Featherweight Generic Ownership

1
Featherweight Generic Ownership

• Alex Potanin, James Noble
• Victoria University of Wellington
• Dave Clarke
• CWI, Netherlands
• Robert Biddle
• Carlton University

19/7/2005
Encapsulation Seminar TAU 2006 Presented by Ziv
Haddad
2
Outline

• Introduction
• FGO formal model and Guarantees
• OGJ Implementation
• Conclusion

3
A Java implementation of a Map class

• public class Map
• private Vector nodes
• void put(Comparable key, Object value)
• nodes.add(new Node(key, value))
• Object get(Comparable k)
• Iterator i nodes.iterator()
• while (i.hasNext())
• Node mn (Node) i.next()
• if (((Comparable) mn.key).equals(k))
• return mn.value
• return null
• class Node
• public Object key public Object value
• Node(Object key, Object value)

4
A Generic implementation of a Map class

• public class MapltKey extends Comparable, Valuegt
• private VectorltNodeltKey, Valuegtgt nodes
• void put(Key key, Value value)
• nodes.add(new NodeltKey, Valuegt(key, value))
• Value get(Key k)
• IteratorltNodeltKey, Valuegtgt I
  nodes.iterator()
• while (i.hasNext())
• NodeltKey, Valuegt mn i.next()
• if (mn.key.equals(k))
• return mn.value
• return null
• class NodeltKey extends Comparable, Valuegt
• public Key key public Value value
• Node(Key key, Value value)

5
An Ownership Types implementation of a Map class

• public class MapltmOwner, kOwner, vOwnergt
• private Vectorltthis, thisgt nodes
• void put(ComparableltkOwnergt key, ObjectltvOwnergt
  value)
• nodes.add(new Nodeltthis, kOwner, vOwnergt(key,
  value))
• ObjectltvOwnergt get(ComparableltkOwnergt key)
• Iteratorltthis, thisgt i nodes.iterator()
• while (i.hasNext())
• Nodeltthis, kOwner, vOwnergt mn (Nodeltthis,
  kOwner, vOwnergt) i.next()
• if (mn.key.equals(key))
• return mn.value
• return null
• class NodeltmapNodeOwner, kOwner, vOwnergt
• public ComparableltkOwnergt key
• public ObjectltvOwnergt value

6
A combined generic and ownership types
implementation of a Map class

• public class MapltmOwnergtKeyltkOwnergt extends
  ComparableltkOwnergt,ValueltvOwnergt
• private VectorltthisgtNodesltthisgtKeyltkOwnergt,Valu
  eltvOwnergt nodes
• void put(KeyltkOwnergt key, ValueltvOwnergt value)
• nodes.add(new NodeltthisgtKeyltkOwnergt,
  ValueltvOwnergt(key, value))
• ValueltvOwnergt get(KeyltkOwnergt key)
• IteratorltthisgtNodesltthisgtKeyltkOwnergt,ValueltvOw
  nergt i nodes.iterator()
• while(i.hasNext())
• NodeltthisgtKeyltkOwnergt,ValueltvOwnergt mn
  i.next()
• if (mn.key.equals(k))
• return mn.value
• return null
• class NodeltmapNodeOwnergtKeyltkOwnergt extends
  ComparableltkOwnergt,ValueltvOwnergt
• public KeyltkOwnergt key
• public ValueltvOwnergt value

7
Generic Ownership

• A new linguistic mechanism that combines
  genericity and ownership into a simple language
• Treats ownership as an additional kind of generic
  type information
• Existing generic type systems can be extended to
  carry ownership information with only minimal
  changes
• Ownership Generic Java (OGJ) Implemented as an
  extension to Java 5

8
Generic Ownership Implementation of map class

• public class MapltKey extends Comparable,Value,
  Owner extends Worldgt
• private VectorltNodeltKey, Value, Thisgt,Thisgt
  nodes
• public void put(Key key, Value value)
• nodes.add(new NodeltKey, Value, Thisgt(key,
  value))
• public Value get(Key key)
• IteratorltNodeltKey, Value, Thisgt, Thisgt i
  nodes.iterator()
• while (i.hasNext())
• NodeltKey, Value, Thisgt mn i.next()
• if (mn.key.equals(key))
• return mn.value
• return null
• class NodeltKey extends Comparable, Value,
• Owner extends Worldgt
• public Key key public Value value

9
Featherweight (Generic) Java

• A minimal core calculus for modeling Javas type
  systems
• The design of FJ favors compactness over
  completeness
• Supports only five forms of expressions object
  creation, method invocation, field access,
  casting and variables
• Featherweight Generic java adds generic types for
  FJ

10
FJ Program Example
11
FJ Syntax, Subtyping, and Auxiliary functions
12
Formalizing Generic Ownership

• Generic Ownership is formalized as an imperative
  extension of Featherweight Generic Java
• Last type parameter is used to record an objects
  owner
• All FGO classes descend from a new parameterized
  root ObjectltOgt

13
Another Example

• class m.MainltOwner extends Worldgt extends
  ObjectltOwnergt
• m.Main() super()
• p.OwnedStackltObjectltWorldgt,Worldgt public()
• return new p.OwnedStackltObjectltWorldgt,Worldgt
• p.OwnedStackltm.MainltWorldgt,Mgt confined()
• return new p.OwnedStackltm.MainltWorldgt,Mgt
• p.OwnedStackltm.MainltMgt,Thisgt private()
• return new p.OwnedStackltm.MainltMgt,Thisgt

14
Manifest Ownership

• Manifest Ownership allow classes without explicit
  owner type parameters
• A manifest FGO class owner is fixed (all objects)
• class PublicStack extends p.OwnedStackltWorldgt
• Manifest ownership allows us to fit existing FGJ
  classes into the FGO class hierarchy
• class Object extends ObjectltWorldgt
• class Stack extends Object

15
FGO Classes and Owner Classes
16
Different Kinds of Ownership

• FGO supports deep ownership
• In addition FGO also support static (package)
  ownership via package owner classes.
• FGO can be adjusted to support shallow ownership
  instead of deep ownership

17
FGO Type System
18
FGO Type System
Ownership syntax
Auxiliary Functions
19
FGO Judgments
20
Owner Lookup

• In the case of a manifest class the owner is
  found by traversing the class hierarchy

21
this Function
Replaces occurrences of This.

• Used extensively during the typing of FGO
  expressions, to enforce valid use of owner
  classes.
• There are two use case for the this function

22
this Function First use

• Used during the validation of class declaration
• Every expression containing a method call or a
  field access is checked to see if any of the
  types involved contain This as an owner class. If
  they do then the method call or field access is
  only allowed on this.

Class PhoneBookltOwner extends Worldgt void
fill(PhoneBookltOwnergt otherPhoneBook)
otherPhoneBook.addRecord(new
RecordltThisgt())
23
this Function Second use

• Used during reduction of FGO expressions.
• The permission P given to this is the current
  location l
• Any occurrence of class This is replaced by a
  more appropriate location-specific Thisl.

24
Subtyping and Well formedness
Highlighted bit is essential for deep
ownership. Intuition class MyList
ltObjectltWorldgt, Pgt extends ListltT, Ownergt -
OK class MyList ltObjectltPgt, Worldgt extends
ListltT, Ownergt - NOT OK
25
Visibility Rules

• FGO contributes FGJ a set of visibility rules
  which define owner and type visibility

26
Class and Method Typing rules
27
Type Soundness
Proof Using structural induction on the
reduction rules
Proof Based on all the possible expression types.
The Type Soundness is immediate from the
Preservation and Progress Theorem.
28
Ownership Invariance
Proof By induction on the depth of the subtype
hierarchy. By FGO class typing rules a FGO class
has the same owner parameter as its superclass
29
Deep Ownership Invariance

• Proof (Sketch)
• Consider a class C and a variable vT in that
  class.
• Owner(T) can be one of the following
• This, World
• one of the formal method parameters
• one of the owners of the type parameters of C
• This lt Owner lt World
• For each owner O of one of the type parameters
  Owner lt O
• Formal method parameters are enforced in the same
  way as type parameters

30
OGJ Implementation

• Implemented as an extension to Java 5 compiler.
• The extension includes added ownership domains
  and FGO formal system constraints enforcement
• The compiler creates owner classes automatically
  and disposes them when type checking is
  complete.
• Owner classes World, This, Package, Class
• To implement confinement the compiler replaces
  every occurrence of ownership domain name with
  the appropriate owner class

31
OGJ Implementation cont

• The compiler ensures that only expressions
  referring to the current instance can access
  types whose owner is a This domain owner class
• The compiler ensure that ownership information
  cannot be lost. Only preserving ownership
  type-casts are allowd.

32
Future Work and Conclusion

• Contribution summary Generic Ownership, FGO
  formal model, Ownership Generic Java
  Implementation
• Programs using GO are slightly more complex than
  programs using just generic types
• In the future authors plan to develop a set of
  design patterns for programmers whishing to make
  use of ownership in their programs

33
The End