Section: New Results
Language design and type systems
The Mezzo programming language
Participants : Jonathan Protzenko, François Pottier, Thibaut Balabonski, Armaël Guéneau, Cyprien Mangin.
In the past ten years, the type systems community and the separation logic community, among others, have developed highly expressive formalisms for describing ownership policies and controlling side effects in imperative programming languages. In spite of this extensive knowledge, it remains very difficult to come up with a programming language design that is simple, effective (it actually controls side effects!) and expressive (it does not force programmers to alter the design of their data structures and algorithms).
The Mezzo programming language aims to bring new answers to these questions.
This year, we:

made significant progress on the proof of soundness, by rewriting it in a more modular fashion;

improved the implementation, by formalizing the algorithms and rewriting significant parts of the typechecker;

hosted two interns who explored arithmetic reasoning and modeling of the iterator protocol, respectively;
A paper on Mezzo appeared in the ICFP 2013 conference [21] .
During the previous year (2012), François Pottier wrote a formal definition of Mezzo, and proved that Mezzo is typesafe: that is, welltyped programs cannot crash. The proof was machinechecked using Coq. This year, Thibaut Balabonski and François Pottier extended this formalization with support for concurrency and dynamicallyallocated locks, and proved that welltyped programs not only cannot crash, but also are datarace free.
The structure of the proof was reworked so as to make it more modular. A paper, which emphasizes this modularity, has been submitted for presentation at a conference.
The new concurrent features have been integrated in the core library of Mezzo by Thibaut Balabonski. Further concurrent libraries have been included to provide more communication primitives, such as channels for message passing.
Jonathan Protzenko worked on formalizing the typechecking algorithms currently used in the Mezzo prototype compiler. This led to practical results in the form of improvements to the typechecker: we now typecheck more programs, and the success of the typechecker is more predictable as well. Some soundness bugs have been identified and fixed. The design of some of the language's features has been improved as well.
The formalization of the typechecker was presented at the IFL 2013 conference, and is to appear in the postsymposium proceedings in 2014.
We set out to promote Mezzo in the wild. Protzenko packaged the software to make it available widely via OPAM, wrote a tutorial for endusers [34] , communicated through blog posts about the language, and released the source code online for others to contribute.
We also spread the word about Mezzo through various seminar talks and discussions with other teams (CarnegieMellon university, Cambridge Computer Lab, Aarhus University, Brasilia University), and by communicating in international conferences (ICFP'13, FSFMA'13).
This year, two interns worked with us on Mezzo. Armaël Guéneau (L3; JuneJuly 2013) and Cyprien Mangin (M1; AprilJuly 2013) explored several experimental aspects of the language. In particular, Armaël worked on an encoding of iterators in an objectoriented style, which involves transfers of ownership and typestate changes; while Cyprien improved the treatment of arrays and implemented an experimental extension of Mezzo with arithmetic assertions. Armaël presented his work at the workshop HOPE 2013. This work is also described in a short unpublished paper [33] .
System F with coercion constraints
Participants : Julien Cretin, Didier Rémy.
Expressive type systems often allow non trivial conversions between types, which may lead to complex, challenging, and sometimes ad hoc type systems. Such examples are the extension of System F with type equalities to model GADTs and type families of Haskell, or the extension of System F with explicit contracts. A useful technique to simplify the metatheoretical studies of such systems is to make type conversions explicit as “coercions” inside terms.
Following a general approach to coercions, we extended System F with a richer typelevel language and a proposition language. Propositions contain a firstorder logic, a coinduction mechanism, coherence assertions and coercion assertions. Types are classified by kinds and extended in order to handle lists of types. We introduce a particular kind restricting a previous kind to its types satisfying a proposition. Abstracting over such a kind means abstracting over arbitrary propositions, and thus enables coercion abstraction. Type abstraction must be coherent: the kind of the abstract type has to be inhabited by a witness type. This language, called Fcc, extends our previous language parametric Fiota and additionally subsumes Constraint ML.
We also extended Fcc with incoherent polymorphism in order to model GADTs. Unlike coercions and thus coherent polymorphism, incoherent polymorphism is not erasable. But in counterpart, incoherent abstraction does not require the kind to be inhabited. Since abstracting over incoherent types permits to write unsound terms, incoherent abstraction has to block the reduction of terms.
This work is part of Julien Cretin's Ph.D. dissertation [11] , which will be defended in January 2014.
Type inference for GADTs
Participants : Jacques Garrigue [Nagoya University] , Didier Rémy.
Type inference for generalized algebraic data types (GADTs) is inherently non monotone: assuming more specific types for GADTs may ensure more invariants, which may result in more general types. This is problematic for type inference and some amount of type annotations is required.
Moreover, even when types of GADTs parameters are explicitly given, they introduce equalities between types, which makes them interconvertible but with a limited scope. This may create an ambiguity when leaving the scope of the equation: which element should be used for representing the equivalent forms? Idealy, one should use a type disjunction, but this is not allowed—for good reasons. Hence, to avoid arbitrary choices, these situations must be rejected as ambiguous, forcing the user to write more annotations to resolve the ambiguities.
We proposed a new approach to type inference with GADTs. While some uses of equations are unavoidable and create real ambiguities, others are gratuitous and create artificial ambiguities, To distinguish between the two we introduced ambivalent types, which are a way to trace unavoidable uses of equations within types themselves. We then redefined ambiguities so that only ambivalent types become ambiguous and should be rejected or resolved by a programmer annotation. Interestingly, this solution is fully compatible with unificationbased type inference algorithms used in ML dialects.
This work was presented at the APLAS 2013 conference [20] . It is also implemented in the OCaml language since version 4.00.
GADTs and Subtyping
Participants : Gabriel Scherer, Didier Rémy.
Following the addition of GADTs to the OCaml language in version 4.00 released this year, we studied the theoretical underpinnings of variance subtyping for GADTs. The question is to decide which variances should be accepted for a GADTstyle type declaration that includes type equality constraints in constructor types. This question exposes a new notion of decomposability and unexpected tensions in the design of a subtyping relation. A paper describing our formalization was presented at the ESOP 2013 conference [23] .
Singleton types for code inference
Participants : Gabriel Scherer, Didier Rémy.
We continued working on the use of singleton types for code inference. If we can prove that a type contains, in a suitably restricted pure lambdacalculus, a unique inhabitant modulo program equivalence, the compiler can infer the code of this inhabitant. This opens the way to typedirected description of boilerplate code, through type inference of finergrained type annotations. As this is still work in progress, there was no publication on this topic this year, but we presented our directions on three occasions: at the PLUME team in ENS Lyon, at the LIX team in École Polytechnique (whose proofsearch research is highly relevant to our work), and at the Dependently Typed Programming workshop (satellite of the International Conference on Functional Programming) in Boston.
Open closure types
Participants : Gabriel Scherer, Jan Hoffmann [Yale University, FLINT group] .
During a visit to Yale, Gabriel Scherer worked with Jan Hoffmann on a type system for program analysis of higherorder functional languages. Open closure types are a novel typing construct that lets the type system statically reason about closure variables present in the lexical context. This allows finegrained analysis (e.g., for resource consumption or informationflow control) of functional programming patterns such as function currying. This work was presented at the LPAR 2013 conference [22] (Logic for Programming, Artificial Intelligence, and Reasoning) in October.