3 research outputs found
C++ const and Immutability: An Empirical Study of Writes-Through-const
The ability to specify immutability in a programming language is a
powerful tool for developers, enabling them to better understand and
more safely transform their code without fearing unintended changes to program state. The C++ programming language allows developers to
specify a form of immutability using the const keyword. In this work, we characterize the meaning of the C++ const qualifier and present the ConstSanitizer tool, which dynamically verifies a stricter form of immutability than that defined in C++: it identifies const uses that are either not consistent with transitive immutability, that write to mutable fields, or that write to formerly-const objects whose const-ness has been cast away.
We evaluate a set of 7 C++ benchmark programs to find writes-through-const, establish root causes for how they fail to respect our stricter definition of immutability, and assign attributes
to each write (namely: synchronized, not visible, buffer/cache,
delayed initialization, and incorrect). ConstSanitizer finds 17
archetypes for writes in these programs which do not respect our
version of immutability. Over half of these seem unnecessary to us.
Our classification and observations of behaviour in practice
contribute to the understanding of a widely-used C++ language feature
Enforcing Abstract Immutability
Researchers have recently proposed a number of systems for expressing,
verifying, and inferring immutability declarations. These systems are
often rigid, and do not support "abstract immutability". An abstractly
immutable object is an object o which is immutable from the point of
view of any external methods. The C++ programming language is not
rigid–it allows developers to express intent by adding immutability
declarations to methods. Abstract immutability allows for performance
improvements such as caching, even in the presence of writes to object
fields. This dissertation presents a system to enforce abstract
immutability.
First, we explore abstract immutability in real-world systems. We
found that developers often incorrectly use abstract immutability,
perhaps because no programming language helps developers correctly
implement abstract immutability. We believe that this omission leads
to incorrect usages. Specifically, we wrote a dynamic analysis that
reports any writes through immutability declarations. To our knowledge,
this work was the first to explore how objects implement abstract
immutability (or fail to implement it). Our novel study found three
uses of abstract immutability: caching, delayed initialization, and
unit testing. Unit testing was a surprising application of abstract
immutability, and we believe that the ability to modify state is
needed for proper unit testing.
Next, we explore developers' revealed needs for immutability in the
source code. We found that the majority of classes contain a mix of
immutable and mutable methods, with a majority of the overall methods
being immutable. Immutability systems with only immutable or
all-mutating classes are insufficient: developers need immutability
declarations at method granularity. Our study then combined developer
immutability declarations with results from a static analysis to
estimate the true number of immutable methods. The static analysis
checked that no transitive writes to a receiver object occurred. Our
results indicated the need for a sophisticated analysis to check that
these apparently abstractly immutable methods were indeed abstractly
immutable.
Finally, we created a novel static analysis which checks that
developers follow abstract immutability. Specifically, we define
abstract immutability to mean that a class's set of immutable methods
is collectively free of writes to exposed fields. Our analysis found
incorrect usages of abstract immutability, such as incorrect caching.
This analysis is particularly valuable in the context of code
evolution, whereby subsequent programmers may make changes that break
previously-correct cache implementations, for instance. Our work
allows developers to trust that their code is abstractly immutable