Refining Objects (Preliminary Summary)

Inspired by Cardelli’s pioneering work, many type disciplines for object-oriented programming are based on enrichments of structural type theories with constructs such as subtyping and bounded polymorphism. A principal benefit of such a formulation is that the absence of “message not understood” errors is an immediate corollary of the type safety theorem. A principal drawback is that the resulting type systems tend to be rather complex in order to accommodate the methodology of object-oriented programming. We consider another approach based on a simple structural type theory enriched with a system of type refinements with which we may express behavioral requirements such as the absence of “message not understood” errors. Ensuring this property is viewed as a verification condition on programs that use dynamic dispatch, which we construe as an abstract type of objects supporting instantiation and messaging operations. At the structural level dynamic dispatch may fail, but at the behavioral level this possibility is precluded. To validate this approach we give an interpretation of Featherweight Java (FJ), a widely-used model of object-oriented programming, that comprises a compilation into dynamic dispatch, and an interpretation of the class table as a system of type refinements. We show that welltyped FJ programs translate to well-typed and well-refined programs, from which we deduce the same safety guarantees as are provided by FJ. More importantly, the behavioral formulation may be scaled to verify the absence of other behaviors, such as down-cast errors, that are not easily handled using only structural types.