Abstract. Object ownership is an approach to controlling aliasing in programming languages. Proposals for adding ownership to programming languages do not directly support type genericity. We present Featherweight Generic Ownership — the first system to unify ownership and type polymorphism. Our type system extends Featherweight Generic Java with locations to support ownership and confinement invariants, as well as having full soundness proof. We hope that our work will help bring full support for object encapsulation to the mainstream programming world. 1

Ownership type systems are used to structure the object store into contexts and to restrict references between contexts. How to handle exceptions in these type systems has not been described in the literature. In this paper we analyze four viable designs for supporting exceptions in ownership type systems: (1) cloning exception objects during propagation; (2) using unique references to transfer exceptions between contexts during propagation; (3) treating exceptions as global data; (4) handling exceptions by read-only references that may cross context boundaries. We briefly describe our implementation of the fourth approach in the Universe type system.

Programming in an object-oriented language demands a fine balance between high degrees of expressiveness and control. At one level, we need to permit objects to interact freely to achieve our implementation goals. At a higher level, we need to enforce architectural constraints so that the system can be understood by new developers and can evolve as requirements change. To resolve this tension, numerous explorers have ventured out into the vast landscape of type systems expressing ownership and behavioural restrictions such as immutability. (Many have never returned.) This work in progress reports on our consolidation of the resulting discoveries into a single programming language. Our language, Joe3, imposes little additional syntactic overhead, yet can encode powerful patterns such as fractional permissions, and the reference modes of Flexible Alias Protection. 1.

SharC is a recently developed system for checking data-sharing in multithreaded programs. Programmers specify sharing rules (readonly, protected by a lock, etc.) for individual objects, and the SharC compiler enforces these rules using static and dynamic checks. Violations of these rules indicate unintended data sharing, which is the underlying cause of harmful data-races. Additionally, SharC allows programmers to change the sharing rules for a specific object using a sharing cast, to capture the fact that sharing rules for an object often change during the object’s lifetime. SharC was successfully applied to a number of multi-threaded C programs. However, many programs are not readily checkable using SharC because their sharing rules, and changes to sharing rules, effectively apply to whole data structures rather than to individual objects. We have developed a system called Shoal to address this shortcoming.

Sharing mutable data (via aliasing) is a powerful programming technique. To facilitate sharing, object-oriented programming languages permit the programmer to selectively break encapsulation boundaries. However, sharing data makes programs harder to understand and reason about, because, unlike encapsulated data, shared data cannot be reasoned about in a modular fashion. This paper presents an analysis and a visualizer to help the programmer understand and reason about shared data.

Object immutability is a familiar concept that allows safe sharing of objects. Existing language support for immutability is based on immutable classes. However, class-based approaches are restrictive because programmers can neither make instances of arbitrary classes immutable, nor can they control when an instance becomes immutable. These restrictions prevent many interesting applications where objects of mutable classes go through a number of modifications before they become immutable. This paper presents a flexible technique to enforce the immutability of individual objects by transferring their ownership to a special freezer object, which prevents further modification. The paper demonstrates how immutability facilitates program verification by extending the Boogie methodology for object invariants to immutable objects. The technique is based on Spec#’s dynamic ownership, but the concepts also apply to other ownership systems that support transfer.

The JSR 308 webpage is

Pedigree Types are an intuitive ownership type system requiring minimal programmer annotations. Reusing the vocabulary of human genealogy, Pedigree Types programmers can qualify any object reference with a pedigree – a child, sibling, parent, grandparent, etc – to indicate what relationship the object being referred to has with the referant on the standard ownership tree, following the owners-as-dominators convention. Such a qualifier serves as a heap shape constraint that must hold at run time and is enforced statically. Pedigree child captures the intention of encapsulation, i.e. ownership: the modified object reference is ensured not to escape the boundary of its parent. Among existing ownership type systems, Pedigree Types are closest to Universe Types. The former can be viewed as extending the latter with a more general form of pedigree modifiers, so that the relationship between any pair of objects on the aforementioned ownership tree can be named and – more importantly – inferred. We use a constraint-based type system which is proved sound via subject reduction. Other technical originalities include a polymorphic treatment of pedigrees not explicitly specified by programmers, and use of linear diophantine equations in type constraints to enforce the hierarchy. 1.

We present an effective static deadlock detection algorithm for Java. Our algorithm uses a novel combination of static analyses each of which approximates a different necessary condition for a deadlock. We have implemented the algorithm and report upon our experience applying it to a suite of multi-threaded Java programs. While neither sound nor complete, our approach is effective in practice, finding all known deadlocks as well as discovering previously unknown ones in our benchmarks with few false alarms. 1

The Universe Type System is an ownership type system for object-oriented programming languages that hierarchically structures the object store; it is used to reason modularly about programs. We formalise Universe Types for a core subset of Java in two steps: We first define a Topological Type System that structures the object store hierarchically into an ownership tree, and demonstrate soundness of the Topological Type System by proving subject reduction. Motivated by concerns of modular verification, we then present an Encapsulation Type System that enforces the owner-as-modifier discipline; that is, that object updates are initiated by the owner of the object. The contributions of this paper are, firstly, an extensive type-theoretic account of the Universe Type System, with explanations and complete proofs, and secondly, the clean separation of the topological from the encapsulation concerns.