ABSTRACT
Objects under initialization are fragile: some of their fields are not yet initialized. Consequently, accessing those uninitialized fields directly or indirectly may result in program crashes or abnormal behaviors at runtime.
A newly created object goes through several states during its initialization, beginning with all fields being empty until all of them are filled. However, ensuring initialization safety statically, without manual annotation of initialization states in the source code, is a challenge, due to aliasing, virtual method calls and typestate polymorphism.
In this work, we introduce a novel analysis based on abstract interpreters to ensure initialization safety. Compared to the previous approaches, our analysis is simpler and easier to extend, and it does not require any user annotations. The analysis is inter-procedural, context-sensitive and flow-insensitive, yet it has good performance thanks to local reasoning and heap monotonicity.
Supplemental Material
- Nada Amin and Tiark Rompf. 2017. Type soundness proofs with definitional interpreters. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 666–679. http://dl.acm.org/citation.cfm?id=3009866 Google ScholarDigital Library
- David Darais, Nicholas Labich, Phuc C. Nguyen, and David Van Horn. 2017. Abstracting definitional interpreters (functional pearl). Proc. ACM Program. Lang., 1, ICFP (2017), 12:1–12:25. https://doi.org/10.1145/3110256 Google ScholarDigital Library
- Joe Duffy. 2010. On partially-constructed objects. http://joeduffyblog.com/2010/06/27/on-partiallyconstructed-objects/Google Scholar
- Manuel Fähndrich and K. Rustan M. Leino. 2003. Declaring and checking non-null types in an object-oriented language. In Proceedings of the 2003 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications, OOPSLA 2003, October 26-30, 2003, Anaheim, CA, USA, Ron Crocker and Guy L. Steele Jr. (Eds.). ACM, 302–312. https://doi.org/10.1145/949305.949332 Google ScholarDigital Library
- Manuel Fähndrich and K Rustan M Leino. 2003. Heap monotonic typestates. In International Workshop on Aliasing, Confinement and Ownership in object-oriented programming (IWACO).Google Scholar
- Manuel Fähndrich and Songtao Xia. 2007. Establishing object invariants with delayed types. In Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2007, October 21-25, 2007, Montreal, Quebec, Canada, Richard P. Gabriel, David F. Bacon, Cristina Videira Lopes, and Guy L. Steele Jr. (Eds.). ACM, 337–350. https://doi.org/10.1145/1297027.1297052 Google ScholarDigital Library
- Fengyun Liu. 2020. Safe initialization of objects. Ph.D. Dissertation. EPFL.Google Scholar
- Fengyun Liu, Ondřej Lhoták, Aggelos Biboudis, Paolo G. Giarrusso, and Martin Odersky. 2020. A type-and-effect system for object initialization. Proc. ACM Program. Lang., 4, OOPSLA (2020), 175:1–175:28. https://doi.org/10.1145/3428243 Google ScholarDigital Library
- Martin Odersky. 2019. Scala Language Specification. https://scala-lang.org/files/archive/spec/2.13/Google Scholar
- Xin Qi and Andrew C. Myers. 2009. Masked types for sound object initialization. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, January 21-23, 2009, Zhong Shao and Benjamin C. Pierce (Eds.). ACM, 53–65. https://doi.org/10.1145/1480881.1480890 Google ScholarDigital Library
- Marco Servetto, Julian Mackay, Alex Potanin, and James Noble. 2013. The Billion-Dollar Fix - Safe Modular Circular Initialisation with Placeholders and Placeholder Types. In ECOOP 2013 - Object-Oriented Programming - 27th European Conference, Montpellier, France, July 1-5, 2013. Proceedings, Giuseppe Castagna (Ed.) (Lecture Notes in Computer Science, Vol. 7920). Springer, 205–229. https://doi.org/10.1007/978-3-642-39038-8_9 Google ScholarDigital Library
- Robert E. Strom and Shaula Yemini. 1986. Typestate: A Programming Language Concept for Enhancing Software Reliability. IEEE Trans. Software Eng., 12, 1 (1986), 157–171. https://doi.org/10.1109/TSE.1986.6312929 Google ScholarDigital Library
- Alexander J. Summers and Peter Müller. 2011. Freedom before commitment: a lightweight type system for object initialisation. In Proceedings of the 26th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2011, part of SPLASH 2011, Portland, OR, USA, October 22 - 27, 2011, Cristina Videira Lopes and Kathleen Fisher (Eds.). ACM, 1013–1032. https://doi.org/10.1145/2048066.2048142 Google ScholarDigital Library
- Yoav Zibin, David Cunningham, Igor Peshansky, and Vijay A. Saraswat. 2012. Object Initialization in X10. In ECOOP 2012 - Object-Oriented Programming - 26th European Conference, Beijing, China, June 11-16, 2012. Proceedings, James Noble (Ed.) (Lecture Notes in Computer Science, Vol. 7313). Springer, 207–231. https://doi.org/10.1007/978-3-642-31057-7_10 Google ScholarDigital Library
Index Terms
- Safe object initialization, abstractly
Recommendations
A type-and-effect system for object initialization
Every newly created object goes through several initialization states: starting from a state where all fields are uninitialized until all of them are assigned. Any operation on the object during its initialization process, which usually happens in the ...
Inference of field initialization
ICSE '11: Proceedings of the 33rd International Conference on Software EngineeringA raw object is partially initialized, with only some fields set to legal values. It may violate its object invariants, such as that a given field is non-null. Programs often manipulate partially-initialized objects, but they must do so with care. ...
On object initialization in the Java bytecode
Java is an ideal platform for implementing mobile code systems, not only because of its portability but also because it is designed with security in mind. Untrusted Java programs can be statically analyzed and validated. The program's behavior is then ...
Comments