Strictness types: An inference algorithm and an application

This report deals with strictness types, a way of recording whether a function needs its argument(s) or not. We shall present an inference system for assigning strictness types to expressions and subsequently we transform this system into an algorithm capable of annotating expressions with strictness types. We give an example of a transformation which can be optimized by means of these annotations, and finally we prove the correctness of the optimized transformation – at the same time proving the correctness of the annotation. Everything has been implemented; documentation can be found in appendix

Partial Evaluation for Constraint-Based Program Analyses

We report on a case study in the application of partial evaluation, initiatedby the desire to speed up a constraint-based algorithm for control-flow analysis. We designed and implemented a dedicated partial evaluator,able to specialize the analysis wrt. a given constraint graph and thus remove the interpretive overhead, and measured it with Feeley's Schemebenchmarks. Even though the gain turned out to be rather limited, ourinvestigation yielded valuable feed back in that it provided a better understandingof the analysis, leading us to (re)invent an incremental version.We believe this phenomenon to be a quite frequent spinoff from using partial evaluation, since the removal of interpretive overhead makes the flowof control more explicit and hence pinpoints sources of inefficiency. Finally, we observed that partial evaluation in our case yields such regular,low-level specialized programs that it begs for run-time code generation

What Are Polymorphically-Typed Ambients?

Abstract: The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues of mobility and migrant code. We consider an Ambient Calculus where ambients transport and exchange programs rather that just inert data. We propose different senses in which such a calculus can be said to be polymorphically typed, and design accordingly a polymorphic type system for it. Our type system assigns types to embedded programs and what we call behaviors to processes; a denotational semantics of behaviors is then proposed, here called trace semantics, underlying much of the remaining analysis. We state and prove a Subject Reduction property for our polymorphically typed calculus. Based on techniques borrowed from finite automata theory, type-checking of fully type-annotated processes is shown to be decidable; the time complexity of our decision procedure is exponential (this is a worst-case in theory, arguably not encountered in practice). Our polymorphically-typed calculus is a conservative extension of the typed Ambient Calculus originally proposed by Cardelli and Gordon

Type and Behaviour Reconstruction for Higher-Order Concurrent Programs

In this paper we develop a sound and complete type and behaviour inference algorithm for a fragment of CML (Standard ML with primitives for concurrency). Behaviours resemble terms of a process algebra and yield a concise representation of the communications taking place during execution; types are mostly as usual except that function types and ``delayed communication types'' are labelled by behaviours expressing the communications that will take place if the function is applied or the delayed action is activated. The development of the present paper improves a previously published algorithm in achieving completeness as well as soundness; this is due to an alternative strategy for generalising over types and behaviours

Polymorphic Subtyping for Effect Analysis: The Integration

The integration of polymorphism (in style of the ML let-construct), subtyping, and effects (modelling assignment or communication) into one common type system has proved remarkably difficult. One line of research has succeeded in integrating polymorphism and subtyping; adding effects in a straightforward way results in a semantically unsound system. Another line of research has succeeded in integrating polymorphism, effects, and subeffecting; adding sybtyping in a straightforward way invalidaters the construction of the inference algorithm. This paper integrates all op polymorphism, effects, and sybtyping into an annotated type and effect system for Concurrent ML and shows that the resulting system is a conservative extension of the ML type system

Polymorphic Subtyping for Effect Analysis: The Semantics

We study an annotated type and effect system that integrates let-polymorphism, effects, and subtyping into an annotated type and effect system for a fragment of Concurrent ML. First a small step operational semantics is defined for concurrent ML and next the annotated type and effect system is proved semantically sound. This provides insights into the rule for generalisation in the annotated type and effect system

SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps

Mobile apps provide various critical services, such as banking, communication, and healthcare. To this end, they have access to our personal information and have the ability to perform actions on our behalf. Hence, securing mobile apps is crucial to ensuring the privacy and safety of its users. Recent research efforts have focused on developing solutions to secure mobile ecosystems (i.e., app platforms, apps, and app stores), specifically in the context of detecting vulnerabilities in Android apps. Despite this attention, known vulnerabilities are often found in mobile apps, which can be exploited by malicious apps to harm the user. Further, fixing vulnerabilities after developing an app has downsides in terms of time, resources, user inconvenience, and information loss. In an attempt to address this concern, we have developed SeMA, a mobile app development methodology that builds on existing mobile app design artifacts such as storyboards. With SeMA, security is a first-class citizen in an app's design -- app designers and developers can collaborate to specify and reason about the security properties of an app at an abstract level without being distracted by implementation level details. Our realization of SeMA using Android Studio tooling demonstrates the methodology is complementary to existing design and development practices. An evaluation of the effectiveness of SeMA shows the methodology can detect and help prevent 49 vulnerabilities known to occur in Android apps. Further, a usability study of the methodology involving ten real-world developers shows the methodology is likely to reduce the development time and help developers uncover and prevent known vulnerabilities while designing apps.Comment: Updates based on reviews MobileSoft, FSE, and Onward reviews. Added content about usability evaluation. Added formal syntax and semantics of the DSL and info flow analysi