Command injection attacks, continuations, and the Lambek calculus

This paper shows connections between command injection attacks, continuations, and the Lambek calculus: certain command injections, such as the tautology attack on SQL, are shown to be a form of control effect that can be typed using the Lambek calculus, generalizing the double-negation typing of continuations. Lambek's syntactic calculus is a logic with two implicational connectives taking their arguments from the left and right, respectively. These connectives describe how strings interact with their left and right contexts when building up syntactic structures. The calculus is a form of propositional logic without structural rules, and so a forerunner of substructural logics like Linear Logic and Separation Logic.Comment: In Proceedings WoC 2015, arXiv:1606.0583

Categorical structure of continuation passing style

Laboratory for Foundations of Computer ScienceThis thesis attempts to make precise the structure inherent in Continuation Passing Style (CPS). We emphasize that CPS translates lambda-calculus into a very basic calculus that does not have functions as primitive. We give an abstract categorical presentation of continuation semantics by taking the continuation type constructor (cont in Standard ML of New Jersey) as primitive. This constructor on types extends to a contravariant functor on terms which is adjoint to itself on the left; restricted to the subcategory of those programs that do not manipulate the current continuation, it is adjoint to itself on the right. The motivating example of such a category is built from (equivalence classes of typing judgements for) continuation passing style (CPS) terms. The categorical approach suggests a notion of effect-free term as well as some operators for manipulating continuations. We use these for writing programs that illustrate our categorical approach and refute some conjectures about control effects. A call-by-value lambda-calculus with the control operator callcc can be interpreted. Arrow types are broken down into continuation types for argument/result-continuations pairs, reflecting the fact that CPS compiles functions into a special case of continuations. Variant translations are possible, among them lazy call-by-name, which can be derived by way of argument thunking, and a genuinely call-by-name transform. Specialising the semantics to the CPS term model allows a rational reconstruction of various CPS transforms

A Proposed Categorical Semantics for ML Modules

We present a simple categorical semantics for ML signatures, structures and functors. Our approach relies on realizablity semantics in the category of assemblies. Signatures and structures are modelled as objects in slices of the category of assemblies. Instantiation of signatures to structures and hence functor application is modelled by pullback. 1 Introduction Building on work on the semantics of programming languages in realizability models, in particular that of Wesley Phoa [Pho90] and John Longley [Lon95], we sketch a simple approach to elements of the ML modules system, such as signatures, structures and functors. Once the basic machinery is set up, we will need only quite basic category theory. This paper is an updated and completely revised version of an earlier paper by Michael Fourman and Wesley Phoa [PF92]. The construction of "generic" (in a sense to be defined below) elements and types presented here is essentially the same as in that paper. However, our presentation is ..

2015 Workshop on Continuations: pre-proceedings

This volume contains the papers presented at WoC 2015, the 2015 Workshopon Continuations held on April 12, 2015 in London, UK

Regular Expression Matching and Operational Semantics

Many programming languages and tools, ranging from grep to the Java String library, contain regular expression matchers. Rather than first translating a regular expression into a deterministic finite automaton, such implementations typically match the regular expression on the fly. Thus they can be seen as virtual machines interpreting the regular expression much as if it were a program with some non-deterministic constructs such as the Kleene star. We formalize this implementation technique for regular expression matching using operational semantics. Specifically, we derive a series of abstract machines, moving from the abstract definition of matching to increasingly realistic machines. First a continuation is added to the operational semantics to describe what remains to be matched after the current expression. Next, we represent the expression as a data structure using pointers, which enables redundant searches to be eliminated via testing for pointer equality. From there, we arrive both at Thompson's lockstep construction and a machine that performs some operations in parallel, suitable for implementation on a large number of cores, such as a GPU. We formalize the parallel machine using process algebra and report some preliminary experiments with an implementation on a graphics processor using CUDA.Comment: In Proceedings SOS 2011, arXiv:1108.279

Operational semantics for signal handling

Signals are a lightweight form of interprocess communication in Unix. When a process receives a signal, the control flow is interrupted and a previously installed signal handler is run. Signal handling is reminiscent both of exception handling and concurrent interleaving of processes. In this paper, we investigate different approaches to formalizing signal handling in operational semantics, and compare them in a series of examples. We find the big-step style of operational semantics to be well suited to modelling signal handling. We integrate exception handling with our big-step semantics of signal handling, by adopting the exception convention as defined in the Definition of Standard ML. The semantics needs to capture the complex interactions between signal handling and exception handling.Comment: In Proceedings EXPRESS/SOS 2012, arXiv:1208.244

Functional Semantics of Parsing Actions, and Left Recursion Elimination as Continuation Passing

Parsers, whether constructed by hand or automatically via a parser generator tool, typically need to compute some useful semantic information in addition to the purely syntactic analysis of their input. Semantic actions may be added to parsing code by hand, or the parser generator may have its own syntax for annotating grammar rules with semantic actions. In this paper, we take a functional programming view of such actions. We use concepts from the semantics of mostly functional programming languages and adapt them to give meaning to the actions of the parser. Specifically, the semantics is inspired by the categorical semantics of lambda calculi and the use of premonoidal categories for the semantics of effects in programming languages. This framework is then applied to our leading example, the transformation of grammars to eliminate left recursion. The syntactic transformation of left-recursion elimination leads to a corresponding semantic transformation of the actions for the grammar. We prove the semantic transformation correct and relate it to continuation passing style, a widely studied transformation in lambda calculi and functional programming