Trustworthy Proxies

Virtualizing Objects with Invariants
  • Tom Van Cutsem
  • Mark S. Miller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7920)


Proxies are a common technique to virtualize objects in object-oriented languages. A proxy is a placeholder object that emulates or wraps another target object. Both the proxy’s representation and behavior may differ substantially from that of its target object.

In many OO languages, objects may have language-enforced invariants associated with them. For instance, an object may declare immutable fields, which are guaranteed to point to the same value throughout the execution of the program. Clients of an object can blindly rely on these invariants, as they are enforced by the language.

In a language with both proxies and objects with invariants, these features interact. Can a proxy emulate or replace a target object purporting to uphold such invariants? If yes, does the client of the proxy need to trust the proxy to uphold these invariants, or are they still enforced by the language? This paper sheds light on these questions in the context of a Javascript-like language, and describes the design of a Proxy API that allows proxies to emulate objects with invariants, yet have these invariants continue to be language-enforced. This design forms the basis of proxies in ECMAScript 6.


Proxies Javascript reflection language invariants membranes 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Eugster, P.: Uniform proxies for java. In: OOPSLA 2006: Proceedings of the 21st Annual Conference on Object-oriented Programming Systems, Languages, and Applications, pp. 139–152. ACM, NY (2006)CrossRefGoogle Scholar
  2. 2.
    Austin, T.H., Disney, T., Flanagan, C.: Virtual values for language extension. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2011, pp. 921–938. ACM, New York (2011)CrossRefGoogle Scholar
  3. 3.
    Findler, R.B., Felleisen, M.: Contracts for higher-order functions. In: Proceedings of the Seventh ACM SIGPLAN International Conference on Functional Programming, ICFP 2002, pp. 48–59. ACM, New York (2002)CrossRefGoogle Scholar
  4. 4.
    Pratikakis, P., Spacco, J., Hicks, M.: Transparent proxies for java futures. In: Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, OOPSLA 2004, pp. 206–223. ACM, New York (2004)CrossRefGoogle Scholar
  5. 5.
    ECMA International: ECMA-262: ECMAScript Language Specification. 5th edn. ECMA, Geneva, Switzerland (December 2009)Google Scholar
  6. 6.
    Fähndrich, M., Leino, K.R.M.: Heap monotonic typestates. In: International Workshop on Aliasing, Confinement and Ownership (IWACO 2003), pp. 58–72 (2003)Google Scholar
  7. 7.
    Van Cutsem, T., Miller, M.S.: Proxies: design principles for robust object-oriented intercession APIs. In: Proceedings of the 6th Symposium on Dynamic Languages, DLS 2010, pp. 59–72. ACM (2010)Google Scholar
  8. 8.
    Crockford, D.: Javascript: The Good Parts. O’Reilly (2008)Google Scholar
  9. 9.
    Guha, A., Saftoiu, C., Krishnamurthi, S.: The essence of javascript. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 126–150. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Redell, D.D.: Naming and Protection in Extensible Operating Systems. PhD thesis, Department of Computer Science, University of California at Berkeley (November 1974)Google Scholar
  11. 11.
    Miller, M.S.: Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, John Hopkins University, Baltimore, Maryland, USA (May 2006)Google Scholar
  12. 12.
    Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (June 2008),
  13. 13.
    Hayes, B.: Ephemerons: a new finalization mechanism. In: Proceedings of the 12th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, OOPSLA 1997, pp. 176–183. ACM, New York (1997)CrossRefGoogle Scholar
  14. 14.
    Strickland, T.S., Tobin-Hochstadt, S., Findler, R.B., Flatt, M.: Chaperones and impersonators: run-time support for reasonable interposition. In: Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2012, pp. 943–962. ACM, New York (2012)CrossRefGoogle Scholar
  15. 15.
    Blosser, J.: Explore the Dynamic Proxy API (2000),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tom Van Cutsem
    • 1
  • Mark S. Miller
    • 2
  1. 1.Vrije Universiteit BrusselBelgium
  2. 2.Google ResearchUSA

Personalised recommendations