Typed memory management via static capabilities

Walker, David; Crary, Karl; Morrisett, Greg

doi:10.1145/363911.363923

Cited by 98 publications

(53 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our unique pointers are closely related to typing mechanisms suggested by other researchers, including linear types [30], ownership types [8], alias types [27], and capability types [31]. The critical idea with all of these proposals is to make it easy to track locally the state of an object by forbidding uncontrolled aliasing.…”

Section: Introductionmentioning

confidence: 99%

Experience with safe manual memory-management in cyclone

Hicks

Morrisett

Grossman

et al. 2004

Proceedings of the 4th International Symposium on Memory Management

Self Cite

View full text Add to dashboard Cite

The goal of the Cyclone project is to investigate type safety for low-level languages such as C. Our hardest challenge has been providing programmers control over memory management while retaining type safety. This paper reports on our experience trying to integrate and effectively use two previously proposed, type-safe memory management mechanisms: statically-scoped regions and unique pointers. We found that these typing mechanisms can be combined to build alternative memory-management abstractions, such as reference counted objects and arenas with dynamic lifetimes, and thus provide a flexible basis. Our experience-porting C code and building new applications for resource-constrained systems-confirms that experts can use these features to improve memory footprint and sometimes to improve throughput when used instead of, or in combination with, a conservative garbage collector.

show abstract

Section: Introductionmentioning

confidence: 99%

Experience with safe manual memory-management in cyclone

Hicks

Morrisett

Grossman

et al. 2004

Proceedings of the 4th International Symposium on Memory Management

Self Cite

View full text Add to dashboard Cite

show abstract

“…The computational effects we track are the privileged operations that a function may invoke, which determine the roles that are allowed to invoke the function. Roles are also similar to capabilities [29], which are a dual to effects. However, roles are disjunctive rather than conjunctive: it is sufficient for an execution to hold any of a function's roles, while capability systems require all capabilities to be held to ensure proper execution.…”

Section: Related Workmentioning

confidence: 99%

Fine-Grained Access Control with Object-Sensitive Roles

Fischer

Marino

Majumdar

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional RBAC frameworks like Java's Enterprise Edition rely solely on dynamic checks, which makes application code fragile and difficult to ensure correct. We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model for object-oriented languages. ORBAC resolves the expressiveness limitations of RBAC by allowing roles to be parameterized by properties of the business objects being manipulated. We formalize and prove sound a dependent type system that statically validates a program's conformance to an ORBAC policy. We have implemented our type system for Java and have used it to validate fine-grained access control in the OpenMRS medical records system.

show abstract

“…In Proteus, updates occur at the granularity of individual definitions (whether types, variables or functions) as in λ update (rather than modules as in λ mod update ). Replacement definitions may have different types in comparision with their originals, and a novel type system based on capabilities (Walker et al 2000) is used to ensure type safety. The fact that possible update points are made explicit in the program text is a key to balancing the flexibility and safety of the system.…”

Section: Dynamic Updatementioning

confidence: 99%

Dynamic rebinding for marshalling and update, via redex-time and destruct-time reduction

Sewell¹,

Stoyle²,

Hicks³

et al. 2007

J. Funct. Prog.

View full text Add to dashboard Cite

Most programming languages adopt static binding, but for distributed programming an exclusive reliance on static binding is too restrictive: dynamic binding is required in various guises, for example, when a marshalled value is received from the network, containing identifiers that must be rebound to local resources. Typically, it is provided only by ad hoc mechanisms that lack clean semantics. In this paper, we adopt a foundational approach, developing core dynamic rebinding mechanisms as extensions to the simply typed call-byvalue λ calculus. To do so, we must first explore refinements of the call-by-value reduction strategy that delay instantiation, to ensure computations make use of the most recent versions of rebound definitions. We introduce redex-time and destruct-time strategies. The latter forms the basis for a λ marsh calculus that supports dynamic rebinding of marshalled values, while remaining as far as possible statically typed. We sketch an extension of λ marsh with concurrency and communication, giving examples showing how wrappers for encapsulating untrusted code can be expressed. Finally, we show that a high-level semantics for dynamic updating can also be based on the destruct-time strategy, defining a λ update calculus with simple primitives to provide type-safe updating of running code. We show how the ideas of this simple calculus extend to more real-world, module-level dynamic updating in the style of Erlang. We thereby establish primitives and a common semantic foundation for a variety of real-world dynamic rebinding requirements.

show abstract

Typed memory management via static capabilities

Cited by 98 publications

References 53 publications

Experience with safe manual memory-management in cyclone

Experience with safe manual memory-management in cyclone

Fine-Grained Access Control with Object-Sensitive Roles

Dynamic rebinding for marshalling and update, via redex-time and destruct-time reduction

Contact Info

Product

Resources

About