Implementing a security typed variant of Scala - which method is best?

Hio there Scala folks, I'm actually writing my master thesis and I have to implement a security typed language in Scala. So this means I have to add annotations to specify the special permissions levels for the variables and other programming constructs in Scala. The idea to add this comes from Jif (a real security typed language http://www.cs.cornell.edu/jif/) and FlowCaml (http://www.normalesup.org/~simonet/soft/flowcaml/). I still have to check how this languages add their security extensions.

I talked to my advisor and he suggested three possibilities how I can implement this feature in Scala:

1. source-to-source compiler (I don't think this is the best solution to write the things from the scratch because I w开发者_Python百科ill be busy with the parser and semantic and out of own experience I know that I don't have quite enough time to work on the main stuff)
2. type-checker plugin (I haven't wrote a plugin for compiler and think this just won't work on further versions of Scala because the compiler is still under development)
3. build a library in Scala (syntax are here simply free, so I can easily build something like this in a language I want => think this is like inventing a DSL and I believe that this is the best solution)

If you have another idea how to implement please let me know and if you have pros and cons for the methods mentioned above please let me know. I'm convinced that I will learn after this project of to program with pleasure in Scala (I'm familiar with Java and Ruby).

Greetings

Matthias Guenther

This is definitely a job for a compiler plugin: writing a plugin which allows annotations to further refine the possible subtype relationships is fairly straightforward, at least in simple cases.

You can be reasonably confident that the compiler plugin API will remain stable for the lifetime of a masters thesis, and you should investigate scala.tools.nsc.symtab.AnnotationCheckers and google for example plugins which implement compile time checks for (non-)nullability (ie. T @NonNull <: T, but not T <: T@NonNull) which is structurally similar to the simplest non-trivial security typed scheme.

Wow, this is quite a sizable project!

I think the answer to your question depends on if you're looking for a sound language addition or if you just want something that may be circumvented by the programmer but still might be helpful. Since you mention Jif and FlowCaml I assume you want to go the sound way and provide guarantees for your language. Then I don't think there is much option but create your own language constructs on top of Scala and provide a new frontend for those.

I very much doubt that you can implement security as a library in the style of Peng Li and Steve Zdancewic or Alejandro Russo. The reason is that Scala can have side-effects everywhere and that pretty much ruins any security guarantees that you can try to enforce.

Good luck!