2005. Programming Languages Security - A Survey, страница 4

The garbage collector works with two heaps – a minorheap and a major heap. The minor heap, which is garbagedcollected often, holds small objects and objects that are allocated and deallocated frequently. The major heap, which isgarbaged-collected infrequently, holds large objects and objects with a long lifetime that are promoted to it after sometime from the minor heap.OCaml programs can be debugged in a variety of ways:OCamlObjective Caml (OCaml) belongs to the Meta-Language (ML)family of programming languages.

It is the most popular andextensively used version of Caml – a general-purpose programming language, designed for program safety and dependability [63].OCaml’s set of tools includes an interactive top-level, abytecode compiler, and a native code compiler.The ”top-level” is an interactive OCaml session that worksby reading in expressions, evaluating them and printing outtheir result.

It can be invoked by running the ocaml programand is useful for experimentation and quick development.Bytecode compilers allow the creation of portable stand-aloneapplications out of OCaml programs. The native code compiler ensures good performance and portability through native code generation for major architectures (including IA32,AMD64, PowerPC, SPARC, MIPS, etc.).Features such as a large standard library, object-orientedprogramming constructs and modularity make OCaml suitable for large software engineering projects.Functions in OCaml are first-class citizens, they are treatedjust like data which allows them to be stored as values in datastructures, passed to other functions and returned as the resultsof expressions (including the return-values of functions).OCaml is a strongly typed language with a static type system which means that the type of every variable and expression in a program is determined at compile-time [39].

Thishelps to eliminate a significant category of run-time errors thatresult from type mismatches and also avoids the need for inserting performance hindering run-time checks.OCaml’s type-inferring compiler minimizes the need formanual type annotation. The types of functions and variablesneed not be explicitly declared as they are in C or Java. Thecompiler is able to infer most of the necessary type information automatically. Type inference eliminates a family oferrors which could result in NullPointerExceptions,ClassCastExceptions and segmentation faults [64].OCaml however does not perform any implicit type casting.In expressions with mixed datatypes explicit casts are necessary for the expression to be evaluated.

OCaml needs thisexplicit casting to be able to do type-inference correctly andto avoid hard to detect bugs caused by implicit casts.OCaml has no support for operator overloading, e.g. integer addition is performed using “+” whereas floating-pointaddition is performed using “+.”. This again is mainly to dotype-inference unambiguously. Type inference relies on the• the interactive system can be used to test (small) functions efficiently: various inputs are fed into the interactive system and results are checked for correctness.• the function call tracing mechanism of the interactivesystem can be used to follow the computation for morecomplex cases.• the symbolic replay debugger is a debugging tool thatallows the program to be paused at any time so that thevalue of variables and stack layout can be checked.A foreign function interface (FFI) allows OCaml code tocall routines or make use of functions provided by C code.The C code can be statically or dynamically linked with Camlcode.

It is also possible for C functions to call OCaml functions. The ocamlmklib command allows building librariescontaining both Caml code and C code.OCaml version 3.09.2 is available for download. It workson Linux, MacOS X and Microsoft Windows.1. Strict evaluation is sometimes called “eager” evaluation.2. Runs in parallel with the application, to avoid detectable delays.73.5HaskellThe drawbacks of using Haskell include the fact thatHaskell programs tend to allocate quite a bit of extra memoryin the background. In applications where performance andlow-level control are desired, an imperative language like Cwould be a better alternative.

Also, functional programmingrequires an alteration in programmer perspective, which couldbe difficult.There are several Haskell implementations, and are distributed under open source licenses. There are currently nocommercial Haskell implementations. Haskell compilers andinterpreters are freely available for just about any computer.Haskell [34] is a purely-functional general purpose programming language. It is well suited for a diverse set of applications.

It allows designing of initial prototypes of programs bywriting specifications which can be tested and debugged byactually executing them.Like most functional languages, Haskell programs aremaintainable, as the code is more concise and understandableas compared to that of imperative languages like Java and C.It is a strongly typed language, eliminating a vast class ofcompile-time errors. Its polymorphic type system helps enhance code re-usability.Haskell is a non-strict language with lazy evaluation.

Lazyevaluation is a technique where only expressions whose results are needed are computed; other possibly unnecessarycomputations might be delayed or never carried out at all.In particular Haskell uses call-by-need : an evaluation strategy, where, if the function argument is evaluated, the resultsare stored for subsequent uses rather than recomputing them.This has a positive effect on performance.Haskell has powerful abstraction mechanisms, such as theability to use functions as values, i.e.

higher-order functions.Functions in Haskell are first-class citizens. Prudent use ofhigher-order functions can help build modular programs.Haskell also features inbuilt memory management, whichalleviates the programmer from manual memory managementissues. Memory is allocated and initialized automatically, andconsequently recovered by the garbage collection system. Automatic garbage collection helps prevents run-time errors likedangling pointer dereferences.The Haskell 98 Foreign Function Interface (FFI) [35] addssupport for invoking code written in other programming languages from Haskell and vice versa.There are a lot of tools for interfacing Haskell with otherlanguages, such as:3.6JavaThe Java programming language platform provides aportable, architecture neutral, object-oriented programminglanguage and supporting run-time environment [44]. Javatechnology enables the development of secure, high performance, robust applications on multiple platforms.Since Java technology was intended to operate in distributed environments, security features have been designed andbuilt into the language and run-time system.

Java applications are resistant to malicious code injections 3 . The language helps programmers write safe code by featuring typesafety, automatic memory management, garbage collection,and bounds checking on strings and arrays [45]. There are noexplicit programmer-defined pointer datatypes and no pointerarithmetic.The Java security model is based on a customizable sandbox which is a restricted environment in which Java programscan run untrusted remote code, without potential risk to systems or users [82].For portability, the compiler generates bytecodes – an architecture neutral intermediate format. The same bytecodeswill run on any platform and there are no datatype incompatibilities across architectures.Java provides extensive compile-time checking, followedby a second level of run-time checking.

Java is strict in itsdefinition of the basic language, it specifies the sizes of itsbasic datatypes and the behavior of its arithmetic operators.The Java Virtual Machine (JVM) is the specification of anabstract machine for which Java compilers can generate code.Implementations of the JVM for different platforms providesthe concrete realization of the virtual machine.The Java garbage collector runs as a low-priority background thread, ensuring a high probability that memory isavailable when needed. Calculation-intensive sections oflarge programs can be written in native machine code to help• Green Card [32] – a FFI preprocessor for Haskell, simplifying the task of interfacing Haskell programs to externallibraries (which are normally exposed via C interfaces).• HaskellDirect [37] – an Interface Definition Language(IDL) compiler for Haskell, which helps interfacingHaskell code to libraries or components written in otherlanguages (C).• C→Haskell [11] – A lightweight tool for implementingaccess to C libraries from Haskell.• HSFFIG [36] – Haskell FFI Binding Modules Generator,a tool that takes a C library include file (.h) and generates Haskell FFI import declarations for items (functions,structures, etc.) that the header defines.3.

It has however been demonstrated that a single-bit error induced in aJava program’s data space can be exploited to execute arbitrary code [31].8improve performance. Although, the portability and securityfeatures of Java are lost via this.Bytecode verification ensures that code conforms to theJVM specification and guarantees that only valid bytecodesare executed, preventing hostile code from corrupting the runtime environment. Run-time safety is guaranteed by the bytecode verifier in conjunction with the JVM.Secure Class Loading provides security by associatingclasses loaded by a particular class loader with a uniquenamespace. A namespace is a set of unique names of theclasses loaded by a particular class loader.

The namespace ofclasses loaded by a particular class loader is isolated from thenamespaces of other class loaders. As trusted local classes anduntrusted classes downloaded from remote sites are loadedthrough separate class loaders, the possibility that an untrustedclass can substitute a trusted class and thereby launch an attack is reduced.The JVM arbitrates access to critical system resources anduses a SecurityManager class to minimize the actions of untrusted pieces of code.Java also has comprehensive APIs and built-in implementations of important security standards, which help in building secure applications. There is support for a wide range ofcryptographic services, development and deployment of public key infrastructure, secure communication, authentication,and access control [82].Java programs may however have lower performance thantheir counterparts in languages such as C/C++.

This is because bytecode is not as optimized as the machine code generated by C/C++; and the use of a automatic garbage collectorthat has to decide when to delete objects can be more expensive than imperative deletion in C/C++.The Java Software Development Kit (JDK) is required forbuilding applications, applets, and components using the Javaprogramming language.