An Abstract Semantics for Inference of Types and Effects in a Multi-Tier Web Language

Types-and-effects are type systems, which allow one to express general semantic properties and to statically reason about program’s execution. They have been widely exploited to specify static analyses, for example to track computational side effects, exceptions and communications in concurrent programs. In this paper we adopt abstract interpretation techniques to reconstruct (following the Cousot’s methodology) a types-and-effects system developed to handle security problems of a multi-tier web language. Our reconstruction allows us to show that this types-and-effects system is not sound with respect to the semantics of the language. In addition, we correct the soundness issues in the analysis and systematically construct a correct analyser.

💡 Research Summary

The paper revisits the type‑and‑effect system originally proposed for the multi‑tier web language LINKS (and its core subset TINY LINKS) and shows that, despite its elegant formulation, the system is not sound with respect to the language’s operational semantics. The authors begin by recalling that type‑and‑effect systems enrich traditional type information with effect annotations (e.g., sets of events that must have occurred) and are widely used for static analyses such as side‑effect tracking, exception handling, and security verification. In the context of LINKS, which automatically partitions client, server, and database code, Baltopoulos and Gordon introduced a security‑oriented type‑and‑effect discipline that enforces “event‑based assertions” to guarantee confidentiality and integrity when data is transferred between tiers.

The paper’s first technical contribution is a concrete denotational semantics for TINY LINKS, modeled as an untyped λ‑calculus enriched with XML values, links (href), forms, and explicit event constructs. Values are interpreted in a domain Eval that includes integers, strings, XML tags, and special constructors for links and forms. Environments map identifiers to values, while an event environment maps predicates to a pair consisting of a value and a status flag (occurred, asserted, etc.). Semantic functions