Parametric Polymorphism through Run-Time Sealing or, Theorems for Low, Low Prices! Jacob Matthews 1 and Amal Ahmed 2 1 University of Chicago jacobm@cs.uchicago.edu 2 Toyota Technological Institute at Chicago amal@tti-c.org Abstract. We show how to extend System F’s parametricity guarantee to a Matthews-Findler-style multi-language system that combines System F with an untyped language by use of dynamic sealing. While the use of sealing for this purpose has been suggested before, it has never been proven to preserve para- metricity. In this paper we prove that it does using step-indexed logical relations. Using this result we show a scheme for implementing parametric higher-order contracts in an untyped setting which corresponds to a translation given by Sumii and Pierce. These contracts satisfy rich enough guarantees that we can extract analogues to Wadler’s free theorems that rely on run-time enforcement of dy- namic seals. 1 Introduction There have been two major strategies for hiding the implementation details of one part of a program from its other parts: the static approach and the dynamic approach. The static approach can be summarized by the slogan “information hiding = paramet- ric polymorphism.” In it, the language’s type system is equipped with a facility such as existential types so that it can reject programs in which one module makes unwarranted assumptions about the internal details of another, even if those assumptions happen to be true. This approach rests on Reynolds’ notion of abstraction [1], later redubbed the “parametricity” theorem by Wadler [2]. The dynamic approach, which goes back to Morris [3], can be summarized by the alternate slogan “information hiding = local scope + generativity.” Rather than statically rejecting programs that make unwarranted assumptions, the dynamic approach simply takes away programs’ ability to see if those assumptions are correct. It allows a pro- grammer to dynamically seal values by creating unique keys (create-seal : → key) and using those keys with locking and unlocking operations (seal : v × key → opaque and unseal : opaque × key → v respectively). A value locked with a particular key is opaque to third parties: nothing can be done but unlock it with the same key. Here is a simple implementation written in Scheme, where gensym is a function that generates a new, completely unique symbol every time it is called: (define (create-seal)(gensym)) (define (seal v s1)(λ (s2)(if (eq? s1 s2) v (error)))) (define (unseal sealed-v s)(sealed-v s)) S. Drossopoulou (Ed.): ESOP 2008, LNCS 4960, pp. 16–31, 2008. c  Springer-Verlag Berlin Heidelberg 2008