[942] in java-interest
Re: Java implementations should be tail recursive
daemon@ATHENA.MIT.EDU (John D. Ramsdell)
Tue Aug 15 19:24:43 1995
To: James C Deikun <jcdst10+@pitt.edu>
Cc: java-interest@java.sun.com, ramsdell@mitre.org
In-reply-to: Your message of "Fri, 11 Aug 1995 04:39:07 EDT."
<Pine.3.89.9508110414.A16815-0100000@unixs1.cis.pitt.edu>
Date: Tue, 15 Aug 1995 15:46:31 -0400
From: "John D. Ramsdell" <ramsdell@linus.mitre.org>
On Fri, 11 Aug 1995, James C Deikun wrote:
> The problem with this, of course, is that without saving the old stack
> frame, it's impossible to tell who invoked the new method. This
> unfortunately conflicts with many of the security methods that seem to be
> used in Java, or with just about any rational sort of security for a
> language that can safely and stably allow arbitrary runtime extension of
> a system.
Thank you sending a thoughful response to my query on tail recursive
implementations. I have not looked into the security methods used in
Java, so I cannot address the issues specific to Sun's implementation.
I have trouble understanding how security mechanisms eliminate the
possibility of tail recursive for applications that execute within one
security domain. Consider the following example of a state machine.
class States {
...
public static void state1 (...) {
...
// Invoke the next state.
state2(...);
return;
}
private static void state2 (...) {
...
// Invoke the next state.
state3(...);
return;
}
...
}
In this example, the call to state2 from state1 is a call to a
statically known method. The lexical structure of the program ensures
the caller and the callee are in the same security domain. There is
no need to check stack frames or perform any other check to see if
there is a change in the security domain. A goto is all that is needed.
Java, of course, is a dynamically linked language. In the general
case, no compiler can know if a method invocation crosses a security
domain. At run time, a tail recursive implementation would have to
record transfers between security domains. A tail recursive
implementation could push a special security frame on the control
stack when a method is invoked across a security domain, but push
nothing when the invocation stays within a security domain. The
result would be that programmers could assume the implementation is
tail recursive for single domain units of code.
For security reasons, is it required that the callee's stack frame be
on top of the stack, or is all that is required is that some stack
frame from the callee's security domain be on top of the stack?
John
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
