ABSTRACT
Ownership simplifies reasoning about object-oriented programs by controlling aliasing and modifications of objects. Several type systems have been proposed to express and check ownership statically.
For ownership systems to be practical, they must allow objects to migrate from one owner to another. This ownership transfer is common and occurs, for instance, during the initialization of data structures and when data structures are merged. However, existing ownership type systems either do not support ownership transfer at all or they are too restrictive, give rather weak static guarantees, or require a high annotation overhead.
In this paper, we present UTT, an extension of Universe Types that supports ownership transfer. UTT combines ownership type checking with a modular static analysis to control references to transferable objects. UTT is very flexible because it permits temporary aliases, even across certain method calls. Nevertheless, it guarantees statically that a cluster of objects is externally-unique when it is transferred and, thus, that ownership transfer is type safe. UTT provides the same encapsulation as Universe Types and requires only negligible annotation overhead.
- J. Aldrich and C. Chambers. Ownership domains: Separating aliasing policy from mechanism. In M. Odersky, editor, European Conference on Object-Oriented Programming (ECOOP), volume 3086 of LNCS, pages 1--25. Springer-Verlag, 2004.Google Scholar
- J. Aldrich, V. Kostadinov, and C. Chambers. Alias annotations for program understanding. In Object-oriented programming, systems, languages, and applications (OOPSLA), pages 311--330. ACM Press, 2002. Google Scholar
Digital Library
- C. Andrea, Y. Coady, C. Gibbs, J. Noble, J. Vitek, and T. Zhao. Scoped types and aspects for real-time systems. In D. Thomas, editor, European Conference on Object-Oriented Programming (ECOOP), volume 4067 of LNCS. Springer-Verlag, 2006. Google Scholar
Digital Library
- A. Banerjee and D. Naumann. Representation independence, confinement, and access control. In Principles of Programming Languages (POPL), pages 166--177. ACM, 2002. Google Scholar
Digital Library
- A. Banerjee and D. Naumann. Ownership: transfer, sharing, and encapsulation. In S. Eisenbach, G. T. Leavens, P. Müller, A. Poetzsch-Heffter, and E. Poll, editors, Formal Techniques for Java-like Programs, 2003.Google Scholar
- C. Boyapati. SafeJava: A Unified Type System for Safe Programming. PhD thesis, MIT, 2004. Google Scholar
Digital Library
- C. Boyapati, R. Lee, and M. Rinard. Ownership types for safe programming: Preventing data races and deadlocks. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 211--230. ACM Press, 2002. Google Scholar
Digital Library
- C. Boyapati, B. Liskov, and L. Shrira. Ownership types for object encapsulation. In Principles of Programming Languages (POPL), pages 213--223. ACM Press, 2003. Google Scholar
Digital Library
- C. Boyapati, A. Salcianu, J. W. Beebee, and M. Rinard. Ownership types for safe region-based memory management in real-time Java. In Programming language design and implementation (PLDI), pages 324--337. ACM Press, 2003. Google Scholar
Digital Library
- J. Boyland. Alias burying: unique variables without destructive reads. Software-Practice and Experience, 31(6):533--553, 2001. Google Scholar
Digital Library
- J. T. Boyland and W. Retert. Connecting effects and uniqueness with adoption. In Principles of programming languages (POPL), pages 283--295. ACM Press, 2005. Google Scholar
Digital Library
- P. Chalin and P. James. Non-null references by default in Java: Alleviating the nullity annotation burden. In E. Ernst, editor, European Conference on Object-Oriented Programming (ECOOP), LNCS. Springer-Verlag, 2007. To appear. Google Scholar
Digital Library
- D. Clarke. Object Ownership and Containment. PhD thesis, University of New South Wales, 2001. Google Scholar
Digital Library
- D. Clarke and S. Drossopoulou. Ownership, encapsulation and the disjointness of type and effect. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 292--310. ACM Press, 2002. Google Scholar
Digital Library
- D. Clarke and T. Wrigstad. External uniqueness is unique enough. In L. Cardelli, editor, European Conference on Object-Oriented Programming (ECOOP), volume 2743 of LNCS, pages 176--200. Springer-Verlag, 2003.Google Scholar
- D. G. Clarke, J. M. Potter, and J. Noble. Ownership types for flexible alias protection. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), volume 33(10) of ACM SIGPLAN Notices, 1998. Google Scholar
Digital Library
- D. L. Detlefs, K. R. M. Leino, and G. Nelson. Wrestling with rep exposure. Research Report 156, Digital Systems Research Center, 1998.Google Scholar
- W. Dietl, S. Drossopoulou, and P. Müller. Formalization of Generic Universe Types. Technical Report 532, ETH Zurich, 2006. sct.inf.ethz.ch/publications.Google Scholar
- W. Dietl, S. Drossopoulou, and P. Müller. Generic Universe Types. In E. Ernst, editor, European Conference on Object-Oriented Programming (ECOOP), LNCS. Springer-Verlag, 2007. To appear. Google Scholar
Digital Library
- W. Dietl and P. Müller. Universes: Lightweight ownership for JML. Journal of Object Technology (JOT), 4(8), 2005.Google Scholar
- M. Fähndrich, M. Aiken, C. Hawblitzel, O. Hodson, G. Hunt, J. R. Larus, and S. Levi. Language support for fast and reliable message-based communication in Singularity OS. In EuroSys'06, pages 177--190. ACM Press, 2006. Google Scholar
Digital Library
- M. Fähndrich and R. DeLine. Adoption and focus: practical linear types for imperative programming. In Programming language design and implementation (PLDI), pages 13--24. ACM Press, 2002. Google Scholar
Digital Library
- M. Fähndrich and K. R. M. Leino. Declaring and checking non-null types in an object-oriented language. In Object-oriented programing, systems, languages, and applications (OOPSLA), pages 302--312. ACM Press, 2003. Google Scholar
Digital Library
- C. Haack, E. Poll, J. Schäfer, and A. Schubert. Immutable objects for a Java-like language. In R. D. Nicola, editor, European Symposium on Programming (ESOP), volume 4421 of LNCS. Springer-Verlag, 2007. Google Scholar
Digital Library
- J. Hogg. Islands: Aliasing protection in Object-Oriented languages. In Object-Oriented programming systems, languages, and applications (OOPSLA), pages 271--285. ACM Press, 1991. Google Scholar
Digital Library
- B. Jacobs, F. Piessens, K. R. M. Leino, and W. Schulte. Safe concurrency for aggregate objects with invariants. In Software Engineering and Formal Methods (SEFM), pages 137--147. IEEE Computer Society, 2005. Google Scholar
Digital Library
- M. Klebermaβ. An Isabelle formalization of the Universe Type System. Master's thesis, Technische Universität München, 2007. sct.inf.ethz.ch/projects/student_docs/Martin_Klebermass.Google Scholar
- V. Kuncak, P. Lam, and M. Rinard. Role analysis. In Principles of programming languages (POPL), pages 17--32. ACM Press, 2002. Google Scholar
Digital Library
- K. R. M. Leino and P. Müller. Object invariants in dynamic contexts. In M. Odersky, editor, European Conference on Object-Oriented Programming (ECOOP), volume 3086 of LNCS, pages 491--516. Springer-Verlag, 2004.Google Scholar
- Y. Lu and J. Potter. Protecting representation with effect encapsulation. In Principles of programming languages (POPL), pages 359--371. ACM Press, 2006. Google Scholar
Digital Library
- Y. Lu, J. Potter, and J. Xue. Object Invariants and Effects. In European Conference on Object-Oriented Programming (ECOOP), LNCS. Springer-Verlag, 2007. To appear. Google Scholar
Digital Library
- N. H. Minsky. Towards alias-free pointers. In P. Cointe, editor, European Conference on Object-Oriented Programming (ECOOP), volume 1098 of LNCS, pages 189--209. Springer-Verlag, 1996. Google Scholar
Digital Library
- P. Müller. Modular Specification and Verification of Object-Oriented programs, volume 2262 of LNCS. Springer-Verlag, 2002.Google Scholar
- P. Müller, A. Poetzsch-Heffter, and G. T. Leavens. Modular invariants for layered object structures. Science of Computer Programming, 62:253--286, 2006. Google Scholar
Digital Library
- P. Müller and A. Rudich. Formalization of ownership transfer in Universe Types. Technical Report 556, ETH Zurich, 2007. sct.inf.ethz.ch/publications.Google Scholar
- S. Nägeli. Ownership in design patterns. Master's thesis, ETH Zurich, 2006. sct.inf.ethz.ch/projects/student_docs/Stefan_Naegeli.Google Scholar
- J. Noble, J. Vitek, and J. M. Potter. Flexible alias protection. In E. Jul, editor, European Conference on Object-Oriented Programming (ECOOP), volume 1445 of LNCS. Springer-Verlag, 1998. Google Scholar
Digital Library
- A. Potanin, J. Noble, D. Clarke, and R. Biddle. Generic ownership for generic Java. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), ACM SIGPLAN Notices, pages 311--324. ACM Press, 2006. Google Scholar
Digital Library
- N. Rinetzky, A. Poetzsch-Heffter, G. Ramalingam, M. Sagiv, and E. Yahav. Modular shape analysis for dynamically encapsulated programs. In R. D. Nicola, editor, European Symposium on Programming (ESOP), volume 4421 of LNCS. Springer-Verlag, 2007. Google Scholar
Digital Library
- M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems, 24(3):217--298, 2002. Google Scholar
Digital Library
- Y. Takano. Implementing uniqueness and ownership transfer in the Universe Type System. Master's thesis, ETH Zurich, 2007. sct.inf.ethz.ch/projects/student_docs/Yoshimi_Takano.Google Scholar
- T. Wrigstad. Ownership-Based Alias Management. PhD thesis, Royal Institute of Technology Stockholm, 2006.Google Scholar
Index Terms
Ownership transfer in universe types
Recommendations
Ownership transfer in universe types
Proceedings of the 2007 OOPSLA conferenceOwnership simplifies reasoning about object-oriented programs by controlling aliasing and modifications of objects. Several type systems have been proposed to express and check ownership statically.
For ownership systems to be practical, they must allow ...
Separating ownership topology and encapsulation with generic universe types
Ownership is a powerful concept to structure the object store and to control aliasing and modifications of objects. This article presents an ownership type system for a Java-like programming language with generic types.
Like our earlier Universe type ...
Alias count facilitate ownership transfer
OOPSLA Companion '08: Companion to the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applicationsExisting ownership system forces fixed ownership, whereby an object cannot change its owner at runtime. Transferring ownership dynamically may produce security holes like reference exposure, dangling pointer, etc., that may affect the predestined ...







Comments