CS 541 Lecture -*- Outline -*- * Introduction to type checking idea: (static) analysis to verify certain program properties ostensibly to prevent run-time type errors ** What is a "type"? Q: Can we define a type in a language independent way? may be able, for user-defined types, a type is a set of values that a user chooses to say has that type. operations go with these, hence it corresponds to an ADT. ** What is a type error? Q: what is a type error? assignment of variable of type S a value of type T? so what? treating a S as a T? (why do we care?) what is meant by "treating" Donahue: all objects are bit strings, want to make sure don't misinterpret them *** Preservation of invariants by modules in data want inductive proofs of properties (basis: constructors...) e.g., safety properties like no duplicates in a list for data type induction to be sound, need to find all places that data can be created or mutated *** Seals (Morris 1973) way to describe invariant preservation want module to be able to seal data before passing it to world **** prevent: alteration, discovery, impersonation alteration: change of state without use of operations discovery: access to components without use of ops impersonation: some object not created by ops acts as if it was. describe how this would casue problems for a program: e.g., a table kept in sorted order Q: Does an OO language prevent impersonation? **** seal mechanism createSeal -> (seal_t, unseal_t) gives unique seal function and matching key e.g., cryptosystem unseal_t(seal_t(x)) = x unseal_t(anything else) is an error **** allows invariant preservation: want to prove for all x: P(unseal_t(x)) must show that for all y: if seal_t is applied to y, then P(y) holds. idea: limit use of seal_t to a small area of code *** Type error: attempt to access sealed data without proper capability each object sealed according to its type (seal_T). set of primitive operations have access to unseal_T **** containers (variables) and pointers - typed containers: container of type T may only point to T objects allows earlier catching of errors seals unnecessary for objects in container e.g., savings for arrays - typed objects only: containers untyped can only catch errors on access to contained object seals must be stored with object