Lecture Notes in Computer Science 5497 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Massachusetts Institute of Technology, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Stefano Berardi Ferruccio Damiani Ugo de’Liguoro (Eds.) Types for Proofs and Programs International Conference, TYPES 2008 Torino, Italy, March 26-29, 2008 Revised Selected Papers 13 Volume Editors Stefano Berardi Ferruccio Damiani Ugo de’Liguoro Università di Torino, Dipartimento di Informatica Corso Svizzera 185, 10149 Torino, Italy E-mail: {stefano, damiani, deligu}@di.unito.it Library of Congress Control Number: Applied for CR Subject Classification (1998): F.3.1, F.4.1, D.3.3, I.2.3 LNCS Sublibrary: SL 1 – Theoretical Computer Science and General Issues ISSN 0302-9743 ISBN-10 3-642-02443-2 Springer Berlin Heidelberg New York ISBN-13 978-3-642-02443-6 Springer Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. springer.com © Springer-Verlag Berlin Heidelberg 2009 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 12697175 06/3180 543210 Preface These proceedings contain a selection of refereed papers presented at or re- lated to the Annual Workshop of the TYPES project (EU coordination action 510996), which was held during March 26–29, 2008 in Turin, Italy. The topic of this workshop, and of all previous workshops of the same project, was for- mal reasoning and computer programming based on type theory: languages and computerized tools for reasoning, and applications in several domains such as analysis of programming languages, certified software, mobile code, formaliza- tion of mathematics, mathematics education. The workshop was attended by more than 100 researchers and included more than 40 presentations. We also had three invited lectures, from A. Asperti (University of Bologna), G. Dowek (LIX, Ecole polytechnique, France) and J. W. Klop (Vrije Universiteit, Ams- terdam, The Netherlands). From 27 submitted papers, 19 were selected after a reviewing process. Each submitted paper was reviewed by three referees; the final decisions were made by the editors. This workshop is the last of a series of meetings of the TYPES working group funded by the European Union (IST project 29001, ESPRIT Working Group 21900, ESPRIT BRA 6435). The pro- ceedings of these workshops were published in the Lecture Notes in Computer Science series: TYPES 1993 Nijmegen, The Netherlands, LNCS 806, TYPES 1994 B˚astad, Sweden, LNCS 996, TYPES 1995 Turin, Italy, LNCS 1158, TYPES 1996 Aussois, France, LNCS 1512, TYPES 1998 Kloster Irsee, Germany, LNCS 1657, TYPES 1999 L¨okeborg, Sweden, LNCS 1956, TYPES 2000 Durham, UK, LNCS 2277, TYPES 2002 Berg en Dal, The Netherlands, LNCS 2646, TYPES 2003 Turin, Italy, LNCS 3085, TYPES 2004 Jouy-en-Josas, France, LNCS 3839, TYPES 2006 Nottingham, UK, LNCS 4502, TYPES 2007 Cividale del Friuli, Italy, LNCS 4941. ESPRIT BRA 6453 was a continuation of ESPRIT Action 3245, Logical Frame- works: Design, Implementation and Experiments. TYPES 2008 was made pos- sible by the contribution of many people. We thank all the participants of the workshops, and all the authors who submitted papers for consideration for these proceedings. We would like to also thank the referees for their effort in preparing careful reviews. March 2009 Stefano Berardi Ferruccio Damiani Ugo de’Liguoro Organization Referees A. Abel J. Adamek T. Altenkirch D. Ancona F. Aschieri A. Asperti J. Avigad F. Barbanera E. Beffara S. Berghofer Y. Bertot F. Besson L. Bettini S. B. Ana B. E. Brady J. Caldwell F. Cardone P. Casteran J. Charles A. Chlipala A. Ciaffaglione M. Comini T. Coquand P. Corbineau U. Dal Lago D. de Carvalho G. Dowek C. Dubois A. Felty J C. Filliatre C. Fuhs M. Gebser M. Gelfond H. Geuvers G. Gupta J. Harrison T. Hoang M. Hofmann B. Jacobs D. Kesner E. Komendantskaya J. Laird S. Lengrand M. Lenisa P. B. Levy R. Matthes D. Mazza C. Mcbride J. McKinna M. Miculan D. Miller A. Miquel J F. Monin A. Murawski K. Nakazawa R. O’Connor N. Oury M. Piccolo A. Poetzsch-Heffter L. Pottier C. Raffalli F. Ricca W. Ricciotti E. Ritter L. Robaldo P. Rudnicki A. Saurin A. Setzer E. Tassi K. Terui L. Thery A. Trybulec T. Uustalu F J. de Vries R. de Vrijer H. Zantema Table of Contents Type Inference by Coinductive Logic Programming 1 Davide Ancona, Giovanni Lagorio, and Elena Zucca About the Formalization of Some Results by Chebyshev in Number Theory 19 Andrea Asperti and Wilmer Ricciotti A New Elimination Rule for the Calculus of Inductive Constructions 32 Bruno Barras, Pierre Corbineau, Benjamin Gr´egoire, Hugo Herbelin, and Jorge Luis Sacchini A Framework for the Analysis of Access Control Models for Interactive Mobile Devices 49 Juan Manuel Crespo, Gustavo Betarte, and Carlos Luna Proving Infinitary Normalization 64 J¨org Endrullis, Clemens Grabmayer, Dimitri Hendriks, Jan Willem Klop, and Roel de Vrijer First-Class Object Sets 83 Erik Ernst Monadic Translation of Intuitionistic Sequent Calculus 100 Jos´eEsp´ırito Santo, Ralph Matthes, and Lu´ıs Pinto Towards a Type Discipline for Answer Set Programming 117 Camillo Fiorentini, Alberto Momigliano, and Mario Ornaghi Type Inference for a Polynomial Lambda Calculus 136 Marco Gaboardi and Simona Ronchi Della Rocca Local Theory Specifications in Isabelle/Isar 153 Florian Haftmann and Makarius Wenzel Axiom Directed Focusing 169 Cl´ement Houtmann A Type System for Usage of Software Components 186 Dag Hovland Merging Procedural and Declarative Proof 203 Cezary Kaliszyk and Freek Wiedijk Using Structural Recursion for Corecursion 220 Yves Bertot and Ekaterina Komendantskaya VIII Table of Contents Manifest Fields and Module Mechanisms in Intensional Type Theory 237 Zhaohui Luo A Machine-Checked Proof of the Average-Case Complexity of Quicksort in Coq 256 Eelis van der Weegen and James McKinna Coalgebraic Reasoning in Coq: Bisimulation and the λ-Coiteration Scheme 272 Milad Niqui A Process-Model for Linear Programs 289 Luca Paolini and Mauro Piccolo Some Complexity and Expressiveness Results on Multimodal and Stratified Proof Nets 306 Luca Roversi and Luca Vercelli Author Index 323 Type Inference by Coinductive Logic Programming  Davide Ancona, Giovanni Lagorio, and Elena Zucca DISI, Univ. of Genova, v. Dodecaneso 35, 16146 Genova, Italy {davide,lagorio,zucca}@disi.unige.it Abstract. We propose a novel approach to constraint-based type in- ference based on coinductive logic. Constraint generation corresponds to translation into a conjunction of Horn clauses P, and constraint satis- faction is defined in terms of the coinductive Herbrand model of P .We illustrate the approach by formally defining this translation for a small object-oriented language similar to Featherweight Java, where type an- notations in field and method declarations can be omitted. In this way, we obtain a very precise type inference and provide new insights into the challenging problem of type inference for object-oriented programs. Since the approach is deliberately declarative, we define in fact a formal specification for a general class of algorithms, which can be a useful road map to researchers. Furthermore, despite we consider here a particular language, the methodology could be used in general for providing abstract specifica- tions of type inference for different kinds of programming languages. Keywords: Type inference, coinduction, nominal and structural typing, object-oriented languages. 1 Introduction Type inference is a valuable method to ensure static guarantees on the execution of programs (like the absence of some type errors) and to allow sophisticated compiler optimizations. In the context of object-oriented programming, many solutions have been proposed to perform type analysis (we refer to the recent article of Wang and Smith [20] for a comprehensive overview), but the increasing interest in dynamic object-oriented languages is asking for even more precise and efficient type inference algorithms [3,14]. Two important features which have to be supported by type inference are parametric and data polymorphism [1]; the former allows invocation of a method on arguments of unrelated types, the latter allows assignment of values of unre- lated types to a field. While most solutions proposed in literature support well parametric polymorphism, only few inference algorithms are able to deal prop- erly with data polymorphism; such algorithms, however, turn out to be quite complex and cannot be easily described.  This work has been partially supported by MIUR EOS DUE - Extensible Object Systems for Dynamic and Unpredictable Environments. S. Berardi, F. Damiani, and U. de’Liguoro (Eds.): TYPES 2008, LNCS 5497, pp. 1–18, 2009. c  Springer-Verlag Berlin Heidelberg 2009 2 D. Ancona, G. Lagorio, and E. Zucca In this paper we propose a novel approach to type inference, by exploiting coinductive logic programming. Our approach is deliberately declarative, that is, we do not define any algorithm, but rather try to capture a space of possible solutions to the challenging problem of precise type inference of object-oriented programs. The basic idea is that the program to be analyzed can be translated into an approximating logic program and a goal; then, type inference corresponds to find an instantiation of the goal which belongs to the coinductive model of the logic program. Coinduction allows to deal in a natural way with both recursive types [11,12] and mutually recursive methods. The approach is fully formalized for a purely functional object-oriented lan- guage similar to Featherweight Java [16], where type annotations can be omitted, and are used by the programmer only as subtyping constraints. The resulting type inference is very powerful and allows, for instance, very precise analysis of heterogeneous container objects (as linked lists). The paper is structured as follows: Section 2 defines the language and gives an informal presentation of the type system, based on standard recursive and union types. In Section 3 the type system is reconsidered in the light of coinductive logic programming, and the translation is fully formalized. Type soundness w.r.t. the operational semantics is claimed (proofs are sketched in Appendix B). Finally, Section 4 draws some conclusions and discusses future developments. 2 Language Definition and Types In this section we present a simple object-oriented (shortly OO) language to- gether with the definition of types. Constraint generation and satisfaction are only informally illustrated; they will be formally defined in the next section, on top of coinductive logic programming. 2.1 Syntax and Operational Semantics The syntax is given in Figure 1. Syntactic assumptions listed in the figure are verified before performing type inference. We use bars for denoting sequences: for instance, e m denotes e 1 , ,e m , Tx n denotes 1 T 1 x 1 , ,T n x n ,andsoon. The language is basically Featherweight Java (FJ) [16], a small Java subset which has become a standard example to illustrate extensions and new tech- nologies for Java-like languages. Since we are interested in type inference, type annotations for parameters, fields, and returned values can be omitted; further- more, to make the type inference problem more interesting, we have introduced the conditional expression if (e) e 1 else e 2 , and a more expressive form of con- structor declaration. We assume countably infinite sets of class names c, method names m, field names f ,andparameter names x . A program is a sequence of class declarations 1 If not explicitly stated, the bar “distributes over” all meta-variables below it. Type Inference by Coinductive Logic Programming 3 prog ::= cd n e cd ::= class c 1 extends c 2 { fd n cn md m } (c 1 = Object) fd ::= Tf; cn ::= c(Tx n ) {super(e m ); f = e  ; k } md ::= T 0 m(Tx n ) {e} e ::= new c(e n ) | x | e.f | e 0 .m(e n ) | if (e) e 1 else e 2 | false | true T ::= N |  N ::= c | bool v ::= new c(v n ) | false | true Assumptions: n, m, k ≥ 0, inheritance is not cyclic, names of declared classes in a program, methods and fields in a class, and parameters in a method are distinct. Fig. 1. Syntax of OO programs together with a main expression from which the computation starts. A class declaration consists of the name of the declared class and of its direct superclass (hence, only single inheritance is supported), a sequence of field declarations, a constructor declaration, and a sequence of method declarations. We assume a predefined class Object, which is the root of the inheritance tree and contains no fields, no methods and a constructor with no parameters. A field declara- tion consists of a type annotation and a field name. A constructor declaration consists of the name of the class where the constructor is declared, a sequence of parameters with their type annotations, and the body, which consists of an invocation of the superclass constructor and a sequence of field initializations, one for each field declared in the class. 2 A method declaration consists of a re- turn type annotation, a method name, a sequence of parameters with their type annotations, and an expression (the method body). Expressions are standard; boolean values and conditional expressions have been introduced just to show how the type system allows precise typing in case of branches. Integer values and the related standard primitives will be used in the examples, but are omitted in the formalization, since their introduction would only imply a straightforward extension of the type system. As in FJ, this is considered as a special implicit parameter. A type annotation T can be either a nominal type N (the primitive type bool or a class name c)orempty. Finally, the definition of values v is instrumental to the (standard) small steps operational semantics of the language, indexed over the class declarations defined by the program, shown in Figure 2. For reasons of space, side conditions have been placed together with premises, and standard contextual closure have been omitted. To be as general as possible, no evaluation strategy has been fixed. Auxiliary functions cbody and mbody are defined in Appendix A. 2 This is a generalization of constructors of FJ, whose arguments exactly match in number and type the fields of the class, and are used as initialization expressions. [...]... hd1) hd \land leb hd (2*hd1) \land check_list tl) ] ] In order for these procedures to be useful, some properties must hold First we need to prove correctness and completeness of sieve, which in turn requires us to understand and prove the recursion invariant of sieve_aux Informally: Given a natural number m and two lists l1 and l2, such that – for any natural number p, p is contained in l1 if and only... ), and e →cds e , then there exist t , B and θ s.t e in V (t | B ), B θ ⊆ M co (P ), and t θ ≤ t θ Theorem 2 [Subject reduction] If cds e (P , B ), B is satisfiable in P , and e →cds e , then cds e (P , B ), and B is satisfiable in P Proof A corollary of lemma 3 About the Formalization of Some Results by Chebyshev in Number Theory Andrea Asperti∗ and Wilmer Ricciotti Dipartimento di Scienze dell’Informazione... the form A ← B , where A is the head and B is the body The head is an atom, while the body is a finite and possibly empty conjunction of atoms; the empty conjunction is denoted by true A clause with an empty body (denoted by A ← true) is called a fact An n n atom has the form6 p(t ) where the predicate p has arity n and t are terms For list terms we use the standard notation [ ] for the empty list and. .. p1 · p2 denotes the concatenation of p1 and p2 , and |p| denotes the length of p A tree t is a partial function from paths to logical variables and function symbols, satisfying the following conditions: 1 the domain of t (denoted by dom(t )) is prefix-closed and not empty; 2 for all paths p in dom(t ) and for all natural numbers n, p · n ∈ dom(t ) iff t (p) = f /m and n < m If p ∈ dom(t ), then the subtree... τ0 and with arguments of types τ n These predicates are needed for translating class environments in logic programs (see Figure 4) 3.3 Constraint Generation Constraint generation is defined in Figure 4 For the translation we assume bijections from the three sets of class, field and method names declared in the program to three corresponding sets containing constants of the co-Herbrand universe, and. .. s.t p ∈ dom(t ), and let l = |p | (p exists since we are assuming that there exists a finite prefix of s which does not belong to dom(t ), and, by definition of tree, dom(t ) is not empty and prefix-closed) Then, by definition of t θ, p ∈ dom(t ) and t (p ) = X for a certain logic variable X , and for all finite prefixes p of s, if |p| ≥ l, then there exists p s.t p = p · p , p ∈ dom(t ), and t (p ) = t (p),... defined by: (cds e) → (cds e ) iff e →cds e Finally, →∗ and →∗ denote the reflexive and transitive closures cds of → and →cds , respectively 2.2 Types Types, class environments and constraints are defined in Figure 3 Value types (meta-variable τ ) must not be confused with nominal types (metavariable N ) in the OO syntax Nominal types are used as type annotations by τ ρ Δ fts ct mts mt C γ ::= ::= ::= ::=... notation [ ] for the empty list and [ | ] for n the list constructor, and adopt the syntax abbreviation [t ] for [t1 |[ [tn |[ ]]] In coinductive Herbrand models, terms are possibly infinite trees The definition of tree which follows is quite standard [13,2] A path p is a finite and 6 Parentheses are omitted for predicate symbols of arity 0; the same convention applies for function applications, see below... contained in l1 if and only if it is prime and less than any number contained in l2 – for any natural number x, x is contained in l2 if and only if 2 ≤ x ≤ m and x isn’t multiple of any number contained in l1 About the Formalization of Some Results by Chebyshev in Number Theory 29 then, assuming l1 and l2 are respectively sorted decreasingly and increasingly, and t is less than the length of l2, sieve... decreasing numbers and p is contained in sieve aux l1 l2 t if and only if p is prime and less than m The invariant is relatively complex, due to the mutual dependency of the properties of the two lists l1 and l2 A proof may be obtained by induction on t and then by cases on l2 In the interesting part, for t = t + 1 and l2 = h :: l, the statement is obtained by means of the induction hypothesis The following . fact.An atom has the form 6 p(t n ) where the predicate p has arity n and t n are terms. For list terms we use the standard notation [ ] for the empty list and [ | ]for the list constructor, and adopt the. Finally, → ∗ and → ∗ cds denote the reflexive and transitive closures of → and → cds , respectively. 2.2 Types Types, class environments and constraints are defined in Figure 3. Value types (meta-variable. Germany, LNCS 1657, TYPES 1999 L¨okeborg, Sweden, LNCS 1956, TYPES 2000 Durham, UK, LNCS 2277, TYPES 2002 Berg en Dal, The Netherlands, LNCS 2646, TYPES 2003 Turin, Italy, LNCS 3085, TYPES 2004 Jouy-en-Josas,