Encoding Ownership Types in Java

Nicholas CameronJames Noble

Victoria University of Wellington,New Zealand

Ownership types for real life

• Ownership types are great!– (More later...)

Ownership types for real life

• But ownership type systems are big and complex– And writing compilers is hard– And the type systems are not well-understood

Ownership types for real life

• There is another way...

Ownership Types

• Are a facilitating type system:– Effects• Parallelisation• Optimisation

– Concurrency– Memory management– Security– ...

Ownership Types

• When the heap gets large, reasoning gets hard• Solution: break it up into smaller regions– BUT, we don’t program this way

• Nest the regions– Welcome to ownership types!

Ownership Types

• owner:ClassName– this:C– world:D

• owner keyword names the owner of this– owner:C

• Context parameters add flexibility

Java

• Generics– List<String>– List<Dog>

Java

• Wildcards

– List<?>– List<? extends Dog>

End of Background

. . .

Basic idea

• We use type parameters to mimic ownership parameters (OGJ)

An object’s owner

(and the ‘world’ context)

• class C {...}• world:C

• class C<Owner> {...}• C<World>– class World {}

Context parameters

• Become type parameters

Bounds

The ‘this’ context

• This* is where it gets interesting• We depart from OGJ– (OGJ does this with magic)

• Must correspond with the this variable

*no pun intended

The ‘this’ context

• Kind of like another context parameter– class C<Owner, This> { ... }

• We can name This within the class

The ‘this’ context

• But this cannot be named outside the class– So neither should This

• Use a wildcard to hide This

The ‘this’ context

• class E<c1, c2>• world:E<this, owner>

• class E<C1, C2, Owner, This>• E<This, Owner, World, ?>

The ‘this’ context

• But, what about nesting?

The ‘this’ context

• Use bounds– class C<Owner, This extends Owner>

• Wildcards inherit declared bounds– C<World, ?>

The ‘this’ context

• class E<c1, c2>• world:E<this, owner>

• class E<C1, C2, Owner, This extends Owner>• E<This, Owner, World, ?>

The ‘this’ context• class E<c1, c2>• world:E<this, owner>

• class E<C1, C2, Owner, This extends Owner>• E<This, Owner, World, ?>

• (E<This, Owner, World, ?>) new <This, Owner, World, World>

The ‘this’ context

The ‘this’ context

• The type system thinks there is a hierarchy– X inside Y inside Z inside ...

• But in reality all owners are World

Nice...

Existential Owners

• and variant ownership

• Use wildcards

Inner Classes

• Require inner classes to be able to name surrounding This parameter– Comes naturally with Java generics

Type Parameters

• Work alongside translated context parameters

• class F<X> { ... }• world:F<Dog>

• class F<X, Owner, This> { ... }• F<Dog, World, ?>

Universes

• rep C C<This, ?>• peer C C<Owner, ?>• any C C<?, ?>

and...

• Ownership Domains• Context-parametric methods• Dynamic aliases• Fields as contexts• Existential downcasting

Owners-as-Dominators

• Most of the work is done by the hiding of This using wildcards

• Must ensure it cannot be named indirectly

• Works with the extensions too– Including inner classes

Owners-as-Dominators

• Cannot be enforced by translating compiler

• Requires enforcing well-formedness of intermediate types

Contributions• Prototype compilers– Ownership types++– Universes

• How to leverage existing compiler technology for OTs

• Formalisation of OTs in Java– Proved sound– Ownership hierarchy is preserved and enforced at

runtime• Better understanding of OTs

Thank you!