Enforcing Abstract Immutability
Loading...
Date
2018-08-01
Authors
Eyolfson, Jonathan
Advisor
Lam, Patrick
Journal Title
Journal ISSN
Volume Title
Publisher
University of Waterloo
Abstract
Researchers have recently proposed a number of systems for expressing,
verifying, and inferring immutability declarations. These systems are
often rigid, and do not support "abstract immutability". An abstractly
immutable object is an object o which is immutable from the point of
view of any external methods. The C++ programming language is not
rigid–it allows developers to express intent by adding immutability
declarations to methods. Abstract immutability allows for performance
improvements such as caching, even in the presence of writes to object
fields. This dissertation presents a system to enforce abstract
immutability.
First, we explore abstract immutability in real-world systems. We
found that developers often incorrectly use abstract immutability,
perhaps because no programming language helps developers correctly
implement abstract immutability. We believe that this omission leads
to incorrect usages. Specifically, we wrote a dynamic analysis that
reports any writes through immutability declarations. To our knowledge,
this work was the first to explore how objects implement abstract
immutability (or fail to implement it). Our novel study found three
uses of abstract immutability: caching, delayed initialization, and
unit testing. Unit testing was a surprising application of abstract
immutability, and we believe that the ability to modify state is
needed for proper unit testing.
Next, we explore developers' revealed needs for immutability in the
source code. We found that the majority of classes contain a mix of
immutable and mutable methods, with a majority of the overall methods
being immutable. Immutability systems with only immutable or
all-mutating classes are insufficient: developers need immutability
declarations at method granularity. Our study then combined developer
immutability declarations with results from a static analysis to
estimate the true number of immutable methods. The static analysis
checked that no transitive writes to a receiver object occurred. Our
results indicated the need for a sophisticated analysis to check that
these apparently abstractly immutable methods were indeed abstractly
immutable.
Finally, we created a novel static analysis which checks that
developers follow abstract immutability. Specifically, we define
abstract immutability to mean that a class's set of immutable methods
is collectively free of writes to exposed fields. Our analysis found
incorrect usages of abstract immutability, such as incorrect caching.
This analysis is particularly valuable in the context of code
evolution, whereby subsequent programmers may make changes that break
previously-correct cache implementations, for instance. Our work
allows developers to trust that their code is abstractly immutable.
Description
Keywords
immutability, static analysis, dynamic analysis