Another example of problem similar to hashCode() mutability is an option for broken «consistent with equals» contract imposed by implementation of java.util.TreeSet while implementing java.util.Comparator.

Actually, both of these cases (as well as a numerous others) are just an evidence of much wider problem – the requirement to follow some kind of contract various infrastructure implementations rely on and lack of ability to validate/impose such a constraints using existing IDEs and tools. The basic of this is the fact no IDE vendor can track an implementations of an infrastructure libraries existing (the best support feasible to achieve is Microsoft-style solution: an inspection for .Net framework libraries embedded into Visual Studio) and thus creating inspections “by reaction” will always loose the battle.

The best way to avoid the gap between software component and the inspections is to eliminate the “broken phone” between the software developer, the documentation developer and the inspections developer. This presents an «inspection by creator» paradigm – inspections are developed in parallel with a software component (and in ideal case by the the same software developer), embedded within the component, and shipped with it.

Summarizing the basic requirements for such a framework:

  • Development simplicity: the inspection language should provide a way to create an inspections in declarative manner, rather than by reflection-style coding.
  • Lexical compliance: the inspections declaration language should be close enough to the syntax of programming language constructs inspections apply to (thus, there should coexist inspections framework implementations of the common functionality for the different platforms like Java and .Net and different per programming language extensions on the same platform like C# and VB.Net).
  • Multiple inspection sources: there should be and option for predefined inspections (shipped with the framework), vendor inspections (developed and shipped with particular software component) and ad-hoc custom inspections (in-house development of software component users).
  • Binding: there should be a way to associate the inspections with the related code structures (classes, methods, fields and properties) and ideally — keep and maintain them within the code.
  • Universality: inspections should be applied in «to subject» and «to object» manners (i.e. relate to the code structure associated with the inspection or to the code caller).

Upon meeting the two first requirements the last three can be easily accomplished by using existing standard mechanisms like annotations and attributes.

Advertisements

Imperva CTO, Amichai Shulman has launched his own security-oriented blog.

He moistly writes about enterprise security «metas», providing a lot of valuable background information resources. A must-read for any enterprise-level developer.

My «HashSet.contains(): does your basket contain something?» post got too expected responses: «There is no way to avoid this behavior, why should you expect something else?».

Sure this behavior can not be changed — it’s in nature of any hashed collection. I do not expect anyone to tilt at windmills. What I do expect is, first, ensure I will never stuck with this bug again and, second, prevent others from falling into the same trap. And this is definitely the point I expect the software vendors to help me.
Let’s look one more into the root of the problem: hash code should not be mutable while the entity exists in the collection. Actually, since we can newer be sure it does not, the hash code should never change since the entity was created. Thus, hash code calculation should be independent of object state, i.e. of its mutable fields.

Thus, the following suspicious code patterns should get a special attention in this context (I’ll generally use Java notation, the C# variation is trivial):

  • Mutable hash code: hashCode() accesses fields that are not final, or calls methods that access fields that are not final or call methods that… and so on.
  • Using overridden hashCode(): an instance of class with overriden hashCode() is added into hash-based collection (or one of its interfaces). More general – to any collection instance.
  • Broken contract: hashCode() and equals() do not access the same fields or do not call the same methods (that do not access the same fields… and so on).

What can prevent or warn us about the patterns mentioned?

  • Language level: not really can be taken into account, since providing language-level object identity is almost equal to just forbidding hashCode() override.
  • C# 3.0 anonymous classes make use of similar approach – the hash code of an object is immutable since both equals() and getHashCode() are compiler generated and both fields and properties are read-only.

  • Compiler warning level: may be nice, also implementing recursive method inspection will require new paradigms definition and will add unnecessary complexity. In addition, this require implementing this functionality separate for each platform language.
  • Code inspection: the most desirable option that should act at bytecode level and can be easily integrated into existing IDEs.
  • IntelliJ IDEA 6 inspections list presents a good inspection for mutable hashcode, and something not so powerful for broken contract.

This small and annoying point is just a tiny part of features missing from existing IDEs (expected to provide developer with an ability to concentrate on application business logic development rather than on language or infrastructure implementation details).

Bad day for blogging?

May 16, 2007

Both Monologue and ASP.Net Weblogs seem to be down for some time.

Yesterday I read two excellent posts about C# 3.0 automatic properties feature: ScottGu’s «New C# “Orcas” Language Features: Automatic Properties, Object Initializers, and Collection Initializers» and Bart De Smet’s «C# 3.0 Automatic Properties explained».

It was a pleasure to see that my old «A programming language pattern idea» hit straight to the point.

By the way, this “Orcas” feature is still missing the “container” concept, enabling an access to the auto-generated field from the constructor. Another missing point is a read-only automatic properties.

One mystery less

March 25, 2007

I was always curious to know what is the engine behind the Miguel’s blog, and now there is an answer from his own.

Lame Blog looks both powerful and simple enough to suit my needs. I think I’ll try it soon.

Mainsoft out, Imperva in.

February 21, 2007

I’m changing my employee, leaving Mainsoft and moving to Imperva.

I’ve already get a farewell present better I could ever imagine: support for Visual Basic in Mono was announced. Thanks to Rolf, Miguel, Lluis and others who made this happen.

Working with Mono team was one of the best professional experience occasions I ever had. It may be difficult, but now I will have to get used to my new role as Mono user-only.

Still tuned with Monologue and DevZone.