Existing languages provide good support for typeful programming of standalone programs. In a distributed system, however, there may be interaction between multiple instances of many distinct programs, sharing some (but not necessarily all) of their module structure, and with some instances rebuilt with new versions of certain modules as time goes on. In this paper we discuss programminglanguage support for such systems, focussing on their typing and naming issues. We describe an experimental language, Acute, which extends an ML core to support distributed development, deployment, and execution, allowing type-safe interaction between separately-built programs. The main features are: (1) type-safe marshalling of arbitrary values; (2) type names that are generated (freshly and by hashing) to ensure that type equality tests suffice to protect the invariants of abstract types, across the entire distributed system; (3) expression-level names generated to ensure that name equality tests suffice for type-safety of associated values, e.g. values carried on named channels; (4) controlled dynamic rebinding of marshalled values to local resources; and (5) thunkification of threads and mutexes to support computation mobility. These features are a large part of what is needed for typeful distributed programming. They are a relatively lightweight extension of ML, should be efficiently implementable, and are expressive enough to enable a wide variety of distributed infrastructure layers to be written as simple library code above the byte-string network and persistent store APIs. This disentangles the language runtime from communication intricacies. This paper highlights the main design choices in Acute. It is supported by a full language definition (of typing, compilation, and operational semantics), by a prototype implementation, and by example distribution libraries.

Dynamic linking supports flexible code deployment: partially linked code links further code on the fly, as needed; and thus, end-users receive updates automatically. On the down side, each program run may link different versions of the same code, possibly causing subtle errors which mystify end-users.

We present an operational semantics, type system, and a proof of type soundness for a substantial subset of Java. The subset includes interfaces, classes, inheritance, field hiding, method overloading and overriding, arrays with associated dynamic checks, and exception handling. We distinguish between normal execution, where no exception is thrown -- or, more precisely, any exception thrown is handled -- and abnormal execution, where an exception is thrown and not handled. The type system distinguishes normal types which describe the possible outcomes of normal execution, and abnormal types which describe the possible outcomes of abnormal execution. The type of a term consists of its normal type and its abnormal type. With this set-up we prove subject reduction. Thus, the meaning of our subject reduction theorem is stronger than usual: it guarantees that normal execution returns a value of a type compatible with the normal type of the term, and that abnormal execution throws an exception ...

. Modules and linking are usually formalized by encodings which use the -calculus, records (possibly dependent), and possibly some construct for recursion. In contrast, we introduce the m-calculus, a calculus where the primitive constructs are modules, linking, and the selection and hiding of module components. The m-calculus supports smooth encodings of software structuring tools such as functions (- calculus), records, objects (&-calculus), and mutually recursive definitions. The m-calculus can also express widely varying kinds of module systems as used in languages like C, Haskell, and ML. We prove the mcalculus is confluent, thereby showing that equational reasoning via the m-calculus is sensible and well behaved. 1 Introduction A long version of this paper [43] which contains full proofs, more details and explanations, and comparisons with more calculi (including the calculus of Ancona and Zucca [4]), is available at http://www.cee.hw.ac.uk/~jbw/papers/. 1.1 Support f...

Abstract. We present a module calculus for studying a simple model of link-time compilation. The calculus is stratified into a term calculus, a core module calculus, and a linking calculus. At each level, we show that the calculus enjoys a computational soundness property: iftwo terms are equivalent in the calculus, then they have the same outcome in a smallstep operational semantics. This implies that any module transformation justified by the calculus is meaning preserving. This result is interesting because recursive module bindings thwart confluence at two levels ofour calculus, and prohibit application ofthe traditional technique for showing computational soundness, which requires confluence. We introduce a new technique, based on properties we call lift and project, thatusesa weaker notion of confluence with respect to evaluation to establish computational soundness for our module calculus. We also introduce the weak distributivity property for a transformation T operating on modules D1 and D2 linked by ⊕: T (D1 ⊕ D2) =T (T (D1) ⊕ T (D2)). We argue that this property finds promising candidates for link-time optimizations. 1

We suggest a model for dynamic loading and linking as in Java. We distinguish five components in a Java implementation: evaluation, resolution, loading, verification, and preparation -- with their associated checks. We demonstrate how these five together guarantee type soundness.

. We describe ink& (pronounced "links"), a low-level calculus designed to serve as the basis for an intermediate representation in compilers for class-based object-oriented languages. The primitives in ink& can express a wide range of class-based object-oriented language features, including various forms of inheritance, method override, and method dispatch. In particular, ink& can model the object-oriented features of MOBY, OCAML, and LOOM, where subclasses may be derived from unknown base classes. ink& can also serve as the intermediate representation for more conventional class mechanisms, such as JAVA's. In this paper, we formally describe ink& , give examples of its use, and discuss how standard compiler transformations can be used to optimize programs in the ink& representation. 1 Introduction Class-based object-oriented languages provide mechanisms for factoring code into a hierarchy of classes. For example, the implementation of a text window may be split into a base ...

ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept, ACM Inc., 1515 Broadway, New York, NY 10036 USA, fax +1 (212) 869-0481, or permissions@acm.org. 2 \Delta Philip W. L. Fong and Robert D. Cameron (1) Interleaved logic. Sun's implementation interleaves bytecode verification and loading. Java programs are composed of classes, each being loaded into the JVM separately. In the middle of verifying a class X, a new class Y may need to be loaded in order to provide enough information for the verification of X to proceed. For example, in order for the verifier to make sure that a method may throw an "ArithmeticException", it must check whether "ArithmeticException" is a subclass of the class "Throwable". As a result, the loader has to be invoked to bring in "ArithmeticException" ...

Dynamic linking, as in Java and C#, allows users to execute the most recent versions of software without re-compilation or re-linking. Dynamic linking is guided by type names stored in the bytecode.

Modules and linking are usually formalized by encodings which use the lambda calculus, records (possibly dependent), and possibly some construct for recursion. In contrast, we present the m-calculus, a calculus where the primitive constructs are modules, linking, and the selection and hiding of module components. In addition to supporting equational reasoning about modules and linking, the m-calculus allows smooth encodings of software structuring tools such as the lambda calculus, mutually recursive definitions, records (including operations like extension and concatenation), and objects. The m-calculus is extremely well behaved --- we show not only that the m-calculus is confluent but also that it satisfies the strong finite developments property.