Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington."— Presentation transcript:

1 Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington

2 November 8, 2002AliasJava - OOPSLA '022 Building Big Systems is Hard The ArchJava Project –Software architecture for managing complexity –Previous work: control flow ICSE ’02, ECOOP ’02 –This paper: data sharing component Acomponent Bcomponent C calls shared data

3 November 8, 2002AliasJava - OOPSLA '023 Why Specify Data Sharing? Evolve programs –Modify component A to update data lazily Improves efficiency –Must update component C as well! Might not be obvious without sharing specification component Acomponent Bcomponent C calls shared data

4 November 8, 2002AliasJava - OOPSLA '024 Maintain Invariants _ class SynchronizedSet { Set backingSet; synchronized boolean add(Object o) { return backing.add(o); Synchronization wrappers –Wrap a collections methods –Synchronize before invoking method Wrapper invariant –Must access backing set only through wrapper set wrapper client X

5 November 8, 2002AliasJava - OOPSLA '025 Avoid Security Holes (JDK 1.1.1) public class Class { public Object[] getSigners() { return signers; } Returns an internal array, rather than a copy Allows untrusted clients access –Can change the list of signatures for a class signers Class client X

6 November 8, 2002AliasJava - OOPSLA '026 Type-based Approaches Many previous systems –Uniqueness [Minsky, Boyland…] –Ownership types [Clarke et al, Boyapati et al...] Advantages –Modular, efficient checking –Documents aliasing in the code Challenges –Express common idioms –Support for Java constructs –Usability in practice

7 November 8, 2002AliasJava - OOPSLA '027 Outline AliasJava: alias annotations for Java –Combines uniqueness and ownership Supports full language –Arrays, casts, iterators, inner classes, subtyping Algorithm infers annotations Guarantee of properties Evaluated on library, application code

8 November 8, 2002AliasJava - OOPSLA '028 Annotations: Unique static unique Set… synchronizedSet…(unique Set… s) { return new SynchronizedSet…(s); } // s is dead after use in constructor // o goes out of scope here unique objects have no persistent aliases –Newly allocated objects Can only use once –Variable must be dead after use set Unique reference

9 November 8, 2002AliasJava - OOPSLA '029 Annotations: Unique static unique Set… synchronizedSet…(unique Set… s) { return new SynchronizedSet…(s); } // s is dead after use in constructor // o goes out of scope here unique objects have no persistent aliases –Newly allocated objects Can only use once –Variable must be dead after use setUnique reference X

10 November 8, 2002AliasJava - OOPSLA '0210 Annotations: Owned private owned Object[…] signers; public Object[…] getSigners() { return signers; } owned objects confined within their owner –Aliasing allowed within owner Cannot return owned state to clients Making a copy fixes the security hole Compile-time error Class signers client X

11 November 8, 2002AliasJava - OOPSLA '0211 Annotations: Owned private owned Object[…] signers; public unique Object[…] getSigners() { return arraycopy(signers); } owned objects confined within their owner –Aliasing allowed within owner Cannot return owned state to clients Making a copy fixes the security hole Class signers client copy

12 November 8, 2002AliasJava - OOPSLA '0212 Annotations: Parameters class ArrayList { private owned Object[elem_owner] elems; void add(int i, elem_owner Object o) { elems[i] = o; } Parameterized by element owner Method parameterization also supported owner element List array

13 November 8, 2002AliasJava - OOPSLA '0213 Annotations: Shared static shared Object singleton; unique Object[shared] getSigners() { return arraycopy(signers); } shared objects may be globally aliased –Singletons –Static fields –Global data Conceptually “owned by the system” shared

14 November 8, 2002AliasJava - OOPSLA '0214 Annotations: Lent int find(lent Object o) { for (int i = 0;...) { if elems[i] == o return i; Temporary alias of unique/owned object –Used for duration of method –Cannot store in fields Syntactically default

15 November 8, 2002AliasJava - OOPSLA '0215 Annotation Flow unique Object uniq = new Object(); owned Object own = uniq; lent Object l = own; shared Object sh = own; // error unique owned lent sharedparam1 param2...

16 November 8, 2002AliasJava - OOPSLA '0216 Implementation AliasJava supports all features of Java –Subtyping –Inner classes –Casts Interoperates with existing code –Just annotate the interface of legacy libraries Checking is dynamic only where Java’s is –run-time type information for alias parameters –checks at casts and array writes

17 November 8, 2002AliasJava - OOPSLA '0217 Annotation Inference class ArrayList { private owned Object elems[A]; void put(int i, A Object o) { elems[i] = o; } Saves tedious annotation work Infers general annotations –Edit annotations to improve understandability –Future work: annotation assistant

18 November 8, 2002AliasJava - OOPSLA '0218 Properties: Ownership Common property: owners-as-dominators All paths to owned objects go through owner Prevents clients from accessing owned state –Clarke et al.: allow owned objects on stack Patterns like Observer are prohibited –Boyapati et al.: inner classes may access owned state Can’t implement Iterators/Observers with ordinary classes owned array ClientArrayList X

19 November 8, 2002AliasJava - OOPSLA '0219 Properties: Ownership Common property: owners-as-dominators All paths to owned objects go through owner Problem: Iterators violate owners-as-dominators –Clarke et al.: allow Iterators on stack Patterns like Observer prohibited –Boyapati et al.: inner classes access owned state Can’t implement with ordinary classes owned array ClientArrayList Iterator X

20 November 8, 2002AliasJava - OOPSLA '0220 Properties: Ownership Common property: owners-as-dominators All paths to owned objects go through owner Problem: Iterators violate owners-as-dominators –Clarke et al.: allow Iterators on stack Patterns like Command prohibited –Boyapati et al., Clarke: inner classes access owned state Can’t implement with ordinary classes state ClientDocument Command X

21 November 8, 2002AliasJava - OOPSLA '0221 Ownership Capability Model Owned objects are only accessible by their owner and the objects to which it grants a capability General model –Owner grants a capability to trusted objects

22 November 8, 2002AliasJava - OOPSLA '0222 Ownership Capability Model Owned objects are only accessible by their owner and the objects to which it grants a capability class ArrayList { private owned Object elems[elem_owner]; unique Iterator iterator() { return new ArrayItr (elems); owned capability –Access to ArrayList’s owned state –Passed via static parameterization –ArrayList controls who accesses state

23 November 8, 2002AliasJava - OOPSLA '0223 Ownership Capability Model Owned objects are only accessible by their owner and the objects to which it grants a capability class ArrayList { private owned Object elems[elem_owner]; unique Iterator iterator() { return new ArrayItr (elems); Compare annotations –owned parameter lost by subsumption –Clients cannot access owned state

24 November 8, 2002AliasJava - OOPSLA '0224 Ownership Capability Model Owned objects are only accessible by their owner and the objects to which it grants a capability int find(lent Object o) lent capability –Temporary permission to access owned state –find can access o for duration of call

25 November 8, 2002AliasJava - OOPSLA '0225 Properties: Uniqueness If a variable is unique, it has no aliases other than lent variables on the stack Reasoning –No aliases in heap data structures –Still must track lent aliases on the stack Extension: Alias Burying [Boyland] –When a unique var is read, all aliases are dead –Requires read/write effect specifications

26 November 8, 2002AliasJava - OOPSLA '0226 AliasFJ : A Formal Framework Based on Featherweight Java [OOPSLA 99] –Includes unique, owned, parameters, and lent Benefits –Precise semantics –Shows how properties are enforced Theorems –Type safety –Ownership property –Uniqueness property

27 November 8, 2002AliasJava - OOPSLA '0227 Evaluation: java.util.Hashtable public class Hashtable extends Dictionary { value_owner Object get(key_owner Object k) {... Annotated and checked Hashtable –1000 lines of code, 2.5 hours –Annotated some library functions Experience –Annotations were natural, easy to add –Changed code in only one place

28 November 8, 2002AliasJava - OOPSLA '0228 Enforcing Library Invariants static unique Set synchronizedSet (unique Set s) { return new SynchronizedSet (s); } Javadoc comment: In order to guarantee serial access, it is critical that all access to the backing set is accomplished through the returned set. AliasJava: argument is unique –Therefore, there are no aliases to the backing set

29 November 8, 2002AliasJava - OOPSLA '0229 Evaluation: Aphyds Pedegogical circuit layout application –Blackboard Architecture Annotated functional core of system –7 classes, 3500 lines of code Showed sharing of circuit elements Circuit DBPartition Place Route Floorplan ChannelRoute

30 November 8, 2002AliasJava - OOPSLA '0230 Evaluation: Aphyds Pedegogical circuit layout application –Blackboard Architecture Annotated functional core of system –7 classes, 3500 lines of code Showed sharing of circuit elements Circuit DBPartition Place Route Floorplan ChannelRoute circuit objects

31 November 8, 2002AliasJava - OOPSLA '0231 More in the Paper Application to software architecture Detailed semantics Implementation technique Inference algorithm Case study on 3000 lines of application code

32 November 8, 2002AliasJava - OOPSLA '0232 AliasJava Combines object ownership and uniqueness Aids reasoning in large systems Expressive enough to use in existing code Try out AliasJava! http://www.archjava.org/

Download ppt "Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington."

Similar presentations

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Lists and the Collection Interface Chapter 4. Chapter Objectives To become familiar with the List interface To understand how to write an array-based.

Lists and the Collection Interface Chapter 4. Chapter Objectives To become familiar with the List interface To understand how to write an array-based.
Generic programming in Java

Generic programming in Java
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
External Uniqueness Presented by Nir Atias Dave Clarke Tobias Wrigstad Encapsulation Seminar 2006.

External Uniqueness Presented by Nir Atias Dave Clarke Tobias Wrigstad Encapsulation Seminar 2006.
ISBN 0- 321-49362-1 Chapter 11 Abstract Data Types and Encapsulation Concepts.

ISBN Chapter 11 Abstract Data Types and Encapsulation Concepts.
Confined Types Encapsulation and modularity Seminar November, 2005 presented by: Guy Gueta.

Confined Types Encapsulation and modularity Seminar November, 2005 presented by: Guy Gueta.
Architectural Reasoning in ArchJava Jonathan Aldrich Craig Chambers David Notkin University of Washington ECOOP ‘02, 13 June 2002.

Architectural Reasoning in ArchJava Jonathan Aldrich Craig Chambers David Notkin University of Washington ECOOP ‘02, 13 June 2002.
OOP in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

OOP in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Laboratory for Computer Science Massachusetts Institute of Technology Ownership Types for Safe Region-Based Memory Management in Real-Time Java Chandrasekhar.

Laboratory for Computer Science Massachusetts Institute of Technology Ownership Types for Safe Region-Based Memory Management in Real-Time Java Chandrasekhar.
Run time vs. Compile time

Run time vs. Compile time
1 Generics and Using a Collection Generics / Parameterized Classes Using a Collection Customizing a Collection using Inheritance Inner Classes Use of Exceptions.

1 Generics and Using a Collection Generics / Parameterized Classes Using a Collection Customizing a Collection using Inheritance Inner Classes Use of Exceptions.
ArchJava Connecting Software Architecture to Implementation Jonathan Aldrich Craig Chambers David Notkin University of Washington ICSE ‘02, May 22, 2002.

ArchJava Connecting Software Architecture to Implementation Jonathan Aldrich Craig Chambers David Notkin University of Washington ICSE ‘02, May 22, 2002.
1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.

1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.
Lecture 9 Concepts of Programming Languages

Lecture 9 Concepts of Programming Languages
Ownership Types for Object Encapsulation Authors:Chandrasekhar Boyapati Barbara Liskov Liuba Shrira Presented by: Charles Lin Course: CMSC 631.

Ownership Types for Object Encapsulation Authors:Chandrasekhar Boyapati Barbara Liskov Liuba Shrira Presented by: Charles Lin Course: CMSC 631.
1 Contents. 2 Run-Time Storage Organization 3 Static Allocation In many early languages, notably assembly and FORTRAN, all storage allocation is static.

1 Contents. 2 Run-Time Storage Organization 3 Static Allocation In many early languages, notably assembly and FORTRAN, all storage allocation is static.
1 An introduction to design patterns Based on material produced by John Vlissides and Douglas C. Schmidt.

1 An introduction to design patterns Based on material produced by John Vlissides and Douglas C. Schmidt.
Subclasses and Subtypes CMPS 2143. Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.

Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich 15-819: Objects and Aspects Carnegie Mellon University.

A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich : Objects and Aspects Carnegie Mellon University.

Similar presentations

Ads by Google