Abstract
Every newly created object goes through several initialization states: starting from a state where all fields are uninitialized until all of them are assigned. Any operation on the object during its initialization process, which usually happens in the constructor via this, has to observe the initialization states of the object for correctness, i.e. only initialized fields may be used. Checking safe usage of this statically, without manual annotation of initialization states in the source code, is a challenge, due to aliasing and virtual method calls on this.
Mainstream languages either do not check initialization errors, such as Java, C++, Scala, or they defend against them by not supporting useful initialization patterns, such as Swift. In parallel, past research has shown that safe initialization can be achieved for varying degrees of expressiveness but by sacrificing syntactic simplicity.
We approach the problem by upholding local reasoning about initialization which avoids whole-program analysis, and we achieve typestate polymorphism via subtyping. On this basis, we put forward a novel type-and-effect system that can effectively ensure initialization safety while allowing flexible initialization patterns. We implement an initialization checker in the Scala 3 compiler and evaluate on several real-world projects.
Supplemental Material
- Nada Amin and Tiark Rompf. 2017. Type soundness proofs with definitional interpreters. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 666-679. http://dl.acm.org/citation.cfm?id= 3009866Google ScholarDigital Library
- Joshua Bloch. 2008. Efective Java (2nd Edition) (The Java Series) (2 ed.). Prentice Hall PTR, Upper Saddle River, NJ, USA.Google Scholar
- Dave Clarke, James Noble, and Tobias Wrigstad (Eds.). 2013. Aliasing in Object-Oriented Programming. Types, Analysis and Verification. Lecture Notes in Computer Science, Vol. 7850. Springer. https://doi.org/10.1007/978-3-642-36946-9 Google ScholarCross Ref
- Joe Dufy. 2010. On partially-constructed objects. http://joedufyblog.com/ 2010 /06/27/on-partiallyconstructed-objects/.Google Scholar
- Michael D. Ernst and Mahmood Ali. 2010. Building and using pluggable type systems. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2010, Santa Fe, NM, USA, November 7-11, 2010, Gruia-Catalin Roman and André van der Hoek (Eds.). ACM, 375-376. https://doi.org/10.1145/1882291.1882356 Google ScholarDigital Library
- Manuel Fähndrich and K. Rustan M. Leino. 2003. Declaring and checking non-null types in an object-oriented language. In Proceedings of the 2003 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications, OOPSLA 2003, October 26-30, 2003, Anaheim, CA, USA, Ron Crocker and Guy L. Steele Jr. (Eds.). ACM, 302-312. https: //doi.org/10.1145/949305.949332 Google ScholarDigital Library
- Manuel Fähndrich and K Rustan M Leino. 2003. Heap monotonic typestates. In International Workshop on Aliasing, Confinement and Ownership in object-oriented programming (IWACO).Google Scholar
- Manuel Fähndrich and Songtao Xia. 2007. Establishing object invariants with delayed types. In Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2007, October 21-25, 2007, Montreal, Quebec, Canada, Richard P. Gabriel, David F. Bacon, Cristina Videira Lopes, and Guy L. Steele Jr. (Eds.). ACM, 337-350. https://doi.org/10.1145/1297027.1297052 Google ScholarDigital Library
- Joseph Gil and Tali Shragai. 2009. Are We Ready for a Safer Construction Environment?. In ECOOP 2009-Object-Oriented Programming, 23rd European Conference, Genoa, Italy, July 6-10, 2009. Proceedings (Lecture Notes in Computer Science, Vol. 5653 ), Sophia Drossopoulou (Ed.). Springer, 495-519. https://doi.org/10.1007/978-3-642-03013-0_23 Google ScholarDigital Library
- James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley. 2015. The Java Language Specification, Java SE 8 Edition.Google Scholar
- John Hogg, Doug Lea, Alan Cameron Wills, Dennis de Champeaux, and Richard C. Holt. 1992. The Geneva convention on the treatment of object aliasing. OOPS Messenger 3, 2 ( 1992 ), 11-16. https://doi.org/10.1145/130943.130947 Google ScholarDigital Library
- Fengyun Liu, Ondrej Lhoták, Aggelos Biboudis, Paolo G. Giarrusso, and Martin Odersky. 2020. Safe Initialization of Objects. ( 2020 ), 141. http://infoscience.epfl.ch/record/279970Google Scholar
- John M. Lucassen and David K. Giford. 1988. Polymorphic Efect Systems. In Conference Record of the Fifteenth Annual ACM Symposium on Principles of Programming Languages, San Diego, California, USA, January 10-13, 1988, Jeanne Ferrante and P. Mager (Eds.). ACM Press, 47-57. https://doi.org/10.1145/73560.73564 Google ScholarDigital Library
- Flemming Nielson, Hanne Riis Nielson, and Chris Hankin. 1999. Principles of program analysis. Springer. https://doi.org/10. 1007/978-3-662-03811-6 Google ScholarCross Ref
- Martin Odersky et al. 2013. Dotty Compiler: A Next Generation Compiler for Scala. https://dotty.epfl.ch/.Google Scholar
- Benjamin C. Pierce. 2002. Types and programming languages. MIT Press.Google ScholarDigital Library
- Xin Qi and Andrew C. Myers. 2009. Masked types for sound object initialization. In Proceedings of the 36th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, January 21-23, 2009, Zhong Shao and Benjamin C. Pierce (Eds.). ACM, 53-65. https://doi.org/10.1145/1480881.1480890 Google ScholarDigital Library
- Alban Reynaud, Gabriel Scherer, and Jeremy Yallop. 2018. A right-to-left type system for mutually-recursive value definitions. CoRR abs/ 1811.08134 ( 2018 ). arXiv: 1811.08134 http://arxiv.org/abs/ 1811.08134Google Scholar
- Marco Servetto, Julian Mackay, Alex Potanin, and James Noble. 2013. The Billion-Dollar Fix-Safe Modular Circular Initialisation with Placeholders and Placeholder Types. In ECOOP 2013-Object-Oriented Programming-27th European Conference, Montpellier, France, July 1-5, 2013. Proceedings (Lecture Notes in Computer Science, Vol. 7920 ), Giuseppe Castagna (Ed.). Springer, 205-229. https://doi.org/10.1007/978-3-642-39038-8_9 Google ScholarDigital Library
- Robert E. Strom and Shaula Yemini. 1986. Typestate: A Programming Language Concept for Enhancing Software Reliability. IEEE Trans. Software Eng. 12, 1 ( 1986 ), 157-171. https://doi.org/10.1109/TSE. 1986.6312929 Google ScholarCross Ref
- Alexander J. Summers and Peter Müller. 2011. Freedom before commitment: a lightweight type system for object initialisation. In Proceedings of the 26th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2011, part of SPLASH 2011, Portland, OR, USA, October 22-27, 2011, Cristina Videira Lopes and Kathleen Fisher (Eds.). ACM, 1013-1032. https://doi.org/10.1145/2048066.2048142 Google ScholarDigital Library
- Yoav Zibin, David Cunningham, Igor Peshansky, and Vijay A. Saraswat. 2012. Object Initialization in X10. In ECOOP 2012-Object-Oriented Programming-26th European Conference, Beijing, China, June 11-16, 2012. Proceedings (Lecture Notes in Computer Science, Vol. 7313 ), James Noble (Ed.). Springer, 207-231. https://doi.org/10.1007/978-3-642-31057-7_10 Google ScholarDigital Library
Index Terms
- A type-and-effect system for object initialization
Recommendations
Safe object initialization, abstractly
SCALA 2021: Proceedings of the 12th ACM SIGPLAN International Symposium on ScalaObjects under initialization are fragile: some of their fields are not yet initialized. Consequently, accessing those uninitialized fields directly or indirectly may result in program crashes or abnormal behaviors at runtime.
A newly created object ...
A type system for object initialization in the Java bytecode language
In the standard Java implementation, a Java language program is compiled to Java bytecode. This bytecode may be sent across the network to another site, where it is then executed by the Java Virtual Machine. Since bytecode may be written by hand, or ...
On object initialization in the Java bytecode
Java is an ideal platform for implementing mobile code systems, not only because of its portability but also because it is designed with security in mind. Untrusted Java programs can be statically analyzed and validated. The program's behavior is then ...
Comments