Layered Modal ML: Syntax and Full Abstraction

MetaML-style metaprogramming languages allow programmers to construct, manipulate and run code. In the presence of higher-order references for code, ensuring type safety is challenging, as free variables can escape their binders. In this paper, we present Layered Modal ML (LMML), \textit{the first metaprogramming language that supports storing and running open code under a strong type safety guarantee}. The type system utilises contextual modal types to track and reason about free variables in code explicitly. A crucial concern in metaprogramming-based program optimisations is whether the optimised program preserves the meaning of the original program. Addressing this question requires a notion of program equivalence and techniques to reason about it. In this paper, we provide a semantic model that captures contextual equivalence for LMML, establishing \textit{the first full abstraction result for an imperative MetaML-style language}. Our model is based on traces derived via operational game semantics, where the meaning of a program is modelled by its possible interactions with the environment. We also establish a novel closed instances of use theorem that accounts for both call-by-value and call-by-name closing substitutions.

💡 Research Summary

The paper introduces Layered Modal ML (LMML), the first metaprogramming language that safely stores and runs open code in the presence of higher‑order references. Traditional quotation‑based systems such as MetaML guarantee “once‑and‑for‑all” type safety only when generated code is closed; once higher‑order references can hold code values, free variables may escape their binders, breaking safety at runtime (as illustrated by a MetaOCaml example).

LMML solves this by pairing two primitives: box and letbox. The box M construct turns any term M of type T in context Γ into a code value of type □(Γ ⊢ T). This type records both the term’s result type and the exact typing environment it depends on. The letbox u ← M₁ in M₂ construct unpacks a boxed term, binding the extracted code to a global variable u. Crucially, every occurrence of u in M₂ must be accompanied by an explicit substitution δ that supplies concrete values for all free variables required by M₁. This guarantees that even if a code value is stored in a mutable reference, it can never be executed without a closing substitution, eliminating any possibility of free‑variable leakage.

The type system is built on contextual modal types (a form of contextual types). Each boxed value carries a description of the variables it expects, e.g., □(x:Ref Int ⊢ Int → Int). When such a value is stored or passed around, the type system forces the programmer to provide a matching substitution before execution, thereby preserving safety even with mutable state.

LMML distinguishes two kinds of variables: local variables bound by λ‑abstractions (substituted by values, call‑by‑value) and global variables bound by letbox (substituted by code, call‑by‑name). This distinction leads to a Closed Instances of Use (CIU) theorem that simultaneously handles call‑by‑value and call‑by‑name closing substitutions. For locals, CIU quantifies over all value substitutions; for globals, it quantifies over all code substitutions. The theorem shows that contextual equivalence coincides with equivalence under all closed evaluation contexts, heaps, and appropriate substitutions, dramatically simplifying reasoning about program equality.

To capture program behaviour, the authors develop an operational game‑semantic trace model. Interaction between a program and its environment is recorded as a sequence of actions (calls, returns, run, box, etc.). Each action is a triple (name, heap, substitution). Names are abstract identifiers for functions or boxed code, not source‑level identifiers, allowing the model to represent higher‑order functions and references uniformly. Importantly, the model introduces box names to represent code values, enabling traces to reflect the creation, transmission, and execution of open code.

The central results are Theorem 4 (Correctness) and Corollary 1 (Definability), establishing that the trace set Tr(M) precisely characterises the observable behaviour of M. Consequently, the model is fully abstract: two programs have identical trace sets iff they are contextually equivalent. This is the first full‑abstraction result for an imperative MetaML‑style language.

The paper demonstrates the utility of the model through several examples. A staged version of the classic power function (power_staged) is shown to be contextually equivalent to the naïve recursive version, despite having a different internal structure, because both generate the same set of traces. Another example encodes the modal logic axiom □(p → q) → □p → □q, illustrating how complex interactions involving multiple boxed values and mutable references are faithfully captured by the trace semantics.

A comparative table positions LMML against prior systems (MetaOCaml, Template Haskell, refined environment classifiers, etc.). LMML uniquely supports both storing and running open code while maintaining type safety in the presence of higher‑order references, without requiring a separate type‑checking phase for generated code.

The related‑work discussion notes that earlier full‑abstraction results have been limited to pure functional languages or to MetaML variants without mutable state. By integrating higher‑order references, contextual modal types, and a game‑semantic model, LMML fills a significant gap. The authors outline future directions such as multi‑level modal extensions, effect‑system integration, and automated verification of metaprogramming optimisations.

In summary, the paper delivers a comprehensive solution to the longstanding problem of safely handling open code with mutable references. It introduces a novel type system based on contextual modal types, proves a robust CIU approximation, and constructs a fully abstract operational game‑semantic model. LMML thus advances the theory of safe metaprogramming and provides a solid foundation for future research on optimising and reasoning about staged, imperative programs.