Type Soundness and Race Freedom for Mezzo

International audienceThe programming language Mezzo is equipped with a rich type system that controls aliasing and access to mutable memory. We incorporate shared-memory concurrency into Mezzo and present a mod-ular formalization of its core type system, in the form of a concurrent λ-calculus, which we extend with references and locks. We prove that well-typed programs do not go wrong and are data-race free. Our definitions and proofs are machine-checked

The Meaning of Memory Safety

We give a rigorous characterization of what it means for a programming language to be memory safe, capturing the intuition that memory safety supports local reasoning about state. We formalize this principle in two ways. First, we show how a small memory-safe language validates a noninterference property: a program can neither affect nor be affected by unreachable parts of the state. Second, we extend separation logic, a proof system for heap-manipulating programs, with a memory-safe variant of its frame rule. The new rule is stronger because it applies even when parts of the program are buggy or malicious, but also weaker because it demands a stricter form of separation between parts of the program state. We also consider a number of pragmatically motivated variations on memory safety and the reasoning principles they support. As an application of our characterization, we evaluate the security of a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio

Understanding and evolving the Rust programming language

Rust is a young systems programming language that aims to fill the gap between high-level languages—which provide strong static guarantees like memory and thread safety—and low-level languages—which give the programmer fine-grained control over data layout and memory management. This dissertation presents two projects establishing the first formal foundations for Rust, enabling us to better understand and evolve this important language: RustBelt and Stacked Borrows. RustBelt is a formal model of Rust’s type system, together with a soundness proof establishing memory and thread safety. The model is designed to verify the safety of a number of intricate APIs from the Rust standard library, despite the fact that the implementations of these APIs use unsafe language features. Stacked Borrows is a proposed extension of the Rust specification, which enables the compiler to use the strong aliasing information in Rust’s types to better analyze and optimize the code it is compiling. The adequacy of this specification is evaluated not only formally, but also by running real Rust code in an instrumented version of Rust’s Miri interpreter that implements the Stacked Borrows semantics. RustBelt is built on top of Iris, a language-agnostic framework, implemented in the Coq proof assistant, for building higher-order concurrent separation logics. This dissertation begins by giving an introduction to Iris, and explaining how Iris enables the derivation of complex high-level reasoning principles from a few simple ingredients. In RustBelt, this technique is exploited crucially to introduce the lifetime logic, which provides a novel separation-logic account of borrowing, a key distinguishing feature of the Rust type system.Rust ist eine junge systemnahe Programmiersprache, die es sich zum Ziel gesetzt hat, die Lücke zu schließen zwischen Sprachen mit hohem Abstraktionsniveau, die vor Speicher- und Nebenläufigkeitsfehlern schützen, und Sprachen mit niedrigem Abstraktionsniveau, welche dem Programmierer detaillierte Kontrolle über die Repräsentation von Daten und die Verwaltung des Speichers ermöglichen. Diese Dissertation stellt zwei Projekte vor, welche die ersten formalen Grundlagen für Rust zum Zwecke des besseren Verständnisses und der weiteren Entwicklung dieser wichtigen Sprache legen: RustBelt und Stacked Borrows. RustBelt ist ein formales Modell des Typsystems von Rust einschließlich eines Korrektheitsbeweises, welcher die Sicherheit von Speicherzugriffen und Nebenläufigkeit zeigt. Das Modell ist darauf ausgerichtet, einige komplexe Komponenten der Standardbibliothek von Rust zu verifizieren, obwohl die Implementierung dieser Komponenten unsichere Sprachkonstrukte verwendet. Stacked Borrows ist eine Erweiterung der Spezifikation von Rust, die es dem Compiler ermöglicht, den Quelltext mit Hilfe der im Typsystem kodierten Alias-Informationen besser zu analysieren und zu optimieren. Die Tauglichkeit dieser Spezifikation wird nicht nur formal belegt, sondern auch an echten Programmen getestet, und zwar mit Hilfe einer um Stacked Borrows erweiterten Version des Interpreters Miri. RustBelt basiert auf Iris, welches die Konstruktion von Separationslogiken für beliebige Programmiersprachen im Beweisassistenten Coq ermöglicht. Diese Dissertation beginnt mit einer Einführung in Iris und erklärt, wie komplexe Beweismethoden mit Hilfe weniger einfacher Bausteine hergeleitet werden können. In RustBelt wird diese Technik für die Umsetzung der „Lebenszeitlogik“ verwendet, einer Erweiterung der Separationslogik mit dem Konzept von „Leihgaben“ (borrows), welche eine wichtige Rolle im Typsystem von Rust spielen.This research was supported in part by a European Research Council (ERC) Consolidator Grant for the project "RustBelt", funded under the European Union’s Horizon 2020 Framework Programme (grant agreement no. 683289)

Kindly Bent to Free Us

Systems programming often requires the manipulation of resources like file handles, network connections, or dynamically allocated memory. Programmers need to follow certain protocols to handle these resources correctly. Violating these protocols causes bugs ranging from type mismatches over data races to use-after-free errors and memory leaks. These bugs often lead to security vulnerabilities. While statically typed programming languages guarantee type soundness and memory safety by design, most of them do not address issues arising from improper handling of resources. An important step towards handling resources is the adoption of linear and affine types that enforce single-threaded resource usage. However, the few languages supporting such types require heavy type annotations. We present Affe, an extension of ML that manages linearity and affinity properties using kinds and constrained types. In addition Affe supports the exclusive and shared borrowing of affine resources, inspired by features of Rust. Moreover, Affe retains the defining features of the ML family: it is an impure, strict, functional expression language with complete principal type inference and type abstraction. Affe does not require any linearity annotations in expressions and supports common functional programming idioms.Comment: ICFP 202

“We are against Islam!”: The Lega Nord and the Islamic folk devil

© 2012 the Author(s). This article has been published under the terms of the Creative Commons Attribution License. Without requesting permission from the Author or SAGE, you may further copy, distribute, transmit, and adapt the article, with the condition that the Author and SAGE Open are in each case credited as the source of the article.Since 1995, the Italian Lega Nord (LN) political party has depicted itself as the defender of Padania, a territory that covers the mainly affluent regions of Northern Italy. Around this politico-spatial territory, the LN has shaped an identity based on the notion of Popolo Padano (the Padanian People). Since the new millennium, LN rhetoric has increasingly focused—stemming more from the demands of realpolitik than those of conviction—on opposing irregular immigration per se and, more specifically, Islam and Muslim immigration. In the eyes of the LN propagandists and their media, the theology of Islam and its practitioners represent a growing threat to the modern Italian and Padanian identity (and tradition). The LN has not been alone in using the media to oppose Islam; the Italian media has reinforced LN messages; Muslims are generally depicted as dangerous and compared with terrorists and their religion and culture are described as the opposite of Italian/West values. Something approximating to a “moral panic” around this issue has ensued. Integral to this are notions of morality combined with practices of moral entrepreneurship. What follows seeks to highlight the LN’s stereotypical depictions of Islam. This evaluation is important because the LN was a major player in former Prime Minister Silvio Berlusconi’s government (2008-2011) and is still a significant party among the Italian political spectrum. Integral to what follows are the following questions: “Is contemporary Islamic immigration a threat to the Italian (and Padanian) way of life?” and “Are the perceived threats to be found in the periodic uncertainties that societies suffer or might we need to search for wider processes?

Machine-Checked Semantic Session Typing

Session types- A family of type systems for message-passing concurrency-have been subject to many extensions, where each extension comes with a separate proof of type safety. These extensions cannot be readily combined, and their proofs of type safety are generally not machine checked, making their correctness less trustworthy. We overcome these shortcomings with a semantic approach to binary asynchronous affine session types, by developing a logical relations model in Coq using the Iris program logic. We demonstrate the power of our approach by combining various forms of polymorphism and recursion, asynchronous subtyping, references, and locks/mutexes. As an additional benefit of the semantic approach, we demonstrate how to manually prove typing judgements of racy, but safe, programs that cannot be type checked using only the rules of the type system. Programming Language

Competitive implications of cross-border banking

This paper reviews the recent literature on cross-border banking, with a focus on policy implications. Cross-border banking has increased sharply in recent decades, particularly in the form of entry, and has affected the development of financial systems, access to financial services, and stability. Reviewing the empirical literature, the author finds much, although not uniform, evidence that cross-border banking supports the development of an efficient and stable financial system that offers a wide access to quality financial services at low cost. But as better financial systems have more cross-border banking, the relationship between cross-border banking and competitiveness has to be carefully judged. While developing countries have some special conditions, provided a minimum degree of oversight is in place, they experience effects similar to industrial countries. There are some questions, though, on the effects of cross-border banking on lending based on softer information and on stability. Relevant experiences from capital markets show that the degree of cross-border financial activities can affect local market sustainability and there can be path dependency when opening up to cross-border competition. Reviewing the fast changing landscape of financial services provision, the author argues that cross-border banking highlights the increased importance of competition policy in financial services provision. This competition policy cannot be traditional, institutional based, but will need to resemble that used in other network industries. Furthermore, with globalization accelerating, competition policy will need to be global, supported by greater cross-border institutional collaboration and using the General Agreement on Trade in Services (GATS) process and the disciplines of the World Trade Organization. GATS can be of special value to developing countries as it provides a binding, pro-competition framework that has proven more difficult to establish otherwise.Banks&Banking Reform,Economic Theory&Research,Financial Intermediation,Knowledge Economy,Education for the Knowledge Economy