On the Power of Coercion Abstraction

International audienceErasable coercions in System F-eta, also known as retyping functions, are well-typed eta-expansions of the identity. They may change the type of terms without changing their behavior and can thus be erased before reduction. Coercions in F-eta can model subtyping of known types and some displacement of quantifiers, but not subtyping assumptions nor certain forms of delayed type instantiation. We generalize F-eta by allowing abstraction over retyping functions. We follow a general approach where computing with coercions can be seen as computing in the lambda-calculus but keeping track of which parts of terms are coercions. We obtain a language where coercions do not contribute to the reduction but may block it and are thus not erasable. We recover erasable coercions by choosing a weak reduction strategy and restricting coercion abstraction to value-forms or by restricting abstraction to coercions that are polymorphic in their domain or codomain. The latter variant subsumes F-eta, F-sub, and MLF in a unified framework

On the Power of Coercion Abstraction

Erasable coercions in System F-eta, also known as retyping functions, are well-typed eta-expansions of the identity. They may change the type of terms without changing their behavior and can thus be erased before reduction. Coercions in F-eta can model subtyping of known types and some displacement of quantifiers, but not subtyping assumptions nor certain forms of delayed type instantiation. We generalize F-eta by allowing abstraction over retyping functions. We follow a general approach where computing with coercions can be seen as computing in the lambda-calculus but keeping track of which parts of terms are coercions. We obtain a language where coercions do not contribute to the reduction but may block it and are thus not erasable. We recover erasable coercions by choosing a weak reduction strategy and restricting coercion abstraction to value-forms or by restricting abstraction to coercions that are polymorphic in their domain or codomain. The latter variant subsumes F-eta, F-sub, and MLF in a unified framework.Les coercions effaçables dans le Système F-eta, aussi connues sous le nom de fonctions de retypage, sont des eta-expansions de l'identité. Elles peuvent changer le type des termes sans en changer leur comportement et peuvent donc être effacées avant la réduction. Les coercions de F-eta peuvent modéliser le sous-typage entre types connus ou le déplacement de quantificateurs, mais elles ne permettent pas certaines formes d'instanciation retardée ni de raisonner sous des hypothèses de sous-typage. Nous généralisons F-eta en introduisant l'abstraction des fonctions de retypage. Nous suivons une approche générale où le calcul avec des coercions peut être vu comme une réduction dans le lambda-calcul gardant trace de la partie des termes qui sont des coercions. Nous obtenons un langage où les coercions ne contribuent pas au calcul, mais peuvent le bloquer et ne sont donc pas effaçables. Nous retrouvons des coercions effaçables en choisissant une stratégie de réduction faible et en restreignant l'abstraction de coercions aux valeurs ou bien en restreignant l'abstraction aux coercions qui sont polymorphes en leur domaine ou en leur codomaine. Cette seconde variante généralise F-eta, MLF et F-sub dans un cadre unifié

Matching Lenses: Alignment and View Update

Bidirectional programming languages have been proposed as a practical approach to the view update problem. Programs in these languages, often called lenses, can be read in two ways— from left to right as functions mapping sources to views, and from right to left as functions mapping updated views back to updated sources. Lenses address the view update problem by making it possible to define a view and its associated update policy together. One issue that has not received sufficient attention in the design of bidirectional languages is alignment. In general, to correctly propagate an update to a view, a lens needs to match up the pieces of the edited view with corresponding pieces of the underlying source. Unfortunately, existing bidirectional languages are extremely limited in their treatment of alignment—they only support simple strategies that do not suffice for many examples of practical interest. In this paper, we propose a novel framework of matching lenses that extends basic lenses with new mechanisms for calculating and using alignments. We enrich the types of lenses with “chunks” that identify the locations of data that should be re-aligned after updates, and we formulate refined behavioral laws that capture essential constraints on the handling of chunks. To demonstrate the utility of our approach, we develop a core language of matching lenses for string data, and we extend it with primitives for describing a number of useful alignment heuristics

Hybrid Post-Quantum Signatures in Hardware Security Keys

Recent advances in quantum computing are increasingly jeopardizing the security of cryptosystems currently in widespread use, such as RSA or elliptic-curve signatures. To address this threat, researchers and standardization institutes have accelerated the transition to quantum-resistant cryptosystems, collectively known as Post-Quantum Cryptography (PQC). These PQC schemes present new challenges due to their larger memory and computational footprints and their higher chance of latent vulnerabilities. In this work, we address these challenges by introducing a scheme to upgrade the digital signatures used by security keys to PQC. We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks. We experimentally show that our hybrid signature scheme can successfully execute on current security keys, even though secure PQC schemes are known to require substantial resources. We publish an open-source implementation of our scheme at https://github.com/google/OpenSK/releases/tag/hybrid-pqc so that other researchers can reproduce our results on a nRF52840 development kit

Injection of Pseudomonas aeruginosa Exo Toxins into Host Cells Can Be Modulated by Host Factors at the Level of Translocon Assembly and/or Activity

Pseudomonas aeruginosa type III secretion apparatus exports and translocates four exotoxins into the cytoplasm of the host cell. The translocation requires two hydrophobic bacterial proteins, PopB and PopD, that are found associated with host cell membranes following infection. In this work we examined the influence of host cell elements on exotoxin translocation efficiency. We developed a quantitative flow cytometry based assay of translocation that used protein fusions between either ExoS or ExoY and the ß-lactamase reporter enzyme. In parallel, association of translocon proteins with host plasma membranes was evaluated by immunodetection of PopB/D following sucrose gradient fractionation of membranes. A pro-myelocytic cell line (HL-60) and a pro-monocytic cell line (U937) were found resistant to toxin injection even though PopB/D associated with host cell plasma membranes. Differentiation of these cells to either macrophage- or neutrophil-like cell lines resulted in injection-sensitive phenotype without significantly changing the level of membrane-inserted translocon proteins. As previous in vitro studies have indicated that the lysis of liposomes by PopB and PopD requires both cholesterol and phosphatidyl-serine, we first examined the role of cholesterol in translocation efficiency. Treatment of sensitive HL-60 cells with methyl-ß-cyclodextrine, a cholesterol-depleting agent, resulted in a diminished injection of ExoS-Bla. Moreover, the PopB translocator was found in the membrane fraction, obtained from sucrose-gradient purifications, containing the lipid-raft marker flotillin. Examination of components of signalling pathways influencing the toxin injection was further assayed through a pharmacological approach. A systematic detection of translocon proteins within host membranes showed that, in addition to membrane composition, some general signalling pathways involved in actin polymerization may be critical for the formation of a functional pore. In conclusion, we provide new insights in regulation of translocation process and suggest possible cross-talks between eukaryotic cell and the pathogen at the level of exotoxin translocation

Coercions effaçables : une approche unifiée des systèmes de types

Functional programming languages, like OCaml or Haskell, rely on the lambda calculus for their core language. Although they have different reduction strategies and type system features, their proof of soundness and normalization (in the absence of recursion) should be factorizable. This thesis does such a factorization for theoretical type systems featuring recursive types, subtyping, bounded polymorphism, and constraint polymorphism. Interestingly, soundness and normalization for strong reduction imply soundness and normalization for all usual strategies. Our observation is that a generalization of existing coercions permits to describe all type system features stated above in an erasable and composable way. We illustrate this by proposing two concrete type systems: first, an explicit type system with a restricted form of coercion abstraction to express subtyping and bounded polymorphism; and an implicit type system with unrestricted coercion abstraction that generalizes the explicit type system with recursive types and constraint polymorphism---but without the subject reduction property. A side technical result is an adaptation of the step-indexed proof technique for type-soundness to calculi equipped with a strong notion of reduction.Les langages de programmation fonctionnels, comme OCaml ou Haskell, reposent sur le lambda calcul en tant que langage noyau. Bien qu'ils aient des stratégies de réduction et des caractéristiques de système de types différentes, leur preuve de correction et de normalisation (en l'absence de réduction) devrait être factorisable. Cette thèse établit une telle factorisation pour des systèmes de types théoriques présentant des types récursifs, du sous-typage, du polymorphisme borné et du polymorphisme contraint. Il est intéressant de remarquer que la correction et la normalisation en réduction forte, implique la correction et la normalisation pour toutes les stratégies usuelles. Notre travail montre qu'une généralisation des coercions actuelles permet de décrire toutes les caractéristiques de systèmes de types citées plus haut de manière effaçable et composable. Nous illustrons ceci en présentant deux systèmes de types concrets : tout d'abord, un système de types explicite avec une forme restreinte d'abstraction sur les coercions pour exprimer le sous-typage et le polymorphisme borné ; puis un système de types implicite sans restriction sur l'abstraction de coercions et qui étend le système explicite avec des types récursifs and du polymorphisme contraint --- mais sans le propriété de préservation du typage. Un résultat annexe est l'adaptation des techniques de step-indexing pour la correction à des calculs en réduction forte

Erasable coercions (a unified approach to type systems)

Les langages de programmation fonctionnels, comme OCaml ou Haskell, reposent sur le lambda calcul en tant que langage noyau. Bien qu'ils aient des stratégies de réduction et des caractéristiques de systèmes de types différentes, leur preuve de correction et de normalisation (en l'absence de réduction) devrait être factorisable. Cette thèse établit une telle factorisation pour des systèmes de types théoriques présentant des types récursifs, du sous-typage, du polymorphisme borné et du polymorphisme contraint. Il est intéressant de remarquer que la correction et la normalisation en réduction forte, implique la correction et la normalisation pour toutes les stratégies usuelles. Notre travail montre qu'une généralisation des coercions actuelles permet de décrire toutes les caractéristiques de systèmes de types citées plus haut de manière effaçable et composable. Nous illustrons ceci en présentant deux systèmes de types concrets : tout d'abord, un système de types explicite avec une forme restreinte d'abstraction sur les coercions pour exprimer le sous-typage et le polymorphisme borné ; puis un système de types implicite sans restriction sur l'abstraction de coercions et qui étend le système explicite avec des types récursifs du polymorphisme contraint - mais sans la propriété de préservation du typage. Un résultat annexe est l'adaptation des techniques de step-indexing pour la correction des calculs en réduction forte.Functional programming languages, like OCaml or Haskell, rely on the lambda calculus for their core language. Although they have different reduction strategies and type system features, their proof of soundness and normalization (in the absence of recursion) should be factorizable. This thesis does such a factorization for theoretical type systems featuring recursive types, subtyping, bounded polymorphism, and constraint polymorphism. Interestingly, soundness and normalization for strong reduction imply soundness and normalization for all usual strategies. Our observation is that a generalization of existing coercions permits to describe all type system features stated above in an erasable and composable way. We illustrate this by proposing two concrete type systems : first, an explicit type system with a restricted form of coercion abstraction to express subtyping and bounded polymorphismm ; and an implicit type system with unrestricted coercion abstraction that generalizes the explicit type system with recursive types and constraint polymorphism-but without the subject reduction property. A side technical result is an adaptation of the step-indexed proof technique for type-soundness to calculi equipped with a strong notion of reduction.PARIS7-Bibliothèque centrale (751132105) / SudocSudocFranceF

System F with Coercion Constraints

International audienceWe present a second-order λ-calculus with coercion constraints that generalizes a previous extension of System F with paramet-ric coercion abstractions by allowing multiple but simultaneous type and coercion abstractions, as well as recursive coercions and equi-recursive types. This enables a uniform presentation of several type system features that had previously been studied separately: type containment, bounded and instance-bounded polymorphism, which are already encodable with parametric coercion abstraction, and ML-style subtyping constraints. Our framework allows for a clear separation of language constructs with and without compu-tational content. We also distinguish coherent coercions that are fully erasable from potentially incoherent coercions that suspend the evaluation—and enable the encoding of GADTs. Technically, type coercions that witness subtyping relations be-tween types are replaced by a more expressive notion of typing co-ercions that witness subsumption relations between typings, e.g. pairs composed of a typing environment and a type. Our calcu-lus is equipped with full reduction that allows reduction under abstractions—but we also introduce a form of weak reduction as reduction cannot proceed under incoherent type abstractions. Type soundness is proved by adapting the step-indexed semantics tech-nique to full reduction, moving indices inside terms so as to control the reduction steps internally—but this is only detailed in the ex-tended version

From Amber to Coercion Constraints

International audienceSubtyping is a common tool in the design of type systems that finds itsroots in the eta-expansion of arrow types and the notion of typecontainment obtained by closing System Fby eta-expansion. Althoughstrongly related, subtyping and type containment still significantlydiffer from one another when put into practice. We introduce coercionconstraints to relate and generalize subtyping and type containment aswell as all variants of F-bounded quantification and instance-boundedquantification used for first-order type inference in the presence ofsecond-order types. We obtain a type system with a clearer separationbetween computational and erasable parts of terms