ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks

This paper presents a new static type system for multithreaded programs; well-typed programs in our system are guaranteed to be free of data races and deadlocks. Our type system allows programmers to partition the locks into a fixed number of equivalence classes and specify a partial order among the equivalence classes. The type checker then statically verifies that whenever a thread holds more than one lock, the thread acquires the locks in the descending order.Our system also allows programmers to use recursive tree-based data structures to describe the partial order. For example, programmers can specify that nodes in a tree must be locked in the tree order. Our system allows mutations to the data structure that change the partial order at runtime. The type checker statically verifies that the mutations do not introduce cycles in the partial order, and that the changing of the partial order does not lead to deadlocks. We do not know of any other sound static system for preventing deadlocks that allows changes to the partial order at runtime.Our system uses a variant of ownership types to prevent data races and deadlocks. Ownership types provide a statically enforceable way of specifying object encapsulation. Ownership types are useful for preventing data races and deadlocks because the lock that protects an object can also protect its encapsulated objects. This paper describes how to use our type system to statically enforce object encapsulation as well as prevent data races and deadlocks. The paper also contains a detailed discussion of different ownership type systems and the encapsulation guarantees they provide.

[1]  Per Brinch Hansen,et al.  The programming language Concurrent Pascal , 1975, IEEE Transactions on Software Engineering.

[2]  J. J. Horning,et al.  Report on the programming language Euclid , 1977, SIGP.

[3]  Andrew M. Lister The problem of nested monitor calls , 1977, OPSR.

[4]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[5]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[6]  Edith Schonberg,et al.  Detecting access anomalies in programs with critical sections , 1991, PADD '91.

[7]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[8]  Richard C. Holt,et al.  The Geneva convention on the treatment of object aliasing , 1992, OOPS.

[9]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[10]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[11]  Andrew C. Myers,et al.  Subtypes vs. where clauses: constraining parametric polymorphism , 1995, OOPSLA.

[12]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[13]  Naftaly H. Minsky Towards Alias-Free Pointers , 1996, ECOOP.

[14]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[15]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[16]  S. Savage,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997 .

[17]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[18]  Stephen N. Freund,et al.  Adding type parameterization to the Java language , 1997, OOPSLA '97.

[19]  Paulo Sérgio Almeida Balloon Types: Controlling Sharing of State in Data Types , 1997, ECOOP.

[20]  Andrew C. Myers,et al.  Parameterized types for Java , 1997, POPL '97.

[21]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[22]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[23]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[24]  Martin Odersky,et al.  Making the future safe for the past: adding genericity to the Java programming language , 1998, OOPSLA '98.

[25]  Matthias Felleisen,et al.  Classes and mixins , 1998, POPL '98.

[26]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[27]  Peter M Uller,et al.  Universes: a type system for controlling representation exposure , 1999 .

[28]  David F. Bacon,et al.  Guava: a dialect of Java without data races , 2000, OOPSLA '00.

[29]  Mirko Viroli,et al.  Parametric polymorphism in Java: an approach to translation based on reflective features , 2000, OOPSLA '00.

[30]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[31]  Michael I. Schwartzbach,et al.  The pointer assertion logic engine , 2000, PLDI '01.

[32]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[33]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[34]  Atsushi Igarashi,et al.  A generic type system for the Pi-calculus , 2001, POPL '01.

[35]  Thomas R. Gross,et al.  Object race detection , 2001, OOPSLA '01.

[36]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[37]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[38]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[39]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[40]  Martin Rinard,et al.  Safe Runtime Downcasts With Ownership Types , 2002 .

[41]  Liuba Shrira,et al.  Ownership Types and Safe Lazy Upgrades in Object-Oriented Databases , 2002 .

[42]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[43]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[44]  Sagar Chaki,et al.  Types as models: model checking message-passing programs , 2002, POPL '02.

[45]  Viktor Kuncak,et al.  Role analysis , 2002, POPL '02.

[46]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[47]  K. Rustan M. Leino,et al.  Using data groups to specify and check side effects , 2002, PLDI '02.