Marco Servetto

Marco Servetto
Victoria University of Wellington · School of Engineering and Computer Science

Ph.D. Computer Science

About

49
Publications
3,248
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
218
Citations

Publications

Publications (49)
Article
Security-critical software applications contain confidential information which has to be protected from leaking to unauthorized systems. With language-based techniques, the confidentiality of applications can be enforced. Such techniques are for example type systems that enforce an information flow policy through typing rules. The precision of such...
Article
In type-and-coeffect systems , contexts are enriched by coeffects modeling how they are actually used, typically through annotations on single variables. Coeffects are computed bottom-up, combining, for each term, the coeffects of its subterms, through a fixed set of algebraic operators. We show that this principled approach can be adopted to track...
Preprint
Full-text available
In type-and-coeffect systems, contexts are enriched by coeffects modeling how they are actually used, typically through annotations on single variables. Coeffects are computed bottom-up, combining, for each term, the coeffects of its subterms, through a fixed set of algebraic operators. We show that this principled approach can be adopted to track...
Chapter
In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after construction. A drawback of these systems is that incomplete programs during construction cannot be checked properly. Th...
Article
In this paper we use pre-existing language support for both reference and object capabilities to enable sound runtime verification of representation invariants. Our invariant protocol is stricter than the other protocols, since it guarantees that invariants hold for all objects involved in execution. Any language already offering appropriate suppor...
Preprint
Full-text available
In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after construction. A drawback of these systems is that incomplete programs during construction cannot be checked properly. Th...
Presentation
I'm starting to make you tube videos presenting the L42 tutorial. Follow me on https://www.youtube.com/MarcoServetto Tutorial here: https://www.youtube.com/playlist?list=PLWsQqjANQic8c5wG3LfSe-mMiBKfOtBFJ
Preprint
Full-text available
We formally define an elegant multi-paradigm unification of Functional Reactive Programming, Actor Systems, and Object-Oriented Programming. This enables an intuitive form of declarative programming, harvesting the power of concurrency while maintaining safety. We use object and reference capabilities to highlight and tame imperative features: refe...
Conference Paper
Full-text available
Effect systems are used to statically reason about the effects an expression may have when evaluated. In the literature, such effects include various behaviours as diverse as memory accesses and exception throwing. Here we present CallƐ, an object-oriented language that takes a flexible approach where effects are just method calls: this works well...
Preprint
Full-text available
Multi-methods are a straightforward extension of traditional (single) dynamic dispatch, which is the core of most object oriented languages. With multi-methods, a method call will select an appropriate implementation based on the values of multiple arguments, and not just the first/receiver. Language support for both single and multiple dispatch is...
Article
Full-text available
Static verification relying on an automated theorem prover can be very slow and brittle: since static verification is undecidable, correct code may not pass a particular static verifier. In this work we use metaprogramming to generate code that is correct by construction. A theorem prover is used only to verify initial "traits": units of code that...
Preprint
Full-text available
Effect systems are used to statically reason about the effects an expression may have when evaluated. In the literature, such effects include various behaviours as diverse as memory accesses and exception throwing. Here we present CallE, an object-oriented language that takes a flexible approach where effects are just method calls: this works well...
Preprint
Full-text available
Traditionally, semantic models of imperative languages use an auxiliary structure which mimics memory. In this way, ownership and other encapsulation properties need to be reconstructed from the graph structure of such global memory. We present an alternative "syntactic" model where memory is encoded as part of the program rather than as a separate...
Article
Full-text available
Traditionally, semantic models of imperative languages use an auxiliary structure which mimics memory. In this way, ownership and other encapsulation properties need to be reconstructed from the graph structure of such global memory. We present an alternative "syntactic" model where memory is encoded as part of the program rather than as a separate...
Article
We present an imperative object calculus where types are annotated with qualifiers for aliasing and mutation control. There are two key novelties with respect to similar proposals. First, the type system is very expressive. Notably, it adopts the recovery approach, that is, using the type context to justify strengthening types, greatly improving it...
Preprint
Full-text available
In this paper we use pre existing language support for type modifiers and object capabilities to enable a system for sound runtime verification of invariants. Our system guarantees that class invariants hold for all objects involved in execution. Invariants are specified simply as methods whose execution is statically guaranteed to be deterministic...
Preprint
Full-text available
Metaprogramming is often used to programmatically generate faster specialised code when some parameters are known in advance. To use metaprogramming and SV together, we could generate code containing contracts, and such code could be checked after metaprogramming has been completed. SV could then be applied to the code resulting from the metaprogra...
Article
Full-text available
Context: Trait composition has inspired new research in the area of code reuse for object oriented (OO) languages. One of the main advantages of this kind of composition is that it makes possible to separate subtyping from subclassing; which is good for code-reuse, design and reasoning. However, handling of state within traits is difficult, verbose...
Preprint
Full-text available
Context: Trait composition has inspired new research in the area of code reuse for object oriented (OO) languages. One of the main advantages of this kind of composition is that it makes possible to separate subtyping from subclassing; which is good for code-reuse, design and reasoning. However, handling of state within traits is difficult, verbose...
Preprint
Full-text available
We present an imperative object calculus where types are annotated with qualifiers for aliasing and mutation control. There are two key novelties with respect to similar proposals. First, the type system is very expressive. Notably, it adopts the "recovery" approach, that is, using the type context to justify strengthening types, greatly improving...
Conference Paper
We present a type and effect system for expressing uniqueness and immutability properties in imperative languages. The distinguishing feature is that typechecking infers sharing possibly introduced by the evaluation of an expression. In this way, expressions get very expressive types: notably, uniqueness and immutability properties can be detected...
Article
Full-text available
We introduce a type and effect system, for an imperative object calculus, which infers "sharing" possibly introduced by the evaluation of an expression, represented as an equivalence relation among its free variables. This direct representation of sharing effects at the syntactic level allows us to express in a natural way, and to generalize, widel...
Preprint
We introduce a type and effect system, for an imperative object calculus, which infers "sharing" possibly introduced by the evaluation of an expression, represented as an equivalence relation among its free variables. This direct representation of sharing effects at the syntactic level allows us to express in a natural way, and to generalize, widel...
Conference Paper
We introduce a type and effect system, for an imperative object calculus, which infers sharing possibly introduced by the evaluation of an expression. Sharing is directly represented at the syntactic level as a relation among free variables, thanks to the fact that the calculus is pure. That is, imperative features are modeled by just rewriting sou...
Conference Paper
We outline a type and effect system which infers sharing possibly introduced by the evaluation of an expression. In this way, expressions get very expressive types, which generalize notions enforced in literature by type modifiers. Sharing is directly represented at the syntactic level as a relation among free variables, thanks to the fact that the...
Conference Paper
Full-text available
This paper presents an OO style without classes, which we call interface-based object-oriented programming (IB). IB is a natural extension of closely related ideas such as traits. Abstract state operations provide a new way to deal with state, which allows for flexibility not available in class-based languages. In IB state can be type-refined in su...
Article
This paper presents an OO style without classes, which we call interface-based object-oriented programming (IB). IB is a natural extension of closely related ideas such as traits. Abstract state operations provide a new way to deal with state, which allows for flexibility not available in class-based languages. In IB state can be type-refined in su...
Conference Paper
We propose an alternative to the usual try-catch construct, where catch clauses are coupled with the declaration of a local variable, rather than with an arbitrary expression. That is, in case initialization of the local variable fails, they provide an alternative computation which does not depend on such variable. This alternative mechanism subsum...
Conference Paper
In this extended abstract we propose to enhance declaration of local variables with a catching mechanism. This provides a more powerful and methodologically more appropriate mechanism of catching exceptions than the usual try/catch construct. The advantages are highlighted by presenting some paradigmatic examples. The proposal is formalized as an e...
Article
Full-text available
We present a simple calculus where imperative features are modeled by just rewriting source code terms, rather than by modifying an auxiliary structure which mimics physical memory. Formally, this is achieved by the block construct, introducing local variable declarations, which also plays the role of store when such declarations have been evaluate...
Conference Paper
We present an imperative object calculus where types are annotated with two modifiers for aliasing control. The \({\mathtt{lent}}\) modifier prevents objects to be aliased, whereas the \({\mathtt{capsule}}\) modifier characterizes expressions that will reduce to isolated portions of store. There are two key novelties w.r.t. similar proposals. First...
Conference Paper
Full-text available
Traditionally, formal semantic models of Java-like languages use an explicit model of the store which mimics pointers and ram. These low level models hamper understanding of the semantics, and development of proofs about ownerships and other encapsulation properties, since the real (graph) structure of the data is obscured by the encoding. Such mod...
Conference Paper
Programmers often need to initialise circular structures of objects. Initialisation should be safe (so that programs can never suffer null pointer exceptions or otherwise observe uninitialised values) and modular (so that each part of the circular structure can be written and compiled separately). Unfortunately, existing languages do not support mo...
Conference Paper
We present a new Java-like language design coupling disciplined meta-programming features with a composition language. That is, programmers can write meta expressions that combine class definitions, on top of a small set of composition operators, inspired by the seminal Bracha's Jigsaw framework. Moreover, such operators are deep, that is, they all...
Conference Paper
Safe parallelisation of object-oriented programs requires static guarantees about the shape and/or intended usage of reachable objects. For example, transitively immutable objects lend themselves naturally to concurrent access. However, parallelising tasks which potentially mutate reachable objects is more challenging. One approach to avoiding race...
Article
Full-text available
Automatically detecting when it is safe to execute program expres-sions in parallel is hard. In this paper we take a step towards this ul-timate goal by extending the original Almeida's [1] balloons system with immutability and we utilise this information to figure out when the execution order of some expressions does not influence the re-sult. Our...
Article
We present FJig, a simple calculus where basic building blocks are classes in the style of Featherweight Java, declaring fields, methods and one constructor. However, inheritance has been generalized to the much more flexible notion originally proposed in Brachaʼs Jigsaw framework. That is, classes play also the role of modules, that can be compose...
Article
Full-text available
We present a new language design coupling disciplined meta-programming features with a composition language, in the context of Java-like classes. That is, programmers can write meta-expressions that combine class definitions, on top of a small set of composition operators. This approach implies compile-time execution, as in template meta-programmin...
Article
Full-text available
"Exception-safety strong guarantee: The operation has either completed successfully or thrown an exception, leaving the program state exactly as it was before the operation started." David Abrahams [Abr00] The above definition of strong exception-safety comes from the world of C++, but it can be applied to any language. Because the exception-safety...
Conference Paper
Full-text available
We propose a Java-like language where class definitions are first class values and new classes can be derived from existing ones by exploiting the full power of the language itself, used on top of a small set of primitive composition operators, instead of using a fixed mechanism like inheritance. Hence, compilation requires to perform (meta-)reduct...
Article
Full-text available
We propose a formal framework for extending a class-based language, equipped with a given class composition mechanism, to allow programmers to define their own derived composition operators. These definitions can exploit the full expressive power of the underlying computational language.The extension is obtained by adding meta-expressions, that is,...
Conference Paper
Full-text available
We present FJig, a simple calculus where basic building blocks are classes in the style of Featherweight Java, declaring fields, methods and one constructor. However, inheritance has been generalized to the much more flexible notion originally proposed in Bracha’s Jigsaw framework. That is, classes play also the role of modules, that can be compose...
Article
Full-text available
Inheritance in object-oriented languages allows, roughly, to obtain the same effect one would get by duplicating the methods of the parent class in the heir. However, the key advantage is that source code duplication is avoided, and the code of the parent is, instead, found on demand, through a runtime procedure called method look-up. In other word...
Conference Paper
Full-text available
"Exception-safety strong guarantee: The operation has either completed successfully or thrown an exception, leaving the program state exactly as it was before the operation started." David Abrahams [1] The above definition of strong exception-safety comes from the world of C++, but it can be applied to any language. Because the exception-safety str...
Article
Full-text available
We present a new language design which smoothly integrates modular composition and nesting of Java-like classes. That is, inheritance has been replaced by an expressive set of composition operators, inspired by Bracha's Jigsaw framework, and these operators allow to manipulate (e.g., rename or duplicate) a nested class at any level of depth. Typing...
Article
Full-text available
The introduction of null references was my billion-dollar mis-take." Tony Hoare The above sentence remarks the well-known problem of null references. How-ever, to simply remove null from the language is too restrictive, since it would forbid any type of circular initialization pattern. In the years many approaches have tried to address the problem....

Network

Cited By