Information flow analysis for a dynamically typed language with staged metaprogramming

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly dynamic nature of the language, particularly its support for runtime code generation via eval. In order to deal with this, we propose to investigate security analyses for languages with more principled forms of dynamic code generation. To this end, we present a static information flow analysis for a dynamically typed functional language with prototype-based inheritance and staged metaprogramming. We prove its soundness, implement it and test it on various examples designed to show its relevance to proving security properties, such as noninterference, in JavaScript. To demonstrate the applicability of the analysis, we also present a general method for transforming a program using eval into one using staged metaprogramming. To our knowledge, this is the first fully static information flow analysis for a language with staged metaprogramming, and the first formal soundness proof of a CFA-based information flow analysis for a functional programming language

A Global Workspace perspective on mental disorders

Recent developments in Global Workspace theory suggest that human consciousness can suffer interpenetrating dysfunctions of mutual and reciprocal interaction with embedding environments which will have early onset and often insidiously staged developmental progression, possibly according to a cancer model. A simple rate distortion argument implies that, if an external information source is pathogenic, then sufficient exposure to it is sure to write a sufficiently accurate image of it on mind and body in a punctuated manner so as to initiate or promote simililarly progressively punctuated developmental disorder. There can, thus, be no simple, reductionist brain chemical 'bug in the program' whose 'fix' can fully correct the problem. On the contrary, the growth of an individual over the life course, and the inevitable contact with a toxic physical, social, or cultural environment, can be expected to initiate developmental problems which will become more intrusive over time, most obviously according to some damage accumulation model, but likely according to far more subtle, highly punctuated, schemes analogous to tumorigenesis. The key intervention, at the population level, is clearly to limit such exposures, a question of proper environmental sanitation, in a large sense, a matter of social justice which has long been understood to be determined almost entirely by the interactions of cultural trajectory, group power relations, and economic structure, with public policy. Intervention at the individual level appears limited to triggering or extending periods of remission, as is the case with most cancers

αCheck: a mechanized metatheory model-checker

The problem of mechanically formalizing and proving metatheoretic properties of programming language calculi, type systems, operational semantics, and related formal systems has received considerable attention recently. However, the dual problem of searching for errors in such formalizations has attracted comparatively little attention. In this article, we present $\alpha$Check, a bounded model-checker for metatheoretic properties of formal systems specified using nominal logic. In contrast to the current state of the art for metatheory verification, our approach is fully automatic, does not require expertise in theorem proving on the part of the user, and produces counterexamples in the case that a flaw is detected. We present two implementations of this technique, one based on negation-as-failure and one based on negation elimination, along with experimental results showing that these techniques are fast enough to be used interactively to debug systems as they are developed.Comment: Under consideration for publication in Theory and Practice of Logic Programming (TPLP