88 research outputs found
Graded Modal Types for Integrity and Confidentiality
Graded type systems, such as the one underlying the Granule programming
language, allow various different properties of a program's behaviour to be
tracked via annotating types with additional information, which we call grades.
One example of such a property, often used as a case study in prior work on
graded types, is information flow control, in which types are graded by a
lattice of security levels allowing noninterference properties to be
automatically verified and enforced. These typically focus on one particular
aspect of security, however, known as confidentiality; public outputs are
prohibited from depending on private inputs. Integrity, a property specifying
that trusted outputs must not depend on untrusted inputs, has not been examined
in this context.
This short paper aims to remedy this omission. It is well-known that
confidentiality and integrity are in some sense dual properties, but simply
reversing the ordering of the security lattice turns out to be unsatisfactory
for the purpose of combining both kinds of property in a single system, at
least in our setting. We analogize the situation to recent work on embedding
both linear and uniqueness types in a graded framework, and use this framing to
demonstrate that we can enforce both integrity and confidentiality alongside
one another. The main idea is to add an additional flavour of modality
annotated for integrity, such that the existing graded comonad for tracking
confidentiality now also acts as a relative monad over the new modality, with
rules allowing information to flow from trusted to public to private.Comment: 3 pages. Originally presented as a short paper at PLAS 202
Functional Ownership through Fractional Uniqueness
Ownership and borrowing systems, designed to enforce safe memory management
without the need for garbage collection, have been brought to the fore by the
Rust programming language. Rust also aims to bring some guarantees offered by
functional programming into the realm of performant systems code, but the type
system is largely separate from the ownership model, with type and borrow
checking happening in separate compilation phases. Recent models such as
RustBelt and Oxide aim to formalise Rust in depth, but there is less focus on
integrating the basic ideas into more traditional type systems. An approach
designed to expose an essential core for ownership and borrowing would open the
door for functional languages to borrow concepts found in Rust and other
ownership frameworks, so that more programmers can enjoy their benefits.
One strategy for managing memory in a functional setting is through
uniqueness types, but these offer a coarse-grained view: either a value has
exactly one reference, and can be mutated safely, or it cannot, since other
references may exist. Recent work demonstrates that linear and uniqueness types
can be combined in a single system to offer restrictions on program behaviour
and guarantees about memory usage. We develop this connection further, showing
that just as graded type systems like those of Granule and Idris generalise
linearity, Rust's ownership model arises as a graded generalisation of
uniqueness. We combine fractional permissions with grading to give the first
account of ownership and borrowing that smoothly integrates into a standard
type system alongside linearity and graded types, and extend Granule
accordingly with these ideas.Comment: 23 pages + references. In submissio
Evolving Fortran types with inferred units-of-measure
Dimensional analysis is a well known technique for checking the consistency of equations involv-
ing physical quantities, constituting a kind of type system. Various type systems for dimensional
analysis, and its re nement to units-of-measure, have been proposed. In this paper, we detail
the design and implementation of a units-of-measure system for Fortran, provided as a pre-
processor. Our system is designed to aid adding units to existing code base: units may be
polymorphic and can be inferred. Furthermore, we introduce a technique for reporting to the
user a set of critical variables which should be explicitly annotated with units to get the maxi-
mum amount of unit information with the minimal number of explicit declarations. This aids
adoption of our type system to existing code bases, of which there are many in computational
science projects.This work was supported in part by a Google Focussed Research Award and by EPSRC grant EP/K011715/1.This is the final version. It first appeared at http://www.sciencedirect.com/science/article/pii/S1877750315000563
The semantic marriage of monads and effects
Wadler and Thiemann unified type-and-effect systems with monadic semantics
via a syntactic correspondence and soundness results with respect to an
operational semantics. They conjecture that a general, "coherent" denotational
semantics can be given to unify effect systems with a monadic-style semantics.
We provide such a semantics based on the novel structure of an indexed monad,
which we introduce. We redefine the semantics of Moggi's computational
lambda-calculus in terms of (strong) indexed monads which gives a one-to-one
correspondence between indices of the denotations and the effect annotations of
traditional effect systems. Dually, this approach yields indexed comonads which
gives a unified semantics and effect system to contextual notions of effect
(called coeffects), which we have previously described
Communicating Actor Automata -- Modelling Erlang Processes as Communicating Machines
Brand and Zafiropulo's notion of Communicating Finite-State Machines (CFSMs)
provides a succinct and powerful model of message-passing concurrency, based
around channels. However, a major variant of message-passing concurrency is not
readily captured by CFSMs: the actor model. In this work, we define a variant
of CFSMs, called Communicating Actor Automata, to capture the actor model of
concurrency as provided by Erlang: with mailboxes, from which messages are
received according to repeated application of pattern matching. Furthermore,
this variant of CFSMs supports dynamic process topologies, capturing common
programming idioms in the context of actor-based message-passing concurrency.
This gives a new basis for modelling, specifying, and verifying Erlang
programs. We also consider a class of CAAs that give rise to freedom from race
conditions.Comment: In Proceedings PLACES 2023, arXiv:2304.0543
A Computational Science Agenda for Programming Language Research
Scientific models are often expressed as large and complicated programs. These programs embody numerous assumptions made by the developer (e.g., for differential equations, the discretization strategy and resolution). The complexity and pervasiveness of these assumptions means that often the only true description of the model is the software itself. This has led various researchers to call for scientists to publish their source code along with their papers. We argue that this is unlikely to be beneficial since it is almost impossible to separate implementation assumptions from the original scientific intent. Instead we advocate higher-level abstractions in programming languages, coupled with lightweight verification techniques such as specification and type systems. In this position paper, we suggest several novel techniques and outline an evolutionary approach to applying these to existing and future models. One-dimensional heat flow is used as an example throughout
Embedding effect systems in Haskell
Monads are now an everyday tool in functional programming for abstracting and delimiting effects. The link between monads and effect systems is well-known, but in their typical use, monads provide a much more coarse-grained view of effects. Effect systems capture fine-grained information about the effects, but monads provide only a binary view: effectful or pure.
Recent theoretical work has unified fine-grained effect systems with monads using a monad-like structure indexed by a monoid of effect annotations (called parametric effect monads). This aligns the power of monads with the power of effect systems.
This paper leverages recent advances in Haskell's type system (as provided by GHC) to embed this approach in Haskell, providing user-programmable effect systems. We explore a number of practical examples that make Haskell even better and safer for effectful programming. Along the way, we relate the examples to other concepts, such as Haskell's implicit parameters and coeffects
Resourceful program synthesis from graded linear types
Linear types provide a way to constrain programs by specifying that some values must be used exactly once. Recent work on graded modal types augments and refines this notion, enabling fine-grained, quantitative specification of data use in programs. The information provided by graded modal types appears to be useful for type-directed program synthesis, where these additional constraints can be used to prune the search space of candidate programs. We explore one of the major implementation challenges of a synthesis algorithm in this setting: how does the synthesis algorithm efficiently ensure that resource constraints are satisfied throughout program generation? We provide two solutions to this resource management problem, adapting Hodas and Miller’s input-output model of linear context management to a graded modal linear type theory. We evaluate the performance of both approaches via their implementation as a program synthesis tool for the programming language Granule, which provides linear and graded modal typing
- …