approximating polymorphic effects with capabilities
play

Approximating Polymorphic Effects with Capabilities Justin Lubin 1 , - PowerPoint PPT Presentation

Dec 28, 2022 •199 likes •424 views

Approximating Polymorphic Effects with Capabilities Justin Lubin 1 , Darya Melicher 2 , Alex Potanin 3 , Jonathan Aldrich 2 1 University of Chicago, USA 2 Carnegie Mellon University, USA 3 Victoria University of Wellington, NZ Goal Allow secure

  1. Approximating Polymorphic Effects with Capabilities Justin Lubin 1 , Darya Melicher 2 , Alex Potanin 3 , Jonathan Aldrich 2 1 University of Chicago, USA 2 Carnegie Mellon University, USA 3 Victoria University of Wellington, NZ

  2. Goal Allow secure and ergonomic mixing of effect-unannotated code with effect-annotated code in a realistic capability-safe programming language. 2

  3. Background 1. Object Capabilities 2. Effect Systems 3. Capability-Safe Import Semantics 3

  4. 1. Object Capabilities Capabilities Unforgeable objects that give module def logger(myFile : File) particular parts of the code ... access to sensitive resources module def main(platform : Platform) Capability-safe language val myFile = file(platform) val myLogger = logger(myFile) A language in which the only ... way to access sensitive resources is via capabilities 4

  5. 2. Effect Systems Effect system Annotations on methods describing effects they can incur Capability-based effect system Way of formally reasoning about capabilities (awesome!) Downside: verbosity 5

  6. 3. Capability-Safe Import Semantics Prior work (Craig et al.) Import semantics for capability-safe lambda calculus Limitation Does not handle mutable state nor effect polymorphism Our goal Scale up to a more realistic programming language 6

  7. The Problem Effect polymorphism and mutability 7

  8. The Problem resource type Logger effect log def append(contents : String) : {log} Unit Question: How will annotated module def reversePlugin(name : String) code use reversePlugin ? var logger : Logger = ... def setLogger(newLogger : Logger) : Unit Effect polymorphism + logger = newLogger mutability ⇒ log effect could def run(s : String) : String be anything! val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) t 8

  9. The Problem resource type Logger effect log def append(contents : String) : {log} Unit Question: How will annotated module def reversePlugin(name : String) code use reversePlugin ? var logger : Logger = ... def setLogger(newLogger : Logger) : Unit Effect polymorphism + logger = newLogger mutability ⇒ log effect could def run(s : String) : String be anything! val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) t 9

  10. The Problem resource type Logger effect log def append(contents : String) : {log} Unit Question: How will annotated module def reversePlugin(name : String) code use reversePlugin ? var logger : Logger = ... def setLogger(newLogger : Logger) : Unit Effect polymorphism + logger = newLogger mutability ⇒ log effect could def run(s : String) : String be anything! val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) t 10

  11. Solution Quantification lifting 11

  12. Quantification Lifting: Idea resource type Logger resource type Logger[ effect E] effect log def append(contents : String) : {E} Unit def append(contents : String) : {log} Unit module def reversePlugin(name : String) module def reversePlugin[ effect E](name : String) var logger : Logger = ... var logger : Logger[E] = ... def setLogger(newLogger : Logger) : Unit def setLogger(newLogger : Logger[E]) : {E} Unit logger = newLogger logger = newLogger def run(s : String) : String def run(s : String) : {E} String val t = s.reverse() val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) logger.append(name + “: ” + s + “ -> ” + t) t t Lift effect polymorphism from inside ML-style module functor to the functor itself ● Collapse each universal effect quantification into single quantified effect E ● Serves as effect bound for all methods in module ○ 12

  13. Quantification Lifting: Idea resource type Logger resource type Logger[ effect E] effect log def append(contents : String) : {E} Unit def append(contents : String) : {log} Unit module def reversePlugin(name : String) module def reversePlugin[ effect E](name : String) var logger : Logger = ... var logger : Logger[E] = ... def setLogger(newLogger : Logger) : Unit def setLogger(newLogger : Logger[E]) : {E} Unit logger = newLogger logger = newLogger def run(s : String) : String def run(s : String) : {E} String val t = s.reverse() val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) logger.append(name + “: ” + s + “ -> ” + t) t t Lift effect polymorphism from inside ML-style module functor to the functor itself ● Collapse each universal effect quantification into single quantified effect E ● Serves as effect bound for all methods in module ○ 13

  14. Quantification Lifting: Usage import fileLogger, databaseLogger, reversePlugin val logger1 = fileLogger(...) val logger2 = databaseLogger(...) val plugin = reversePlugin[logger1.log](“archive”) def main() : {logger1.log} Unit plugin.setLogger(logger1) // plugin.setLogger(logger2) <-- not allowed! resource type MyPlugin def setLogger(newLogger : Logger’) : {logger1.log} Unit def run(s : String) : {logger1.log} String resource type Logger’ effect log = {logger1.log} def append(contents : String) : {log} Unit 14

  15. Quantification Lifting: Type-Level Transformation Benefit Don’t need code ahead of time, only type signature ● Dynamic loading (plugins) ● Compiled code ● Third-party libraries Drawback Over-approximation of possibly-incurred effects 15

  16. Related Work Effect inference ● Operates on expressions ● Gives exact bound on effects that can be incurred Algebraic effects ● Has a different goal ● We use the effect system to formally/statically reason about capabilities 16

  17. Conclusion Capabilities are good way of managing non-transitive access to ● system resources Effect systems can formalize capability-based reasoning, but ● can be verbose Craig et al.’s import semantics work great for lambda calculus ● Quantification lifting handles tricky interaction between effect ● polymorphism and mutable state Thanks to Darya Melicher, Alex Potanin, Jonathan Aldrich, CMU, and the NSF! 17

  18. Thank you! resource type Logger resource type Logger[ effect E] effect log def append(contents : String) : {E} Unit def append(contents : String) : {log} Unit module def reversePlugin(name : String) module def reversePlugin[ effect E](name : String) var logger : Logger = ... var logger : Logger[E] = ... def setLogger(newLogger : Logger) : Unit def setLogger(newLogger : Logger[E]) : {E} Unit logger = newLogger logger = newLogger def run(s : String) : String def run(s : String) : {E} String val t = s.reverse() val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) logger.append(name + “: ” + s + “ -> ” + t) t t import fileLogger, databaseLogger, reversePlugin resource type MyPlugin val logger1 = fileLogger(...) def setLogger(newLogger : Logger’) : {logger1.log} Unit val logger2 = databaseLogger(...) def run(s : String) : {logger1.log} String val plugin = reversePlugin[logger1.log](“archive”) def main() : {logger1.log} Unit resource type Logger’ plugin.setLogger(logger1) effect log = {logger1.log} // plugin.setLogger(logger2) <-- not allowed! def append(contents : String) : {log} Unit

  19. Extra Slides

  20. Quantification Lifting: Import Bounds resource type Logger resource type Logger[ effect E] effect log def append(contents : String) : {E} Unit def append(contents : String) : {log} Unit module def reversePlugin(name : String) module def reversePlugin[ effect E](name : String) var logger : Logger = ... var logger : Logger[E] = ... def setLogger(newLogger : Logger) : Unit def setLogger(newLogger : Logger[E]) : {E} Unit logger = newLogger logger = newLogger def run(s : String) : String def run(s : String) : {E} String val t = s.reverse() val t = s.reverse() logger.append(name + “: ” + s + “ -> ” + t) logger.append(name + “: ” + s + “ -> ” + t) t t Something to be careful about: bounds on new universally-quantified polymorphism ● Upper bound: Craig et al. import semantics ○ Lower bound: Capability-safety ○ E1

  21. Quantification Lifting: Type-Level Transformation Before: τ 1 → τ 2 After: ∀ ε (L ⊆ ε ⊆ U) . τ 1 → ( τ 2 ) ε E2

Recommend

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f ((

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f ((

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f (( f true ) :: ( f nil )) -bound variables in ML cannot be used polymorphically within a function abstraction E.g. f (( f true ) :: ( f nil ))

945 views • 23 slides
Polymorphic Lists &amp; Trees Department of Computer Science University of Maryland, College Park

Polymorphic Lists &amp; Trees Department of Computer Science University of Maryland, College Park

CMSC 132: Object-Oriented Programming II Polymorphic Lists &amp; Trees Department of Computer Science University of Maryland, College Park Polymorphic Binary Search Trees Second approach to implement BST What do we mean by polymorphic?

329 views • 9 slides
Polymorphic &amp; Metamorphic Viruses CS4440/7440 Spring 2015 Evolution of Polymorphic Viruses

Polymorphic &amp; Metamorphic Viruses CS4440/7440 Spring 2015 Evolution of Polymorphic Viruses

Polymorphic &amp; Metamorphic Viruses CS4440/7440 Spring 2015 Evolution of Polymorphic Viruses (1) } Why polymorphism? } Anti-virus scanners detect viruses by looking for signatures (snippets of known virus code) } Virus writers

641 views • 40 slides
A Polymorphic Data Visualization for Spatiotemporal Database Makoto Hanashima Institute for

A Polymorphic Data Visualization for Spatiotemporal Database Makoto Hanashima Institute for

A Polymorphic Data Visualization for Spatiotemporal Database Makoto Hanashima Institute for Areal Studies, Foundation Tokyo, Japan Outline of Presentation 2 An Introduction to Reki-Show Authoring Tools Conceptual design of polymorphic

325 views • 14 slides
Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is monomorphic, Extends simply-typed : i.e. a type has no flexible pieces ::= * | type syntax expression/value syntax

328 views • 4 slides
Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would

Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would

Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would like to have a functional language where it is possible to define general polymorphic functions Return type of a function is uniquely determined

476 views • 22 slides
Approximating incomputable sets Timothy H. McNicholl Department of Mathematics Iowa State

Approximating incomputable sets Timothy H. McNicholl Department of Mathematics Iowa State

Computability Theory Approximating the incomputable- the Ershov hierarchy Asymptotic density Approximating incomputable sets Timothy H. McNicholl Department of Mathematics Iowa State University mcnichol@iastate.edu Groups and Computation,

690 views • 46 slides
NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W

NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W

I nternational Telecom m unication Union ITU-T NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1 April 2 0 0 6 NGN OAM Activities Update

777 views • 15 slides
Redirection Capabilities in SIP Redirection Capabilities in SIP

Redirection Capabilities in SIP Redirection Capabilities in SIP

Redirection Capabilities in SIP Redirection Capabilities in SIP draft-bharatia-sipping-redirect-00.txt Authors: J. Bharatia, S. Sen, R. Yuhanna, S. Orton, M. Watson Presenter: Mark Watson mwatson@nortelnetworks.com General Motivation SIP

478 views • 5 slides
The Didactics of Science The Didactics of Science Through Polymorphic Polymorphic Self Self- -

The Didactics of Science The Didactics of Science Through Polymorphic Polymorphic Self Self- -

The Didactics of Science The Didactics of Science Through Polymorphic Polymorphic Self Self- - Through Made Experimental Apparatus Experimental Apparatus Made of Quantitative Determinations of Quantitative Determinations An alternative

442 views • 29 slides
Further Improvement in Approximating the Maximum Duo-Preservation

Further Improvement in Approximating the Maximum Duo-Preservation

Further Improvement in Approximating the Maximum Duo-Preservation String Mapping Problem Brian Brubach University of Maryland, College Park 16 th Workshop on

555 views • 53 slides
Financial Complexity Physical Capabilities Process Capabilities Other Issues

Financial Complexity Physical Capabilities Process Capabilities Other Issues

Financial Complexity Physical Capabilities Process Capabilities Other Issues Upfront Costs - Financing (PPAs, Tax Credits, ESCOs) Split Incentive Alternatives - Virtual Net Metering Where to start? Intelligent

640 views • 8 slides
Thistle Capabilities AtBC What is Thistle? Why Thistle? Capabilities Commercial

Thistle Capabilities AtBC What is Thistle? Why Thistle? Capabilities Commercial

Thistle Capabilities AtBC What is Thistle? Why Thistle? Capabilities Commercial Capabilities Thistle Home Thistle is Market Ready Service Targets Benefits to AtBC Thistle Team &amp; Workflow What is Thistle?

522 views • 12 slides
Capabilities Capabilities Indexing and Publishing Indexing and Publishing Jason M. Coposky

Capabilities Capabilities Indexing and Publishing Indexing and Publishing Jason M. Coposky

Capabilities Capabilities Indexing and Publishing Indexing and Publishing Jason M. Coposky June 25-28, 2019 @jason_coposky iRODS User Group Meeting 2019 Executive Director, iRODS Consortium Utrecht, Netherlands 1 iRODS Capabilities

667 views • 23 slides
Induction-Recursion Capretta University of A polymorphic representation Nottingham IR

Induction-Recursion Capretta University of A polymorphic representation Nottingham IR

Induction- Recursion A polymorphic representation Venanzio Induction-Recursion Capretta University of A polymorphic representation Nottingham IR definitions Leftist Heaps Venanzio Capretta Slice Categories University of Nottingham

815 views • 69 slides
A01 Polymorphic Variation of CYP2D6 and GSTT1 Genes and its Association with Susceptibility to

A01 Polymorphic Variation of CYP2D6 and GSTT1 Genes and its Association with Susceptibility to

A01 Polymorphic Variation of CYP2D6 and GSTT1 Genes and its Association with Susceptibility to Chronic Myeloid Leukemia (CML) Bajpai Prachi 1 , Tripathi Anil Kumar 2 , Agrawal Deepa 3 1, 3 Industrial Toxicology Research Centre (ITRC), Lucknow,

1.16k views • 55 slides
Assurances vs. Capabilities as a Basis for Dispatch William Harrison Trinity College Dublin 1

Assurances vs. Capabilities as a Basis for Dispatch William Harrison Trinity College Dublin 1

Assurances vs. Capabilities as a Basis for Dispatch William Harrison Trinity College Dublin 1 The Problem The Problem: In common OO clients have to know where the implementation is. Several effects in client code: Syntactic distortion to

200 views • 7 slides
Approximating the Diameter, Width, Smallest Enclosing Cylinder, and Minimum-Width Annulus

Approximating the Diameter, Width, Smallest Enclosing Cylinder, and Minimum-Width Annulus

Approximating the Diameter, Width, Smallest Enclosing Cylinder, and Minimum-Width Annulus Timothy M. Chan International Journal of Computational Geometry and Applications Approximating the Diameter, Width, Smallest Enclosing Cylinder, and

754 views • 25 slides
Manufacturing Capabilities Our Full Service product Manufacturing capabilities include:

Manufacturing Capabilities Our Full Service product Manufacturing capabilities include:

Manufacturing Capabilities Our Full Service product Manufacturing capabilities include: Sensual Pleasure Products Massage Oils Bath Oils Food Grade Body Paint Sachets Wipes Fragrances Washing &amp; Bathing Male

101 views • 6 slides
Electro-optic diagnostics concepts &amp; capabilities concepts &amp; capabilities Steven Jam

Electro-optic diagnostics concepts &amp; capabilities concepts &amp; capabilities Steven Jam

Electro-optic diagnostics concepts &amp; capabilities concepts &amp; capabilities Steven Jam ison Accelerator Science and Technology Centre (ASTeC) STFC Daresbury Laboratory, UK Electro-optic effect Refractive index modified by quasi-DC

707 views • 28 slides
Approximating a Motorcycle Graph by a Straight Skeleton Stefan Huber Martin Held Universit

Approximating a Motorcycle Graph by a Straight Skeleton Stefan Huber Martin Held Universit

Approximating a Motorcycle Graph by a Straight Skeleton Stefan Huber Martin Held Universit at Salzburg, Austria CCCG 2011, Toronto ON, August 1012, 2011 Stefan Huber, Martin Held: Approximating Motorcycle Graphs 1 / 17 Introduction to

523 views • 24 slides
PLATFORM CAPABILITIES PLATFORM CAPABILITIES ABOUT CLOUDSIGMA 1. Swiss company founded in 2009,

PLATFORM CAPABILITIES PLATFORM CAPABILITIES ABOUT CLOUDSIGMA 1. Swiss company founded in 2009,

PLATFORM CAPABILITIES PLATFORM CAPABILITIES ABOUT CLOUDSIGMA 1. Swiss company founded in 2009, currently with just over 50 employees. 2. Leading IaaS provider with a focus on fl flexibility &amp; performance. 3. Built our own cloud stack

393 views • 14 slides
Operating Modes and Cooling Capabilities Operating Modes and Cooling Capabilities of the Flight

Operating Modes and Cooling Capabilities Operating Modes and Cooling Capabilities of the Flight

https://ntrs.nasa.gov/search.jsp?R=20150018884 2018-06-18T19:32:18+00:00Z National Aeronautics and Space Administration Operating Modes and Cooling Capabilities Operating Modes and Cooling Capabilities of the Flight ADR for the SXS Instrument

657 views • 27 slides
A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A.

A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A.

A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A. Papakyriakou Prodromos E. Gerakios Nikolaos S. Papaspyrou National Technical University of Athens School of Electrical and Computer Engineering

613 views • 39 slides

More recommend