Results 1 - 10
of
340
Language-Based Information-Flow Security
- IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS
, 2003
"... Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."
Abstract
-
Cited by 821 (57 self)
- Add to MetaCart
Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.
Dynamically discovering likely program invariants to support program evolution
- IEEE Transactions on Software Engineering (TSE
, 2001
"... ..."
Extended Static Checking for Java
, 2002
"... Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-time program checker that finds common programming ..."
Abstract
-
Cited by 632 (22 self)
- Add to MetaCart
(Show Context)
Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-time program checker that finds common programming errors. The checker is powered by verification-condition generation and automatic theoremproving techniques. It provides programmers with a simple annotation language with which programmer design decisions can be expressed formally. ESC/Java examines the annotated software and warns of inconsistencies between the design decisions recorded in the annotations and the actual code, and also warns of potential runtime errors in the code. This paper gives an overview of the checker architecture and annotation language and describes our experience applying the checker to tens of thousands of lines of Java programs.
Towards a practical programming language based on dependent type theory
, 2007
"... ..."
(Show Context)
Region-Based Memory Management in Cyclone
- IN PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION (PLDI'02)
, 2002
"... Cyclone is a type-safe programming language derived from C. The primary design goal of Cyclone is to let programmers control data representation and memory management without sacrificing type-safety. In this paper, we focus on the region-based memory management of Cyclone and its static typing disci ..."
Abstract
-
Cited by 198 (14 self)
- Add to MetaCart
(Show Context)
Cyclone is a type-safe programming language derived from C. The primary design goal of Cyclone is to let programmers control data representation and memory management without sacrificing type-safety. In this paper, we focus on the region-based memory management of Cyclone and its static typing discipline. The design incorporates several advancements, including support for region subtyping and a coherent integration with stack allocation and a garbage collector. To support separate compilation, Cyclone requires programmers to write some explicit region annotations, but a combination of default annotations, local type inference, and a novel treatment of region e#ects reduces this burden. As a result, we integrate C idioms in a region-based framework. In our experience, porting legacy C to Cyclone has required altering about 8% of the code; of the changes, only 6% (of the 8%) were region annotations.
Simple unification-based type inference for GADTs
, 2006
"... Generalized algebraic data types (GADTs), sometimes known as “guarded recursive data types ” or “first-class phantom types”, are a simple but powerful generalization of the data types of Haskell and ML. Recent works have given compelling examples of the utility of GADTs, although type inference is k ..."
Abstract
-
Cited by 194 (38 self)
- Add to MetaCart
(Show Context)
Generalized algebraic data types (GADTs), sometimes known as “guarded recursive data types ” or “first-class phantom types”, are a simple but powerful generalization of the data types of Haskell and ML. Recent works have given compelling examples of the utility of GADTs, although type inference is known to be difficult. Our contribution is to show how to exploit programmer-supplied type annotations to make the type inference task almost embarrassingly easy. Our main technical innovation is wobbly types, which express in a declarative way the uncertainty caused by the incremental nature of typical type-inference algorithms.
TALx86: A Realistic Typed Assembly Language
- In Second Workshop on Compiler Support for System Software
, 1999
"... The goal of typed assembly language (TAL) is to provide a low-level, statically typed target language that is better suited than Java bytecodes for supporting a wide variety of source languages and a number of important optimizations. In previous work, we formalized idealized versions of TAL and pro ..."
Abstract
-
Cited by 173 (42 self)
- Add to MetaCart
The goal of typed assembly language (TAL) is to provide a low-level, statically typed target language that is better suited than Java bytecodes for supporting a wide variety of source languages and a number of important optimizations. In previous work, we formalized idealized versions of TAL and proved important safety properties about them. In this paper, we present our progress in defining and implementing a realistic typed assembly language called TALx86. The TALx86 instructions comprise a relatively complete fragment of the Intel IA32 (32-bit 80x86 flat model) assembly language and are thus executable on processors such as the Intel Pentium. The type system for the language incorporates a number of advanced features necessary for safely compiling large programs to good code. To motivate the design of the type system, we demonstrate how various high-level language features are compiled to TALx86. For this purpose, we present a type-safe C-like language called Popcorn. 1 Introductio...
Guarded Recursive Datatype Constructors
, 2003
"... introduc e a notion of guarded rec ursive (g.r.) datatype c#w struc tors, generalizing the notion ofrec# rsive datatypes in func tional programming languages suc h as ML and Haskell. We address both theoret ic#t and prac# ic## issues resulted from this generalization. On one hand, we design a type s ..."
Abstract
-
Cited by 146 (10 self)
- Add to MetaCart
(Show Context)
introduc e a notion of guarded rec ursive (g.r.) datatype c#w struc tors, generalizing the notion ofrec# rsive datatypes in func tional programming languages suc h as ML and Haskell. We address both theoret ic#t and prac# ic## issues resulted from this generalization. On one hand, we design a type system to formalize the notion of g.r. datatypec onstruc - tors and then prove the soundness of the type system. On the other hand, we present some signific ant applic ations (e.g., implementing objec ts, implementing stagedc omputation, etc# ) of g.r. datatype c# nstruc#S rs, arguing that g.r. datatypec onstruc torsc an have far-reac hingc onsequenc es in programming. The mainc ontribution of the paper lies in the rec#I0 ition and then the formalization of a programming notion that is of both theoretic# l interest and prac tic# l use.
Alias Types for Recursive Data Structures
, 2000
"... Linear type systems permit programmers to deallocate or explicitly recycle memory, but they are severly restricted by the fact that they admit no aliasing. This paper describes a pseudo-linear type system that allows a degree of aliasing and memory reuse as well as the ability to define complex recu ..."
Abstract
-
Cited by 146 (13 self)
- Add to MetaCart
(Show Context)
Linear type systems permit programmers to deallocate or explicitly recycle memory, but they are severly restricted by the fact that they admit no aliasing. This paper describes a pseudo-linear type system that allows a degree of aliasing and memory reuse as well as the ability to define complex recursive data structures. Our type system can encode conventional linear data structures such as linear lists and trees as well as more sophisticated data structures including cyclic and doubly-linked lists and trees. In the latter cases, our type system is expressive enough to represent pointer aliasing and yet safely permit destructive operations such as object deallocation. We demonstrate the flexibility of our type system by encoding two common compiler optimizations: destination-passing style and Deutsch-Schorr-Waite or "link-reversal" traversal algorithms.
Family polymorphism
- In Proceedings of ECOOP’01
, 2001
"... Abstract. This paper takes polymorphism to the multi-object level. Traditional inheritance, polymorphism, and late binding interact nicely to provide both flexibility and safety – when a method is invoked on an object via a polymorphic reference, late binding ensures that we get the appropriate impl ..."
Abstract
-
Cited by 132 (9 self)
- Add to MetaCart
(Show Context)
Abstract. This paper takes polymorphism to the multi-object level. Traditional inheritance, polymorphism, and late binding interact nicely to provide both flexibility and safety – when a method is invoked on an object via a polymorphic reference, late binding ensures that we get the appropriate implementation of that method for the actual object. We are granted the flexibility of using different kinds of objects and differ-ent method implementations, and we are guaranteed the safety of the combination. Nested classes, polymorphism, and late binding of nested classes interact similarly to provide both safety and flexibility at the level of multi-object systems. We are granted the flexibility of using different families of kinds of objects, and we are guaranteed the safety of the com-bination. This paper highlights the inability of traditional polymorphism to handle multiple objects, and presents family polymorphism as a way to overcome this problem. Family polymorphism has been implemented in the programming language gbeta, a generalized version of Beta, and the source code of this implementation is available under GPL.1 1
