A Computationally Sound Call-By-Value Module Calculus

We present a call-by-value module calculus that serves as a framework for formal reasoning about simple module transformations. The calculus is stratified into three levels: a term calculus, a core module calculus, and a linking calculus. At each level, we define both a calculus reduction relation and a small-step operational semantics and relate them by a computational soundness property: if two terms are equivalent in the calculus, then they have the same observable outcome in the operational semantics. This result is interesting because recursive module bindings thwart confluence at two levels of our calculus and prohibit application of the traditional technique for showing computational soundness, which requires confluence (in addition to other properties, the most important being standardization). We show that it is sufficient to replace confluence by a weaker property that we call confluence with respect to evaluation. We introduce a new technique for proving computational soundness based on a pair of related properties that we call lift and project. The project property, under certain conditions, implies confluence with respect to evaluation, while the lift property is equivalent to standardization. In our multi-layer calculus, terms at one level serve as components of terms at the same or higher level. This leads to a notion of embedding: calculus X is embedded in calculus Y if calculus steps of X are preserved when wrapped in a context of Y . Two terms in X have the same meaning with respect to Y if they have the same observational outcome in all contexts of Y . In our framework, computational soundess of Y implies an observational soundness property: two terms that are equivalent in X have the same meaning with respect to Y . Thus, calculus-based transformations in one calculus are meaning preserving in any embedding calculus. Our modules have both public and private components. We formalize the notion of privacy by identifying modules up to alpha-renaming of hidden (i.e., private) labels. Because of this identification, module linking can be defined without the need to resolve naming conflicts between the hidden labels of two modules. In addition to alpha-renaming at the core module level, we also formalize alpha-renaming in namespaces at the term and linking levels of our calculus. This is important, because many properties of our module calculus hold only for alpha-equivalence classes of terms and not for concrete terms. A particularly important domain for module transformations is link-time compilation, where many optimization opportunities are not apparent until two modules are linked together. We present a simple model of link-time compilation and introduce the weak distributivity property for a meaning-preserving transformation T operating on modules D1 and D2 linked by ⊕: T (D1 ⊕ D2) = T (T (D1) ⊕ T (D2)). We argue that this property finds promising candidates for link-time optimizations, and present simple conditions that imply weak distributivity. We use these to demonstrate that some meaning preserving module transformations are weakly distributive. This reports expands upon our earlier work reported in [MT00]. We make several corrections to the earlier work, the most important of which concerns the rule for garbage collection at the core module level. Our rigorus treatment of alpha renaming in this report allows us to improve the treatment of several linking operations and simplify the characterization of term behavior.