61 research outputs found
Towards a Java Subtyping Operad
The subtyping relation in Java exhibits self-similarity. The self-similarity
in Java subtyping is interesting and intricate due to the existence of wildcard
types and, accordingly, the existence of three subtyping rules for generic
types: covariant subtyping, contravariant subtyping and invariant subtyping.
Supporting bounded type variables also adds to the complexity of the subtyping
relation in Java and in other generic nominally-typed OO languages such as C#
and Scala. In this paper we explore defining an operad to model the
construction of the subtyping relation in Java and in similar generic
nominally-typed OO programming languages. Operads, from category theory, are
frequently used to model self-similar phenomena. The Java subtyping operad, we
hope, will shed more light on understanding the type systems of generic
nominally-typed OO languages.Comment: 13 page
Java & Lambda: a Featherweight Story
We present FJ&, a new core calculus that extends Featherweight Java
(FJ) with interfaces, supporting multiple inheritance in a restricted form,
-expressions, and intersection types. Our main goal is to formalise
how lambdas and intersection types are grafted on Java 8, by studying their
properties in a formal setting. We show how intersection types play a
significant role in several cases, in particular in the typecast of a
-expression and in the typing of conditional expressions. We also
embody interface \emph{default methods} in FJ&, since they increase
the dynamism of -expressions, by allowing these methods to be called
on -expressions.
The crucial point in Java 8 and in our calculus is that -expressions
can have various types according to the context requirements (target types):
indeed, Java code does not compile when -expressions come without
target types. In particular, in the operational semantics we must record target
types by decorating -expressions, otherwise they would be lost in the
runtime expressions.
We prove the subject reduction property and progress for the resulting
calculus, and we give a type inference algorithm that returns the type of a
given program if it is well typed. The design of FJ& has been driven
by the aim of making it a subset of Java 8, while preserving the elegance and
compactness of FJ. Indeed, FJ& programs are typed and behave the same
as Java programs
Information Flow Control-by-Construction for an Object-Oriented Language Using Type Modifiers
In security-critical software applications, confidential information must be
prevented from leaking to unauthorized sinks. Static analysis techniques are
widespread to enforce a secure information flow by checking a program after
construction. A drawback of these systems is that incomplete programs during
construction cannot be checked properly. The user is not guided to a secure
program by most systems. We introduce IFbCOO, an approach that guides users
incrementally to a secure implementation by using refinement rules. In each
refinement step, confidentiality or integrity (or both) is guaranteed alongside
the functional correctness of the program, such that insecure programs are
declined by construction. In this work, we formalize IFbCOO and prove soundness
of the refinement rules. We implement IFbCOO in the tool CorC and conduct a
feasibility study by successfully implementing case studies
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Wiring Circuits Is Easy as {0,1,ω}, or Is It...
Quantitative Type-Systems support fine-grained reasoning about term usage in our programming languages. Hardware Design Languages are another style of language in which quantitative typing would be beneficial. When wiring components together we must ensure that there are no unused ports, dangling wires, or accidental fan-ins and fan-outs. Although many wire usage checks are detectable using static analysis tools, such as Verilator, quantitative typing supports making these extrinsic checks an intrinsic aspect of the type-system. With quantitative typing of bound terms, we can provide design-time checks that all wires and ports have been used, and ensure that all wiring decisions are explicitly made, and are neither implicit nor accidental.
We showcase the use of quantitative types in hardware design languages by detailing how we can retrofit quantitative types onto SystemVerilog netlists, and the impact that such a quantitative type-system has when creating designs. Netlists are gate-level descriptions of hardware that are produced as the result of synthesis, and it is from these netlists that hardware is generated (fabless or fabbed). First, we present a simple structural type-system for a featherweight version of SystemVerilog netlists that demonstrates how we can type netlists using standard structural techniques, and what it means for netlists to be type-safe but still lead to ill-wired designs. We then detail how to retrofit the language with quantitative types, make the type-system sub-structural, and detail how our new type-safety result ensures that wires and ports are used once.
Our ideas have been proven both practically and formally by realising our work in Idris2, through which we can construct a verified language implementation that can type-check existing designs. From this work we can look to promote quantitative typing back up the synthesis chain to a more comprehensive hardware description language; and to help develop new and better hardware description languages with quantitative typing
- …