From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on yquem.inria.fr X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=AWL autolearn=disabled version=3.1.3 Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105]) by yquem.inria.fr (Postfix) with ESMTP id EEC68BBAF for ; Fri, 19 Sep 2008 15:55:43 +0200 (CEST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhMDABRM00jAXQImiGdsb2JhbACTLQEBAQ8gpXKBZQ X-IronPort-AV: E=Sophos;i="4.32,429,1217800800"; d="scan'208";a="29374332" Received: from discorde.inria.fr ([192.93.2.38]) by mail4-smtp-sop.national.inria.fr with ESMTP; 19 Sep 2008 15:55:43 +0200 Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by discorde.inria.fr (8.13.6/8.13.6) with ESMTP id m8JDtgfQ014896 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Fri, 19 Sep 2008 15:55:43 +0200 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhMDABRM00jCpx6wiGdsb2JhbACTLQEBAQ8gpXKBZQ X-IronPort-AV: E=Sophos;i="4.32,429,1217800800"; d="scan'208";a="15138975" Received: from smtpmin.univ-orleans.fr (HELO min.univ-orleans.fr) ([194.167.30.176]) by mail2-smtp-roc.national.inria.fr with ESMTP; 19 Sep 2008 15:55:42 +0200 Received: from smtps.univ-orleans.fr (localhost [127.0.0.1]) by min.univ-orleans.fr (Postfix) with ESMTP id E759812B48A; Fri, 19 Sep 2008 15:55:42 +0200 (CEST) Received: from [192.168.0.12] (ras75-4-82-235-58-110.fbx.proxad.net [82.235.58.110]) by smtps.univ-orleans.fr (Postfix) with ESMTP id B3C2C36E60; Fri, 19 Sep 2008 15:55:44 +0200 (CEST) Subject: Re: [Caml-list] Re: Keeping local types local? From: David Rajchenbach-Teller To: oleg@okmij.org Cc: caml-list@inria.fr In-Reply-To: <20080917080750.6625AAE54@Adric.metnet.fnmoc.navy.mil> References: <20080917080750.6625AAE54@Adric.metnet.fnmoc.navy.mil> Content-Type: text/plain Date: Fri, 19 Sep 2008 15:55:44 +0200 Message-Id: <1221832544.6290.30.camel@Blefuscu> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 Content-Transfer-Encoding: 7bit X-Miltered: at discorde with ID 48D3AF5F.000 by Joe's j-chkmail (http://j-chkmail . ensmp . fr)! X-Spam: no; 0.00; ens-lyon:01 oleg:01 summarize:01 monads:01 type-based:01 dependencies:01 dependencies:01 monads:01 univ-orleans:01 lifo:01 assurances:98 liquidations:98 wrote:01 caml-list:01 functions:01 On Wed, 2008-09-17 at 01:07 -0700, oleg@okmij.org wrote: > > So I'm looking for another way out. As far as both your examples and my > > experiments seem to indicate, the only way of escaping scope is to > > return a continuation which calls one of the protected functions and > > ignores the result. > > I'm afraid this is worse than it seems. Returning any closure (not > necessarily a continuation) can defeat the security. To summarize, the > security of the framework is defeated if You're right, I actually meant "closure" rather than "continuation". > I fully agree with your assessment of monads. I should remark that > type-based assurances work well for data dependencies, but not so for > control dependencies (that's why we need a so-called type-state). > Monads convert control dependency into data dependency. "Type-state"? I'm not familiar with the term although it sounds exactly like what I have in mind (and which I hoped to be able to emulate with OCaml-compatible dynamic scoping, i.e. implicit arguments). > You do know of FlowCaml, right? It doesn't seem to be actively > maintained though... Yes, FlowCaml is my plan C (plan A was monads). > Thanks, David > -- David Teller-Rajchenbach Security of Distributed Systems http://www.univ-orleans.fr/lifo/Members/David.Teller Angry researcher: French Universities need reforms, but the LRU act brings liquidations.