Patch name: callcc.patch
Basic usage
Creating a continuation
Continuation are supported via two different ways:
public native Object copyStack(Object context, CopyStackException ex) throws CopyStackException;
This method packs all the stack frames from the current stack frame down to the context frame (see below) into anObject[]
using the same serialized form that the Hotspot JVM uses to store debug information internally. ThisObject[]
is then stored in thestack
field of the givenCopyStackException
which is in turn thrown.public native Object copyStackSimple(Object context, Continuation continuation);
Fills the given Continuation object with the stack frames down to the context frame. Right now the method returnsnull
, although it would probably be better to return a special static object instance instead of occupyingnull
.
In the long run most likely only one implementation will survive.
Resuming continuations
The public long resumeStack(Object context, Object stack, Object value, Throwable exception);
method is used to resume a continuation. (no matter how it was created). The current stack is destroyed up to the context frame and the continuation contained in the stack
object is reinstated.
The original copyStack
or copyStackSimple
call then returns value
or throws exception
.
Creating a context for continuations
Unsafe.doCopyStackContext
is used to create a context stack frame for continuations. The first parameter is a Runnable
whose run
method will be invoked, and the second parameter is a context object (any Object
) that will identify this particular doCopyStackContext
invocation.
Security
The current proof-of-concept implementation will be used to explore how continuations can be used in a secure environment (applet, etc.).
Starting from a very conservative approach features will be added if they are considered secure.
Permissions
The targets and actions for continuation permissions could be characterized roughly like this:
JVM Assumptions broken by continuations
Arbitrary continuations can break many low-level assumptions taken by the JVM and the continuation code, some of which could be verified and some not:
verifyable (with reasonable effort)
- local variable count
- expression count
- static data types of local variables
- expression is object or scalar
- method can be executed for "this"
- copyStack is called at the top frame
- bottom frame method is a
Runnable.run()
not verifyable (with reasonable effort)
- data types of expressions
- local variable or expression matches assumptions about data type
Conservative approach
The first security concept will be a very conservative one:
- only methods marked with a
Continuable
annotation can be stored Continuation
objects do not allow any modifications- methods marked with
ContinuableHidden
can be stored but the local variables and the expression stack are hidden - no stack containing doPrivileged calls can be stored
Future considerations
- create a notion of immutable continuations which allow the compiler to create shortcuts (like exceptions the compiler could statically prove that the continuation never escapes and thus convert it into a jmp, etc.)
Work in progress