Java is type safe — Probably
Amidst rocketing numbers of enthusiastic Java programmers and internet applet users, there is growing concern about the security of executing Java code produced by external, unknown sources. Rather than waiting to find out empirically what damage Java programs do, we aim to examine first the language and then the environment looking for points of weakness. A proof of the soundness of the Java type system is a first, necessary step towards demonstrating which Java programs won't compromise computer security.
We consider a type safe subset of Java describing primitive types, classes, inheritance, instance variables and methods, interfaces, shadowing, dynamic method binding, object creation, null and arrays. We argue that for this subset the type system is sound, by proving that program execution preserves the types, up to subclasses/subinterfaces.
Unable to display preview. Download preview PDF.
- 1.M. Abadi and L. Cardelli. A semantics of object types. In LICS'94 Proceedings, 1994.Google Scholar
- 2.Joseph A. Bank, Barbara Liskov, and Andrew C. Myers. Parameterized types and Java. In POPL'97 Proceedings, January 1997.Google Scholar
- 3.Gerald Baumgartner and Vincent F. Russo. Signatures: A language extension for improving type abstraction and subtype polymorphism in C++. Software-Practice & Experience, 25(8):863–889, August 1995.Google Scholar
- 4.John Boyland and Giuseppe Castagna. Type-safe compilation of covariant specialization: A practical case. In ECOOP'96 Proceedings, July 1996.Google Scholar
- 5.P. Canning, William Cook, and William Olthoff. Interfaces for object-oriented programming. In OOPLSA'89, pages 457–467, 1989.Google Scholar
- 6.Giuseppe Castagna. Parasitic Methods: Implementation of Multimethods for Java. Technical report, C.N.R.S, November 1996.Google Scholar
- 8.William Cook. A Proposal for making Eiffel Type-safe. In S. Cook, editor, ECOOP'87 Proceedings, pages 57–70. Cambridge University Press, July 1989.Google Scholar
- 9.William Cook, Walter Hill, and Peter Canning. Inheritance is not subtyping. In POPL'90 Proceedings, January 1990.Google Scholar
- 10.Luis Damas and Robin Milner. Principal Type Schemes for Functional Languages. In POPL'82 Proceedings, 1982.Google Scholar
- 11.Drew Dean, Edward W. Felten, and Dan S. Wallach. Java security: From Hot Java to Netscape and beyond. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 190–200, May 1996.Google Scholar
- 12.Sophia Drossopoulou and Susan Eisenbach. Is the Java type system sound? In Proceedings of the Fourth International Workshop on Foundations of Object-Oriented Languages, January 1997.Google Scholar
- 13.James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison-Wesley, August 1996.Google Scholar
- 14.R. Harper. A simplified account of polymorphic references. Technical Report CMU-CS-93-169, Carnegie Mellon University, 1993.Google Scholar
- 15.Daniel Ingalls. The smalltalk-76 programming system design and implementation. In POPL'78 Proceedings, pages 9–15, January 1978.Google Scholar
- 16.The Java language specification, October 1995.Google Scholar
- 17.The Java language specification, May 1996.Google Scholar
- 18.Bertrand Meyer. Static typing and other mysteries of life, December 1995.Google Scholar
- 19.Martin Odersky and Philip Wadler. Pizza into Java: Translating theory into practice. In POPL'97 Proceedings, January 1997.Google Scholar
- 20.Peter Sellinger. private communication, October 1996.Google Scholar
- 21.Mads Tofte. Type Inference for Polymorphic References. In Information and Computation'80 Conference Proceedings, pages 1–34, November 1980.Google Scholar