Section: New Results

Constructs for Reflective Secure Languages

Participants : Stéphane Ducasse, Marcus Denker, Damien Pollet, Jean-Baptiste Arnaud, Gwenael Casaccio.

Evolving a Reflective Language. While implementing traits in Smalltalk, our first reflex was to take advantage of the fact that they are not run-time entities: we optimized the implementation for space and hence shared methods between traits and classes. However, by doing so we broke the introspective API of Smalltalk. This illustrates a more general problem seen in all reflective systems: the implementation serves both as a model for execution and as the model that is exposed to the programmer. There is a conflict of interests between the information necessary for execution and the information the programmer is interested in. In addition, as soon as the implementation is exposed via reflection, we are no longer free to optimize it. As the complete implementation is visible reflectively, there is no way to hide the optimizations. Few papers report errors and this is one of them. We report our experience facing the initial API mismatch, which has a significant impact on the system because the language is reflective (i.e., written in itself and causally connected). We present the new introspective API we put in place [17] .

Dynamic Read-only objects. Supporting read-only and side effect free execution has been the focus of a large body of work in the area of statically typed programming languages. So far, dynamically typed languages have been poorly addressed despite their increasing presence in web pages and multi-language applications. Read-onlyness in dynamically typed languages is difficult to achieve because of the absence of a type checking phase and the support of an open-world assumption in which code can be constantly added.

We propose Dynamic Read-Only objects (DRO) to address this issue by providing a read-only execution and its dynamic propagation over an object graph. Graph and subgraph of referencing objects may be dynamically set as read-only based on client invocations and can be dynamically adjusted. To enable dynamic read-only execution, we introduce smart object proxies that dynamically propagate the read-only property to the underlying object graph. We have implemented dynamic read-only execution in Pharo, an open-source Smalltalk, and applied them to realize side-effect free assertions. This work is under publication.

Confining objects. Long-lived systems rely on reflective self-modification to evolve. Unfortunately, since the system is at both ends of a causal loop, this means modifications that impact the reflective layer itself can be overly difficult to apply. In [14] we introduce ObjectSpaces, a reification of the familiar Smalltalk image as a first-class entity. By confining the system inside an ObjectSpace, we isolate the evolution tools from it, while still giving them reflective access to the confined system. We describe the ObjectSpaces idea, the interface to communicate, inspect, and debug objects contained inside and ObjectSpace, based on a prototype implementation in GNU Smalltalk.