When & Where: 12:30pm, Monday Feb 4, 2002, Room 400 AKW
Component software platforms, such as Microsoft's .NET Common Language Runtime (CLR), provide a secure virtual machine in which components developed independently can smoothly interoperate. CLR supports flexible interoperation by compiling various source languages into a common intermediate language and by using a unified type system. However, the type system in CLR (and Java VM) enforces only conventional type safety in an object-oriented system. Therefore, higher-level specifications (e.g., resource bounds, generalized access control, formal software protocols) cannot be enforced. Because conventional type systems are too inflexible for real applications, developers often bypass the type system, producing code that steps outside the managed part of the VM; such components cannot be verified.
At Yale we have been developing typed common intermediate languages (named FLINT) that can support safely not only the standard object-oriented model, but also higher-order generic (polymorphic) programming and Java-style reflection (introspection). Unlike CLR, our type system is independent of any particular programming model, yet it is capable of expressing all valid propositions and proofs in higher-order predicate logic (so it can be used to capture and verify advanced program properties). The rich type system of FLINT makes it possible to typecheck both compiler intermediate code and low level machine code; this allows typechecking to take place at any phase of compilation, even after optimizations and register allocation. It also leads to a smaller and more extensible VM because low-level native routines that would otherwise be in VM can now be verified and moved into a certified library. This talk describes our vision of the FLINT system, outline our approach to its design, and survey the technologies that can be brought to support its implementation.