TypecheckingA Typechecker for STLC

The has_type relation of the STLC defines what it means for a term to belong to a type (in some context). But it doesn't, by itself, give us an algorithm for checking whether or not a term is well typed.

Fortunately, the rules defining has_type are syntax directed — that is, for every syntactic form of the language, there is just one rule that can be used to give a type to terms of that form. This makes it straightforward to translate the typing rules into clauses of a typechecking function that takes a term and a context and either returns the term's type or else signals that the term is not typable.

Comparing Types

First, we need a function to compare two types for equality...

Fixpoint eqb_ty (T₁ T₂:ty) : bool :=
  match T₁,T₂ with
  | Bool, Bool ⇒
      true
  | Arrow T₁₁ T₁₂, Arrow T₂₁ T₂₂ ⇒
      andb (eqb_ty T₁₁ T₂₁) (eqb_ty T₁₂ T₂₂)
  | _,_ ⇒
      false
  end.

... and we need to establish the usual two-way connection between the boolean result returned by eqb_ty and the logical proposition that its inputs are equal.

Lemma eqb_ty_refl : ∀T₁,
eqb_ty T₁ T₁ = true.

Lemma eqb_ty__eq : ∀T₁ T₂,
eqb_ty T₁ T₂ = true → T₁ = T₂.

The Typechecker

The typechecker works by walking over the structure of the given term, returning either Some T or None. Each time we make a recursive call to find out the types of the subterms, we need to pattern-match on the results to make sure that they are not None. Also, in the app case, we use pattern matching to extract the left- and right-hand sides of the function's arrow type (and fail if the type of the function is not Arrow T₁₁ T₁₂ for some T₁₁ and T₁₂).

Fixpoint type_check (Gamma : context) (t : tm) : option ty :=
  match t with
  | var x ⇒
      Gamma x
  | abs x T₁₁ t₁₂ ⇒
      match type_check (update Gamma x T₁₁) t₁₂ with
      | Some T₁₂ ⇒ Some (Arrow T₁₁ T₁₂)
      | _ ⇒ None
      end
  | app t₁ t₂ ⇒
      match type_check Gamma t₁, type_check Gamma t₂ with
      | Some (Arrow T₁₁ T₁₂),Some T₂ ⇒
          if eqb_ty T₁₁ T₂ then Some T₁₂ else None
      | _,_ ⇒ None
      end
  | tru ⇒
      Some Bool
  | fls ⇒
      Some Bool
  | test guard t f ⇒
      match type_check Gamma guard with
      | Some Bool ⇒
          match type_check Gamma t, type_check Gamma f with
          | Some T₁, Some T₂ ⇒
              if eqb_ty T₁ T₂ then Some T₁ else None
          | _,_ ⇒ None
          end
      | _ ⇒ None
      end
  end.

Digression: Improving the Notation

Before we consider the properties of this algorithm, let's write it out again in a cleaner way, using "monadic" notations in the style of Haskell to streamline the plumbing of options. First, we define a notation for composing two potentially failing (i.e., option-returning) computations:

Notation " x <- e₁ ;; e₂" := (match e₁ with
                              | Some x ⇒ e₂
                              | None ⇒ None
                              end)
         (right associativity, at level 60).

Second, we define return and fail as synonyms for Some and None:

Notation " 'return' e "
:= (Some e) (at level 60).

Notation " 'fail' "
:= None.

Now we can write the same type-checking function in a more imperative-looking style using these notations.

Fixpoint type_check (Gamma : context) (t : tm) : option ty :=
  match t with
  | var x ⇒
      match Gamma x with
      | Some T ⇒ return T
      | None ⇒ fail
      end
  | abs x T₁₁ t₁₂ ⇒
      T₁₂ <- type_check (update Gamma x T₁₁) t₁₂ ;;
      return (Arrow T₁₁ T₁₂)
  | app t₁ t₂ ⇒
      T₁ <- type_check Gamma t₁ ;;
      T₂ <- type_check Gamma t₂ ;;
      match T₁ with
      | Arrow T₁₁ T₁₂ ⇒
          if eqb_ty T₁₁ T₂ then return T₁₂ else fail
      | _ ⇒ fail
      end
  | tru ⇒
      return Bool
  | fls ⇒
      return Bool
  | test guard t₁ t₂ ⇒
      Tguard <- type_check Gamma guard ;;
      T₁ <- type_check Gamma t₁ ;;
      T₂ <- type_check Gamma t₂ ;;
      match Tguard with
      | Bool ⇒
          if eqb_ty T₁ T₂ then return T₁ else fail
      | _ ⇒ fail
      end
  end.

Properties

To verify that the typechecking algorithm is correct, we show that it is sound and complete for the original has_type relation — that is, type_check and has_type define the same partial function.

Theorem type_checking_sound : ∀Gamma t T,
type_check Gamma t = Some T → has_type Gamma t T.

Theorem type_checking_complete : ∀Gamma t T,
has_type Gamma t T → type_check Gamma t = Some T.