Re: abstraction power

• To: Jon Riecke <riecke@research.bell-labs.com>
• Subject: Re: abstraction power
• From: Shriram Krishnamurthi <shriram@cs.rice.edu>
• Date: Mon, 3 Jan 2000 10:36:05 -0600 (CST)
• Cc: types@cis.upenn.edu
• In-Reply-To: <200001020205.VAA22969@saul.cis.upenn.edu>
• References: <200001011544.KAA01910@localhost.localdomain> <200001020205.VAA22969@saul.cis.upenn.edu>
• Reply-To: shriram@cs.rice.edu

Jon Riecke wrote:

>					       The concept of
> "generativity" may be more fundamental than static type checking.

Matthias appealed to a paper in his response.  Here is the rough idea
behind that paper.

We use this power in the operating system layer [ICFP 1999] of our
Scheme implementation.  Because we have dynamic control over
generativity, we can create very fine-grained policies (enforced
dynamically, of course) to restrict access to values.  In the more
recent (unpublished) paper, we use it to allow embeddings of languages
into the OS to stipulate value interoperability.  A language's
run-time system can employ various visibility levels for values
computed by that language:

- everyone (by using standard Scheme representations),

- only units written in the same language (by using generativity once
  for that language),

- no other units (by using generativity once per unit), or

- other intermediate levels.

The enforcement of generativity provides, in turn, a platform for
implementing security policies.

There is, of course, a trade-off between this kind of dynamic power
and its amenability to static analyses.  But y'all know that.

'shriram

• Prev: RE: type safety
• Next: RE: type safety
• Index(es):
  • Main
  • Thread