We present a general framework for provably safe mobile code. It relies on a formal definition of a safety policy and explicit evidence for compliance with this policy which is attached to a binary. Concrete realizations of this framework are proof-carrying code (PCC), where the evidence for safety is a formal proof generated by a certifying compiler, and typed assembly language (TAL), where th...

There is substantial variation in the advice given to funeral workers on handling bodies with infection risk. Inconsistent advice results in inappropriate practice. A model code of practice is presented that uses risk assessment in response to statutory and executive responsibilities to provide health and safety advice to funeral workers. The code of practice should increase compliance with saf...

Dynamic trait replacement is a programming language feature for changing the objects’ behavior at runtime by replacing some of the objects’ methods. In previous work on dynamic trait replacement for JAVA-like languages, the object’s methods that may be replaced must correspond exactly to a named trait used in the object’s class definition. In this paper we propose the notion of replaceable: a p...

The term meta-programming language is used to describe languages that have some capability for manipulating code. A multi-stage language is a kind of meta-programming language that allows static typechecking of dynamically generated code. The expressiveness and type-safety of multi-stage languages have led to their success in many applications that require code generation. This paper presents t...

The “zipper” data type provides the ability for editing tree shaped data in a pure functional setting and has found many uses and applications. However the traditional zipper has two major limitations. First, requires a significant amount of boilerplate code to implement. Second, it can only operate on homogeneous data types. Data structures where there are multiple node types are beyond the ra...

Thirty years after its creation, C remains one of the most widely used systems programming languages. Unfortunately, the power of C has become a liability for large systems projects, which are now focusing on security and reliability. Modern languages and static analyses provide an opportunity to improve the quality of systems software, and yet adoption of these tools has been slow. To address ...

Subclassing is reuse of class definitions. It is usually tied to the use of class names, thus relying on the order in which the particular classes in a program are created. This is a burden, however, both when programming and in theoretical studies. This paper presents a structural notion of subclassing for typed languages. It is a direct abstraction of the Smalltalk interpreter and the separat...

Cryptic type error messages are a major obstacle to learning OCaml or other ML-based languages. In many cases, error messages cannot be interpreted without a sufficiently-precise model of the type inference algorithm. The problem of improving type error messages in ML has received quite a bit of attention over the past two decades, and many different strategies have been considered. The challen...

We present a simple parametric calculus of processes which exchange mobile code, where type safety is ensured by a combination of static and dynamic checks. That is, internal consistency of each process is locally verified before starting execution, by only relying on type assumptions on missing code; then, at execution time, when locally typechecked code is sent from a process to another, a ru...