Type-Driven Gradual Security with References

Toro, Matías; García, Ronald; Tanter, Éric

doi:10.1145/3229061

Cited by 32 publications

(24 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We nd that AGT greatly streamlines the static semantics of GSF, but does not yield a language that respects parametricity by default; non-trivial exploration was necessary to uncover how to strengthen the structure and treatment of runtime evidence in order to recover parametricity. We show that parametricity is, like noninterference (Toro et al 2018), incompatible with the dynamic gradual guarantee laid forth by Siek et al (2015a). We nevertheless establish a novel, weaker property of GSF regarding the embedding of System F terms at less precise types, which allows us to disprove some claims from the literature about gradual free theorems.…”

Section: Resultscontrasting

confidence: 39%

“…Both parametricity and noninterference are 2-safety properties, expressed as a relation of two program executions. While Garcia and Tanter (2015) show that one can derive a pure security language with AGT that satis es both noninterference and the dynamic gradual guarantee, Toro et al (2018) nd that in presence of mutable references, one can have either the dynamic gradual guarantee, or noninterference, but not both. Also similarly to this work, AGT for security typing needs a more precise abstraction for evidence types (based on security label intervals) in order to enforce noninterference.…”

Section: Related Workmentioning

confidence: 99%

“…Dually, if one sticks to the natural notion of precision, as adopted by both GSF and CSA, and justi ed by the AGT interpretation, reconciliation might come from considering other forms of parametricity, or perhaps less exible gradual language designs (Devriese et al 2018). Currently, it seems that the incompatibility of the dynamic gradual guarantee with parametricity has to be understood, in conjunction with a similar observation regarding noninterference (Toro et al 2018), as hinting towards further re ned criteria for semantically-rich gradual typing. In particular, weaker forms of the dynamic gradual guarantee might still be useful, as explored next.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Gradual parametricity, revisited

Toro

Labrada

Tanter

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Bringing the bene ts of gradual typing to a language with parametric polymorphism like System F, while preserving relational parametricity, has proven extremely challenging: rst a empts were formulated a decade ago, and several designs were recently proposed. Among other issues, these proposals can however signal parametricity errors in unexpected situations, and improperly handle type instantiations when imprecise types are involved. ese observations further suggest that existing polymorphic cast calculi are not well suited for supporting a gradual counterpart of System F. Consequently, we revisit the challenge of designing a gradual language with explicit parametric polymorphism, exploring the extent to which the Abstracting Gradual Typing methodology helps us derive such a language, GSF. We present the design and metatheory of GSF, and provide a reference implementation. In addition to avoiding the uncovered semantic issues, GSF satis es all the expected properties of a gradual parametric language, save for one property: the dynamic gradual guarantee, which was le as conjecture in all prior work, is here proven to be simply incompatible with parametricity. We nevertheless establish a weaker property that allows us to disprove several claims about gradual free theorems, clarifying the kind of reasoning supported by gradual parametricity.

show abstract

Section: Resultscontrasting

confidence: 39%

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Gradual parametricity, revisited

Toro

Labrada

Tanter

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

show abstract

“…There has been considerable work in gradual typing both from industry [3,9,27,4] and academia [18,24,26,14,17,1]. The challenge in capturing a calculus such as the π-calculus is that several output processes may compete for a single input.…”

Section: Related Work and (More) Future Workmentioning

confidence: 99%

Towards Gradually Typed Capabilities in the Pi-Calculus

Cimini

2019

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Gradual typing is an approach to integrating static and dynamic typing within the same language, and puts the programmer in control of which regions of code are type checked at compile-time and which are type checked at run-time.In this paper, we focus on the π-calculus equipped with types for the modeling of input-output capabilities of channels. We present our preliminary work towards a gradually typed version of this calculus. We present a type system, a cast insertion procedure that automatically inserts run-time checks, and an operational semantics of a π-calculus that handles casts on channels. Although we do not claim any theoretical results on our formulations, we demonstrate our calculus with an example and discuss our future plans.

show abstract

“…Gradual typing has been adapted to many other type disciplines, including ownership types [Sergey and Clar 2012], effects [Bañados Schwerter et al 2016], refinement types [Lehmann and Tanter 2017], security types [Fennell and Thiemann 2013;Toro et al 2018a], and session types [Igarashi et al 2017]. But it has not yet reached dependent types.…”

Section: Introductionmentioning

confidence: 99%

Approximate normalization for gradual dependent types

Eremondi

Tanter

García

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Dependent types help programmers write highly reliable code. However, this reliability comes at a cost: it can be challenging to write new prototypes in (or migrate old code to) dependently-typed programming languages. Gradual typing makes static type disciplines more flexible, so an appropriate notion of gradual dependent types could fruitfully lower this cost. However, dependent types raise unique challenges for gradual typing. Dependent typechecking involves the execution of program code, but gradually-typed code can signal runtime type errors or diverge. These runtime errors threaten the soundness guarantees that make dependent types so attractive, while divergence spoils the type-driven programming experience.This paper presents GDTL, a gradual dependently-typed language that emphasizes pragmatic dependentlytyped programming. GDTL fully embeds both an untyped and dependently-typed language, and allows for smooth transitions between the two. In addition to gradual types we introduce gradual terms, which allow the user to be imprecise in type indices and to omit proof terms; runtime checks ensure type safety. To account for nontermination and failure, we distinguish between compile-time normalization and run-time execution: compile-time normalization is approximate but total, while runtime execution is exact, but may fail or diverge. We prove that GDTL has decidable typechecking and satisfies all the expected properties of gradual languages. In particular, GDTL satisfies the static and dynamic gradual guarantees: reducing type precision preserves typedness, and altering type precision does not change program behavior outside of dynamic type failures. To prove these properties, we were led to establish a novel normalization gradual guarantee that captures the monotonicity of approximate normalization with respect to imprecision.

show abstract

Type-Driven Gradual Security with References

Cited by 32 publications

References 46 publications

Gradual parametricity, revisited

Gradual parametricity, revisited

Towards Gradually Typed Capabilities in the Pi-Calculus

Approximate normalization for gradual dependent types

Contact Info

Product

Resources

About