java annotations for invariant specification
TRANSCRIPT
-
8/14/2019 Java Annotations for Invariant Specification
1/21
RICE UNIVERSITY
COMPUTER
SCIENCE
Java Annotations for
Invariant Specification
Mathias Ricken
September 22, 2008
COMP 617 Seminar
-
8/14/2019 Java Annotations for Invariant Specification
2/21
2
Comments are dumb
class HashMap {
// returns null if no mapping for key
Object get(Object key) { }
}
HashMap m = new HashMap();
Object o = m.get("foo");
String s = o.toString();
NullPointerException at runtime:
o is null
-
8/14/2019 Java Annotations for Invariant Specification
3/21
3
Types are smart
class HashMap {
// returns null if no mapping for key
Object|null get(Object key) { }
}
HashMap m = new HashMap();
Object o = m.get("foo");
String s = o.toString();
Compiler Error:Return type Object|null
incompatible with type
Object
This is not Java!
-
8/14/2019 Java Annotations for Invariant Specification
4/21
4
Annotations can make Java smarter
class HashMap {
// returns null if no mapping for key
@Nullable Object get(Object key) { }
}
HashMap m = new HashMap();
Object o = m.get("foo");
String s = o.toString();
Compiler Warning:
Return value may be null,
assigned to non-null variable.
Pluggable type systems in Java 5 7?
-
8/14/2019 Java Annotations for Invariant Specification
5/21
5
Annotation Targets in Java 5@Apackage some.package.name;
@B class MyClass {
@NonNull Object field;
@C MyClass(@NonNull Object param) {
field = param;
}
@NonNull Object method() { @NonNull Object localVar = field;
return localVar;
}
} Note: Local variable annotations are completely ignored.
-
8/14/2019 Java Annotations for Invariant Specification
6/21
6
Concurrency Invariants
interface TableModel { // may only be called from event thread
void setValueAt();
}
TableModel m;
// from outside event thread
m.setValueAt();
Possible race condition.
-
8/14/2019 Java Annotations for Invariant Specification
7/21
7
Invariant Specification
interface TableModel { @OnlyEventThread
void setValueAt();
}
TableModel m;
// from outside event thread
m.setValueAt();
Invariant Violation Warning at Runtime
(but still possible race condition)
-
8/14/2019 Java Annotations for Invariant Specification
8/21
8
Comparison to assertvoid setValueAt() {
assert (EventQueue.isDispatchThread());
Similarity Debug mode disabled in production code
@OnlyEventThread
void setValueAt() { }
-
8/14/2019 Java Annotations for Invariant Specification
9/21
9
Annotations are Easier to Find
Javadoc produces invariant index
-
8/14/2019 Java Annotations for Invariant Specification
10/21
10
Inherited Invariants
Object getValueAt()
@OnlyEventThread void setValueAt()
TableModel
Object getValueAt()
void setValueAt()
AbstractTableModel
Object getValueAt()
void setValueAt()
MySpecialTableModelObject getValueAt()
void setValueAt()
DefaultTableModel
Implied
@OnlyEventThread
Implied
@OnlyEventThread
Implied
@OnlyEventThread
-
8/14/2019 Java Annotations for Invariant Specification
11/21
11
Inherited Invariants
Object getValueAt()
void setValueAt()
@OnlyEventThread TableModel
Object getValueAt()
void setValueAt()
AbstractTableModel
Object getValueAt()
void setValueAt()
MySpecialTableModelObject getValueAt()
void setValueAt()
DefaultTableModel
Implied
@OnlyEventThread
Implied
@OnlyEventThread
Implied
@OnlyEventThread
Implied
@OnlyEventThread
-
8/14/2019 Java Annotations for Invariant Specification
12/21
12
Limited Universality
assert (someComplexPredicate());
assert can test an arbitrary predicate
@OnlyEventThread
@OnlyThreadWithName
@OnlySynchronizedThis
@NotEventThread
@NotThreadWithName
@NotSynchronizedThis
A few supplied invariant annotations
-
8/14/2019 Java Annotations for Invariant Specification
13/21
13
Predicate Invariant Annotations@PredicateLink(value=Predicates.class, method="eval")
public @interface OnlyThreadWithName {
String value;
}
public class Predicates {
public static boolean eval(Object this0, String name) {
return Thread.currentThread().getName().
equals(name);
}}
@OnlyThreadWithName("main")void myMethod() { }
Findp
redicat
emeth
od
Call predicate method and
pass as arguments:this (nornull if static) data in invariant annotation
Return true orfalse
to indicate violation
1.
2.
3.
-
8/14/2019 Java Annotations for Invariant Specification
14/21
14
Further Limitation of Annotations
One occurrence of an annotation class pertarget
@OnlyThreadWithName("main") // illegal; and is
@OnlyThreadWithName("other") // this "and" or "or"?
void myMethod() { }
@Or({
@OnlyThreadWithName("main"),
@OnlyThreadWithName("other")
})
void myMethod() { }
Suggestion
-
8/14/2019 Java Annotations for Invariant Specification
15/21
15
Annotation Members@interface MyAnnotation {
int intMember; // primitives
String stringMember; // strings
Class classMember; // class literals
SomeEnum enumMember; // enums
// annotions
OnlyThreadWithNameannotMember;
// arrays of the above
OnlyThreadWithName[] arrayMember;
}
extends OtherAnnotation
not allowed no subtyping
-
8/14/2019 Java Annotations for Invariant Specification
16/21
16
No Annotation Subtyping in Java@interface Or { OnlyThreadWithName[] value; }
@Or({@OnlyThreadWithName("main"),
@OnlyThreadWithName("other")})
void myMethod() { } // legal
@Or({@OnlyThreadWithName("main"),
@NotThreadWithName("other")})void otherMethod() { } // illegal
No common supertype for annotations
-
8/14/2019 Java Annotations for Invariant Specification
17/21
17
xajavac Modified Compiler@interface Base {}
@interface OnlyThreadWithName extends Base {
String value;
}
@interface NotThreadWithName extends Base {
String value;
}
@interface Or extends Base {
Base[] value;
}
-
8/14/2019 Java Annotations for Invariant Specification
18/21
18
Results
Annotations with SubtypingMinimal changes to the compiler
No changes to class file format
Reduced invariant checker by ~1500 lines Improved code reuse
-
8/14/2019 Java Annotations for Invariant Specification
19/21
19
Results
Invariant AnnotationsAnnotated part of Swing and DrJava
Discovered and fixed some bugs in DrJava
Hard to do retroactively and without insideknowledge
-
8/14/2019 Java Annotations for Invariant Specification
20/21
20
Future Work
Reflection library for annotations withsubtyping Annotation getAnnotation(Class c)
currently returns the annotation of class c
Annotation[] getAnnotations(Class c)
should be added to return all annotations of
class c and its subclasses
Modify JSR 308 prototype compiler to
support subtyping
-
8/14/2019 Java Annotations for Invariant Specification
21/21
21
More Information and Download
Invariant Specification http://www.concutest.org/tc/
Annotations with Subtyping http://www.cs.rice.edu/~mgricken/research/xajavac/
http://www.concutest.org/tc/http://www.cs.rice.edu/~mgricken/research/xajavac/http://www.cs.rice.edu/~mgricken/research/xajavac/http://www.concutest.org/tc/