The use of monads to structure functional programs is described. Monads provide a convenient framework for simulating e ects found in other languages, such as global state, exception handling, output, or non-determinism. Three case studies are looked at in detail: how monads ease the modi cation of a simple evaluator; how monads act as the basis of a datatype of arrays subject to in-place update; and how monads can be used to build parsers.

Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. Weformulate Denning's approach as a type system and present a notion of soundness for the system that can be viewed as a form of noninterference. Soundness is established by proving, with respect to a standard programming language semantics, that all well-typed programs have this noninterference property.

Abstract not found

We present a simple extension of typed -calculus where functions can be overloaded by putting different "branches of code" together. When the function is applied, the branch to execute is chosen according to a particular selection rule which depends on the type of the argument. The crucial feature of the present approach is that the branch selection depends on the "run-time type" of the argument, which may differ from its compile-time type, because of the existence of a subtyping relation among types. Hence overloading cannot be eliminated by a static analysis of code, but is an essential feature to be dealt with during computation. We obtain in this way a type-dependent calculus, which differs from the various -calculi where types do not play any role during computation. We prove Confluence and a generalized Subject-Reduction theorem for this calculus. We prove Strong Normalization for a "stratified" subcalculus. The definition of this calculus is guided by the understand...

Abstract. This paper presents a type system which guarantees that well-typed programs in a procedural programming language satisfy a noninterference security property. With all program inputs and outputs classified at various security levels, the property basically states that a program output, classified at some level, can never change as a result of modifying only inputs classified at higher levels. Intuitively, this means the program does not “leak ” sensitive data. The property is similar to a notion introduced years ago by Goguen and Meseguer to model security in multi-level computer systems [7]. We also give an algorithm for inferring and simplifying principal types, which document the security requirements of programs. 1

We describe an extension of ML with records where inheritance is given by ML generic polymorphism. All common operations on records but concatenation are supported, in particular the free extension of records. Other operations such as renaming of fields are added. The solution relies on an extension of ML, where the language of types is sorted and considered modulo equations, and on a record extension of types. The solution is simple and modular and the type inference algorithm is efficient in practice.

representing the official policies, either expressed or implied, of the U.S. Government.

We show that standard formulations of intersection type systems are unsound in the presence of computational effects, and propose a solution similar to the value restriction for polymorphism adopted in the revised definition of Standard ML. It differs in that it is not tied to let-expressions and requires an additional weakening of the usual subtyping rules. We also present a bi-directional type-checking algorithm for the resulting language that does not require an excessive amount of type annotations and illustrate it through some examples. We further show that the type assignment system can be extended to incorporate parametric polymorphism. Taken together, we see our system and associated type-checking algorithm as a significant step towards the introduction of intersection types into realistic programming languages. The added expressive power would allow many more properties of programs to be stated by the programmer and statically verified by a compiler.

This paper gives an overview of intersection type assignment for the Lambda Calculus, as well as compare in detail variants that have been defined in the past. It presents the essential intersection type assignment system, that will prove to be as powerful as the well-known BCD-system. It is essential in the following sense: it is an almost syntax directed system that satisfies all major properties of the BCDsystem, and the types used are the representatives of equivalence classes of types in the BCD-system. The set of typeable terms can be characterized in the same way, the system is complete with respect to the simple type semantics, and it has the principal type property.

Type systems based on intersection types have been studied extensively in recent years, both as tools for the analysis of the pure -calculus and, more recently, as the basis for practical programming languages. The dual notion, union types, also appears to have practical interest. For example, by refining types ordinarily considered as atomic, union types allow a restricted form of abstract interpretation to be performed during typechecking. The addition of second-order polymorphic types further increases the power of the type system, allowing interesting variants of many common datatypes to be encoded in the "pure" fragment with no type or term constants. This report summarizes a preliminary investigation of the expressiveness of a programming language combining intersection types, union types, and polymorphism.