Postprint version. Published in Lecture Notes in Computer Science: Programming Languages and Systems, Volume 2618, January 1, 2003, pages 22-37. Copyright © 2003 Springer. The definitive version is available online at: http://dx.doi.org/ 10.1007/3-540-36575-3_3.
NOTE: At the time of publication, the author John Clements was not yet affiliated with Cal Poly.
Security folklore holds that a security mechanism based on stack inspection is incompatible with a global tail call optimization policy. An implementation of such a language may have to allocate memory for a source-code tail call, and a program that uses only tail calls (and no other memory-allocating construct) may nevertheless exhaust the available memory. In this paper, we prove this widely held belief wrong. We exhibit an abstract machine for a language with security stack inspection whose space consumption function is equivalent to that of the canonical tail call optimizing abstract machine. Our machine is surprisingly simple and suggests that tail-calls are as easy to implement in a security setting as they are in a conventional one.