Jon G. Riecke and Christopher A. Stone. Privacy via subsumption. In Informal Workshop Record of the Fifth Workshop on Foundations of Object-Oriented Languages, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....concepts are modeled in the purest way possible. It is possible then to single out problems and properties of various features, and then combine them. A calculus could be the first step in the design of a new language. This thesis follows the classical methodology of theoretical research on OO [Coo89a, AC96a, FHM94, Fis96, PT94, BPF97, RS98], using types as an instrument of analysis of OO as a paradigm on its own, and of synthesis of new results. Unless they are important for what is being studied. The starting point of this thesis is a functional object based calculus, the Lambda Calculus of Objects of Fisher, Honsell, Mitchell ....

....A different approach to combining object extension with subtyping is to allow object extension to coexist with limited forms of subtyping. This idea has been pursued in several papers in the literature: the type systems proposed by Abadi [Aba94] in Chapter 3, R emy [Rem97] Riecke and Stone [RS98], and [Liq97] may all be ascribed to this approach. To account for the combination of method addition and subtyping, these proposals devise different mechanisms that allow subtyping to be traced: the intention is to either isolate safe uses of subtyping in presence of primitives of method ....

[Article contains additional citation context not shown here]

J. C. Riecke and C. A Stone. Privacy via Subsumption. In Proc. of FOOL'98, 1998.

....with the same name. A facility for renaming fields in mixins could avoid this problem; however this approach breaks with subtyping, since renaming prevents the derivative class from being a subclass of the original class. Approaches based on distinguishing internal and external field names [31] become problematic with parallel extensions of classes, and it is also not clear how fields can be shared between mixins with this approach. 2. Parallel extensions: Traditional inheritance, and method type specialization, focus on the extension of a single class. XML schemas typically involve ....

J. Riecke and C. Stone. Privacy via subsumption. In Languages, 1998. To appear in Information and Computation.

....and mixins may be coded in this calculus, prove a type soundness theorem (via a subject reduction property) and give a sound and complete typing algorithm. 1 Introduction Many theoretical studies have addressed the problem of modeling object oriented languages via primitive operations [2,18,17,6,28,30]. Most of these approaches have centered on object based calculi, where objects, not classes, are seen as the primitive building blocks. However, statically typed, class based languages like Simula [5] Ei#el [26] C [16,31] and Java [4] are the most common form of object oriented language. ....

....system. Future work includes: adopting a module construct and a dot notation as in [12,22] to replace the present nested structure of class hierarchies, and introducing a form of alpha conversion to allow us to hide the private names that are currently exposed by our positive kinds, as in [30]. ....

J.G. Riecke and C. Stone. Privacy via subsumption. In Proc. 5th Annual FOOL Workshop, pages 9.1--9.10, January 1998. 462, 484

....v d. Thus, P 0 ; 0 [this7 f d g P 0 (this) 0 3 holds. 4 Related work The foundational perspective Most foundational work is based on functional object based languages. In [1] method overriding models eld update and delegation. In [15] method extensions represent class inheritance, while [7, 12, 26, 16, 27] enhance the above representation by introducing a limited form of method subtyping. These calculi deal with questions of width subtyping over breadth subtyping, the use of MyType, method extension and overriding, and were primarily developed for modelling inheritance and delegation. Object ....

J.C. Riecke and C.A. Stone. Privacy via Subsumption. In FOOL'98, 1998. Available from http://www.cs.williams.edu/kim/FOOL/FOOL5.html.

.... : pro t:hhR R 0 ii modify the (Object) rule as follows: e1 : #pro t:hhR R 0 ; m : ii ; t # m; s : t e2 : e1 :m (s : t # m)e2 : m 8 Related and Future Works Several calculi proposed in literature combine object extension with objects subsumption ([24, 18, 20, 4, 23]) In [24] it is presented a calculus where it is possible to rst subsume (forget) an object component, and then readd it again with a type which may be incompatible with the forgotten one. In order to guarantee the soundness of the type system, method dictionaries are used inside objects, ....

.... modify the (Object) rule as follows: e1 : #pro t:hhR R 0 ; m : ii ; t # m; s : t e2 : e1 :m (s : t # m)e2 : m 8 Related and Future Works Several calculi proposed in literature combine object extension with objects subsumption ( 24, 18, 20, 4, 23] In [24], it is presented a calculus where it is possible to rst subsume (forget) an object component, and then readd it again with a type which may be incompatible with the forgotten one. In order to guarantee the soundness of the type system, method dictionaries are used inside objects, which link ....

J.G. Riecke and C. Stone. Privacy via Subsumption. In Electronic proceedings of FOOL-98, 1998.

....many common uses of aliasing in object oriented programs. A common approach to preventing representation exposure is by restricting the access to variable names. But the private and protected modes of Java and C , for example, and related mechanisms [18, 15, 17, 32] or their formal models [42, 1], fail to adequately constrain the sharing of object references. Name protection does not enforce alias protection, because, for example, an externally aliased object can be assigned into a private field, or the contents of a private field can be exported by another means. This is more likely to ....

Jon G. Riecke and Chrisopher A. Stone. Privacy via Subsumption. In Fifth Workshop on Foundations of Object-Oriented Languages, 1998.

.... only the methods that are not referred to any other method [6,5] one may not forget the type of the hidden methods in order to guarantee that any future addition of those methods will have a type consistent with the hidden one [21,20] one may use method dictionaries inside object types [29], and permitting to re add an hidden method with two di erent types. A detailed comparison of calculi with object extension in presence of object subsumption is under development. 7 Conclusions We hope to have contributed to the understanding of some basic concepts of object calculi and other ....

J.G. Riecke and C. Stone. Privacy via Subsumption. In Electronic proceedings of FOOL-98, 1998.

....explains some problems we encountered while trying to bootstrap the Match O compiler. Section 5 concludes and presents some related work, together with some future work. 2: The Match O types A great theoretical e ort has been devoted in the last years to nding sound and expressive type systems [5, 6, 8, 3, 1, 16, 19, 18, 22, 23, 2, 24] featuring a subtyping relation compatible with mytype method specialization. The matching relation over object types. In Bruce s theory, an object type (essentially a type interface) has the form OT hhv i : a i ; m j : b j ii i2I j2J , where OT is a binder for the type variable Mytype ....

J.G. Riecke and C. Stone. Privacy via Subsumption. In Electronic Proc. of FOOL-98, 1998. To appear in Theory and Practice of Object Systems.

....0 (this) d, and P 0 d 0 v d. Thus, P 0 ; 0 [this7 f d g P 0 (this) 0 3 holds. 4 Related work Most foundational work is based on functional object based languages. In [1] method overriding models eld update and delegation. In [10] method extensions represent class inheritance, while [3, 7, 18, 11, 19] enhance the above representation by introducing a limited form of method subtyping. These calculi deal with questions of width subtyping over breadthsubtyping, the use of MyType, method extension and overriding; they were primarily developed as a means of understanding inheritance and ....

J. C. Riecke and C. A. Stone. Privacy via Subsumption. In FOOL'98, 1998. Available from http://www.cs.williams.edu/kim/FOOL/FOOL5.html.

.... hide , by subsumption, the x field, and we add again x with a new value 1 of type int, and we call y on the object dpoint, then we lose the subject reduction property, since the evaluation of dpoint:y, of type nat, yields the value 1 of type int. Other works by [FM95, BL95, Rem95, BBDL97, Rem98, RS98] have addressed the issue of integrating object subsumption in presence of object extension. This paper starts from the Abadi Cardelli s (first order) Object Calculus, called Ob 1 : AC96b] We briefly recall its features. it supports fixed size objects (no object extension is ....

....the type system. A number of examples which are meant to give an insight of the power of Ob s : will be provided in Section 4. The last section will be devoted to a comparison with the paper of Abadi and Cardelli [AC95] the paper of Didier Remy [Rem98] and the paper of Riecke and Stone [RS98] Part of this material appeared in two technical reports [Liq97a] and [Liq99] Acknowledgement. The author is grateful the anonymous referees to their helpful comments on this work. 2 2 The Extended Primitive Object Calculus The untyped syntax of the Extended Object Calculus is defined by ....

[Article contains additional citation context not shown here]

J.G. Riecke and C. Stone. Privacy via Subsumption. In Electronic proceedings of FOOL-98, 1998.

....The expression e 1 f = e 2 is the extension of object e 1 with a new field f with initial value e 2 ; similarly, e m = M is the extension of e with a new method m with definition M . The intended operational semantics of the extended language is the dictionary semantics of Riecke and Stone [RS98] The translation extends as follows: e 1 f = e 2 = e 1 f = e 2 e.m #M = e 1#i#n g i = y i ) m #M # e m = M = e 1#i#n g i = y i ) m#M # where M = x[##] # x:#) b:# M # = x[##] # x:#) b y 1 , y n : x.g 1 , x.g n :# ....

Jon Riecke and Christopher Stone. Privacy via subsumption. In 5th International Workshop on Foundations of Object Oriented Programming Languages, San Diego, CA, USA, January 1998.

....we will adopt the simple solution proposed in [Ghe90, FM96] The real focus of our research is a new semantics for object extension and message passing which allows, under some conditions, incompatible extensions. A very interesting work which goes in this direction is presented in the paper [RS98]. In the first order system presented in that paper, an object is made of a method suite where every method is indexed by a number, plus a dictionary which maps names to numbers; methods are accessed by name from the outside and by their internal number from self. For example, if a method m 1 = ....

J.C. Riecke and C.A. Stone. Privacy via subsumption. In Fifth International Workshop on Foundations of Object-Oriented Programming (FOOL 5), January 1998.

....we will adopt the simple solution proposed in [Ghe90, FM96] The real focus of our research is a new semantics for object extension and message passing which allows, under some conditions, incompatible extensions. A very interesting work which goes in this direction is presented in the paper [RS98]. In the first order system presented in that paper, an object is made of a method suite where every method is indexed by a number, plus a dictionary which maps names to numbers; methods are accessed by name from the outside and by their internal number from self. For example, if a method m 1 = ....

J.C. Riecke and C.A. Stone. Privacy via subsumption. In Fifth International Workshop on Foundations of Object-Oriented Programming (FOOL 5), January 1998.

....means for controlling access to objects. The first is access modifiers such as private, public, and protected, to restrict the visibility of attributes and classes. The second is type abstraction; abstract types and subsumption can be used to limit the operations that can be invoked on an object [22, 31]. This second approach is not applicable in languages such as Java in which the run time type of objects can be retrieved by the program (e.g. through the instanceof operator or reflection) Dynamic access control: Java provides dynamic access control mechanisms based on call stack inspection to ....

J. G. Riecke and C. A. Stone. Privacy via Subsumption. In Fifth Workshop on Foundations of ObjectOriented Languages, 1998.

....an unrelated method in some descendant class of C (recall the example in Figure 8) Methods inherited from B must invoke the original m method when they send the m message to self, while methods defined in D must get the new version. We use a variation of the Riecke Stone dictionary technique [RS98, FR99b] to solve this problem. Intuitively, dictionaries provide the ff conversion needed to avoid capture by mapping method names to slots in method suites. To adapt this technique to XMOC, when we link a class C , we replace each occurrence of self in the methods that C defines with the object ....

....of the earlier work is its treatment of private names; it provides no way to hide a method and then later add an unrelated method with the same name. Our use of dictionaries to specify the semantics of method dispatch in the presence of privacy is adapted from the work of Riecke and Stone [RS98] The main difference is that XMOC has an explicit notion of class and we introduce dictionaries as a side effect of linking classes. More recently, Igarashi et al. have described Featherweight Java, which is an object calculus designed to model the core features of JAVA s type system [IPW99] ....

Riecke, J. G. and C. Stone. Privacy via subsumption. In FOOL5, January 1998. A longer version will appear in TAPOS.

....basic means for controlling access to objects. The rst is access modi ers such as the Java private, public, and protected modi ers that restrict the visibility of attributes and classes. The second is type abstraction; subtyping can be used to limit the operations that can be invoked on an object [33]. In Java, type abstraction is not useful since using the instanceof operator and re ection make it quite easy to retrieve the type of an object, which is not the case in some other systems [22, 33] Dynamic access control: Java provides dynamic access control mechanisms based on call stack ....

.... is type abstraction; subtyping can be used to limit the operations that can be invoked on an object [33] In Java, type abstraction is not useful since using the instanceof operator and re ection make it quite easy to retrieve the type of an object, which is not the case in some other systems [22, 33]. Dynamic access control: Java provides dynamic access control mechanisms based on call stack inspection. That is, a dynamic check veri es that the current method was invoked (transitively) by a method with appropriate privileges [11] Another dynamic scheme which has been proposed is to use ....

J. G. Riecke and C. A. Stone. Privacy via Subsumption. In Fifth Workshop on Foundations of Object-Oriented Languages, 1998.

....2) present a basic class language (Section 3) and finally extend this language to address the problematic coexistence of inheritance and concurrency (Section 4) The formal specification of the syntax, the semantics, and the typing system are deferred to Section 5. In Section 6, following [18], we describe a view mechanism which forwards messages to from 2 one label to another, thus allowing to extrude different interfaces of the same object. The proofs of correctness of the type system appear in the appendix. We refer to earlier works for a more gentle introduction to the ....

....external method and thus would try to grab the lock EXT. Unfortunately, with this simple static renaming, such a mis behaviour may still occur when methods calls are performed indirectly, via another object. In Section 6 we describe a restricted view mechanism that fixes this problem. Following [18], we introduce a new operation on objects that forwards messages on a label to another label, directly (without attempting join matching) Then, we expand view C as S into a sequence of forwarding and hiding operations for each method defined in C. 5 Formal definition of the language 5.1 Syntax ....

[Article contains additional citation context not shown here]

J. G. Riecke and C. A. Stone. Privacy via subsumption. Submitted for publication, 1998.

....an unrelated method in some descendant class of C (recall the example in Figure 4) Methods inherited from B must invoke the original m method when they send the m message to self, while methods defined in D must get the new version. We use a variation of the Riecke Stone dictionary technique [RS98,FR99b] to solve this problem. Intuitively, dictionaries provide the ff conversion needed to avoid capture by mapping method names to slots in method tables. To adapt this technique to XMOC, when we link a class C, we replace each occurrence of self in the methods that C defines with the object ....

....of the earlier work is its treatment of private names; it provides no way to hide a method and then later add an unrelated method with the same name. Our use of dictionaries to specify the semantics of method dispatch in the presence of privacy is adapted from the work of Riecke and Stone [RS98] The main difference is that XMOC has an explicit notion of class and we introduce dictionaries as a side effect of linking classes. More recently, Igarashi et al. have described Featherweight Java, which is an object calculus designed to model the core features of JAVA s type system [IPW99] ....

Riecke, J. G. and C. Stone. Privacy via subsumption. In FOOL5, January 1998. A longer version will appear in TAPOS.

....methods applicable to both mutable or immutable objects. The idea of object mutation is not new. From a foundational perspective, 3] uses method overriding to explain field update and delegation in an object based calculus. Also, 12] allows method extension to represent class inheritance, while [5, 11, 17, 13, 18] enhance the above representation by introducing a limited form of method subtyping. These calculi deal with questions of width subtyping over breadth subtyping, the use of MyType, method extension and overriding; they were primarily developed as a means of understanding inheritance and delegation ....

J. C. Riecke and C. A. Stone. Privacy via subsumption. In FOOL'98 (http://www.cs.williams.edu/kim/FOOL/FOOL5.html), 1998.

....more complicated. The translation can also be extended to handle method update, field extension, and method extension. All of these require field extension, which interacts poorly with breadth subtyping. Thus, either a di#erent operational semantics is required, such as the dictionary semantics [RS98] or a more complicated type system, such as described by Fisher [Fis96] Details appear in the companion technical report [Gle99] Finally, as well as extensions to other language features, the translation has variants that express other environment representations. The translation of method ....

Jon Riecke and Christopher Stone. Privacy via subsumption. In 5th International Workshop on Foundations of Object Oriented Programming Languages, San Diego, CA, USA, January 1998.

No context found.

Jon G. Riecke and Christopher A. Stone. Privacy via subsumption. In Informal Workshop Record of the Fifth Workshop on Foundations of Object-Oriented Languages, 1998.

....by first using a dictionary to find the method s slot and then using the slot to index into a method suite. ink can support true private names and avoid the fragile base class problem by dynamically changing the dictionary associated with an object when the object s view of itself changes [RS98,FR99b] Separating dynamic dispatch into two pieces also enables more compiler optimizations. In this paper, we treat ink as a compiler IR, although the reader should think of it as more of a framework or basis for a compiler s IR. By design, ink satisfies our goals. Because of the ....

....self ; Gamma ) E [ new C] super ;OE super ;OE self ; Gamma = let (oe; OE; Gamma (C) in ( OE) To translate self, we extract the method suite of self and pair it with the current self dictionary, OE self . Note that because of method hiding, OE self may have more methods than ( 2 self) RS98,FR99b] To translate message sends, we first translate the receiver object and bind its value to obj. We then extract from this receiver its method suite ( 1 obj) and its dictionary ( 2 obj) Using dictionary application, we find the slot associated with method m. Using that slot, we index into ....

Riecke, J. G. and C. Stone. Privacy via subsumption. In FOOL5, January 1998. A longer version will appear in Information and Computation.

No context found.

J.C. Riecke, C.A. Stone. Privacy via Subsumption. FOOL'98 1998.

No context found.

Riecke, J. C. and Stone, C. A. 1998. Privacy via Subsumption. In FOOL5. Available from http://www.cs.williams.edu/kim/FOOL/FOOL5.html.

No context found.

J.C. Riecke and C.A. Stone. Privacy via subsumption. In Fifth International Workshop on Foundations of Object-Oriented Programming (FOOL 5), January 1998.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC