Ownership versus Information Flow

In a recent discussion I had a question came up about how there is work on Ownership (protecting the object's representation) versus Information Flow (Jif is an example that often comes to mind and its about protecting the values or information stored inside objects).

Basically, the ownership people care about what happens to the references to the object that is marked as private. It is extremely important not to allow "aliases" or references from outside the owner to refer to the private object and thus be able to change it unexpectedly. It is not so important as to what value the object stores as its perfectly fine for a private password to be stored in an owned (and thus private) field but then copied at a primitive character level to a public field and then passed around until it is inside another object and copied into a private, owned field there. In fact - that is the only way to make a lot of common programming patters like iterators work in a proper ownership system.

Obviously information flow would not be happy with such exposure (if the system could detect it!). Hence there is work now on Capabilities and their use in ownership and information flow to try and find a common ground on providing useful information hiding properties while being able to check them statically.

P.S. The ownership survey paper above is paywalled but you can find it if you search for it on Google or on the author's (free-walled) account in ResearchGate. Please email me if you have any problems.

Comments