Transcript Islands : Aliasing Protection In Object-Oriented Languages By : John Hogg OOPSLA 91

Islands : Aliasing Protection In
Object-Oriented Languages
By : John Hogg
OOPSLA 91
Aharon Abadi
1
Islands
• The main contribution of the paper.
• Provide alias protection.
• Alias definition:
aliased object two pointer access paths
Aliased Object
2
Aliases problem
• Aliased objects allow changing the state through
different access paths
x y
x y
Perform operation x = x+ 1
3
Harmless aliasing: y is unaffected
x y
3
4
3
x y
z
Perform operation x .increment
3
Harm aliasing: y is affected
z
4
Aliasing Types
• Dynamic Aliasing:
at least one of the access paths has a
prefix consisting of temporary variables or
parameters
stack
Class A{ x:B;
void f(){ B & y=x; }
}
y
B object
A object
x
Within f object pointed by x is dynamic aliased
4
Aliasing Types
• Static Aliasing:
an object is aliased statically if two
different access paths are both composed
entirely of chains of instance variables.
Class A{ C & x ; …}
Class B { C & y; }
A object
C object
y
B object
5
x
Static Aliasing Problems
•
Dynamic alias:
–
•
Static alias:
–
–
–
•
6
has no effect beyond the
scope in which it occurs
problems scope : arbitrarily
point of the execution
The paths length may be
arbitrarily long
function f may be affected by
function g even though they
share no variables
.
Problem
Islands only prevents static aliasing
x y
heap
g(x);
heap
.
.
f(y);
.
.
x y
z
5
z
3
Island Motivation
• In practice aliasing tends to be local
• Programmers understand aliases
complexity
• Islands permit aliasing only on small
groups of object
– Each group called island
G1
G4
G2
G3
7
Island Definition
• Island
– the transitive closure of a set of objects
accessible from a bridge object
• Bridge
– the unique access point to a set of instances
that make up an island
bridge
Static references
Are disallowed
8
Island Requirements
• It must be possible to pass a structure
into an island with a guarantee that no other
references to it are held
Insert an object with no
external references
9
Island Requirements
• It must be possible to retrieve structure
from an island with a guarantee that no other references
to it are held
Retrieve an object with no
internal references
10
Island Requirements
• Ability invoking external functions and
procedures.
A
B
C
D
Dynamic aliasing
11
Island Benefits and Disadvantages
Benefits:
• Static references cannot cross Island boundary
• Dynamic references that cross Island boundary
are visible and controlled by the bridge
• An island provides a true encapsulation of its
components.
Disadvantages:
• Dynamic aliasing prevents information hiding is
not supported (not in the paper)
• Need to construct a proof about intra-island
behavior.
12
Island Implementation
Language Extension
• One new operation: destructive read
• Two more access modes: unique and
free which mutually exclusive to read
13
Destructive Read
• Atomic operation that returns the value of a
variable and sets the variable to nil.
• Only an instance variable may be destructively
read.
y
y=x
x
object
14
y
object
x
nill
Unique Access Mode
•
•
Indicates that the object has only one static reference
in the entire system.
Rules:
1.
2.
3.
4.
A unique variable may only be assigned the result of a
free expression.
A unique expression may not be assigned to
anything.
A unique expression may only be exported as unique.
If a method receiver is unique, then every parameter
and the result must be read or unique or free.
A
A
Unique
object
B
15
C
Unprotected object
within unique
object
Unprotected object
within unique
object
Unique
object
B
C
Free Access Mode
• Indicates that no other static references to the variable
exist anywhere in the system.
• Definition
A free expression is:
– destructive read of a unique instance variable
– destructive read of a free variable
– result of new
– result of free valued function
• Rules:
A free variable may only be accessed via a destructive
read.
16
Additional Rules
•
Bridge class - in every method every parameter
and function result is read, unique or free
•
•
•
A read expression may not be the right side of an
assignment.
A unique expression may not be assigned to anything
Free is not harmful
Disadvantage: internal object can be exported as read, no
information hiding.
17
Bridge Example
class name DictionaryBuffer
instance variable names head
tail
initialize: size% read do … end
insertKey: newKey%free , value: newValue%free do … end
%read Find: searchKey%read :%read do … end
DictionaryBuffer
18
Conclusion
• Islands : allow a set of objects to be nicely
encapsulated.
• Bridge : may used as true black box.
• Future work: extension to multiple
threads
19