skip to main content
research-article

Access permission contracts for scripting languages

Published:25 January 2012Publication History
Skip Abstract Section

Abstract

The ideal software contract fully specifies the behavior of an operation. Often, in particular in the context of scripting languages, a full specification may be cumbersome to state and may not even be desired. In such cases, a partial specification, which describes selected aspects of the behavior, may be used to raise the confidence in an implementation of the operation to a reasonable level.

We propose a novel kind of contract for object-based languages that specifies the side effects of an operation with access permissions. An access permission contract uses sets of access paths to express read and write permissions for the properties of the objects accessible from the operation.

We specify a monitoring semantics for access permission contracts and implement this semantics in a contract system for JavaScript. We prove soundness and stability of violation under increasing aliasing for our semantics.

Applications of access permission contracts include enforcing modularity, test-driven development, program understanding, and regression testing. With respect to testing and understanding, we find that adding access permissions to contracts increases the effectiveness of error detection through contract monitoring by 6-13%.

Skip Supplemental Material Section

Supplemental Material

popl_2a_3.mp4

References

  1. P. Abercrombie and M. Karaorman. jContractor: Design by contract for Java. http://jcontractor.sourceforge.net/, 2003.Google ScholarGoogle Scholar
  2. A. Ahmed, R. B. Findler, J. G. Siek, and P. Wadler. Blame for all. In Proc. 38th ACM Symp. POPL, pages 201--214, Austin, USA, Jan. 2011. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Aldrich and C. Chambers. Ownership domains: Separating aliasing policy from mechanism. In M. Odersky, editor, 18th ECOOP, volume 3086 of LNCS, pages 1--25, Oslo, Norway, June 2004. Springer.Google ScholarGoogle Scholar
  4. M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# Programming System: An Overview. In CASSIS 2004: Construction and Analysis of Safe, Secure and Interoperable Smart devices, pages 49--69. Springer, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. K. Bierhoff and J. Aldrich. Modular typestate checking of aliased objects. In Proc. 22nd ACM Conf. OOPSLA, pages 301--320, Montreal, QC, CA, 2007. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. J. Boyland, J. Noble, and W. Retert. Capabilities for sharing: A generalisation of uniqueness and read-only. In J. L. Knudsen, editor, 15th ECOOP, volume 2072 of LNCS, pages 2--27, Budapest, Hungary, June 2001. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. A. DeMillo, R. J. Lipton, and F. G. Sayward. Hints on test data selection: Help for the practicing programmer. Computer, 11:34--41, April 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Deutsch. A storeless model of aliasing and its abstractions using finite representations of right-regular equivalence relations. In Proc. IEEE International Conference on Computer Languages 1992, pages 2--13, Oakland, CA, Apr. 1992. IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  9. T. D'Hondt, editor. 24th ECOOP, volume 6183 of LNCS, Maribor, Slovenia, 2010. Springer.Google ScholarGoogle Scholar
  10. W. Dietl and P. Müller. Universes: Lightweight ownership for JML. Journal of Object Technology (JOT), 4(8):5--32, Oct. 2005.Google ScholarGoogle Scholar
  11. ECMAScript Language Specification, Dec. 2009. ECMA International, ECMA-262, 5th edition.Google ScholarGoogle Scholar
  12. Eiffel: Analysis, design and programming language, June 2006. ECMA International, ECMA-367, 2nd edition.Google ScholarGoogle Scholar
  13. Ú. Erlingsson and F. B. Schneider. SASI enforcement of security policies: A retrospective. In Proceedings of the 1999 New Security Paradigms Workshop, Caledon Hills, Ontario, Canada, Sept. 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Fahndrich, M. Barnett, and F. Logozzo. Embedded contract languages. In S. Y. Shin, S. Ossowski, M. Schumacher, M. J. Palakal, and C.-C. Hung, editors, SAC, pages 2103--2110, Sierre, Switzerland, 2010. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. R. B. Findler and M. Felleisen. Contract soundness for object-oriented languages. In Proc. 16th ACM Conf. OOPSLA, pages 1--15, Tampa Bay, FL, USA, 2001. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. R. B. Findler and M. Felleisen. Contracts for higher-order functions. In S. Peyton-Jones, editor, Proc. ICFP 2002, pages 48--59, Pittsburgh, PA, USA, Oct. 2002. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. R. B. Findler, S. Guo, and A. Rogers. Lazy contract checking for immutable data structures. In O. Chitil, Z. Horváth, and V. Zsók, editors, Implementation and Application of Functional Languages, 19th International Workshop, IFL 2007, number 5083 in Lecture Notes in Computer Science, pages 111--128. Springer, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. Finifter, J. Weinberger, and A. Barth. Preventing Capability Leaks in Secure JavaScript Subsets. In Proceedings of Network and Distributed System Security Symposium, pages 375--388. Internet Society, 2010.Google ScholarGoogle Scholar
  19. D. Gifford and J. Lucassen. Integrating functional and imperative programming. In Proc. 1986 ACM Conf. on Lisp and Functional Programming, pages 28--38, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. google-caja: A source-to-source translator for securing JavaScript-based web content. http://code.google.com/p/google-caja/.Google ScholarGoogle Scholar
  21. M. Greenberg, B. C. Pierce, and S. Weirich. Contracts made manifest. In J. Palsberg, editor, Proc. 37th ACM Symp. POPL, pages 353--364, Madrid, Spain, Jan. 2010. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. A. Greenhouse and J. Boyland. An object-oriented effects system. In R. Guerraoui, editor, 13th ECOOP, volume 1628 of LNCS, pages 205--229, Lisbon, Portugal, June 1999. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of JavaScript. In D'Hondt ECOOP 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. P. Heidegger, A. Bieniusa, and P. Thiemann. Access permission contracts for scripting languages (extended version). Technical Report 264, Universitat Freiburg, July 2011. http://proglang.informatik.uni-freiburg.de/jscontest/.Google ScholarGoogle Scholar
  25. P. Heidegger and P. Thiemann. Contract-driven testing of JavaScript code. In Proceedings of the 48th International Conference on Objects, Models, Components, Patterns, TOOLS'10, pages 154--172, Malaga, Spain, June 2010. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. P. Heidegger and P. Thiemann. Recency types for analyzing scripting languages. In D'Hondt. ECOOP 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. R. Hinze, J. Jeuring, and A. Löh. Typed contracts for functional programming. In P. Wadler and M. Hagiya, editors, Proceedings of the 8th International Symposium on Functional and Logic Programming FLOPS 2006, pages 208--225, Fuji Susono, Japan, Apr. 2006. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. R. L. B. Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. A type and effect system for deterministic parallel Java. In S. Arora and G. T. Leavens, editors, Proc. 24th ACM Conf. OOPSLA, pages 97--116, Orlando, Florida, USA, 2009. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. R. Kramer. iContract -- the Java design by contract tool. In Proceedings of the Technology of Object-Oriented Languages and Systems, pages 295--307, Santa Barbara, CA, USA, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. P. Le Hégaret, R. Whitmer, and L. Wood. W3C document object model. http://www.w3.org/DOM/, Aug. 2003.Google ScholarGoogle Scholar
  31. G. T. Leavens, A. L. Baker, and C. Ruby. JML: A Notation for Detailed Design. In H. Kilov, B. Rumpe, and I. Simmonds, editors, Behavioral Specifications of Businesses and Systems, pages 175--188. Kluwer, 1999.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. H. Lehner and P. Müller. Efficient runtime assertion checking of assignable clauses with datagroups. In D. S. Rosenblum and G. Taentzer, editors, FASE, volume 6013 of Lecture Notes in Computer Science, pages 338--352. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Y. Lu and J. Potter. Protecting representation with effect encapsulation. In S. Peyton Jones, editor, Proc. 33rd ACM Symp. POPL, pages 359--371, New York, NY, USA, Jan. 2006. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. Maffeis, J. C. Mitchell, and A. Taly. Isolating JavaScript with filters, rewriting, and wrappers. In ESORICS'09: Proceedings of the 14th European Conference on Research in Computer Security, pages 505--522, Saint-Malo, France, 2009. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. B. Meyer. Applying "Design by Contract". IEEE Computer, 25(10):40--51, Oct. 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. B. Meyer. Object-Oriented Software Construction. Prentice-Hall, 2nd edition, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. L. A. Meyerovich and B. Livshits. ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser. In IEEE Symposium on Security and Privacy, May 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. P. Müller, A. Poetzsch-Heffter, and G. T. Leavens. Modular specification of frame properties in JML. Concurrency and Computation: Practice and Experience, 15(2):117--154, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  39. J. Noble, J. Vitek, and J. Potter. Flexible alias protection. In E. Jul, editor, ECOOP, volume 1445 of LNCS, pages 158--185, Brussels, Belgium, July 1998. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. BrowserShield: Vulnerability-driven filtering of dynamic HTML. ACM Trans. Web, 1(3):11, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. J. Smans, B. Jacobs, and F. Piessens. Implicit dynamic frames: Combining dynamic frames and separation logic. In S. Drossopoulou, editor, 23th ECOOP, volume 5653 of LNCS, pages 148--172, Genova, Italy, 2009. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. F. Spoto and E. Poll. Static Analysis of JML's assignable Clauses. International Workshop on Foundations of Object-Oriented Languages, Jan. 2003.Google ScholarGoogle Scholar
  43. J.-P. Talpin and P. Jouvelot. The type and effect discipline. Information and Computation, 111(2):245--296, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. P. Wadler and R. B. Findler. Well-typed programs can't be blamed. In G. Castagna, editor, Proc. 18th ESOP, volume 5502 of LNCS, pages 1--16, York, UK, Mar. 2009. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. D. N. Xu, S. Peyton Jones, and K. Claessen. Static contract checking for Haskell. In B. Pierce, editor, Proc. 36th ACM Symp. POPL, pages 41--52, Savannah, GA, USA, Jan. 2009. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. T. Zhao, J. Palsberg, and J. Vitek. Lightweight confinement for Featherweight Java. In Proc. 18th ACM Conf. OOPSLA, pages 135--148, Anaheim, CA, USA, 2003. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Access permission contracts for scripting languages

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                • Published in

                  cover image ACM SIGPLAN Notices
                  ACM SIGPLAN Notices  Volume 47, Issue 1
                  POPL '12
                  January 2012
                  569 pages
                  ISSN:0362-1340
                  EISSN:1558-1160
                  DOI:10.1145/2103621
                  Issue’s Table of Contents
                  • cover image ACM Conferences
                    POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
                    January 2012
                    602 pages
                    ISBN:9781450310833
                    DOI:10.1145/2103656

                  Copyright © 2012 ACM

                  Publisher

                  Association for Computing Machinery

                  New York, NY, United States

                  Publication History

                  • Published: 25 January 2012

                  Check for updates

                  Qualifiers

                  • research-article

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!