TypecheckingA Typechecker for STLC

The has_type relation of the STLC defines what it means for a term to belong to a type (in some context). But it doesn't, by itself, tell us how to check whether or not a term is well typed.

Fortunately, the rules defining has_type are syntax directed — that is, for every syntactic form of the language, there is just one rule that can be used to give a type to terms of that form. This makes it straightforward to translate the typing rules into clauses of a typechecking function that takes a term and a context and either returns the term's type or else signals that the term is not typable.

(* This short chapter constructs such a function and proves it
correct. *)

Require Import Coq.Bool.Bool.
Require Import Maps.
Require Import Smallstep.
Require Import Stlc.

Module STLCChecker.
Import STLC.

Comparing Types

First, we need a function to compare two types for equality...

Fixpoint beq_ty (T₁ T₂:ty) : bool :=
  match T₁,T₂ with
  | TBool, TBool ⇒
      true
  | TArrow T₁₁ T₁₂, TArrow T₂₁ T₂₂ ⇒
      andb (beq_ty T₁₁ T₂₁) (beq_ty T₁₂ T₂₂)
  | _,_ ⇒
      false
  end.

... and we need to establish the usual two-way connection between the boolean result returned by beq_ty and the logical proposition that its inputs are equal.

Lemma beq_ty_refl : ∀T₁,
beq_ty T₁ T₁ = true.

Proof.
  intros T₁. induction T₁; simpl.
    reflexivity.
    rewrite IHT1_1. rewrite IHT1_2. reflexivity. Qed.

Lemma beq_ty__eq : ∀T₁ T₂,
beq_ty T₁ T₂ = true → T₁ = T₂.

Proof with auto.
  intros T₁. induction T₁; intros T₂ Hbeq; destruct T₂; inversion Hbeq.
  - (* T₁=TBool *)
    reflexivity.
  - (* T₁=TArrow T1_1 T1_2 *)
    rewrite andb_true_iff in H₀. inversion H₀ as [Hbeq1 Hbeq2].
    apply IHT1_1 in Hbeq1. apply IHT1_2 in Hbeq2. subst... Qed.

The Typechecker

The typechecker works by walking over the structure of the given term, returning either Some T or None. Each time we make a recursive call to find out the types of the subterms, we need to pattern-match on the results to make sure that they are not None. Also, in the tapp case, we use pattern matching to extract the left- and right-hand sides of the function's arrow type (and fail if the type of the function is not TArrow T₁₁ T₁₂ for some T₁ and T₂).

Fixpoint type_check (Γ:context) (t:tm) : option ty :=
  match t with
  | tvar x ⇒
      Γ x
  | tabs x T₁₁ t₁₂ ⇒
      match type_check (update Γ x T₁₁) t₁₂ with
      | Some T₁₂ ⇒ Some (TArrow T₁₁ T₁₂)
      | _ ⇒ None
      end
  | tapp t₁ t₂ ⇒
      match type_check Γ t₁, type_check Γ t₂ with
      | Some (TArrow T₁₁ T₁₂),Some T₂ ⇒
          if beq_ty T₁₁ T₂ then Some T₁₂ else None
      | _,_ ⇒ None
      end
  | ttrue ⇒
      Some TBool
  | tfalse ⇒
      Some TBool
  | tif guard t f ⇒
      match type_check Γ guard with
      | Some TBool ⇒
          match type_check Γ t, type_check Γ f with
          | Some T₁, Some T₂ ⇒
              if beq_ty T₁ T₂ then Some T₁ else None
          | _,_ ⇒ None
          end
      | _ ⇒ None
      end
  end.

Properties

To verify that this typechecking algorithm is correct, we show that it is sound and complete for the original has_type relation — that is, type_check and has_type define the same partial function.

Theorem type_checking_sound : ∀Γ t T,
type_check Γ t = Some T → has_type Γ t T.

Proof with eauto.
  intros Γ t. generalize dependent Γ.
  induction t; intros Γ T Htc; inversion Htc.
  - (* tvar *) eauto.
  - (* tapp *)
    remember (type_check Γ t₁) as TO₁.
    remember (type_check Γ t₂) as TO₂.
    destruct TO₁ as [T₁|]; try solve_by_invert;
    destruct T₁ as [|T₁₁ T₁₂]; try solve_by_invert.
    destruct TO₂ as [T₂|]; try solve_by_invert.
    destruct (beq_ty T₁₁ T₂) eqn: Heqb;
    try solve_by_invert.
    apply beq_ty__eq in Heqb.
    inversion H₀; subst...
  - (* tabs *)
    rename i into y. rename t into T₁.
    remember (update Γ y T₁) as G'.
    remember (type_check G' t₀) as TO₂.
    destruct TO₂; try solve_by_invert.
    inversion H₀; subst...
  - (* ttrue *) eauto.
  - (* tfalse *) eauto.
  - (* tif *)
    remember (type_check Γ t₁) as TOc.
    remember (type_check Γ t₂) as TO₁.
    remember (type_check Γ t₃) as TO₂.
    destruct TOc as [Tc|]; try solve_by_invert.
    destruct Tc; try solve_by_invert.
    destruct TO₁ as [T₁|]; try solve_by_invert.
    destruct TO₂ as [T₂|]; try solve_by_invert.
    destruct (beq_ty T₁ T₂) eqn:Heqb;
    try solve_by_invert.
    apply beq_ty__eq in Heqb.
    inversion H₀. subst. subst...
Qed.

Theorem type_checking_complete : ∀Γ t T,
has_type Γ t T → type_check Γ t = Some T.

Proof with auto.
  intros Γ t T Hty.
  induction Hty; simpl.
  - (* T_Var *) eauto.
  - (* T_Abs *) rewrite IHHty...
  - (* T_App *)
    rewrite IHHty1. rewrite IHHty2.
    rewrite (beq_ty_refl T₁₁)...
  - (* T_True *) eauto.
  - (* T_False *) eauto.
  - (* T_If *) rewrite IHHty1. rewrite IHHty2.
    rewrite IHHty3. rewrite (beq_ty_refl T)...
Qed.

End STLCChecker.

Exercises

Exercise: 5 stars (typechecker_extensions)

In this exercise we'll extend the typechecker to deal with the extended features discussed in chapter MoreStlc. Your job is to fill in the omitted cases in the following.

Module TypecheckerExtensions.
Require Import MoreStlc.
Import STLCExtended.

Fixpoint beq_ty (T₁ T₂: ty) : bool :=
  match T₁,T₂ with
  | TNat, TNat ⇒
      true
  | TUnit, TUnit ⇒
      true
  | TArrow T₁₁ T₁₂, TArrow T₂₁ T₂₂ ⇒
      andb (beq_ty T₁₁ T₂₁) (beq_ty T₁₂ T₂₂)
  | TProd T₁₁ T₁₂, TProd T₂₁ T₂₂ ⇒
      andb (beq_ty T₁₁ T₂₁) (beq_ty T₁₂ T₂₂)
  | TSum T₁₁ T₁₂, TSum T₂₁ T₂₂ ⇒
      andb (beq_ty T₁₁ T₂₁) (beq_ty T₁₂ T₂₂)
  | TList T₁₁, TList T₂₁ ⇒
      beq_ty T₁₁ T₂₁
  | _,_ ⇒
      false
  end.

Lemma beq_ty_refl : ∀T₁,
  beq_ty T₁ T₁ = true.
Proof.
  intros T₁.
  induction T₁; simpl;
    try reflexivity;
    try (rewrite IHT1_1; rewrite IHT1_2; reflexivity);
    try (rewrite IHT1; reflexivity). Qed.

Lemma beq_ty__eq : ∀T₁ T₂,
  beq_ty T₁ T₂ = true → T₁ = T₂.
Proof.
  intros T₁.
  induction T₁; intros T₂ Hbeq; destruct T₂; inversion Hbeq;
    try reflexivity;
    try (rewrite andb_true_iff in H₀; inversion H₀ as [Hbeq1 Hbeq2];
         apply IHT1_1 in Hbeq1; apply IHT1_2 in Hbeq2; subst; auto);
    try (apply IHT1 in Hbeq; subst; auto).
Qed.

Fixpoint type_check (Γ:context) (t:tm) : option ty :=
  match t with
  | tvar x ⇒
      Γ x
  | tabs x T₁₁ t₁₂ ⇒
      match type_check (update Γ x T₁₁) t₁₂ with
      | Some T₁₂ ⇒ Some (TArrow T₁₁ T₁₂)
      | _ ⇒ None
      end
  | tapp t₁ t₂ ⇒
      match type_check Γ t₁, type_check Γ t₂ with
      | Some (TArrow T₁₁ T₁₂),Some T₂ ⇒
          if beq_ty T₁₁ T₂ then Some T₁₂ else None
      | _,_ ⇒ None
      end
  | tnat _ ⇒
      Some TNat
  | tsucc t₁ ⇒
      match type_check Γ t₁ with
      | Some TNat ⇒ Some TNat
      | _ ⇒ None
      end
  | tpred t₁ ⇒
      match type_check Γ t₁ with
      | Some TNat ⇒ Some TNat
      | _ ⇒ None
      end
  | tmult t₁ t₂ ⇒
      match type_check Γ t₁, type_check Γ t₂ with
      | Some TNat, Some TNat ⇒ Some TNat
      | _,_ ⇒ None
      end
  | tif0 guard t f ⇒
      match type_check Γ guard with
      | Some TNat ⇒
          match type_check Γ t, type_check Γ f with
          | Some T₁, Some T₂ ⇒
              if beq_ty T₁ T₂ then Some T₁ else None
          | _,_ ⇒ None
          end
      | _ ⇒ None
      end
  (* FILL IN HERE *)
  | tlcase t₀ t₁ x₂₁ x₂₂ t₂ ⇒
      match type_check Γ t₀ with
      | Some (TList T) ⇒
          match type_check Γ t₁,
                type_check (update (update Γ x₂₂ (TList T)) x₂₁ T) t₂ with
          | Some T₁', Some T₂' ⇒
              if beq_ty T₁' T₂' then Some T₁' else None
          | _,_ ⇒ None
          end
      | _ ⇒ None
      end
  (* FILL IN HERE *)
  | _ ⇒ None (* ... and delete this line *)
  end.

(* Just for fun, we'll do the soundness proof with just a bit more
   automation than above, using these "mega-tactics": *)
Ltac invert_typecheck Γ t T :=
  remember (type_check Γ t) as TO;
  destruct TO as [T|];
  try solve_by_invert; try (inversion H₀; eauto); try (subst; eauto).

Ltac fully_invert_typecheck Γ t T T₁ T₂ :=
  let TX := fresh T in
  remember (type_check Γ t) as TO;
  destruct TO as [TX|]; try solve_by_invert;
  destruct TX as [T₁ T₂| | | T₁ T₂| T₁ T₂| T₁];
  try solve_by_invert; try (inversion H₀; eauto); try (subst; eauto).

Ltac case_equality S T :=
  destruct (beq_ty S T) eqn: Heqb;
  inversion H₀; apply beq_ty__eq in Heqb; subst; subst; eauto.

Theorem type_checking_sound : ∀Γ t T,
  type_check Γ t = Some T → has_type Γ t T.
Proof with eauto.
  intros Γ t. generalize dependent Γ.
  induction t; intros Γ T Htc; inversion Htc.
  - (* tvar *) eauto.
  - (* tapp *)
    fully_invert_typecheck Γ t₁ T₁ T₁₁ T₁₂.
    invert_typecheck Γ t₂ T₂.
    case_equality T₁₁ T₂.
  - (* tabs *)
    rename i into x. rename t into T₁.
    remember (update Γ x T₁) as Γ'.
    invert_typecheck Γ' t₀ T₀.
  - (* tnat *) eauto.
  - (* tsucc *)
    rename t into t₁.
    fully_invert_typecheck Γ t₁ T₁ T₁₁ T₁₂.
  - (* tpred *)
    rename t into t₁.
    fully_invert_typecheck Γ t₁ T₁ T₁₁ T₁₂.
  - (* tmult *)
    fully_invert_typecheck Γ t₁ T₁ T₁₁ T₁₂.
    fully_invert_typecheck Γ t₂ T₂ T₂₁ T₁₂.
  - (* tif0 *)
    fully_invert_typecheck Γ t₁ T₁ T₁₁ T₁₂.
    invert_typecheck Γ t₂ T₂.
    invert_typecheck Γ t₃ T₃.
    case_equality T₂ T₃.
  (* FILL IN HERE *)
  - (* tlcase *)
    rename i into x₃₁. rename i₀ into x₃₂.
    fully_invert_typecheck Γ t₁ T₁ T₁₁ T₁₂.
    invert_typecheck Γ t₂ T₂.
    remember (update (update Γ x₃₂ (TList T₁₁)) x₃₁ T₁₁) as Gamma'2.
    invert_typecheck Gamma'2 t₃ T₃.
    case_equality T₂ T₃.
  (* FILL IN HERE *)
Qed.

Theorem type_checking_complete : ∀Γ t T,
  has_type Γ t T → type_check Γ t = Some T.
Proof.
  intros Γ t T Hty.
  induction Hty; simpl;
    try (rewrite IHHty);
    try (rewrite IHHty1);
    try (rewrite IHHty2);
    try (rewrite IHHty3);
    try (rewrite (beq_ty_refl T));
    try (rewrite (beq_ty_refl T₁));
    try (rewrite (beq_ty_refl T₂));
    eauto.
  Admitted. (* ... and delete this line *)
(*
Qed. (* ... and uncomment this one *)
*)
End TypecheckerExtensions.

☐

Exercise: 5 stars, optional (stlc_step_function)

Above, we showed how to write a typechecking function and prove it sound and complete for the typing relation. Do the same for the operational semantics — i.e., write a function stepf of type tm → option tm and prove that it is sound and complete with respect to step from chapter MoreStlc.

Module StepFunction.
Import TypecheckerExtensions.

(* FILL IN HERE *)
End StepFunction.

☐

Exercise: 5 stars, optional (stlc_impl)

Using the Imp parser described in the ImpParser chapter as a guide, build a parser for extended Stlc programs. Combine it with the typechecking and stepping functions from above to yield a complete typechecker and interpreter for this language.

Module StlcImpl.
Import StepFunction.

(* FILL IN HERE *)
End StlcImpl.

☐