You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/_docs/reference/other-new-features/safe-initialization.md
+25-19Lines changed: 25 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -203,14 +203,15 @@ classes and multiple constructors:
203
203
204
204
-__Warm[C] { outer = V, ctor, args = Vs }__: A warm object of class `C`, where the immediate outer of `C` is `V`, the constructor is `ctor` and constructor arguments are `Vs`.
205
205
206
-
The initialization checker checks each class separately. The abstraction `ThisRef`
206
+
The initialization checker checks each concrete class separately. The abstraction `ThisRef`
207
207
represents the current object under initialization:
208
208
209
209
-__ThisRef[C]__: The current object of class `C` under initialization.
210
210
211
-
The initialization state of the current object is stored in the heap as an
211
+
The initialization state of the current object is stored in the abstract heap as an
212
212
abstract object. The abstract heap also serves as a cache for the field values
213
-
of warm objects.
213
+
of warm objects. `Warm` and `ThisRef` are "addresses" of the abstract objects stored
214
+
in the abstract heap.
214
215
215
216
Two more abstractions are introduced to support functions and conditional
216
217
expressions:
@@ -221,6 +222,23 @@ expressions:
221
222
222
223
-__Refset(Vs)__: A set of abstract values `Vs`.
223
224
225
+
A value `v` is _effectively hot_ if any of the following is true:
226
+
227
+
-`v` is `Hot`.
228
+
-`v` is `ThisRef` and all fields of the underlying object are assigned.
229
+
-`v` is `Warm[C] { ... }` and
230
+
1.`C` does not contain inner classes; and
231
+
2. Calling any method on `v` encounters no initialization errors and the method return value is _effectively hot_; and
232
+
3. Each field of `v` is _effectively hot_.
233
+
-`v` is `Fun(e, V, C)` and calling the function encounters no errors and the
234
+
function return value is _effectively hot_.
235
+
- The root object (refered by `ThisRef`) is _effectively hot_.
236
+
237
+
An effectively hot value can be regarded as transitively initialized thus can
238
+
be safely leaked via method arguments or as RHS of an reassignment.
239
+
The initialization checker tries to promote non-hot values to effectively hot
240
+
whenenver possible.
241
+
224
242
## Rules
225
243
226
244
With the established principles and design goals, the following rules are imposed:
@@ -241,7 +259,7 @@ With the established principles and design goals, the following rules are impose
241
259
242
260
Escape of `this` in the constructor is commonly regarded as an anti-pattern.
243
261
244
-
However, escape of `this` as argument to another constructor is allowed, to support
262
+
However, passing non-hot values as argument to another constructor is allowed, to support
245
263
creation of cyclic data structures. The checker will ensure that the escaped
246
264
non-initialized object is not used, i.e. calling methods or accessing fields
247
265
on the escaped object is not allowed.
@@ -282,18 +300,6 @@ With the established principles and design goals, the following rules are impose
282
300
283
301
9. The scrutinee in a pattern match and the values in return and throw statements must be _effectively hot_.
284
302
285
-
A value `v` is _effectively hot_ if any of the following is true:
286
-
287
-
-`v` is `Hot`.
288
-
-`v` is `ThisRef` and all fields of the underlying object are assigned.
289
-
-`v` is `Warm[C] { outer = V, ctor, args = Vs }` and
290
-
1.`C` does not contain inner classes;
291
-
2. Calling any method on `v` encounters no initialization errors and the method return value is _effectively hot_;
292
-
3. Each field of `v` is _effectively hot_.
293
-
-`v` is `Fun(e, V, C)` and calling the function encounters no errors and the
294
-
function return value is _effectively hot_.
295
-
-`ThisRef` is _effectively hot_.
296
-
297
303
## Modularity
298
304
299
305
The analysis takes the primary constructor of concrete classes as entry points.
@@ -306,7 +312,7 @@ tightly coupled. For example, adding a method in the superclass requires
306
312
recompiling the child class for checking safe overriding.
307
313
308
314
Initialization is no exception in this respect. The initialization of an object
309
-
essentially invovles close interaction between subclass and superclass. If the
315
+
essentially involves close interaction between subclass and superclass. If the
310
316
superclass is defined in another project, the crossing of project boundary
311
317
cannot be avoided for soundness of the analysis.
312
318
@@ -333,5 +339,5 @@ mark some fields as lazy.
333
339
## References
334
340
335
341
1. Fähndrich, M. and Leino, K.R.M., 2003, July. [_Heap monotonic typestates_](https://www.microsoft.com/en-us/research/publication/heap-monotonic-typestate/). In International Workshop on Aliasing, Confinement and Ownership in object-oriented programming (IWACO).
336
-
2. Fengyun Liu, Ondřej Lhoták, Aggelos Biboudis, Paolo G. Giarrusso, and Martin Odersky. 2020. [_A type-and-effect system for object initialization_](https://dl.acm.org/doi/10.1145/3428243). OOPSLA, 2020.
2. Fengyun Liu, Ondřej Lhoták, Aggelos Biboudis, Paolo G. Giarrusso, and Martin Odersky. [_A type-and-effect system for object initialization_](https://dl.acm.org/doi/10.1145/3428243). OOPSLA, 2020.
0 commit comments