A fundamental problem in software-based security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a two-level linear-time temporal logic for specifying global security properties pertaining to the control-flow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, security-dedicated program model that only contains procedure call and run-time security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finite-state model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).

Adaptive programs compute with objects, just like object-oriented programs. Each task to be accomplished is specified by a so-called propagation pattern which traverses the receiver object. The object traversal is a recursive descent via the instance variables where information is collected or propagated along the way. A propagation pattern consists of 1) a name for the task, 2) a succinct specification of the parts of the receiver object that should be traversed, and 3) code fragments to be executed when specific object types are encountered. The propagation patterns need to be complemented by a class graph which defines the detailed object structure. The separation of structure and behavior yields a degree of flexibility and understandability not present in traditional object-oriented languages. For example, the class graph can be changed without changing the adaptive program at all. In this paper, we present an efficient implementation of adaptive programs. Given an adap...

Interpretation Bondorf's definition can be simplified considerably. To see why, consider the second component of CMap(E) \Theta CEnv(E). This component is updated only in Closure Analysis in Constraint Form \Delta 9 b(E 1 @ i E 2 )¯ae and read only in b(x l )¯ae. The key observation is that both these operations can be done on the first component instead. Thus, we can omit the use of CEnv(E). By rewriting Bondorf's definition according to this observation, we arrive at the following definition. As with Bondorf's definition, we assume that all labels are distinct. Definition 2.3.1. We define m : (E : ) ! CMap(E) ! CMap(E) m(x l )¯ = ¯ m( l x:E)¯ = (m(E)¯) t h[[ l ]] 7! flgi m(E 1 @ i E 2 )¯ = (m(E 1 )¯) t (m(E 2 )¯) t F l2¯(var(E1 )) (h[[ l ]] 7! ¯(var(E 2 ))i t h[[@ i ]] 7! ¯(var(body(l)))i) . We can now do closure analysis of E by computing fix(m(E)). A key question is: is the simpler abstract interpretation equivalent to Bondorf's? We might attempt to prove this u...

Unlimited copying without fee is permitted provided that the copies are not made nor distributed for direct commercial advantage, and credit to the source is given. Otherwise, no part of this work covered by copyright hereon may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an information retrieval system, without the prior written permission of the copyright owner. TRADEMARKS Sun, Sun Microsystems, and the Sun logo are trademarks or registered trademarks of Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. All SPARC trademarks, including the SCD Compliant Logo, are trademarks or registered trademarks of SPARC International, Inc. SPARCstation, SPARCserver, SPARCengine, SPARCworks, and SPARCompiler are licensed exclusively to Sun Microsystems, Inc. All other product names mentioned herein are the trademarks of their respective owners.

We study a language construct superimpose for methodcall interception (MCI). The construct enables a programmer to attach additional functionality to certain join points along the execution of specified method calls. This is done in a completely type-safe manner where the additional functionality shares its state with the registry location. We present the static and the dynamic semantics of MCI. We use a disciplined style of Natural semantics for an accessible specification of MCI. We organize the constructs in a design space so that we can add expressiveness to a simple objectoriented language core in a stepwise fashion. It is one simple extension to enable interactive MCI, that is, MCI code can interact with the objects involved in a method call. Another simple extension is to allow for collective MCI by using patterns for the calls to be intercepted.

We describe Vortex, an optimizing compiler intended to produce high-quality code for programs written in a heavily-object-oriented style. To achieve this end, Vortex includes a number of intra- and interprocedural static analyses that can exploit knowledge about the whole program being compiled, including intraprocedural class analysis, class hierarchy analysis, and exhaustive class testing, and profile-guided optimizations such as receiver class prediction and selective specialization. To make whole-program optimization practical, Vortex automatically tracks cross-file optimization dependencies at a fine granularity, triggering selective recompilation of affected compiled files whenever the source program changes. Empirical measurements of five purely object-oriented benchmark programs written in Cecil, ranging in size from several hundred to 75,000 lines of source code, indicate that these optimization techniques improve performance of large programs by more than a factor of three over a system with only intraprocedural static optimizations. Vortex is written in Cecil, and it has been used as its own compiler and optimizer during its development for the past two years. Vortex’s optimizations and implementation techniques should be useful for any language or program where optimizations to reduce the cost of polymorphism are important, including object-oriented languages (we are currently adding front-ends for C++, Modula-3, and Java to Vortex to study its effectiveness on these other language styles) and other highlevel symbolic, functional, and logic languages.

Abstract not found

In this dissertation, we show how a relatively simple and extremely fast interprocedural optimization algorithm can be used to optimize many of the expensive features of statically typed, object-oriented languages --- in particular, C++ and Java. We present a new program analysis algorithm, Rapid Type Analysis, and show that it is fast both in theory and in practice, and significantly out-performs other "fast" algorithms for virtual function call resolution. We present optimization algorithms for the resolution of virtual function calls, conversion of virtual inheritance to direct inheritance, elimination of dynamic casts and dynamic type checks, and removal of object synchronization. These algorithms are all presented within a common framework that allows them to be driven by the information collected by Rapid Type Analysis, or by some other type analysis algorithm. Collectively, the optimizations in this dissertation free the programmer from having to sacrifice modularity and extensibility for performance. Instead, the programmer can freely make use of the most powerful features of object-oriented programming, since the optimizer will remove unnecessary extensibility from the program.

Class libraries are generally designed with an emphasis on versatility and extensibility. Applications that use a library typically exercise only part of the library's functionality. As a result, objects created by the application may contain unused members. We present an algorithm that specializes a class hierarchy with respect to its usage in a program P . That is, the algorithm analyzes the member access patterns for P's variables, and creates distinct classes for variables that accessdifferent members. Class hierarchy specialization reduces object size,and is hence primarily a space optimization. However, execution time may also be reduced through reduced object creation/destruction time, and caching/paging effects. 1 Introduction Class libraries are generally designed with an emphasis on versatility and extensibility. An application that uses a class library typically exercises only part of the library's functionality. Unfortunately, this leads to situations where the objects cr...

This paper describes Cream, an optimizer for Java bytecode using side-effect analysis to improve the optimizations. Dead code elimination and loop invariant removal is implemented and tested, as well as several variations of the side-effect analysis. The optimizer is tested on real-world applications such as itself and JavaSoft's Java compiler. Results show that the optimizations benefit a lot from the side-effect analysis. The best side-effect analysis gives five to ten times as many optimizations as without an analysis, and, in one case, makes a sped increase of 25 % possible. 1 Introduction Java, being a relatively young language, doesn't yet have as sophisticated optimizing compilers as other, more mature languages like C and Fortran. When designing the optimizers needed to improve Java's speed towards a more acceptable level, one must carefully consider the special traits of the language. In contrast with C programs, Java programs have many small method invocations, many structu...