Jump to ContentJump to Main Navigation
Show Summary Details
More options …

it - Information Technology

Methods and Applications of Informatics and Information Technology

Editor-in-Chief: Conrad, Stefan

See all formats and pricing
More options …
Volume 56, Issue 2


Analysing Java's safety guarantees under concurrency

Andreas Lochbihler
Published Online: 2014-03-31 | DOI: https://doi.org/10.1515/itit-2013-1037


Two features distinguish Java from other main-stream programming languages like C and C++: its built-in support for concurrency and safety guarantees such as type safety or safe execution in a sandbox. In this work, we build a formal, unified model of Java concurrency, validate it empirically, and analyse it with respect to the safety guarantees using a proof assistant. We show that type safety and Java's data race freedom guarantee hold. Our analysis, however, revealed a weakness in the Java security architecture, because the Java memory model theoretically allows pointer forgery. As a result, this work clarifies the specification of the Java memory model.

Keywords: ACM CCS→Software and its engineering→Software notations and tools→Formal language definitions→Semantics; ACM CCS→Theory of computation→Semantics and reasoning→Program semantics→Operational semantics; ACM CCS→Computing methodologies→Concurrent computing methodologies→Concurrent programming languages; Java threads; operational semantics; type safety; data race freedom; compiler verification

About the article

Andreas Lochbihler

Andreas Lochbihler is working as a post-doctoral researcher in the information security group at ETH Zurich. His research focuses on deriving machine-checked implementations from protocol specifications such that the security properties of the models are preserved. Andreas graduated in computer science from the University of Passau in 2006, after having studied there and at the University of Edinburgh. He received his doctorate from the Karlsruhe Institute of Technology in 2012. Before joining ETH, he was a member of Gregor Snelting's groups at the University of Passau and the Karlsruhe Institute of Technology working on programming languages and static program analysis.

Institute of Information Security, ETH Zurich, Universitätstrasse 6, CH-8092 Zurich, Switzerland, Tel.: +41-44-6328470, Fax: +41-44-6321172

Accepted: 2013-11-05

Received: 2013-10-29

Published Online: 2014-03-31

Published in Print: 2014-04-28

Citation Information: it – Information Technology, Volume 56, Issue 2, Pages 82–86, ISSN (Online) 2196-7032, ISSN (Print) 1611-2776, DOI: https://doi.org/10.1515/itit-2013-1037.

Export Citation

©2014 Walter de Gruyter Berlin/Boston.Get Permission

Comments (0)

Please log in or register to comment.
Log in