Generic Ownership Types for Java and the Collections Framework

<p>Generic programming has turned out very useful in the development of reusable software. With the Java programming language, genericity is not only meant for reusability, but also for type-safety. Java generics constrain a container object (e.g., list, hash table) to store objects of a pre-specified data type. Nevertheless, safe programming with aliasing (multiple pointers in a program may point to the same object) is still a concern in object-oriented programming language research. A pointing object can mutate the state of the aliased object, reflecting the changes to all of the other pointers (aka aliases) thus affecting their behaviour. As programs grow larger and more complex, such changes in behaviour can be undesirable and difficult to detect and reason about. With respect to container objects, the iterator pattern critically violates encapsulation, allowing aliases to the state (and thereof the components) of its container. Object ownership is one of the well-researched paradigms in the area of alias management. Ownership types support hierarchical object encapsulation rather than the traditional class-level encapsulation. This thesis introduces an extension of Java 6 with support for ownership types as supplementary generic types. That is, Java generics are extended with the ability of carrying ownership information. This extension provides generic ownership support for all of Java; that is, all major language features are addressed so that programs can safely manage and express their aliasing properties. The resulting language is expressive enough to support common programming idioms, with little programming and runtime overhead. We evaluated the programmability of the language by refactoring a major (the most essential) portion of the Java Collections Framework. We also evaluated the performance impact of our refactoring by conducting a small micro-benchmark study to measure the performance time overhead the refactored collections may impose.</p>

Generic Ownership Types for Java and the Collections Framework

<p>Generic programming has turned out very useful in the development of reusable software. With the Java programming language, genericity is not only meant for reusability, but also for type-safety. Java generics constrain a container object (e.g., list, hash table) to store objects of a pre-specified data type. Nevertheless, safe programming with aliasing (multiple pointers in a program may point to the same object) is still a concern in object-oriented programming language research. A pointing object can mutate the state of the aliased object, reflecting the changes to all of the other pointers (aka aliases) thus affecting their behaviour. As programs grow larger and more complex, such changes in behaviour can be undesirable and difficult to detect and reason about. With respect to container objects, the iterator pattern critically violates encapsulation, allowing aliases to the state (and thereof the components) of its container. Object ownership is one of the well-researched paradigms in the area of alias management. Ownership types support hierarchical object encapsulation rather than the traditional class-level encapsulation. This thesis introduces an extension of Java 6 with support for ownership types as supplementary generic types. That is, Java generics are extended with the ability of carrying ownership information. This extension provides generic ownership support for all of Java; that is, all major language features are addressed so that programs can safely manage and express their aliasing properties. The resulting language is expressive enough to support common programming idioms, with little programming and runtime overhead. We evaluated the programmability of the language by refactoring a major (the most essential) portion of the Java Collections Framework. We also evaluated the performance impact of our refactoring by conducting a small micro-benchmark study to measure the performance time overhead the refactored collections may impose.</p>

Safe-by-default Concurrency for Modern Programming Languages

Modern “safe” programming languages follow a design principle that we call safety by default and performance by choice . By default, these languages enforce important programming abstractions, such as memory and type safety, but they also provide mechanisms that allow expert programmers to explicitly trade some safety guarantees for increased performance. However, these same languages have adopted the inverse design principle in their support for multithreading. By default, multithreaded programs violate important abstractions, such as program order and atomic access to individual memory locations to admit compiler and hardware optimizations that would otherwise need to be restricted. Not only does this approach conflict with the design philosophy of safe languages, but very little is known about the practical performance cost of providing a stronger default semantics. In this article, we propose a safe-by-default and performance-by-choice multithreading semantics for safe languages, which we call volatile -by-default . Under this semantics, programs have sequential consistency (SC) by default, which is the natural “interleaving” semantics of threads. However, the volatile -by-default design also includes annotations that allow expert programmers to avoid the associated overheads in performance-critical code. We describe the design, implementation, optimization, and evaluation of the volatile -by-default semantics for two different safe languages: Java and Julia. First, we present V BD-HotSpot and V BDA-HotSpot, modifications of Oracle’s HotSpot JVM that enforce the volatile -by-default semantics on Intel x86-64 hardware and ARM-v8 hardware. Second, we present S C-Julia, a modification to the just-in-time compiler within the standard Julia implementation that provides best-effort enforcement of the volatile -by-default semantics on x86-64 hardware for the purpose of performance evaluation. We also detail two different implementation techniques: a baseline approach that simply reuses existing mechanisms in the compilers for handling atomic accesses, and a speculative approach that avoids the overhead of enforcing the volatile -by-default semantics until there is the possibility of an SC violation. Our results show that the cost of enforcing SC is significant but arguably still acceptable for some use cases today. Further, we demonstrate that compiler optimizations as well as programmer annotations can reduce the overhead considerably.

Security Scanner For Web Applications Case Study: Learning Management System

In software engineering, web applications are software that are accessed using a web browser through a network such as the Internet or intranet. Web applications are applications that can be relied on by users to do many useful activities. Despite the awareness of web application developers about safe programming practices, there are still many aspect in web applications that can be exploited by attacker. The development of web applications and the Internet causes the movement of information systems to use them as a basis. Security is needed to protect the contents of web applications that are sensitive and provide a safe process of sending data, therefore application security must be applied to all infrastructure that supports web applications, including the web application itself. Most organizations today have some kind of web application security program or try to build/ improve. But most of these programs do not get the results expected for the organization, are not durable or are not able to provide value continuously and efficiently and also cannot improve the mindset of developers to build/ design secure web applications. This research aims to develop a web application security scanner that can help overcome security problems in web applications.

An analysis of influence of safe programming techniques on applications efficiency and security

The topics covered in this article are the risks that must be taken into account when developing the software. This article gives you an overview of safeguards against some of the anticipated common security vulnerabilities. Based on the written programs, the impact of the various techniques of safe programming on the performance and security of the application has been analyzed. This article presents both a theoretical description of the protections as well as examples of their technical implementation.

Romeo: A system for more flexible binding-safe programming

Current systems for safely manipulating values containing names only support simple binding structures for those names. As a result, few tools exist to safely manipulate code in those languages for which name problems are the most challenging. We address this problem with Romeo, a language that respects α-equivalence on its values, and which has access to a rich specification language for binding, inspired by attribute grammars. Our work has the complex-binding support of David Herman's λm, but is a full-fledged binding-safe language like Pure FreshML.