Abstract
Object-oriented languages provide little support for encapsulating objects. Reference semantics allows objects to escape their defining scope, and the pervasive aliasing that ensues remains a major source of software defects. This paper presents Kacheck/J, a tool for inferring object encapsulation properties of large Java programs. Our goal is to develop practical tools to assist software engineers, thus we focus on simple and scalable techniques. Kacheck/J is able to infer confinement—the property that all instances of a given type are encapsulated in their defining package. This simple property can be used to identify accidental leaks of sensitive objects, as well as for compiler optimizations. We report on the analysis of a large body of code and discuss language support and refactoring for confinement.
- Aldrich, J., Kostadinov, V., and Chambers, C. 2002. Alias annotations for program understanding. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Appplications (OOPSLA), (Nov.). ACM, New York, 311--330. Google Scholar
Digital Library
- Almeida, P. S. 1997. Balloon types: Controlling sharing of state in data types. In ECOOP'97---Object-Oriented Programming, 11th European Conference (Jyväskylä, Finland, June 9--13). Lecture Notes in Computer Science, vol. 1241. Springer-Verlag, New York, 32--59.Google Scholar
- Almeida, P. S. 1999. Type-checking balloon types. Elect. Notes Theoret. Comput. Sci. 20.Google Scholar
- Banerjee, A. and Naumann, D. A. 2002. Representation independence, confinement and access control. In Proceedings of POPL'02, SIGPLAN--SIGACT Symposium on Principles of Programming Languages. 166--177. Google Scholar
Digital Library
- Barnett, M., DeLine, R., Fähndrich, M., Rustan, K., Leino, M., and Schulte, W. 2004. Verification of object-oriented programs with invariants. J. Obj. Tech. 3, 27--56. (Preliminary version in Proceedings of 5th Workshop on Formal Techniques for Java-like Programs, 2003).Google Scholar
Cross Ref
- Blanchet, B. 1999. Escape analysis for object oriented languages. application to Java. In OOPSLA'99 ACM Conference on Object-Oriented Systems, Languages and Applications (Denver, CO, Oct.). ACM SIGPLAN Notices 34, 10, ACM, New York, 35--46. Google Scholar
Digital Library
- Blanchet, B. 2003. Escape analysis for Java: Theory and practice. ACM Trans. Program. Lang. Syst. 25, 6, 713--775. Google Scholar
Digital Library
- Bogda, J. and Hölzle, U. 1999. Removing unnecessary synchronization in Java. In OOPSLA'99 ACM Conference on Object-Oriented Systems, Languages and Applications (Denver, CO. Oct.). ACM SIGPLAN Notices 34, 10. ACM, New York, 35--46. Google Scholar
Digital Library
- Bokowski, B. 1999. CoffeeStrainer: Statically-checked constraints on the definition and use of types in Java. In Proceedings of ESEC/FSE'99 (Toulouse, France, Sept). 355--374. Google Scholar
Digital Library
- Bokowski, B. and Vitek, J. 1999. Confined types. In Proceedings of the 14th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA'99) (Denver, CO., Nov.). ACM, New York, 82--96. Google Scholar
Digital Library
- Boyapati, C., Lee, R., and Rinard, M. 2002. Ownership types for safe programming: Preventing data races and deadlocks. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Appplications (OOPSLA), (Nov.), ACM New York, 211--230. Google Scholar
Digital Library
- Boyapati, C., Salcianu, A., Beebee, W., and Rinard, M. 2003. Ownership types for safe region-based memory management in real-time Java. In Proceedings of the ACM Conference on Programming Language Design and Implementation (June). ACM, New York, 324--337. Google Scholar
Digital Library
- Boyland, J. 2001. Alias burying: Unique variables without destructive reads. Softw.---Pract. Exper. 31, 6, 533--553. Google Scholar
Digital Library
- Boyland, J., Noble, J., and Retert, W. 2001. Capabilities for aliasing: A generalisation of uniqueness and read-only. In ECOOP'01---Object-Oriented Programming, 15th European Conference. Lecture Notes in Computer Science, vol. 2072. Springer Verlag, New York, 2--27. Google Scholar
Digital Library
- Clarke, D. 2001. Object ownership and containment. Ph.D. dissertation. School of Computer Science and Engineering, University of New South Wales, Sydney, Australia. Google Scholar
Digital Library
- Clarke, D., Richmond, M., and Noble, J. 2003. Saving the world from bad beans: Deployment-time confinement checking. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Appplications (OOPSLA) (Anaheim, CA, Nov.). ACM, New York, 374--387. Google Scholar
Digital Library
- Clarke, D. and Wrigstad, T. 2003. External uniqueness. In Proceedings of the 10th Workshop on Foundations of Object-Oriented Languages (FOOL), (New Orleans, LA, Jan.).Google Scholar
- Clarke, D. G., Potter, J. M. and Noble, J. 1998. Ownership types for flexible alias protection. In OOPSLA '98 Conference Proceedings. ACM SIGPLAN Notices 33, 10 (Oct.), 48--64. Google Scholar
Digital Library
- Clarke, I., Miller, S. G., Hong, T. W., Sandberg, O., and Wiley, B. 2002. Protecting free expression online with freenet. IEEE Internet Comput. 6, 1, 40--49. Google Scholar
Digital Library
- Clarke, I., Sandberg, O., Wiley, B., and Hong, T. W. 2000. Freenet: A distributed anonymous information storage and retrieval system. In Workshop on Design Issues in Anonymity and Unobservability. Lecture Notes in Computer Science, vol. 2009. Springer-Verlag, New York, 46--66. Google Scholar
Digital Library
- Detlefs, D., Leino, K., Leino, M., and Nelson, G. 1996. Wrestling with rep exposure. Tech. rep. Digital Equipment Corporation Systems Research Center.Google Scholar
- Deutsch, A. 1995. Semantic models and abstract interpretation techniques for inductive data structures and pointers. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (La Jolla, CA, June 21--23). ACM, New York, 226--229. Google Scholar
Digital Library
- Dowling, W. F. and Gallier, J. H. 1984. Linear-time algorithms for testing the satisfiability of propositional horn formulae. J. Logic Prog. 1, 3 (Oct.), 267--284.Google Scholar
Cross Ref
- Fowler, M., Beck, K., Brant, J., Opdyke, W., and Roberts, D. 1999. Refactoring: Improving the Design of Existing Code. Addison-Wesley. Google Scholar
Digital Library
- Gamma, E., Helm, R., Johnson, R. E., and Vlissides, J. 1994. Design Patterns. Addison-Wesley, Reading, MA.Google Scholar
- Genius, D., Trapp, M., and Zimmermann, W. 1998. An approach to improve locality using sandwich types. In Proceedings of the 2nd Types in Compilation Workshop, (Kyoto, Japan, Mar.). Lecture Notes in Computer Science, vol. 1473. Springer-Verlag, New York, 194--214. Google Scholar
Digital Library
- Herrmann, S. 2003. Object teams: Improving modularity for crosscutting collaborations. In Objects, Components, Architectures, Services, and Applications for a Networked World. Lecture Notes in Computer Science, Springer-Verlag, New York, 248--264. Google Scholar
Digital Library
- Hogg, J. 1991. Islands: Aliasing protection in object-oriented languages. In Proceedings of the OOPSLA '91 Conference on Object-Oriented Programming Systems, Languages and Applications, (Nov.), ACM, New York, 271--285 (Published as ACM SIGPLAN Notices, 26, 11). Google Scholar
Digital Library
- Hogg, J., Lea, D., Wills, A., de Champeaux, D., and Holt, R. 1992. The Geneva convention on the treatment of object aliasing. OOPS Messenger 3, 2, 271--285. Google Scholar
Digital Library
- Igarashi, A., Pierce, B. C. and Wadler, P. 2001. Featherweight Java: A minimal core calculus for Java and GJ. ACM Trans. Prog. Lang. Syst. 23, 3 (May), 396--450. Google Scholar
Digital Library
- Kent, S. and Maung, I. 1995. Encapsulation and aggregation. In Proceedings of TOOLS PACIFIC 95 (TOOLS 18), Prentice-Hall, Englewood Cliffs, NJ, 227--238.Google Scholar
- Müller, P. 2002. Modular specification and verification of object-oriented programs. Ph.D. dissertation. FernUniversität Hagen (Also in Lecture Notes in Computer Science, vol. 2262. Springer-Verlag, New York, 2002).Google Scholar
- Müller, P. and Poetzsch-Heffter, A. 1999. Universes: A type system for controlling representation exposure. In Programming Languages and Fundamentals of Programming, A. Poetzsch-Heffter and J. Meyer, Eds. Fernuniversität Hagen.Google Scholar
- Noble, J., Vitek, J., and Potter, J. 1998. Flexible alias protection. In ECOOP'98---Object-Oriented Programming, Eric Jul, Ed. Lecture Notes in Computer Science, vol. 1445. Springer-Verlag, New York, 158--185. Google Scholar
Digital Library
- Potanin, A., Noble, J., Clarke, D. and Biddle, R. 2004. Featherweight generic confinement. In Proceedings of the Workshop on Foundations of Object-Oriented Languages.Google Scholar
- Rustan, K., Leino, M., and Müller, P. 2004. Object invariants in dynamic contexts. In Proceedings of ECOOP'04, 16th European Conference on Object-Oriented Programming, 491--516.Google Scholar
- Skalka, C. and Smith, S. F. 2005. Static use-based object confinement. Int. J. Inf. Secur. 4, 1--2, 87--104 (Preliminary version in Proceedings of Foundations of Computer Security, volume 02-12 of DIKU technical reports 2002. 117--126).Google Scholar
Digital Library
- Sun Microsystems. 2000. Support for extensions and applications in the version 1.2 of the Java platform. http://java.sun.com/products/jdk/1.2/docs/guide/extensions/spec.html.Google Scholar
- Vitek, J. and Bokowski, B. 2001. Confined types in Java. Softw. Pract. Exper. 31, 6, 507--532. Google Scholar
Digital Library
- Zaks, A., Feldman, V., and Aizikowitz, N. 2000. Sealed calls in Java packages. In OOPSLA '2000 Conference Proceedings, ACM SIGPLAN Notices, 83--92. Google Scholar
Digital Library
- Zhao, T., Noble, J., and Vitek, J. 2004. Scoped types for real-time Java. In Proceedings of 25th IEEE Real-Time Systems Symposium. IEEE Computer Society Press, Los Alamitos, CA, 241--245. Google Scholar
Digital Library
- Zhao, T., Palsberg, J., and Vitek, J. 2006. Type-based confinement. J. Funct. Prog. 16, 1, 83--128. (Preliminary version, entitled “Lightweight confinement for Featherweight Java”. In Proceedings of OOPSLA'03, ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications, 135--148 (Anaheim, CA, Oct.). ACM, New York, 2003, 135--148. Google Scholar
Digital Library
Index Terms
Encapsulating objects with confined types
Recommendations
Encapsulating objects with confined types
Object-oriented languages provide little support for encapsulating objects. Reference semantics allows objects to escape their defining scope. The pervasive aliasing that ensues remains a major source of software defects. This paper introduces Kacheck/J ...
Encapsulating objects with confined types
OOPSLA '01: Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applicationsObject-oriented languages provide little support for encapsulating objects. Reference semantics allows objects to escape their defining scope. The pervasive aliasing that ensues remains a major source of software defects. This paper introduces Kacheck/J ...
Typestate-like analysis of multiple interacting objects
OOPSLA '08: Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applicationsThis paper presents a static analysis of typestate-like temporal specifications of groups of interacting objects, which are expressed using tracematches. Whereas typestate expresses a temporal specification of one object, a tracematch state may change ...






Comments