I’ve thought a bit about what the scope of data predicate annotations should be. At first, I thought every time an object encounters another predicate annotation, that predicate just gets added to the list of predicates that an object has to fulfill. I’m not so sure about that anymore. In fact, I don’t think this is right.
Consider the following class:
public class Test {
private static Integer _field;
public static void increment(@NeverPositive Integer param) {
++_field;
}
public static void decrement(@NeverNegative Integer param) {
_field = _field -1;
}
public static void main(String[] args) {
_field = -10;
while(_field<=0) increment(_field);
_field += 9;
while(_field>=0) decrement(_field);
}
}
It’s a pointless example. Here, I annotate the parameters of two methods: For increment, the parameter may never be positive. For decrement, the parameter may never be negative. In the main method, I start with -10 for the field’s value, then keep calling increment until the field is positive.
Then the program enters a second phase. I add 9 to the field, so the value of the field now is 10. I keep calling decrement until the field’s value has reached -1.
If an object keeps accumulating the predicates it encounters, then in the decrement phase, the field would have both the @NeverPositive and the @NeverNegative predicates, and it would only accept 0.
This leads me to believe that the predicates must be scoped. The scope of the parameter annotations here, for example, should be only the method. For local variable (if they worked), it should probably be the smallest enclosing block.
What about fields? Should the predicates only apply if the data is used in this class? Or should it span to other classes as well? I’m not sure. By the way, to make things clear, the idea is that the predicates will be checked every time the object is accessed, so in the bytecode, before the access, bytecode will be inserted.
If I take the example with the parameter annotations that should probably be limited to just the methods and expand it to fields and classes, then I think limiting the predicates to just the class seems right.
