A Tail-Recursive Semantics for Stack Inspections

Security folklore holds that a security mechanism based on stack inspection is incompatible with a global tail call optimization policy. An implementation of such a language may have to allocate memory for a source-code tail call, and a program that uses only tail calls (and no other memory-allocating construct) may nevertheless exhaust the available memory. In this paper, we prove this widely held belief wrong. We exhibit an abstract machine for a language with security stack inspection whose space consumption function is equivalent to that of the canonical tail call optimizing abstract machine. Our machine is surprisingly simple and suggests that tail-calls are as easy to implement in a security setting as they are in a conventional one.

[1]  Günter Karjoth An operational semantics of Java 2 access control , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[2]  Andrew W. Appel,et al.  SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[3]  Cédric Fournet,et al.  Stack inspection: Theory and variants , 2003, TOPL.

[4]  William D. Clinger Proper tail recursion and space efficiency , 1998, PLDI.

[5]  Nick Benton,et al.  Compiling standard ML to Java bytecodes , 1998, ICFP '98.

[6]  Matthew Flatt,et al.  PLT MzScheme: Language Manual , 2000 .

[7]  Guy L. Steele Debunking the “expensive procedure call” myth or, procedure call implementations considered harmful or, LAMBDA: The Ultimate GOTO , 1977, ACM '77.

[8]  Matthias Felleisen,et al.  Modeling an Algebraic Stepper , 2001, ESOP.

[9]  Harold Abelson,et al.  Revised5 report on the algorithmic language scheme , 1998, SIGP.

[10]  Scott F. Smith,et al.  Static enforcement of security with types , 2000, ICFP '00.

[11]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[12]  Don Box,et al.  Essential .NET: The Common Language Runtime , 2002 .

[13]  Jonathan Rees,et al.  Revised3 report on the algorithmic language scheme , 1986, SIGP.

[14]  Raymond Lo,et al.  Register promotion by sparse partial redundancy elimination of loads and stores , 1998, PLDI.

[15]  Scott F. Smith,et al.  A systematic approach to static access control , 2001, TOPL.

[16]  R. Kent Dybvig,et al.  Revised5 Report on the Algorithmic Language Scheme , 1986, SIGP.

[17]  Martin Odersky,et al.  Tail call elimination on the Java Virtual Machine , 2001, Electron. Notes Theor. Comput. Sci..