Encoding Ownership Types in Java
Nicholas Cameron
James Noble
Victoria University of Wellington,
New Zealand
Ownership types for real life
• Ownership types are great!
– (More later...)
Ownership types for real life
• But ownership type systems are big and
complex
– And writing compilers is hard
– And the type systems are not well-understood
Ownership types for real life
• There is another way...
Ownership Types
• Are a facilitating type system:
– Effects
• Parallelisation
• Optimisation
– Concurrency
– Memory management
– Security
– ...
Ownership Types
• When the heap gets large, reasoning gets hard
• Solution: break it up into smaller regions
– BUT, we don’t program this way
• Nest the regions
– Welcome to ownership types!
Ownership Types
• owner:ClassName
– this:C
– world:D
• owner keyword names the owner of this
– owner:C
• Context parameters add flexibility
Java
• Generics
– List<String>
– List<Dog>
Java
• Wildcards
– List<?>
– List<? extends Dog>
End of Background
...
Basic idea
• We use type parameters to mimic ownership
parameters (OGJ)
An object’s owner
(and the ‘world’ context)
• class C {...}
• world:C
• class C<Owner> {...}
• C<World>
– class World {}
Context parameters
• Become type parameters
Bounds
The ‘this’ context
• This* is where it gets interesting
• We depart from OGJ
– (OGJ does this with magic)
• Must correspond with the this variable
*no pun intended
The ‘this’ context
• Kind of like another context parameter
– class C<Owner, This> { ... }
• We can name This within the class
The ‘this’ context
• But this cannot be named outside the class
– So neither should This
• Use a wildcard to hide This
The ‘this’ context
• class E<c1, c2>
• world:E<this, owner>
• class E<C1, C2, Owner, This>
• E<This, Owner, World, ?>
The ‘this’ context
• But, what about nesting?
The ‘this’ context
• Use bounds
– class C<Owner, This extends Owner>
• Wildcards inherit declared bounds
– C<World, ?>
The ‘this’ context
• class E<c1, c2>
• world:E<this, owner>
• class E<C1, C2, Owner,
This extends Owner>
• E<This, Owner, World, ?>
The ‘this’ context
• class E<c1, c2>
• world:E<this, owner>
• class E<C1, C2, Owner,
This extends Owner>
• E<This, Owner, World, ?>
• (E<This, Owner, World, ?>)
new <This, Owner, World, World>
The ‘this’ context
The ‘this’ context
• The type system thinks there is a hierarchy
– X inside Y inside Z inside ...
• But in reality all owners are World
Nice...
Existential Owners
• and variant ownership
• Use wildcards
Inner Classes
• Require inner classes to be able to name
surrounding This parameter
– Comes naturally with Java generics
Type Parameters
• Work alongside translated context parameters
• class F<X> { ... }
• world:F<Dog>
• class F<X, Owner, This> { ... }
• F<Dog, World, ?>
Universes
• rep C
• peer C
• any C
C<This, ?>
C<Owner, ?>
C<?, ?>
and...
•
•
•
•
•
Ownership Domains
Context-parametric methods
Dynamic aliases
Fields as contexts
Existential downcasting
Owners-as-Dominators
• Most of the work is done by the hiding of
This using wildcards
• Must ensure it cannot be named indirectly
• Works with the extensions too
– Including inner classes
Owners-as-Dominators
• Cannot be enforced by translating compiler
• Requires enforcing well-formedness of
intermediate types
Contributions
• Prototype compilers
– Ownership types++
– Universes
• How to leverage existing compiler technology for
OTs
• Formalisation of OTs in Java
– Proved sound
– Ownership hierarchy is preserved and enforced at
runtime
• Better understanding of OTs
Thank you!