Parametricity versus the universal type

There has long been speculation in the scientific literature on how to dynamically enforce parametricity such as that yielded by System F. Almost 20 years ago, Sumii and Pierce proposed a formal compiler from System F into the cryptographic lambda calculus: an untyped lambda calculus extended with an idealised model of encryption. They conjectured that this compiler was fully abstract, i.e. that compiled terms are contextually equivalent if and only if the original terms were, a property that can be seen as a form of secure compilation. The conjecture has received attention in several other publications since then, but remains open to this day. More recently, several researchers have been looking at gradually-typed languages that extend System F. In this setting it is natural to wonder whether embedding System F into these gradually-typed languages preserves contextual equivalence and thus parametricity. In this paper, we answer both questions negatively. We provide a concrete counterexample: two System F terms whose contextual equivalence is not preserved by the Sumii-Pierce compiler, nor the embedding into the polymorphic blame calculus. This counterexample relies on the absence in System F of what we call a universal type, i.e., a type that all other types can be injected into and extracted from. As the languages in which System F is compiled have a universal type, the compilation cannot be fully abstract; this paper explains why. We believe this paper thus sheds light on recent results in the field of gradually typed languages and it provides a perspective for further research into secure compilation of polymorphic languages.

[1]  Martín Abadi,et al.  Authentication primitives and their compilation , 2000, POPL '00.

[2]  Martín Abadi,et al.  Dynamic typing in a statically-typed language , 1989, POPL '89.

[3]  Benjamin C. Pierce,et al.  Towards a Fully Abstract Compiler Using Micro-Policies: Secure Compilation for Mutually Distrustful Components , 2015, ArXiv.

[4]  Robert Bruce Findler,et al.  Relationally-parametric polymorphic contracts , 2007, DLS '07.

[5]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[6]  Frank Piessens,et al.  Secure Compilation to Modern Processors , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[7]  J. Y. Girard,et al.  Interpretation fonctionelle et elimination des coupures dans l'aritmetique d'ordre superieur , 1972 .

[8]  Matthias Felleisen,et al.  Contracts for higher-order functions , 2002, ICFP '02.

[9]  Robert Bruce Findler,et al.  Operational semantics for multi-language programs , 2007, POPL '07.

[10]  Matthias Blume,et al.  Typed closure conversion preserves observational equivalence , 2008, ICFP.

[11]  Julian Rathke,et al.  Local Memory via Layout Randomization , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[12]  Martín Abadi,et al.  On Protection by Layout Randomization , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[13]  G.D. Plotkin,et al.  LCF Considered as a Programming Language , 1977, Theor. Comput. Sci..

[14]  Benjamin C. Pierce,et al.  Relating Cryptography and Polymorphism , 2000 .

[15]  Benjamin C. Pierce,et al.  Logical Relations for Encryption , 2001, J. Comput. Secur..

[16]  Peter G. Neumann,et al.  CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization , 2015, 2015 IEEE Symposium on Security and Privacy.

[17]  Joyce L. Vedral,et al.  Functional Programming Languages and Computer Architecture , 1989, Lecture Notes in Computer Science.

[18]  John C. Reynolds,et al.  Towards a theory of type structure , 1974, Symposium on Programming.

[19]  Michele Bugliesi,et al.  Secure implementations of typed channel abstractions , 2007, POPL '07.

[20]  Dominique Devriese,et al.  Modular, Fully-abstract Compilation by Approximate Back-translation , 2017, Log. Methods Comput. Sci..

[21]  Dominique Devriese,et al.  On Modular and Fully-Abstract Compilation , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[22]  Philip Wadler,et al.  Well-Typed Programs Can't Be Blamed , 2009, ESOP.

[23]  Derek Dreyer,et al.  State-dependent representation independence , 2009, POPL '09.

[24]  R. Statman A local translation of untyped [lambda] calculus into simply typed [lambda] calculus , 1991 .

[25]  Jeremy G. Siek,et al.  The gradualizer: a methodology and algorithm for generating gradual type systems , 2016, POPL.

[26]  John Tang Boyland,et al.  Refined Criteria for Gradual Typing , 2015, SNAPL.

[27]  Benjamin C. Pierce,et al.  Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[28]  Amal Ahmed,et al.  Parametric Polymorphism through Run-Time Sealing or, Theorems for Low, Low Prices! , 2008, ESOP.

[29]  Dominique Devriese,et al.  Fully-abstract compilation by approximate back-translation , 2016, POPL.

[30]  Marco Patrignani,et al.  A Secure Compiler for ML Modules , 2015, APLAS.

[31]  Philip Wadler,et al.  Blame for all , 2011, POPL '11.

[32]  Atsushi Igarashi,et al.  On polymorphic gradual typing , 2017, Proc. ACM Program. Lang..

[33]  James H. Morris Protection in programming languages , 1973, CACM.

[34]  Benjamin C. Pierce,et al.  A bisimulation for dynamic sealing , 2004, Theor. Comput. Sci..

[35]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[36]  Marco Patrignani,et al.  Secure Compilation to Protected Module Architectures , 2015, TOPL.

[37]  Philip Wadler,et al.  Theorems for free! , 1989, FPCA.

[38]  Jan Vitek,et al.  Is sound gradual typing dead? , 2016, POPL.

[39]  Jeremy G. Siek Gradual Typing for Functional Languages , 2006 .

[40]  Georg Neis,et al.  Non-parametric parametricity , 2011, J. Funct. Program..

[41]  Georg Neis,et al.  Non-parametric parametricity , 2009, ICFP.

[42]  Éric Tanter,et al.  Abstracting gradual typing , 2016, POPL.

[43]  Benjamin C. Pierce,et al.  Logical relation for encryption , 2003 .

[44]  Lars Birkedal,et al.  Logical Step-Indexed Logical Relations , 2009, 2009 24th Annual IEEE Symposium on Logic In Computer Science.

[45]  Gilles Dowek,et al.  Principles of programming languages , 1981, Prentice Hall International Series in Computer Science.

[46]  Philip Wadler,et al.  The Girard-Reynolds isomorphism (second edition) , 2007, Theor. Comput. Sci..

[47]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[48]  John Longley,et al.  Universal Types and What They are Good For , 2003 .

[49]  Martín Abadi,et al.  Secure Implementation of Channel Abstractions , 2002, Inf. Comput..

[50]  Marco Patrignani,et al.  Implementing a secure abstract machine , 2016, SAC.

[51]  Juan Chen,et al.  Fully abstract compilation to JavaScript , 2013, POPL.

[52]  Jeremy G. Siek,et al.  Supplement to : The key to blame : Gradual typing meets cryptography , 2016 .

[53]  Christopher Strachey,et al.  Fundamental Concepts in Programming Languages , 2000, High. Order Symb. Comput..

[54]  A. Ahmed,et al.  Theorems for Free for Free , 2017 .

[55]  Walid Taha,et al.  Gradual Typing for Objects , 2007, ECOOP.

[56]  Martín Abadi,et al.  Secure communications processing for distributed languages , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[57]  Robert Atkey,et al.  A relationally parametric model of dependent type theory , 2014, POPL.

[58]  James H. Morris,et al.  Types are not sets , 1973, POPL.