Encapsulating objects with confined types

Object-oriented languages provide little support for encapsulating objects. Reference semantics allows objects to escape their defining scope, and the pervasive aliasing that ensues remains a major source of software defects. This paper presents Kacheck/J, a tool for inferring object encapsulation properties of large Java programs. Our goal is to develop practical tools to assist software engineers, thus we focus on simple and scalable techniques. Kacheck/J is able to infer confinement—the property that all instances of a given type are encapsulated in their defining package. This simple property can be used to identify accidental leaks of sensitive objects, as well as for compiler optimizations. We report on the analysis of a large body of code and discuss language support and refactoring for confinement.

[1]  Greg Nelson,et al.  Wrestling with rep exposure , 1998 .

[2]  Paulo Sérgio Almeida Type-checking Balloon Types , 1999, MFPS.

[3]  Jean H. Gallier,et al.  Linear-Time Algorithms for Testing the Satisfiability of Propositional Horn Formulae , 1984, J. Log. Program..

[4]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[5]  Christopher G. Lasater,et al.  Design Patterns , 2008, Wiley Encyclopedia of Computer Science and Engineering.

[6]  James Noble,et al.  Featherweight generic confinement , 2006, Journal of Functional Programming.

[7]  Boris Bokowski CoffeeStrainer: statically-checked constraints on the definition and use of types in Java , 1999, ESEC/FSE-7.

[8]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[9]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[10]  Stephan Herrmann,et al.  Object Teams: Improving Modularity for Crosscutting Collaborations , 2002, NetObjectDays.

[11]  Anindya Banerjee,et al.  Representation independence, confinement and access control [extended abstract] , 2002, POPL '02.

[12]  Vitaly Feldman,et al.  Sealed calls in Java packages , 2000, OOPSLA '00.

[13]  Escape Analysis for Java. Theory and Practice , 2003 .

[14]  Rainer Unland,et al.  Objects, Components, Architectures, Services, and Applications for a Networked World , 2003, Lecture Notes in Computer Science.

[15]  Tobias Wrigstad,et al.  External Uniqueness , 2003 .

[16]  Jan Vitek,et al.  Confined types in Java , 2001, Softw. Pract. Exp..

[17]  C Haythornwaite,et al.  Gamma, E., Helm, R., Johnson, R. & Vlissides, J. Design Patterns: Elements of Reusable Object Oriented Software. New York: Addison-Wesley, 1995. , 2002 .

[18]  Martin Fowler,et al.  Refactoring - Improving the Design of Existing Code , 1999, Addison Wesley object technology series.

[19]  Jan Vitek,et al.  Flexible Alias Protection , 1998, ECOOP.

[20]  Alain Deutsch,et al.  Semantic models and abstract interpretation techniques for inductive data structures and pointers , 1995, PEPM '95.

[21]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[22]  John Tang Boyland,et al.  Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only , 2001, ECOOP.

[23]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[24]  Bruno Blanchet,et al.  Escape analysis for JavaTM: Theory and practice , 2003, TOPL.

[25]  Ian Clarke,et al.  Protecting Free Expression Online with Freenet , 2002, IEEE Internet Comput..

[26]  Jan Vitek,et al.  Scoped types for real-time Java , 2004, 25th IEEE International Real-Time Systems Symposium.

[27]  David Gerard Clarke,et al.  Object ownership and containment , 2003 .

[28]  James Noble,et al.  Saving the world from bad beans: deployment-time confinement checking , 2003, OOPSLA 2003.

[29]  Urs Hölzle,et al.  Removing unnecessary synchronization in Java , 1999, OOPSLA '99.

[30]  BlanchetBruno Escape analysis for object-oriented languages , 1999 .

[31]  Stuart Kent,et al.  Encapsulation and Aggregation , 1995 .

[32]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..

[33]  Martin Trapp,et al.  An Approach to Improve Locality Using Sandwich Types , 1998, Types in Compilation.

[34]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[35]  Richard C. Holt,et al.  The Geneva convention on the treatment of object aliasing , 1992, OOPS.

[36]  James Noble,et al.  Saving the world from bad beans: deployment-time confinement checking , 2003, OOPSLA '03.

[37]  Scott F. Smith,et al.  Static use-based object confinement , 2005, International Journal of Information Security.

[38]  Jens Palsberg,et al.  Encapsulating objects with confined types , 2001, OOPSLA 2001.

[39]  Peter M Uller,et al.  Universes: a type system for controlling representation exposure , 1999 .

[40]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[41]  Cyril S. Ku,et al.  Design Patterns , 2008, Wiley Encyclopedia of Computer Science and Engineering.

[42]  Jens Palsberg,et al.  Type-based confinement , 2006, J. Funct. Program..

[43]  Martin C. Rinard,et al.  Ownership types for safe region-based memory management in real-time Java , 2003, PLDI '03.

[44]  Paulo Sérgio Almeida Balloon Types: Controlling Sharing of State in Data Types , 1997, ECOOP.

[45]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[46]  Jens Palsberg,et al.  Lightweight confinement for featherweight java , 2003, OOPSLA 2003.

[47]  Bruno Blanchet,et al.  Escape analysis for object-oriented languages: application to Java , 1999, OOPSLA '99.

[48]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[49]  Jan Vitek,et al.  Confined types , 1999, OOPSLA '99.