TypecheckingA Typechecker for STLC

The has_type relation of the STLC defines what it means for a term to belong to a type (in some context). But it doesn't, by itself, give us an algorithm for checking whether or not a term is well typed.

Fortunately, the rules defining has_type are syntax directed — that is, for every syntactic form of the language, there is just one rule that can be used to give a type to terms of that form. This makes it straightforward to translate the typing rules into clauses of a typechecking function that takes a term and a context and either returns the term's type or else signals that the term is not typable.

Comparing Types

First, we need a function to compare two types for equality...

Fixpoint eqb_ty (T₁ T₂:ty) : bool :=
  match T₁,T₂ with
  | Bool, Bool ⇒
      true
  | Arrow T₁₁ T₁₂, Arrow T₂₁ T₂₂ ⇒
      andb (eqb_ty T₁₁ T₂₁) (eqb_ty T₁₂ T₂₂)
  | _,_ ⇒
      false
  end.

... and we need to establish the usual two-way connection between the boolean result returned by eqb_ty and the logical proposition that its inputs are equal.

Lemma eqb_ty_refl : ∀T₁,
eqb_ty T₁ T₁ = true.

Proof.
  intros T₁. induction T₁; simpl.
    reflexivity.
    rewrite IHT1_1. rewrite IHT1_2. reflexivity. Qed.

Lemma eqb_ty__eq : ∀T₁ T₂,
eqb_ty T₁ T₂ = true → T₁ = T₂.

Proof with auto.
  intros T₁. induction T₁; intros T₂ Hbeq; destruct T₂; inversion Hbeq.
  - (* T₁=Bool *)
    reflexivity.
  - (* T₁=Arrow T1_1 T1_2 *)
    rewrite andb_true_iff in H₀. inversion H₀ as [Hbeq1 Hbeq2].
    apply IHT1_1 in Hbeq1. apply IHT1_2 in Hbeq2. subst... Qed.

The Typechecker

The typechecker works by walking over the structure of the given term, returning either Some T or None. Each time we make a recursive call to find out the types of the subterms, we need to pattern-match on the results to make sure that they are not None. Also, in the app case, we use pattern matching to extract the left- and right-hand sides of the function's arrow type (and fail if the type of the function is not Arrow T₁₁ T₁₂ for some T₁₁ and T₁₂).

Fixpoint type_check (Gamma : context) (t : tm) : option ty :=
  match t with
  | var x ⇒
      Gamma x
  | abs x T₁₁ t₁₂ ⇒
      match type_check (update Gamma x T₁₁) t₁₂ with
      | Some T₁₂ ⇒ Some (Arrow T₁₁ T₁₂)
      | _ ⇒ None
      end
  | app t₁ t₂ ⇒
      match type_check Gamma t₁, type_check Gamma t₂ with
      | Some (Arrow T₁₁ T₁₂),Some T₂ ⇒
          if eqb_ty T₁₁ T₂ then Some T₁₂ else None
      | _,_ ⇒ None
      end
  | tru ⇒
      Some Bool
  | fls ⇒
      Some Bool
  | test guard t f ⇒
      match type_check Gamma guard with
      | Some Bool ⇒
          match type_check Gamma t, type_check Gamma f with
          | Some T₁, Some T₂ ⇒
              if eqb_ty T₁ T₂ then Some T₁ else None
          | _,_ ⇒ None
          end
      | _ ⇒ None
      end
  end.

Digression: Improving the Notation

Before we consider the properties of this algorithm, let's write it out again in a cleaner way, using "monadic" notations in the style of Haskell to streamline the plumbing of options. First, we define a notation for composing two potentially failing (i.e., option-returning) computations:

Notation " x <- e₁ ;; e₂" := (match e₁ with
                              | Some x ⇒ e₂
                              | None ⇒ None
                              end)
         (right associativity, at level 60).

Second, we define return and fail as synonyms for Some and None:

Notation " 'return' e "
:= (Some e) (at level 60).

Notation " 'fail' "
:= None.

Now we can write the same type-checking function in a more imperative-looking style using these notations.

Fixpoint type_check (Gamma : context) (t : tm) : option ty :=
  match t with
  | var x ⇒
      match Gamma x with
      | Some T ⇒ return T
      | None ⇒ fail
      end
  | abs x T₁₁ t₁₂ ⇒
      T₁₂ <- type_check (update Gamma x T₁₁) t₁₂ ;;
      return (Arrow T₁₁ T₁₂)
  | app t₁ t₂ ⇒
      T₁ <- type_check Gamma t₁ ;;
      T₂ <- type_check Gamma t₂ ;;
      match T₁ with
      | Arrow T₁₁ T₁₂ ⇒
          if eqb_ty T₁₁ T₂ then return T₁₂ else fail
      | _ ⇒ fail
      end
  | tru ⇒
      return Bool
  | fls ⇒
      return Bool
  | test guard t₁ t₂ ⇒
      Tguard <- type_check Gamma guard ;;
      T₁ <- type_check Gamma t₁ ;;
      T₂ <- type_check Gamma t₂ ;;
      match Tguard with
      | Bool ⇒
          if eqb_ty T₁ T₂ then return T₁ else fail
      | _ ⇒ fail
      end
  end.

Properties

To verify that the typechecking algorithm is correct, we show that it is sound and complete for the original has_type relation — that is, type_check and has_type define the same partial function.

Theorem type_checking_sound : ∀Gamma t T,
type_check Gamma t = Some T → has_type Gamma t T.

Proof with eauto.
  intros Gamma t. generalize dependent Gamma.
  induction t; intros Gamma T Htc; inversion Htc.
  - (* var *) rename s into x. destruct (Gamma x) eqn:H.
    rename t into T'. inversion H₀. subst. eauto. solve_by_invert.
  - (* app *)
    remember (type_check Gamma t₁) as TO₁.
    destruct TO₁ as [T₁|]; try solve_by_invert;
    destruct T₁ as [|T₁₁ T₁₂]; try solve_by_invert;
    remember (type_check Gamma t₂) as TO₂;
    destruct TO₂ as [T₂|]; try solve_by_invert.
    destruct (eqb_ty T₁₁ T₂) eqn: Heqb.
    apply eqb_ty__eq in Heqb.
    inversion H₀; subst...
    inversion H₀.
  - (* abs *)
    rename s into x. rename t into T₁.
    remember (update Gamma x T₁) as G'.
    remember (type_check G' t₀) as TO₂.
    destruct TO₂; try solve_by_invert.
    inversion H₀; subst...
  - (* tru *) eauto.
  - (* fls *) eauto.
  - (* test *)
    remember (type_check Gamma t₁) as TOc.
    remember (type_check Gamma t₂) as TO₁.
    remember (type_check Gamma t₃) as TO₂.
    destruct TOc as [Tc|]; try solve_by_invert.
    destruct Tc; try solve_by_invert;
    destruct TO₁ as [T₁|]; try solve_by_invert;
    destruct TO₂ as [T₂|]; try solve_by_invert.
    destruct (eqb_ty T₁ T₂) eqn:Heqb;
    try solve_by_invert.
    apply eqb_ty__eq in Heqb.
    inversion H₀. subst. subst...
Qed.

Theorem type_checking_complete : ∀Gamma t T,
has_type Gamma t T → type_check Gamma t = Some T.

Proof with auto.
  intros Gamma t T Hty.
  induction Hty; simpl.
  - (* T_Var *) destruct (Gamma x₀) eqn:H₀; assumption.
  - (* T_Abs *) rewrite IHHty...
  - (* T_App *)
    rewrite IHHty1. rewrite IHHty2.
    rewrite (eqb_ty_refl T₁₁)...
  - (* T_True *) eauto.
  - (* T_False *) eauto.
  - (* T_If *) rewrite IHHty1. rewrite IHHty2.
    rewrite IHHty3. rewrite (eqb_ty_refl T)...
Qed.