[bitc-dev] deeply immutable functions and Haskell's ST

Richard Uhtenwoldt ru at river.org
Thu Sep 1 08:33:51 EDT 2005

Mark Miller writes:

>Max has provided Cassie calculation logic she can use to calculate results 
>from secret inputs she determines, using a secret algorithm determined by Max. 
>Let's say Max would like to know what numbers Cassie feeds into his algorithm. 
>Holding only Cassie's code constant, is there some way we could rewrite Max's 
>code so that he could obtain this information? If there is not, this 
>demonstrates confinement in terms of Lampson's original scenario.

I'ld like clarification.

Cassie gets to choose a collection of types, values and
functions.  Let us call this collection @Toolbox at .  Perhaps
@Toolbox@ contains the if-then-else statement, for example.
@Toolbox@ is probably Turing-complete.  Max must build his
factory using only elements from @Toolbox at .  (Hmm: perhaps "box
of building materials" would have been a better name.)

The tricky part: Cassie must choose @Toolbox@ such that it is
impossible for Max to learn the inputs Cassie provides to Max's
factory or to any calculator made thereby even when Cassie knocks
herself out with furious use of said factory (or calculators made

Cassie may impose "formal constraints" on Max's factory.  An
example would be "the factory Max supplies must have type
(deeply-immutable 'a) for some type 'a".  Or "it must satisfy the
guard :Factory".  Of course, Cassie would then be obliged to
define this type or guard.

Is _that_ an accurate phrasing of the problem?

Second, does Bond or Q have any desire, need or right that is in
any way relevant to the problem I have set myself to solve,
namely, the same problem as Darius solved with his Consp code?

More information about the bitc-dev mailing list