Region-based memory management
Information and Computation
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Escape analysis for object-oriented languages: application to Java
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Declaring and checking non-null types in an object-oriented language
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
Separation and information hiding
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Semantic Foundations and Inference of Non-null Annotations
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Lightweight annotations for controlling sharing in concurrent data structures
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Hi-index | 0.00 |
Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an internal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to overriding by a malicious sub-class. Currently no language-based mechanism supports secure object cloning. This paper proposes a type-based annotation system for defining modular copy policies for class-based object-oriented programs. A copy policy specifies the maximally allowed sharing between an object and its clone. We present a static enforcement mechanism that will guarantee that all classes fulfill their copy policy, even in the presence of overriding of copy methods, and establish the semantic correctness of the overall approach in Coq. The mechanism has been implemented and experimentally evaluated on clone methods from several Java libraries.