330 likes | 442 Views
Featherweight Generic Ownership. Alex Potanin, James Noble Victoria University of Wellington Dave Clarke CWI, Netherlands Robert Biddle Carlton University. 19/7/2005. Encapsulation Seminar TAU 2006 Presented by Ziv Haddad. Outline. Introduction FGO formal model and Guarantees
E N D
Featherweight Generic Ownership Alex Potanin, James Noble Victoria University of Wellington Dave Clarke CWI, Netherlands Robert Biddle Carlton University 19/7/2005 Encapsulation Seminar TAU 2006 Presented by Ziv Haddad
Outline • Introduction • FGO formal model and Guarantees • OGJ Implementation • Conclusion
A Java implementation of a Map class public class Map { private Vector nodes; void put(Comparable key, Object value) { nodes.add(new Node(key, value)); } Object get(Comparable k) { Iterator i = nodes.iterator(); while (i.hasNext()) { Node mn = (Node) i.next(); if (((Comparable) mn.key).equals(k)) return mn.value; } return null; } } class Node { public Object key; public Object value; Node(Object key, Object value) { this.key = key; this.value = value; } }
A Generic implementation of a Map class public class Map<Key extends Comparable, Value> { private Vector<Node<Key, Value>> nodes; void put(Key key, Value value) { nodes.add(new Node<Key, Value>(key, value)); } Value get(Key k) { Iterator<Node<Key, Value>> I = nodes.iterator(); while (i.hasNext()) { Node<Key, Value> mn = i.next(); if (mn.key.equals(k)) return mn.value; } return null; } } class Node<Key extends Comparable, Value> { public Key key; public Value value; Node(Key key, Value value) { this.key = key; this.value = value; } }
An Ownership Types implementation of a Map class public class Map<mOwner, kOwner, vOwner> { private Vector<this, this> nodes; void put(Comparable<kOwner> key, Object<vOwner> value) { nodes.add(new Node<this, kOwner, vOwner>(key, value)); } Object<vOwner> get(Comparable<kOwner> key) { Iterator<this, this> i = nodes.iterator(); while (i.hasNext()) { Node<this, kOwner, vOwner> mn = (Node<this, kOwner, vOwner>) i.next(); if (mn.key.equals(key)) return mn.value; } return null; } } class Node<mapNodeOwner, kOwner, vOwner> public Comparable<kOwner> key; public Object<vOwner> value; Node(Comparable<kOwner> key, Object<vOwner> value) { this.key = key; this.value = value; } }
A combined generic and ownership types implementation of a Map class public class Map<mOwner>[Key<kOwner> extends Comparable<kOwner>,Value<vOwner>] { private Vector<this>[Nodes<this>[Key<kOwner>,Value<vOwner>]] nodes; void put(Key<kOwner> key, Value<vOwner> value) { nodes.add(new Node<this>[Key<kOwner>, Value<vOwner>](key, value)); } Value<vOwner> get(Key<kOwner> key) { Iterator<this>[Nodes<this>[Key<kOwner>,Value<vOwner>]] i = nodes.iterator(); while(i.hasNext()) { Node<this>[Key<kOwner>,Value<vOwner>] mn = i.next(); if (mn.key.equals(k)) return mn.value; } return null; } } class Node<mapNodeOwner>[Key<kOwner> extends Comparable<kOwner>,Value<vOwner>] { public Key<kOwner> key; public Value<vOwner> value; Node(Key<kOwner> key, Value<vOwner> value) { this.key = key; this.value = value; } }
Generic Ownership • A new linguistic mechanism that combines genericity and ownership into a simple language • Treats ownership as an additional kind of generic type information • Existing generic type systems can be extended to carry ownership information with only minimal changes • Ownership Generic Java (OGJ) – Implemented as an extension to Java 5
Generic Ownership Implementation of map class public class Map<Key extends Comparable,Value, Owner extends World> { private Vector<Node<Key, Value, This>,This> nodes; public void put(Key key, Value value) { nodes.add(new Node<Key, Value, This>(key, value)); } public Value get(Key key) { Iterator<Node<Key, Value, This>, This> i= nodes.iterator(); while (i.hasNext()) { Node<Key, Value, This> mn = i.next(); if (mn.key.equals(key)) return mn.value; } return null; } } class Node<Key extends Comparable, Value, Owner extends World> { public Key key; public Value value; Node(Key key, Value value) { this.key = key; this.value = value; } }
Featherweight (Generic) Java • A minimal core calculus for modeling Java’s type systems • The design of FJ favors compactness over completeness • Supports only five forms of expressions: object creation, method invocation, field access, casting and variables • Featherweight Generic java adds generic types for FJ
Formalizing Generic Ownership • Generic Ownership is formalized as an imperative extension of Featherweight Generic Java • Last type parameter is used to record an object’s owner • All FGO classes descend from a new parameterized root Object<O>
Another Example class m.Main<Owner extends World> extends Object<Owner>{ m.Main() { super(); } p.OwnedStack<Object<World>,World> public() { return new p.OwnedStack<Object<World>,World>; } p.OwnedStack<m.Main<World>,M> confined() { return new p.OwnedStack<m.Main<World>,M>; } p.OwnedStack<m.Main<M>,This> private() { return new p.OwnedStack<m.Main<M>,This>; } }
Manifest Ownership • Manifest Ownership allow classes without explicit owner type parameters • A manifest FGO class owner is fixed (all objects) class PublicStack extends p.OwnedStack<World> {} • Manifest ownership allows us to fit existing FGJ classes into the FGO class hierarchy class Object extends Object<World> {} class Stack extends Object {}
Different Kinds of Ownership • FGO supports deep ownership • In addition FGO also support static (package) ownership – via package owner classes. • FGO can be adjusted to support shallow ownership instead of deep ownership
FGO Type System Ownership syntax Auxiliary Functions
Owner Lookup • In the case of a manifest class the owner is found by traversing the class hierarchy
this Function Replaces occurrences of This. • Used extensively during the typing of FGO expressions, to enforce valid use of owner classes. • There are two use case for the this function
this Function – First use • Used during the validation of class declaration • Every expression containing a method call or a field access is checked to see if any of the types involved contain This as an owner class. If they do then the method call or field access is only allowed on this. Class PhoneBook<Owner extends World> { … void fill(PhoneBook<Owner> otherPhoneBook) { … otherPhoneBook.addRecord(new Record<This>(…)); … } }
this Function – Second use • Used during reduction of FGO expressions. • The permission P given to this is the current location l • Any occurrence of class This is replaced by a more appropriate location-specific Thisl.
Subtyping and Well formedness Highlighted bit is essential for deep ownership. Intuition: class MyList <Object<World>, P> extends List<T, Owner> - OK class MyList <Object<P>, World> extends List<T, Owner> - NOT OK
Visibility Rules • FGO contributes FGJ a set of visibility rules which define owner and type visibility
Type Soundness Proof: Using structural induction on the reduction rules Proof: Based on all the possible expression types. The Type Soundness is immediate from the Preservation and Progress Theorem.
Ownership Invariance Proof: By induction on the depth of the subtype hierarchy. By FGO class typing rules a FGO class has the same owner parameter as its superclass
Deep Ownership Invariance • Proof (Sketch): • Consider a class C and a variable v:T in that class. • Owner(T) can be one of the following: • This, World • one of the formal method parameters • one of the owners of the type parameters of C • This < Owner < World • For each owner O of one of the type parameters: Owner <: O • Formal method parameters are enforced in the same way as type parameters
OGJ Implementation • Implemented as an extension to Java 5 compiler. • The extension includes added ownership domains and FGO formal system constraints enforcement • The compiler creates owner classes automatically and disposes them when type checking is complete. • Owner classes: World, This, Package, Class • To implement confinement the compiler replaces every occurrence of ownership domain name with the appropriate owner class
OGJ Implementation – cont • The compiler ensures that only expressions referring to the current instance can access types whose owner is a This domain owner class • The compiler ensure that ownership information cannot be lost. Only preserving ownership type-casts are allowd.
Future Work and Conclusion • Contribution summary: Generic Ownership, FGO formal model, Ownership Generic Java Implementation • Programs using GO are slightly more complex than programs using just generic types • In the future authors plan to develop a set of design patterns for programmers whishing to make use of ownership in their programs