Académique Documents
Professionnel Documents
Culture Documents
TFP 2007
Types provide static assurances
1
2
3
4
@RISK: The Consensus Security Vulnerability Alert
Vol. 6 No. 14
"A really bad week." That’s what the @RISK editor and
Tippingpoint vulnerability researcher, Rohit Dhamankar
wrote to us this morning. And the director of the Internet
Storm Center, Johannes Ullrich readily agreed. Why?
6
Video RAM example (Diatchki & Jones)
0xb8000 80
25
7
Video RAM example (Diatchki & Jones)
25 :: Nat
8
Video RAM example (Diatchki & Jones)
N25 :: *
instance Nat N25
8
Video RAM example (Diatchki & Jones)
Screen :: Area
Ref :: Area -> *
8
Video RAM example (Diatchki & Jones)
8
Video RAM example (Diatchki & Jones)
É :type videoRAM
ARef N8 (AtArea ScreenAbs ScreenT)
8
Video RAM example (Diatchki & Jones)
8
Video RAM example (Diatchki & Jones)
9
Video RAM example (Diatchki & Jones)
É :type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
É :type charAt
Ix N25 -> Ix N80 ->
ARef B1 (AtArea ScreenAbs AWord8)
9
Video RAM example (Diatchki & Jones)
É :type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
É :type charAt
Ix N25 -> Ix N80 ->
ARef B1 (AtArea ScreenAbs AWord8)
É :type (@@)
(INDEXABLE arr count base totalsize,
GCD al n z, SizeOf base n) =>
ARef al arr -> Ix count -> ARef z base
9
Types provide static assurances
10
Custom kinds and predicates as type classes
É :type (@@)
(INDEXABLE arr count base totalsize,
GCD al n z, SizeOf base n) =>
ARef al arr -> Ix count -> ARef z base
11
Custom kinds and predicates as type classes
É :type (@@)
(INDEXABLE arr count base totalsize,
GCD al n z, SizeOf base n) =>
ARef al arr -> Ix count -> ARef z base
11
Type computation using functional dependencies
É :type (@@)
(INDEXABLE arr count base totalsize,
GCD al n z, SizeOf base n) =>
ARef al arr -> Ix count -> ARef z base
11
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
12
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
É minBound :: Ix N8
Ix 0
12
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
É minBound :: Ix N8
Ix 0
É maxBound :: Ix N8
Ix 7
12
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
É minBound :: Ix N8
Ix 0
É maxBound :: Ix N8
Ix 7
É ixSucc (maxBound :: Ix N8)
IxPlus 8 :: IxPlus
12
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
É minBound :: Ix N8
Ix 0
É maxBound :: Ix N8
Ix 7
É ixSucc (maxBound :: Ix N8)
IxPlus 8 :: IxPlus
É ixPred (maxBound :: Ix N8)
IxMinus 6 :: IxMinus N8
12
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
É minBound :: Ix N8
Ix 0
É maxBound :: Ix N8
Ix 7
É ixSucc (maxBound :: Ix N8)
IxPlus 8 :: IxPlus
É ixPred (maxBound :: Ix N8)
IxMinus 6 :: IxMinus N8
É (minBound :: Ix N8) <<= ixPred (maxBound :: Ix N8)
Just (Ix 6) :: Maybe (Ix N8)
12
Types are static capabilities: kernel
:type attrAt
Ix N25 -> Ix N80 ->
ARef (U B1 B0) (AtArea ScreenAbs AWord8)
Capabilities guard access to resources.
É minBound :: Ix N8
Ix 0
É maxBound :: Ix N8
Ix 7
É ixSucc (maxBound :: Ix N8)
IxPlus 8 :: IxPlus
É ixPred (maxBound :: Ix N8)
IxMinus 6 :: IxMinus N8
É (minBound :: Ix N8) <<= ixPred (maxBound :: Ix N8)
Just (Ix 6) :: Maybe (Ix N8)
É (minBound :: Ix N8) <<= ixPred (minBound :: Ix N8)
Nothing :: Maybe (Ix N8)
12
Types are static capabilities: sandbox
13
Types are static capabilities: sandbox
13
Types are static capabilities: sandbox
14
Types are static capabilities: sandbox
14
Types are static capabilities: sandbox
14
Types are static capabilities: sandbox
14
Types are static capabilities: sandbox
14
Constraints over time
15
Constraints over time
15
Conclusion
16