The object capability model has been established since the 1960s. It is probably the most obvious and clean way to protect trusted from untrusted components in a complex system. Capabilities are a unifying concept for many aspects of programming, including permissions, effects, and resources. They can be the missing link that can make combinations of functional and imperative programming safe.

So why are object capabilities not used everywhere? I argue it’s because they currently lack in both convenience and safety:

• Convenience: Passing all capabilities along long call chains to code that needs them can quickly get tedious;
• Safety: Access restrictions such as limited lifetimes or sharing are traditionally encoded using runtime mechanisms with the possibility of runtime failures.

At EPFL we have been working on overcoming these two impediments:

• Convenience: capabilities can be passed as implicit parameters in using clauses, and capability passing can be completely abstracted over using context functions;
• Safety: We have extended the type system to track capabilities in types. Specifically, we track which capabilities are closed over in a lambda or object.

We are now two years into a project to make these ideas usable on a large scale. I will report on the state of capability checking today: the usage experience with these concepts, what measures we took to make the notations more ergonomic, and what our plans for the future are.

Martin Odersky is a professor at EPFL in Lausanne, Switzerland. He has been working on programming languages for most of his career. He first studied structured and object-oriented programming as a PhD student of Niklaus Wirth, then fell in love with functional programming while working as a post doc at IBM and Yale. When Java came out, he started to add functional programming constructs to the new platform. This led to Pizza and GJ and eventually to Java 5 with generics. During that time he also developed javac, the current reference compiler for Java.

Over the last 10 years, Martin worked on unifying object-oriented and functional programming in the Scala language. Scala quickly escaped from the research lab and became a popular open source tool and industrial language. He now oversees development of Scala as head of the programming group at EPFL and as academic director of the Scala center.