Flexible Immutability with Frozen Objects

Object immutability is a familiar concept that allows safe sharing of objects. Existing language support for immutability is based on immutable classes. However, class-based approaches are restrictive because programmers can neither make instances of arbitrary classes immutable, nor can they control when an instance becomes immutable. These restrictions prevent many interesting applications where objects of mutable classes go through a number of modifications before they become immutable. This paper presents a flexible technique to enforce the immutability of individual objects by transferring their ownership to a special freezer object, which prevents further modification. The paper demonstrates how immutability facilitates program verification by extending the Boogie methodology for object invariants to immutable objects. The technique is based on Spec#'s dynamic ownership, but the concepts also apply to other ownership systems that support transfer.

[1]  Erik Ernst,et al.  ECOOP 2007 - Object-Oriented Programming, 21st European Conference, Berlin, Germany, July 30 - August 3, 2007, Proceedings , 2007, ECOOP.

[2]  Michael D. Ernst,et al.  Javari: adding reference immutability to Java , 2005, OOPSLA '05.

[3]  K. Rustan M. Leino,et al.  Verification of Equivalent-Results Methods , 2008, ESOP.

[4]  K. Rustan M. Leino,et al.  Using History Invariants to Verify Observers , 2007, ESOP.

[5]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[6]  Dave Clarke,et al.  Ownership, Uniqueness, and Immutability , 2008, TOOLS.

[7]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[8]  Yi Lu,et al.  Validity Invariants and Effects , 2007, ECOOP.

[9]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[10]  Erik Poll,et al.  Immutable Objects for a Java-Like Language , 2007, ESOP.

[11]  Sophia Drossopoulou Programming Languages and Systems, 17th European Symposium on Programming, ESOP 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings , 2008, ESOP.

[12]  Martin Odersky ECOOP 2004 – Object-Oriented Programming , 2004, Lecture Notes in Computer Science.

[13]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[14]  Michael D. Ernst,et al.  Object and reference immutability using Java generics , 2007, ESEC-FSE '07.

[15]  Luca Cardelli,et al.  ECOOP 2003 – Object-Oriented Programming , 2003, Lecture Notes in Computer Science.

[16]  Martin Rinard,et al.  Safejava: a unified type system for safe programming , 2004 .

[17]  K. Rustan M. Leino,et al.  Class-local object invariants , 2008, ISEC '08.

[18]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[19]  Songtao Xia,et al.  Establishing object invariants with delayed types , 2007, OOPSLA.

[20]  Sophia Drossopoulou,et al.  A Unified Framework for Verification Techniques for Object Invariants , 2008, ECOOP.

[21]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[22]  David A. Naumann,et al.  Observational purity and encapsulation , 2005, Theor. Comput. Sci..

[23]  Peter Müller,et al.  Ownership transfer in universe types , 2007, OOPSLA.

[24]  Dave Clarke,et al.  External Uniqueness Is Unique Enough , 2003, ECOOP.

[25]  Peter Müller,et al.  Reasoning About Method Calls in Interface Specifications , 2006, J. Object Technol..

[26]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[27]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[28]  K. Rustan M. Leino,et al.  Practical Reasoning About Invocations and Implementations of Pure Methods , 2007, FASE.

[29]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.