Team Gallium

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: New Results


Towards $ \alpha$ -safe meta-programming

Participant : François Pottier.

Functional programming languages such as ML are intended for building, examining, and transforming complex symbolic objects, such as programs and proofs . They are rather well suited for this task because these objects are usually represented as abstract syntax trees , whose structure is expressed in ML via algebraic data type declarations.

However, abstract syntax trees involve names that can be bound , a reality that algebraic data type declarations do not reflect. Manipulating such trees involves a number of operations that respect the meaning of names, such as computing the set of free names of a term, or substituting, without capture , a name (or term) for a name throughout a term. ML provides no built-in support for these operations, which must instead be hand-coded, a tedious and error-prone process.

In 2005, in order to address this issue, François Pottier designed and implemented C$ \alpha$ ml [45] , a tool that turns a so-called ``binding specification'' into an Objective Caml compilation unit. One asset of C$ \alpha$ ml is simplicity: it is a small tool. However, it has an inherent limitation. Because C$ \alpha$ ml is only a code generator, as opposed to a full-fledged programming language, there is no way of ensuring that the generated code is used in a sensible way. That is, the user can write impure meta-programs, which construct abstract syntax trees that unintentionally contain unbound names.

In 2006, François Pottier explored a more ambitious design, which consists in designing a full-fledged meta-programming language, where the compiler statically rules out every error that could cause a name to become unbound. This design, known as Pure FreshML, is a version of Pitts and Gabbay's FreshML, equipped with a static proof system that guarantees purity . Pure FreshML relies on a rich ``binding specification'' language, borrowed from C$ \alpha$ ml, on user-provided assertions (guards, preconditions, and postconditions), and on a conservative, automatic decision procedure for a logic that allows reasoning about values and about the names that they contain.

This approach is described in an as-yet-unpublished paper [32] . A prototype implementation of the programming language and proof system is being developed.


Logo Inria