Results 1 - 10
of
101
Featherweight Java: A Minimal Core Calculus for Java and GJ
- ACM Transactions on Programming Languages and Systems
, 1999
"... Several recent studies have introduced lightweight versions of Java: reduced languages in which complex features like threads and reflection are dropped to enable rigorous arguments about key properties such as type safety. We carry this process a step further, omitting almost all features of the fu ..."
Abstract
-
Cited by 659 (23 self)
- Add to MetaCart
Several recent studies have introduced lightweight versions of Java: reduced languages in which complex features like threads and reflection are dropped to enable rigorous arguments about key properties such as type safety. We carry this process a step further, omitting almost all features of the full language (including interfaces and even assignment) to obtain a small calculus, Featherweight Java, for which rigorous proofs are not only possible but easy. Featherweight Java bears a similar relation to Java as the lambda-calculus does to languages such as ML and Haskell. It offers a similar computational “feel, ” providing classes, methods, fields, inheritance, and dynamic typecasts with a semantics closely following Java’s. A proof of type safety for Featherweight Java thus illustrates many of the interesting features of a safety proof for the full language, while remaining pleasingly compact. The minimal syntax, typing rules, and operational semantics of Featherweight Java make it a handy tool for studying the consequences of extensions and variations. As an illustration of its utility in this regard, we extend Featherweight Java with generic classes in the style of GJ (Bracha, Odersky, Stoutamire, and Wadler) and give a detailed proof of type safety. The extended system formalizes for the first time some of the key features
Contracts for Higher-Order Functions
, 2002
"... Assertions play an important role in the construction of robust software. Their use in programming languages dates back to the 1970s. Eiffel, an object-oriented programming language, wholeheartedly adopted assertions and developed the "Design by Contract" philosophy. Indeed, the entire obj ..."
Abstract
-
Cited by 141 (18 self)
- Add to MetaCart
Assertions play an important role in the construction of robust software. Their use in programming languages dates back to the 1970s. Eiffel, an object-oriented programming language, wholeheartedly adopted assertions and developed the "Design by Contract" philosophy. Indeed, the entire object-oriented community recognizes the value of assertion-based contracts on methods.
DrScheme: A programming environment for Scheme
- Journal of Functional Programming
, 2002
"... DrScheme is a programming environment for Scheme. It fully integrates a graphicsenriched editor, a parser for multiple variants of Scheme, a functional read-eval-print loop, and an algebraic printer. The environment is especially useful for students, because it has a tower of syntactically restricte ..."
Abstract
-
Cited by 127 (58 self)
- Add to MetaCart
(Show Context)
DrScheme is a programming environment for Scheme. It fully integrates a graphicsenriched editor, a parser for multiple variants of Scheme, a functional read-eval-print loop, and an algebraic printer. The environment is especially useful for students, because it has a tower of syntactically restricted variants of Scheme that are designed to catch typical student mistakes and explain them in terms the students understand. The environment is also useful for professional programmers, due to its sophisticated programming tools, such as the static debugger, and its advanced language features, such as units and mixins. Beyond the ordinary programming environment tools, DrScheme provides an algebraic stepper, a context-sensitive syntax checker, and a static debugger. The stepper reduces Scheme programs to values, according to the reduction semantics of Scheme. It is useful for explaining the semantics of linguistic facilities and for studying the behavior of small programs. The syntax checker annotates programs with font and color changes based on the syntactic structure of the program. On demand, it draws arrows that point from bound to binding occurrences of identifiers. It also supports α-renaming. Finally, the static debugger provides a type inference system that explains specific inferences in terms of a value-flow graph, selectively overlaid on the program text.
A machine-checked model for a Java-like language, virtual machine and compiler
- ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 2004
"... We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big an ..."
Abstract
-
Cited by 126 (9 self)
- Add to MetaCart
(Show Context)
We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.
Safe composition of product lines
- GENERATIVE PROGRAMMING AND COMPONENT ENGINEERING, 6TH INTERNATIONAL CONFERENCE (GPCE 2007)
, 2007
"... Programs of a software product line can be synthesized by composing modules that implement features. Besides high-level domain constraints that govern the compatibility of features, there are also low-level implementation constraints: a feature module can reference classes that are defined in other ..."
Abstract
-
Cited by 110 (12 self)
- Add to MetaCart
Programs of a software product line can be synthesized by composing modules that implement features. Besides high-level domain constraints that govern the compatibility of features, there are also low-level implementation constraints: a feature module can reference classes that are defined in other feature modules. Safe composition is the guarantee that programs composed from feature modules are absent of references to undefined classes, methods, and variables. We show how safe composition can be
An imperative core calculus for Java and Java with effects
, 2003
"... In order to study rigorously object-oriented languages such as Java or C , a common practice is to define lightweight fragments, or calculi, which are sufficiently small to facilitate formal proofs of key properties. However many of the current proposals for calculi lack important language features. ..."
Abstract
-
Cited by 75 (9 self)
- Add to MetaCart
In order to study rigorously object-oriented languages such as Java or C , a common practice is to define lightweight fragments, or calculi, which are sufficiently small to facilitate formal proofs of key properties. However many of the current proposals for calculi lack important language features. In this paper we propose Middleweight Java, MJ, as a contender for a minimal imperative core calculus for Java. Whilst compact, MJ models features such as object identity, field assignment, constructor methods and block structure. We define the syntax, type system and operational semantics of MJ, and give a proof of type safety. In order to demonstrate the usefulness of MJ to reason about operational features, we consider a recent proposal of Greenhouse and Boyland to extend Java with an effects system. This effects system is intended to delimit the scope of computational effects within a Java program. We define an extension of MJ with a similar effects system and instrument the operational semantics. We then prove the correctness of the effects system
A virtual class calculus
, 2005
"... Virtual classes are class-valued attributes of objects. Like virtual methods, virtual classes are defined in an object’s class and may be redefined within subclasses. They resemble inner classes, which are also defined within a class, but virtual classes are accessed through object instances, not as ..."
Abstract
-
Cited by 63 (7 self)
- Add to MetaCart
(Show Context)
Virtual classes are class-valued attributes of objects. Like virtual methods, virtual classes are defined in an object’s class and may be redefined within subclasses. They resemble inner classes, which are also defined within a class, but virtual classes are accessed through object instances, not as static components of a class. When used as types, virtual classes depend upon object identity – each object instance introduces a new family of virtual class types. Virtual classes support large-scale program composition techniques, including higher-order hierarchies and family polymorphism. The original definition of virtual classes in BETA left open the question of static type safety, since some type errors were not caught until runtime. Later the languages Caesar and gbeta have used a more strict static analysis in order to ensure static type safety. However, the existence of a sound, statically typed model for virtual classes has been a long-standing open question. This paper presents a virtual class calculus, vc, that captures the essence of virtual classes in these full-fledged programming languages. The key contributions of the paper are a formalization of the dynamic and static semantics of vc and a proof of the soundness of vc. Categories and Subject Descriptors D.3.3 [Language Constructs and Features]: Classes and objects, inheritance, polymorphism; F.3.3 [Studies of Program Constructs]: Object-oriented constructs,
A complete guide to the future
- Proc. 16th European Symposium on Programming (ESOP’07), volume 4421 of LNCS
, 2007
"... Abstract We present the semantics and proof system for an objectoriented language with active objects, asynchronous method calls, and futures. The language, based on Creol, distinguishes itself in that unlike active object models, it permits more than one thread of control within an object, though, ..."
Abstract
-
Cited by 59 (24 self)
- Add to MetaCart
(Show Context)
Abstract We present the semantics and proof system for an objectoriented language with active objects, asynchronous method calls, and futures. The language, based on Creol, distinguishes itself in that unlike active object models, it permits more than one thread of control within an object, though, unlike Java, only one thread can be active within an object at a given time and rescheduling occurs only at specific release points. Consequently, reestablishing an object’s monitor invariant is possible at specific well-defined points in the code. The resulting proof system shows that this approach to concurrency is simpler for reasoning than, say, Java’s multithreaded concurrency model. From a methodological perspective, we identify constructs which admit a simple proof system and those which require, for example, interference freedom tests. 1
Generic universe types
- In ECOOP
, 2007
"... Ownership is a powerful concept to structure the object store and to control aliasing and modifications of objects. This paper presents an ownership type system for a Javalike programming language with generic types. Like our earlier Universe type system, Generic Universe Types enforce the owner-as- ..."
Abstract
-
Cited by 55 (19 self)
- Add to MetaCart
(Show Context)
Ownership is a powerful concept to structure the object store and to control aliasing and modifications of objects. This paper presents an ownership type system for a Javalike programming language with generic types. Like our earlier Universe type system, Generic Universe Types enforce the owner-as-modifier discipline. This discipline does not restrict aliasing, but requires modifications of an object to be initiated by its owner. This allows owner objects to control state changes of owned objects, for instance, to maintain invariants. Generic Universe Types require a small annotation overhead and provide strong static guarantees. They are the first type system that combines the owner-as-modifier discipline with type genericity.
A Semantical Approach to Method-Call Interception
- AOSD 2002
, 2002
"... We study a language construct superimpose for methodcall interception (MCI). The construct enables a programmer to attach additional functionality to certain join points along the execution of specified method calls. This is done in a completely type-safe manner where the additional functionality sh ..."
Abstract
-
Cited by 54 (7 self)
- Add to MetaCart
We study a language construct superimpose for methodcall interception (MCI). The construct enables a programmer to attach additional functionality to certain join points along the execution of specified method calls. This is done in a completely type-safe manner where the additional functionality shares its state with the registry location. We present the static and the dynamic semantics of MCI. We use a disciplined style of Natural semantics for an accessible specification of MCI. We organize the constructs in a design space so that we can add expressiveness to a simple objectoriented language core in a stepwise fashion. It is one simple extension to enable interactive MCI, that is, MCI code can interact with the objects involved in a method call. Another simple extension is to allow for collective MCI by using patterns for the calls to be intercepted.
