Separating ownership topology and encapsulation with generic universe types

Ownership is a powerful concept to structure the object store and to control aliasing and modifications of objects. This article presents an ownership type system for a Java-like programming language with generic types. Like our earlier Universe type system, Generic Universe Types structure the heap hierarchically. In contrast to earlier work, we separate the enforcement of an ownership topology from an encapsulation system. The topological system uses an existential modifier to express that no ownership information is available statically. On top of the topological system, we build an encapsulation system that enforces the owner-as-modifier discipline. This discipline does not restrict aliasing, but requires modifications of an object to be initiated by its owner. This allows owner objects to control state changes of owned objects—for instance, to maintain invariants. Separating the topological system from the encapsulation system allows for a cleaner formalization, separation of concerns, and simpler reuse of the individual systems in different contexts.

[1]  Ole Lehrmann Madsen,et al.  Virtual classes: a powerful mechanism in object-oriented programming , 1989, OOPSLA '89.

[2]  Mira Mezini,et al.  Dependent classes , 2007, OOPSLA.

[3]  Bart Jacobs,et al.  Weakest pre-condition reasoning for Java programs with JML annotations , 2004, J. Log. Algebraic Methods Program..

[4]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[5]  Peter Müller,et al.  Ownership transfer in universe types , 2007, OOPSLA.

[6]  Ioannis T. Kassios Dynamic Frames: Support for Framing, Dependencies and Sharing Without Restrictions , 2006, FM.

[7]  John Tang Boyland,et al.  Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only , 2001, ECOOP.

[8]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[9]  Sophia Drossopoulou,et al.  Existential Quantification for Variant Ownership , 2009, ESOP.

[10]  Alex Potanin,et al.  Generic Ownership: a Practical Approach to Ownership and Confinement in Object-Oriented Programming Languages , 2007 .

[11]  Dave Clarke,et al.  External Uniqueness Is Unique Enough , 2003, ECOOP.

[12]  Dachuan Yu,et al.  Variance and Generalized Constraints for C# Generics , 2006, ECOOP.

[13]  Michael D. Ernst,et al.  Tunable universe type inference , 2009 .

[14]  Greg Nelson,et al.  Wrestling with rep exposure , 1998 .

[15]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..

[16]  Jonathan Aldrich,et al.  Using Types to Enforce Architectural Structure , 2008, Seventh Working IEEE/IFIP Conference on Software Architecture (WICSA 2008).

[17]  Andrew M. Pitts,et al.  MJ: An imperative core calculus for Java and Java with effects , 2003 .

[18]  Thomas R. Gross,et al.  Object race detection , 2001, OOPSLA '01.

[19]  Arnd Poetzsch-Heffter,et al.  A Representation-Independent Behavioral Semantics for Object-Oriented Components , 2007, FMOODS.

[20]  Nate Foster,et al.  A Theory of Featherweight Java in Isabelle/HOL , 2006, Arch. Formal Proofs.

[21]  Gary T. Leavens,et al.  Behavioral interface specification languages , 2012, CSUR.

[22]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[23]  Sophia Drossopoulou,et al.  A Unified Framework for Verification Techniques for Object Invariants , 2008, ECOOP.

[24]  Jens Palsberg,et al.  Constrained types for object-oriented languages , 2008, OOPSLA.

[25]  Michael D. Ernst,et al.  Ownership and immutability in generic Java , 2010, OOPSLA.

[26]  Mirko Viroli,et al.  Variant path types for scalable extensibility , 2007, OOPSLA.

[27]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[28]  Vivek Sarkar,et al.  X10: an object-oriented approach to non-uniform cluster computing , 2005, OOPSLA '05.

[29]  Sophia Drossopoulou,et al.  Formalization of Generic Universe Types , 2006 .

[30]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[31]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[32]  Michael D. Ernst,et al.  Javari: adding reference immutability to Java , 2005, OOPSLA '05.

[33]  Gary T. Leavens,et al.  Modular specification of frame properties in JML , 2003, Concurr. Comput. Pract. Exp..

[34]  Erik Ernst,et al.  Family Polymorphism , 2001, ECOOP.

[35]  Jan Vitek,et al.  Flexible Alias Protection , 1998, ECOOP.

[36]  Marwan Abi-Antoun,et al.  Static extraction of sound hierarchical runtime object graphs , 2009, TLDI '09.

[37]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[38]  James Noble,et al.  OGJ gone wild , 2009 .

[39]  K. Rustan M. Leino,et al.  Practical Reasoning About Invocations and Implementations of Pure Methods , 2007, FASE.

[40]  Yi Lu,et al.  Protecting representation with effect encapsulation , 2006, POPL '06.

[41]  Andrew Kennedy,et al.  Design and implementation of generics for the .NET Common language runtime , 2001, PLDI '01.

[42]  Werner Dietl,et al.  Exceptions in Ownership Type Systems , 2004 .

[43]  Mats Skoglund Sharing Objects by Read-Only References , 2002, AMAST.

[44]  Sophia Drossopoulou,et al.  Universe Types for Topology and Encapsulation , 2007, FMCO.

[45]  David Gerard Clarke,et al.  Object ownership and containment , 2003 .

[46]  Jan Vitek,et al.  Scoped Types and Aspects for Real-Time Java , 2006, ECOOP.

[47]  Peter Müller Reasoning about Object Structures Using Ownership , 2005, VSTTE.

[48]  Michael D. Ernst,et al.  Practical pluggable types for java , 2008, ISSTA '08.

[49]  David A. Naumann,et al.  Observational purity and encapsulation , 2005, Theor. Comput. Sci..

[50]  Arnd Poetzsch-Heffter,et al.  Linking Programs to Architectures: An Object-Oriented Hierarchical Software Model Based on Boxes , 2007, CoCoME.

[51]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[52]  Tom Hirschowitz,et al.  Component-oriented programming with sharing: containment is not ownership , 2005, GPCE'05.

[53]  Michael D. Ernst,et al.  Object and reference immutability using Java generics , 2007, ESEC-FSE '07.

[54]  Scott F. Smith,et al.  Pedigree Types , 2008 .

[55]  Martin C. Rinard,et al.  Ownership types for safe region-based memory management in real-time Java , 2003, PLDI '03.

[56]  Sophia Drossopoulou,et al.  Generic Universe Types , 2007, ECOOP.

[57]  Werner Dietl,et al.  Comparing universes and existential ownership types , 2009 .

[58]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[59]  William R. Cook,et al.  A virtual class calculus , 2006, POPL '06.

[60]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[61]  Paulo Sérgio Almeida Balloon Types: Controlling Sharing of State in Data Types , 1997, ECOOP.

[62]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[63]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[64]  K. Rustan M. Leino,et al.  Flexible Immutability with Frozen Objects , 2008, VSTTE.

[65]  Dave Clarke,et al.  Existential Owners for Ownership Types , 2007, J. Object Technol..

[66]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[67]  Anindya Banerjee,et al.  Regional Logic for Local Reasoning about Global Invariants , 2008, ECOOP.

[68]  Marwan Abi-Antoun,et al.  Compile-Time Views of Execution Structure Based on Ownership , 2007 .

[69]  Robert Cartwright,et al.  Soft typing , 2004, SIGP.

[70]  Gary T. Leavens,et al.  Preventing Cross-Type Aliasing for More Practical Reasoning , 2001 .

[71]  Liuba Shrira,et al.  Ownership types for object encapsulation , 2003, POPL '03.

[72]  Yi Lu,et al.  On Ownership and Accessibility , 2006, ECOOP.

[73]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[74]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[75]  Jan Vitek,et al.  Confined types , 1999, OOPSLA '99.

[76]  Tom Ridge,et al.  Ott: effective tool support for the working semanticist , 2007, ICFP '07.

[77]  James Noble,et al.  Saving the world from bad beans: deployment-time confinement checking , 2003, OOPSLA '03.

[78]  Peter M Uller,et al.  Universes: a type system for controlling representation exposure , 1999 .

[79]  Yi Lu,et al.  Validity Invariants and Effects , 2007, ECOOP.

[80]  Jonathan Aldrich,et al.  Permission-based ownership: encapsulating state in higher-order typed languages , 2005, PLDI '05.

[81]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[82]  Stephan Herrmann Gradual Encapsulation , 2008, J. Object Technol..

[83]  Frank Piessens,et al.  Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic , 2009, ECOOP.

[84]  Bart Jacobs,et al.  A Logic for the Java Modeling Language JML , 2001, FASE.

[85]  James Noble,et al.  Saving the world from bad beans: deployment-time confinement checking , 2003, OOPSLA 2003.

[86]  Gary T. Leavens,et al.  Extensions of the theory of observational purity and a practical design for JML , 2008 .

[87]  Yi Lu,et al.  A Type System for Reachability and Acyclicity , 2005, ECOOP.

[88]  Peter Müller,et al.  Universes: Lightweight Ownership for JML , 2005, J. Object Technol..

[89]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[90]  Mirko Viroli,et al.  Lightweight Family Polymorphism , 2005, APLAS.

[91]  Sophia Drossopoulou,et al.  A Model for Java with Wildcards , 2008, ECOOP.

[92]  Tobias Wrigstad,et al.  Ownership-Based Alias Managemant , 2006 .

[93]  Martin Rinard,et al.  Safe Runtime Downcasts With Ownership Types , 2002 .

[94]  Dave Clarke,et al.  Ownership, Uniqueness, and Immutability , 2008, TOOLS.

[95]  D. G. Clarke,et al.  Proceedings of the First International Workshop on Aliasing, Confinement and Ownership in Object-oriented Programming (IWACO) , 2003 .

[96]  Craig Chambers,et al.  Ownership Domains: Separating Aliasing Policy from Mechanism , 2004, ECOOP.

[97]  Werner Dietl,et al.  Ownership Type Systems and Dependent Classes , 2007 .

[98]  Sophia Drossopoulou,et al.  Multiple ownership , 2007, OOPSLA.

[99]  Tobias Nipkow,et al.  A machine-checked model for a Java-like language, virtual machine, and compiler , 2006, TOPL.

[100]  Martin Rinard,et al.  Safejava: a unified type system for safe programming , 2004 .

[101]  Matthias Felleisen,et al.  Program verification through soft typing , 1996, CSUR.

[102]  Nicholas Robert Cameron,et al.  Existential Types for Variance - Java Wildcards and Ownership Types , 2009 .

[103]  Werner Dietl,et al.  Universe Types - Topology, Encapsulation, Genericity, and Tools , 2009 .

[104]  Erik Ernst gbeta - a Language with Virtual Attributes, Block Structure, and Propagating, Dynamic Inheritance , 2000 .

[105]  Mats Skoglund Investigating Object-Oriented Encapsulation in Theory and Practice , 2003 .

[106]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[107]  Erik Poll,et al.  Immutable Objects for a Java-Like Language , 2007, ESOP.

[108]  Frank Piessens,et al.  Safe concurrency for aggregate objects with invariants , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[109]  Martin C. Rinard,et al.  Purity and Side Effect Analysis for Java Programs , 2005, VMCAI.

[110]  Bertrand Meyer,et al.  Object-oriented software construction (2nd ed.) , 1997 .

[111]  Jan Vitek,et al.  Scoped types and aspects for real - time systems , 2006 .

[112]  James Noble,et al.  Featherweight generic confinement , 2006, Journal of Functional Programming.

[113]  Anindya Banerjee,et al.  Representation independence, confinement and access control [extended abstract] , 2002, POPL '02.

[114]  Martin Klebermaß An Isabelle Formalization of the Universe Type System , 2007 .

[115]  James Noble,et al.  Generic ownership for generic Java , 2006, OOPSLA '06.

[116]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[117]  Jean-Louis Lanet,et al.  Java Applet Correctness: A Developer-Oriented Approach , 2003, FME.

[118]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[119]  Arnd Poetzsch-Heffter,et al.  CoBoxes: Unifying Active Objects and Structured Heaps , 2008, FMOODS.

[120]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[121]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[122]  Sophia Drossopoulou,et al.  Tribe: a simple virtual class calculus , 2007, AOSD.

[123]  Marwan Abi-Antoun,et al.  Ownership Domains in the Real World , 2007 .

[124]  Matthias Felleisen,et al.  A Programmer's Reduction Semantics for Classes and Mixins , 1999, Formal Syntax and Semantics of Java.

[125]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[126]  Arnd Poetzsch-Heffter,et al.  Modular Specification of Encapsulated Object-Oriented Components , 2005, FMCO.

[127]  Martin Odersky,et al.  A Nominal Theory of Objects with Dependent Types , 2003, ECOOP.

[128]  Richard C. Holt,et al.  The Geneva convention on the treatment of object aliasing , 1992, OOPS.

[129]  Arnd Poetzsch-Heffter,et al.  A Parameterized Type System for Simple Loose Ownership Domains , 2007, J. Object Technol..

[130]  Michael D. Ernst,et al.  A practical type system and language for reference immutability , 2004, OOPSLA '04.