Observing the Uptake of a Language Change Making Strings Immutable

Author Manuel Maarek

Thumbnail PDF


  • Filesize: 362 kB
  • 8 pages

Document Identifiers

Author Details

Manuel Maarek
  • Heriot-Watt University, Edinburgh, Scotland, UK

Cite AsGet BibTex

Manuel Maarek. Observing the Uptake of a Language Change Making Strings Immutable. In 9th Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU 2018). Open Access Series in Informatics (OASIcs), Volume 67, pp. 6:1-6:8, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2019)


To address security concerns, a major change was introduced to the OCaml language and compiler which made strings immutable and introduced array of bytes as replacement for mutable strings. The change is progressively being pushed so that ultimately strings will be immutable. We have investigated the way OCaml package developers undertook the change. In this paper we report on a preliminary observation of software code from the main OCaml package management system. For this purpose we instrumented versions of the OCaml compiler to get precise information into the uptake of safe strings.

Subject Classification

ACM Subject Classification
  • Software and its engineering → Software evolution
  • software evolution
  • programming language evaluation
  • immutability
  • secure programming


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Mark Adams. Flyspecking Flyspeck. In Mathematical Software endash ICMS 2014, Lecture Notes in Computer Science, pages 16-20. Springer, Berlin, Heidelberg, August 2014. URL: http://dx.doi.org/10.1007/978-3-662-44199-2_3.
  2. David Cadé and Bruno Blanchet. Proved Generation of Implementations from Computationally Secure Protocol Specifications1. Journal of Computer Security, 23(3):331-402, January 2015. URL: http://dx.doi.org/10.3233/JCS-150524.
  3. M. Coblenz, W. Nelson, J. Aldrich, B. Myers, and J. Sunshine. Glacier: Transitive Class Immutability for Java. In 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), pages 496-506, May 2017. URL: http://dx.doi.org/10.1109/ICSE.2017.52.
  4. D. Doligez, C. Faure, T. Hardin, and M. Maarek. Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, volume 2, pages 209-218, May 2015. URL: http://dx.doi.org/10.1109/ICSE.2015.149.
  5. Éric Jaeger, Olivier Levillain, and Pierre Chifflier. Mind Your Language (s) - A Discussion about Languages and Security (Long Version). In First Workshop on Language-Theoretic Security (LangSec) at the IEEE CS Security & Privacy Workshops, 2014. Google Scholar
  6. LaFoSec. Security and Functional Languages (Étude de La Sécurité Intrinsèque Des Langages Fonctionnels). Technical report, ANSSI (National Cybersecurity Agency of France), Main authors: D. Doligez, C. Faure, T. Hardin, M. Maarek, 2011. Google Scholar
  7. M. Martinez, L. Duchien, and M. Monperrus. Automatically Extracting Instances of Code Change Patterns with AST Analysis. In 2013 IEEE International Conference on Software Maintenance, pages 388-391, September 2013. URL: http://dx.doi.org/10.1109/ICSM.2013.54.
  8. O. Meqdadi, N. Alhindawi, M. L. Collard, and J. I. Maletic. Towards Understanding Large-Scale Adaptive Changes from Version Histories. In 2013 IEEE International Conference on Software Maintenance, pages 416-419, September 2013. URL: http://dx.doi.org/10.1109/ICSM.2013.61.
  9. Baishakhi Ray, Daryl Posnett, Vladimir Filkov, and Premkumar Devanbu. A Large Scale Study of Programming Languages and Code Quality in Github. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2014, pages 155-165, New York, NY, USA, 2014. ACM. URL: http://dx.doi.org/10.1145/2635868.2635922.
  10. Gerd Stolpmann. Immutable Strings in OCaml-4.02 (Blog on Camlcity.Org). http://blog.camlcity.org/blog/bytes1.html, July 2014. Google Scholar
  11. S. Weber, M. Coblenz, B. Myers, J. Aldrich, and J. Sunshine. Empirical Studies on the Security and Usability Impact of Immutability. In 2017 IEEE Cybersecurity Development (SecDev), pages 50-53, September 2017. URL: http://dx.doi.org/10.1109/SecDev.2017.21.
  12. T. Zimmermann, A. Zeller, P. Weissgerber, and S. Diehl. Mining Version Histories to Guide Software Changes. IEEE Transactions on Software Engineering, 31(6):429-445, June 2005. URL: http://dx.doi.org/10.1109/TSE.2005.72.
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail