Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl...
Transcript of Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl...
![Page 1: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/1.jpg)
Modal Typesfor Mobile Code
Tom Murphy VII
Robert Harper (co-chair)Karl Crary (co-chair)
Frank PfenningPeter Sewell (Cambridge)
thesis defense
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 2: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/2.jpg)
My thesis project is to design and implement aprogramming language for distributed computingbased on logic.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 3: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/3.jpg)
Strategy
Tell you what I did
Argue for the thesis statement
Present some of the best ideas from the work
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 4: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/4.jpg)
Thesis statement
Modal type systems provide an elegant andpractical means for controlling local resourcesin spatially distributed computer programs.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 5: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/5.jpg)
Modal type systems provide an elegant and practical means for
controlling local resources in spatially distributed computer programs.
what?
A spatially distributed program is one that spans multiple computers in different places.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 6: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/6.jpg)
Modal type systems provide an elegant and practical means for
controlling local resources in spatially distributed computer programs.
what?
They usually do so because of specific local resources that are only available in those places.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 7: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/7.jpg)
Modal type systems provide an elegant and practical means for
controlling local resources in spatially distributed computer programs.
The technology I use is a modal type system, derived from modal logic. A modal logic is one that can reason about truth from multiple simultaneous perspectives, called worlds.
what?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 8: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/8.jpg)
Modal type systems provide an elegant and practical means for
controlling local resources in spatially distributed computer programs.
I interpret these worlds as the places in a distributed program, which leads to a methodology I calllocated programming.
what?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 9: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/9.jpg)
Modal type systems provide an elegant and practical means for controllinglocal resources in spatially distributed computer programs.
Each part of the program is associated with the place in which it makes sense. The language is simultaneously aware of each place's differing perspective on the code and data.
how?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 10: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/10.jpg)
Modal type systems provide an elegant and practical means
for controlling local resources in spatially distributed computer programs.
To show it is elegant, I present a modal logic formulated for this purpose, show how a language can be derived from it, and prove properties of these in Twelf.
why?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 11: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/11.jpg)
Modal type systems provide an elegant and practical means
for controlling local resources in spatially distributed computer programs.
To show it is practical, I extend the language to a full-fledged programming language based on ML, specialized to web programming. I then build realistic applications in the language.
why?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 12: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/12.jpg)
OutlineThis work has a nice end-to-end character.The talk is arranged according to the same trajectoryas the research, dissertation.
solution:located programmingproblem
logic abstractcompilation
language andimplementation
applications end
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 13: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/13.jpg)
The single-vision problem
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 14: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/14.jpg)
The single-vision problemMost languages: values and code classified froma single universal viewpoint.
"integer," "file handle," etc.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 15: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/15.jpg)
The single-vision problem
This monocularismleads to failures that aretoo early or too late.
Most languages: values and code classified froma single universal viewpoint.
"integer," "file handle," etc.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 16: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/16.jpg)
The single-vision problemConsider the remote procedure call.
Kurt
Bert
let val e = 5 val y = h(e)in print yend
fun h(e : int) = e + 1
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 17: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/17.jpg)
The single-vision problemConsider the remote procedure call.
Kurt
Bert
let val e = 5 val y = h(e)in print yend
fun h(e : int) = e + 15
6
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 18: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/18.jpg)
The single-vision problemConsider the remote procedure call.
Kurt
Bert
let val e = 5 val y = h(e)in print yend
fun h(e : int) = e + 15
6
also, marshaling
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 19: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/19.jpg)
The single-vision problemWhat about local resources?
Kurt
Bert
let val e : file = open "thesis.tex" val y = g(e)in (* ... *)end
fun g(e : file) = (* ... *)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 20: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/20.jpg)
The single-vision problemWhat about local resources?
Kurt
Bert
let val e : file = open "thesis.tex" val y = g(e)in (* ... *)end
fun g(e : file) = (* ... *)
?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 21: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/21.jpg)
The single-vision problemWhat happens depends on the language.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 22: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/22.jpg)
The single-vision problemWhat happens depends on the language.
POD. Program is rejected statically."You may only send plain old data."
— [DCOM/CORBA/XMLRPC, etc.]
RPC. Program fails at RPC time."Can't serialize local resources."
— [Java/Acute/Alice, etc.]
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 23: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/23.jpg)
The single-vision problem
DYN. Program continues, might fail in function g."Decide at the last second."— [Dynamically typed languages/Grid/ML, etc.]
MOB. Transparent mobility.[D'caml, etc.]
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 24: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/24.jpg)
Diagnosis(POD) is overconservative.
fun g(f : file) = foccurs in practice!
(Callbacks)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 25: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/25.jpg)
Diagnosis(POD) is overconservative.
fun g(f : file) = foccurs in practice!
(RPC) admits runtime failures.
even on safe programs such as above
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 26: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/26.jpg)
Diagnosis(POD) is overconservative.
fun g(f : file) = foccurs in practice!
(RPC) admits runtime failures.
even on safe programs such as above
(DYN) admits runtime failures.
allows fun g(f : file) = ffails on fun g(f : file) = write(f, "hello")
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 27: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/27.jpg)
What's going on?Even though a file handle is a local resource, wehave a single global notion (type) of file.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 28: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/28.jpg)
What's going on?Even though a file handle is a local resource, wehave a single global notion (type) of file.
If Bert has a file, he (reasonably) expects to be ableto write to it.
(POD) and (RPC) prevent Bert from ever getting the file.
(DYN) checks that every file access is local.
(MOB) makes every file global.
(LOC) ...prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 29: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/29.jpg)
Located programmingInstead: treat all code and data as relative to a world.
e.g. Kurt, Burtallows language notion of "Kurt's file"
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 30: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/30.jpg)
Located programming
Kurt's code
Bert's code
let val e : kurt's file = open "thesis.tex" val y = g(e)in write(y, "hello")end
fun g(e : kurt's file) = e
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 31: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/31.jpg)
Located programmingThis excludes unsafe uses statically.
Kurt's code
Bert's code
let val e : kurt's file = open "thesis.tex" val y = g(e)in (* ... *)end
fun g(e : kurt's file) = write(e, "oops")Xtype error
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 32: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/32.jpg)
Kurt
Bert
let val e : kurt's int = 5 val y = h(e)in print yend
fun h(e : kurt's int) = e + 1
Located programming
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 33: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/33.jpg)
Kurt
Bert
fun h(e : kurt's int) = e + 1
Located programming
?let val e : kurt's int = 5 val y = h(e)in print yend
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 34: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/34.jpg)
Kurt
Bert
fun h(e : bert's int) = e + 1
Located programming
let val e : kurt's int = 5 val y = h(e)in print yend
conv
ert
convert
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 35: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/35.jpg)
Located programmingSemantic question: When can we convertKurt's t to Bert's t?
file: no, int: yes
This is not the same as marshaling
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 36: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/36.jpg)
logic abstractcompilation
applications endsolution:located programmingproblem
language andimplementation
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 37: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/37.jpg)
Modal logicA logic is concerned with the truth of propositions.
"A true"
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 38: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/38.jpg)
Modal logicModal logic is concerned with the truth of propositions, relative to a set of worlds.
"A true @ w1"
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 39: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/39.jpg)
Modal logicModal logic is concerned with the truth of propositions, relative to a set of worlds.
"A true @ w1"(A proposition might only be true in some worlds because of different contingent facts at those worlds.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 40: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/40.jpg)
Modal logicContingent facts are represented by hypotheses,themselves relative to a set of worlds.
A true @ w1, B true @ w2 A true @ w1
A true @ w1, B true @ w2 A true @ w2
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 41: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/41.jpg)
Modal logic
(Again, we'll think of worlds as hosts on the network.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 42: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/42.jpg)
Modal logicA proof in modal logicreasons from these distributedfacts to produce a conclusion.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 43: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/43.jpg)
Modal logicThese proofs interpreted asprograms appear to requirenon-local computation, or"action at a distance."
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 44: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/44.jpg)
Lambda 5A novel formulation of modallogic: Lambda 5
reasoning(computation) isalways local
a single rule allowsus to move facts (data)between worlds
"get"
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 45: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/45.jpg)
Lambda 5This formulation of modal logic is:
Logically faithful(Proved sound, complete, equivalent to known logics.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 46: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/46.jpg)
Lambda 5This formulation of modal logic is:
Logically faithful(Proved sound, complete, equivalent to known logics.)
Computationally realistic(Straightforward type-safe dynamic semantics.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 47: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/47.jpg)
Lambda 5This formulation of modal logic is:
Logically faithful(Proved sound, complete, equivalent to known logics.)
Computationally realistic(Straightforward type-safe dynamic semantics.)
Not enough(I study two extensions in detail: classical reasoning and global reasoning.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 48: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/48.jpg)
Lambda 5This formulation of modal logic is:
Logically faithful(Proved sound, complete, equivalent to known logics.)
Computationally realistic(Straightforward type-safe dynamic semantics.)
Not enough(I study two extensions in detail: classical reasoning and global reasoning.)
[All proofs in Twelf]prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 49: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/49.jpg)
abstractcompilation
applications endsolution:located programmingproblem
language andimplementation
logic
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 50: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/50.jpg)
Abstract compilationNext, I take the extended modal lambda calculusand carefully show how it can be compiled.
Mini version of ML5(Leaves out the complications of a full-fledged language.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 51: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/51.jpg)
Abstract compilationNext, I take the extended modal lambda calculusand carefully show how it can be compiled.
Mini version of ML5(Leaves out the complications of a full-fledged language.)
Formalize several phases:Elimination of syntactic sugar
Continuation passing style transformation
Closure conversion
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 52: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/52.jpg)
Abstract compilationNext, I take the extended modal lambda calculusand carefully show how it can be compiled.
Mini version of ML5
Formalize several phases
Feedback of ideas into logic/language
Typed compilation is a good exerciseof a language's expressiveness!
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 53: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/53.jpg)
Abstract compilationNext, I take the extended modal lambda calculusand carefully show how it can be compiled.
Mini version of ML5
Formalize several phases
Feedback of ideas into logic/language
Typed compilation is a good exerciseof a language's expressiveness!
Prove static correctness for each phase
[All proofs in Twelf]prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 54: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/54.jpg)
applications endsolution:located programmingproblem
language andimplementation
logic abstractcompilation
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 55: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/55.jpg)
ML5ML5 is an ML-like programming language with amodal type system.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 56: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/56.jpg)
ML5ML5 is an ML-like programming language with amodal type system.
Its implementation is specialized to web programming.
Exactly two worlds: the browser ("home") and "server"
AJAX-style applications (single page)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 57: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/57.jpg)
ML5ML5 is an ML-like programming language with amodal type system.
Its implementation is specialized to web programming.
A compiler (ML5/pgh)
A runtime system including a web server
Exactly two worlds: the browser ("home") and "server"
AJAX-style applications (single page)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 58: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/58.jpg)
Modal type systemsA type system assigns a type to an expression,to classify the values it may produce.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 59: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/59.jpg)
Modal type systemsA type system assigns a type to an expression,to classify the values it may produce.
ML5's modal type system assigns a type and worldto an expression, to classify the values it mayproduce and the location in which it may be evaluated.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 60: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/60.jpg)
Modal type systems
M : A M : A @ w
v : A v : A @ wwhere value canbe used
where exp canbe evaluated
shape of valuethat results
shape of value
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 61: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/61.jpg)
Modal type systems
Returns a string and can only be evaluatedon the web browser.
js.prompt "What is your name?" : string @ home
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 62: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/62.jpg)
Modal type systems
Returns a string and can only be evaluatedon the web server.
db.lookup "name" : string @ server
Returns a string and can only be evaluatedon the web browser.
js.prompt "What is your name?" : string @ home
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 63: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/63.jpg)
Variables like js.prompt are the contingent (local)resources that form the context for type checking.
Local resources
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 64: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/64.jpg)
js.prompt : string → string @ client, ...
Variables like js.prompt are the contingent (local)resources that form the context for type checking.
js.prompt : string → string @ client
Local resources
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 65: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/65.jpg)
Local resourcesThe programmer can declare a local resource byimporting it at a name, type and world.
extern val js.prompt \@1: string -> string @ homeextern val js.alert \>1: string -> unit @ home
extern val db.lookup \>1: string -> string @ serverextern val version \>1: unit -> string @ server
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 66: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/66.jpg)
ML5 modelML5 source code includes parts for both thebrowser and server.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 67: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/67.jpg)
ML5 modelML5 source code includes parts for both thebrowser and server.
JavaScript B5 bytecode
ML5
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 68: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/68.jpg)
ML5 model
Execution begins in the web browser.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 69: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/69.jpg)
ML5 model
Control may flow to the server and back during execution.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 70: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/70.jpg)
GetThis is done with the language construct from ... get ....
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 71: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/71.jpg)
GetThis is done with the language construct from ... get ....
js.alert (from server get version());
Transfers control to serverto evaluate expression.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 72: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/72.jpg)
js.alert (from server get version());
Transfers control to serverto evaluate expression.
get
"2.0"
GetThis is done with the language construct from ... get ....
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 73: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/73.jpg)
js.alert (from server get version());
Transfers control to serverto evaluate expression.
2.0
This is done with the language construct from ... get ....
Get
get
"2.0"
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 74: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/74.jpg)
GetThe get construct is (exclusively) how control and data flow between worlds.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 75: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/75.jpg)
GetThe get construct is (exclusively) how control and data flow between worlds.
Γ from M get N : A @ w
Γ N : A @ w'Γ M : w' addr @ w + 1 more premise...
Address of remote worldExpression to evaluate(IP/port, etc.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 76: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/76.jpg)
Get
Γ from M get N : A @ w
Γ N : A @ w'Γ M : w' addr @ w + 1 more premise...
This only makes sense forcertain types of values...
When we get, a value v : A @ w becomes a value v : A @ w
'
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 77: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/77.jpg)
Γ from M get N : A @ w
Γ N : A @ w'Γ M : w' addr @ w
When we get, a value v : A @ w becomes a value v : A @ w
This only makes sense forcertain types of values...
A mobile
'
Get
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 78: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/78.jpg)
Mobile typesA type is mobile if every value that inhabits itis portable.
int mobile
(A × B) mobileB mobileA mobile
w addr mobile
(ps: mobility has a logical justification)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 79: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/79.jpg)
Mobile types
(A × B) mobileB mobileA mobile
file mobile (A → B) mobile
int mobile
w addr mobile
A type is mobile if every value that inhabits itis portable.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 80: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/80.jpg)
Mobile types
(A → B) mobile
Would try to access a local database whencalled on the client!
(* string -> string @ client *)from server get db.lookup
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 81: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/81.jpg)
Mobile types
(A → B) mobile
Would try to access a local database whencalled on the client!
(* string -> string @ client *)from server get db.lookup
(ML5 statically excludes such wrong-world accesses.)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 82: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/82.jpg)
Mobility vs. validityNot every function value is portable, so functiontypes are not mobile.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 83: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/83.jpg)
Mobility vs. validityNot every function value is portable, so functiontypes are not mobile.
However, some particular functions are portable.We have a way to demonstrate this in the typesystem: validity.
(fn x ⇒ x)
(ps: validity has a logical justification)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 84: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/84.jpg)
Validity
Valid hypotheses are bindings thatcan be used anywhere.
x ~ A x : A @ w
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 85: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/85.jpg)
ValidityJust as ML type inference automatically makesdefinitions maximally polymorphic, ML5 typeinference makes definitions maximally valid:
(* map ~ ('a -> 'b) -> 'a list -> 'b list *)fun \@1map f nil = nil |\>1map f (h :: t) = (f h) :: map f t
Libraries
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 86: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/86.jpg)
Validity
To validate a binding, hypothesize the existenceof a world ω'. If the value is well-typed there,then it would be well-typed anywhere, since weknow nothing about ω'.
Γ let val x = v in N : C @ w
Γ, x ~ A N : C @ wΓ, ω' world v : A @ ω'
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 87: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/87.jpg)
Validity
Γ let val x = (fn x ⇒ x) in ... : C @ w
Γ, ω' world fn x ⇒ x : int → int @ ω' ...
Γ, ω' world, x : int @ ω' x : int @ ω'
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 88: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/88.jpg)
Validity
Note: values only! (cf. ML value restriction)
(* r : int ref @ client *)val r = ref 0
Γ let val x = (fn x ⇒ x) in ... : C @ w
Γ, ω' world fn x ⇒ x : int → int @ ω' ...
Γ, ω' world, x : int @ ω' x : int @ ω'
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 89: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/89.jpg)
ModalitiesThe judgments x ~ A and x : A @ w allow us todefine new types that encapsulate the notionsof validity and locality.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 90: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/90.jpg)
Modalities
A A valid value of type A.
A w An encapsulated value of type Athat can be used only at w.
(Can also have as derived forms: )A A
The judgments x ~ A and x : A @ w allow us todefine new types that encapsulate the notionsof validity and locality.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 91: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/91.jpg)
Modalities
A A valid value of type A.
A w An encapsulated value of type Athat can be used only at w.
(Can also have as derived forms: )A A
These are all mobile no matter what A is.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 92: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/92.jpg)
ML-like featuresML5 has most of the features of core SML.
algebraic datatypes, extensible types
pattern matching
mutable references
exceptions
mutual recursion
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 93: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/93.jpg)
ML-like featuresML5 has most of the features of core SML.
algebraic datatypes, extensible types
pattern matching
mutable references
exceptions
... and some extensions:first-class continuations, threads
quote/antiquote
mutual recursion
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 94: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/94.jpg)
ML-like featuresMost features behave as they do in SML.We usually just need to consider whether a given type should be mobile.
datatype (a, b) t = First of a * int | Second of (b at home) * t
The type (t1, t2) t is mobile if both arms(with t1, t2 filled in) carry mobile types.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 95: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/95.jpg)
ML-like featuresMost features behave as they do in SML.We usually just need to consider whether a given type should be mobile.
datatype (a, b) t' = First of a * int | Second of (b at home) * t' | Third of a → b
The type (t1, t2) t is mobile if both arms(with t1, t2 filled in) carry mobile types.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 96: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/96.jpg)
ML-like featuresThe exn type and other extensible types arealways mobile.
exception TagA of intexception TagB of unit -> unit
(* ! *)do case (from server get e) : exn of \@1TagA _ => () | \>1TagB f => f ()
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 97: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/97.jpg)
ML-like featuresThe exn type and other extensible types arealways mobile.
exception TagA of intexception TagB of unit -> unit
(* ! *)do case (from server get e) : exn of \@1TagA _ => () | \>1TagB f => f ()
The extensible type tags give permission toretrieve the stored value.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 98: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/98.jpg)
ML-like featuresThe exn type and other extensible types arealways mobile.
vexception TagA of int \@3(* valid *)exception TagB of unit -> unit \>3(* can't be valid *)
(* ! *)do case (from server get e) : exn of \@1TagA _ => () | \>1TagB f => f ()
The extensible type tags give permission toretrieve the stored value.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 99: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/99.jpg)
Put
Γ let put x = M in N : C @ w
Γ, x ~ A N : C @ wΓ M : A @ w A mobile
Another construct put can evaluate an expressionand validate the resulting binding, but only ifits type is mobile.
(no communication)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 100: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/100.jpg)
Example: proxylet \@1extern val db.lookup : string -> string @ server
\>1(* plookup ~ string -> string *) \>1fun plookup s = \>1 \@2let \@3put s' = s \>2in \>3from server get (db.lookup s') \>2endin\>1(* ... *)end
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 101: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/101.jpg)
Ok.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 102: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/102.jpg)
ImplementationThe ML5 implementation consists of a compiler,and a web server that hosts and runs the serverpart of programs.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 103: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/103.jpg)
CompilationThe ML5/pgh compiler transforms the source programinto client-side JavaScript and server-side bytecode.
CPS conversion
Closure conversion
Elaboration and type inference
Type and world representation
Code generation
typedirected
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 104: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/104.jpg)
CPS conversionCPS conversion allows us to support first-classcontinuations and threads.
from ... get ... replaced with to ... go ... :
k (from server get e)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 105: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/105.jpg)
CPS conversionCPS conversion allows us to support first-classcontinuations and threads.
k (from server get e) put back = localhost ()
(to server go put ret = e (to back go k(ret)))becomes
from ... get ... replaced with to ... go ... :
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 106: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/106.jpg)
Type and world representationMarshaling uses type and world information atrun-time, so we must represent these as data.
α type, ω world, ... A @ w
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 107: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/107.jpg)
Type and world representationMarshaling uses type and world information atrun-time, so we must represent these as data.
α type, ω world, ... A @ w
α type, uα ~ α rep,ω world, uω ~ ω rep, ... A @ w
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 108: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/108.jpg)
Closure conversionClosure conversion explicitly constructs closuresso that we can label each piece of code.
This means abstracting over any free variables:
x : A @ w1, u ~ B C → D @ w2
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 109: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/109.jpg)
Closure conversionClosure conversion explicitly constructs closuresso that we can label each piece of code.
This means abstracting over any free variables:
x : A @ w1, u ~ B C → D @ w2
∙ (C × A w1 × B) → D @ w2
modalities internalize judgments
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 110: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/110.jpg)
Code generationFor each piece of closed code, we use its worldto decide what code we must generate for it.
@ server - generate bytecode
@ client - generate javascript
@ ω - generate both (polymorphic)
Typing guarantees that code @ server will onlyuse server resources.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 111: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/111.jpg)
RuntimeThe runtime system:
Web server delivers code, starts sessionRuns server code, database, etc.Marshaling and maintaining communicationThread scheduling, event handling
I'll mention these in the demo.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 112: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/112.jpg)
language andimplementation
applications endsolution:located programmingproblem
logic abstractcompilation
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 113: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/113.jpg)
ApplicationsBuilt realistic applications with ML5.
Evaluate its practicality, expressivenessDiscover performance bottlenecksMissing featuresFeedback of ideas into language, compiler
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 114: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/114.jpg)
Demo
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 115: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/115.jpg)
language andimplementation
solution:located programmingproblem
logic abstractcompilation
applications end
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 116: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/116.jpg)
ConclusionIn conclusion,
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 117: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/117.jpg)
ConclusionIn conclusion,
Modal type systems provide an elegant andpractical means for controlling local resourcesin spatially distributed computer programs.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 118: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/118.jpg)
ConclusionIn conclusion,
New programming language forspatially distributed computing.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 119: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/119.jpg)
ConclusionIn conclusion,
New programming language forspatially distributed computing.
Express locality of resources
Statically-typed, higher order programming
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 120: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/120.jpg)
ConclusionIn conclusion,
New programming language forspatially distributed computing.
Based on novel formulation of modal logic.
Express locality of resources
Statically-typed, higher order programming
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 121: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/121.jpg)
ConclusionIn conclusion,
New programming language forspatially distributed computing.
Based on novel formulation of modal logic.
Mechanized theory and usable implementation.
Express locality of resources
Statically-typed, higher order programming
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 122: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/122.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 123: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/123.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 124: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/124.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 125: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/125.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 126: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/126.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 127: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/127.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 128: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/128.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 129: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/129.jpg)
Dankon
Bonus topics: security
Thanks! Questions?
tierless
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 130: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/130.jpg)
SecuritySecurity is a difficult problem in the presence ofuncooperative participants: We have no realcontrol over what the client does with hisJavascript.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 131: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/131.jpg)
SecurityCompilation obscures some security issues.
let extern format : unit -> unit @ server val password = "my_cool_password" put input = js.prompt ("password?")in from server get if input = password then (\@1from client get js.alert ("Formatting..."); \>1format ()) else ()end
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 132: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/132.jpg)
SecurityCompilation obscures some security issues.
let extern format : unit -> unit @ server val password = "my_cool_password" put input = js.prompt ("password?")in from server get if input = password then (\@1from client get js.alert ("Formatting..."); \>1format ()) else ()end
Does client source contain "my_cool_password"?
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 133: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/133.jpg)
SecurityCompilation obscures some security issues.
let extern format : unit -> unit @ server val password = "my_cool_password" put input = js.prompt ("password?")in from server get if input = password then (\@1from client get js.alert ("Formatting..."); \>1format ()) else ()end
server entry point 2
server entry point 1
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 134: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/134.jpg)
SecurityTypes can help...
let extern format : unit -> unit @ server val password : string @ server = "my_cool_password" put input = js.prompt ("password?")in from server get if input = password then (\@1from client get js.alert ("Formatting..."); \>1format ()) else ()end
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 135: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/135.jpg)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 136: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/136.jpg)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 137: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/137.jpg)
Tierless programmingLinks programming language (Wadler et al.)
built-in notion of "client" and "server" (only)
marshaling can fail at runtimeHop (Serrano et al.)
based on scheme (just one type)no static checks
two gets, specialized to client/server
tied to function calls
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 138: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/138.jpg)
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 139: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/139.jpg)
ML5 or bustTwelf code, implementation, dissertation at
http://tom7.org/ml5/
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 140: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/140.jpg)
ML5 or bustTwelf code, implementation, dissertation at
http://tom7.org/ml5/
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 141: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/141.jpg)
ML5 or bustTwelf code, implementation, dissertation at
http://tom7.org/ml5/
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 142: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/142.jpg)
AddressesA host can compute its address with localhost.
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 143: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/143.jpg)
AddressesA host can compute its address with localhost.
Γ localhost() : w addr @ w
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 144: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/144.jpg)
AddressesA host can compute its address with localhost.
Γ localhost() : w addr @ w
For now assume we have two worlds clientand server and variables in context:
client : client addr @ serverserver : server addr @ client
prev next999/999 99:99Modal types for mobile code Tom Murphy VII
![Page 145: Modal Types for Mobile Codetom7/talks/defense.pdf · Tom Murphy VII Robert Harper (co-chair) Karl Crary (co-chair) Frank Pfenning Peter Sewell (Cambridge) thesis defense prev Modal](https://reader034.fdocuments.in/reader034/viewer/2022050403/5f80fe16f4198d1f4b5986f3/html5/thumbnails/145.jpg)
Addressesclient : client addr @ serverserver : server addr @ client
from server get (\@1db.update ("greeting", "hello"); \>1from client get \>1 js.alert "greeting updated!")
prev next999/999 99:99Modal types for mobile code Tom Murphy VII