659 research outputs found
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Life of occam-Pi
This paper considers some questions prompted by a brief review of the history of computing. Why is programming so hard? Why is concurrency considered an “advanced” subject? What’s the matter with Objects? Where did all the Maths go? In searching for answers, the paper looks at some concerns over fundamental ideas within object orientation (as represented by modern programming languages), before focussing on the concurrency model of communicating processes and its particular expression in the occam family of languages. In that focus, it looks at the history of occam, its underlying philosophy (Ockham’s Razor), its semantic foundation on Hoare’s CSP, its principles of process oriented design and its development over almost three decades into occam-? (which blends in the concurrency dynamics of Milner’s ?-calculus). Also presented will be an urgent need for rationalisation – occam-? is an experiment that has demonstrated significant results, but now needs time to be spent on careful review and implementing the conclusions of that review. Finally, the future is considered. In particular, is there a future
CLASS: A Logical Foundation for Typeful Programming with Shared State
Software construction depends on imperative state sharing and concurrency, which are
naturally present in several application domains and are also exploited to improve the
structure and efficiency of computer programs. However, reasoning about concurrency
and shared mutable state is hard, error-prone and the source of many programming bugs,
such as memory leaks, data corruption, deadlocks and non-termination.
In this thesis, we develop CLASS: a core session-based language with a lightweight
substructural type system, that results from a principled extension of the propositions-astypes
correspondence with second-order classical linear logic. More concretely, CLASS
offers support for session-based communication, mutex-protected first-class reference cells,
dynamic state sharing, generic polymorphic algorithms, data abstraction and primitive
recursion.
CLASS expresses and types significant realistic programs, that manipulate memoryefficient
linked data structures (linked lists, binary search trees) with support for updates
in-place, shareable concurrent ADTs (counters, stacks, functional and imperative queues),
resource synchronisation methods (fork-joins, barriers, dining philosophers, generic corecursive
protocols). All of these examples are guaranteed to be safe, a result that follows
by the logical approach.
The linear logical foundations guarantee that well-typed CLASS programs do not
go wrong: they never deadlock on communication or reference cell acquisition, do not
leak memory and always terminate, even if they share complex data structures protected
by synchronisation primitives. Furthermore, since we follow a propositions-as-types
approach, we can reason about the behaviour of concurrent stateful processes by algebraic
program manipulation.
The feasibility of our approach is witnessed by the implementation of a type checker
and interpreter for CLASS, which validates and guides the development of many realistic
programs. The implementation is available with an open-source license, together with
several examples.A construção de software depende de estado partilhado imperativo e concorrência, que
estão naturalmente presentes em vários domínios de aplicação e que também são explorados
para melhorar o a estrutura e o desempenho dos programas. No entanto, raciocinar
sobre concorrência e estado mutável partilhado é difícil e propenso à introdução de erros e
muitos bugs de programação, tais como fugas de memória, corrupção de dados, programas
bloqueados e programas que não terminam a sua execução.
Nesta tese, desenvolvemos CLASS: uma linguagem baseada em sessões, com um
sistema de tipos leve e subestrutural, que resulta de uma extensão metodológica da
correspondência proposições-como-tipos com a lógica linear clássica de segunda ordem.
Mais concretamente, a linguagem CLASS oferece suporte para comunicação baseada em
sessões, células de memória protegidas com mutexes de primeira classe, partilha dinâmica
de estado, algoritmos polimórficos genéricos, abstração de dados e recursão primitiva.
A linguagem CLASS expressa e tipifica programas realistas significativos, que manipulam
estruturas de dados ligadas eficientes (listas ligadas, árvores de pesquisa binária)
suportando actualização imperativa local, TDAs partilhados e concorrentes (contadores,
pilhas, filas funcionais e imperativas), métodos de sincronização e partilha de recursos
(bifurcar-juntar, barreiras, jantar de filósofos, protocolos genéricos corecursivos). Todos
estes exemplos são seguros, uma garantia que resulta da nossa abordagem lógica.
Os fundamentos, baseados na lógica linear, garantem que programas em CLASS bem
tipificados não incorrem em erros: nunca bloqueiam, quer na comunicação, quer na
aquisição de células de memória, nunca causam fugas de memória e terminam sempre,
mesmo que compartilhem estruturas de dados complexas protegidas por primitivas de
sincronização. Além disso, uma vez que seguimos uma abordagem de proposições-comotipos,
podemos raciocinar sobre o comportamento de processos concorrentes, que usam
estado, através de manipulação algébrica.
A viabilidade da nossa abordagem é evidenciada pela implementação de um verificador
de tipos e interpretador para a linguagem CLASS, que valida e orienta o desenvolvimento
de vários programs realistas. A implementação está disponível com uma licença
de acesso livre, juntamente com inúmeros exemplos
Polymorphic Typestate for Session Types
Session types provide a principled approach to typed communication protocols
that guarantee type safety and protocol fidelity. Formalizations of
session-typed communication are typically based on process calculi, concurrent
lambda calculi, or linear logic. An alternative model based on
context-sensitive typing and typestate has not received much attention due to
its apparent restrictions. However, this model is attractive because it does
not force programmers into particular patterns like continuation-passing style
or channel-passing style, but rather enables them to treat communication
channels like mutable variables. Polymorphic typestate is the key that enables
a full treatment of session-typed communication. Previous work in this
direction was hampered by its setting in a simply-typed lambda calculus. We
show that higher-order polymorphism and existential types enable us to lift the
restrictions imposed by the previous work, thus bringing the expressivity of
the typestate-based approach on par with the competition. On this basis, we
define PolyVGR, the system of polymorphic typestate for session types,
establish its basic metatheory, type preservation and progress, and present a
prototype implementation.Comment: 29 pages. Short version appears in PPDP 202
Regulating Data Exchange in Service Oriented Applications
We define a type system for COWS, a formalism for specifying and combining services, while modelling their dynamic behaviour. Our types permit to express policies constraining data exchanges in terms of sets of service partner names attachable to each single datum. Service programmers explicitly write only the annotations necessary to specify the wanted policies for communicable data, while a type inference system (statically) derives the minimal additional annotations that ensure consistency of services initial configuration. Then, the language dynamic semantics only performs very simple checks to authorize or block communication. We prove that the type system and the operational semantics are sound. As a consequence, we have the following data protection property: services always comply with the policies regulating the exchange of data among interacting services. We illustrate our approach through a simplified but realistic scenario for a service-based electronic marketplace
Multi-modal meaning – An empirically-founded process algebra approach
Humans communicate with different modalities. We offer an account of multi-modal meaning coordination, taking speech-gesture meaning coordination as a prototypical case. We argue that temporal synchrony (plus prosody) does not determine how to coordinate speech meaning and gesture meaning. Challenging cases are asynchrony and broadcasting cases, which are illustrated with empirical data. We propose that a process algebra account satisfies the desiderata. It models gesture and speech as independent but concurrent processes that can communicate flexibly with each other and exchange the same information more than once. The account utilizes the psi-calculus, allowing for agents, input-output-channels, concurrent processes, and data transport of typed lambda-terms. A multi-modal meaning is produced integrating speech meaning and gesture meaning into one semantic package. Two cases of meaning coordination are handled in some detail: the asynchrony between gesture and speech, and the broadcasting of gesture meaning across several dialogue contributions. This account can be generalized to other cases of multi-modal meaning
CaSPiS: A Calculus of Sessions, Pipelines and Services
Service-oriented computing is calling for novel computational models and languages with well
disciplined primitives for client-server interaction, structured orchestration and unexpected events handling. We present CaSPiS, a process calculus where the conceptual abstractions of sessioning and pipelining play a central role for modelling service-oriented systems. CaSPiS sessions are two-sided, uniquely named and can be nested. CaSPiS pipelines permit orchestrating the flow of data produced by different sessions. The calculus is also equipped with operators for handling (unexpected) termination of the partner’s side of a session. Several examples are presented to provide evidence of the flexibility of the chosen set of primitives. One key contribution is a fully abstract encoding of Misra et al.’s orchestration language Orc. Another main result shows that in CaSPiS it is possible to program a “graceful termination” of nested sessions, which guarantees that no session is forced to hang forever after the loss of its partner
- …