ownership and immutability in generic java oigj
play

Ownership and Immutability in Generic Java (OIGJ) Yoav Zibin + , - PowerPoint PPT Presentation

Dec 03, 2022 •289 likes •517 views

Ownership and Immutability in Generic Java (OIGJ) Yoav Zibin + , Alex Potanin * Paley Li * , Mahmood Ali ^ , and Michael Ernst $ Presenter: Yossi Gil + + IBM * Victoria,NZ ^ MIT $ Washington Ownership + Immutability Our previous work OGJ:

  1. Ownership and Immutability in Generic Java (OIGJ) Yoav Zibin + , Alex Potanin * Paley Li * , Mahmood Ali ^ , and Michael Ernst $ Presenter: Yossi Gil + + IBM * Victoria,NZ ^ MIT $ Washington

  2. Ownership + Immutability � Our previous work � OGJ: added Ownership to Java � IGJ: added Immutability to Java � This work � OIGJ: combine Ownership + Immutability � The sum is greater than its parts � IGJ could not type-check existing code for creating immutable cyclic data-structures (e.g., lists, trees) � We found a non-trivial connection between ownership and immutability 2/22

  3. Contributions � No refactoring of existing code � Prototype implementation � No syntax changes (uses type-annotations in Java 7) � No runtime overhead � Backward compatible � Verified that Java’s collection classes are properly encapsulated (using few annotations) � Flexibility � OIGJ can type-check more code than previous work: cyclic structures, the factory and visitor design patterns � Formalization � Formalized the concepts of raw/cooked immutable objects and wildcards as owner parameters � Proved soundness 3/22

  4. Problem 1: Representation exposure � Internal representation leaks to the outside � private doesn’t offer real protection! class Class { Real life example! private List signers; private List signers; public List getSigners() { return this.signers; } } Forgot to copy signers! http://java.sun.com/security/getSigners.html Bug: the system thinks that code signed by one identity is signed by a different identity 4/22

  5. Solution for Representation Exposure � Ownership! � Class should own the list signers � No outside alias can exist � Ownership can be nested: note the tree structure Class X signers X entry1 entry2 entryN … X elem1 elem2 elemN … 5/22

  6. Ownership: Owner-as-dominator � Dominators in graph theory � Given: a directed rooted graph � X dominates Y if any path from the root to Y passes X � Owner-as- dominator � Object graph; roots are the static variables � An object cannot leak outside its owner, i.e., � Any path from a root to an object passes its owner � Conclusion: No aliases to internal state 6/22

  7. Problem 2: Unintended Modification � Modification is not explicit in the language � can Map.get() modify the map? � for (Object key : map.keySet()) { map.get(key); } map.get(key); } throws ConcurrentModificationException for the following map new LinkedHashMap(100, 1, true) Reorders elements according to last-accessed (like a cache) 7/22

  8. Solution: Immutability � Varieties of Immutability � Class immutability (like String or Integer in Java) � Object immutability � The same class may have both mutable and immutable instances � Reference immutability � A particular reference cannot be used to mutate its referent (but other aliases might cause mutations) class Student { Example in IGJ syntax @Immutable Date dateOfBirth; … void setTutor(@ReadOnly Student tutor) @Mutable { … } } Method may modify the this object 8/22

  9. Objects vs. References � Objects � mutable or immutable � Creation of an immutable object � Raw state: Fields can be assigned Raw state: Fields can be assigned � Cooked state: Fields cannot be assigned � References � mutable, immutable, or readonly 9/23

  10. Challenge: Cyclic Immutability � Cooking a cyclic data-structure is complicated � Many objects must be raw simultaneously to manipulate backward pointers � Then everything must become immutable Then everything must become immutable simultaneously � OIGJ’s novel idea: � Prolong the cooking phase by using ownership information � Enables creation of immutable cyclic structures

  11. Cooking immutable objects � Previous work � An object becomes cooked when its constructor finishes � OIGJ’s observation � OIGJ’s observation � An object becomes cooked when its owner’s constructor finishes � The outside world will not see this cooking phase � The complex object with its representation becomes immutable simultenously 11/22

  12. Cooking LinkedList (1 of 2) Sun’s code is similar 1 : LinkedList(Collection<E> c) { 2 : this(); 3 : Entry<E> succ = this.header, pred = succ.prev; 4 : for (E e : c) { 5 : Entry<E> entry = 6 : new Entry<E>(e,succ,pred); 7 : // An entry is modified after it’s constructor finished 8 : pred.next = entry; pred = entry; 8 : pred.next = entry; pred = entry; 9 : } 10: succ.prev = pred; 11: } � No refactoring – the original code must compile in OIGJ 12/22

  13. Cooking LinkedList (2 of 2) Sun’s code is similar 1 : LinkedList(@ReadOnly Collection<E> c) @Raw { 2 : this(); 3 : @This @I Entry<E> succ = this.header, pred = succ.prev; 4 : for (E e : c) { 5 : @This @I Entry<E> entry = 6 : new @This @I Entry<E>(e,succ,pred); 7 : // An entry is modified after it’s constructor finished 8 : pred.next = entry; pred = entry; 8 : pred.next = entry; pred = entry; 9 : } 10: succ.prev = pred; Code in OIGJ; Annotations next slide. 11: } � The list owns its entries � Therefore, it can mutate them, even after their constructor finished 13/22

  14. Hierarchies in OIGJ ReadOnly World Raw Immut This Mutable Ownership hierarchy Immutability hierarchy World – anyone can access ReadOnly – no modification This – this owns the object Raw – object under construction 14/22

  15. OIGJ syntax: fields (1 of 2) 1:class Foo { 2: // An immutable reference to an immutable date. @O @Immut Date imD = new @O @Immut Date (); 3: // A mutable reference to a mutable date. @O @Mutable Date mutD = new @O @Mutable Date(); 4: // A readonly reference to any date. Both roD and imD cannot mutate // their referent, however the referent of roD might be mutated by an // alias, whereas the referent of imD is immutable. // imD @O @ReadOnly Date roD = ... ? imD : mutD; 5: // A date with the same owner and immutability as this @O @I Date sameD; 6: // A date owned by this ; it cannot leak. @This @I Date ownedD; 7: // Anyone can access this date. @World @I Date publicD; � Two annotations per type 15/22

  16. OIGJ syntax: methods (2 of 2) 8 : // Can be called on any receiver; cannot mutate this . int readonlyMethod() @ReadOnly {...} 9 : // Can be called only on mutable receivers; can mutate this . void mutatingMethod() @Mutable {...} 10: // Constructor that can create (im)mutable objects. Foo(@O @I Date d) @Raw { 11: this.sameD = d; 12: this.ownedD = new @This @I Date (); 12: this.ownedD = new @This @I Date (); 13: // Illegal, because sameD came from the outside. // this.sameD.setTime(...); 14: // OK, because Raw is transitive for owned fields. this.ownedD.setTime(...); 15: } � Method receiver’s annotation has a dual purpose: � Determines if the method is applicable. � Inside the method, the bound of @I is the annotation. 16/22

  17. Formalization: Featherweight OIGJ � Novel idea: Cookers � Every object o in the heap is of the form: o � Foo<o’,Mutable> o � Foo<o’,Immut > o” or � o’ is the owner of o o’ is the owner of o � o” is the cooker of o , i.e., when the constructor of o” finishes then o becomes cooked � We keep track of the set of ongoing constructors � Subtyping rules connect cookers and owners � Proved soundness and type preservation 17/22

  18. Case studies � Implementation uses the checkers framework � Only 1600 lines of code (but still a prototype) � Requires type annotations available in Java 7 � Java’s Collections case study � 77 classes, 33K lines of code � 85 ownership-related annotations � 46 immutability-related annotations 18/22

  19. Case studies conclusions � Verified that collections own their representation � Method clone is problematic � clone makes a shallow copy that breaks ownership � Our suggestion: compiler-generated clone that nullifies fields, and then calls a copy-constructor 19/22

  20. Previous Work � Universes � Relaxed owner-as- dominator to owner-as- modifier � ReadOnly references can be freely shared � Constrains modification instead of aliasing, i.e., � Constrains modification instead of aliasing, i.e., only the owner can modify an object � Reference immutability: � C++’s const � Javari 20/22

  21. Future work � Inferring ownership and immutability annotations � Bigger case study � Extending OIGJ � owner-as-modifier � uniqueness or external uniqueness 21/22

  22. Conclusions � Ownership Immutability Generic Java (OIGJ) � Simple, intuitive, small � Static – no runtime penalties (like generics) � Backward compatible, no JVM changes � Case study proving usefulness � Formal proof of soundness � Paper submitted to OOPSLA. Links: http://ecs.victoria.ac.nz/twiki/pub/Main/Technical � ReportSeries/ http://code.google.com/p/checker-framework/ � http://code.google.com/p/ownership-immutability/ � 22/22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Definition of a simple generic class Why generic programming (cont.) class Pair &lt;T&gt; {

1 Definition of a simple generic class Why generic programming (cont.) class Pair &lt;T&gt; {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Object and Reference Immutability using Java Generics Yoav Zibin, Alex Potanin(*), Mahmood Ali,

Object and Reference Immutability using Java Generics Yoav Zibin, Alex Potanin(*), Mahmood Ali,

Object and Reference Immutability using Java Generics Yoav Zibin, Alex Potanin(*), Mahmood Ali, Shay Artzi, Adam Kiezun, and Michael D. Ernst MIT Computer Science and Artificial Intelligence Lab, USA * Victoria University of Wellington, New

336 views • 22 slides
Generic Types in Java 4003-232-06 (Winter 2006-2007) Week 5: Generics, (Ch. 21 in Liang) Java

Generic Types in Java 4003-232-06 (Winter 2006-2007) Week 5: Generics, (Ch. 21 in Liang) Java

Computer Science II Generic Types in Java 4003-232-06 (Winter 2006-2007) Week 5: Generics, (Ch. 21 in Liang) Java Collection Framework Richard Zanibbi Rochester Institute of Technology What are Generic Types or Example: Comparable

334 views • 6 slides
OwnKit: Inferring Modularly Checkable Ownership Annotations for Java Constantine Dymnikov, David

OwnKit: Inferring Modularly Checkable Ownership Annotations for Java Constantine Dymnikov, David

OwnKit: Inferring Modularly Checkable Ownership Annotations for Java Constantine Dymnikov, David J. Pearce and Alex Potanin School of Engineering and Computer Science Victoria University of Wellington What is Ownership? Ownership is an approach

414 views • 15 slides
What are Generics? e.g. Generics, Generic Programming, Generic Types, Generic Methods 6

What are Generics? e.g. Generics, Generic Programming, Generic Types, Generic Methods 6

What are Generics? e.g. Generics, Generic Programming, Generic Types, Generic Methods 6 Defining the idea Behind Java Generics Data Types are now used as Type Parameters 7 Defining the idea Behind Java Generics Generic Types: generic

601 views • 23 slides
Buy a Feature Adventure in Immutability and Actors David Pollak CUFP September 26 th , 2008

Buy a Feature Adventure in Immutability and Actors David Pollak CUFP September 26 th , 2008

Buy a Feature Adventure in Immutability and Actors David Pollak CUFP September 26 th , 2008 David Pollak Not strict, but pretty lazy Lead developer for Lift web framework Scala since November 2006, Ruby/Rails, Java/J2EE

411 views • 27 slides
OOPSLA 2004, Vancouver 1 Introduction: generic types in Java 1.5 The

OOPSLA 2004, Vancouver 1 Introduction: generic types in Java 1.5 The

Alan Donovan, Adam Kieun Matthew Tschantz, Michael Ernst MIT Computer Science &amp; AI Lab OOPSLA 2004, Vancouver 1 Introduction: generic types in Java 1.5

620 views • 37 slides
On the Benefits of Adding Modes on Owners a work in progress Ownership, Uniqueness and

On the Benefits of Adding Modes on Owners a work in progress Ownership, Uniqueness and

On the Benefits of Adding Modes on Owners a work in progress Ownership, Uniqueness and Immutability Johan stlund Tobias Wrigstad Dave Clarke Beatrice kerblom Imagine a linked list with students at some university Imagine a

619 views • 29 slides
Type Erasure 86 What is Type Erasure? The way for the Java

Type Erasure 86 What is Type Erasure? The way for the Java

Type Erasure 86 What is Type Erasure? The way for the Java compiler to generate byte code which implements our Generic Types &amp; Generic Methods Type

276 views • 15 slides
JavaD: Bringing Ownership Domains to Mainstream Java Marwan Abi-Antoun Ph.D. Project

JavaD: Bringing Ownership Domains to Mainstream Java Marwan Abi-Antoun Ph.D. Project

JavaD: Bringing Ownership Domains to Mainstream Java Marwan Abi-Antoun Ph.D. Project Presentation 17-754: Analysis of Software Artifacts Some slides adapted from a talk by Neelakantan Krishnaswami

628 views • 11 slides
A Comparison of A Comparison of Generic Template Support: Generic Template Support: Ada, C++,

A Comparison of A Comparison of Generic Template Support: Generic Template Support: Ada, C++,

Presentation cover page EU A Comparison of A Comparison of Generic Template Support: Generic Template Support: Ada, C++, C#, and Java Ada, C++, C#, and Java , , , , , , Ben Brosgol brosgol@adacore.com www.adacore.com d

214 views • 20 slides
Type-based Object Immutability with Flexible Initialization Christian Haack 1 , 2 and Erik

Type-based Object Immutability with Flexible Initialization Christian Haack 1 , 2 and Erik

Type-based Object Immutability with Flexible Initialization Christian Haack 1 , 2 and Erik Poll 1 1 Radboud University, Nijmegen 2 aicas GmbH, Karlsruhe Abstract. We present a type system for checking object immutability, read-only

390 views • 25 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Generics in Java Marc Framvig-Antonsen &amp; Jens Svensson Introduced in JDK1.5 Classes,

Generics in Java Marc Framvig-Antonsen &amp; Jens Svensson Introduced in JDK1.5 Classes,

Generics in Java Marc Framvig-Antonsen &amp; Jens Svensson Introduced in JDK1.5 Classes, Class methods and Interfaces can be generic Generic types are erased by type erasure in the compiled program At runtime there exist only one

384 views • 27 slides
Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been

Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been

Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been parameterized. n A class that is defined with a parameter for a type is called a generic or a parameterized class. In C++, there were referred to as

300 views • 12 slides
Tunable Static Inference for Generic Universe Types Werner Dietl Michael Ernst &amp; Peter

Tunable Static Inference for Generic Universe Types Werner Dietl Michael Ernst &amp; Peter

Tunable Static Inference for Generic Universe Types Werner Dietl Michael Ernst &amp; Peter Mller Generic Universe Types (GUT) Lightweight ownership type system Heap topology Owner-as-Modifier encapsulation discipline Glimpse

840 views • 40 slides
Building Your Personal Brand IT REALLY IS ALL ABOUT YOU! Discover and Create your own brand

Building Your Personal Brand IT REALLY IS ALL ABOUT YOU! Discover and Create your own brand

Building Your Personal Brand IT REALLY IS ALL ABOUT YOU! Discover and Create your own brand Lets do our own research: How many brands of shampoo can you name? Lets do our own research: How many brands of shampoo can you name? The

590 views • 47 slides
Setting DBMS must allow concurrent access to databases. Imagine a bank where account

Setting DBMS must allow concurrent access to databases. Imagine a bank where account

Setting DBMS must allow concurrent access to databases. Imagine a bank where account information is Database Transactions stored in a database not allowing concurrent access. Then only one person could do a withdrawal in an ATM machine

583 views • 9 slides
t Wait a few blocks until you Txn=#871 George Anna 1 . can say that the transaction is

t Wait a few blocks until you Txn=#871 George Anna 1 . can say that the transaction is

RECAP View of someone who wants to make a transaction Block = # Prev = # B 1 B 2 ... B 8 B 9 B 10 B ... B Txn #871 t Wait a few blocks until you Txn=#871 George Anna 1 . can say that the transaction is

580 views • 20 slides
Object Ownership in Program Verification Werner Dietl - University of Washington Peter Mller -

Object Ownership in Program Verification Werner Dietl - University of Washington Peter Mller -

Object Ownership in Program Verification Werner Dietl - University of Washington Peter Mller - ETH Zrich Presentation by Roman Schmocker Motivation Object Ownership The basic concepts Goal: Information on Heap structuring

527 views • 27 slides
Whats next for Traditional Functional QA Managers? JIM TRENTADUE OCTOBER 2017

Whats next for Traditional Functional QA Managers? JIM TRENTADUE OCTOBER 2017

NW SOFTW ARE QUALITY CIFIC CONFERENCE A P Whats next for Traditional Functional QA Managers? JIM TRENTADUE OCTOBER 2017 JIM.TRENTADUE@OUTLOOK.COM PNSQC NW SOFTW ARE QUALITY CIFIC CONFERENCE A P Agenda Agile evolution

631 views • 15 slides
Selective Ownership: Combining Object and Type Hierarchies for Flexible Sharing Stephanie

Selective Ownership: Combining Object and Type Hierarchies for Flexible Sharing Stephanie

Selective Ownership: Combining Object and Type Hierarchies for Flexible Sharing Stephanie Balzer, Thomas R. Gross, and Peter Mller School of Computer Science, Carnegie Mellon University Department of Computer Science, ETH Zurich FOOL 2012

1.53k views • 130 slides
Leadership via Leadership via Shared Ownership Shared Ownership An Approach to Co-Managing a

Leadership via Leadership via Shared Ownership Shared Ownership An Approach to Co-Managing a

Leadership via Leadership via Shared Ownership Shared Ownership An Approach to Co-Managing a An Approach to Co-Managing a An Approach to Co-Managing a Digital Scholarship Center Hello! Were the Freedman Center team Jared Amanda

589 views • 21 slides
CS 188: Artificial Intelligence Nave Bayes Instructors: Sergey Levine and Stuart Russell ---

CS 188: Artificial Intelligence Nave Bayes Instructors: Sergey Levine and Stuart Russell ---

CS 188: Artificial Intelligence Nave Bayes Instructors: Sergey Levine and Stuart Russell --- University of California, Berkeley [These slides were created by Dan Klein, Pieter Abbeel, Sergey Levine, with some materials from A. Farhadi. All

771 views • 45 slides

More recommend