E (programming language)

Last updated

E
Paradigm Multi-paradigm: object-oriented, message passing
Designed by Mark S. Miller
First appeared1997;27 years ago (1997)
Typing discipline Strong, dynamic
OS Cross-platform
License Portions in different free licenses
Website erights.org
Major implementations
E-on-Java, E-on-CL
Influenced by
Joule, Original-E, Java
Influenced
Pony

E is an object-oriented programming language for secure distributed computing, created by Mark S. Miller, [1] Dan Bornstein, Douglas Crockford, [2] Chip Morningstar [3] and others at Electric Communities in 1997. E is mainly descended from the concurrent language Joule and from Original-E, a set of extensions to Java for secure distributed programming. E combines message-based computation with Java-like syntax. A concurrency model based on event loops and promises ensures that deadlock can never occur. [4]

Contents

Philosophy

The E language is designed for computer security and secure computing. This is performed mainly by strict adherence to the object-oriented computing model, which in its pure form, has properties that support secure computing. The E language and its standard library employ a capability-based design philosophy throughout in order to help programmers build secure software and to enable software components to co-operate even if they don't fully trust each other. In E, object references serve as capabilities, hence capabilities add no computational or conceptual overhead costs. The language syntax is designed to be easy for people to audit for security flaws. For example, lexical scoping limits the amount of code that must be examined for its effects on a given variable. As another example, the language uses the == operator for comparison and the := operator for assignment; to avoid the possibility of confusion, there is no = operator.

Computational model

In E, all values are objects and computation is performed by sending messages to objects. Each object belongs to a vat (analogous to a process). Each vat has a single thread of execution, a stack frame, and an event queue. Distributed programming is just a matter of sending messages to remote objects (objects in other vats). All communication with remote parties is encrypted by the E runtime. Arriving messages are placed into the vat's event queue; the vat's event loop processes the incoming messages one by one in order of arrival.

E has two ways to send messages: an immediate call and an eventual send. An immediate call is just like a typical function or method call in a non-concurrent language: a sender waits until a receiver finishes and returns a value. An eventual send sends a message while producing a placeholder for a result called a promise. A sender proceeds immediately with the promise. Later, when a receiver finishes and yields a result, the promise resolves to a result. Since only eventual sends are allowed when communicating with remote objects, deadlocks cannot happen. In distributed systems, the promise mechanism also minimizes delays caused by network latency.

Syntax and examples

E's syntax is most similar to Java, though it also bears some resemblance to Python and Pascal. Variables are dynamically typed and lexically scoped. Unlike Java or Python, however, E is composed entirely of expressions. Here is an extremely simple E program:

println("Hello, world!")

Here is a recursive function for computing the factorial of a number, written in E. Functions are defined using the def keyword.

deffactorial(n:int):int{if(n==1){return1}elseif(n>0){returnn*factorial(n-1)}else{throw("invalid argument to factorial: "+n)}}

In the first line, :int is a guard that constrains the argument and result of the function. A guard is not quite the same thing as a type declaration; guards are optional and can specify constraints. The first :int ensures that the body of the function will only have to handle an integer argument. Without the second :int above, the function would not be able to return a value. Being able to see up front that information escapes out of the function is helpful for security auditing.

Since E is intended to support secure co-operation, the canonical example for E programs is the mint, a simple electronic money system in just a few lines of E. The following code defines a function that makes mints, where each mint has its own currency. Each mint can make purses that hold its currency, and any holder of two purses of the same currency can securely transfer money between the purses. By quick examination of the source code, an E programmer can easily verify that only mints may change the amount of money in circulation, that money can only be created and not destroyed, that mints can only create money of their own currency, and that only the holder of a purse can change its balance.

defmakeMint(name):any{def[sealer,unsealer]:=makeBrandPair(name)defmint{tomakePurse(varbalance:(int>=0)):any{defdecr(amount:(0..balance)):void{balance-=amount}defpurse{togetBalance():int{returnbalance}tosprout():any{returnmint.makePurse(0)}togetDecr():any{returnsealer.seal(decr)}todeposit(amount:int,src):void{unsealer.unseal(src.getDecr())(amount)balance+=amount}}returnpurse}}returnmint}

Objects in E are defined with the def keyword, and within the object definition, the to keyword begins each method. The guard expressions in this example illustrate how to specify a value constraint (as in :(int >= 0) or :(0..balance)).

The mint example makes use of a built-in mechanism called a sealer. The function makeBrandPair creates two associated objects, a sealer and an unsealer, such that the sealer can seal an object in a box and the unsealer is the only object that can retrieve the contents of the box. See the E website for a more detailed explanation of this money example. [5]

See also

Related Research Articles

<span class="mw-page-title-main">JavaScript</span> High-level programming language

JavaScript, often abbreviated as JS, is a programming language and core technology of the Web, alongside HTML and CSS. 99% of websites use JavaScript on the client side for webpage behavior.

In programming language theory, lazy evaluation, or call-by-need, is an evaluation strategy which delays the evaluation of an expression until its value is needed and which also avoids repeated evaluations.

<span class="mw-page-title-main">Smalltalk</span> Object-oriented programming language released first in 1972

Smalltalk is a purely object oriented programming language (OOP) that was originally created in the 1970s for educational use, specifically for constructionist learning, but later found use in business. It was created at Xerox PARC by Learning Research Group (LRG) scientists, including Alan Kay, Dan Ingalls, Adele Goldberg, Ted Kaehler, Diana Merry, and Scott Wallace.

Templates are a feature of the C++ programming language that allows functions and classes to operate with generic types. This allows a function or class declaration to reference via a generic variable another different class without creating full declaration for each of these different classes.

OCaml is a general-purpose, high-level, multi-paradigm programming language which extends the Caml dialect of ML with object-oriented features. OCaml was created in 1996 by Xavier Leroy, Jérôme Vouillon, Damien Doligez, Didier Rémy, Ascánder Suárez, and others.

The bridge pattern is a design pattern used in software engineering that is meant to "decouple an abstraction from its implementation so that the two can vary independently", introduced by the Gang of Four. The bridge uses encapsulation, aggregation, and can use inheritance to separate responsibilities into different classes.

In software systems, encapsulation refers to the bundling of data with the mechanisms or methods that operate on the data. It may also refer to the limiting of direct access to some of that data, such as an object's components. Essentially, encapsulation prevents external code from being concerned with the internal workings of an object.

The Message Passing Interface (MPI) is a standardized and portable message-passing standard designed to function on parallel computing architectures. The MPI standard defines the syntax and semantics of library routines that are useful to a wide range of users writing portable message-passing programs in C, C++, and Fortran. There are several open-source MPI implementations, which fostered the development of a parallel software industry, and encouraged development of portable and scalable large-scale parallel applications.

A method in object-oriented programming (OOP) is a procedure associated with an object, and generally also a message. An object consists of state data and behavior; these compose an interface, which specifies how the object may be used. A method is a behavior of an object parametrized by a user.

<span class="mw-page-title-main">D (programming language)</span> Multi-paradigm system programming language

D, also known as dlang, is a multi-paradigm system programming language created by Walter Bright at Digital Mars and released in 2001. Andrei Alexandrescu joined the design and development effort in 2007. Though it originated as a re-engineering of C++, D is now a very different language. As it has developed, it has drawn inspiration from other high-level programming languages. Notably, it has been influenced by Java, Python, Ruby, C#, and Eiffel.

In computer programming, a callback is a function that is stored as data and designed to be called by another function – often back to the original abstraction layer.

In computer science, message passing is a technique for invoking behavior on a computer. The invoking program sends a message to a process and relies on that process and its supporting infrastructure to then select and run some appropriate code. Message passing differs from conventional programming where a process, subroutine, or function is directly invoked by name. Message passing is key to some models of concurrency and object-oriented programming.

In computer science, corecursion is a type of operation that is dual to recursion. Whereas recursion works analytically, starting on data further from a base case and breaking it down into smaller data and repeating until one reaches a base case, corecursion works synthetically, starting from a base case and building it up, iteratively producing data further removed from a base case. Put simply, corecursive algorithms use the data that they themselves produce, bit by bit, as they become available, and needed, to produce further bits of data. A similar but distinct concept is generative recursion, which may lack a definite "direction" inherent in corecursion and recursion.

In computer science, future, promise, delay, and deferred refer to constructs used for synchronizing program execution in some concurrent programming languages. They describe an object that acts as a proxy for a result that is initially unknown, usually because the computation of its value is not yet complete.

Concurrent computing is a form of computing in which several computations are executed concurrently—during overlapping time periods—instead of sequentially—with one completing before the next starts.

In a programming language, an evaluation strategy is a set of rules for evaluating expressions. The term is often used to refer to the more specific notion of a parameter-passing strategy that defines the kind of value that is passed to the function for each parameter and whether to evaluate the parameters of a function call, and if so in what order. The notion of reduction strategy is distinct, although some authors conflate the two terms and the definition of each term is not widely agreed upon.

<span class="mw-page-title-main">Scala (programming language)</span> General-purpose programming language

Scala is a strong statically typed high-level general-purpose programming language that supports both object-oriented programming and functional programming. Designed to be concise, many of Scala's design decisions are intended to address criticisms of Java.

this, self, and Me are keywords used in some computer programming languages to refer to the object, class, or other entity which the currently running code is a part of. The entity referred to thus depends on the execution context. Different programming languages use these keywords in slightly different ways. In languages where a keyword like "this" is mandatory, the keyword is the only way to access data and methods stored in the current object. Where optional, these keywords can disambiguate variables and functions with the same name.

In computing, compile-time function execution is the ability of a compiler, that would normally compile a function to machine code and execute it at run time, to execute the function at compile time. This is possible if the arguments to the function are known at compile time, and the function does not make any reference to or attempt to modify any global state.

Join-patterns provides a way to write concurrent, parallel and distributed computer programs by message passing. Compared to the use of threads and locks, this is a high level programming model using communication constructs model to abstract the complexity of concurrent environment and to allow scalability. Its focus is on the execution of a chord between messages atomically consumed from a group of channels.

References

  1. Handy, Alex (14 November 2016). "The future of software security". SD Times.
  2. Seibel, Peter (21 December 2009). Coders at Work: Reflections on the Craft of Programming. Apress. pp. 95–96. ISBN   9781430219491.
  3. "E's History". www.erights.org.
  4. Miller, Mark S.; Tribble, E. Dean; Shapiro, Jonathan (2005). "Concurrency Among Strangers" (PDF). Trustworthy Global Computing. Lecture Notes in Computer Science. 3705: 195–229. Bibcode:2005LNCS.3705..195M. doi:10.1007/11580850_12. ISBN   978-3-540-30007-6. Archived from the original (PDF) on 2022-03-31. Retrieved 2021-03-05.
  5. Rees, Jonathan; Miller, Mark (2001). "From Objects To Capabilities - Simple Money". erights.org. ERights. Retrieved 8 July 2014. Before presenting the following simple example of capability-based money, we must attempt to head off a confusion this example repeatedly causes. We are not proposing to actually do money this way! A desirable money system must also provide for...