Researchers have recently proposed a number of systems for expressing,verifying, and inferring immutability declarations. These systems areoften rigid, and do not support ;;abstract immutability;;. An abstractlyimmutable object is an object o which is immutable from the point ofview of any external methods. The C++ programming language is notrigid–it allows developers to express intent by adding immutabilitydeclarations to methods. Abstract immutability allows for performanceimprovements such as caching, even in the presence of writes to objectfields. This dissertation presents a system to enforce abstractimmutability.First, we explore abstract immutability in real-world systems. Wefound that developers often incorrectly use abstract immutability,perhaps because no programming language helps developers correctlyimplement abstract immutability. We believe that this omission leadsto incorrect usages. Specifically, we wrote a dynamic analysis thatreports any writes through immutability declarations. To our knowledge,this work was the first to explore how objects implement abstractimmutability (or fail to implement it). Our novel study found threeuses of abstract immutability: caching, delayed initialization, andunit testing. Unit testing was a surprising application of abstractimmutability, and we believe that the ability to modify state isneeded for proper unit testing.Next, we explore developers' revealed needs for immutability in thesource code. We found that the majority of classes contain a mix ofimmutable and mutable methods, with a majority of the overall methodsbeing immutable. Immutability systems with only immutable orall-mutating classes are insufficient: developers need immutabilitydeclarations at method granularity. Our study then combined developerimmutability declarations with results from a static analysis toestimate the true number of immutable methods. The static analysischecked that no transitive writes to a receiver object occurred. Ourresults indicated the need for a sophisticated analysis to check thatthese apparently abstractly immutable methods were indeed abstractlyimmutable.Finally, we created a novel static analysis which checks thatdevelopers follow abstract immutability. Specifically, we defineabstract immutability to mean that a class's set of immutable methodsis collectively free of writes to exposed fields. Our analysis foundincorrect usages of abstract immutability, such as incorrect caching.This analysis is particularly valuable in the context of codeevolution, whereby subsequent programmers may make changes that breakpreviously-correct cache implementations, for instance. Our workallows developers to trust that their code is abstractly immutable.
PDF
download
878987797
028-85220240
