CallƐ: an effect system for method calls

Effect systems are used to statically reason about the effects an expression may have when evaluated. In the literature, such effects include various behaviours as diverse as memory accesses and exception throwing. Here we present CallƐ, an object-oriented language that takes a flexible approach where effects are just method calls: this works well because ordinary methods often model things like I/O operations, access to global state, or primitive language operations such as thread creation. CallƐ supports both flexible and fine-grained control over such behaviour, in a way designed to minimise the complexity of annotations. CallƐ’s effect system can be used to prevent OO code from performing privileged operations, such as querying a database, modifying GUI widgets, exiting the program, or performing network communication. It can also be used to ensure determinism, by preventing methods from (indirectly) calling non-deterministic primitives like random number generation or file reading.

[1]  Ross Tate,et al.  Convenient Explicit Effects using Type Inference with Subeffects , 2010 .

[2]  Tijs van der Storm,et al.  JEff: objects for effect , 2018, Onward!.

[3]  David K. Gifford,et al.  Integrating functional and imperative programming , 1986, LFP '86.

[4]  Dominic A. Orchard,et al.  Embedding effect systems in Haskell , 2014, Haskell 2014.

[5]  Scott F. Smith,et al.  Static use-based object confinement , 2005, International Journal of Information Security.

[6]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[7]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[8]  Pierre Jouvelot,et al.  Separate Abstract Interpretation for Control-Flow Analysis , 1994, TACS.

[9]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[10]  James Noble,et al.  Generic ownership for generic Java , 2006, OOPSLA '06.

[11]  Gordon D. Plotkin,et al.  Handlers of Algebraic Effects , 2009, ESOP.

[12]  Mark S. Miller,et al.  Capability Myths Demolished , 2003 .

[13]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[14]  Ernst-Rüdiger Olderog,et al.  Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel) , 1999 .

[15]  Pierre Jouvelot,et al.  Effect systems with subtyping , 1995, PEPM '95.

[16]  Conor McBride,et al.  Do be do be do , 2017, POPL.

[17]  Daniel Marino,et al.  A generic type-and-effect system , 2009, TLDI '09.

[18]  Martin Odersky,et al.  Lightweight Polymorphic Effects , 2012, ECOOP.

[19]  Dominique Devriese,et al.  Reasoning about Object Capabilities with Logical Relations and Effect Parametricity , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[20]  Daan Leijen,et al.  Koka: Programming with Row Polymorphic Effect Types , 2014, MSFP.

[21]  Aaron Greenhouse,et al.  An Object-Oriented Effects System , 1999, ECOOP.

[22]  Dachuan Yu,et al.  Variance and Generalized Constraints for C# Generics , 2006, ECOOP.

[23]  Lindsay Groves,et al.  Capabilities: Effects for Free , 2018, ICFEM.

[24]  David A. Wagner,et al.  Joe-E: A Security-Oriented Subset of Java , 2010, NDSS.

[25]  Shin-ya Katsumata,et al.  Parametric effect monads and semantics of effect systems , 2014, POPL.

[26]  Mirko Viroli,et al.  Variant parametric types: A flexible subtyping scheme for generics , 2006, TOPL.

[27]  Scott Moore,et al.  Declarative Policies for Capability Control , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[28]  Pierre Jouvelot,et al.  Polymorphic type, region and effect inference , 1992, Journal of Functional Programming.

[29]  Jonathan Aldrich,et al.  A Capability-Based Module System for Authority Control , 2017, ECOOP.

[30]  Flemming Nielson,et al.  Type and Effect Systems , 1999, Correct System Design.

[31]  Michael D. Ernst,et al.  Java UI : Effects for Controlling UI Object Access , 2013, ECOOP.