10 research outputs found
Property Types for Mutable Data Structures in Java
Property Types are a kind of user-defined refinement type about variables and fields in a program. They are verified by discharging as many properties as possible using a scalable type checker. The remaining assertions are forwarded to a less scalable but more powerful deductive verification tool. However, the design and implementation by Lanzinger et al. cannot function in the presence of aliasing and mutability. In this thesis, we find that property checking can be performed safely on mutable data structures provided exclusive mutable access to the referenced object, which we define as property-safety. We study different approaches to aliasing control, including uniqueness, ownership and permissions. Based on this research, we present the Exclusivity Type System, which can be used to check the property-safety of program variables and class fields. Using flow-sensitive type refinement, we develop Mutable Property Types, which can track changes in a variable’s property type over time. Impure methods can be annotated to specify how they change the Property Types of their receiver and arguments. We explain how the original Property Checker’s program translation can be adapted to include correct assertions about the pre- and post-types of each method. We present a prototypical implementation of the Exclusivity Checker for Java programs using the Checker Framework. Our work provides many insights into the nature of property type verification on mutable data structures and we devise the theoretical groundwork for performing this verification. To corroborate the reasonableness of the presented approach, we suggest a thorough analysis of our systems through formal proofs
A Grounded Conceptual Model for Ownership Types in Rust
Programmers learning Rust struggle to understand ownership types, Rust's core
mechanism for ensuring memory safety without garbage collection. This paper
describes our attempt to systematically design a pedagogy for ownership types.
First, we studied Rust developers' misconceptions of ownership to create the
Ownership Inventory, a new instrument for measuring a person's knowledge of
ownership. We found that Rust learners could not connect Rust's static and
dynamic semantics, such as determining why an ill-typed program would (or would
not) exhibit undefined behavior. Second, we created a conceptual model of
Rust's semantics that explains borrow checking in terms of flow-sensitive
permissions on paths into memory. Third, we implemented a Rust compiler plugin
that visualizes programs under the model. Fourth, we integrated the permissions
model and visualizations into a broader pedagogy of ownership by writing a new
ownership chapter for The Rust Programming Language, a popular Rust textbook.
Fifth, we evaluated an initial deployment of our pedagogy against the original
version, using reader responses to the Ownership Inventory as a point of
comparison. Thus far, the new pedagogy has improved learner scores on the
Ownership Inventory by an average of 9% ().Comment: Published at OOPSLA 202
Comprehending annotations on object-oriented programs using fractional permissions
Fractional permissions are a general system for managing access to mutable state. We show how fractional permis-sions can give semantics to a regimen of annotations includ-ing“unique,”“non-null,”“read-only,”ownership, and method effects. The unification supports new annotations: “unique-write ” and “from”. We also develop a model of object in-variants in the presence of inheritance using “nesting, ” an extension of “adoption.” 1
Modular session types for objects
Session types allow communication protocols to be specified
type-theoretically so that protocol implementations can be verified by static
type checking. We extend previous work on session types for distributed
object-oriented languages in three ways. (1) We attach a session type to a
class definition, to specify the possible sequences of method calls. (2) We
allow a session type (protocol) implementation to be modularized, i.e.
partitioned into separately-callable methods. (3) We treat session-typed
communication channels as objects, integrating their session types with the
session types of classes. The result is an elegant unification of communication
channels and their session types, distributed object-oriented programming, and
a form of typestate supporting non-uniform objects, i.e. objects that
dynamically change the set of available methods. We define syntax, operational
se-mantics, a sound type system, and a sound and complete type checking
algorithm for a small distributed class-based object-oriented language with
structural subtyping. Static typing guarantees that both sequences of messages
on channels, and sequences of method calls on objects, conform to
type-theoretic specifications, thus ensuring type-safety. The language includes
expected features of session types, such as delegation, and expected features
of object-oriented programming, such as encapsulation of local state.Comment: Logical Methods in Computer Science (LMCS), International Federation
for Computational Logic, 201
Run-time Variability with First-class Contexts
Software must be regularly updated to keep up with changing requirements. Unfortunately, to install an update, the system must usually be restarted, which is inconvenient and costly. In this dissertation, we aim at overcoming the need for restart by enabling run-time changes at the programming language level. We argue that the best way to achieve this goal is to improve the support for encapsulation, information hiding and late binding by contextualizing behavior. In our approach, behavioral variations are encapsulated into context objects that alter the behavior of other objects locally. We present three contextual language features that demonstrate our approach. First, we present a feature to evolve software by scoping variations to threads. This way, arbitrary objects can be substituted over time without compromising safety. Second, we present a variant of dynamic proxies that operate by delegation instead of forwarding. The proxies can be used as building blocks to implement contextualization mechanisms from within the language. Third, we contextualize the behavior of objects to intercept exchanges of references between objects. This approach scales information hiding from objects to aggregates. The three language features are supported by formalizations and case studies, showing their soundness and practicality. With these three complementary language features, developers can easily design applications that can accommodate run-time changes
Ownership, uniqueness, and immutability
Programming in an object-oriented language demands a fine balance between flexibility and control. At one level, objects need to interact freely to achieve our implementation goals. At a higher level, architectural constraints that ensure the system can be understood by new developers and can evolve as requirements change must be met. To resolve this tension, researchers have developed type systems expressing ownership and behavioural restrictions such as immutability. This work reports on our consolidation of the resulting discoveries into a single programming language. Our language, Joe3, imposes little additional syntactic overhead, yet can encode powerful patterns such as fractional permissions and the reference modes of Flexible Alias Protection.status: publishe