Tutorial on Subtype Marks

When developing safety critical applications, the programmer might want to be able to prove his or her code correct. The integration of a proof system and a programming language of industrial strength can be fairly useful in this respect, like in the case of, for instance, the B method [1] or the functional programming languages Erlang [12,5] and Clean [6,4]. This paper presents the concept of subtype marks, a concept that establishes still closer links between a programming language and a proof system by letting the programmer encode certain important properties of programs within the type system of the language. Subtype marks are introduced here as part of a simple functional language. This language can be regarded as a small subset of Clean. In programming languages types play an important role with respect to safety: they can help avoid ill-behaved programs by forcing compilation-time errors (or, in case of dynamic typing, run-time type errors) for programs that use variables and operations inconsistently or possibly incorrectly. Type systems can provide a high degree of safety at low operational costs. As part of the compiler (and, in case of dynamic typing, the run-time system), they discover many semantic errors very efficiently. There are many ways to make type systems even more powerful than usual. Among the most interesting ones is the concept of “dependent types”: types that depend on values. Dependent types are, in principle, used in proof systems. However, they also appear in some programming languages, for example in Cayenne [2] and Epigram [10]. In dependently typed languages types are first class citizens, and sophisticated computations can be expressed on them. These computations are executed at compile time, during the type checking of programs. Dependent types provide significantly more information about the meaning of a program than types in traditional type systems do, hence type checking becomes more like theorem proving in dependently typed languages. Another interesting approach to increase the expressiveness of type systems is to add annotations to types. The functional programming language Clean implements the “uniqueness type system” (a type system that makes destructive updates of memory and input-output operations possible without violating referential transparency) with annotations. Furthermore, annotations are used in this language to change the default lazy evaluation strategy into strict. Annotations in a type system can also carry information about concurrency [7], complexity [14] etc. Ownership types [3], for example, make it possible to reason about programs with respect to pointers and aliasing.