Abstract | The Java language lacks the important notions of \emphownership (an object owns its representation to prevent unwanted aliasing) and \emphimmutability (the division into mutable, immutable, and readonly data and references). Programmers are prone to design errors, such as representation exposure or violation of immutability contracts. This paper presents \emphOwnership Immutability Generic Java (OIGJ), a backward-compatible purely-static language extension supporting ownership and immutability. We formally defined a core calculus for OIGJ, based on Featherweight Java, and proved it sound. We also implemented OIGJ and performed case studies on 33,000 lines of code. \par Creation of immutable cyclic structures requires a ``\emphcooking phase'' in which the structure is mutated but the outside world cannot observe this mutation. OIGJ uses \emphownership information to facilitate creation of \emphimmutable cyclic structures, by safely prolonging the cooking phase even after the constructor finishes. \par OIGJ is easy for a programmer to use, and it is easy to implement (flow-insensitive, adding only 14 rules to those of Java). Yet, OIGJ is more expressive than previous ownership languages, in the sense that it can type-check more good code. OIGJ can express the factory and visitor patterns, and OIGJ can type-check Sun's \textttjava.util collections (except for the \textttclone method) without refactoring and with only a small number of annotations. Previous work required major refactoring of existing code in order to fit its ownership restrictions. Forcing refactoring of well-designed code is undesirable because it costs programmer effort, degrades the design, and hinders adoption in the mainstream community. |