We present a simple method for normalizing the control-flow of programs to facilitate program transformations, program analysis, and automatic parallelization. While previous methods result in programs whose control flowgraphs are reducible, programs normalized by this technique satisfy a stronger condition than reducibility and are therefore simpler in their syntax and structure than with previous methods. In particular, all control-flow cycles are normalized into single-entry, single-exit while loops, and all goto's are eliminated. Furthermore, the method avoids problems of code replication that are characteristic of node-splitting techniques. This restructuring obviates the control dependence graph, since afterwards control dependence relations are manifest in the syntax tree of the program. In this paper we present transformations that effect this normalization, and study the complexity of the method. Index Terms: Continuations, control-flow, elimination algorithms, normalization,...

Denotational semantics [Sch86] is a powerful framework for describing programming languages; however, its descriptions lack modularity: conceptually independent language features influence each others' semantics. We address this problem by presenting a theory of modular denotational semantics. Following Mosses [Mos92], we divide a semantics into two parts, a computation ADT and a language ADT (abstract data type). The computation ADT represents the basic semantic structure of the language. The language ADT represents the actual language constructs, as described by a grammar. We define the language ADT using the computation ADT; in fact, language constructs are polymorphic over many different computation ADTs. Following Moggi [Mog89a], we build the computation ADT from composable parts, using monads and monad transformers. These techniques allow us to build many different computation ADTs, and, since our language constructs are polymorphic, many different language semantics. We autom...

We investigate call-by-value continuation-passing style transforms that pass two continuations. Altering a single variable in the translation of #-abstraction gives rise to di#erent control operators: first-class continuations; dynamic control; and (depending on a further choice of a variable) either the return statement of C; or Landin's J-operator. In each case there is an associated simple typing. For those constructs that allow upward continuations, the typing is classical, for the others it remains intuitionistic, giving a clean distinction independent of syntactic details. Moreover, those constructs that make the typing classical in the source of the CPS transform break the linearity of continuation use in the target.

Introspection or the ability to observe one's own behavior is one of the most powerful capabilities of human intelligence; it is the basis for understanding and improvement of one's behavior and of human progress. Similarly, introspective computer systems, introduced in this thesis, examine, reason about, and change their own behavior in powerful new ways. Because the complexity of computers is rapidly increasing, yet is restricted by limited human resources, the most attractive quality of introspective computers is their ability to manage this growing complexity themselves. Self-managing computer systems would greatly expand the rational power and complexity of computer systems that can be successfully built. The main difficulty in constructing introspective computer systems is enabling the system to obtain a description of its complete behavior in a dynamic and unobtrusive way. This thesis proposes the partition of the system into two threads of control. The first thread performs the...

. In this paper, we present a new logic for specifying the behaviour of multi-agent systems. In this logic, agents are viewed as BDI systems, in that their state is characterised in terms of beliefs, desires, and intentions: the semantics of the BDI component of the logic are based on the well-known system of Rao and Georgeff. In addition, agents have available to them a library of plans, representing their `know-how': procedural knowledge about how to achieve their intentions. These plans are, in effect, programs, that specify how a group of agents can work in parallel to achieve certain ends. The logic provides a rich set of constructs for describing the structure and execution of plans. Some properties of the logic are investigated, (in particular, those relating to plans), and some comments on future work are presented. 1 Introduction There is currently much international interest in computer systems that go under the banner of intelligent agents [16]. Crudely, an intel...

Data flow analysis is a process for collecting run-time information about data in programs without actually executing them. In this paper, we focus at the use of data flow analysis to support program understanding and reverse engineering. Data flow analysis is beneficial for these applications since the information obtained can be used to compute relationships between data objects in programs. These relations play a key role, for example, in the determination of the logical components of a system and their interaction. The general support of program understanding and reverse engineering requires the ability to analyse a variety of source languages and the ability to combine the results of analysing multiple languages. We present a flexible and generic software architecture for describing and performing language-independent data flow analysis which allows such transparent multi-language analysis. All components of this architecture were formally specified. 1 Introduction Data flow anal...

ion Language 19 4.1 Data types : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 19 4.2 Language structure : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 20 4.2.1 Procedures : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 20 4.3 Language features : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 20 4.3.1 Elementary constructs : : : : : : : : : : : : : : : : : : : : : : : : : : : 21 4.3.2 Control constructs : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 23 4.4 Language definitions : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 24 4.4.1 Dhal : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 25 4.4.2 sDhal : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 25 4.4.3 pDhal : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 25 5 Control Flow Normalization 27 5.1 Motivation : : : : : : : : : : : : : : : : : : : : : : : : ...

This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematical model of shared-state concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unix-like system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higher-order, typed functional language, the resulting system models may be directly realized within a language such as Haskell. 1

Interactive, modular, and object-oriented programming are three important programming paradigms. Interactive programming encourages experimental programming and fast prototyping and is most valuable for solving problems that are not well understood. Modular programming is indispensable for large-scale program development and is also useful for smaller programs. Object-oriented programming features classes, objects, and inheritance and is suitable for many real world applications. This dissertation describes an approach of merging interactive, modular, and object-oriented programming by presenting the definition, design, and implementation of the imp language, the IMP system, and the IMOOP system. The primary benefit of merging these three paradigms is that the programmer can use either paradigm where appropriate. In order to merge interactive and modular programming, the programmer must be allowed to modify variable bindings and module interfaces during program development. Furthermor...

Abstract. Language-based approaches to security typically use static type systems to control information flow, relying on type inference to distinguish secure programs from insecure ones. This paper advocates a novel approach to language-based security: by structuring software with monads (a form of abstract data type for effects), we are able to maintain separation of effects by construction. The thesis of this work is that well-understood properties of monads and monad transformers aid in the construction and verification of secure software. We introduce a formulation of non-interference based on monads (rather than the typical trace-based formulation). Using this formulation, we prove a noninterference style property for a simple instance of our abstract system model. Because monads may be easily and safely represented within any higher-order, typed functional language, monadic event systems may be directly realized within such a language. 1