CS 342 Lecture -*- Outline -*- * Type checking in the REAL CLU ** structural (for equates) ai1 = array[int] ai2 = array[int] x: ai1 := ai2$[0: 4] ** By name for abstract types names of clusters distinct name of cluster is NOT equal to rep type of cluster true even inside the cluster so name equiv. for clusters ** security of data abstraction (langauge enforcement of data abtraction) goals: make sure modules outside cluster cannot "discover" rep help preserve invariant when objects are sent out from cluster inductive proof: establish rep invariant when create an object of rep type. when pass out, want it to be protected, so change type using "up" (wrap object in shield) when get object as argument, melt the shield using "down" can assume rep invariant holds when mutate an object, re-establish invariant before passing out again finally re-wrap using up before passing out *** up wraps object in "shield" wrapping can happen at several levels of abstraction sorted list { list { array } } *** down melts shield *** cvt shorthand (down on the way in, up on way out) *** rep type not equal to abstract type even inside the cluster! ensures information hiding cannot change type of an expression (no coercions) except in cluster that implements that type ** Across module boundaries (library, type-safe linkage) advert: important for large projects to split work to compile only what's changed problem: how to type check program if compiler doesn't see it all at once? answer: use "library" to store information about module interfaces when check against the library assume that impl will have that interface record assumptions in object files when link, validate those assumptions