3 research outputs found
Untangling Typechecking of Intersections and Unions
Intersection and union types denote conjunctions and disjunctions of
properties. Using bidirectional typechecking, intersection types are relatively
straightforward, but union types present challenges. For union types, we can
case-analyze a subterm of union type when it appears in evaluation position
(replacing the subterm with a variable, and checking that term twice under
appropriate assumptions). This technique preserves soundness in a call-by-value
semantics.
Sadly, there are so many choices of subterms that a direct implementation is
not practical. But carefully transforming programs into let-normal form
drastically reduces the number of choices. The key results are soundness and
completeness: a typing derivation (in the system with too many subterm choices)
exists for a program if and only if a derivation exists for the let-normalized
program.Comment: In Proceedings ITRS 2010, arXiv:1101.410
Trust, but Verify: Two-Phase Typing for Dynamic Languages
A key challenge when statically typing so-called dynamic languages is the
ubiquity of value-based overloading, where a given function can dynamically
reflect upon and behave according to the types of its arguments. Thus, to
establish basic types, the analysis must reason precisely about values, but in
the presence of higher-order functions and polymorphism, this reasoning itself
can require basic types. In this paper we address this chicken-and-egg problem
by introducing the framework of two-phased typing. The first "trust" phase
performs classical, i.e. flow-, path- and value-insensitive type checking to
assign basic types to various program expressions. When the check inevitably
runs into "errors" due to value-insensitivity, it wraps problematic expressions
with DEAD-casts, which explicate the trust obligations that must be discharged
by the second phase. The second phase uses refinement typing, a flow- and
path-sensitive analysis, that decorates the first phase's types with logical
predicates to track value relationships and thereby verify the casts and
establish other correctness properties for dynamically typed languages
Union, intersection, and refinement types and reasoning about type disjointness for security protocol analysis
In this thesis we present two new type systems for verifying the security of cryptographic protocol models expressed in a spi-calculus and, respectively, of protocol implementations expressed in a concurrent lambda calculus. In this thesis we present two new type systems for verifying the security of cryptographic protocol models expressed in a spi-calculus and, respectively, of protocol implementations expressed in a concurrent lambda calculus. The two type systems combine prior work on refinement types with union and intersection types and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of important protocol classes that were previously out of scope for the type-based analyses of cryptographic protocols. In particular, our type systems can statically analyze protocols that are based on zero-knowledge proofs, even in scenarios when certain protocol participants are compromised. The analysis is scalable and provides security proofs for an unbounded number of protocol executions. The two type systems come with mechanized proofs of correctness and efficient implementations.In dieser Arbeit werden zwei neue Typsysteme vorgestellt, mit denen die Sicherheit kryptographischer Protokolle, modelliert in einem spi-Kalkül, und Protokollimplementierungen, beschrieben in einem nebenläufigen Lambdakalkül, verifiziert werden kann. Die beiden Typsysteme verbinden vorausgehende Arbeiten zu Verfeinerungstypen mit disjunktiven und konjunktiven Typen, und ermöglichen außerdem, statisch zu folgern, dass zwei Typen disjunkt sind. Die Ausdrucksstärke der Systeme erlaubt die Analyse wichtiger Klassen von Protokollen, die bisher nicht durch typbasierte Protokollanalysen behandelt werden konnten. Insbesondere ist mit den vorgestellten Typsystemen auch die statische Analyse von Protokollen möglich, die auf Zero-Knowledge-Beweisen basieren, selbst unter der Annahme, dass einige Protokollteilnehmer korrumpiert sind. Die Analysetechnik skaliert und erlaubt Sicherheitsbeweise für eine unbeschränkte Anzahl von Protokollausführungen. Die beiden Typsysteme sind formal korrekt bewiesen und effizient implementiert