Type Classes for Lightweight Substructural Types

Linear and substructural types are powerful tools, but adding them to standard functional programming languages often means introducing extra annotations and typing machinery. We propose a lightweight substructural type system design that recasts the structural rules of weakening and contraction as type classes; we demonstrate this design in a prototype language, Clamp. Clamp supports polymorphic substructural types as well as an expressive system of mutable references. At the same time, it adds little additional overhead to a standard Damas-Hindley-Milner type system enriched with type classes. We have established type safety for the core model and implemented a type checker with type inference in Haskell.Comment: In Proceedings LINEARITY 2014, arXiv:1502.0441

Multi-Objective Water Management in Idaho\u27s Henrys Fork Watershed: Leveraging Reservoir Operation and Groundwater Pathways to Benefit Aquatic Habitat

Multi-user water management is a challenging arena further complicated by climate change. This research is based in the Henrys Fork, Snake River, Idaho—an agricultural watershed that exemplifies those throughout the semi-arid American West. This dissertation uses an integrated approach that considers groundwater-river relationships, farm-scale decisions and basin-scale outcomes, upstream reservoir operation for downstream aquatic habitat, water rights, and collaborative stakeholder management to identify drought adaptation strategies accordingly. Chapter 2 uses an interdisciplinary approach to quantify how improvements to irrigation efficiency at the farm-scale (i.e., converting from flood to sprinkler irrigation) can add up to affect hydrology at the landscape-scale and alter groundwater-surface water relationships. Motivated to improve economic efficiency, irrigators began converting from surface to center-pivot sprinkler irrigation in the 1950s, with rapid adoption of center-pivot sprinklers through 2000. Between 1978–2000 and 2001–2022, annual surface-water diversion decreased by 2,521 acre-ft (23%) and annual return flow to the river decreased by 2,431 acre-ft. Chapter 3 uses streamflow predictions, local reservoir operation standards, and the relationship between groundwater and river flows to quantify 1) the potential to conduct aquifer recharge in the lower watershed under a warming climate and 2) resulting streamflow response from groundwater. Water for recharge was largely available in April and October, reducing peak springtime streamflow at the watershed outlet by 10–14% after accounting for groundwater return. Streamflow contribution from recharge peaked in July and November, increasing July–August streamflow by 6–14% and November–March streamflow by 9–14%. I demonstrate recharge can recover groundwater return flows when applied as flood irrigation on agricultural land with senior water rights. Chapter 4 developed relationships between streamflow and habitat for three fish species in a reach where irrigation-season flows are managed by releases from an upstream reservoir. I used these relationships to 1) quantify aquatic habitat at different streamflows and 2) assess the differences in aquatic habitat across two different streamflow management histories. Using these relationships, I demonstrated that moving the management target\u27s location and flow amount will contribute to more consistently suitable fish habitat in the reach while continuing to meet upstream management objectives

Type-safe Linking and Modular Assembly Language

Linking is a low-level task that is usually vaguely specified, if at all, by language definitions. However, the security of web browsers and other extensible systems depends crucially upon a set of checks that must be performed at link time. Building upon the simple, but elegant ideas of Cardelli, and module constructs from high-level languages, we present a formal model of typed object files and a set of inference rules that are sufficient to guarantee that type safety is preserved by the linking process. Whereas Cardelli's link calculus is built on top of the simply-typed lambda calculus, our object files are based upon typed assembly language so that we may model important low-level implementation issues. Furthermore, unlike Cardelli, we provide support for abstract types and higher-order type constructors - features critical for building extensible systems or modern programming languages such as ML.Engineering and Applied Science

Comparing Mostly-copying and Mark-sweep Conservative Collection

Many high-level language compilers generate C code and then invoke a C compiler for code generation. To date, most, of these compilers link the resulting code against a conservative mark-sweep garbage collector in order to reclaim unused memory. We introduce a new collector, MCC, based on an extension of mostly-copying collection.We analyze the various design decisions made in MCC and provide a performance comparison to the most widely used conservative mark-sweep collector (the Boehm-Demers-Weiser collector). Our results show that a good mostly-copying collector can outperform a mature highly-optimized mark-sweep collector when physical memory is large relative to the live data. A surprising result of our analysis is that cache behavior can have a greater impact on overall performance than either collector time or allocation time.Engineering and Applied Science

TWAM: A Certifying Abstract Machine for Logic Programs

Type-preserving (or typed) compilation uses typing derivations to certify correctness properties of compilation. We have designed and implemented a type-preserving compiler for a simply-typed dialect of Prolog we call T-Prolog. The crux of our approach is a new certifying abstract machine which we call the Typed Warren Abstract Machine (TWAM). The TWAM has a dependent type system strong enough to specify the semantics of a logic program in the logical framework LF. We present a soundness metatheorem which constitutes a partial correctness guarantee: well-typed programs implement the logic program specified by their type. This metatheorem justifies our design and implementation of a certifying compiler from T-Prolog to TWAM.Comment: 41 pages, under submission to ACM Transactions on Computational Logi

Typed Closure Conversion

Closure conversion is a program transformation used by compilers to separate code from data. Previous accounts of closure conversion use only untyped target languages. Recent studies show that translating to typed target languages is a useful methodology for building compilers, because a compiler can use the types to implement efficient data representations, calling conventions, and tag-free garbage collection. Furthermore, type-based translations facilitate security and debugging through automatic type checking, as well as correctness arguments through the method of logical relations. We present closure conversion as a type-directed, and type preserving translation for both the simply-typed and the polymorphic λ--calculus. Our translations are based on a simple "closures as objects" principle: higher-order functions are viewed as objects consisting of a single method (the code) and a single instance variable (the environment). In the simply-typed case, the Pierce-Turner model of object typing where objects are packages of existential type suffices. In the polymorphic case, more careful tracking of type sharing is required. We exploit a variant of the Harper-Lillibridge "translucent type" formalism to characterize the types of polymorphic closures.Engineering and Applied Science

Mechanized Verification with Sharing

We consider software verification of imperative programs by theorem proving in higher-order separation logic. Separation logic is quite effective for reasoning about tree-like data structures, but less so for data structures with more complex sharing patterns. This problem is compounded by some higher-order patterns, such as stateful iterators and visitors, where multiple clients need to share references into a data structure. We show how both styles of sharing can be achieved without sacrificing abstraction using mechanized reasoning about fractional permissions in Hoare Type Theory.Engineering and Applied Science

Robusta: Taming the Native Beast of the JVM

Java applications often need to incorporate native-code components for efficiency and for reusing legacy code. However, it is well known that the use of native code defeats Java's security model. We describe the design and implementation of Robusta, a complete framework that provides safety and security to native code in Java applications. Starting from software-based fault isolation (SFI), Robusta isolates native code into a sandbox where dynamic linking/loading of libraries is supported and unsafe system modification and confidentiality violations are prevented. It also mediates native system calls according to a security policy by connecting to Java's security manager. Our prototype implementation of Robusta is based on Native Client and OpenJDK. Experiments in this prototype demonstrate Robusta is effective and efficient, with modest runtime overhead on a set of JNI benchmark programs. Robusta can be used to sandbox native libraries used in Java's system classes to prevent attackers from exploiting bugs in the libraries. It can also enable trustworthy execution of mobile Java programs with native libraries. The design of Robusta should also be applicable when other type-safe languages (e.g., C#, Python) want to ensure safe interoperation with native libraries.Engineering and Applied Science