Functional Java - mimuw.edu.plczarnik/sliwowica/... · Outline Java JavaFun Semantical properties Type system Towards soundness proof Motivations I Problems with applications in Java:

OutlineJava

JavaFunSemantical properties

Type systemTowards soundness proof

Functional Java

Aleksy Schubert and Jacek ChrząszczInstitute of InformaticsWarsaw Universityul. Banacha 202–097 WarsawPoland

November 24, 2008

Aleksy Schubert and Jacek Chrząszcz Institute of Informatics Warsaw University ul. Banacha 2 02–097 Warsaw PolandFunctional Java

OutlineJava



Java

JavaFunSyntax of JavaFunSemantics of JavaFun

Semantical propertiesImmutable objectsObservable contextsRepresentationFunctional methodLocal-state method

Type system

Towards soundness proof


OutlineJava



Motivations

I Problems with applications in Java:

I state scattered through the programI unpredictable state changesI frequent state inconsistencies

I

A

Solution:

I state changes done in a small fragment of the applicationI the rest of the application must be “functional”

— impractical

I but functional programs can internally use imperative features

— practical

I We want to prove that these parts are “functional”


OutlineJava



Motivations

I Problems with applications in Java:I state scattered through the program

I unpredictable state changesI frequent state inconsistencies

I

A

Solution:


— impractical


— practical



OutlineJava



Motivations

I Problems with applications in Java:I state scattered through the programI unpredictable state changes

I frequent state inconsistenciesI

A

Solution:


— impractical


— practical



OutlineJava



Motivations

I Problems with applications in Java:I state scattered through the programI unpredictable state changesI frequent state inconsistencies

I

A

Solution:


— impractical


— practical



OutlineJava



Motivations


I

A

Solution:


— impractical


— practical



OutlineJava



Motivations


I

A

Solution:I state changes done in a small fragment of the application

I the rest of the application must be “functional”

— impractical


— practical



OutlineJava



Motivations


I

A

Solution:I state changes done in a small fragment of the applicationI the rest of the application must be “functional”

— impracticalI but functional programs can internally use imperative features

— practical



OutlineJava



Motivations


I

A

Solution:I state changes done in a small fragment of the applicationI the rest of the application must be “functional” — impractical


— practical



OutlineJava



Motivations


I

A

Solution:I state changes done in a small fragment of the applicationI the rest of the application must be “functional” — impracticalI but functional programs can internally use imperative features

— practical



OutlineJava



Motivations


I

A

Solution:I state changes done in a small fragment of the applicationI the rest of the application must be “functional” — impracticalI but functional programs can internally use imperative features— practical



OutlineJava



Motivations


I A Solution:I state changes done in a small fragment of the applicationI the rest of the application must be “functional” — impracticalI but functional programs can internally use imperative features— practical



OutlineJava



Motivations


I A Solution:I state changes done in a small fragment of the applicationI the rest of the application must be “functional” — impracticalI but functional programs can internally use imperative features— practical



OutlineJava



Java

I Huge industrial language

I Requires modellingI We model

I classes and inheritanceI protected fieldsI named public constructorsI named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava



Java

I Huge industrial languageI Requires modelling

I We model



OutlineJava



Java

I Huge industrial languageI Requires modellingI We model



OutlineJava



Java


I classes and inheritance

I protected fieldsI named public constructorsI named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava



Java


I classes and inheritanceI protected fields

I named public constructorsI named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava



Java


I classes and inheritanceI protected fieldsI named public constructors

I named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava



Java


I classes and inheritanceI protected fieldsI named public constructorsI named public methods

I control flow (including recursion, but no loops)I exceptions


OutlineJava



Java


I classes and inheritanceI protected fieldsI named public constructorsI named public methodsI control flow (including recursion, but no loops)

I exceptions


OutlineJava



Java




OutlineJava



Java

I Huge industrial languageI Requires modelling of sublanguagesI We do not model

I packagesI interfacesI visibility featuresI static membersI dynamic loadingI multithreading


OutlineJava



Java


I packages

I interfacesI visibility featuresI static membersI dynamic loadingI multithreading


OutlineJava



Java


I packagesI interfaces

I visibility featuresI static membersI dynamic loadingI multithreading


OutlineJava



Java


I packagesI interfacesI visibility features

I static membersI dynamic loadingI multithreading


OutlineJava



Java


I packagesI interfacesI visibility featuresI static members

I dynamic loadingI multithreading


OutlineJava



Java


I packagesI interfacesI visibility featuresI static membersI dynamic loading

I multithreading


OutlineJava



Java


I packagesI interfacesI visibility featuresI static membersI dynamic loadingI multithreading


OutlineJava



Syntax of JavaFunSemantics of JavaFun

JavaFun - Goal

I We want a formal definition of “functional”

I of “local-state”I both syntactic — type system, and semantic — with heaps,locations and values

I and a proof that our type system yields “local-state” and“functional” methods


OutlineJava




JavaFun - Goal

I We want a formal definition of “functional”I of “local-state”

I both syntactic — type system, and semantic — with heaps,locations and values



OutlineJava




JavaFun - Goal

I We want a formal definition of “functional”I of “local-state”I both syntactic — type system, and semantic — with heaps,locations and values



OutlineJava




JavaFun - Goal

I We want a formal definition of “functional”I of “local-state”I both syntactic — type system, and semantic — with heaps,locations and values



OutlineJava




JavaFun - a bit of “history”

I Genrap developed in Comarch R&D Center (AGS and friends)

I ad hoc syntactic rulesI a checker which enforced these rules in the build processI no proofsI Kotek project Comarch-UW-EU (SPO WKP)I start of formalization (syntactic rules −→ a type system),semantics

I now: (beginning of) proof


OutlineJava





I Genrap developed in Comarch R&D Center (AGS and friends)I ad hoc syntactic rules

I a checker which enforced these rules in the build processI no proofsI Kotek project Comarch-UW-EU (SPO WKP)I start of formalization (syntactic rules −→ a type system),semantics



OutlineJava





I Genrap developed in Comarch R&D Center (AGS and friends)I ad hoc syntactic rulesI a checker which enforced these rules in the build process

I no proofsI Kotek project Comarch-UW-EU (SPO WKP)I start of formalization (syntactic rules −→ a type system),semantics



OutlineJava





I Genrap developed in Comarch R&D Center (AGS and friends)I ad hoc syntactic rulesI a checker which enforced these rules in the build processI no proofs

I Kotek project Comarch-UW-EU (SPO WKP)I start of formalization (syntactic rules −→ a type system),semantics



OutlineJava





I Genrap developed in Comarch R&D Center (AGS and friends)I ad hoc syntactic rulesI a checker which enforced these rules in the build processI no proofsI Kotek project Comarch-UW-EU (SPO WKP)

I start of formalization (syntactic rules −→ a type system),semantics



OutlineJava





I Genrap developed in Comarch R&D Center (AGS and friends)I ad hoc syntactic rulesI a checker which enforced these rules in the build processI no proofsI Kotek project Comarch-UW-EU (SPO WKP)I start of formalization (syntactic rules −→ a type system),semantics



OutlineJava





I Genrap developed in Comarch R&D Center (AGS and friends)I ad hoc syntactic rulesI a checker which enforced these rules in the build processI no proofsI Kotek project Comarch-UW-EU (SPO WKP)I start of formalization (syntactic rules −→ a type system),semantics



OutlineJava




JavaFun

I Fragment of Java, including:



OutlineJava




JavaFun

I Fragment of Java, including:I classes and inheritance

I protected fieldsI named public constructorsI named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava




JavaFun

I Fragment of Java, including:I classes and inheritanceI protected fields

I named public constructorsI named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava




JavaFun

I Fragment of Java, including:I classes and inheritanceI protected fieldsI named public constructors

I named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava




JavaFun

I Fragment of Java, including:I classes and inheritanceI protected fieldsI named public constructorsI named public methods

I control flow (including recursion, but no loops)I exceptions


OutlineJava




JavaFun

I Fragment of Java, including:I classes and inheritanceI protected fieldsI named public constructorsI named public methodsI control flow (including recursion, but no loops)

I exceptions


OutlineJava




JavaFun

I Fragment of Java, including:I classes and inheritanceI protected fieldsI named public constructorsI named public methodsI control flow (including recursion, but no loops)I exceptions


OutlineJava




Grammar of JavaFun

C ::= cdecl+

cdecl ::= class [cmod] C1 [ext C2] {F K M}cmod ::= immutable | funcmmod ::= lstate | funckmod ::= lstatefmod ::= repC ::= . . . class name . . .

F ::= [F ; ]∗

F ::= C [fmod] xK ::= [K ; ]∗

K ::= [kmod] k(args) [throws Exc] {E}args ::= ε | C x | C x , argsExc ::= C | C ,Exc


OutlineJava




Grammar of JavaFun

C ::= cdecl+

cdecl ::= class [cmod] C1 [ext C2] {F K M}

cmod ::= immutable | funcmmod ::= lstate | funckmod ::= lstatefmod ::= repC ::= . . . class name . . .

F ::= [F ; ]∗

F ::= C [fmod] xK ::= [K ; ]∗



OutlineJava




Grammar of JavaFun

C ::= cdecl+

cdecl ::= class [cmod] C1 [ext C2] {F K M}cmod ::= immutable | funcmmod ::= lstate | funckmod ::= lstatefmod ::= rep

C ::= . . . class name . . .

F ::= [F ; ]∗

F ::= C [fmod] xK ::= [K ; ]∗



OutlineJava




Grammar of JavaFun

C ::= cdecl+

cdecl ::= class [cmod] C1 [ext C2] {F K M}cmod ::= immutable | funcmmod ::= lstate | funckmod ::= lstatefmod ::= repC ::= . . . class name . . .

F ::= [F ; ]∗

F ::= C [fmod] xK ::= [K ; ]∗



OutlineJava




Grammar of JavaFun

M ::= [M; ]∗

M ::= C [mmod] m(args) [throws Exc] {E}fieldref ::= x1.x2 | this.xvarref ::= x | this | fieldrefx ::= ε | x | x , xE ::= new C .k(x) |

let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |fieldref = E |varref |throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗

M ::= C [mmod] m(args) [throws Exc] {E}

fieldref ::= x1.x2 | this.xvarref ::= x | this | fieldrefx ::= ε | x | x , xE ::= new C .k(x) |



OutlineJava




Grammar of JavaFun

M ::= [M; ]∗

M ::= C [mmod] m(args) [throws Exc] {E}fieldref ::= x1.x2 | this.xvarref ::= x | this | fieldrefx ::= ε | x | x , x

E ::= new C .k(x) |let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |fieldref = E |varref |throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗




OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |

if E1 then E2 else E3 |x .m(x) |fieldref = E |varref |throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |if E1 then E2 else E3 |

x .m(x) |fieldref = E |varref |throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |

fieldref = E |varref |throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |fieldref = E |

varref |throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |fieldref = E |varref |

throw x |try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |fieldref = E |varref |throw x |

try {E1} catch (C x) {E2} |null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗


let C x = E1 in E2 |if E1 then E2 else E3 |x .m(x) |fieldref = E |varref |throw x |try {E1} catch (C x) {E2} |

null


OutlineJava




Grammar of JavaFun

M ::= [M; ]∗




OutlineJava




Objects

I Objects: (Ident⇀ Loc)× Cnamewhere

I Loc – abstract set of locations,I Ident – possible fields identifiers,

The set of all objects is Obj.

I o.f is π1(o)(f )I and typeof(o) is π2(o).


OutlineJava




Objects


I Loc – abstract set of locations,

I Ident – possible fields identifiers,




OutlineJava




Objects






OutlineJava




Objects






OutlineJava




Objects



The set of all objects is Obj.I o.f is π1(o)(f )

I and typeof(o) is π2(o).


OutlineJava




Objects



The set of all objects is Obj.I o.f is π1(o)(f )I and typeof(o) is π2(o).


OutlineJava




Heap

I Heap h : Loc⇀ Obj, which

I is undefined for nullI has finite domain

The set of all heaps is Heap.


OutlineJava




Heap

I Heap h : Loc⇀ Obj, whichI is undefined for null

I has finite domain



OutlineJava




Heap

I Heap h : Loc⇀ Obj, whichI is undefined for nullI has finite domain



OutlineJava




Heap

I Heap h : Loc⇀ Obj, whichI is undefined for nullI has finite domain



OutlineJava




The reduction relation — contexts

A ::= C | ∅ (labels)

C ::= J KlA | (contexts)new C .k(x1, C, x2) |new C .k(C) |let C x = C in E |if C then E1 else E2 |x .m(x1, C, x2) |x .m(C) |try {C} catch (C x) {E}

Context expressions:

C{JEKlA/J KlA} or C{Jl ′KlA/J KlA},


OutlineJava





A ::= C | ∅ (labels)C ::= J KlA | (contexts)

new C .k(x1, C, x2) |new C .k(C) |let C x = C in E |if C then E1 else E2 |x .m(x1, C, x2) |x .m(C) |try {C} catch (C x) {E}




OutlineJava










OutlineJava










OutlineJava




The form of the reduction relation

C , h, C1JE1Kl1A1 :: · · · :: CnJEnKlnAn → h′, C′1JE1K

l ′1A′1:: · · · :: C′

mJEmKl′1A′1

I h — heapI C1JE1K :: · · · :: CnJEnK — frame stack


OutlineJava






l ′1A′1:: · · · :: C′

mJEmKl′1A′1

I h — heap

I C1JE1K :: · · · :: CnJEnK — frame stack


OutlineJava






l ′1A′1:: · · · :: C′

mJEmKl′1A′1

I h — heapI C1JE1K :: · · · :: CnJEnK — frame stack


OutlineJava




An example of a reduction rule

n ≥ 0 alloc(h) = (l0, h′′) E0 = body(C ,C , k)l1, . . . , ln ∈ Loc

params(C ,C , k) = (y1, . . . , yn) E = E0{l1/y1, . . . , ln/yn}

h′(l) =

{h′′(l) dla l 6= l0emptyC ,C dla l = l0

C , h, C :: CJnew C .k(l1, . . . , ln)Kl∅ →h′, C :: CJnew C .k(l1, . . . , ln)Kl∅ :: JEKl0∅

(newk)


OutlineJava




An example of a reduction rule — a more standard one

n ≥ 0 l ∈ LocC , h, C :: CJnew C .k(l1, . . . , ln)Kl∅ :: JlKl ′∅ → h, C :: CJlKl∅

(newret)


OutlineJava



Immutable objectsObservable contextsRepresentationFunctional methodLocal-state method

Immutable objects

Immutability of h(l):

I Ingredients:

I heap h, location l ∈ Dom(h), and program CI observable contexts C1, C2 such that

C , h, C1 →∗ h′, C2

I Conditions to be met:

I rep(l , h) = rep(l , h′) andI for each l ′ ∈ rep(l , h′) the equality h(l ′) = h′(l ′) holds


OutlineJava




Immutable objects

Immutability of h(l):I Ingredients:


C , h, C1 →∗ h′, C2




OutlineJava




Immutable objects


I heap h, location l ∈ Dom(h), and program C

I observable contexts C1, C2 such that

C , h, C1 →∗ h′, C2




OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2




OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2




OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2

I Conditions to be met:I rep(l , h) = rep(l , h′) and

I for each l ′ ∈ rep(l , h′) the equality h(l ′) = h′(l ′) holds


OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2

I Conditions to be met:I rep(l , h) = rep(l , h′) andI for each l ′ ∈ rep(l , h′) the equality h(l ′) = h′(l ′) holds


OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2



OutlineJava




Observable contexts

C is observable wrt. l in the heap h for C when:

I it returns from a constructor for l :C0 :: CJnew C .k(l)K∅ :: JlK∅

I it refers to a field of lI it assigns to a field of lI it calls a method on lI it returns from a method in l


OutlineJava




Observable contexts

C is observable wrt. l in the heap h for C when:I it returns from a constructor for l :C0 :: CJnew C .k(l)K∅ :: JlK∅



OutlineJava




Observable contexts


I it refers to a field of l

I it assigns to a field of lI it calls a method on lI it returns from a method in l


OutlineJava




Observable contexts


I it refers to a field of lI it assigns to a field of l

I it calls a method on lI it returns from a method in l


OutlineJava




Observable contexts


I it refers to a field of lI it assigns to a field of lI it calls a method on l

I it returns from a method in l


OutlineJava




Observable contexts




OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2



OutlineJava




Immutable objects



C , h, C1 →∗ h′, C2



OutlineJava




Representation

Representation of h(l) (denoted rep(l , h)) is a set of locations suchthat:

I l belongs to thatI we follow rep links

if l ′ ∈ rep(l , h) i C = typeof(h(l ′)) and C1 rep f occurs infields(C ,C ), then h(l ′)(f ) ∈ rep(l , h)


OutlineJava




Representation


I l belongs to that

I we follow rep links



OutlineJava




Representation


I l belongs to thatI we follow rep links



OutlineJava




Equality of immutable objects

h1(l1) is equal to h2(l2) in Cwhen

I both are of the same immutable classI for each field x

I for non-rep fields: h1(l1)(x) = h2(l2)(x),I for rep fields h1(l1)(x)[h1] = h2(l2)(x)[h2]

Notation: l1[h1] =C l2[h2]


OutlineJava






I both are of the same immutable class

I for each field xI for non-rep fields: h1(l1)(x) = h2(l2)(x),I for rep fields h1(l1)(x)[h1] = h2(l2)(x)[h2]



OutlineJava










OutlineJava










OutlineJava




Functional method

A method is functional when it is

I pure andI extensional.


OutlineJava




Functional method

A method is functional when it isI pure and

I extensional.


OutlineJava




Functional method

A method is functional when it isI pure andI extensional.


OutlineJava




Purity

Consider declaration of m in C :

Cn+1[mmod] m(C1 x1, . . . ,Cn xn) [throws Exc] {E},

m is pure, when

I for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in hI each sequence of contexts C :: CJK∅ such that

C , h1, C :: CJl .m(l1, . . . , ln)K∅ →(∗) h2, C :: CJl .m(l1, . . . , ln)K∅ :: Jl ′K,

we have h1 v∅ h2.


OutlineJava




Purity



m is pure, whenI for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in h

I each sequence of contexts C :: CJK∅ such that


we have h1 v∅ h2.


OutlineJava




Purity



m is pure, whenI for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in hI each sequence of contexts C :: CJK∅ such that


we have h1 v∅ h2.


OutlineJava




Purity



m is pure, whenI for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in hI each sequence of contexts C :: CJK∅ such that


we have h1 v∅ h2.


OutlineJava




Extensionality

The idea:

I each time a method is called with a given set of argumentsI it returns the same result

Immutability necessary to make comparison possible.Irritating exceptions we think of them as a component of a disjointunion.


OutlineJava




Extensionality

The idea:I each time a method is called with a given set of arguments

I it returns the same result



OutlineJava




Extensionality

The idea:I each time a method is called with a given set of argumentsI it returns the same result



OutlineJava




Extensionality


Immutability necessary to make comparison possible.

Irritating exceptions we think of them as a component of a disjointunion.


OutlineJava




Extensionality


Immutability necessary to make comparison possible.Irritating exceptions

we think of them as a component of a disjointunion.


OutlineJava




Extensionality




OutlineJava




Local-state



m is local-state, when

I for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in hI each sequence of contexts C :: CJK∅ such that


we have h1 vR h2 whereR = Rep(h1, l , l1, . . . , ln)


OutlineJava




Local-state



m is local-state, whenI for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in h

I each sequence of contexts C :: CJK∅ such that




OutlineJava




Local-state



m is local-state, whenI for all locations l , l1, . . . , ln, l ′ ∈ Loc of appropriate types in hI each sequence of contexts C :: CJK∅ such that




OutlineJava




Local-state





we have h1 vR h2 where

R = Rep(h1, l , l1, . . . , ln)


OutlineJava




Local-state







OutlineJava



Different kinds of rules

I cok rulesI mok rulesI type rules


OutlineJava



An example of a typing rule: constructors

C1 ∈ C x : 〈D, τ, nthis〉 ∈ Locxi : 〈Di , τi , nthis〉 ∈ Loc dla i = 1, . . . , kC ; C : cmod; Ex ; Loc ` x .m(x1, . . . , xk) : C1C ; C : func; Ex ; Loc ` x .m(x1, . . . , xk) : cok

(methodfun cok)

C1 ∈ C cmod 6= funcC ; C : cmod; Ex ; Loc ` x .m(x1, . . . , xk) : C1C ; C : cmod; Ex ; Loc ` x .m(x1, . . . , xk) : cok

(methodnfun cok)


OutlineJava



An example of a typing rule: constructors

C1 ∈ C x : 〈D, τ, nthis〉 ∈ Locxi : 〈Di , τi , nthis〉 ∈ Loc dla i = 1, . . . , kC ; C : cmod; Ex ; Loc ` x .m(x1, . . . , xk) : C1C ; C : func; Ex ; Loc ` x .m(x1, . . . , xk) : cok

(methodfun cok)

C1 ∈ C cmod 6= funcC ; C : cmod; Ex ; Loc ` x .m(x1, . . . , xk) : C1C ; C : cmod; Ex ; Loc ` x .m(x1, . . . , xk) : cok

(methodnfun cok)


OutlineJava



An example of a typing rule: methods

modifier(C ,D, k) = lstate∀y ∈ x .Loc `local y : local

C ; C : cmod, k : ∅; Ex ; Loc ` new D.k(x) : D

C ; C : cmod,m : func; Ex ; Loc ` new D.k(x) : mok(funcnew mok)

C1,C2 ∈ C x : 〈C1, τ1, τ2〉 ∈ Locmodifier(C ,C1,m′) = func

C ; C : cmod,m : func; Ex ; Loc ` x .m′(x1, . . . , xk) : C2C ; C : cmod,m : func; Ex ; Loc ` x .m′(x1, . . . , xk) : mok

(funcmeth mok)


OutlineJava



An example of a typing rule: methods

modifier(C ,D, k) = lstate∀y ∈ x .Loc `local y : local

C ; C : cmod, k : ∅; Ex ; Loc ` new D.k(x) : D

C ; C : cmod,m : func; Ex ; Loc ` new D.k(x) : mok(funcnew mok)

C1,C2 ∈ C x : 〈C1, τ1, τ2〉 ∈ Locmodifier(C ,C1,m′) = func

C ; C : cmod,m : func; Ex ; Loc ` x .m′(x1, . . . , xk) : C2C ; C : cmod,m : func; Ex ; Loc ` x .m′(x1, . . . , xk) : mok

(funcmeth mok)


OutlineJava



Soundness proof

I difficult because longI problems with formulation


OutlineJava



Related work

I “immutability” of objects (e.g. C. Haack, E. Poll, J. Schafer,A. Schubert, Immutable Objects for a Java-like Language,ESOP’2007. (ETAPS BEST PAPER AWARD!)

I “who can modify what” approach UTT (e.g. P. Muller,A. Poetzsch-Heffter Universes: A Type System for Alias andDependency Control, 2001

I “how to write a lambda in Java” (a few)


OutlineJava



Related work





OutlineJava



Related work





OutlineJava



Thank you!


Documents

Functional Java - mimuw.edu.plczarnik/sliwowica/... · Outline Java JavaFun Semantical properties Type system Towards soundness proof Motivations I Problems with applications in Java: