Computer Laboratory

Technical reports

Access contracts: a dynamic approach to object-oriented access protection

Janina Voigt

February 2016, 171 pages

This technical report is based on a dissertation submitted May 2014 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College.


In object-oriented (OO) programming, variables do not contain objects directly but addresses of objects on the heap. Thus, several variables can point to the same object; we call this aliasing.

Aliasing is a central feature of OO programming that enables efficient sharing of objects across a system. This is essential for the implementation of many programming idioms, such as iterators. On the other hand, aliasing reduces modularity and encapsulation, making programs difficult to understand, debug and maintain.

Much research has been done on controlling aliasing. Alias protection schemes (such as Clarke et al.’s influential ownership types) limit which references can exist, thus guaranteeing the protection of encapsulated objects. Unfortunately, existing schemes are significantly restrictive and consequently have not been widely adopted by software developers.

This thesis makes three contributions to the area of alias protection. Firstly, it proposes aliasing contracts, a novel, dynamically-checked alias protection scheme for object-oriented programming languages. Aliasing contracts are highly flexible and expressive, addressing the limitations of existing work. We show that they can be used to model many existing alias protection schemes, providing a unifying approach to alias protection.

Secondly, we develop a prototype implementation of aliasing contracts in Java and use it to quantify the run-time performance of aliasing contracts. Since aliasing contracts are checked dynamically, they incur run-time performance overheads; however, our performance evaluation shows that using aliasing contracts for testing and debugging is nevertheless feasible.

Thirdly, we propose a static analysis which can verify simple aliasing contracts at compile time, including those contracts which model ownership types. Contracts which can be verified in this way can subsequently be removed from the program before it is executed. We show that such a combination of static and dynamic checking significantly improves the run-time performance of aliasing contracts.

Full text

PDF (1.8 MB)

BibTeX record

  author =	 {Voigt, Janina},
  title = 	 {{Access contracts: a dynamic approach to object-oriented
         	   access protection}},
  year = 	 2016,
  month = 	 feb,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-880}