Patch name: callcc.patch
h2. Basic usage
h3. Creating a continuation
Continuation are supported via two different ways:
* {{public native Object copyStack(Object context, CopyStackException ex) throws CopyStackException;}}
This method packs all the stack frames from the current stack frame down to the context frame (see below) into an {{Object[]}} using the same serialized form that the Hotspot JVM uses to store debug information internally. This {{Object[]}} is then stored in the {{stack}} field of the given {{CopyStackException}} which is in turn thrown.
* {{public native Object copyStackSimple(Object context, Continuation continuation);}}
Fills the given Continuation object with the stack frames down to the context frame. Right now the method returns {{null}}, although it would probably be better to return a special static object instance instead of occupying {{null}}.
(!) In the long run most likely only one implementation will survive.
h3. Resuming continuations
The {{public long resumeStack(Object context, Object stack, Object value, Throwable exception);}} method is used to resume a continuation. (no matter how it was created). The current stack is destroyed up to the context frame and the continuation contained in the {{stack}} object is reinstated.
The original {{copyStack}} or {{copyStackSimple}} call then returns {{value}} or throws {{exception}}.
h3. Creating a context for continuations
{{Unsafe.doCopyStackContext}} is used to create a context stack frame for continuations. The first parameter is a {{Runnable}} whose {{run}} method will be invoked, and the second parameter is a context object (any {{Object}}) that will identify this particular {{doCopyStackContext}} invocation.
h2. Security
The current proof-of-concept implementation will be used to explore how continuations can be used in a secure environment (applet, etc.).
Starting from a very conservative approach features will be added if they are considered secure.
h3. Permissions
The targets and actions for continuation permissions could be characterized roughly like this:
!continuation_security.png!
h3. JVM Assumptions broken by continuations
Arbitrary continuations can break many low-level assumptions taken by the JVM and the continuation code, some of which could be verified and some not:
h4. verifyable (with reasonable effort)
* local variable count
* expression count
* static data types of local variables
* expression is object or scalar
* method can be executed for "this"
* copyStack is called at the top frame
* bottom frame method is a {{Runnable.run()}}
h4. not verifyable (with reasonable effort)
* data types of expressions
* local variable or expression matches assumptions about data type
h3. Conservative approach
The first security concept will be a very conservative one:
* only methods marked with a {{Continuable}} annotation can be stored
* {{Continuation}} objects do not allow any modifications
* methods marked with {{ContinuableHidden}} can be stored but the local variables and the expression stack are hidden
* no stack containing doPrivileged calls can be stored
h2. Future considerations
* create a notion of _immutable continuations_ which allow the compiler to create shortcuts (like exceptions the compiler could statically prove that the continuation never escapes and thus convert it into a jmp, etc.)
{warning:title=Work in progress}
{warning}
h2. Basic usage
h3. Creating a continuation
Continuation are supported via two different ways:
* {{public native Object copyStack(Object context, CopyStackException ex) throws CopyStackException;}}
This method packs all the stack frames from the current stack frame down to the context frame (see below) into an {{Object[]}} using the same serialized form that the Hotspot JVM uses to store debug information internally. This {{Object[]}} is then stored in the {{stack}} field of the given {{CopyStackException}} which is in turn thrown.
* {{public native Object copyStackSimple(Object context, Continuation continuation);}}
Fills the given Continuation object with the stack frames down to the context frame. Right now the method returns {{null}}, although it would probably be better to return a special static object instance instead of occupying {{null}}.
(!) In the long run most likely only one implementation will survive.
h3. Resuming continuations
The {{public long resumeStack(Object context, Object stack, Object value, Throwable exception);}} method is used to resume a continuation. (no matter how it was created). The current stack is destroyed up to the context frame and the continuation contained in the {{stack}} object is reinstated.
The original {{copyStack}} or {{copyStackSimple}} call then returns {{value}} or throws {{exception}}.
h3. Creating a context for continuations
{{Unsafe.doCopyStackContext}} is used to create a context stack frame for continuations. The first parameter is a {{Runnable}} whose {{run}} method will be invoked, and the second parameter is a context object (any {{Object}}) that will identify this particular {{doCopyStackContext}} invocation.
h2. Security
The current proof-of-concept implementation will be used to explore how continuations can be used in a secure environment (applet, etc.).
Starting from a very conservative approach features will be added if they are considered secure.
h3. Permissions
The targets and actions for continuation permissions could be characterized roughly like this:
!continuation_security.png!
h3. JVM Assumptions broken by continuations
Arbitrary continuations can break many low-level assumptions taken by the JVM and the continuation code, some of which could be verified and some not:
h4. verifyable (with reasonable effort)
* local variable count
* expression count
* static data types of local variables
* expression is object or scalar
* method can be executed for "this"
* copyStack is called at the top frame
* bottom frame method is a {{Runnable.run()}}
h4. not verifyable (with reasonable effort)
* data types of expressions
* local variable or expression matches assumptions about data type
h3. Conservative approach
The first security concept will be a very conservative one:
* only methods marked with a {{Continuable}} annotation can be stored
* {{Continuation}} objects do not allow any modifications
* methods marked with {{ContinuableHidden}} can be stored but the local variables and the expression stack are hidden
* no stack containing doPrivileged calls can be stored
h2. Future considerations
* create a notion of _immutable continuations_ which allow the compiler to create shortcuts (like exceptions the compiler could statically prove that the continuation never escapes and thus convert it into a jmp, etc.)
{warning:title=Work in progress}
{warning}