Existential Quantification forVariant Ownership

Nicholas CameronSophia Drossopoulou

Imperial College London(Victoria University of Wellington)

ncameron@ecs.vuw.ac.nz

Ownership

Ownership

Statically partitions the heap Organises objects into an hierarchical structure Improves reasoning about programs

Effects Concurrency Memory Management Garbage Collection

Many flavours Encapsulation properties

Ownership

Ownership

Ownership

Parametric ownership Each object is owned by a context

context object owner Classes and types are parameterised by

contexts

Ownership

Classes are parameterised by formal contexts class C<o1, o2> {...}

o1 is the owner of objects of class C o2 is another context

Ownership

Types are parameterised by actual contexts class C<o1, o2> {...} C<this, this>

this C<world, o>

World, formal contexts C<x, f>

Final variables, final fields

Ownership

Ownership hierarchy o1:C<o3, a> o2:C<o4, a>

o1 is inside o3 o2 is inside o4 If o4 is inside o3

then o2 is inside o3

Existential Types

Existential Types

Used to model abstraction ƎX.(X→int)

Or variance in generic object-oriented languages ƎX.List<X> List<?> (Java wildcards)

Existential Types

Bounds ƎX→[Merino Animal].List<X>

Merino <: X <: Animal

Existential Types

Safe covariance: ƎX→[ Sheep].List<X> <:ƎX→[ Animal].List<X>

List<? ◄ Sheep> <:List<? ◄ Animal>

Existential Types

Packing pack(List<A>) = ƎX.List<X>

A is hidden – it is the witness type close expression

Existential Types

Unpacking unpack(ƎX.List<X>) = List<Z>

Z is a fresh type variable open expression

JoƎ - Motivation

Motivation

Desire for variance +, -, * in Variant Ownership Types

Lu, Potter, ECOOP '06

? in MOJO Cameron, Drossopoulou, Noble, Smith, OOPSLA '07

any/readonly in Universes Müller, Dietl, et al., many papers

any in Effective Ownership Lu, Potter, POPL '06

...

Motivation

All tailor-made solutions No connection to established type theory Limited expressivity

Motivation

E.g., ? in MOJO Strict substitution

If ? In .... Strict method and field lookup

Permeates entire calculus Additional subtype rules

Motivation

JoƎ

JoƎ

Goals: Expressivity Uniformity

JoƎ

Existential quantification of contexts Parametrisation by types and contexts

This combination gives improved expressivity

JoƎ

Class List<owner, X> { List<owner, X> next; X datum;

X get() {...} void add(X x) {...}}context parameterstype parameters

JoƎ

Generics and quantification for expressivity: List<this, Sheep<this>> Ǝo.List<o, Sheep<this>> Ǝo.List<this, Sheep<o>> List<this, Ǝo.Sheep<o>> Ǝo.List<o, Sheep<o>>

JoƎ

Flexible ownership language Parametric methods

Type and context parameters Actual contexts Explicit unpacking Upper and lower bounds on formal contexts

JoƎ

Upper and lower bounds on formal contexts Ǝo→[o5 o2].Sheep<o> o is inside o2 o5 is inside o

JoƎ

Uniform Uses only the purest form of existential types No special cases to support variance No tailored annotations Variance is dealt with locally Direct relation to long history of research on

existential types

JoƎ

Describes the topology of the heap This topology is fixed, not variant

Type sound Static description of topology reflects heap at

runtime Ownership hierarchy can 'grow', but not 'mutate' Useful

e.g. effects

JoƎ

Can encode other systems Generic Universes

Dietl, Drossoploulou, Müller, ECOOP '07

Existential owners for downcasting Wrigstad, Clarke, JOT, May '07

Variant Ownership Types? Lu, Potter, ECOOP '06

Single owner case of MOJO Cameron, Drossopoulou, Noble, Smith, OOPSLA '07

How it Works

JoƎ

JoƎ

Three environments Variable environment

JoƎ

Owner environment Quantified contexts are unpacked here

Does not affect this rule

JoƎ

Type environment Owner bounds

JoƎ

Substitute receiver for this

JoƎ

Receiver cannot be arbitrary expression But no loss of expressivity Thanks to open expression

JoƎ

Receiver must have class type Forces unpacking Don't account for quantification here

Summary

Parametric ownership+ Existential quantification of contexts+ Generics

= JoƎ Expressive and Uniform Can encode existing systems

Thank you!

ncameron@ecs.vuw.ac.nz

Ownership

Encapsulation Owners-as-Dominators Owners-as-Modifiers Link Soundness ...

Owners-as-Dominators All paths through the heap to an object are dominated by

that object's owner Common for parametric ownership systems Useful for garbage collection, memory management, ...

Ownership

Owners-as-Dominators

Ownership

Owners-as-Modifiers

Encapsulation

JoƎdeep

Owners-as-Dominators Strong encapsulation property Very small modifications

Well-formed heap Well-formed classes Class type checking

JoƎdeep

Treat existentially quantified context variables as their lower bounds

Owners-as-dominators involves showing referenced objects are outside their owners

If the lower bound is outside, then the hidden context must be outside