Acute: high-level programming language design for distributed computation

Existing languages provide good support for typeful programming of standalone programs. In a distributed system, however, there may be interaction between multiple instances of many distinct programs, sharing some (but not necessarily all) of their module structure, and with some instances rebuilt with new versions of certain modules as time goes on. In this paper we discuss programming language support for such systems, focussing on their typing and naming issues. We describe an experimental language, Acute, which extends an ML core to support distributed development, deployment, and execution, allowing type-safe interaction between separately-built programs. The main features are: (1) type-safe marshalling of arbitrary values; (2) type names that are generated (freshly and by hashing) to ensure that type equality tests suffice to protect the invariants of abstract types, across the entire distributed system; (3) expression-level names generated to ensure that name equality tests suffice for type-safety of associated values, e.g. values carried on named channels; (4) controlled dynamic rebinding of marshalled values to local resources; and (5) thunkification of threads and mutexes to support computation mobility. These features are a large part of what is needed for typeful distributed programming. They are a relatively lightweight extension of ML, should be efficiently implementable, and are expressive enough to enable a wide variety of distributed infrastructure layers to be written as simple library code above the byte-string network and persistent store APIs. This disentangles the language runtime from communication intricacies. This paper highlights the main design choices in Acute. It is supported by a full language definition (of typing, compilation, and operational semantics), by a prototype implementation, and by example distribution libraries

Non-reformist reform for Haskell Modularity

In this thesis, I present Backpack, a new language for building separately-typecheckable packages on top of a weak module system like Haskell’s. The design of Backpack is the first to bring the rich world of type systems to the practical world of packages via mixin modules. It’s inspired by the MixML module calculus of Rossberg and Dreyer but by choosing practicality over expressivity Backpack both simplifies that semantics and supports a flexible notion of applicative instantiation. Moreover, this design is motivated less by foundational concerns and more by the practical concern of integration into Haskell. The result is a new approach to writing modular software at the scale of packages.Modulsysteme wie die in Haskell erlauben nur eine weiche Art der Modularität, in dem Modulimplementierungen direkt von anderen Implementierungen abhängen und in dieser Abhängigkeitsreihenfolge verarbeitet werden müssen. Modulsysteme wie die in ML andererseits erlauben eine kräftige Art der Modularität, in dem explizite Schnittstellen Vermutungen über Abhängigkeiten ausdrücken und jeder Modultyp überprüft und unabhängig ergründet werden kann. In dieser Dissertation präsentiere ich Backpack, eine neue Sprache zur Entwicklung separattypenüberprüfbarer Pakete über einem weichen Modulsystem wie Haskells. Das Design von Backpack überführt erstmalig die reichhaltige Welt der Typsysteme in die praktische Welt der Pakete durch Mixin-Module. Es wird von der MixML-Kalkulation von Rossberg und Dreyer angeregt. Backpack vereinfacht allerdings diese Semantik durch die Auswahl von Anwendbarkeit statt Expressivität und fördert eine flexible Art von geeigneter Applicative- Instantiierung. Zudem wird dieses Design weniger von grundlegenden Anliegen als von dem praktischen Anliegen der Eingliederung in Haskell begründet. Die Semantik von Backpack wird durch die Ausarbeitung in Mengen von Haskell-Modulen und „binary interface files“ definiert, und zeigt so, wie Backpack Interoperabilität mit Haskell erhält, während Backpack es mit Schnittstellen nachrüstet. In meiner Formalisierung Backpacks präsentiere ich ein neuartiges Typsystem für Haskellmodule und überprüfe einen entscheidenen Korrektheitssatz, um die Semantik von Backpack zu validieren.Max Planck Institute for Software Systems (MPI-SWS

AndroShield:automated Android applications vulnerability detection, a hybrid static and dynamic analysis approach

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution

Staattisesti tyypitetyt ohjelmointikielet JavaScript-ekosysteemissä: tyyppijärjestelmien näkökulma

JavaScript is a ubiquitous programming language with usage in web, mobile applications and server software. The status of the language as the de-facto programming language of the web has made the language ecosystem advanced with a great number of userspace libraries and major companies working on efficient runtime systems. The core language, however, has numerous known difficulties caused by the initial design and persisted by the requirements for backwards-compatibility. In the last decade, a number of programming languages have chosen JavaScript as the compile target of the language. Type theory and its application, programming language type systems, is an essential area of study in the design of programming languages. Every high-level programming language features a type system that greatly influences the ways of designing and implementing programs in the language. This thesis examines a group of selected statically-typed programming languages that compile to JavaScript. The core topics of research in this thesis are the motivation for new JS-compiled languages, the type system design of the languages, and the future direction of the JavaScript ecosystem based on the current trends and parallels to other programming ecosystems. The results of the work include identifying several trends in type systems for the JS ecosystem and the web. These include unsound yet convenient partially inferred type systems for object-oriented and multi-paradigm programming and fully inferred extended Hindley-Milner type systems for primarily functional programming languages. Additionally, different options for the advancement of the programming ecosystem, including type annotations, inference of dynamically typed languages and new compile targets, are explored. Finally, based on the design choices of the languages researched, we provide several recommendations for safe and productive statically typed programming in the JavaScript ecosystem.JavaScript on laajalti käytetty ohjelmointikieli, jonka käyttö ulottuu web- ja mobiilisovelluksiin sekä palvelinohjelmistoon. Kielen asema web-kehityksen de-facto-ohjelmointikielenä on luonut sen ympärille laajan ohjelmistoekosysteemin, joka kattaa suuren määrän ohjelmistokirjastoja sekä tehokkaita ajoympäristöjä. Itse kieli aiheuttaa tästä huolimatta vaikeuksia alkuperäisten suunnitteluvirheiden ja vaaditun taaksepäinyhteensopivuuden vuoksi. Viimeisen vuosikymmenen aikana useampi ohjelmointikieli on alkanut käyttää JavaScriptia käännöskohteenaan. Tyyppiteoria ja sen sovellus, ohjelmointikielten tyyppijärjestelmät, on tärkeä tutkimusala liittyen ohjelmointikielten suunnitteluun. Tyyppijärjestelmä on osa jokaista korkean tason ohjelmoinikieltä ja vaikuttaa täten suuresti itse ohjelmointikielen muihin ominaisuuksiin ja käyttöön. Tämä tutkimus käsittelee joukkoa staattisesti tyypitettyjä ohjelmointikieliä, jotka kääntyvät JavaScript-koodiksi. Tutkimuksen ytimessä ovat uusien kielten kehityksen motiivit, kielten tyyppijärjestelmien suunnittelu ja ominaisuudet sekä JavaScript-ekosysteemin mahdolliset tulevaisuuden suunnat. Työn tuloksena tunnistamme useita trendejä tyyppijärjestelmien suunnittelussa JavaScript-ekosysteemiin. Näihin kuuluu käytännölliset, mutta teoriassa epäturvalliset tyyppijärjestelmät olio- ja moniparadigmaohjelmoinkieliin sekä funktionaalisten ohjelmointikielien Hindley-Milner-pohjaiset tyyppijärjestelmät, joissa muuttujien tyypit pystytään täysin päättelemään ilman ohjelman kirjoittajan annotaatioita. Lisäksi nostamme esiin useita tulevaisuuden suuntia, jotka voisivat viedä JS-ekosysteemiä eteenpäin. Näihin kuuluvat tyyppiannotaatiot, dynaamisten kielten tyyppi-inferenssi ja uudet käännöskohteet web-ekosysteemiin. Lopuksi annamme tutkimuksen perusteella suosituksia ominaisuuksista ja suunnitteluratkaisuista, jotka voisivat mahdollistaa tehokkaan ja turvallisen ohjelmistokehityksen JavaScript-ekosysteemissä tulevaisuudessa

Compile-time meta-programming in a dynamically typed OO language.

Compile-time meta-programming allows programs to be constructed by the user at compile-time. Although LISP derived languages have long had such facilities, few modern languages are capable of compile-time meta-programming, and of those that do many of the most powerful are statically typed functional languages. In this paper I present the dynamically typed object orientated language Converge which allows compile-time meta-programming in the spirit of Template Haskell. Converge demonstrates that integrating powerful, safe compile-time meta-programming features into a dynamic language requires few restrictions to the flexible development style facilitated by the paradigm. In this paper I detail Converge’s compile-time meta-programming facilities, much of which is adapted from Template Haskell, contain several features new to the paradigm. Finally I explain how such a facility might be integrated into similar languages

A Type System for Julia

The Julia programming language was designed to fill the needs of scientific computing by combining the benefits of productivity and performance languages. Julia allows users to write untyped scripts easily without needing to worry about many implementation details, as do other productivity languages. If one just wants to get the work done-regardless of how efficient or general the program might be, such a paradigm is ideal. Simultaneously, Julia also allows library developers to write efficient generic code that can run as fast as implementations in performance languages such as C or Fortran. This combination of user-facing ease and library developer-facing performance has proven quite attractive, and the language has increasing adoption. With adoption comes combinatorial challenges to correctness. Multiple dispatch -- Julia's key mechanism for abstraction -- allows many libraries to compose "out of the box." However, it creates bugs where one library's requirements do not match what another provides. Typing could address this at the cost of Julia's flexibility for scripting. I developed a "best of both worlds" solution: gradual typing for Julia. My system forms the core of a gradual type system for Julia, laying the foundation for improving the correctness of Julia programs while not getting in the way of script writers. My framework allows methods to be individually typed or untyped, allowing users to write untyped code that interacts with typed library code and vice versa. Typed methods then get a soundness guarantee that is robust in the presence of both dynamically typed code and dynamically generated definitions. I additionally describe protocols, a mechanism for typing abstraction over concrete implementation that accommodates one common pattern in Julia libraries, and describe its implementation into my typed Julia framework.Comment: PhD thesi

An Implementation of the Language Lambda Prolog Organized around Higher-Order Pattern Unification

This thesis concerns the implementation of Lambda Prolog, a higher-order logic programming language that supports the lambda-tree syntax approach to representing and manipulating formal syntactic objects. Lambda Prolog achieves its functionality by extending a Prolog-like language by using typed lambda terms as data structures that it then manipulates via higher-order unification and some new program-level abstraction mechanisms. These additional features raise new implementation questions that must be adequately addressed for Lambda Prolog to be an effective programming tool. We consider these questions here, providing eventually a virtual machine and compilation based realization. A key idea is the orientation of the computation model of Lambda Prolog around a restricted version of higher-order unification with nice algorithmic properties and appearing to encompass most interesting applications. Our virtual machine embeds a treatment of this form of unification within the structure of the Warren Abstract Machine that is used in traditional Prolog implementations. Along the way, we treat various auxiliary issues such as the low-level representation of lambda terms, the implementation of reduction on such terms and the optimized processing of types in computation. We also develop an actual implementation of Lambda Prolog called Teyjus Version 2. A characteristic of this system is that it realizes an emulator for the virtual machine in the C language a compiler in the OCaml language. We present a treatment of the software issues that arise from this kind of mixing of languages within one system and we discuss issues relevant to the portability of our virtual machine emulator across arbitrary architectures. Finally, we assess the the efficacy of our various design ideas through experiments carried out using the system

Preemptive type checking in dynamically typed programs

With the rise of languages such as JavaScript, dynamically typed languages have gained a strong foothold in the programming language landscape. These languages are very well suited for rapid prototyping and for use with agile programming methodologies. However, programmers would benefit from the ability to detect type errors in their code early, without imposing unnecessary restrictions on their programs.Here we describe a new type inference system that identifies potential type errors through a flow-sensitive static analysis. This analysis is invoked at a very late stage, after the compilation to bytecode and initialisation of the program. It computes for every expression the variable’s present (from the values that it has last been assigned) and future (with which it is used in the further program execution) types, respectively. Using this information, our mechanism inserts type checks at strategic points in the original program. We prove that these checks, inserted as early as possible, preempt type errors earlier than existing type systems. We further show that these checks do not change the semantics of programs that do not raise type errors.Preemptive type checking can be added to existing languages without the need to modify the existing runtime environment. We show this with an implementation for the Python language and demonstrate its effectiveness on a number of benchmarks