Abstract
Aliasing is a known source of challenges in the context of imperative object-oriented languages, which have led to important advances in type systems for aliasing control. However, their large-scale adoption has turned out to be a surprisingly difficult challenge. While new language designs show promise, they do not address the need of aliasing control in existing languages.
This paper presents a new approach to isolation and uniqueness in an existing, widely-used language, Scala. The approach is unique in the way it addresses some of the most important obstacles to the adoption of type system extensions for aliasing control. First, adaptation of existing code requires only a minimal set of annotations. Only a single bit of information is required per class. Surprisingly, the paper shows that this information can be provided by the object-capability discipline, widely-used in program security. We formalize our approach as a type system and prove key soundness theorems. The type system is implemented for the full Scala language, providing, for the first time, a sound integration with Scala's local type inference. Finally, we empirically evaluate the conformity of existing Scala open-source code on a corpus of over 75,000 LOC.
- M. Abadi, C. Flanagan, and S. N. Freund. Types for safe locking: Static race detection for Java. ACM Trans. Program. Lang. Syst, 28(2):207–255, 2006. Google Scholar
Digital Library
- G. A. Agha. ACTORS: A Model of Concurrent Computation in Distributed Systems. MIT Press, Cambridge, MA, 1986. Google Scholar
Digital Library
- J. Aldrich, V. Kostadinov, and C. Chambers. Alias annotations for program understanding. In OOPSLA, pages 311–330, 2002. Google Scholar
Digital Library
- P. S. Almeida. Balloon types: Controlling sharing of state in data types. In ECOOP, pages 32–59, 1997.Google Scholar
- N. Amin, T. Rompf, and M. Odersky. Foundations of pathdependent types. In OOPSLA, pages 233–249, 2014. Google Scholar
Digital Library
- N. Amin, S. Grütter, M. Odersky, T. Rompf, and S. Stucki. The essence of dependent object types. In A List of Successes That Can Change the World, pages 249–272. Springer, 2016.Google Scholar
- B. Anderson, L. Bergstrom, D. Herman, J. Matthews, K. McAllister, M. Goregaokar, J. Moffitt, and S. Sapin. Experience report: Developing the Servo web browser engine using Rust. CoRR, abs/1505.07383, 2015.Google Scholar
- J. Armstrong, R. Virding, C. Wikström, and M. Williams. Concurrent Programming in Erlang. Prentice Hall, 1996. Google Scholar
Digital Library
- J. S. Auerbach, D. F. Bacon, R. Guerraoui, J. H. Spring, and J. Vitek. Flexible task graphs: a unified restricted thread programming model for Java. In LCTES, pages 1–11, 2008. Google Scholar
Digital Library
- H. G. Baker. ’use-once’ variables and linear objects - storage management, reflection and multi-threading. SIGPLAN Notices, 30(1):45–52, 1995. Google Scholar
Digital Library
- G. Bierman, M. Parkinson, and A. Pitts. MJ: An imperative core calculus for Java and Java with effects. Technical Report UCAM-CL-TR-563, University of Cambridge, Computer Laboratory, Apr. 2003.Google Scholar
- G. M. Bierman, C. V. Russo, G. Mainland, E. Meijer, and M. Torgersen. Pause ’n’ play: Formalizing asynchronous C#. In ECOOP, pages 233–257, 2012. Google Scholar
Digital Library
- C. Boyapati, R. Lee, and M. C. Rinard. Ownership types for safe programming: Preventing data races and deadlocks. In OOPSLA, pages 211–230, 2002. Google Scholar
Digital Library
- J. Boyland. Alias burying: Unique variables without destructive reads. Softw, Pract. Exper, 31(6):533–553, 2001. Google Scholar
Digital Library
- J. Boyland. Checking interference with fractional permissions. In SAS, pages 55–72, 2003. Google Scholar
Digital Library
- L. Caires and J. C. Seco. The type discipline of behavioral separation. In POPL, pages 275–286, 2013. Google Scholar
Digital Library
- City of Asheville, NC, USA. Priority Places project. http: //priorityplaces.ashevillenc.gov/.Google Scholar
- D. Clarke and T. Wrigstad. External uniqueness is unique enough. In ECOOP, pages 176–200, 2003.Google Scholar
Cross Ref
- D. Clarke, T. Wrigstad, J. Östlund, and E. B. Johnsen. Minimal ownership for active objects. In APLAS, pages 139–154, 2008. Google Scholar
Digital Library
- D. Clarke, J. Östlund, I. Sergey, and T. Wrigstad. Ownership types: A survey. In Aliasing in Object-Oriented Programming, volume 7850 of LNCS, pages 15–58. Springer, 2013. Google Scholar
Digital Library
- D. G. Clarke, J. Potter, and J. Noble. Ownership types for flexible alias protection. In OOPSLA, pages 48–64, 1998. Google Scholar
Digital Library
- S. Clebsch, S. Drossopoulou, S. Blessing, and A. McNeil. Deny capabilities for safe, fast actors. In [email protected], pages 1–12. ACM, 2015. Google Scholar
Digital Library
- D. Crockford. ADsafe. http://www.adsafe.org, 2011.Google Scholar
- B. C. d. S. Oliveira, A. Moors, and M. Odersky. Type classes as objects and implicits. In OOPSLA, pages 341–360, 2010. Google Scholar
Digital Library
- B. C. d. S. Oliveira, T. Schrijvers, W. Choi, W. Lee, and K. Yi. The implicit calculus: a new foundation for generic programming. In PLDI, pages 35–44, 2012. Google Scholar
Digital Library
- A. Danial and contributors. cloc. http://cloc. sourceforge.net/, 2006. Accessed: 2016-03-20.Google Scholar
- J. B. Dennis and E. C. V. Horn. Programming semantics for multiprogrammed computations. Commun. ACM, 9(3):143– 155, 1966. Google Scholar
Digital Library
- W. Dietl and P. Müller. Universes: Lightweight ownership for JML. Journal of Object Technology, 4(8):5–32, 2005.Google Scholar
Cross Ref
- W. Dietl, S. Dietzel, M. D. Ernst, K. Muslu, and T. W. Schiller. Building and using pluggable type-checkers. In ICSE, pages 681–690, 2011. Google Scholar
Digital Library
- B. Emir, M. Odersky, and J. Williams. Matching objects with patterns. In ECOOP, pages 273–298, 2007. Google Scholar
Digital Library
- J. Epstein, A. P. Black, and S. L. P. Jones. Towards Haskell in the cloud. In Haskell, pages 118–129, 2011. Google Scholar
Digital Library
- Ericsson AB. Erlang/OTP. https://github.com/erlang/ otp, 2010. Accessed: 2016-07-10.Google Scholar
- M. Fähndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In PLDI, pages 13– 24, 2002. Google Scholar
Digital Library
- C. Flanagan, A. Sabry, B. F. Duba, and M. Felleisen. The essence of compiling with continuations. In PLDI, pages 237– 247, 1993. Google Scholar
Digital Library
- C. S. Gordon, M. J. Parkinson, J. Parsons, A. Bromfield, and J. Duffy. Uniqueness and reference immutability for safe parallelism. In OOPSLA, pages 21–40, 2012. Google Scholar
Digital Library
- P. Haller. On the integration of the actor model in mainstream technologies: The Scala perspective. In [email protected], pages 1–6, 2012. Google Scholar
Digital Library
- P. Haller and A. Loiko. Object capabilities and lightweight affinity in Scala: Implementation, formalization, and soundness. CoRR, abs/1607.05609, 2016.Google Scholar
Digital Library
- P. Haller and M. Odersky. Scala actors: Unifying thread-based and event-based programming. Theor. Comput. Sci, 410(2-3): 202–220, 2009. Google Scholar
Digital Library
- P. Haller and M. Odersky. Capabilities for uniqueness and borrowing. In ECOOP, pages 354–378, 2010. Google Scholar
Digital Library
- C. Hewitt. Viewing control structures as patterns of passing messages. Artif. Intell, 8(3):323–364, 1977.Google Scholar
Digital Library
- J. Hogg. Islands: Aliasing protection in object-oriented languages. In OOPSLA, pages 271–285, 1991. Google Scholar
Digital Library
- A. Igarashi, B. C. Pierce, and P. Wadler. Featherweight Java: a minimal core calculus for Java and GJ. ACM Trans. Program. Lang. Syst, 23(3):396–450, 2001. Google Scholar
Digital Library
- Lightbend, Inc. Akka. http://akka.io/, 2009. Accessed: 2016-03-20.Google Scholar
- A. Mettler, D. Wagner, and T. Close. Joe-E: A securityoriented subset of Java. In NDSS, 2010.Google Scholar
- H. Miller, P. Haller, and M. Odersky. Spores: A type-based foundation for closures in the age of concurrency and distribution. In ECOOP, pages 308–333, 2014. Google Scholar
Digital Library
- M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, May 2006. Google Scholar
Digital Library
- M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja: Safe active content in sanitized JavaScript. Google, Inc., Tech. Rep, 2008.Google Scholar
- N. H. Minsky. Towards alias-free pointers. In ECOOP, pages 189–209, 1996. Google Scholar
Digital Library
- P. Müller and A. Rudich. Ownership transfer in universe types. In OOPSLA, pages 461–478, 2007. Google Scholar
Digital Library
- J. Noble, J. Vitek, and J. Potter. Flexible alias protection. In ECOOP, pages 158–185, 1998. Google Scholar
Digital Library
- M. Odersky. Observers for linear types. In ESOP, pages 390– 407, 1992. Google Scholar
Digital Library
- M. Odersky and A. Moors. Fighting bit rot with types. In FSTTCS, pages 427–451, 2009.Google Scholar
- M. Odersky, C. Zenger, and M. Zenger. Colored local type inference. In POPL, pages 41–53, 2001. Google Scholar
Digital Library
- M. Odersky, P. Altherr, V. Cremet, G. Dubochet, B. Emir, P. Haller, S. Micheloud, N. Mihaylov, A. Moors, L. Rytz, M. Schinz, E. Stenman, and M. Zenger. The Scala language specification version 2.11. http://www.scala-lang.org/ files/archive/spec/2.11/, Apr. 2014.Google Scholar
- J. Östlund and T. Wrigstad. Welterweight Java. In TOOLS, pages 97–116, 2010. Google Scholar
Digital Library
- J. G. Politz, S. A. Eliopoulos, A. Guha, and S. Krishnamurthi. ADsafety: Type-based verification of JavaScript sandboxing. CoRR, abs/1506.07813, 2015. Google Scholar
Digital Library
- F. Pottier and J. Protzenko. Programming with permissions in Mezzo. In ICFP, pages 173–184, 2013. Google Scholar
Digital Library
- L. Rytz. A Practical Effect System for Scala. PhD thesis, EPFL, Lausanne, Switzerland, Sept. 2013.Google Scholar
- J. H. Spring, J. Privat, R. Guerraoui, and J. Vitek. Streamflex: high-throughput stream programming in Java. In OOPSLA, pages 211–228, 2007. Google Scholar
Digital Library
- S. Srinivasan and A. Mycroft. Kilim: Isolation-typed actors for Java. In ECOOP, pages 104–128, 2008. Google Scholar
Digital Library
- P. Stutz, A. Bernstein, and W. W. Cohen. Signal/Collect: Graph algorithms for the (semantic) web. In ISWC, pages 764–780, 2010. Google Scholar
Digital Library
- M. Tofte and J.-P. Talpin. Implementation of the typed callby-value lambda-calculus using a stack of regions. In POPL, pages 188–201, 1994. Google Scholar
Digital Library
- M. Tofte and J.-P. Talpin. Region-based memory management. Inf. Comput, 132(2):109–176, 1997. Google Scholar
Digital Library
- P. Wadler. Linear types can change the world! In Programming Concepts and Methods, pages 561–581. North Holland, 1990.Google Scholar
- E. M. Westbrook, J. Zhao, Z. Budimlic, and V. Sarkar. Practical permissions for race-free parallelism. In ECOOP, pages 614–639, 2012. Google Scholar
Digital Library
- T. Wrigstad, F. Pizlo, F. Meawad, L. Zhao, and J. Vitek. Loci: Simple thread-locality for Java. In ECOOP, pages 445–469, 2009. Google Scholar
Digital Library
- Z. Y. Concurrency Analysis Based On Fractional Permission System. PhD thesis, University of Wisconsin–Milwaukee, 2007.Google Scholar
Index Terms
LaCasa: lightweight affinity and object capabilities in Scala
Recommendations
LaCasa: lightweight affinity and object capabilities in Scala
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsAliasing is a known source of challenges in the context of imperative object-oriented languages, which have led to important advances in type systems for aliasing control. However, their large-scale adoption has turned out to be a surprisingly ...
Scala macros: let our powers combine!: on how rich syntax and static types work with metaprogramming
SCALA '13: Proceedings of the 4th Workshop on ScalaCompile-time metaprogramming has been proven immensely useful enabling programming techniques such as language virtualization, embedding of external domain-specific languages, self-optimization, and boilerplate generation among many others.
In the ...
Ownership transfer in universe types
OOPSLA '07: Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems, languages and applicationsOwnership simplifies reasoning about object-oriented programs by controlling aliasing and modifications of objects. Several type systems have been proposed to express and check ownership statically.
For ownership systems to be practical, they must allow ...







Comments