Policy as Types

argue persuasively for the need for a means to express policy in object-capability-based systems. We investigate a practical means to realize their aim via the Curry-Howard isomorphism [1] . Specifically, we investigate representing policy as types in a behavioral type system for the rho-calculus [15], a reflective higherorder variant of the π-calculus [18].

Information and Computation, 2012

We propose a process algebra, the Algebra of Behavioural Types, as a language for typing concurrent objects in process calculi. A type is a higher-order labelled transition system that characterises all possible life cycles of a concurrent object. States represent interfaces of objects; state transitions model the dynamic change of object interfaces. Moreover, a type provides an internal view of the objects that inhabit it: a synchronous one, since transitions correspond to message reception. To capture this internal view of objects we define a notion of bisimulation, strong on labels and weak on silent actions. We study several algebraic laws that characterise this equivalence, and obtain completeness results for image-finite types.

Theoretical Computer Science, 2004

We propose a general, powerful framework of type systems for the π-calculus, and show that we can obtain as its instances a variety of type systems guaranteeing non-trivial properties like deadlock-freedom and race-freedom. A key idea is to express types and type environments as abstract processes: We can check various properties of a process by checking the corresponding properties of its type environment. The framework clarifies the essence of recent complex type systems, and it also enables sharing of a large amount of work such as a proof of type preservation, making it easy to develop new type systems.

Electronic Notes in Theoretical Computer Science, 1998

This article explores the use of types constrained by the de nition of functions of given types. This notion supports both overloading and a form of subtyping, and is related to Haskell type classes and System O. We study an extension of the Damas-Milner system, in which o verloaded functions can be de ned. The inference system presented uses a context-independent o verloading policy, speci ed by m e a n s of a predicate used in a single inference rule. The treatment of overloading is less restrictive t h a n in similar systems. Type annotations are not required, but can be used to simplify inferred types. The work motivates the use of constrained types as parameters of other, higher-order types.

We present an operational semantics and a typing assignment system for the concurrent object-oriented speci cation language Gnome, based on a name-passing asynchronous calculus of concurrent objects, TyCO. The operational semantics is given by a map encoding Gnome classes in TyCO agents, and thus, objects (instances of classes) in processes (instances of agents). We propose a general approach to implement synchronous communication in an asynchronous process calculus, using a commit-abort protocol, achieving by this means the synchronization of all objects involved on a transaction. We treat objects with internal animation, their dynamic creation and deletion. Furthermore, the method generates a (decidable) typing assignment system that ensures lack of runtime errors for typable programs. The type of an agent certi cates the communicating protocol of the corresponding class.

Traditional static typing systems for the pi-calculus are built around capability types that control the read/write access rights on channels and describe the type of their payload. While static typing has proved adequate for reasoning on process behavior in typed contexts, dynamic techniques have often been advocated as more effective for access control in distributed/untyped contexts. Here we develop a new typing discipline for the asynchronous pi-calculus, which we call API@. It combines static and dynamic typing: a static type system associates channels with flat types that only express read/write capabilities and disregard the payload type; a dynamically typed synchronization complements the static type system to guarantee type soundness. We define a typed equational theory, and we give a co-inductive proof technique useful to prove equivalences among processes. We study the relationships between our dynamic approach and the static one of the asynchronous pi calculuS, referred as API, which comes with an entirely standard static typing system. On the one hand, we show that API can be encoded in API@ in a sound manner. On the other hand, we show that API@ can be encoded into API in a fully abstract manner, preserving the respective behavioral equivalences of the two calculi. Besides yielding an interesting expressivity result, the encoding also sheds light on the effectiveness of dynamic typing as a mechanism for access control. Here we take P ∼ = @ Q to mean that P and Q are behaviorally indistinguishable, i.e. they have the same observable behavior when executed in any arbitrary context. The equation (1) is easily disproved by exhibiting a context that interferes with the intended protocol between S and C. A first example is the context C 1 [−] = − | d(x).!x(y).0, that initially behaves as the client, to receive s, but then it steals the jobs intended Work partially supported by M.I.U.R (Italian Ministry of Education, University and Research) under contract n. 2005015785.

Theoretical Computer Science, 2006

This article presents a mathematical characterization of object-oriented concepts by defining an observation-oriented semantics for a relational objectoriented language with a rich variety of features including subtypes, visibility, inheritance, type casting, dynamic binding and polymorphism. The language is expressive enough for the specification of object-oriented designs and programs. We also propose a calculus based on this model to support both structural and behavioral refinement of object-oriented designs. We take the approach of the development of the design calculus based on the standard predicate logic in Hoare and He's Unifying Theories of Programming (UTP). We also consider object reference in terms of object identity as values and mutually dependent methods.

Logical Methods in Computer Science, 2009

First, we extend Leifer-Milner RPO theory, by giving general conditions to obtain IPO labeled transition systems (and bisimilarities) with a reduced set of transitions, and possibly finitely branching. Moreover, we study the weak variant of Leifer-Milner theory, by giving general conditions under which the weak bisimilarity is a congruence. Then, we apply such extended RPO technique to the lambda-calculus, endowed with lazy and call by value reduction strategies. We show that, contrary to process calculi, one can deal directly with the lambda-calculus syntax and apply Leifer-Milner technique to a category of contexts, provided that we work in the framework of weak bisimilarities. However, even in the case of the transition system with minimal contexts, the resulting bisimilarity is infinitely branching, due to the fact that, in standard context categories, parametric rules such as the beta-rule can be represented only by infinitely many ground rules. To overcome this problem, we introduce the general notion of second-order context category. We show that, by carrying out the RPO construction in this setting, the lazy observational equivalence can be captured as a weak bisimilarity equivalence on a finitely branching transition system. This result is achieved by considering an encoding of lambdacalculus in Combinatory Logic.

Lecture Notes in Computer Science, 1997

We present a new type system for TyCO, a name-passing calculus of concurrent objects. The system captures dynamic aspects of the behaviour of objects, namely non-uniform service availability. The notion of processes without errors is loosened, demanding only weak fairness in the treatment of messages.

2006

Solid theoretical foundation of object-oriented paradigm have been developed for both functional and imperative programming languages. Although type theory contains functional programming language and offers rich specification and reasoning capabilities the similar foundation is not so evident despite the presence of flavor of object orientation in many other formal methods.