Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP...
Transcript of Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP...
![Page 1: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/1.jpg)
Well-typed programs can’t be blamed(ESOP 2009)
Robert Bruce FindlerNorthwestern University
Philip WadlerUniversity of Edinburgh
![Page 2: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/2.jpg)
Collaborators
Ahmal AhmedNortheastern University
Robert Bruce FindlerNorthwestern University
Jacob MatthewsGoogle
Jeremy SiekUniversity of Colorado at Boulder
![Page 3: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/3.jpg)
![Page 4: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/4.jpg)
![Page 5: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/5.jpg)
![Page 6: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/6.jpg)
A repeated theme
Thatte (1988):Partial types
Henglein (1994):Dynamic typing
Findler and Felleisen (2002):Contracts
Flanagan (2006):Hybrid types
Siek and Taha (2006):Gradual types
![Page 7: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/7.jpg)
A repeated theme
Dynamics in .Net (C#, Visual Basic)
Perl 6.0
Javascript
Dart
![Page 8: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/8.jpg)
Part I
Evolving a program
![Page 9: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/9.jpg)
An untyped program
dletx = 2
f = λy. y + 1
h = λg. g (g x)
in
h fe−→d4e
![Page 10: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/10.jpg)
A typed program
let
x = 2
f = λy : Int. y + 1
h = λg : Int→ Int. g (g x)
in
h f
−→4 : Int
![Page 11: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/11.jpg)
A partly typed program—narrowing
let
x = 2
f = dλy. y + 1e : ?p⇒ Int→ Int
h = λg : Int→ Int. g (g x)
in
h f
−→4 : Int
![Page 12: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/12.jpg)
A partly typed program—narrowing
let
x = 2
f = dλy.falsee : ?p⇒ Int→ Int
h = λg : Int→ Int. g (g x)
in
h f
−→blame p
Positive (covariant): blame the term contained in the cast
![Page 13: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/13.jpg)
Another partly typed program—widening
let
x = d2ef = (λy : Int. y + 1) : Int→ Int
p⇒ ?
h = dλg. g (g x)ein
dh fe−→d4e
![Page 14: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/14.jpg)
Another partly typed program—widening
let
x = dtrueef = (λy : Int. y + 1) : Int→ Int
p⇒ ?
h = dλg. g (g x)ein
dh fe−→blame p̄
Negative (contravariant): blame the context containg the cast
![Page 15: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/15.jpg)
Part II
Untyped and supertyped
![Page 16: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/16.jpg)
Untyped = Uni-typed
dxe = x
dce = c : Ap⇒ ? if ty(c) = A
dop( ~M)e = op(d ~Me : ~?~p⇒ ~A) : B
p⇒ ? if ty(op) = ~A→ B
dλx.Ne = (λx : ?. dNe) : ?→ ?⇒ ?
dLMe = (dLe : ?p⇒ ?→ ?) dMe
(slogan due to Bob Harper)
![Page 17: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/17.jpg)
Contracts
Nat = {x : Int | x ≥ 0}
let
x = 2 : Intp⇒ Nat
f = (λy : Int. y + 1) : Int→ Intq⇒ Nat→ Nat
h = λg : Nat→ Nat. g (g x)
in
h f
−→4 : Nat
![Page 18: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/18.jpg)
Part III
The Blame Game
![Page 19: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/19.jpg)
Blame
d2e : ?p⇒ Int
=
2 : Int⇒ ?p⇒ Int
−→2
dtruee : ?p⇒ Int
=
true : Bool⇒ ?p⇒ Int
−→blame p
![Page 20: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/20.jpg)
The Blame Game—widening
((λy : Int. y + 1) : Int→ Intp⇒ ?→ ?) d2e
−→(λy : Int. y + 1) (d2e : ?
p⇒ Int) : Intp⇒ ?
−→d3e
![Page 21: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/21.jpg)
The Blame Game—widening
((λy : Int. y + 1) : Int→ Intp⇒ ?→ ?) dtruee
−→(λy : Int. y + 1) (dtruee : ?
p⇒ Int) : Intp⇒ ?
−→blame p
Widening can give rise to negative blame, but never positive blame
![Page 22: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/22.jpg)
The Blame Game—narrowing
((λy : ?. dy + 1e) : ?→ ?p⇒ Int→ Int) 2
−→(λy : ?. dy + 1e) (2 : Int
p⇒ ?) : ?p⇒ Int
−→3
![Page 23: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/23.jpg)
The Blame Game—narrowing
((λy : ?. dfalsee) : ?→ ?p⇒ Int→ Int) 2
−→(λy : ?. dfalsee) (2 : Int
p⇒ ?) : ?p⇒ Int
−→blame p
Narrowing can give rise to positive blame, but never negative blame
![Page 24: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/24.jpg)
Part IV
And now a word from our sponsor
![Page 25: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/25.jpg)
![Page 26: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/26.jpg)
![Page 27: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/27.jpg)
![Page 28: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/28.jpg)
Part V
Blame calculus in detail
![Page 29: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/29.jpg)
Notation
It took us four years to find the right notation!
〈A⇒ B〉p s〈B ⇐ A〉p ss : A
p⇒ B
We want composition to be easy to read:
〈B ⇒ C〉q 〈A⇒ B〉p s〈C ⇐ B〉q 〈B ⇐ A〉p ss : A
p⇒ B : Bq⇒ C
And there is a convenient abbreviation:
s : Ap⇒ B
q⇒ C
![Page 30: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/30.jpg)
Syntax
Blame labels p, q
Base types ι
Types A,B,C ::= ι | A→ B | ?Ground types G,H ::= ι | ?→ ?
Terms s, t ::= c | op(~t ) | x | λx:A. t | t s |s : A
p⇒ B | s : G⇒ ? | blame pEnvironments Γ ::= · | Γ, x : A
Values v, w ::= c | λx:A. t | v : G⇒ ?
Contexts E ::= [·] | op(~v, E,~t ) | E s | v E |E : A
p⇒ B | E : G⇒ ?
![Page 31: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/31.jpg)
Blame calculus: Compatibility
A ≺ A A ≺ ? ? ≺ B
A′ ≺ A B ≺ B′
A→ B ≺ A′ → B′
![Page 32: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/32.jpg)
Types
ty(c) = ι
Γ ` c : ι
Γ ` ~t : ~A ty(op) = ~A→BΓ ` op(~t ) : B
x : A ∈ Γ
Γ ` x : A
Γ, x : A ` t : B
Γ ` λx:A. t : A→BΓ ` t : A→B Γ ` s : A
Γ ` t s : B
Γ ` s : A A ≺ B
Γ ` (s : Ap⇒ B) : B
Γ ` s : G
Γ ` (s : G⇒ ?) : ?
Γ ` blame p : A
![Page 33: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/33.jpg)
Beta, Delta
(λx:A. t) v −→ t[x := v]
op(~v ) −→ δ(op, ~v )
![Page 34: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/34.jpg)
Wrap
v : A→B p⇒ A′→B′ −→ λx′:A′. (v (x′ : A′p⇒ A) : B
p⇒ B′)
![Page 35: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/35.jpg)
Id, Ground, Collapse, Conflict
v : ιp⇒ ι −→ v
v : Ap⇒ ? −→ v : A
p⇒ G⇒ ? if A ≺ G and A 6= ?
v : G⇒ ?p⇒ A −→ v : G
p⇒ A if G ≺ A
v : G⇒ ?p⇒ A −→ blame p if G 6≺ A
![Page 36: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/36.jpg)
Contextual closure
s−→ t
E[s]−→ E[t]
E 6= [·]E[blame p]−→ blame p
![Page 37: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/37.jpg)
Part VI
Subtyping
<: <:+ <:− <:n
![Page 38: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/38.jpg)
Subtype
? <: ?
ι <: ι
A <: G
A <: ?
A′ <: A B <: B′
A→ B <: A′ → B′
Example:
Int <: Int
Int <: ?
Int <: Int
Int <: ?
?→ Int <: Int→ ?
![Page 39: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/39.jpg)
Positive subtype—widening
A <:+ ?
ι <: ι
A′ <:− A B <:+ B′
A→ B <:+ A′ → B′
Example:
? <:− Int Int <:+ ?
Int→ Int <: ?→ ?
![Page 40: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/40.jpg)
Negative subtype—narrowing
? <:− A
ι <: ι
A <:− G
A <:− ?
A′ <:+ A B <:− B′
A→ B <:− A′ → B′
Example:
Int <:+ ? ? <:− Int
?→ ? <:− Int→ Int
![Page 41: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/41.jpg)
Naive subtype
A <:n ?
ι <:n ι
A <:n A′ B <:n B
′
A→ B <:n A′ → B′
Example:
Int <:n ? Int <:n ?
Int→ Int <: ?→ ?
![Page 42: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/42.jpg)
Part VII
The Blame Theorem
![Page 43: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/43.jpg)
Safety
x sf p
t sf pλx. t sf p
s sf p t sf ps t sf p
s sf p A <:+ B
s : Ap⇒ B sf p
s sf p A <:− B
s : Ap⇒ B sf p
s sf p p 6= q p̄ 6= q
s : Aq⇒ B sf p
![Page 44: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/44.jpg)
The Blame Theorem
PreservationIf s sf p and s−→ t then t sf p.
ProgressIf s sf p then s 6−→ blame p.
![Page 45: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/45.jpg)
![Page 46: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/46.jpg)
The First Tangram Theorem
A <: B if and only if A <:+ B and A <:− B
The First Blame CorollaryLet t be a term where s : A
p⇒ B is the only subterm with label p. IfA <: B then t 6−→ blame p and t 6−→ blame p̄.
![Page 47: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/47.jpg)
The Second Tangram Theorem
A <:n B if and only if A <:+ B and B <:− A
The Second Blame CorollaryLet t be a term where s : A
p⇒ B is the only subterm with label p. IfA <:n B then t 6−→ blame p.
Let t be a term where s : Ap⇒ B is the only subterm with label p. If
B <:n A then t 6−→ blame p.
![Page 48: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/48.jpg)
Part VIII
Conclusion
![Page 49: Well-typed programs can’t be blamed (ESOP 2009) · Well-typed programs can’t be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh](https://reader033.fdocuments.net/reader033/viewer/2022042100/5e7c57e2bfdfb06d7b179fd1/html5/thumbnails/49.jpg)
A new slogan for type safety
Milner (1978):Well-typed programs can’t go wrong.
Felleisen and Wright (1994); Harper (2002):Well-typed programs don’t get stuck.
Wadler and Findler (2008):Well-typed programs can’t be blamed.