenne [2] and Sage =-=[14]-=- sacrifice decidable type-checking but keep all three of dependent types, type-level computation, and broad applicability. Another popular approach is to introduce some form of dependent types without... |

9 | A 3-part type inference engine
- Pottier
- 2000
(Show Context)
Citation Context ...ster and Jones [9] define a system for extensible records and variants, achieving a complete type inference algorithm by restricting constraints to the form “label l is not present in row r.” Pottier =-=[23]-=- demonstrated a general type inference system equipped to deal with general record concatenation and first-class names. Blume et al. implemented the MLPolyR language [4], which, using type-level recor... |

8 | Extensible programming with first-class cases
- Blume, Acar, et al.
- 2006
(Show Context)
Citation Context ...ot present in row r.” Pottier [23] demonstrated a general type inference system equipped to deal with general record concatenation and first-class names. Blume et al. implemented the MLPolyR language =-=[4]-=-, which, using type-level records, exploits the duality of records and variants to support an extensible case construct. The idea of extensible records is a natural one, and it has appeared in many ot... |

6 |
Dimitrios Vytiniotis. Complete and decidable type inference for gadts
- Schrijvers, Jones, et al.
(Show Context)
Citation Context ...nly with dependently-typed languages have recently been added to Haskell, in the form of extensions like multiparameter type classes with functional dependencies [12], generalized algebraic datatypes =-=[27]-=-, and open type functions [26]. An alternative strategy is to design a new programming language, picking and choosing features inspired by traditional dependentlytyped languages. Languages like Cayenn... |

5 |
Keean Schupke. Strongly typed heterogeneous collections
- Kiselyov, Lämmel
- 2004
(Show Context)
Citation Context ...ed a similar project with broader static validation, using more of the harnessing of type classes with functional dependencies that has become very popular in the Haskell community. The HList library =-=[13]-=- for GHC Haskell is a prominent example of this trend; it provides extensible records, using a notion of type-level compu-tation driven by Haskell’s type class resolution mechanisms. We (somewhat sub... |

5 |
Ranjit Jhala. Liquid types
- Rondon, Kawaguchi
- 2008
(Show Context)
Citation Context ...pes, type-level computation, and broad applicability. Another popular approach is to introduce some form of dependent types without type-level computation, as in ATS [5], Deputy [6], and liquid types =-=[25]-=-. Finally, a language can support rich type-level computation without dependent typing, as in Ωmega [29]. Considering classical tools like Coq and Agda, Haskell extensions, and the previous paragraph’... |

4 |
Application Security Consortium. 2007 web application security statistics. http://www.webappsec.org/projects/ statistics/wasc_wass_2007.pdf
- Web
(Show Context)
Citation Context ...the details, there is no static checking of code generators. It is easy to have bugs that go uncaught even by systematic testing. Lurking bugs in Web code generators are a serious business. One study =-=[7]-=- found that over 30% of Web applications are susceptible to some kind of code injection attack, where code from an untrusted source is relayed to browsers or database servers through a Web application... |

4 |
Huang and Yannis Smaragdakis. Expressive and safe static reflection with MorphJ
- Shan
- 2008
(Show Context)
Citation Context ...edural programming, and the standard techniques in this area suffer from lack of static validation of metaprograms. Recent language extensions like Compile-Time Reflection (CTR) [8] for C# and MorphJ =-=[11]-=- for Java address this shortcoming for programs that inspect and generate classes in stylized ways. Similar issues of name disjointness checking arise in these tools. One significant advantage of Ur’s... |

4 |
Type inference for records in a natural extension of ML. In Theoretical aspects of object-oriented programming
- Rémy
- 1994
(Show Context)
Citation Context ...metic. There have been many investigations into the inclusion of extensible records in statically-typed languages. Wand’s initial work on row types [31] has inspired many follow-ups. The work of Rémy =-=[24]-=- is also well-known, as it has directly influenced the object system and polymorphic variant facilities of Objective Caml. Ohori [18] developed a compiler for a language with extensible records, demon... |

4 |
Strong types for relational databases
- Silva, Visser
- 2006
(Show Context)
Citation Context ...ile maintaining principal typing. Leijen and Meijer [15] embedded a subset of SQL in an extension of Haskell, with static validation of a subset of the properties enforced by Ur/Web. Silva and Visser =-=[30]-=- later completed a similar project with broader static validation, using more of the harnessing of type classes with functional dependencies that has become very popular in the Haskell community. The ... |

1 |
Higher-order polymorphism
- Pierce
- 2002
(Show Context)
Citation Context ...The open source distribution of the Ur/Web compiler, along with the source code for our case studies, is available at http://www.impredicative.com/ur/ 2. Ur By Example Ur is an extension of System Fω =-=[22]-=-, the higher-order polymorphic lambda calculus, presented with ML-style syntax. The foundation of the key extensions to Fω is support for type-level names and records. As a simple introduction to thes... |