camoy · September 19, 2023 00:11
diff --git a/gistfile1.txt b/gistfile1.txt
 #lang effect/racket

 ;;
 ;; require
 ;;

 (unsafe-require "aux.rkt")

 ;;
 ;; 0 (introduction)
 ;;
 ;; * How did I get into effects? (flip)
 ;;   * Studying contracts for protocols across API surface.
 ;;     e.g. Unix I/O
 ;;     But also across time
 ;;     e.g. monotonicity
 ;;   * Need effects, in particular state.
 ;; * Related work for that paper found tons of other examples (flip)
 ;;   e.g. affine contracts (used in "gradual" typing) (flip)
 ;; * Found a bunch of other stuff (flip)
 ;; * Problems with this existing work from practical and theoretical perspective
 ;;     * Practical: High-level API and low-level API to Racket's contract system
 ;;       all of these require dropping down to the low level
 ;;     * Theoretical: Important property should satisfy: erasure. Must prove for
 ;;       each system on its own. (flip)
 ;; * Solution: A high-level contract form that (1) can express all these systems
 ;;   and (2) for which we can prove erasure.
 ;; * Yes. Need effect handlers.

 ;;
 ;; 1 (contracts)
 ;;

 #|
 (define prime-maker/c
  (-> (values prime? prime?)))

 (define key-maker/c
  (-> (values public-key? private-key?)))

 (define/contract rsa
  (-> prime-maker/c key-maker/c)
  unsafe-rsa)

 ;; OK
 ;; ((rsa (λ () (values 11 19))))

 ;; BAD
 ;; ((rsa (λ () (values 3 4))))
 |#

 ;;
 ;; 2 (main-effect handlers)
 ;;

 (effect random ())

 (define (random-service seed)
  (random-handler (seed->random-state seed)))

 (define (random-handler state)
  (handler
    [(random)
     (define state* (random-state-next state))
     (define number (random-state->number state))
     (with ((random-handler state*))
       (continue* number))]))

 (define (with-prng thk)
  (with ((random-service 42))
    (thk)))

 #|
 (with-prng
  (λ ()
    (list (random) (random) (random))))
 |#


 ;;
 ;; 3 (main-effect contracts)
 ;;

 #|
 (define prime-maker/c
  (and/c (-> (values prime? prime?))
         (->e random? (between/c 0 1))))

 (define key-maker/c
  (-> (values public-key? private-key?)))

 (define/contract rsa
  (-> prime-maker/c key-maker/c)
  unsafe-rsa)

 (define (random-prime)
  (define LOW 10000)
  (define HIGH 50000)
  (let go ()
    (define n (exact-ceiling (+ (* (random) (- HIGH LOW)) LOW)))
    (if (prime? n) n (go))))

 ;; OK
 ;; (with-prng
 ;;   (λ ()
 ;;     ((rsa (λ ()
 ;;             (define p (random-prime))
 ;;             (define q (random-prime))
 ;;             (values p q))))))

 ;; BAD
 ;; (with-prng
 ;;   (λ ()
 ;;     ((rsa (λ ()
 ;;             (define p (random-prime))
 ;;             (define q (random-prime))
 ;;             (displayln p)
 ;;             (values p q))))))
 |#

 ;;
 ;; 4 (contract-effect handlers)
 ;;

 #|
 (effect contract-box (default))
 (effect contract-box-get (box))
 (effect contract-box-set! (box val))

 (define (contract-box-service store)
  (contract-handler
   [(contract-box default)
    (define-values (new-box new-store)
      (store-allocate store default))
    (values new-box (contract-box-service new-store))]
   [(contract-box-get b)
    (values (store-ref store b) (contract-box-service store))]
   [(contract-box-set! b v)
    (values (void) (contract-box-service (store-set store b v)))]))

 ;;

 (with ((contract-box-service empty-store))
  (define prime-maker/c
    (self/c
     (λ _
       (define previous (contract-box #false))
       (define (fresh? n)
         (begin0
           (not (equal? n (contract-box-get previous)))
           (contract-box-set! previous n)))
       (and/c (-> (values prime? prime?))
              (->e random? (and/c fresh? (between/c 0 1)))))))

  (define key-maker/c
    (-> (values public-key? private-key?)))

  (define/contract rsa
    (-> prime-maker/c key-maker/c)
    unsafe-rsa)

  (define (random-prime)
    (define LOW 10000)
    (define HIGH 50000)
    (let go ()
      (define n (exact-ceiling (+ (* (random) (- HIGH LOW)) LOW)))
      (if (prime? n) n (go))))

  (define faulty-random-service
    (handler
     [(random) (continue 0.5)]))

  (define (with-faulty-prng thk)
    (with (faulty-random-service)
      (thk)))

  ;; OK
  ;; (with-prng
  ;;   (λ ()
  ;;     ((rsa (λ ()
  ;;             (define p (random-prime))
  ;;             (define q (random-prime))
  ;;             (values p q))))))

  ;; BAD
  ;; (with-faulty-prng
  ;;   (λ ()
  ;;     ((rsa (λ ()
  ;;             (define p (random-prime))
  ;;             (define q (random-prime))
  ;;             (values p q))))))
  )
 |#

 ;;
 ;; 5 (contract-handler contract)
 ;;

 #|
 (effect secure? ())

 (define (secure?-service b)
  (contract-handler
   [(secure?)
    (values b (secure?-service b))]))

 (define secure-random-service
  (handler
   [(random)
    (continue
     (exact->inexact
      (/ (integer-bytes->integer (crypto-random-bytes 8) #f)
         (integer-bytes->integer (make-bytes 8 255) #f))))]))

 (define/contract (with-secure-prng thk)
  (-> (contract-handler/c (secure?-service #t)) any)
  (with (secure-random-service)
    (thk)))

 (define/contract (with-prng thk)
  (-> (contract-handler/c (secure?-service #f)) any)
  (with ((random-service 42))
    (thk)))

 ;;

 (define (secure-context/c _)
  (secure?))

 (define prime-maker/c
  (and/c (-> (values prime? prime?))
         (->e (and/c random? secure-context/c)
              (between/c 0 1))))

 (define key-maker/c
  (-> (values public-key? private-key?)))

 (define/contract rsa
  (-> prime-maker/c key-maker/c)
  unsafe-rsa)

 (define (random-prime)
  (define LOW 10000)
  (define HIGH 50000)
  (let go ()
    (define n (exact-ceiling (+ (* (random) (- HIGH LOW)) LOW)))
    (if (prime? n) n (go))))

 ;; OK
 ;; (with-secure-prng
 ;;   (λ ()
 ;;     ((rsa (λ ()
 ;;             (define p (random-prime))
 ;;             (define q (random-prime))
 ;;             (values p q))))))

 ;; BAD
 ;; (with-prng
 ;;   (λ ()
 ;;     ((rsa (λ ()
 ;;             (define p (random-prime))
 ;;             (define q (random-prime))
 ;;             (values p q))))))
 |#
	#lang effect/racket

	;;
	;; require
	;;

	(unsafe-require "aux.rkt")

	;;
	;; 0 (introduction)
	;;
	;; * How did I get into effects? (flip)
	;; * Studying contracts for protocols across API surface.
	;; e.g. Unix I/O
	;; But also across time
	;; e.g. monotonicity
	;; * Need effects, in particular state.
	;; * Related work for that paper found tons of other examples (flip)
	;; e.g. affine contracts (used in "gradual" typing) (flip)
	;; * Found a bunch of other stuff (flip)
	;; * Problems with this existing work from practical and theoretical perspective
	;; * Practical: High-level API and low-level API to Racket's contract system
	;; all of these require dropping down to the low level
	;; * Theoretical: Important property should satisfy: erasure. Must prove for
	;; each system on its own. (flip)
	;; * Solution: A high-level contract form that (1) can express all these systems
	;; and (2) for which we can prove erasure.
	;; * Yes. Need effect handlers.

	;;
	;; 1 (contracts)
	;;

	#\|
	(define prime-maker/c
	(-> (values prime? prime?)))

	(define key-maker/c
	(-> (values public-key? private-key?)))

	(define/contract rsa
	(-> prime-maker/c key-maker/c)
	unsafe-rsa)

	;; OK
	;; ((rsa (λ () (values 11 19))))

	;; BAD
	;; ((rsa (λ () (values 3 4))))
	\|#

	;;
	;; 2 (main-effect handlers)
	;;

	(effect random ())

	(define (random-service seed)
	(random-handler (seed->random-state seed)))

	(define (random-handler state)
	(handler
	[(random)
	(define state* (random-state-next state))
	(define number (random-state->number state))
	(with ((random-handler state*))
	(continue* number))]))

	(define (with-prng thk)
	(with ((random-service 42))
	(thk)))

	#\|
	(with-prng
	(λ ()
	(list (random) (random) (random))))
	\|#


	;;
	;; 3 (main-effect contracts)
	;;

	#\|
	(define prime-maker/c
	(and/c (-> (values prime? prime?))
	(->e random? (between/c 0 1))))

	(define key-maker/c
	(-> (values public-key? private-key?)))

	(define/contract rsa
	(-> prime-maker/c key-maker/c)
	unsafe-rsa)

	(define (random-prime)
	(define LOW 10000)
	(define HIGH 50000)
	(let go ()
	(define n (exact-ceiling (+ (* (random) (- HIGH LOW)) LOW)))
	(if (prime? n) n (go))))

	;; OK
	;; (with-prng
	;; (λ ()
	;; ((rsa (λ ()
	;; (define p (random-prime))
	;; (define q (random-prime))
	;; (values p q))))))

	;; BAD
	;; (with-prng
	;; (λ ()
	;; ((rsa (λ ()
	;; (define p (random-prime))
	;; (define q (random-prime))
	;; (displayln p)
	;; (values p q))))))
	\|#

	;;
	;; 4 (contract-effect handlers)
	;;

	#\|
	(effect contract-box (default))
	(effect contract-box-get (box))
	(effect contract-box-set! (box val))

	(define (contract-box-service store)
	(contract-handler
	[(contract-box default)
	(define-values (new-box new-store)
	(store-allocate store default))
	(values new-box (contract-box-service new-store))]
	[(contract-box-get b)
	(values (store-ref store b) (contract-box-service store))]
	[(contract-box-set! b v)
	(values (void) (contract-box-service (store-set store b v)))]))

	;;

	(with ((contract-box-service empty-store))
	(define prime-maker/c
	(self/c
	(λ _
	(define previous (contract-box #false))
	(define (fresh? n)
	(begin0
	(not (equal? n (contract-box-get previous)))
	(contract-box-set! previous n)))
	(and/c (-> (values prime? prime?))
	(->e random? (and/c fresh? (between/c 0 1)))))))

	(define key-maker/c
	(-> (values public-key? private-key?)))

	(define/contract rsa
	(-> prime-maker/c key-maker/c)
	unsafe-rsa)

	(define (random-prime)
	(define LOW 10000)
	(define HIGH 50000)
	(let go ()
	(define n (exact-ceiling (+ (* (random) (- HIGH LOW)) LOW)))
	(if (prime? n) n (go))))

	(define faulty-random-service
	(handler
	[(random) (continue 0.5)]))

	(define (with-faulty-prng thk)
	(with (faulty-random-service)
	(thk)))

	;; OK
	;; (with-prng
	;; (λ ()
	;; ((rsa (λ ()
	;; (define p (random-prime))
	;; (define q (random-prime))
	;; (values p q))))))

	;; BAD
	;; (with-faulty-prng
	;; (λ ()
	;; ((rsa (λ ()
	;; (define p (random-prime))
	;; (define q (random-prime))
	;; (values p q))))))
	)
	\|#

	;;
	;; 5 (contract-handler contract)
	;;

	#\|
	(effect secure? ())

	(define (secure?-service b)
	(contract-handler
	[(secure?)
	(values b (secure?-service b))]))

	(define secure-random-service
	(handler
	[(random)
	(continue
	(exact->inexact
	(/ (integer-bytes->integer (crypto-random-bytes 8) #f)
	(integer-bytes->integer (make-bytes 8 255) #f))))]))

	(define/contract (with-secure-prng thk)
	(-> (contract-handler/c (secure?-service #t)) any)
	(with (secure-random-service)
	(thk)))

	(define/contract (with-prng thk)
	(-> (contract-handler/c (secure?-service #f)) any)
	(with ((random-service 42))
	(thk)))

	;;

	(define (secure-context/c _)
	(secure?))

	(define prime-maker/c
	(and/c (-> (values prime? prime?))
	(->e (and/c random? secure-context/c)
	(between/c 0 1))))

	(define key-maker/c
	(-> (values public-key? private-key?)))

	(define/contract rsa
	(-> prime-maker/c key-maker/c)
	unsafe-rsa)

	(define (random-prime)
	(define LOW 10000)
	(define HIGH 50000)
	(let go ()
	(define n (exact-ceiling (+ (* (random) (- HIGH LOW)) LOW)))
	(if (prime? n) n (go))))

	;; OK
	;; (with-secure-prng
	;; (λ ()
	;; ((rsa (λ ()
	;; (define p (random-prime))
	;; (define q (random-prime))
	;; (values p q))))))

	;; BAD
	;; (with-prng
	;; (λ ()
	;; ((rsa (λ ()
	;; (define p (random-prime))
	;; (define q (random-prime))
	;; (values p q))))))
	\|#