Types for Deep/Shallow Cloning Ka Wai Cheng Imperial College London Department of Computing June 26, 2012
Motivation Our system Untrusted code Query state Outsider Interface Internal State
Motivation Our system Untrusted code Query state Outsider Interface Internal Internal State State Clone
Shallow & Deep Cloning oCollege Cloning in Java: department ◮ Shallow cloning: oDepartment default clone() method students ◮ Deep cloning: oStudentList serialization ◮ In between shallow & deep head cloning: oNode custom clone() student implementation oStudent
Shallow Clone of oDepartment oCollege department oDepartment ′ oDepartment students students Default clone() method oStudentList ◮ Clone too little head oNode student oStudent
Shallow Clone of oDepartment oCollege department oDepartment ′ oDepartment students students Default clone() method oStudentList ◮ Clone too little head next oNode oNode 2 student student oStudent oStudent 2
Deep Clone of oDepartment oCollege department oDepartment oDepartment ′ students students Serialization ◮ Clone too oStudentList oStudentList ′ much head head oNode oNode ′ student student oStudent oStudent ′
Custom Clone of oDepartment oCollege department Custom clone() oDepartment ′ oDepartment method students students ◮ Programmer’s oStudentList oStudentList ′ responsibility head head ◮ Tedious ◮ Error prone oNode oNode ′ student student oStudent
Ownership Types class College <c> { Department <this> o 1 : College � world � department; } department o 2 : Department � o 1 � class Department <c> { StudentList <this,c> students students; o 3 : StudentList � o 2 , o 1 � } head class StudentList <c1,c2> { o 4 : Node � o 3 , o 1 � Node <this,c2> head; } student class Node <c1,c2> { Student <c2> student; o 5 : Student � o 1 � Node <c1,c2> next; } class Student <c> {}
Ownership Types & Sheep Cloning o 1 : College � world � department o 2 ′ : Department � o 1 � o 2 : Department � o 1 � students students o 3 ′ : StudentList � o 2 ′ , o 1 � o 3 : StudentList � o 2 , o 1 � head head o 4 ′ : Node � o 3 ′ , o 1 � o 4 : Node � o 3 , o 1 � student student o 5 : Student � o 1 �
Deriving Cloning Methods (Proposed in Trust the Clones ) class Node /*<c1,c2>*/ { Student /*<c2>*/ student; Node /*<c1,c2>*/ next; Node clone(){ this .clone( false , false , new IdentityHashMap()); } Node clone(Boolean s1,Boolean s2,Map m){ Object n = m.get( this ); if (n != null ) { return (Node)n; } Node clone = new Node(); m.put( this ,clone); clone.next= s1 ? this .next.clone(s1,s2,m) : this .next; clone.student= s2 ? this .student.clone(s2,m) : this .student; return clone; } }
Contributions ◮ Implementation ◮ Problem of & solution to cloning without Owners-as-Dominators o 5 o 3 o 3 fa fb2 fc fb1 fb2 o 1 o 1 fb1 o 2 o 2 o 4 ◮ Extension for arrays ◮ Extension for subclassing ◮ Extension for generics
Implementation - Java language Extension, CloneCodeGen Compilation process of pre-processor implemented using Polyglot: Source code in Parsing CloneCodeGen AST AST Build types Generate clone code Type check AST AST Other default passes AST Source code Translate in Java
Desired Properties of Cloning ◮ When cloning an object, objects inside are also cloned ◮ When cloning an object, objects outside are not cloned ◮ The clone has the same shape as the original object o 1 ′ o 1 o 1 ′ fc fc fc Bad fa fa fa o 2 ′ o 2 ′ o 2 o 2 ′ Bad 1 Bad 2 ◮ Minimise dynamic information about ownership stored in derived code
Cloning without Owners-as-Dominators Problematic: Non-problematic: Re-entering domain paths (RDP) o 5 o 3 o 3 fa fb2 fc fb1 fb2 o 1 o 1 fb1 o 2 o 2 o 4
Cloning when Re-entering Domain Paths exist: Type Error class A<c> { o 1 : A � world � (in diagram) C<c, this > fa; o 1 ′ : A � world � (in diagram) } o 1 ′ . fa : C � world , o 1 ′ � (by class declaration) class B<c> {} o 1 ′ . fa = o 3 (in diagram) class C<c1,c2> { B<c2> fc; o 3 : C � world , o 1 � (in diagram) } C � world , o 1 ′ � � = C � world , o 1 � fa o 3 : C � world , o 1 � fa fc o 1 ′ : A � world � o 1 : A � world � o 2 ′ : B � o 1 ′ � o 2 : B � o 1 �
Cloning when Re-entering Domain Paths does not exist Referenced objects outside of o 1 are not given o 1 as an owner parameter class B<c> {} class A<c> { class C<c> { B<c> fa1; B<c> fc1; B< this > fa2; B<c> fc2; } } o 5 : B � world � fa1 o 3 fa1 fc1 fc2 o 1 ′ : A � world � o 1 : A � world � fa2 fa2 o 2 o 4 o 2 ′
Preventing Re-entering Domain Paths ◮ We want to allow owners-as-dominators to be broken as long as there are no re-entering domain paths ◮ Re-entering domain paths occur dynamically o 1 : StudentList � world , world � head o 2 : Node � o 1 , world � o 3 : Student � world � student o 1 : StudentList � world , o 4 � o 4 : College � world � head o 2 : Node � o 1 , o 4 � o 3 : Student � o 4 � student ◮ Remove ownership information in derived code
Solution: Prevent Possibility of Re-entering Domain Paths For each class declaration: check relative positions of objects along all field paths class College<c> { Department< this > department; } class Department<c> { StudentList< this ,c> students; } class StudentList<c1,c2> { Node< this ,c2> head; } class Node<c1,c2> { Student<c2> student; Node<c1,c2> next; } class Student<c> {}
Solution: Prevent Possibility of Re-entering Domain Paths If owner of object is: ◮ A formal owner parameter: object is outside this ◮ this : object is inside this ◮ world : object is outside this ◮ A path, p : object is inside this iff object at p is inside this
Solution: Prevent Possibility of Re-entering Domain Paths Example where RDP exists: class A<c> { C<c, this > fa; } class B<c> {} class C<c1,c2> { B<c2> fc; }
Solution: Prevent Possibility of Re-entering Domain Paths Example where RDP does not exist: class A<c> { B<c> fa1; B< this > fa2; } class B<c> {} class C<c> { B<c> fc1; B<c> fc2; }
Solution: Prevent Possibility of Re-entering Domain Paths Formalisation Program , P = ClassId → ( c × ( FieldId → type ) × ( MethId → meth )) F ( P , C , f ) = P ( C ) ↓ 2 ( f ) Fs ( P , C ) = { f | F ( P , C , f ) is defined } O ( P , C ) = P ( C ) ↓ 1 EType ::= ClassId � por � PathOrOwner , po ::= p | ca PG : EType → ( FieldId → EType ) Path Graph OG : EType → ( Path ) Original Graph
Solution: Prevent Possibility of Re-entering Domain Paths Formalisation inside : OriginGraph × PathOrOwner → Boolean po = this true po = world false inside ( OG , po ) = false po = ca inside ( OG , po 1 ) otherwise where OG ( C � po 1 , ..., po n � ) = po
Solution: Prevent Possibility of Re-entering Domain Paths Formalisation The pair ( PG , OG ) is complete for a class C in program P iff the following conditions hold: ◮ C � c 1 , ..., c n � ∈ dom ( PG ) where C ∈ dom ( P ) and O ( P , C ) = c 1 , ..., c n ◮ Fs ( P , C ) = dom ( PG ( C � c 1 , ..., c n � )) ◮ OG ( C � c 1 , ..., c n � ) = this ◮ For any D ∈ dom ( P ) and any field, f : � D � d 1 , ... d n � ∈ { range ( fToET ) | fToET ∈ range ( PG ) } and F ( P , D , f ) = t = ⇒ PG ( D � d 1 , ..., d n � ) = t ′ and OG ( t ′ ) = OG ( D � d 1 , ..., d n � ) . f where t ′ = t [ d 1 , ..., dn / O ( P , D ) , OG ( D � d 1 , ..., d n � ) / this ]
Solution: Prevent Possibility of Re-entering Domain Paths Formalisation If ( PG , OG ) is complete for class C in program P , then a C object may have RDP’s iff : ∃ D � d 1 , ..., d n � , E � e 1 , ... e n � , f : PG ( D � d 1 , ..., d n � )( f ) = E � e 1 , ... e n � and D � d 1 , ... d n � � = C � O ( P , C ) � and ¬ inside ( OG , d 1 ) and inside ( OG , e 1 )
Arrays o 1 o 2 : A � o 1 , world � fcs o 3 : C � world � [] � o 1 � [] � o 2 � o 4 : C � world � [] � o 1 � o 5 : C � world � [] � o 1 � o 6 : C � world � Problems/considerations: ◮ Array elements may have different owner parameters than the array object ◮ Array class is predefined in Java ◮ Multi-dimensional arrays
Arrays o 1 o 2 : A � o 1 , world � fcs o 3 : C � world � [] � o 1 � [] � o 2 � o 4 : C � world � [] � o 1 � o 5 : C � world � [] � o 1 � o 6 : C � world � For o 3 : C � world � [] � o 1 � [] � o 2 � o 2 = owner of 2-dimensional array object o 1 = owner of 1-dimensional array objects C � world � = array leaf elements
Arrays o 1 o 2 : A � o 1 , world � fcs o 3 : C � world � [] � o 1 � [] � o 2 � o 4 : C � world � [] � o 1 � o 5 : C � world � [] � o 1 � o 6 : C � world � class A<c1,c2> { C<c2>[]<c1>[]< this > fcs; } class B<c> {} class C<c> {}
Recommend
More recommend
