Generic Ownership for Generic Java Alex Potanin, Dave Clarke (CWI) James Noble, Robert Biddle (Carleton)

Slides:



Advertisements
Similar presentations
Lists and the Collection Interface Chapter 4. Chapter Objectives To become familiar with the List interface To understand how to write an array-based.
Advertisements

Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...
The C ++ Language BY Shery khan. The C++ Language Bjarne Stroupstrup, the language’s creator C++ was designed to provide Simula’s facilities for program.
Chapter 14 Graph class design John Keyser’s Modifications of Slides by Bjarne Stroustrup
Object Orientation Chapter SixteenModern Programming Languages, 2nd ed.1 Spring 2012.
Object Orientation Chapter SixteenModern Programming Languages, 2nd ed.1.
Georgia Institute of Technology Workshop for CS-AP Teachers Chapter 3 Advanced Object-Oriented Concepts.
Lecture 3 Feb 4 summary of last week’s topics and review questions (handout) Today’s goals: Chapter 1 overview (sections 1.4 to 1.6) c++ classes constructors,
Java Generics.
External Uniqueness Presented by Nir Atias Dave Clarke Tobias Wrigstad Encapsulation Seminar 2006.
Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...
Inheritance. Extending Classes It’s possible to create a class by using another as a starting point  i.e. Start with the original class then add methods,
Inheritance and Class Hierarchies Chapter 3. Chapter 3: Inheritance and Class Hierarchies2 Chapter Objectives To understand inheritance and how it facilitates.
1 SWE Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)
Confined Types Encapsulation and modularity Seminar November, 2005 presented by: Guy Gueta.
Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.
OOP in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Inheritance (notes for 10/26 lecture). Inheritance Inheritance is the last of the relationships we will study this semester. Inheritance is (syntactically)
Laboratory for Computer Science Massachusetts Institute of Technology Ownership Types for Safe Region-Based Memory Management in Real-Time Java Chandrasekhar.
1 Chapter 6 Inheritance, Interfaces, and Abstract Classes.
Aalborg Media Lab 23-Jun-15 Inheritance Lecture 10 Chapter 8.
1 Islands : Aliasing Protection In Object-Oriented Languages By : John Hogg OOPSLA 91 Aharon Abadi.
Data Abstraction and Object- Oriented Programming CS351 – Programming Paradigms.
Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...
Interfaces and Inner Classes. What is an Interface?  What is “presented to the user”?  The public part of a class?  What is the substance of an interface?
Generic Subroutines and Exceptions CS351 – Programming Paradigms.
OOP in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Ownership Types for Object Encapsulation Authors:Chandrasekhar Boyapati Barbara Liskov Liuba Shrira Presented by: Charles Lin Course: CMSC 631.
1 An introduction to design patterns Based on material produced by John Vlissides and Douglas C. Schmidt.
Like our natural language. Designed to facilitate the expression and communication ideas between people and computer Like our natural language. Designed.
Java Software Solutions Lewis and Loftus Chapter 2 1 Copyright 1997 by John Lewis and William Loftus. All rights reserved. Software Concepts -- Introduction.
UML2 Package Merge Usage scenarios and their effect on XMI and Java API interoperability Bran Selic, Jim Amsden, Kenn Hussey Oct, 2003.
CSE 332: C++ templates This Week C++ Templates –Another form of polymorphism (interface based) –Let you plug different types into reusable code Assigned.
Sadegh Aliakbary Sharif University of Technology Fall 2011.
Object-Oriented Implementation of Reconciliations M.Sc. Seminar Talk by Costa Shapiro under supervision of Prof. Shmuel Katz Computer Science – Technion.
Designing Programming Languages to Improve Software Quality David J. Pearce Software Quality New Zealand, August
ROBERT BOCCHINO, ET AL. UNIVERSAL PARALLEL COMPUTING RESEARCH CENTER UNIVERSITY OF ILLINOIS A Type and Effect System for Deterministic Parallel Java *Based.
Question of the Day  On a game show you’re given the choice of three doors: Behind one door is a car; behind the others, goats. After you pick a door,
Ownership and Immutability in Generic Java (OIGJ) Yoav Zibin +, Alex Potanin * Paley Li *, Mahmood Ali ^, and Michael Ernst $ Presenter: Yossi Gil + +
Inheritance - Polymorphism ITI 1121 Nour El Kadri.
Existential Quantification for Variant Ownership Nicholas Cameron Sophia Drossopoulou Imperial College London (Victoria University of Wellington)‏
Java 5 Part 1 CSE301 University of Sunderland Harry Erwin, PhD.
1/20/03A2-1 CS494 Interfaces and Collection in Java.
Object-Oriented Programming. An object is anything that can be represented by data in a computer’s memory and manipulated by a computer program.
CS 61B Data Structures and Programming Methodology July 3, 2008 David Sun.
Recap form last time How to do for loops map, filter, reduce Next up: dictionaries.
G ENERICS I N J AVA BY: Ankit Goyal Sankalp Singh.
Types in programming languages1 What are types, and why do we need them?
Simple Classes. ADTs A specification for a real world data item –defines types and valid ranges –defines valid operations on the data. Specification is.
2-Dec-15 Inner Classes By Alguien Soy. 2 Inner classes All the classes so far have been “top level” It is possible (and useful) to define a class inside.
Featherweight Generic Ownership Alex Potanin, James Noble Victoria University of Wellington Dave Clarke CWI, Netherlands Robert Biddle Carlton University.
Inheritance CSI 1101 Nour El Kadri. OOP  We have seen that object-oriented programming (OOP) helps organizing and maintaining large software systems.
CSCE 314 Programming Languages Java Generics II Dr. Hyunyoung Lee 1.
Polymorphism (generics) CSE 331 University of Washington.
Encoding Ownership Types in Java Nicholas Cameron James Noble Victoria University of Wellington, New Zealand.
(1) ICS 313: Programming Language Theory Chapter 11: Abstract Data Types (Data Abstraction)
Inheritance and Class Hierarchies Chapter 3. Chapter 3: Inheritance and Class Hierarchies2 Chapter Objectives To understand inheritance and how it facilitates.
Inheritance and Class Hierarchies Chapter 3. Chapter Objectives  To understand inheritance and how it facilitates code reuse  To understand how Java.
CSE 130 : Winter 2009 Programming Languages Lecture 11: What’s in a Name ?
Unified Modeling Language (UML)
Subtype Polymorphism, Subtyping vs. Subclassing, Liskov Substitution Principle.
Java Programming: Guided Learning with Early Objects Chapter 9 Inheritance and Polymorphism.
Inner Classes.
Nicholas Cameron James Noble Victoria University of Wellington
Inheritance ITI1121 Nour El Kadri.
Names, Binding, and Scope
Formal Models for Programming Languages
Objects and Aspects: What we’ve seen so far
More Object-Oriented Programming
Inner Classes 25-Oct-19.
Presentation transcript:

Generic Ownership for Generic Java Alex Potanin, Dave Clarke (CWI) James Noble, Robert Biddle (Carleton)

2 Introduction OO languages provide name-based encapsulation: class Rectangle { private Point topLeft; } Not a guarantee that an object pointed at by a private field is not referred to by another name (alias)

3 Introduction Ownership allows a granular control of which objects are allowed to have references to which objects Generic Ownership is a unified approach of providing ownership and generics in a programming language

4 Aliasing (The Good) Aliasing is widely used in programming A lot of data structures and design patterns need it List Head Node Tail Doubly Linked List

5 Aliasing (The Bad) class Rectangle { private Point topLeft; private int width, height; }... Point p = new Point(100, 50); Rectangle r = new Rectangle(p,300,200); p.setX(400);

6 Aliasing (The Ugly) Bug in Sun JDK v1.1.1 Reported by SIPG in ‘97 Identities[] all = SM.getAllSystemIdentities() Identities[] me = getSigners() // Say, item 42 is “allow all” me[0] = all[42]; java.security package All System Identities Identity … Some Applet Identity Malicious Applet Identity Malicious Applet getAllSystemIdentities() getSigners() // Copy extra permissions // (Identities) from a // complete list to // applet specific list! Example from Confined Types by Bokowski and Vitek (OOPSLA’99)

7 Aliasing “The big lie of object-oriented programming is that objects provide encapsulation” John Hogg Islands: Aliasing Protection in Object-Oriented Languages OOPSLA’91

8 Ownership Ownership Types allow us to ensure that objects can’t escape their owners because of irresponsible handling of references to them class Rectangle { private Point topLeft; } This marks these fields as being accessible by the current instance of Rectangle only Dave Clarke, John Potter, James Noble Ownership Types for Flexible Aliasing Protection, OOPSLA’98

9 Ownership HelloWorld.java LinkedList.java

10 Java 1.4 Box Book Box Book Box

11 Java 5 Generics

12 Java 5 Generics

13 Java 5 Generics

14 Java 5 Generics Box (Bird) Box (Book)

15 Ownership

16 Ownership Book (Library)

17 Ownership Book (Robert)

18 Ownership Book (Me) Book (Robert)

19 Generic Ownership Box of Robert’s Books

20 Generic Ownership Box of My Computer Books

21 Question How do we get this into a language?

22 Simple Map in Java class Node {... } public class Map { private Vector nodes; public Vector expose() { return this.nodes; } void put(Object key, Object value) { nodes.add(new Node(key, value)); } Object get(Object k) { Iterator i = nodes.iterator(); while (i.hasNext()) { Node mn = (Node) i.next(); if (mn.key.equals(k)) return mn.value; } return null; } Book Box Map books = new Map(); books.put(“Wisdom”, new Book()); Object b = books.get(“Wisdom”); // Don’t know what get returns! Vector aliasedNodes = books.expose(); // Private field exposed! public class Map {

23 Generic Map in Java 5 Map books = new Map (); books.put(“Wisdom”, new Book()); Book b = books.get(“Wisdom”); // Type of Map knows what get returns Vector > aliasedNodes = books.expose(); // Exposed! class Node {... } public class Map { private Vector > nodes; public Vector > expose() { return this.nodes; } void put(Key key, Value value) { nodes.add(new Node (key, value)); } Value get(Key k) { Iterator > i = nodes.iterator(); while (i.hasNext()) { Node mn = i.next(); if (mn.key.equals(k)) return mn.value; } return null; } Box (Bird) Box (Book) Map books = new Map(); books.put(“Wisdom”, new Book()); Object b = books.get(“Wisdom”); // Don’t know what get returns! Vector aliasedNodes = books.expose(); // Private field exposed! public class Map {

24 Ownership Map in Safe Java Map books = new Map (); books.put(“Wisdom”, new Book()); Book b = books.get(“Wisdom”); // Type of Map knows what get returns Vector > aliasedNodes = books.expose(); // Exposed! Map books = new Map (); books.put(“Wisdom”, new Book()); Book b = books.get(“Wisdom”); // Don’t know what get returns! Vector aliasedNodes = books.expose(); // books. is not this. class Node {... } public class Map { private Vector nodes; public Vector expose() { return this.nodes; } void put(Object key, Object value) { nodes.add(new Node (key, value)); } Object get(Object key) { Iterator i = nodes.iterator(); while (i.hasNext()) { Node mn = (Node ) i.next(); if (mn.key.equals(key)) return mn.value; } return null; } Book (Me) Book (Robert) public class Map {

25 Ownership + Generic Map Map [String, Book ] books = new Map [String, Book ] (); books.put(“Wisdom”, new Book ()); Book b = books.get(“Wisdom”); // Map type knows what get returns Vector [Node [String, Book ]] aliasedNodes = books.expose(); // books. is not this. class Node [Key, Value ] {... } public class Map [Key, Value ] { private Vector [Node [Key, Value ]] nodes; public Vector [Node [Key, Value ]] expose() { return this.nodes; } void put(Key key, Value value) { nodes.add(new Node [Key, Value ](key, value)); } Value get(Key key) { Iterator [Nodes [Key, Value ]] = nodes.iterator(); while(i.hasNext()) { Node [Key, Value ] mn = i.next(); if (mn.key.equals(k)) return mn.value; } return null; } Map books = new Map (); books.put(“Wisdom”, new Book()); Book b = books.get(“Wisdom”); // Don’t know what get returns! Vector aliasedNodes = books.expose(); // books. is not this. public class Map [Key, Value ] {

26 State of the Art Aliasing is endemic in object-oriented programming Ownership (and other schemes like confinement, universes, etc) allow us to control aliasing The current systems are not very usable by typical programmers Generics is a popular mechanism in modern OO languages

27 Generic Ownership Generics and ownership are orthogonal and should not have anything to do with each other? Our claim: –Generics and ownership are complementary –Merged into one with Generic Ownership (GO) –GO is the most practical way of having ownership in a modern OO programming language

28 Ownership + Generic Map Map [String, Book ] books = new Map [String, Book ] (); books.put(“Wisdom”, new Book ()); Book b = books.get(“Wisdom”); // Map type knows what get returns Vector [Node [String, Book ]] aliasedNodes = books.expose(); // books. is not this. class Node [Key, Value ] {... } public class Map [Key, Value ] { private Vector [Node [Key, Value ]] nodes; public Vector [Node [Key, Value ]] expose() { return this.nodes; } void put(Key key, Value value) { nodes.add(new Node [Key, Value ](key, value)); } Value get(Key key) { Iterator [Nodes [Key, Value ]] = nodes.iterator(); while(i.hasNext()) { Node [Key, Value ] mn = i.next(); if (mn.key.equals(k)) return mn.value; } return null; }

29 Generic Ownership TM Map class Node {... } public class Map { private Vector, This> nodes; public Vector, This> expose() { return this.nodes; } public void put(Key key, Value value) { nodes.add(new Node (key, value)); } public Value get(Key key) { Iterator, This> i = nodes.iterator(); while (i.hasNext()) { Node mn = i.next(); if (mn.key.equals(key)) return mn.value; } return null; } Box of My Computer Books Map books = new Map (); books.put(“Wisdom”, new Book()); Book b = books.get(“Wisdom”); // Type of Map knows what get returns Vector aliasedNodes = books.expose(); // books. is not this. public class Map {

30 Generic Ownership Proposes the unification of parameterised and ownership types Starts with a generic type system and adds ownership The results are surprising: per-package ownership (confinement) comes basically for free and other kinds of ownership are not hard to implement Ownership shouldn’t be treated orthogonally to type information, rather there is a deep semantic connection between the two GO is the least intrusive introduction of ownership into a programming language

31 Generic Ownership Results Java 5 Extension: Ownership Generic Java: OGJ is backwards compatible with Java 5 and allows control of who is allowed to access which object Formalised based on extended FGJ showing that OGJ supports ownership: 1.A “pure” FGJ+c system adds per-package ownership without affecting the soundness of FGJ 2.A “full” FGO system provides deep ownership together with generics in a fully imperative setting

32 Featherweight Generic Java (FGJ) class A extends Object { A() { super(); } } class B extends Object { B() { super(); } } class Pair extends Object { X fst; Y snd; Pair(X fst, Y snd) { super(); this.fst = fst; this.snd = snd; } Pair setfst(Z newfst) { return new Pair (newfst, this.snd); } Featherweight Java by Igarashi, Pierce, and Wadler in OOPSLA’99

33 FGO: Imperative FGJ + Ownership Separate hierarchy of owner classes rooted in World that are used to carry ownership for each FGO type In addition to adding owners to types, we require: 1.Owner Nesting: provides for owner parameter nesting that enforces ownership 2.Owner Preservation: ensures owner invariance over subtyping 3.“This” Rule: prevents non-this access to types owned by particular instances 4.Placeholder Owners: an owner initialisation mechanism FGJ =, null, ref’s locals, etc ++ Owners = FGO

34 1. Owner Nesting There is a standard approach to enforcing deep ownership: “Every FGO type has its owner inside other owners involved in the type”

35 2. Owner Preservation The central idea of generic ownership is preservation of owners over the subtyping class Student extends Person {... } The owner parameter cannot be cast away or changed at any stage in the FGO program

36 3. “This” Rule This function is a mechanism preventing access to objects owned by the current object by anything other than this.* class Bar { public Foo secret = new Foo (); void m() { Foo f = this.secret; // OK Bar b = new Bar (); f = b.secret; // NOT OK b = this; f = b.secret; // ALSO NOT OK }

37 4. Placeholder Owners How do we allow a declaration of Map like this, when Key and Value also have their separate owners? class Map {... } We have a placeholder owners function that produces the missing owners for Key and Value used by the FGO type system

38 State of the Generic Ownership Generic Ownership Compiler Prototype (done) Per Package Ownership Formalism (done) Generic Ownership Formalism (done) Implementing OGJ in JavaCOP (done) OGJ Applications (partially done) Ownership Inference Formalism (partially done) Eclipse Full Ownership Inference Tool (to do) Corpus Analysis of OGJ Effects (to do) Generalising the Approach (C#, not just Java)

39 Related Work Ownership –SafeJava Concurrency / Persistence –AliasJava / ArchJava –Ownership in JML Generic Ownership –Ownership Domains (see their demo!) –Generic Universes

40 Summary Ownership and Generics are closely complementary Language support for ownership with generics is possible (and easier than without generics!) Generic Ownership is: –First proposal to fully support ownership and generics –Backed by a full formalism and a working compiler –Adopted by other aliasing research groups OGJ (Ownership Generic Java) is a compiler providing this support O=G+