Abstract
One of the main purposes of object initialisation is to establish invariants such as a field being non-null or an immutable data structure containing specific values. These invariants are then implicitly assumed by the rest of the implementation, for instance, to ensure that a field may be safely dereferenced or that immutable data may be accessed concurrently. Consequently, letting an object escape from its constructor is dangerous; the escaping object might not yet satisfy its invariants, leading to errors in code that relies on them. Nevertheless, preventing objects entirely from escaping from their constructors is too restrictive; it is often useful to call auxiliary methods on the object under initialisation or to pass it to another constructor to set up mutually-recursive structures.
We present a type system that tracks which objects are fully initialised and which are still under initialisation. The system can be used to prevent objects from escaping, but also to allow safe escaping by making explicit which objects might not yet satisfy their invariants. We designed, formalised and implemented our system as an extension to a non-null type system, but it is not limited to this application. Our system is conceptually simple and requires little annotation overhead; it is sound and sufficiently expressive for many common programming idioms. Therefore, we believe it to be the first such system suitable for mainstream use.
- PMD tool. http://pmd.sourceforge.net/, 2002.Google Scholar
- C. Andreae, J. Noble, S. Markstrum, and T. Millstein. A framework for implementing pluggable type systems. In OOPSLA, pages 57--74. ACM, 2006. Google Scholar
Digital Library
- M. Barnett and D. Naumann. Friends need a bit more: Maintaining invariants over shared state. In phMPC, volume 3125 of LNCS, pages 54--84. Springer, 2004.Google Scholar
- G. Bracha. Pluggable type systems. In OOPSLA'04 Workshop on Revival of Dynamic Languages, 2004.Google Scholar
- P. Chalin and P. R. James. Non-null references by default in Java: Alleviating the nullity annotation burden. In ECOOP, pages 227--247, 2007. Google Scholar
Digital Library
- ECMA. ECMA-367: Eiffel analysis, design and programming language. ECMA, 2006.Google Scholar
- T. Ekman and G. Hedin. Pluggable checking and inferencing of non-null types for Java. Journal of Object Technology, 6 (7), 2007.Google Scholar
- T. Ekman and G. Hedin. The jastadd extensible Java compiler. In OOPSLA, pages 1--18. ACM, 2007. Google Scholar
Digital Library
- M. D. Ernst and M. Ali. Building and using pluggable type systems. In FSE, pages 375--376. ACM, 2010. Google Scholar
Digital Library
- M. Fahndrich and K. R. M. Leino. Declaring and checking non-null types in an object-oriented language. In OOPSLA, pages 302--312. ACM, 2003. Google Scholar
Digital Library
- M. Fahndrich and S. Xia. Establishing object invariants with delayed types. In OOPSLA, pages 337--350. ACM, 2007. Google Scholar
Digital Library
- C. Haack and E. Poll. Type-based object immutability with flexible initialization. In ECOOP, LNCS, pages 520--545. Springer, 2009. Google Scholar
Digital Library
- L. Hubert. A non-null annotation inferencer for Java bytecode. In PASTE, pages 36--42. ACM, 2008. Google Scholar
Digital Library
- L. Hubert, T. P. Jensen, and D. Pichardie. Semantic foundations and inference of non-null annotations. In FMOODS, pages 132--149, 2008. Google Scholar
Digital Library
- K. R. M. Leino and P. Müller. Using the Spec# language, methodology, and tools to write bug-free programs. In LASER Summer School 2007/2008, volume 6029 of LNCS, pages 91--139. Springer, 2010. Google Scholar
Digital Library
- C. Male, D. J. Pearce, A. Potanin, and C. Dymnikov. Java bytecode verification for @NonNull types. In CC, LNCS, pages 229--244. Springer, 2008. Google Scholar
Digital Library
- B. Meyer. Attached types and their application to three open problems of object-oriented programming. In ECOOP, pages 1--32, 2005. Google Scholar
Digital Library
- B. Meyer. Personal communication, 2011.Google Scholar
- B. Meyer, A. Kogtenkov, and E. Stapf. Avoid a void: The eradication of null dereferencing. 2010.Google Scholar
- M. M. Papi, M. Ali, T. L. Correa Jr., J. H. Perkins, and M. D. Ernst. Practical pluggable types for Java. In ISSTA, pages 201--212, 2008. Google Scholar
Digital Library
- X. Qi and A. C. Myers. Masked types for sound object initialization. In POPL, pages 53--65, 2009. Google Scholar
Digital Library
- F. Spoto and M. D. Ernst. Inference of field initialization. In ICSE'11, Waikiki, Hawaii, USA, May 25--27, 2011. Google Scholar
Digital Library
- A. J. Summers and P. Müller. Freedom before commitment : Simple flexible initialisation for non-null types. Technical Report 716, ETH Zurich, 2011.Google Scholar
- M. S. Tschantz and M. D. Ernst. Javari: adding reference immutability to Java. In OOPSLA. ACM, 2005. Google Scholar
Digital Library
- Y. Zibin, A. Potanin, P. Li, M. Ali, and M. D. Ernst. Ownership and immutability in generic java. In OOPSLA '10, 2010. Google Scholar
Digital Library
- Y. Zibin, D. Cunningham, I. Peshansky, and V. Saraswat. Object initialization in X10. In X10 Workshop, 2011.Google Scholar
Index Terms
Freedom before commitment: a lightweight type system for object initialisation
Recommendations
Freedom before commitment: a lightweight type system for object initialisation
OOPSLA '11: Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applicationsOne of the main purposes of object initialisation is to establish invariants such as a field being non-null or an immutable data structure containing specific values. These invariants are then implicitly assumed by the rest of the implementation, for ...
A Logical Approach to Deciding Semantic Subtyping
We consider a type algebra equipped with recursive, product, function, intersection, union, and complement types, together with type variables. We consider the subtyping relation defined by Castagna and Xu [2011] over such type expressions and show how ...
Static lock capabilities for deadlock freedom
TLDI '12: Proceedings of the 8th ACM SIGPLAN workshop on Types in language design and implementationWe present a technique --- lock capabilities --- for statically verifying that multithreaded programs with locks will not deadlock. Most previous work on deadlock prevention requires a strict total order on all locks held simultaneously by a thread, but ...







Comments