Results 1  10
of
18
Typed Memory Management in a Calculus of Capabilities
, 2000
"... Regionbased memory management is an alternative to standard tracing garbage collection that makes potentially dangerous operations such as memory deallocation explicit but verifiably safe. In this article, we present a new compiler intermediate language, called the Capability Calculus, that supp ..."
Abstract

Cited by 194 (23 self)
 Add to MetaCart
Regionbased memory management is an alternative to standard tracing garbage collection that makes potentially dangerous operations such as memory deallocation explicit but verifiably safe. In this article, we present a new compiler intermediate language, called the Capability Calculus, that supports regionbased memory management and enjoys a provably safe type system. Unlike previous regionbased type systems, region lifetimes need not be lexically scoped and yet the language may be checked for safety without complex analyses. Therefore, our type system may be deployed in settings such as extensible operating systems where both the performance and safety of untrusted code is important.
Typed Memory Management via Static Capabilities
 ACM Transactions on Programming Languages and Systems
, 2000
"... Machine We have described the type constructor language of CL and the typing rules for the main termlevel constructs. In fact, the previous section contains all of the ACM Transactions on Programming Languages and Systems, Vol. TBD, No. TDB, Month Year. 20 D. Walker, K. Crary, and G. Morriset ..."
Abstract

Cited by 53 (5 self)
 Add to MetaCart
Machine We have described the type constructor language of CL and the typing rules for the main termlevel constructs. In fact, the previous section contains all of the ACM Transactions on Programming Languages and Systems, Vol. TBD, No. TDB, Month Year. 20 D. Walker, K. Crary, and G. Morrisett #; #;# # h at r : # # # # f : Type #; ## # ; #{f :# f , x 1 :# 1 , . . . , xn :# n}; C # e # # f = #[# # ].(C, # 1 , . . . , #n ) # 0 at r f, x 1 , . . . , xn ## Dom(#) # #; #;# # fix f[# # ](C, x 1 :# 1 , . . . , xn :# n ).e at r : # f (hfix) #; #;# # v i : # i (for 1 # i # n) # # r : Rgn #; #;# # #v 1 , . . . , vn # at r : ## 1 , . . . , #n # at r (htuple) #; #;# # h at r : # # # # # # = # : Type #; #;# # h at r : # (heq) #; #;# # v : # #; #;# # x : # (#(x) = #) (vvar) #; #;# # i : int (vint) #; #;# # v : #[#:#, # # ].(C, # 1 , . . . , #n ) # 0 at r # # c : # #; #;# # v[c] : (#[# # ].(C, # 1 , . . . , #n ) # 0)[c/#] at r (vtype) #; #;# # v : #[# # C ## , # # ].(C # , # 1 , . . . , #n ) # 0 at r # # C # C ## #; #;# # v[C] : (#[# # ].(C # , # 1 , . . . , #n ) # 0)[C/#] at r (vsub) #; #;# # v : # # # # # # = # : Type #; #;# # v : # (veq) Fig. 6. Capability static semantics: Heap and word values. information programmers or compilers require to write typesafe programs in CL. However, in order to prove a type soundness result in the style of Wright and Felleisen [Wright and Felleisen 1994], we must be able to type check programs at every step during their evaluation. In this section, we give the static semantics of the runtime values that are not normally manipulated by programmers, but are nevertheless necessary to prove our soundness result. At first, the formal definition ...
On Bunched Typing
, 2002
"... We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched typing and its logical counterpart, bunched implications, have arisen in joint work of the author and David Pym. The present paper gives a basic account of the type system, and then focusses on concrete models that illustrate how it may be understood in terms of resource access and sharing. The most
Isolating Side Effects in Sequential Languages
 In Proceedings of the 22nd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL’95
, 1995
"... It is well known that adding side effects to functional languages changes the operational equivalences of the language. We develop a new language construct, encap, that forces imperative pieces of code to behave purely functionally, i.e., without any visible side effects. The coercion operator enca ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
It is well known that adding side effects to functional languages changes the operational equivalences of the language. We develop a new language construct, encap, that forces imperative pieces of code to behave purely functionally, i.e., without any visible side effects. The coercion operator encap provides a means of extending the simple reasoning principles for equivalences of code in a functional language to a language with side effects. In earlier work [36], similar coercion operators were developed, but their correctness required the underlying functional language to include parallel operations. The coercion operators developed here are simpler and are proven correct for purely sequential languages. The sequential setting requires the construction of fully abstract models for sequential callbyvalue languages and the formulation of a weak form of "monad" suitable for expressing the semantics of callbyvalue languages with side effects. 1 Introduction Two pieces of code are...
Standard ML Weak Polymorphism Can Be Sound
 SUBMITTED TO JFP
, 1993
"... Adding MLstyle references to a HindleyMilner polymorphic type system is troublesome because such a system is unsound with naive polymorphic generalization of reference types. Tofte [12] introduced a distinction between imperative and applicative type variables, such that applicative type variable ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Adding MLstyle references to a HindleyMilner polymorphic type system is troublesome because such a system is unsound with naive polymorphic generalization of reference types. Tofte [12] introduced a distinction between imperative and applicative type variables, such that applicative type variables are never in reference types, that provides a simple static analysis of which type variables may be polymorphically generalized. MacQueen's [7] weak type variables generalize imperative type variables with a counter called a strength. The finer distinction allows a more accurate analysis of when a reference may be created, and thus which type variables may be generalized. Unfortunately, weak polymorphism has been presented only as part of the implementation of the SML/NJ compiler, not as a formal type system. As a result, it is not well understood, as its more subtle points are not well known. Furthermore, while versions of the implementation have repeatedly been shown un...
Functional Inplace Update with Layered Datatype Sharing
"... Hofmann’s LFPL is a functional language with constructs which can be interpreted as referring to heap locations. In this view, the language is suitable for expressing and verifying inplace update algorithms. Correctness of this semantics is achieved by a linear typing. We introduce a nonlinear typ ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Hofmann’s LFPL is a functional language with constructs which can be interpreted as referring to heap locations. In this view, the language is suitable for expressing and verifying inplace update algorithms. Correctness of this semantics is achieved by a linear typing. We introduce a nonlinear typing of firstorder LFPL programs which is more permissive than the recent effectbased typing of Aspinall and Hofmann. The system efficiently infers separation assertions as well as destruction and reuse effects for individual layers of recursivetype values. Thus it is suitable for inplace update algorithms with complicated data aliasing.
A New Presentation of the Intersection Type Discipline Through Principal Typings of Normal Forms
, 1996
"... We introduce an intersection type system which is a restriction of the intersection type discipline. This restriction leads to a principal type property for normal forms in the classical sense, while retaining the expressivity of the classical discipline. We characterize the structure of principal ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We introduce an intersection type system which is a restriction of the intersection type discipline. This restriction leads to a principal type property for normal forms in the classical sense, while retaining the expressivity of the classical discipline. We characterize the structure of principal types of normal forms and give an algorithm that reconstructs normal forms from types. Having shown the equivalence between principal types and normal forms, we define an expansion operation on types which allows us to recover all possible types for any normalizable term. The contribution of this work is a new and simpler presentation of the intersection type discipline through a purely syntactic and completely characterized notion of principal types.
Abstract Models of Storage
, 2000
"... This note is a historical survey of Christopher Strachey's influence on the development of semantic models of assignment and storage management in procedural languages. ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
This note is a historical survey of Christopher Strachey's influence on the development of semantic models of assignment and storage management in procedural languages.
Enforcing Resource Usage Protocols via Scoped Methods
 In Int. Workshop on Foundations of ObjectOriented Languages
, 2003
"... Traditional modularity mechanisms such as Java's classes and packages or ML's structures and functors restrict the set of functions that may be applied to an object, but are unable to restrict the timing of these function applications e#ectively. We propose a new language construct, the scoped metho ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Traditional modularity mechanisms such as Java's classes and packages or ML's structures and functors restrict the set of functions that may be applied to an object, but are unable to restrict the timing of these function applications e#ectively. We propose a new language construct, the scoped method, which allows the implementer of a class to specify a temporal resource usage protocol. This protocol limits the sequence of methods that may be applied to an object. For example, a protocol for file access might specify that the file must be opened, read or written some number of times, and then closed. We present a typebased analysis to enforce the protocol and prove its correctness.
A Decision Procedure for the Subtype Relation on Intersection Types with Bounded Variables
, 1989
"... We introduce an extension of the intersection type discipline in which types may contain variables with upper and lower bounds, present an algorithm for deciding the subtype relation in the extended system, and prove that the algorithm is correct. This work was supported in part by the Office of Nav ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
We introduce an extension of the intersection type discipline in which types may contain variables with upper and lower bounds, present an algorithm for deciding the subtype relation in the extended system, and prove that the algorithm is correct. This work was supported in part by the Office of Naval Research and the Defense Advanced Research Projects Agency (DOD) under contract number N0001484K0415. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of DARPA or the U.S. Government. 1 INTRODUCTION 1 1 Introduction The intersection type discipline [?] is a simple, yet powerful language for describing the behavior of programs. Beyond its intrinsic theoretical interest [?, ?], it appears to be an attractive foundation for the type systems of practical programming languages [?, ?]. Although the usual formulations do not allow quantification over typesthere ...