LtU Forum

New DSL for secueity

Hello,thought I’d share a new DSL by endgame life querying security logs :

It is meant to help reason about security events. Best illustrated in this example:

What files were created by non-system users, first ran as a non-system process, and later ran as a system-level process within an hour?

sequence with maxspan=1h
[file where event_subtype_full=="file_create_event" and user_name!="SYSTEM"] by
[process where user_name!="SYSTEM"] by process_path
[process where user_name=="SYSTEM"] by process_path

While I could easily see how this can be expressed as SQL instead and perhaps backends do do that, I think it helps analyst to think about logic rather than data.

I think that there is a lot of improvement that can be had in. languages that help reason about (time) series and it’s a welcome addition to the DSL family.

I have a problem with arguments passed as non-evaluated expressions

So, since I've learned about Kernel I was very excited: the idea of explicit evaluation seemed like a very cool idea, giving much more power to the programmer in comparison to the standard "pass evaluated arguments" strategy (1: this statement can be argued upon; 2: there were numerous posts here at LtU and other blogs about potential drawbacks).
Then, I've learned about Io language, which also seems to embrace the idea - when caller sends a message to a target, passed arguments are passed as expressions, not values, giving the full range of custom "control" messages, macros, etc.
This is when it hit me - although the idea sounds very cool, there is something wrong with it. Most likely my mind is stuck in an endless loop of dubious reasoning that I can't get out of, so, hopefully, someone can clarify my concerns.
Let us break down an example, where in some context we have:

a := Number(1) ;ignore how these two lines are actually executed
b := Number(3) ;whats important that the context has two number objects bound to symbols "a" and "b"
someAdderPrimitiveObject pleaseDoAddtheseNumbers(a, b) toString print

so, the caller context asks someAdderPrimitiveObject to add numbers a and b, and the arguments are just passed as "a" and "b" symbols. no problem here, as far as we concerned, because that same "someAdderPrimitive" object can ask the caller to send actual values back.
let's say we had defined the "pleaseDoAddtheseNumbers" something as

someAdderPrimitiveObject pleaseDoAddtheseNumbers := method(x, y, [body, whatever that is])

so, when the "pleaseDoAddtheseNumbers" method is invoked, the "a" and "b" symbols are bound in the environment of the "pleaseDoAddtheseNumbers" method's activation record to "x" and "y" symbols.
The method body would try and do something like this:

valx := caller pleaseEvaluateForMe(x)
valy := caller pleaseEvaluateForMe(y)
[do something with these values, whatever]

This is where it gets problematic for me. The callee (activation record of the "pleaseDoAddtheseNumbers" method) asks the caller (the original message sender) back for a value of its argument (which is bound to a locally known symbol "x") and in order to avoid infinite recursion of ping-pong of messages like "evaluate this for me", the callee *has* to pass the *value* of its own symbol "x" (bound to value, which is symbol "a") back to a caller, to ask it for a value (in this case: some boxed object-number 1).

So far as I've seen the problem is solved on an interpreter level, where this kind of thing is handled "behind the scenes".
Does that mean that the system that never evaluates passed arguments cannot implement itself, because at some point you *have* to pass values, in order for them to be operated upon?

Sorry if this is a mess, I hope someone undestands it :)

C++ fun

error: value of type 'std::__1::__map_const_iterator<std::__1::__tree_const_iterator<std::__1::__value_type<float, TStrongObjectPtr<UObject> >, std::__1::__tree_node<std::__1::__value_type<float, TStrongObjectPtr<UObject> >, void *> *, long> >' is not contextually convertible to 'bool'

Proof system for learning basic algebra

I've written a system for learning basic algebra which has you solve problems by clicking on the rules of basic algebra (commutativity, associativity, etc.). It is impossible to make mistakes because the machine checks things like correct handling of division by zero. Each step is justified, so each solution serves as a formal proof. Right now it handles algebra up to quadratic equations and simultaneous equations.

It is intended to be a computer proof system anyone can learn. The style of mathematics presented mimics equation solving on a blackboard, so it should be familiar to everyone.

Type Bombs

People like blowing stuff up, explosions are great! I started wondering about type bombs, small expressions which have large type terms. Is there anything known about that, in particular for Haskell/ML since these are popular?

The small bomb I know of employs 'dup' and is relatively well known. I.e., take `dup`

dup x = (x,x)

The repeated application gives back a type term which grows exponentially in the size of the expression.

(dup . dup . dup . dup . dup) 0

(It depends on the type checker, of course, whether the type actually is represented exponentially.)

You can lift `dup` further but can you grow faster? I tried `let t = (\f -> f . f) in let d = (\x -> (x,x)) in (t.t.t.t) d 0` which doesn't type check in ghci as a first order approximation. But I thought I would ask you, people.

What is the fastest growing type term you can come up with? Or what term will keep a type checker really, really busy?

The Heron Programming Language

I wanted to share some progress on a new functional statically typed language, called Heron, that I have been working on. There is a demo of some 3D at

Some of you might remember earlier projects that I posted many years ago also called Heron, but this language is quite a departure from earlier work. This new language is designed for numerical and array processing (e.g. 3D and 2D graphics). I'm very interested in any and all feedback. I'm also looking for opportunities for collaborations.

Thanks in advance!

terminology for scope of discourse, i.e. CS-domain

I noticed a lack of good terminology to discuss mixed content intended for different uses -- or merely for alternate focus -- depending on 1) what sort of tool might work with it, or 2) what kind of activity or analysis is in scope. The idea I want means something like "asset class" but is also covered by "domain" in its general sense, except many people accept only one sense of a word upon first hearing. (Insert a comedy dialog here: a physicist mentions a magnetic domain in an iron object, only to be blind-sided by a troll who explains internet domains do not apply in that context.)

Typically people put different asset classes in different files, and say "this file's content is for that tool", but never talk about what they have in common besides that they are "files". Some tools might want to perform cross-domain analysis, or code generation. But it's hard to describe without enumerating "now we do X" and "now we do Y"; and the relation of X and Y is idiosyncratic and specific, rather than being generally alternate asset class domains.

The term "aspect" in aspect-oriented-computing is related, except no one will know what you mean if you use aspect as a synonym for domain. If you take content from different asset class domains, and mix them together in one file (with related things near each other for easier reference), with each one scoped suitably via syntax of some kind, there isn't a good word that denotes what is inside each scope. In one you have "stuff about X", and in another you have "stuff about Y", but stuff is pretty vague. You can put them in different logical files in an archive, but a problem of crummy terminology remains.

For example, suppose in one scope you have a bunch of code that "does task X", and in another scope you put a description of sequence diagrams that ought to result from that, so a tool can generate test code or perform analysis for verification. (A typical reason to do this might be that one asset is an emergent result of another asset class, and very hard to see unless explicitly described.) In a more general case, you might want to characterize what several sorts of program are doing in a larger system.

What I'm looking for is terminology about the semantics of expressing different things, perhaps in different languages, and making statements or queries about their relationships in space, time, or causal interactions. (The obvious response is "don't do that"; in a comedy dialog, one party can ask "why do you want to do that?" while pushing either focus on X or focus on Y, with no concern about how they relate -- it's someone else's problem.) Probably each domain has its own type system, but that doesn't seem very helpful here.

Expressions of Change

I have been working on a project called "Expressions of Change"; I thought the audience of Lambda the Ultimate might find it interesting.

The aim of the project is to improve the tools for constructing ever-changing computer programs by putting the changes themselves central in the programming experience. That is: reify changes, and use those reified changes as the main interface across the programming toolchain. Because the project rejects the history-less file as a basic building block, a first implementation step is to build the prototype of an editor that constructs such primitives of change instead.

More information may be found on the website. The best summary of the present status is probably in the form of the videos of presentations that may be found there. A paper discussing some of the first steps may be found there as well.

I'd love to answer any questions you might have, either on the website in the form of comments or on the present forum.

Popr Tutorial: Dot Machines

I have been working on a series of tutorial articles for my language, Popr.

For the first article, I designed a notation to present the semantics of the language in a way that I hope is easy to understand, and yet similar to how it is implemented in the compiler.

Concatenative languages, such as Popr, can be very terse. While this conciseness can make code both easier to read and to write, it can also make the same tasks difficult for those without a good understanding of the language. Furthermore, without the right semantic model, it is possible to develop a false understanding of the language that works for simple programs while leaving other programs as a mystery.

For this reason, I have developed a graphical notation for Popr that, while impractical for larger programs, can help develop an intuition for how the language works. In this notation, we will build machines that consume and produce dots.

Egel Language v0.0.2

I wrote a little toy language you now can read an introduction to. I fully blame LtU for getting me interested in hacking around languages so don't laugh, it's embarrassing enough as it is. You can try a small Conway's Game of Life example on TIO.

Anyway, just a short heads up. It's a small language based on untyped eager combinatorial rewriting of a DAG in C++, which isn't too fast.

You're all invited to break the thing, I am at version 0.0.2 and I want to get rid of possible bugs so your expertise can matter.

Anyway, leave your comment here. Preferably, a nice one.

XML feed