Typed Smalltalk Popl

Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

A Type System for Smalltalk

Justin 0. Graver
University of Florida

Ralph E. Johnson
University of Illinois at Urbana-Champaign

Abstract subclassing with subtyping [Sus81, B182, SCB’86,


Str86, Mey88]. In our type system, types are based
This paper describes a type system for Smalltalk that on classes (i.e. each class defines a type or a fam-
is type-safe, that allows most Smalltalk programs to ily of types) but subclassing has no relationship to
be type-checked, and that can be used as the basis of subtyping. This is because Smalltalk classes inherit
an optimizing compiler. implementation and not specification.
Our type system uses discriminated union types
and signature types to describe inclusion polymor-
1 Introduction phism and describes functional polymorphism (some-
times called parametric polymorphism, see [DT88])
There has been a lot of interest recently in type using bounded universal quantification. It has the
systems for object-oriented programming languages following features:
[CW85, DT88]. Since Smalltalk was one of the ear-
liest object-oriented languages, it is not surprising a automatic case analysis of union types,
that there have been several attempts to provide
a type system for it [SuaBl, BI82]. Unfortunately, l effective treatment of side-effects by basing the
none of the attempts have been completely successful definition of the subtype relation on equality of
[Joh86]. In particular, none of the proposed type sys- parameterized types, and
tems are both type-safe and capable of type-checking
l type-safety, i.e. a variable’s value always con-
most common Smalltalk programs. Smalltalk vio-
forms to its type.
lates many of the assumptions on which most object-
oriented type systems are based, and a successful Because the type system uses class information, it can
type system for Smalltalk is necessarily different from be used for optimization. It has been implemented as
those for other languages. part of the TS (Typed Smalltalk) optimizing compiler
We have designed a new type system for Smalltalk. [JGZ88].
The biggest difference between our type system and
others is that most type systems for object-oriented
programming languages equate classes with types and 2 Background
Authors’ address, telephone, and e-mail:
Department of Computer and Information Sciences, E301 CSE,
Smalltalk [GRSS] is . a pure object-oriented program-
Gainesville, FL 32611, (904) 392-1507, graverOcis.ti.edu ming language in that everything, from integers to
Department of Computer Science, 1304 W. Springfield Ave., text windows to the execution state, is an object. In
Urbana, IL 61801, (217) 244-0093, [email protected] particular, classes are objects. Since everything is an
object, the only operation needed in Smalltalk is mes-
sage sending. Smalltalk uses run-time type-checking.
Every message send is dynamically bound to an im-
plementation depending on the class of the receiver.
This unified view of the universe makes Smalltalk a
Permission to copy without fee all or part of this material is granted compact yet powerful language.
provided that the copies are not made or distributed for direct
Smalltalk is extremely extensible. Most operations
commercialadvantage,the ACM copyright notice and the title of the
publication and its date appear, and notice is given that copying is by
are built out of a small set of powerful primitives.
permission of the Asociation for Computing Machinery. To copy othcr-
wise, or to republish, requires a fee and/or specific permission.
0 1990 ACM 089791-3434/9O/OOOi/O136 $1.50 136
For example, control structures are all implemented
in terms of blocks, which are the Smalltalk equivalent class Change:
of closures. Smalltalk’s equivalent to if-then-else is values
the ifTtue:ifFalse: message, which is sent to a boolean TAtray with: self class with: self parameters
object with two block arguments. If the receiver is an parameters
instance of class True then the “true block” is evalu- self subclassResponsibility
ated. Similarly, if the receiver is an instance of class
Fake then the “false block” is evaluated. Looping is class ClassRelatedChange:
implemented in a similar way using recursion. These parameters
primitives can be used to implement case statements, TclassName
generators, exceptions, and coroutines[Deu81].
Smalltalk has been used mostly for prototyping and class MethodChange:
exploratory development. It is ideal for these pur- parameters
poses because Smalltalk programs are easy to change fAtray with: className with: selector
and reuse, and Smalltalk comes with a powerful pro-
gramming environment and large library of generally class OtherChange:
useful components. However, it has not been used parameters
as much for production programming. This is partly Tself text
because it is hard to use for multi-person projects,
partly because it is hard to deliver application pro-
grams without the large programming environment, Figure 1: Change and its subclasses.
and partly because it is not as efficient as languages
like C. In spite of these problems, the development
and maintenance of Smalltalk programs is so easy
that more and more companies are developing ap-
plications with it. class is needed) [JF88]. Although conscientious prd-
A type system can help solve Smalltalk’s problems. grammers remove these improprieties from finished
Type information makes programs easier to under- programs, we wanted a type system that would al-
stand and can be used to automatically check inter- low them, since they are often important intermedi-
face consistency, which makes Smalltalk better suited ate steps in the development process. Thus, a static
for multiperson projects. However, our main motiva- type system for Smalltalk must be as flexible as the
tion for type-checking Smalltalk is to provide infor- traditional dynamic type-checking.
mation needed by an optimizing compiler. Smalltalk In an untyped object-oriented language like
methods (procedures) tend to be very small, mak- Smalltalk, classes inherit only the implementation
ing aggressive inline substitution necessary to achieve of their superclasses. In contrast, most type sys-
good performance. Type information is required to tems for object-oriented programming languages re-
bind methods at compile-time. Although some type quire classes to inherit the specification of their super-
information can be acquired by dataflow analysis of classes [BI82, Car84, CW85, SCB*86, Str86, Mey88],
individual methods [CUL89], explicit type declara- not just the implementation [Sua81, Joh86]. A class
tions produce better results and also make programs specification can be an explicit signature [BHJL86],
more reliable and easier to understand. From this the implicit signature implied by the name of a class
point of view, the type system has been quite suc- [SCB*86], or a signature combined with method pre-
cessful, because the TS compiler can make Smalltalk and post-conditions, class invariants, etc. [Mey88].
programs run nearly as fast as C programs. Inheriting specification means that the type of meth-
It is important that a type system for Smalltalk not ods in subclasses must be subtypes of their specifica-
hurt Smalltalk’s good qualities. In particular, it must tions in superclasses.
not hinder the rapid-prototyping style often used by Since Smalltalk is untyped, only implementation is
Smalltalk programmers. Exploratory programmers inherited. This makes retrofitting a type system dif-
try to build programs as quickly as possible, mak- ficult. Since specification inheritance is a logical or-
ing localized changes instead of global reorganization. ganization, many parts of the Smalltalk inheritance
They often use explicit run-time checks for particu- hierarchy conform to specification inheritance, but
lar classes (evidence that code is in the wrong class) there is nothing in the language that requires or en-
and create new subclasses to reuse code rather than forces this. Thus, it is common to find classes in
to organize abstraction (evidence that a new abstract the Smalltalk- class library that inherit implemen-

137
tation and ignore specification. 3 Types
Dictionary is a good example of a class that inher- The abstract and concrete syntax for type expressions
its implementation but not specification; it is a sub- is shown in Figure 2 (abstract syntax on the left and
class of Set. A Dictionary is a keyed lookup table concrete syntax on the right). In the concrete syn-
that is implemented as a hash table of <key, value> tax grammar terminals are underlined, (something)*
pairs. Dictionary inherits the hash table implemen- represents zero or more repetitions of the something,
tation from Set, but applications using Sets would and (something)+ represents one or more repetitions
behave quite differently if given Dictionaries instead. of the something. Each of the type forms will be de-
scribed in detail in the following sections.
Abstract classes, a commonly used Smalltalk pro- We use the abstract syntax in inference rules and
gramming technique, provide other examples where the concrete syntax in examples. Type expressions
classes inherit implementation but not specification. are denoted by a, t, and u. Type variables are de-
Consider the method definitions shown in Figure 1. noted by p (abstract syntax) or by P (concrete_syn-
These (and other) classes are used to track changes tax). Lists (tuples) of types are denoted by t =
made to the system. The abstract class Change de- <ir,tz,***r t, >. The empty list is denoted by <>
fines the values method in terms of the parameters and t et’is the list < t, 21, t2,. . . , t, >. Similar nota-
method. The implementation of the values method is tion is used for lists of type variables. C denotes a
inherited by the subclasses of Change. The result of class name and m denotes a message selector.
sending the values message depends on the result of Strictly speaking, a type variable is not a type; it
sending the parameters message, which is different for is a place holder (or representative) for a type. We
each class in Figure 1. Hence, the specification of the assume that all free type variables are (implicitly)
values method is also different for each of the classes. universally quantified at an appropriate level. For
example, the local type variables of a method type
A class-based type system with explicit union types are assured to be universally quantified over the type
works for an implementation inheritance hierarchy of the method; the class type parameters of a class
and greatly simplifies optimization, but is not very are assumed to be universally quantified over all type
flexible when it comes to adding new classes to the definitions in the class. We also assume that all type
system. To regain some of the flexibility we incor- variables are unique (i.e. have unique names) and are
porate type-inference and signatures. This gives us implicitly renamed whenever a type containing type
both flexibility and the ability to optimize. variables is conceptually instantiated. For example,
the local type variables of a method type are renamed
A type system suitable for an optimizing Smalltalk
each time the method type is “used” at a call site. We
compiler must also have parameterized types. It is
do use explicit range declarations for type variables
difficult to imagine a (non-trivial) Smalltalk applica-
to achieve bounded universal quantification (see Sec-
tion that does not use Collections. The compiler must
tions 3.5 and 3.6). Given these assumptions, we treat
be able to associate the type of objects being added
type variables 8s types.
to a Collection with the type of objects being removed
from it. Without parameterized types, all Collections
are reduced to homogeneous groups of generic ob- 3.1 Subtyping
jects. Furthermore, due to the potentially imperative
side-effects of any operation, a special imperative def- The intuitive meaning of the subtype relation 5 is
inition of subtyping for parameterized types is used that if B C t then everything of type 8 is also of type
(see Section 3.1). t. The subtyping relation for our type system can
be formalized 8s 8 Set, of type inference rules (8s in
The type system must also be able to describe the [CW85]). C is a set of inclusion constraints for type
functional and inclusion polymorphism exhibited by variables. The notation C.p E t means to extend the
many Smalltalk methods. Functional polymorphism set C with the constraint that the type variable p is a
can be described, in the usual manner, with (im- subtype of the type 1. The notation C t- s 5 t means
plicit) bounded universal quantification of type vari- that from C we can infer s & t. A horizontal bar is
ables. Inclusion polymorphism can be described with logical implication: if we can infer what is above it
explicit union types or signatures. then we can infer what is below it.
The following are basic inference rules.
For a detailed discussion of these issues see
[Gra89]. C t t & Anything

138
t ..- Type ::=
(object type) ‘.‘- W) ClassName (of: Type)+
(block type) Iid ) Block (of: Z$pe)* returns: Type
(union type) lt+t
I (2) _
(signature type) I <m,t-+t>*
(d Type)Sreturns: Type)*)
I 0) t (Type)
(type variable) IP IP
(7 1 Anything 1 Anything
(1) 1 Nothing [ Nothing

Figure 2: The abstract and concrete syntax of types.

C I- Nothing 5 t variables that can appear in type declarations for in-


stance variables.
C.p&tl-pCt
An object type is a class name together with a pos-
c.t L pl-t g p sibly empty list of types. The type list of an object
type provides values for the class type parameters de-
CkP 5 P
fined for the corresponding class. Thus, the size of the
The following rules are used for the type parame- type list that may accompany a class name is fixed by
ter lists of object types (see Section 3.2) and for the the corresponding class definition. For example, the
argument type lists for block types (see Section 3.4). classes Smalllnteger and Character have zero class type
parameters, so SmallInteger and Character are valid
Ck<>&<> object types. The classes Array and Set each have one
class type parameter, so Array of: SmaIUnteger and
Set of: (Array of: Character) are valid object types.
Due to the imperative nature of Smalltalk [GR83,
Subtyping is reflexive, transitive, and antisymmet- Joh86] and because of the antimonotonic ordering of
ric . function types [DT88] we define subtyping for ob-
cl-t c: t ject types as equality, i.e. one object type is included
cl-s c t ctt c u in another if and only if they are equai (Cardelli
Cl-8 c u also takes this approach for “updatable” objects in
[CarSS]). (Recall that C is a set of inclusion con-
Cl-8 L t cl-t c 8
straints and C is a class name.)
Cks=t

3.2 Object Types


Some variables contain only one kind of object. For
example, all Characters * have an instance variable
that contains a Smalllnteger ASCII value. Other vari-
3.3 Union Types
ables can contain different kinds of objects. For ex- The type system defined so far cannot describe an
ample, a Set can contain Smalllntegers, Characters, Array containing both Characters and Smallintegers.
Arrays, Sets, and so on. Each class has a set of zero In Smalltalk, a variable can contain many different
or more type variables called class type parametera kinds of objects over its lifetime. Thus, a type can
that can be used in type expressions to specify the be a nonempty “set” of object types (or other types).
types of instance variables. These are the only type An example of a union type is
1 The phrase “a SomeClass” refers to an instance of class
SomeClass. The phrase “class SomeClass” refers to the class (Array of: SmallInteger) + (Array of: Character)
itself. + (Array of: (SmallInteger + Character)).

139
Here, the plus operator is read as “or,” so a variable of
the above type could contain an Array whose elements SequenceableCollection subclass: #OrderedCollection
are all Smalllntegers, all Characters, or a mixture of instancevariables: ‘firstlndcx <SmallInteger>
the two. lastlndex <SmallInteger>’
Our type system does not use the subclass relation classvariables: ”
on classes to induce the subtype relation on types. In- typeparameters: ‘ElementType’
stead, type inclusion is based on discriminated union poolDictionaries: ”
types. An object type t is included in a union type u category: ‘Sequenceable-Collections’
only if t is included in one of u’s elements.
cl-s c t Figure 3: Class definition for OrderedCollection.
et-a g t+u
A union type u is included in a union type u’ only if
each element of u is included in IL’.
of u’ and if each argument type of U’ is included in
cl-s F u cl-t F u the corresponding argument type of u (this is the
cl-s+t g u standard antimonotonic subtype relation for function
types [MS82]).
Some examples are:

Character & Character + SmallInteger cl-2 g s’ cf-2 r t’


Army of: SmallInteger C_ Cl-s’+t & 2-t’
(Array of: SmallInteger) + (Array of: Character)
For example,
Array of: SmallInteger g
Array of: (SmallInteger + Character) Block returns: Character
& Block returns: (Character + SmallInteger)
Note that our type system does not reflect class inher-
itance. Even though Integer is a subclass of Number,
Block of: (Float + Smalllnteger) returns: Smallinteger
Inieger is not a subtype of Number. However, we can
E Block of: Float returns: (Character f SmallInteger).
specify the type of all subclasses of Number by listing
them, i.e. Integer + Float + Fraction2
3.5 Typed Class Definitions
3.4 Block Types All instance variables and class variables must have
their types declared. Each class defines a set of type
Blocks (function abstractions) are treated differently
variables called class type parameters, which may be
from other objects. A block type consists of the name
used to specify the types of instance and class vari-
Block, a possibly empty list of types for block argu-
ables.
ments, and a return type. For example,
Figure 3 shows the definition of OrderedCollection,
Block of: (Array of: Character) of: SmallInteger which is a subclass of SequenceableCollection. Note
returns: Character that the type of each instance variable is declared
when the variable is declared and that angle brackets
represents the type of a block with two arguments,
are used to set off type expressions from the regular
and Block returns: SmallInteger represents a block
Smalltalk code.
with no arguments. Block types differ from object
A class definition defines an “object type” in which
types in several ways. Unlike object types, there is
the type list is the list of class type parameters (ap-
no class Block. Types beginning with the name Block
pearing in the same order as in the class definition).
can have different sized argument type lists.
The type defined by the above class definition would
A block type u is included in a block type u’ only
be
if the return type of u is included in the return type
Orderedcollection of: ElementType.
*Common union types such as Integer $ Float + Fraction
and True + F&c arc presently abbreviated using the global The scope of the class type parameter ElementType
variables Num6rtType and BooleanType, respectively. Another is limited to the method and variable definitions in
approach is to use the object type of an abstract class (classes class OrderedCollection (the same scope as a class vari-
such as Number, Collection, and Boolean that provide an im-
able). Class type parameters are inherited by sub-
plementation template for subclasses but have no instances of
their own) to automatically denote the union of the types of classes, just like instance and class variables. Any
all its non-abstract subclasses. use of the OrderedCollection type outside of this scope

140
able declaration <P range: (Integer + Character)>
{ IocalTypeVariables: <Pl > < P2 > declares P to be a type variable that can be asso-
receiverType: <Self > ciated with any of the types Integer, Character, or
arguments: argl <arglX$pe> arg2 <argZType> Integer + Character. Local type variables are instan-
temporaries: temp <tempZ$pe> tiated during type-checking to types determined by
blockArguments: blkArg <blkArgfipe> the types of actual arguments at a call site. Local
returnType: <Self > } type variabies will usually, though not necessarily,
correspond to the class type parameters of some class.
message selector and argument names The do: method for SequenceableCollection is shown
“comment stating purpose of message” in Figure 5 as an example of a typed method defini-
tion. Notice that certain fields of the type declara-
1 temporary variable names 1 tions have been omitted. The syntax rules for type
statements declarations are fairly liberal. Fields can occur in any
order. All fields except receiverType: and returnType:
Figure 4: Template for typed methods. can have multiple occurrences. The smallest type
declaration for a method is “{}.”
Self represents the type of the pseudo-variable self
(and super). Unfortunately, the class of self is dif-
ferent in each class that inherits a method, so Self
must “instantiate” its class type parameter to a type must differ, too. Thus, each method is type checked
constant (like Character) or to a locally known type for each class that inherits it by replacing Serf with
variable. Thus, the above type actually defines a fam- the type appropriate for the inheriting class. In the
ily of object types. absence of a receiverType: declaration (which is over
The range (upper bound for type instantiation) 99% of the time}, Self defaults to the object type
of a class type parameter may be restricted by for the class in which the method is being compiled.
including an optional range type declaration. A Otherwise, Self is replaced with the type given in the
class type parameter may only be instantiated to receiverType: declaration. A legal receiverType: must
a type that is a subtype of its range type. The be a subtype of the default value of Self
range declaration of a class type parameter is syn- Returning to the example of Figure 5,
tactically identical to the type declaration for a SequenceableCollection has one class type parameter
variable. In the above example, if we wished to called Elementnpe, so the type substituted for Self
restrict the elements of OrderedCollections to be will be Sequenceablecollection of: ElementType. The
Characters, the typeparameters: field would be de- argument aBlock is a block that takes one argument of
clared as ‘ElementType <C?iaracler>‘. If the range type ElementType and returns an object of unknown
declaration of a class type parameter is omitted it is type P. When do: is envoked in another method
assumed to be Anything. definition both Elementfipe and P will be associ-
ated with actual receiver and argument types. The
temporary variables index and length have values de-
3.6 Typed Method Definitions
pendent on the size of Collections. In Smalltdk im-
The types of method arguments, temporary variables, plementations with 30+ bit Smalllntegers, the possi-
and block arguments can be explicitly declared or in- ble size of any Collection is well within the range of
ferred by the TS type-inference mechanism [Gra89]. Smalllntegers.3 There is no explicit return statement
The only difference between a typed method and an in the method so it implicitly returns self.
untyped method is that the typed method has type Type declarations and typed methods introduce
declarations. Type declarations must precede any the notions of message and method types. A mes-
part of the method definition. A typed method tem- sage type consists of a message selector, a receiver
plate is shown in Figure 4. The arguments for the type, a list of argument types, and a return type. A
fields arguments:, temporaries:, and blockArguments: method type consists of a message type and a set of
are lists of identifier <type> declaration pairs. The constraints on the type variables used in the message
arguments for the receiverType: and returnType: fields
are single type declarations. The arguments for ‘Smalltalk defines infinite precision integer arithmetic
using the classes LargeNegativelntcgcr, SmallInteger, and
the IocalTypeVariables: field are capitalized identifiers. LargePoritivelnteger (the three subclasses of class Integer).
The range of a type variable can be restricted by using Smalllntegers are essentially machine integers; instances of the
the range: modifier. For example, the local type vari- Large-Integer classes are more complex.

141
{ IocalTypeVariablcs: <P>
arguments: aBlock <Block of: ElementQpe returns: P>
temporaries: index <SmallInteger> length <SmallInteger>
returnType: <Self > 3

do: aBlock
“Evaluate aBlock for each of the receiver’s elements.”

( index length 1
index t- 0.
length +- self size.
[(index e index + 1) <= length]
whileTrue: [aBlock value: (self at: index)]

Figure 5: The do: method for SequenceableCollection.

type. A method type denotes the type of a method


relative to a specific class of receivers. Therefore, SeZf ( receiverType: <SeZf >
should already have been expanded and should never arguments: anlnteger <SmallInteger>
appear in a method type. The type of the above returnType: <Instance Type> }
method is denoted by
new: anlntegtr
<SequenceableCollection of: ElementType> “Answer a new instance of size anlnteger.”
do: <Block of: ElementType returns: T>
f<SequenceableCollection of: ElementQpe>. T(super new: (anlnteger max: 1)) setTally
Message types use the same notation. Local range
constraints on type variables are shown enclosed in Figure 6: The new: method in Set class.
braces following the return type of a method type.
For example,

<Object> foo: <P> T<P>


(<P> & <Integer + Character>}.
4 Type-Checking

Subtyping for message types, although complicated Type-checking is specified using inference rules simi-
by type variables (see [Gra89]), is essentially the same lar to those used to describe subtyping. Besides a set
as for block types, with the added condition that the of type constraints C, we need a set of assumptions
selectors must be equal. A about the types of variables. The notation A.v : t
means to extend the set A with the assumption that
variable 21has type 2. The notation C, A I- e : t means
3.7 Metaclass Method Definitions that from the constraints C and assumptions A we can
In regular class method definitions the type Self infer that an expression e has type t. If a type can
refers to the type of the receiver. It is useful to extend be inferred for an expression the expression is type-
this notion to be able to refer to the type of the class correct. The following rule describes the essence of
of the receiver. This is done by using the Self class subtyping:
type specification. C,Ai-e:s cl-s c t
Similarly, when defining methods in a metaclass it
C,Ate:t
is useful to be able to refer to the type of instances of
the metaclass. This is done by using the InstanceQpe
type specification. For example, Figure 6 shows the
4.1 Basic Type-Checking
typed method definition of new: for the Set metaclass. A method is type-correct if each of its statements is
type-correct and if the type of the expression in each

142
return statement is a subtype of the declared return of a method or a block. The types of the top-level
type of the method. Type-checking an expression re- statements in the statement list of a method can be
quires knowing the types of its subexpressions. ignored. The type of a block will always be checked
The types of all variables are declared. for inclusion within some block type. To afford the
maximum freedom to such blocks, the type given to
c,d”v:tt-lt:t return statements is the special type Nothing, which
is included in any type.
The types of the pseudo-variables true, false, and nil
are constants. C, A t returnvalue t: C,dl-eet
t true : Z%ue C, A I- (ye) : Nothing
I- f& : False Due to the simplicity of Smalltalk, the only remain-
t gJ : UndefinedObject ing kind of expression is the message send. Type-
checking a message send involves looking up one or
The type of a literal (constant) is inferred from its more method types. The message send is type-correct
class. if, for each method type, there exists a mapping of
t n : Integer type variables to types such that, under this map
ping, the type of each actual argument is a subtype
t SC : Character
of the corresponding formal argument. The type of a
etc. message send is the union of the return types of each
of these method types, evaluated in their respective
If this type is not general enough then an explicit type
type assignment environments.
declaration can be used to supply the “correct” type
Let H be a hierarchy of typed class definitions and
[Gra89].
H < C, m > be the definition in class C for method
An assignment statement v +- e is type-correct if
m, i.e.
both v and e are type-correct (variables are trivially
type-correct) and if the type of e is a subtype of the H<C,m>=p’C u’C(i’)my’:<Tui:pe
type of v. The type of an assignment statement v +---e
is the type of e. where p’ & c are local type variables with range
declarations, C(Z) is the type of the receiver, y’ : t’
C,dtv:: C,dte:t ctt 5 8
are typed arguments, u is the return type, z’ : <’ are
C, A t (U t e) : t the typed temporaries, and e is the method body.
The notation
A statement sequence ei . . .e, is type-correct if
each statement in the sequence is type-correct. The
type of a statement sequence is the type of the last
statement in the sequence. denotes a method type where C(g) is the receiver
type, t’ is the list of argument types, u is the return
C,dtel :tl ... C, A t e, : t,, type, and p’ 5 ii are range constraints. For notational
C,di-(el...e,):t, convenience, we use the following inference rule to
extract method types from method definitions.
The type of a block is inferred from the declared
types of its arguments and the inferred type of its
statement list.

C,d.y’:<t-e :u
The notation t< C, m >d: t means it can be inferred
C,dt- [$]e] :<-+u that t is the declared method type of the method
invoked when sending the message-m to an instance
An additional inference rule for blocks is given in Sec-
of class C.
tion 4.2.
In the following inference rule for message sends,
A return statement Te is type-correct if e is type-
e : C(Z) signifies that the type of the receiver is an
correct and if the type of e is a subtype of the de-
object type, e’: 1’ denotes the typed arguments, and
clared return type of the method. The set of assump-
e m t? denotes a message send.
tions A contains a special variable returnvalue whose
type is the declared return type of the method being C, A t e : C(Z) C,dt$:;
type-checked. The only place a return statement can
appear is as the last statement in the statement list C,dt<C,m>d:C(Z”)-? -+u’IFC ii

143
C.(j c q.(c(q 5 C(P)).@ g P) t- u’ c 21 4.2 Case Analysis
C,dl- (em;) :u
Type-checking Smalltalk programs frequently re-
Message sends to receivers with union types are han- quires case analysis of a union type. Even though
dled by an inference rule in Section 4.2. the type of a variable may be a union type when its
Consider, for example, the message send use throughout an entire method is considered, its
anArray at: 2, where the type of the variable anArray type in any particular use can be considered an ob-
is Array of: Character. Let the method type associ- ject type (or one of several object types). This reflects
ated with the method that would be invoked if the the fact that a variable may reference only one object
at: message were sent to an Array be at a time. It is therefore more precise, when type-
checking an expression containing a variable with a
<Array of: P> at: <SmallInteger> T<P>. union type, to type-check the expression separately
for each type in the union type. The type of the ex-
The inference rule for message sends produces a set pression is then the union of the separate result types.
of inclusion equations C, d.v : s l- e : u C,d.v:tke:u
C,d.v:s+tt-e::
P E Anything (range of P)
Array of: Character & Array of: P (receiver type) Case analysis is useful when used with the follow-
Smalllizteger C SmallInteger (argument type) ing rule: a block whose body is type-incorrect has
type IllegalBlock. (i.e. if no better type can be in-
whose solution is ferred for a block then it can always be inferred to be
IllegalBlock)
P E Character.
C, A I- [y’ 1 e] : NegalBZock
In general, there may not be a unique solution to a
Thus, a type-incorrect block will not necessarily cause
given set of inclusion equations. How to deal with
the containing method to be type-incorrect. This
(avoid) multiple solutions is discussed in [Gra89]. If
rule, combined with case analysis and the definitions
no solution exists then there is a type error some-
of the normal Smalltalk control structures, provides
where.
automatic type discrimination, as shown in the next
An inference rule is also needed to type-check example.
method definitions. Recall that the abstract defini-
The typed method definition of controlToNextLevel
tion for a method m looks like for class Controller is shown in Figure 7. The notNil
message is defined to return an object of type True
p^f iiC(s’)mij:~fuZ:~‘e. for all classes except UndefinedObject, for which it is
defined to return an object of type False. If the type
If, by adding type declarations appropriately to C and of aView is assumed to be View then the type of the
d, it can be inferred that e has type u then it can be expression aView notNit is Ilhre. The iffrue: method
inferred that the definition of m is type-correct and defined for class True has a type
is of type
C(Z). i- -uIp’c_ ii. <The> iffrue: <Block returns: P> T<P>

This is expressed in the following inference rule where where P is a local type variable for the method. Since
self : C(Z) is the implicit type of the pseudo-variable the type of aView is View, the controller and startup
self and returnvalue is a special variable used for type- messages are type-correct and P can be mapped to
checking return statements. the return type for the actual block argument.
On the other hand, if the type of aView is assumed
to be UndefinedObject then the type of the expression
aView notNil is False. Class False defines the iffrue:
method to have type
C.F 5 ii, A.&f: C(Z). y’: < returnvalue : u. Z: t’5 I- e : 11
C,d~<C,m>:C(s’).~--t21]~5 G - <False> iffrue: <P> T< UndejinedObject>

Note that < C, m >: t denotes the true inferred type so objects of type False accept itTrue: messages with
of a method m for class C, which must be included an argument of any type. The method has this type
in the declared method type < C, m >d: t’. because it ignores its arguments and simply returns

144
( temporaries: aView < View + UndefinedObject >
returnType: <Self> }

controlToNextLeve1
“Pass control to the next control level, that is. to the Controller of a subView
of the receiver’s view if possible. The receiver finds the subView (if any)
whose controller wants control and sends that controller the startup message.”

aView +- view subViewWantingContro1.


aView notNil itTrue: [aView controller startup]

Figure 7: The controlToNextLeve1 method for class Controller.

nil. Since the type of aView is UndefinedObject, the in the context of each subclass of Change to compute
controller message is undefined; the body of the block its correct return type for that context.
is illegally typed and the block’s type is IllegalBlock.
However, P can be mapped to l7legalBlock, so the Another way in which abstract classes show that
block can legally be an argument of the iffrue: Smalltalk classes inherit implementation, not specifi-
message for class False. Thus, the entire method cation, is that some methods cannot be executed by
ControlToNextLevel is type-correct. all of the classes that inherit them. For example, class
Collection has a number of methods that use the add:
message, such as addAli:, but it does not implement or
4.3 Inheritance inherit the add: message itself. Instead, add: is imple-
One way that inheritance complicates type-checking mented by the various subclasses of Collection. Some
is that the type of a method for a subclass that in- of its subclasses, such as Array, do not implement add:
herits it is slightly different from its type in the class and thus cannot use methods like addAll:. Smalltalk
that defines it. For example, the type of the receiver relies on run-time type-checking and the “does not
is different, and the type of the returned value will be understand” error to detect when an undefined mes-
different when the receiver is returned. This problem sage is sent to an object. Our type system detects all
is solved by referring to the type of the receiver as such cases at compile-time.
Self and expanding Self to the type of the receiver
in each subclass. Self is not a type, but instead is These problems are solved by retype-checking
“macro-expanded” to a type at compile-time. methods in each subclass that inherits them. The
Abstract classes provide another way in which the method definition (delined in terms of Self) is inher-
type of a method can change when it is inherited. ited and Self is expanded to refer to the current class
Consider the method definitions shown in Figure 1. as described in section 3.6. We assume that the hi-
The values method is defined in class Change and in- erarchy of typed class definitions H (see Section 4.1)
herited by the other classes. The return type of values contains not only the user declared method defini-
depends on the return type of parameters, which is tions for a class, but also any methods that can be
different for each class. The types of the different meaningfully (i.e. type-correctly) inherited by a class.
parameters methods are
If H~J is a partial function from < C, m > pairs to
method definitions representing user declared meth-
<Change> parameters t<Change> ods then H is derived by extending Ho to include
<ClassRelatedChange> parameters T<Symbol> definition points for inherited methods. In other
<MethodChange> parameters f<drray of: Symbol> words, if Ho < C, m > is a user defined method
<OtherChange> parameters f<String> then H < C’, m > has the same definition provided
that C’ is a subclass of C and Ho < C’,m > is
where the types in “receiver position” are receiver not defined. There are many possible H function. A
types and the types following the “T” are return type-correct H is one in which, for all method types
types. Thus, the values method must be recompiled derivable from H, the declared type of H < C,m >

145
is the same as the type inferred by type-checking.
( IocalTypeVariables: <P>
(k< c, m >d: t) _ (c, A t-< c, m >: t) receiverType: <Hock returns: (The + False)>
I- C,d arguments: aBlock <Block returns: P>
returnType: < UndefinedObject> }
Strictly speaking, if every method definition in H
must type-check then certain methods in abstract whileTrue: aBlock
classes must be removed in order to have a type- fself value
correct H (e.g. the addAll: method in class Collection).
iffrue:
In practice, inherited methods are type-checked [aBlock value.
upon demand, i.e. when code is first compiled that self whileTrue: aBlock]
might cause that method to be invoked. Array can
then be a legitimate subclass of Collection; no inher-
ited code that invokes add: will be type-correct. Figure 8: whileTrue: for class BlockContext.
The benefits of delaying type-checking of inherited
methods is that a method is only retype-checked for
every subclass that actuslly inherits it, and that this
type-checking is spread out over a large amount of C,dkt C<<m,t*;+u>>
time. A new class does not require any of the methods
C,dt-t &<<m’,t’-$-+u’>>
that it inherits to be type-checked when it is created.
Adding a new method to a superclass does not require C,dt-i ~<<m,t.~--,~>,<m’,t’*~~--t21’>>
type-checking it for every subclass that inherits it, nor The message types in a signature type may have oc-
does adding a new variable. However, changing the currences of Self to denote the type represented by
type of a method or variable might require a lot of the signature. Receiver types of Self may be omitted.
computation to ensure that each of its uses is still When an object type is being checked for inclusion
type-correct. in a signature type Self is instantiated to the object
type.
4.4 Specific Receivers A signature type includes object types belonging to
classes not yet created. Thus, signature types contain
Some classes have methods that can be executed an infinite number of object types. In fact, the type
by only a subset of their instances. For example, specified by an empty signature contains every possi-
the whileTrue: message should be sent only to blocks ble object type, since every object type understands
that return Booleans. We can specify this by using every message type in the signature.
the receiverType: field in the type declaration of the
method definition as shown in Figure 8. Recall that C,dht Lo
if this field is omitted then Self defaults to the object
Since signature types specify the largest possible
type for the class in which the method is being com-
piled. Although whileTrue: is nearly the only method types, procedures that use them exhibit the most
polymorphism and so are the most flexible. However,
in the Smalltalk- class library that needs to declare
use of signature types prevents the compiler from per-
a specific receiver, it is easy to imagine other meth-
forming some important kinds of optimizations, since
ods that would need this feature, such as a summation
they do not provide enough information about the
method in Collection.
class of the receiver to allow compile-time binding of
message sends.
4.5 Signature Types A signature type is specified by a special kind of
A signature type is a type (i.e. a set of object and type declaration.
block types) specified by a set of message types. An <understands: #(tml tm2 . . .)>
object type (or block type) 1 is included in a signature
type s if, for each message type m E a, a message of Here, the h’s are strings containing message type
type m sent to an object of type t is type-correct. In specifications. An example will be given shortly. Sig-
other words, an object type is in a signature type if nature types may also be used to restrict the range of
it “understands each message in the signature.” type variables. A local type variable with a signature
range would have a declaration of the form
C,dte:t C,dl-e’:F C,dt-(eme’):u
C,At-t &<<m,t.t+u>> <P understands: #(tml tm2 . .)>.

146
{ receiverType: <Self>
arguments: anObject <understands: #(‘= <EZemenlQpe> T<IWae + ZI-ue> ‘)>
temporaries: tally <SmallInteger>
blockArguments: each <EIementQpe>
returnType: <SmallInteger> }

occurrencesOf: anobject
“Answer how many of the receiver’s elements are equal to anobject.”

I tally I
tally t 0.
self do: [:each ] anObject = each iffrue: [tally t tally + l]].
ftally

Figure 9: The occurrencesOf: method in class Collection.

Since such declarations may be recursive, complex “type-check” an argument before sending it a mes-
mutually recursive signature types can be built. sage that it might not understand.
As an example, consider the occurrencesOf: method
A example of this style of programming is the =
for class Collection shown in Figure 9. The only re-
(equality) message shown in Figure 11. Equality must
striction placed on the type of the argument anObject
be defined between any two objects and should not
is that its corresponding class (or classes) must im-
be subject to run-time errors. This style of imple-
plement (or inherit) an = (equality) message that will
mentation meets both of these criteria. The problem
take an argument of type ElementType and return a
is how to type-check such a method.
boolean. It is helpful to compare the use of the do:
message in this example with its definition in Fig- The type of this method can be roughly stated
ure 5. as follows. An argument must understand the
Type-checking a message send to a receiver whose isLookupKey message. If an argument responds to
type is a signature type is straightforward since all this message with true then it must also understand
relevant type information is contained in the signa- the key message and the method will (presumedly)
ture type. return an object of type Due + False, otherwise the
method returns an object of type False.
C,dl-e:<...<m,P--+u’>...> In general, the type of a polymorphic method like =
is complicated, but its type for a specific use is sim-
Cd!-&; c.t’ c i+’ I- u’ g u ple and easy to understand. Thus, type-checking a
C,dt-(eme’):u method defers some of the type-checking for a method
until its invocations are type-checked. It doesn’t mat-
ter when a method is type-checked, only that type-
checking is completed before any code that invokes
5 Beyond Signatures the method is executed.
The type system described so far, with explicit union When a send of = to a LookupKey needs to be
types, case analysis, and signature types, is quite type-checked, the code in Figure 11 is substituted for
powerful. However, there are still some methods that the call. The types of the actual arguments then re-
elude type-checking. place those of the formal arguments, allowing both
Although Smalltalk is a typeless language, it is definition and use information to be used in type-
possible to discriminate between classes of objects checking. This usually permits the = method to be
and provide a simple kind of explicit run-time type- type-checked completely. If not, then type-checking
checking. An example is the isLookupKey message for the method that sends = must also be deferred.
whose implementation is shown in Figure 10. Mes- This static analysis technique has proven useful for
sages like isLookupKey can be used in a method to type-inference as well as for type-checking (Gra89].

147
class Object:
Definition 1 (Object/type consistency) An ob-
islookupKey ject o ia consistent with a mapping from objects to
Tfalse types <, relative to a class hierarchy A, and a state $J,
if
class LookupKey:
I. ((0) = cm,
2. the class of o is C, and
isl.ookupKey
Ttrue 3. for each instance variable xi of o, let ti be the
declared type of 2i with type variables replaced
by the typea given in t(o). Then the type of the
Figure 10: Implementation of isLookupKey.
object referred to by xi is a subtype of ti.

= aLookupKey
If each object had a type assigned to it then we
aLookupKey isLookupKey could check whether an object was consistent with its
iffrue: [Tself key = aLookupKcy key] type by checking whether its class was consistent with
iffalse: [Tfalse] its type and whether the types assigned to the values
of its instance variables were included in the declared
types of its instance variables. This assignment would
Figure 11: = (equality) in class LookupKey.
be consistent if every object was consistent with the
type assigned to it. Although this type-assignment
might not be unique, any consistent type-assignment
could be thought of as describing the types of all ob-
6 Type Safety jects. These ideas are formalized in Definition 1.
A state is consistent with a type-assignment E if
A type system can only be shown correct relative to every object in the state is consistent with f.
a formal definition of the language. This section out- Proposition: If a type-correct program i8 in a state
lines a proof of correctness for the type system rela- that is consistent with a type assignment t then any
tive to Kamin’s denotational semantics of Smalltalk succeeding state will be consistent with <.
[KamEB]. The only way that a consistent type-assignment can
Usually a type is described as a set of objects. Type become inconsistent is if the state changes. This is
safety then means that the value of an expression is because the type-assignment itself is constant and,
always contained in its type. However, our types are in Kamin’s semantics, objects never change and the
not sets of objects, so a different definition of type class hierartihy does not change. Thus, we can prove
safety is needed. We will define type safety by assign- the proposition by showing that < is maintained as an
ing an object type to each object and then showing invariant every place where the state can be changed.
that the value of an expression always is assigned a There are two ways that the state changes in
type contained in the expression’s type. Kamin’s semantics. The first is when a variable
The type of an object depends not only on its cur- changes its value. This happens in an assignment
rent state but also on its past and future states. Thus, statement and in assigning arguments to formal pa-
it may not be possible to decide whether an object is rameters when evaluating a method or block.
in a particular type, though it is often possible to The second way that the state changes is when a
show that it is not. For example, a Set is never in new object is created. The type of some new objects,
Array ofr Character, and a Set containing Characters such as new blocks, are known in advance so the new
is not in Set of: SmallInteger. However, it is not easy object will always be of the correct type. Unfortu-
to tell whether a Set containing only Characters is nately, problems occur with the new primitive and
in Set of: (SmallInteger + Character,)--it all depends when creating a new context to evaluate a method.
on whether or not the Set is referenced by a variable This is because instance variables of new objects and
that requires it to contain only Characters. local variables of new contexts are both initialized to

148
nil, but the types of these variables usually do not We assumed that the expression involves n message
include UndefinedObject. Thus, until the variables sends. One of them is the kl:k2:. . .km: message, so
are initialized, their value is not consistent with their evaluating the body of the method will involve less
type. We ensure type-safety by requiring all variables than n message sends. Thus, every expression eval-
whose types do not include UndefinedObject to be as- uation in it will result in an object whose type is
signed before they are read, and use flow analysis to included in the type of the expression that produced
check this. Thus, we will change the statement of the it. In particular, the type of the object returned from
proposition slightly. the method will be included in the type of the ex-
Type-Safety Theorem: If u Qpe-correct program pression in the return statement, and, according to
is in a state that is consistent with a type assignment the type-checking rules for the return statement, the
c except for unassigned variablea, and if a variable is type of the expression in a return statement must be
always assigned before it is read, then any succeeding included in the declared return type of the method.
state will be consistent with ,f. Thus, the type of the object returned as a result of
the kl:k2:. . .km: message will be included in the re-
Proof: In a type-correct program, the type of the
turn type of the method.
expression of an assignment statement must be in-
The type of
cluded in the type of the variable, so, if each expres-
sion returns a value that is consistent with its type rev kl: expl k2: expz . . . km: exp,,.,
then assignment statements maintain the consistency
of the type-assignment. Once a variable is assigned, is the union of the return types of a number of meth-
its value will have a type that is included in the type ods, but it certainly includes the return type of the
of the variable. Thus, if the value of any expression method that was invoked. Thus, the result of the ex-
has a type that is included in the type of the expres- pression, which is the object being returned by the
sion then whenever a.variable v is read, the type of method, has a type that is included in the type of the
the value of v will be consistent with the type of v. expression. I
The theorem is proved by structural induction on
the number of message sends in the evaluation of an Type-safety also depends on all the primitives be-
expression. The base case is where there are no mes- ing given correct types. Since primitives are written
sage sends. Since there are no message sends there in a language other than Smalltalk, it is impossible
can only be assignment statements, whose right-hand to reason about them within the framework presented
sides are literals or variables. The variables either are here. A few primitives are inherently unsafe. These
type-consistent or will be assigned before they are are primarily used by the debugger. Most of the prim-
read, so the assignment statements will all maintain itives have simple types, however.
the consistency of the type-assignment.
The induction step is to assume that any expres-
sion that can be evaluated in n - 1 message sends 7 Conclusion
(or less) is type-safe and to prove that evaluating an
expression Our type system for Smalltalk is type-safe. It has
been implemented in Smalltalk and used in the TS
rev kl: expl k2: expz.. . km: exp, optimizing compiler for Smalltalk [JGZ88]. It has
been able to solve most type-checking problems in
that requires n message sends is type-safe. Since an the standard Smalltalk- class hierarchy. Thus, it is
expression must be type-checked before it can be eval- correct, useful, and usable.
uated, we know that the types of the argument ex- Our type system is also unique. It differs from
pressions to the kl:k2:. . .km: message are included in other type systems for object-oriented programming
the types of the formal parameters of the method that languages by acknowledging that only implementa-
is invoked. ‘Evaluating any expi will take less than n tion is inherited, not specification, and by handling
message sends, so each argument is consistent with its case analysis of union types automatically.
corresponding type. When the new context is created Our type system is more complicated than other
and the method is executed, the formal parameters type systems for object-oriented programming lan-
of the method will be bound to objects whose type is guages. Whether this complication is justified de-
included in the type of the parameter. Methods also pends partly on whether a new language is being de-
create temporary variables, but they are unassigned, fined or whether a type system is being defined for
so invoking a method maintains the consistency of the Smalltalk. Current Smalltalk programming practice
type-assignment (except for unassigned variables). requires a type system like ours.

149
Acknowlegements [GR83] Adele Goldberg and David Robson.
Smalltalk-80: The Language and its Im-
This research was supported by NSF contract CCR- plementation. Addison-Wesley, Reading,
8715752, by the AT&T ISEP grant, and by an equip- Massachusetts, 1983.
ment grant from Tektronix.
[Gra89] Justin Graver. Type- Checking and Type-
Inference for Object-Oriented Program-
ming Languages. PhD thesis, University
References of Illinois at Urbana-Champaign, 1989.
[BHJL86] Andrew Black, Norman Hutchinson, Eric [JF88] Ralph E. Johnson and Brian Foote. De-
Jul, and Henry Levy. Object structure signing reusable classes. Journal of Object-
in the Emerald system. In Proceeding8 Oriented Progrumming, 1(2):22-35, 1988.
of OOPSLA ‘86, pages 78-86, Novem-
ber 1986. printed as SIGPLAN Notices, [JGZ88] Ralph E. Johnson, Justin 0. Graver, and
21(11). Lawrence W. Zurawski. TS: An optimiz-
ing compiler for Smalltalk. In Proceed-
[BI82] A. H. Borning and D. H. H. Ingalls. ings of OOPSLA ‘88, pages 18-26, Novem-
A type declaration and inference sys- ber 1988. printed as SIGPLAN Notices,
tem for Smalltalk. In Conference Record 23(11).
of the Ninth Annual ACM Symposium
on Principles of Programming Languages, [Joh86] Ralph E. Johnson. Type-checking
pages 133-139, 1982. Smalltalk. In Proceedings of OOPSLA ‘86,
pages 315-321, November 1986. printed as
[Car841 Luca Cardelli. A semantics of multiple in- SIGPLAN Notices, 21(11).
heritance. In Semantics of Data Types, Samuel Kamin. Inheritance in Smalltalk-
[Kam88]
Lecture Notes in Computer Science, n.
80: A denotational definition. In Confer-
173, pages 51-67, Springer-Verlag, 1984.
ence Record of the Fifleenth Annual ACM
Symposium on Principles of Programming
[Car851 Luca Cardelli. Amber. In Combinators
Languages, pages 80-87, 1988.
and Functional Programming Languages,
Proceedings of the 13th Summer School of PWW Bertrand Meyer. Object-oriented Software
the LITP, Le Val d’Ajo1, Vosges (France), Construction. Prentice Hall, 1988.
May 1985.
[MS821 David MacQueen and Ravi Sethi. A
[CUL89] Craig Chambers, David Ungar, and Elgin higher order polymorphic type system for
Lee. An efficient implementation of Self, applicative languages. In ACM Sympo-
a dynamically-typed object-oriented lan- sium of LISP and Functional Program-
guage based on prototypes. In Proceed- ming, pages 243-252, 1982.
ings of OOPSLA ‘89, pages 49-70, Octo-
[scB*~~] Craig Schaffert, Topher Cooper, Bruce
ber 1989. printed as SIGPLAN Notices,
Bullis, Mike Kilian, and Carrie Wilpolt.
24(10).
An introduction to Trellis/Owl. In Pro-
[CW85] Luca Cardelli and Peter Wegner. On ceedings of OOPSLA ‘86, pages 9-16,
understanding types, data abstraction, November 1986. printed as SIGPLAN No-
and polymorphism. Computing Surveys, tices, 21(11).
17(4):471-522, December 1985. [Str86] Bjarne Stroustrup. The C++ Program-
ming Language. Addison-Wesley Publish-
[DeuSl] L. Peter Deutsch. Building control struc- ing Co., Reading, MA, 1986.
tures in the Smalltalk- system. Byte,
6(8):322-347, August 1981. [SuzSl] Norihisa Suzuki. Inferring types in
Smalltalk. In Conference Record of
[DT88] Scott Danforth and Chris Tomlinson. the Eighth Annual ACM Symposium on
Type theories and object-oriented pro- Principles of Programming Languages,
gramming. Computing Surveys, 20( 1):29- pages 187-199, 1981.
72, March 1988.

150

You might also like