11## Primitive Effects
22
3+ > ** Note:** This page is slightly updated and pending a rewrite.
4+
35Flix comes with a collection of pre-defined primitive effects. Unlike algebraic
46and heap effects, primitive effects cannot be handled and never go out of scope.
57A primitive effect represents a side-effect that happens on the machine. It
@@ -25,75 +27,7 @@ is to say, once you have tainted yourself with impurity, you remain tainted.
2527
2628### The Other Primitive Effects
2729
28- > ** Note:** As of Flix 0.65.0 we are making changes to the primitive effects,
29- > hence the text below may be slightly outdated.
30-
31- In addition to the all-important ` IO ` effect, Flix has a small collection of
32- pre-defined primitive effects. The point of these primitive effects is to
33- provide more information about the specific actions a function can take. Except
34- for the ` NonDet ` effect, all of the effects below always come together with the ` IO `
35- effect.
36-
37- - ** Env** : The ` Env ` effect represents actions that involve access to
38- information about the environment, including information from the operating
39- system (e.g., the name of the current user, the current working directory, and
40- so on), as well as information about the hardware (e.g., the number of
41- processors in the machine, the total amount of memory, and so on).
42-
43- - ** Exec** : The ` Exec ` effect represents actions that involve process creation
44- (i.e., spawning new processes that run outside the JVM), including using
45- ` System.exec ` , the ` Process ` and ` ProcessBuilder ` classes, and dynamic library
46- loading.
47-
48- - ** FsRead** : The ` FsRead ` effect represents actions that read from the file
49- system &mdash ; for example, reading a file, reading its meta-data, or listing
50- the contents of a directory.
51-
52- - ** FsWrite** : The ` FsWrite ` effect represents actions that write to the file
53- system &mdash ; for example, creating a file, writing a file, or deleting a
54- file.
55-
56- - ** Net** : The ` Net ` effect represents actions that involve network access
57- &mdash ; for example, binding to a local port, connecting to a remote socket,
58- or DNS resolution.
59-
6030- ** NonDet** : The ` NonDet ` effect represents an almost pure computation. For
6131 example, a function that flips a coin is virtually pure; it has no
6232 side-effects. Yet, it may return different results, even when given the same
6333 arguments.
64-
65- - ** Sys** : The ` Sys ` effect represents actions that interact with the JVM
66- &mdash ; for example, using the ` Runtime ` and ` System ` classes, class loaders,
67- or reflection.
68-
69- All of the above effects, except for the ` NonDet ` effect, always occur together
70- with the ` IO ` effect. In particular, they capture a more precise aspect of the
71- ` IO ` effect. For example, from a security point-of-view, it seems reasonable
72- that a web server library should have the ` FsRead ` and ` Net ` work effects, but
73- it would be worrying if it had the ` FsWrite ` and ` Sys ` effects. As another
74- example, it seems reasonable that a logging library would have the ` FsWrite `
75- effect, but it would be a cause for concern if it also had the ` Exec ` and ` Net `
76- effects.
77-
78- The above effects represent dangerous actions except for ` IO ` , ` Env ` , and
79- ` NonDet ` , which are relatively harmless. ` Exec ` allows arbitrary process
80- execution, ` FsRead ` can be used to access sensitive data, ` FsWrite ` can be used
81- to trash the filesystem, ` Net ` can be used to exfiltrate data, and ` Sys ` via
82- reflection allows access to all of the previous. We should always be suspicious
83- if unknown or untrusted code uses any of these effects.
84-
85- The primitive effects are mostly disjoint, but not entirely. For example, we can
86- use the ` Exec ` effect to indirectly gain access to the file system. The ` FsRead `
87- effect may allow us to access a mounted network drive, a form of network access.
88- Ultimately, whether one effect can emulate another depends on what side channels
89- the underlying operating system allows. The point of the effect system is that
90- if a function does not have the ` FsWrite ` effect, it cannot write to the file
91- system using the ordinary file APIs available on the JVM.
92-
93- ### Where do Primitive Effects Come From?
94-
95- The Flix compiler ships with a built-in database that maps classes,
96- constructors, and methods in the Java Class Library to primitive effects. For
97- example, the database assigns the ` Exec ` effects to every constructor and method
98- in the ` java.lang.Process ` , ` java.lang.ProcessBuilder ` , and
99- ` java.lang.ProcessHandle ` classes.
0 commit comments