We don't need no stinkin' Q descriptors
Brian Goetz
brian.goetz at oracle.com
Fri Jun 30 20:52:33 UTC 2023
In case the HTML got mangled by the mailer, I enclose the markdown
original here.
# We don't need no stinkin' Q types
In the last six months, we made a significant breakthrough at the
language/user
level -- to decompose B3 with its value and reference companions, into two
simpler concepts: implicit constructibility (a declaration-site
property) and
null restriction (a use-site property.) The .ref/.val distinction, and
all its
excess complexity, stemmed from the mistaken desire to model the int/Integer
divide directly. By breaking B3-ness down into more "primitive" properties
(some of which are shared with non-B3 classes), we arrived at a simpler
model;
no more ref/val projections, and more uniform treatment of X! (including
for B1
and B2 classes).
As we worked through the language and translation details, we continued
to seek
a lower energy state. We concluded that we can erase `X!` to `LX;` in a
number
of places (locals, method descriptors, verifier type system) while still
meeting
our performance objectives. Doing so eliminates a number of issues with
method
resolution and distinguishing overloads from overrides. In fact, we found
ourselves using Q for fewer and fewer things, at which point we started
to ask
ourselves: do we need Q descriptors at all?
In our VM, there is a (mostly) 1-1-1 correspondence between runtime types,
descriptors, and class mirrors. In a world where QFoo and LFoo are separate
runtime types, it makes sense for them to have their own descriptors and
mirrors. But as `Foo!` and `Foo?` have come together in the language,
mapping
to a VM which seems them as separate runtime types starts to show gaps.
The role of Q has historically been one of "other", rather than
something on its
own; any class which had a Q type, also had an L type, and Q was the "other
flavor." The "two flavors" orientation made sense when we were modeling the
int/Integer split; we needed two flavors for that in both language and
VM. The
language since discovered that we can break down the int/Integer divide
into two
more primitive notions -- implicit constructibility (an int can be used
without
calling a constructor, an Integer cannot) and non-nullity (non-identity plus
default constructibility plus non-nullity unlocks flattening.)
If Q is a valid descriptor and there is always a Q mirror, we are in a
stable
place with respect to runtime types. But if we intend to allow `m(Foo!)` to
override `m(Foo?)`, to be tolerant of bang-mismatches in method
resolution, and
give Q fewer jobs, then we are moving to an unstable place. We've
explored a
number of "only use Q for certain things" positions, and have found many
of them
to be unstable in various ways. The other stable point is that there
are no Q
types, and no Q mirrors -- but then we need some new channel to encode the
request to exclude null, and so give the VM the flattening hint that is
needed.
As it turns out, there are surprisingly few places that truly need such
a new
channel. We basically need the VM to take "Q-ness" into account in three
places:
- Field layout -- a field of type `Foo!` (where Foo is implicitly
constructible) needs a hint that this field is null-restricted, so
we can lay
it out flat.
- Array layout -- at the point of `anewarray` and friends, we need a
hint when
the component type is an implicitly-constructible, null-restricted type.
- Casting -- casts need to be able to express a value-set check for the
restricted value set of `Foo!` as well as the unrestricted value set of
`Foo`.
We are convinced that these three are all that is truly required to get the
flattening we want. So rather than invent new runtime types / mirrors /
descriptors that are going to flow everywhere (into reflection, method
handles,
verification, etc), let's invent the minimal additional classfile
surface and VM
model to model that. At the same time, let's make sure that the new thing
aligns with the new language model, where the star of the show is
null-restricted types.
#### What about species?
In separate investigations, we have a notion of "species" for a long
time, which
we know we're going to need when we get to specialization. Species form a
partition of a classes instances; every instance of a class belongs to
exactly
one species, and different species may have different layouts and value set
restrictions. And we struggled with species for a long time over the same
runtime type affordances (mirrors and descriptors) -- what does a field
descriptor for a field of type `ArrayList<int>` look like? What does
`getClass`
return?
In both cases, the constraints of compatibility have been pushing us towards
more erasure in descriptors and reflection, with side channels to
reconstruct
information necessary for optimized heap layout, and with separate API
points
for `getClass` vs `getSpecies`. While specialization is considerably more
complicated, nearly all the same considerations (descriptors, mirrors,
reflection) are present for null-restriction types. We took an earlier
swing at
unifying the two under the rubric of "type restrictions", but I think
our model
wasn't quite clean enough at the time to admit this unification. But I
think we
are now (almost) there, and the payoff is big.
What we concluded around species and specialization is that we would have to
continue to erase descriptors (`ArrayList<int>` as a method or field
descriptor
continues to erase to `LArrayList;`), that `getClass` returns the
primary mirror
(`ArrayList`), and that species information is pushed into a side channel.
These are pretty much the exact same considerations as for null-restriction
types.
#### Species and bang types are _refinement types_
A _refinement type_ is a type whose value set is that of another type,
plus a
predicate restricting the value set. A "bang" type `Point!` is a
refinement of
Point, where we eliminate the value `null`. (Other well-known
refinement types
from PL history include C enums and Pascal ranges.) Refinement types
are often
erased to their base type, but some refinements enable better layout.
Indeed,
our interest in Q types is flattening, and for an implicitly constructible
class, a variable holding a null-excluding type can be flattened. Similarly,
for a sufficiently constrained generic type (e.g., `Point[int,int]`),
the layout
of such a variable can be flattened as well.
What we previously called "type restrictions" in the [Parametric
VM](https://github.com/openjdk/valhalla-docs/blob/main/site/design-notes/parametric-vm/parametric-vm.md#type-restricted-methods-and-fields-and-the-typerestriction-attribute)
document is in fact a refinement type. We claim that we can design the
null-restriction channel in such a way that it can be extended, in some
reasonable way, to support more general specialization.
Both specialization, and null-restriction, are forms of refinement
types. Given
that we've already discovered that we need to erase these to their
primary (L)
type in a lot of places, let's stake out some general principles for
representing refinements in the VM:
- Refinement types are erased to their base type in method and field
descriptors.
- Refinement types do not have _class_ mirrors.
- `Object::getClass` returns a class mirror.
- Reflection deals in class mirrors, so refinements are erased from base
reflection.
- Method handles deal in class mirrors, so refinements are erased from
method
handles.
That's a lot of erasure, so we have to bake refinement back in where it
matters,
but we want to be careful to limit the "blast radius" of the refinement
information to where it does actually matter. The new channel that
encodes a
refinement type will appear only when needed to carry out the tasks listed
above: field declaration, array creation, and casting.
- Fields are enhanced with some sort of "refinement" attribute, which (a)
guards against stores of bad values (the field equivalent of
`ArrayStoreException`) and (b) enables flatter layouts when the
refinement
permits.
- Array creation (`anewarray` / `multianewarray') is enhanced to support
creating arrays with refined component types, enabling the same benefits
(storage safety / layout flattening.)
- Casting is enhanced to support refinements. This is needed mostly
because of
erasure -- we are erasing away refinement information and sometimes
need to
reassert it.
- When we get to specialization, `new` is enhanced to support
refinements, and
possibly method declarations (to enable calling convention
optimization in
the presence of highly specialized types like `Point[int,int]`.)
We had previously been assuming that `[QPoint` is somehow more of a
"real" type
than (specialized) `Point[int,int]`, but I think we are better served seeing
them both as refinements, where we continue to report a broad type but
sort-of-secretly use refinement information to optimize layout.
## A strawman
What follows is a strawman that eliminates Qs completely, replacing the
few jobs
Q has (field layout, array layout, and casts) with a single mechanism for
refinement types which stays in the background until explicitly summoned. We
believe the model outlined here can extend cleanly to species, as well
as `B1!`
types like `String!` as well. Call this No-Q world. This should not be
taken
as a concrete proposal, as much as a sketch of the concepts and the
players.
We have come to believe that adding Q descriptors to the JVM specification,
while perhaps the right move in a from-scratch VM design, would be
overreach as
an evolutionary step. For old APIs to adopt new descriptors will
require many
bridge methods with complex properties. To avoid such bridges, old APIs
would
be forbidden from mentioning the new types. For these reasons, new
descriptors,
and the mirrors that would accompany them, are quite literally a bridge
too far.
Accordingly, in No-Q world, descriptors reclaim their former role:
describing
primitives and classes. Field and method descriptors will use `L`
descriptors,
even when carrying a null-restricted value (or a species.) Similarly, class
mirrors return to their former role: describing classfiles and non-refined
VM-derived types (such as array types.)
As a self-imposed rule of this essay, we will not appeal to runtime support,
condy or indy. Everything will be done with bytecodes, descriptors, constant
pool entries, and other classfile structures, and not via specially-known
methods. As this is a strawman, we may indulge in some "wasteful"
design, which
can be transformed or lumped in later iterations. The new elements of the
design are:
- A new reflective concept for `RefinementType`, which represents a
refinement
of an existing (class) type.
- A new reflective concept for `RepresentableType`, which is the common
supertype between `Class` and `RefinementType`.
- New constant pool forms representing null-restriction of classes and of
arrays.
- A new field attribute called `FieldRefinement`.
- Adjustments to various bytecodes to interact with the new constant pool
forms.
- Additions to reflective APIs.
## Refined types
A refined type is a combination of a type (called the base type) and a
value set
restriction for that type which excludes some values in the value set of the
base type. Null-restricted types, arrays of null-restricted types, and
eventually, species of generics are refined types.
Refined types can be represented by a reflective object
```
sealed interface RefinementType<T> implements RepresentableType<T> {
RepresentableType<T> baseType();
}
```
The type parameter `T` represents the base type.
There are initially two implementations of `RefinementType`, which may
be private,
and are known to the VM:
```
private record NullRestrictedClass<T>(Class<T> baseType)
implements RefinementType<T> { }
private record NullRestrictedArray<T extends Object[]>(Class<T> baseType)
implements RefinementType<T> { }
```
#### Constant pool entries
The two jobs for null restriction must be representable in the constant
pool: a
null-restricted B3, and an array of a null-restricted B3. (These
correspond to
`Constant_Class_info` with a descriptor of `QFoo;` and `[QFoo;` in the
traditional design.) In addition to being referenced by bytecodes and
attributes, such constants should ideally be loadable, evaluating to a
`RefinementType` or `RepresentableType`.
The exact form of the constant pool entry (whether new bespoke constant pool
entries, ad-hoc extensions to Constant_Class_info, or condy) can be
bikeshod at
the appropriate time; there are clearly tradeoffs here.
Initially, null-restricted types must be implicitly constructible (B3),
which
would be checked when the constant is resolved. Eventually, we can relax
null-restriction to support all class types. Similarly, we may initially
restrict to one-dimensional flat arrays, and leave `multianewarray` to
its old
job.
#### Representable types
The new common superinterface between `Class` and `RefinementType`
exists so that
both classes and class refinements can be used as array components, type
parameters for specializations, etc. Some operations from `Class`, such as
casting, may be pulled up into this interface.
```
sealed interface RepresentableType<T> {
T cast(Object o) throws ClassCastException;
...
}
```
#### Refined fields
Any field whose type is a null-restricted implicitly constructible class
may be
considered by the VM as a candidate for flattening. Rather than using
`field_info.descriptor_index` to encode a null-restricted type, we
continue to
erase to the traditional `L` descriptor, but add a `FieldRefinement`
attribute
on the field. Similarly, `Constant_FieldRef_info` continues to link fields
using the `L` descriptor.
```
FieldRefinement {
u2 name_index; // "FieldRefinement"
u4 length;
u2 refinement_index; // symbolic reference to a RefinementType
}
```
The symbolic reference must be to a null-restricted, implicitly
constructible
class type, not an array type. We may relax this restriction later.
Additionally, a field refinement may affect the behavior of `putfield`.
For a
null-restricted class, attempts to `putfield` a null will result in
`NullPointerException` (or perhaps a more general `FieldStoreException`.)
Looking ahead, for the null-restriction of a B1 or B2 class, there is no
change
to the layout but we could enforce the storage restriction on
`putfield.` When
we get to species, the refinement for a species may affect the layout, and
attempting to store a value of the wrong species may result in an
exception or
in an automatic conversion.
It is a free choice as to whether we want to translate a field of type
`Point![]` using an array refinement or fully erase it to `Point[]`.
#### Refined casts
The operand of a `checkcast` or `instanceof` may be a symbolic reference
to a
class or refinement. (Since `instanceof` is null-hostile, changing
`instanceof`
is not necessary now, but when we get to species, we will need to be able to
test for species membership.) The `cast` operation may be pulled up from
`Class` to `RepresentableType` so that casts can be done reflectively with
either a `Class` or a refinement.
#### Refined array creation
An `anewarray` may make a symbolic reference to a class refinement type,
as well
as to a class, array, or interface type.
For a refined array, `a.getClass()` continues to return the primary
mirror for
the array type, and `Class::getComponentType` on that array continues to
return
the primary mirror for the component type, but we may provide an
additional API
point akin to `getComponentType` that returns a `RepresentableType`
which may be
a `RefinementType`.
Arrays of null-restricted values can be created reflectively; the existing
`Array::newInstance` method will get an overload that takes
`RepresentableType`.
`Arrays::copyOf` when presented with a refined array type will create a
refined
array.
#### Refinement information stays in the background until summoned
The place where we need discipline is avoiding the temptation of "but
someone
might profitably use the information that this field holds a flat
array." Yes,
they might -- but supporting that as a general-purpose runtime type (with
descriptor and mirror) has costs.
The model proposed here resists the temptation to redefine mirrors,
descriptors,
symbolic resolution, and reflection, instead leaning on erasure here for
both
null-restriction and specialization, and providing a secondary reflective
channel (which almost no users will actually need) to get refinement
information. (An example of code that needs to summon refinement
information is
Arrays::copy, which would need to fetch the refined component type and
instantiate an array using the refined type; most other reflective code
would
not need to even be aware of it.)
#### Bonus round: specialization
The framework so far seems to accomodate specialization fairly well.
There'll
be a new subtype of `RefinementType` to represent a specialization, a
reflective
method for creating such specialization such as:
static<T> SpecializedType<T> specialization(Class<T> baseClass,
RepresentableType<?>... arguments)
and a new way to get such a type refinement in the constant pool
(possibly just
a condy whose bootstrap is the above method.) The `new` bytecode is
extended to
accept a specialization refinement. Field refinements would then be able to
refer to specialization refinements.
## Conclusions
In the current world we have a (mostly) 1:1:1 relationship between runtime
types, descriptors, and mirrors; a model where species/refinements are
not full
runtime types preserves this. The surface area where refinement information
leaks to users who are not prepared for it is dramatically smaller.
Refinements
are not full runtime types, they don't have full Class mirrors. We
erase down
to real runtime types in descriptors and in reflective API points like
`Object::getClass`. This seems a powerful simplification, and one that
aligns
with the previous language simplification. To summarize:
- Yes, we should get rid of Q descriptors, but should do so in a more
principled way by getting rid of Q as a runtime type entirely,
replacing it
with a refinement type which stays in the background until it is
actually
needed.
- We should erase Q from method and field descriptors and from the obvious
mirrors, because refinement information is on a need-to-know basis.
- Refinement information primarily flows from source -> classfile ->
VM, and
mostly does not flow in the other direction. Specialized reflection
might
expose it, but we should do so not on general principles, but based
on where
it is actually needed by the programming model.
- Null restriction is more like specialization than not; they are both
value
set refinements that possibly enable layout optimization, and we
should seek
to treat them the same.
- While leaving the door open for additional kinds of species and type
migration, we use our new powers, at first, only to define
flattenable fields
and flattenable one-dimensional arrays.
More information about the valhalla-spec-observers
mailing list