The sharing and transfer of references in object-oriented languages is difficult to control. Without any constraint, practical experience has shown that even carefully engineered object-oriented code can be brittle, and subtle security deficiencies can go unnoticed. In this paper, we present inexpensive syntactic constraints that strengthen encapsulation by imposing static restrictions on the spread of references. In particular, we introduce confined types to impose a static scoping discipline on dynamic references and anonymous methods to loosen confinement somewhat to allow code reuse. We have implemented a verifier which performs a modular analysis of Java programs and provides a static guarantee that confinement is respected. Copyright c ○ 2000 John Wiley & Sons, Ltd. key words: sharing, aliasing, Java, object-orientation, security 1
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.