Posts Tagged ‘JDT’
Retrospective of an Old Man (2)
(continued from here).
Today I want to speak about four engineers who have influenced Eclipse JDT in the past: Srikanth, Markus Keller, Till Brychcy and Yours Truly. All of them have left the team over the course of the years. None has left because they didn’t love Eclipse. It would come closer to the truth to say, they left because they loved Eclipse too much. I am not authorized to publicly speak about the personal motives of these people. For that reason I will generalize as if all four situations were identical. Obviously this isn’t true, but still I sense a common gist, some overarching topics that might still be relevant today.
What is said below is meant as observations about these four engineers only. Whatever quality I ascribe to them, may well be shared by others not mentioned here. It’s not about drawing boundaries, but about perceived commonality.
Qualification
Every healthy community has members with a very focused area of expertise, in which their knowledge is thorough and deep. Other members may have a wide range of interest and involvement, connecting the dots between different focus areas. Some members excel by way of sharp analytical capabilities, others contribute the experience from years of working on a component. The personae in this story drew their strength from combining (at different degrees) all four qualifications: knowledge both deep and wide, understanding both analytically sharp and founded on a body of experience.
Responsibility
While every contributor takes responsibility for their contribution, some people feel responsible for an entire component or even product. In this text I don’t speak of responsibility from a managerial perspective, but of a code-centric point of view that cares about the code in all aspects of quality.
In one of the most complex endeavors that I got involved in, one of our four engineers mentioned in retrospect: “failure was not an option“. Feeling responsible for a component implies to closely track the bugzilla inbox, and to make sure that every incoming bug report is handled with due attention. It also implies to make sure that every proposed code change is of highest possible quality, not only in terms of functionality but also as being in harmony with existing design, to prevent architectural decay. Such responsibility finally implies to care about completeness of functionality. In particular when a new Java version changes the game, JDT must support users in working in that new environment. As an example for the latter aspect think of the conflict between unit testing and the Java Platform Module System. In this context, treating test sources differently from main sources is a must, which is why Till added this functionality to JDT (a huge project of its own).
Burn-Out
Working with the attitude described above requires a lot of energy. In a healthy community this energy flows in both directions, and everything may well be sustainable. In the cases of our four engineers, however, too much energy was burned, obstacles appeared and caused frustration. Some may get frustrated when they see code changes that are made with insufficient understanding, unaware of maintenance costs incurred. Sometimes it’s the tone of discussion that kills any pleasure of contributing. There’s also a structural conflict between meritocracy and unlimited openness of a community: Think of our engineer who wants to take responsibility, he will have to make some decisions. He feels that the rules of meritocracy grant him permission to make such decision and furthermore he is convinced that such decision is necessary to fulfill the assumed responsibility. If the community doesn’t accept such decisions, our engineer would have to fight an extra (seemingly unnecessary) battle just to get permissions for enacting a decision he deems necessary for the greater goal.
In all four cases the community failed to balance the flow of energy, to get obstacles out of the way, to empower those who feel responsible to enact that responsibility. Not all four experienced a full-blown burn-out, but that’s more a question of whether or not they pulled the plug in good time.
Two of our engineers actually had to quit their job to leave Eclipse, the other two didn’t have to ask anybody, because they never received a penny for their contributions.
Questions
Is it just normal that engineers risk burn-out? Is it something happening to everybody? Is it acceptable? Does it make a difference to the community who is it who gets frustrated? More generally speaking: is the community willing to make any difference between newbies and potential “meritocrats”? Does the community actually support the goal of excellent code quality, or is speed of change, e.g., considered more important?
In my previous post I spoke of the end of an era. Does the new era have use for engineers like these? It may not be an extinct species, but I’m afraid their number is dwindling…
Clarification
No, in this post I’m not begging for any “presents” that would lure me back into my previous position. I had my share of responsibility. Quite likely I had bitten off more then I could possibly chew, when I felt responsible not only for all of the compiler (ecj) per-se, but also to drive Oracle towards improving JLS in ways that would enable the teams behind ecj and javac to finally converge on the same language. I felt responsible at other levels, too, but I will not enumerate my merits. I made a final decision to shed all this responsibility – in good time before it would affect my health.
Object Teams in the times of Eclipse Luna and Java 8
With Eclipse Luna approaching milestone 5 it’s time to write a bit about what this year will bring for Object Teams.
Overhaul of the OT/Equinox weaver
The Luna cycle started with a surprise (for me): Equinox no longer provides the Adaptor Hooks, which allowed OT/Equinox to hook into the OSGi class loading process and perform its bytecode weaving. Outch!
On the other hand, OSGi meanwhile has a standard WeavingHook for doing this kind of stuff. With some efforts (and lots of help from Tom W. – no help from p2, though) I managed to migrate OT/Equinox to this new standard. At the end of the day, this will bring better encapsulation and hopefully better launch performance, too. Details to be posted some time later.
Lift OT/J to be based on Java 8
Some may have noticed that most my Eclipse-time is currently being spent in helping JDT to get ready for Java 8. And sure this is an exciting endeavour to be part of!
For Object Teams the cool part about this is: I’ve seen the changes for Java 8 happen in JDT, which greatly helps to adopt these changes for OT/J. Once in a while this even reveals a bug in JDT before it ever surfaced 🙂
The integration of OT/J with Java 8 still has some regressions, but my plan is to have this at good “milestone quality” when Java 8 is released in March and to get it to full release quality for Luna GA in June.
Question: does it actually make sense to combine lambdas and type annotations with roles and teams? I strongly believe it does, because these are language improvements in entirely different categories:
- Lambda expressions help to implement algorithms in a more concise and also more modular way – this lets you think differently about functions.
- Type annotations help enhance safety when used together with better program analysis (like, e.g., enhanced null analysis) – these let you think differently about types.
- Roles and teams help improve the program structure at a larger scale – these let you think differently about classes and objects.
So, if each of these additions makes sense, then combining them all in one language will certainly yield a very powerful language. Some examples of combination to follow as we approach the release.
ObjectTeams.org is down, long live ObjectTeams.org
Not all material from the 10+ years of history of Object Teams has moved to Eclipse.org. Notably the language definition (OTJLD) and scientific publications are still hosted on objectteams.org. Until recently, my former University kindly provided the host for publishing these research results. Now that server has gone off service and for a while objectteams.org was dead — but as of today the relevant content is back online – sorry for the disruption. And, btw, this is also the reason why this blog has changed its URL.
Please wish me luck for the work ahead, both on JDT and Object Teams 🙂
The message is the message
I have been ranting about bad error messages, so in my own work, error messages better be helpful. At least I try.
As for the recent milestone 6 of the JDT a significant novelty was actually mostly about the wording of a few error/warning messages issued by the null analysis of the JDT compiler. We actually had quite a discussion (no, I’m not expecting you to read all the comments in the bug:)).
Why did we go through all this instead of using the time to fix more bugs? Because the entire business of implementing more compiler warnings and in particular introducing annotation-based null analysis is to help you to better understand possible weaknesses of your code. This means our job isn’t done when the error message is printed on your screen, but only when you recognize why (and possibly how) your code could be improved.
|
So the game is: when you see one of the new compiler messages “what does it tell you?“ |
 |
Intended “inconsistency”
Let’s start with an example that at first looks inconsistent:
Both methods basically have the same code, still lines 14-17 are free of any warnings whereas the corresponding lines 24-27 have one warning and even an error. What does it tell us?
Here are some of the messages:
| line 10 | Redundant null check: The variable val1 cannot be null at this location |
| line 12 | Null comparison always yields false: The variable val1 cannot be null at this location |
Before bug 365859 the second method would show the same messages, giving no clue why after the initial start all the same code gives different results later. The initial improvement in that bug was to update the messages like this:
| line 20 | Redundant null check: The variable val2 is specified as @NonNull |
| line 22 | Null comparison always yields false: The variable val2 is specified as @NonNull |
Alright! Here lies the difference: in the first method, compiler warnings are based on the fact that we see an assignment with the non-null value "OK" and carefully follow each data-flow from there on. Non-null definitely holds until line 15, where potentially (depending on where b takes the control flow) null is assigned. Now the check in line 16 appears useful.
By contrast, the warnings in the second method tell us, that they are not based on flow analysis, but on the mere fact that val2 is declared as of type @NonNull String. This specification is effectual, independent of location and flow, which has two consequences: now the assignment in line 25 is illegal; and since we can’t accept this assignment, line 26 still judges by the declaration of val2 which says: @NonNull:
| line 25 | Null type mismatch: required ‘@NonNull String’ but the provided value is null |
| line 26 | Redundant null check: The variable val2 is specified as @NonNull |
Communicate the reasoning
Three levels to a good error message:
- “You did wrong.”
- “Your mistake was …”
- “This is wrong because …”
By now you probably know what I think of tools that answer using (1). To go from (2) towards (3) we split one particular error message into three. Look at this:
which gives these error messages:
| line 31 | Null type mismatch: required ‘@NonNull String’ but the provided value is null |
| line 32 | Null type mismatch: required ‘@NonNull String’ but the provided value is specified as @Nullable |
| line 34 | Null type mismatch: required ‘@NonNull String’ but the provided value is inferred as @Nullable |
Line 31 is obvious.
Line 32 is wrong because in is declared as @Nullable, saying null is a legal value for in, but since it’s not legal for tmp2 the assignment is wrong.
In line 34 we are assigning a value that has no nullness specification; we say, unknown has a “legacy” type. From that alone the compiler cannot decide whether the assignment in line 34 is good. However, using also information from line 33 we can infer that unknown (probably) has type @Nullable String. In this particular case the inference is obvious, but the steps that lead to such conclusion can be arbitrarily complex.
What does this distinction tell you?
The error in line 31 is a plain violation of the specification: tmp1 is required to be nonnull, but the assigment attempts to definitely break that rule.
The error in line 32 denotes the conflict between two contradictory declarations. We know nothing about actual runtime values, but we can tell without any doubt that the code violates a rule.
Errors of the type in line 34 are reported as a courtesy to the user: you didn’t say what kind of variable unknown is, thus normally the compiler would be reluctant to report problems regarding its use, but looking a bit deeper the compiler can infer some missing information. Only in this category it makes sense to discuss whether the conclusion is correct. The inference inside the compiler might be wrong (which would be a compiler bug).
Sources of uncertainty
Of the previous messages, only the one in line 31 mentions a runtime fact, the remaining errors only refer to possibilities of null values where no null value is allowed. In these cases the program might actually work – by accident. Just like this program might work:
void maybe(Object val) { System.out.println(val.toUpperCase()); }
While this is not a legal Java program, a hypothetical compiler could produce runnable byte code, and if the method is invoked with an argument that happens to be a String, all is well – by accident.
While we have no guarantee that things would break at runtime, we know for sure that some rule has been broken and thus the program is rejected.
The following method shows a different kind of uncertainty:
What can we tell about this assignment? Well … we don’t know, it’s not definitely bad, but it’s not good either. What’s the problem? We need a @NonNull value, but we simply have no information whether unspecified can possibly be null or not. One of those legacy types again. After much back and forth we finally found that we have a precendent for this kind of problem: what’s the compiler say to this snippet:
void safety2(List unspecified) { List<String> strings = unspecified; }
Right, it says:
Type safety: The expression of type List needs unchecked conversion to conform to List
meaning: we receive an argument with a type that lacks detailed specification, but we require such details on the left hand side of the assignment. Whether or not the RHS value matches the LHS requirement cannot be checked by the compiler. Argument unspecified has another kind of legacy type: a raw type. To gracefully handle the transition from legacy code to new code with more complete type specifications we only give a warning.
The same for null specifications:
| line 41 | Null type safety: The expression of type String needs unchecked conversion to conform to ‘@NonNull String’ |
In both cases, raw types and types lacking null specification, there are situations where ignoring this warning is actually OK: the legacy part of the code may be written in the full intention to conform to the rule (of only putting strings into the list / using only nonnull values), but was not able to express this in the expected style (with type parameters / null annotations). Maybe the information is still documented, e.g., in the javadoc. If you can convince yourself that the code plays by the rules although not declaring to do so: fine. But the compiler cannot check this, so it passes the responsibility to you, along with this warning.
Tuning comiler messages
If you buy into null annotations, the distinction of what is reported as an error vs warning should hopefully be helpful out of the box. Should you wish to change this, please do so with care. Ignoring some errors can render the whole business of null annotations futile. Still we hope that the correspondence between compiler messages and configuration options is clear:
These options directly correspond to the messages shown above:
| problems | controlled by this option |
|---|---|
| lines 31,32 | Violation of null specification |
| line 34 | Conflict between null annotations and null inference |
| line 39 | Unchecked conversion from non-annotated type to @NonNull type |
Conclusion
The compiler does an awful lot of work trying to figure out whether your code makes sense, definitely, or maybe, or maybe not, or definitely not. We just decided, it should try a little harder to also explain its findings. Still, these messages are constrained to be short statements, so another part of the explanation is of course our job: to educate people about the background and rationale why the compiler gives the answers it gives.
I do hope you find the messages helpful, maybe even more so with a little background knowledge.
The next steps will be: what’s a good method for gradually applying null annotations to existing code? And during that process, what’s a good method for reacting to the compiler messages so that from throwing code at the compiler and throwing error messages back we move towards a fruitful dialog, with you as the brilliant Holmes and the compiler your loyal assistant Watson, just a bit quicker than the original, but that’s elementary.
Using git for an interactive video – Replay the JDT tutorial
When preparing the tutorial How to train the JDT dragon, Ayushman and me packed way more material than we could possible teach in 3 hours time.
Luckily, Ayush came up with an idea that enables all of you to go through the exercise all on your own: instead of creating zip files with various stages of the example projects, we pushed everything to github. I apologize to those who were overwhelmed by how we pushed git onto the tutorial participants in Reston.
Now, as EclipseCon is over, here’s what you can do:
- Fetch the slides: PDF or slideshare
- Clone the material for the plain JDT part (git: URL), containing two projects for the first two exercises.
- org.eclipsecon2012.jdt.tutorial1: traverse the Java Model starting from the element selected in the UI
- org.eclipsecon2012.jdt.quickFix1: implement a quickfix for adding a missing null check
- Clone the misc repo (git: URL), containing
- handouts: instructions for the exercises
- org.eclipsecon2012.jdt.populator: plug-in that was used in the tutorial to create sample content in the runtime workbench; show cases how to programmatically create Java files from String content
- Clone the OT repo (git: URL), containing
- AntiDemo: the OT/Equinox hello-world: prohibition of class names starting with “Foo”.
- Reachability: a full blown reachability analysis in < 300 LOC.
The last exercise, “Reachability”, we couldn’t even show in Reston, but luckily this is the most detailed repo: in 13+1 commits I recorded the individual steps of adding inter-procedural reachability analysis piggy-back on top of the JDT compiler. If you replay these commits from the git repo you can watch me creating this little plug-in from scratch. Starting from step 5 you’ll be able to see the results when you fire up a runtime workbench: the analysis will print to stdout what methods it found during each full build.
Look at the commit comments which summarize what I would have explained in demo mode. Still the material is pretty dense as it explains three technologies at the same time:
- How does this analysis work?
- What points in the JDT do we hook onto?
- How is the integration achieved using Object Teams.
Speaking of integration: using the “Binding Editor” you can see all bindings in a tabular view:
The right hand side of the table give the full list of JDT elements we connect to:
- classes that are extended using a
role - methods/fields that are accessed externally via a
callout binding - methods that are intercepted using a
callin binding.
As a special bonus, step 14 in the git repo shows how to add problem markers for each unreachable method, so that the JDT will actually offer its existing quickfix for removing:
(Yep, both methods are detected as unreachable: calling each other without being called from another reachable method doesn’t help).
I hope you enjoy playing with the examples. For questions please use one of the forums:
Help the JDT Compiler helping you! – 3: The essence of null annotations
After my little excursion to detecting resource leaks let me return to our favorite bug: NPE.
Basic support for null annotations was big news at the release of the Eclipse SDK Juno M4.
To fully understand the approach it’s good to sit back and think of what exactly we’re telling the compiler when we add null annotations to a program.
Annotations as filters
One could certainly use the annotations to mean the following:
@NonNull- “I don’t think this variable will ever hold a null, no need to warn me, when I dereference that value.”
@Nullable- “I guess this variable could be null, so please warn me when I forget a null check before dereferencing.”
Interpreted in this way, the annotations would already be helpful, and actually this would rank them in the same category as @SuppressWarnings("null"): no matter what the compiler analyzed up-to this point, please take my word that this thing is / is not dangerous. In both cases we’d ask the compiler to look at certain things and ignore others, because we “know better”.
However, telling the compiler what’s dangerous and what’s not puts the cart before the horse. If I do so, I will be the weakest link in the chain of analysis. I could err, I do err – that’s why I have NPEs in the first place, so I shouldn’t tell the compiler to trust my judgment.
The good news is: when used appropriately null annotations provide a lot more help.
Annotations as an extension of the type system
The essence of static typing
Lets step back and imagine Java wouldn’t have static typing. A variable declaration would be nothing more than a name, introduced -say- using an imaginary keyword var:
var o; o = new Person(); o.meow();
Right, we could now assign any object, any value, to the variable o and on the other hand we could attempt to invoke any method. Only at runtime will we notice whether the object refered to by o actually has a method meow(). Obviously, this code is unsafe, it could abort saying “Message on understood”. As Java programmers we don’t accept this unsafety, so we use types as a specification:
- It adds a constraint such that only certain values can legally be assigned to the variable
- It establishes a guarantee that certain operations are well-defined wrt the value of the variable.
A statically typed language forces a decision: what values do I want to allow to be bound to the variable? If I declare o as of type Cat the compiler can conclude that “o = new Person();” violates the constraint and cannot be accepted. If, OTOH, I declared o as of type Person the compiler won’t complain at the assignment but typically it will not find a meow() method in a class Person so that line is now illegal. Only if all things match: the declaration, the assignment, and the usage of a variable, only then will the compiler accept the program and certify that this program will not raise “Message not understood”. It’s a trade: constraint for guarantee.
In a statically typed language we are constrained in what we can say, but we gain the guarantee that a certain kind of error will not occur at runtime.
Sounds fair?
More constraints – more guarantees
Standard static typing constrains the program such that values match to the operations we perform with these values, except – there’s a big loop-hole: in traditional object-oriented type systems each class type contains a value that is not suitable for most operations: the value null, which Tony Hoare called his “billion dollar mistake”.
At a closer look, static type checking in Java is founded on a contradiction:
- When analyzing an assignment assume that
nullis a legal value for every object type. - When looking at a method call / a field reference assume that
nullcannot occur (otherwise no unchecked dereference could be considered as legal).
This is exactly, what null annotations fix: they split each traditional object type into two types:
@NonNull Cat- This is the type that contains only cat values
@Nullable Cat- This is the union of the above type and the null-type which contains only one value:
null
You can read the type @Nullable Cat as: either a cat or null.
Null warnings vs. type errors
Those users who try the new feature in the JDT may be surprised to see a whole new kind of error messages. While the original goal is to get alerted about potential NPEs, the compiler may now complain with messages like:
Type mismatch: required ‘@NonNull Cat’ but the provided value can be null
The question may arise, why this is reported as an error, even if no NPE can be directly caused at the statement in question. The answer can be deduced from the following analogy:
void foo(Object o, @Nullable Cat c) { Cat aCat = o; // "Type mismatch: cannot convert from Object to Cat" @NonNull Cat reallyACat = c; // "Type mismatch: required '@NonNull Cat' but the provided value can be null." }
(The wording of the second message will be still improved to better reflect different kinds of RHS values).
The analogy shows:
- The assignment itself could actually succeed, and even if types don’t match, a language without static typing could actually accept both assignments.
- If, however, the assignment were accepted, all subsequent analysis of the use of this variable is useless, because the assumption about the variable’s type may be broken.
Therefor, a first step towards making NPE impossible is to be strict about these rules. Assigning a value to a @NonNull variable without being able to prove that the value is not null is illegal. Just as assigning an Object value to a Cat variable without being able to prove that the value is indeed a cat is illegal.
Interestingly, for the first assignment, Java offers a workaround:
Cat aCat = (Cat) o;
Using the cast operator has two implications: we tell the compiler that we “know better”, that o is actually a cat (we do believe so) and secondly, as compiler and JVM cannot fully trust our judgment a check operation will be generated that will raise a ClassCastException if our assumption was wrong.
Can we do something similar for @NonNull conversion? Without the help of JSR 308 we cannot use annotations in a cast, but we can use a little helper:
void foo(Object o, @Nullable Cat c) { @NonNull Cat reallyACat = assertNonNull(c); } @NonNull T assertNonNull(T val) { if (val == null) throw new NullPointerException("NonNull assertion violated"); return val; }
corrected on 2012/03/05
What? We deliberately throw an NPE although the value isn’t even dereferenced? Why that?
The helper mimics exactly what a cast does for normal type conversions: check if the given value conforms to the required type. If not, raise an exception. If the check succeeds re-type the value to the required type.
Here’s an old school alternative:
void foo(@Nullable Cat c) { @SuppressWarnings("null") @NonNull Cat reallyACat = c; }
(Requires that you enable using @SuppressWarnings for optional errors).
Which approach is better? Throwing an exception as soon as something unexpected happens is far better than silencing the warning and waiting for it to explode sometime later at some other location in the code. The difference is felt during debugging. It’s about blame assignment.
If things blow up at runtime, I want to know which part of the code caused the problem. If I use @SuppressWarnings that part is in stealth mode, and an innocent part of the code will get the blame when it uses the wrong-typed value.
Remember, however, that cast and assertNonNull are not the solution, those are workarounds. Solutions must explicitly perform the check and provide application specific behavior to both outcomes of the check. Just as a cast without an instanceof check is still a land-mine, so is the use of the above helper: NPE can still occur. If you need to dereference a variable that’s not @NonNull you should really ask yourself:
- How can it happen that I end up with a null value in this position?
- How can the application safely and soundly continue in that situation?
These questions cannot be answered by any tool, these relate to the design of your software.
Help the JDT compiler helping you
This post showed you two things you can and should do to help the compiler helping you:
Add null annotations to resolve the contradiction that’s inherent in Java’s type system: a type can only either contain the value null or not contain the value null. Still Java’s type system opportunistically assumes a little bit of both. With annotations you can resolve the ambiguity and state which of the two possible types you mean.
Second, listen to the new type error messages. They’re fundamental to the analysis. If you disregard (or even disable) these messages there’s no point in letting the analysis apply all its sophisticated machinery. From false assumptions we cannot conclude anything useful.
If you apply these two hints, the compiler will be your friend and report quite some interesting findings. For a project that uses null annotations right from the first line of code written, this advice should be enough. The difficult part is: if you have a large existing code base already, the compiler will have a lot to complain. Think of migrating a fully untyped program to Java. You bet you could use some more help here. Let’s talk about that in future posts.
Help the JDT Compiler helping you! – 2: Resource leaks – continued
In my previous post I showed the basics of a new analysis that I originally introduced in the JDT compiler as of 3.8 M3 and improved for M5. This post will give yet more insight into this analysis, which should help you in writing code that the compiler can understand.
Flow analysis – power and limitation
An advantage of implementing leak analysis in the compiler lies in the synergy with the existing flow analysis. We can precisely report whether a resource allocation is definitely followed by a close() or if some execution paths exist, where the close() call is by-passed or an early exit is taken (return or due to an exception). This is pretty cool, because it shows exactly those corner cases in your implementation, that are so easy to miss otherwise.
However, this flow analysis is only precise if each resource is uniquely bound to one local variable. Think of declaring all resource variables as final. If that is possible, our analysis is excellent, if you have multiple assignments to the same variable, if assignments happen only on some path etc, then our analysis can only do a best-effort attempt at keeping track of your resources. As a worst case consider this:
Reader r = new FileReader(f); Reader r2 = null; while (goOn()) { if(hasMoreContent(r)) { readFrom(r); } else { r.close(); // close is nice, but which resource exactly is being closed?? } if (maybe()) { r2 = r; } // at this point: which resource is bound to r2?? if (hasMoreFiles()) { r = new FileReader(getFile()); // wow, we can allocate plenty of resources in a loop } } if (r2 != null) r2.close();
This code may even be safe, but there’s no way our analysis can keep track of how many resources have been allocated in the loop, and which of these resources will be closed. Which one is the resource flowing into r2 to be closed at the end? We don’t know. So if you want the compiler to help you, pretty please, avoid writing this kind of code 🙂
So what rules should you follow to get on terms with the compiler? To understand the mentioned limitation it helps to realize that our analysis is mostly connected to local variables, keeping some status bits for each of them. However, when analyzing variables the analysis has no notion of values, i.e., in the example the compiler can only see one variable r where at runtime an arbitrary number of Reader instances will be allocated, bound and dropped again.
Still, there are three special situations which the analysis can detect:
Reader r = new FileReader("someFile"); r = new FileReader("otherFile"); r = new BufferedReader(r); Reader r2 = getReader(); if (r2 != null) { r2.close(); }
- In line 2 we’re leaking the instance from line 1, because after the assignment we no longer have a reference to the first reader and thus we cannot close it.
- However, line 3 is safe, because the same reader that is being dropped from
ris first wrapped into a newBufferedReaderand indirectly via that wrapper it is still reachable. - Finally at the end of the example snippet, the analysis can see that
r2is eithernullor closed, so all is safe.
You see the compiler understands actually a lot of the semantics.
My fundamental advice is:
Resource ownership
Still not every method lacking a close() call signifies a resource leak. For an exact and definite analysis we would need one more piece of information: who owns any given resource?
Consider a group of methods happily passing around some resources among themselves. For them the same happens as for groups of people: diffusion of responsibility:
Well, no, I really thought that you were going to close this thing?!!?”.
If we had a notion of ownership we’d simple require the unique owner of each resource to eventually close that resource. However, such advanced concepts, while thoroughly explored in academia, are lacking from Java. To mitigate this problem, I made the following approximations of an ownership model:
- If a method allocates a resource, it owns it – initially.
- If a method obtains a resource by calling another method, it may potentially be responsible, since we cannot distinguish ownership from lending
- If a method passes a resource as an argument to another method (or constructor), it may or may not transfer ownership by this call.
- If a method receives a resource as a parameter, it assumes the caller is probably still responsible
- If a method passes a resource as its return value back to the caller, it rejects any responsibility
- If a resource is ever stored in a field, no single method feels responsible.
- If a resource is wrapped in an array we can no longer track the resource, but maybe the current method is still responsible?
In this list, green means: the compiler is encouraged to report anything fishy as a bug. Blue means, we still do the reporting, but weaken the message by saying “Potential resource leak”. Red means, the compiler is told to shut up because this code could only be checked by whole system analysis (which is not feasible for an incremental compiler).
The advice that follows from this is straight-forward:
Do not pass it around and don’t store it in fields.
Do not talk to any strangers about your valuable resources!
In this regard, unclean code will actually cancel the leak analysis. If ownership of a resource is unclear, the compiler will just be quiet. So, do you think we should add a warning to signal whenever this happens? Notably, a warning when a resource is stored in a field?
The art of being quiet
Contrary to naive thinking, the art of good static analysis is not in reporting many issues. The art is in making yourself heard. If the compiler just rattles on with lots of uninteresting findings, no one will listen, no one will have the capacity to listen to all that.
A significant part of the work on resource leak analysis has gone into making the compiler quieter. And of course this is not just a matter of turning down the volume, but a matter of much smarter judgment of what the user might be interested in hearing.
By way of two recently resolved bugs (358903 and 368546) we managed to reduce the number of resource leak warnings reported against the sources of the Eclipse SDK from almost 100 down to 8. Calling this a great success may sound strange at first, but that it is.
At the level we reached now, I can confidently encourage everybody to enable this analysis (my recommendation: resource leaks = error, potential resource leaks = warning). The “Resource leak” problems indeed deserve a closer look, and also the potential ones could give valuable hints.
For each issue reported by the compiler you have three options:
- Agree that this is a bug
- Explain to the compiler why you believe the code is safe (unique assignment to locals, less passing around)
- Add
@SuppressWarnings("resource")to tell the compiler that you know what you are doing.
But remember the nature of responsibility: if you say you don’t want to here any criticism you’d better be really sure. If you say you take the responsibility the compiler will be the humble servant who quietly forgets all worries.
Finally, if you are in the lucky position to use Java 7 for your projects, do the final step: enable “Resource not managed with try-with-resource” analysis. This was actually the start of this long journey: to let the compiler give hints where this new syntax would help to make your code safer and to make better visible why it is safe – with respect to resource leaks.
Final note: one of the bugs mentioned above was only resolved today. So with M5 you will still see some avoidable false positives. The next build from now should be better 🙂
I’ll be back, soon, with more on our favorite exception: NPE.
Help the JDT Compiler helping you! – 1: Resource Leaks
During the Juno cycle a lot of work in the JDT has gone into more sophisticated static analysis, and some more is still in the pipe-line. I truly hope that once Juno is shipped this will help all JDT users to find more bugs immediately while still typing. However, early feedback regarding these features shows that users are starting to expect miracles from the analysis 🙂
On the one hand seeing this is flattering, but on the other hand it makes me think we should perhaps explain what exactly the analysis can see and what is beyond its vision. If you take a few minutes learning about the concepts behind the analysis you’ll not only understand its limitations, but more importantly you will learn how to write code that’s better readable – in this case for reading by the compiler. Saying: with only slightly rephrasing your programs you can help the compiler to better understand what’s going on, to the effect that the compiler can answer with much more useful error and warning messages.
Since there’s a lot of analysis in this JDT compiler I will address just one topic per blog post. This post goes to improvements in the detection of resource leaks.
Resource leaks – the basics
Right when everybody believed that Eclipse Indigo RC 4 was ready for the great release, another blocker bug was detected: a simple resource leak basically prevented Eclipse from launching on a typical Linux box if more than 1000 bundles are installed. Coincidentally, at the same time the JDT team was finishing up work on the new try-with-resources statement introduced in Java 7. So I was thinking: shouldn’t the compiler help users to migrate from notoriously brittle handling of resources to the new construct that was designed specifically to facilitate a safe style of working with resources?
What’s a resource?
So, how can the compiler know about resources? Following the try-with-resources concept, any instance of type java.lang.AutoCloseable is a resource. Simple, huh? In order to extend the analysis also to pre Java 7 code, we also consider java.io.Closeable (available since 1.5).
Resource life cycle
The expected life cycle of any resource is : allocate—use—close. Simple again.
From this we conclude the code pattern we have to look for: where does the code allocate a closeable and no call to close() is seen afterwards. Or perhaps a call is seen but not all execution paths will reach that call, etc.
Basic warnings
With Juno M3 we released a first analysis that could now tell you things like:
- Resource leak: “input” is never closed
- Resource leak: “input” is never closed at this location (if a method exit happens before reaching close())
If the problem occurs only on some execution paths the warnings are softened (saying “potential leak” etc.).
Good, but…
Signal to noise – part 1
It turned out that the analysis was causing significant noise. How come? The concepts are so clear and all code that wouldn’t exhibit the simple allocate—use—close life cycle should indeed by revised, shouldn’t it?
In fact we found several patterns, where these warnings were indeed useless.
Resource-less resources
We learned that not every subtype of Closeable really represents a resource that needs leak prevention. How many times have you invoked close() on a StringWriter, e.g.? Just have a look at its implementation and you’ll see why this isn’t worth the effort. Are there more classes in this category?
Indeed we found a total of 7 classes in java.io that purely operate on Java objects without allocating any resources from the operating system:
StringReaderStringWriterByteArrayInputStreamByteArrayOutputStreamCharArrayReaderCharArrayWriterStringBufferInputStream
For none of these does it make sense to warn about missing close().
To account for these classes we simply added a white list: if a class is in the list suppress any warnings/errors. This white list consists of exactly those 7 classes listed above. Sub-classes of these classes are not considered.
Wrapper resources
Another group of classes implementing Closeable showed up, that are not strictly resources themselves. Think of BufferedInputStream! Does it need to be closed?
Well? What’s your answer? The correct answer is: it depends. A few examples:
void wrappers(String content) throws IOException { Reader r1, r2, r3, r4; r1 = new BufferedReader(new FileReader("someFile")); r2 = new BufferedReader(new StringReader(content)); r3 = new FileReader("somefile"); r4 = new BufferedReader(r3); r3.close(); }
How many leaks? With same added smartness the compiler will signal only one resource leak: on r1. All others are safe:
r2is a wrapper for a resource-less closeable: no OS resources are ever allocated here.r3is explicitly closedr4is just a wrapper aroundr3and since that is properly closed,r4does not hold onto any OS resources at the end.- returning to
r1, why is that a leak? It’s a wrapper, too, but now the underlying resource (aFileReader) is not directly closed so it’s the responsibility of the wrapper and can only be triggered by callingclose()on the wrapperr1.
EDIT: We are not recommending to close a wrapped resource directly as done with r3, closing the wrapper (r4) is definitely cleaner, and when wrapping a FileOutputStream with a BufferedOutputStream closing the former is actually wrong, because it may lose buffered content that hasn’t been flushed. However, the analysis is strictly focused on resource leaks and for analysing wrappers we narrow that notion to leaks of OS resources. For the given example, reporting a warning against r4 would be pure noise.
Summarizing: wrappers don’t directly hold an OS resource, but delegate to a next closeable. Depending on the nature and state of the nested closeable the wrapper may or may not be responsible for closing. In arbitrary chains of wrappers with a relevant resource at the bottom, closing any closeable in the chain (including the bottom) will suffice to release the single resource. If a wrapper chain is not properly closed the problem will be flagged against the outer-most wrapper, since calling close() at the wrapper will be delegated along all elements of the chain, which is the cleanest way of closing.
Also for wrappers the question arises: how does the compiler know? Again we set up a white list with all wrapper classes we found in the JRE: 20 classes in java.io, 12 in java.util.zip and 5 in other packages (the full lists are in TypeConstants.java, search for “_CLOSEABLES”).
Status and outlook
Yes, a leak can be a stop-ship problem.
Starting with Juno M3 we have basic analysis of resource leaks; starting with Juno M5 the analysis uses the two white lists mentioned above: resource-less closeables and resource wrappers. In real code this significantly reduces the number of false positives, which means: for the remaining warnings the signal-to-noise ratio is significantly better.
M5 will actually bring more improvements in this analysis, but that will be subject of a next post.
Object Teams with Null Annotations
The recent release of Juno M4 brought an interesting combination: The Object Teams Development Tooling now natively supports annotation-based null analysis for Object Teams (OT/J). How about that? 🙂
The path behind us
Annotation-based null analysis has been added to Eclipse in several stages:
- Using OT/J for prototyping
- As discussed in this post, OT/J excelled once more in a complex development challenge: it solved the conflict between extremely tight integration and separate development without double maintenance. That part was real fun.
- Applying the prototype to numerous platforms
- Next I reported that only one binary deployment of the OT/J-based prototype sufficed to upgrade any of 12 different versions of the JDT to support null annotations — looks like a cool product line
- Pushing the prototype into the JDT/Core
- Next all of the JDT team (Core and UI) invested efforts to make the new feature an integral part of the JDT. Thanks to all for this great collaboration!
- Merging the changes into the OTDT
- Now, that the new stuff was mixed back into the plain-Java implementation of the JDT, it was no longer applicable to other variants, but the routine merge between JDT/Core HEAD and Object Teams automatically brought it back for us. With the OTDT 2.1 M4, annotation-based null analysis is integral part of the OTDT.
Where we are now
Regarding the JDT, others like Andrey, Deepak and Aysush have beaten me in blogging about the new coolness. It seems the feature even made it to become a top mention of the Eclipse SDK Juno M4. Thanks for spreading the word!
Ah, and thanks to FOSSLC you can now watch my ECE 2011 presentation on this topic.
Two problems of OOP, and their solutions
Now, OT/J with null annotations is indeed an interesting mix, because it solves two inherent problems of object-oriented programming, which couldn’t differ more:
1.: NullPointerException is the most widespread and most embarrassing bug that we produce day after day, again and again. Pushing support for null annotations into the JDT has one major motivation: if you use the JDT but don’t use null annotations you’ll no longer have an excuse. For no good reasons your code will retain these miserable properties:
- It will throw those embarrassing NPEs.
- It doesn’t tell the reader about fundamental design decisions: which part of the code is responsible for handling which potential problems?
Why is this problem inherent to OOP? The dangerous operator that causes the exception is this:
right, the tiny little dot. And that happens to be the least dispensable operator in OOP.
2.: Objectivity seems to be a central property on any approach that is based just on Objects. While so many other activities in software engineering are based on the insight that complex problems with many stakeholders involved can best be addressed using perspectives and views etc., OOP forces you to abandon all that: an object is an object is an object. Think of a very simple object: a File. Some part of the application will be interested in the content so it can decode the bytes and do s.t. meaningful with it, another part of the application (maybe an underlying framework) will mainly be interested in the path in the filesystem and how it can be protected against concurrent writing, still other parts don’t care about either but only let you send the thing over the net. By representing the “File” as an object, that object must have all properties that are relevant to any part of the application. It must be openable, lockable and sendable and whatnot. This yields
bloated objects and unnecessary, sometimes daunting dependencies. Inside the object all those different use cases it is involved in can not be separated!
With roles objectivity is replaced by a disciplined form of subjectivity: each part of the application will see the object with exactly those properties it needs, mediated by a specific role. New parts can add new properties to existing objects — but not in the unsafe style of dynamic languages, but strictly typed and checked. What does it mean for practical design challenges? E.g, direct support for feature oriented designs – the direct path to painless product lines etc.
Just like the dot, objectivity seems to be hardcoded into OOP. While null annotations make the dot safe(r), the roles and teams of OT/J add a new dimension to OOP where perspectives can be used directly in the implementation. Maybe it does make sense, to have both capabilities in one language 🙂 although one of them cleans up what should have been sorted out many decades ago while the other opens new doors towards the future of sustainable software designs.
The road ahead
The work on null annotations goes on. What we have in M4 is usable and I can only encourage adopters to start using it right now, but we still have an ambitious goal: eventually, the null analysis shall not only find some NPEs in your program, but eventually the absense of null related errors and warnings shall give the developer the guarantee that this piece of code will never throw NPE at runtime.
What’s missing towards that goal:
- Fields: we don’t yet support null annotations for fields. This is next on our plan, but one particular issue will require experimentation and feedback: how do we handle the initialization phase of an object, where fields start as being null? More on that soon.
- Libraries: we want to support null specifications for libraries that have no null annotations in their source code.
- JSR 308: only with JSR 308 will we be able to annotate all occurrences of types, like, e.g., the element type of a collection (think of
List)
Please stay tuned as the feature evolves. Feedback including bug reports is very welcome!
Ah, and one more thing in the future: I finally have the opportunity to work out a cool tutorial with a fellow JDT committer: How To Train the JDT Dragon with Ayushman. Hope to see y’all in Reston!
Mix-n-match language support
I’ve been involved in the release of different versions of the JDT lately, supporting different flavors of Java.
Classical release management
At the core we have the plain JDT, of which we published the 3.7.0 release in June and right now first release candidates are being prepared towards the 3.7.1 service release, which will be the first official release to support Java 7. At the same time the first milestones towards 3.8 are being built. OK, this is almost normal business — with the exception of the service release differs more than usual from its base release, due to the unhappy timing of the release of Java 7 vs. Eclipse 3.7.
First variant: Object Teams
The same release plan is mirrored by the Object Teams releases 2.0.0, 2.0.1RC1, 2.1.0M1. Merging the delta from JDT 3.7 to 3.7.1 into the OTDT was a challenge, given that this delta contained the full implementation of all that’s new in Java 7. Still with the experience of regularly merging JDT/Core changes into the OT variant, the pure merging was less than one day plus a couple more days until all 50000+ tests were green again. The nice thing about the architecture of the OTDT: after merging the JDT/Core, I was done. Since all other adaptations of the JDT are implemented using OT/Equinox adopting, e.g., all the new quick assists for Java 7 required a total of zero minutes integration time.
I took the liberty of branching 2.0.x and 2.1 only after integrating the Java 7 support, which also means that 2.1 M1 has only a small number of OT-specific improvements that did not already go into 2.0.1.
Prototyping annotation based null analysis
As I wrote before, I’m preparing a comprehensive new feature for the JDT/Core: static analysis for potential NullPointerException based on annotations in the code. The latest patch attached to the bug had almost 3000 lines. Recent discussions at ECOOP made me change my mind in a few questions, so I changed some implementation strategies. Luckily the code is well modularized due to the use of OT/Equinox.
Now came the big question: against which version of the JDT should I build the null-annotation add-on? I mean, which of the 6 versions I have been involved in during the last 2 months?
As I like a fair challenge every now and then I decided: all six, i.e., I wanted to support adding the new static analysis to all six JDT versions mentioned before.
Integration details
Anybody who has worked on a Java compiler will confirm: if you change one feature of the compiler chances are that any other feature can be broken by the change (I’m just paraphrasing: “it’s complex”). And indeed, applying the nullity plug-in to the OTDT caused some headache at first, because both variants of the compiler make specific assumptions about the order in which specific information is available during the compilation process. It turned out that two of these assumptions where simply incompatible, so I had to make some changes (here I made the null analysis more robust).
At the point where I thought I was done, I tripped over an ugly problem that’s intrinsic to Java.
The nullity plug-in adapts a method in the JDT/Core which contains the following switch statement:
while ((token = this.scanner.getNextToken()) != TerminalTokens.TokenNameEOF) { IExtendedModifier modifier = null; switch(token) { case TerminalTokens.TokenNameabstract: modifier = createModifier(Modifier.ModifierKeyword.ABSTRACT_KEYWORD); break; case TerminalTokens.TokenNamepublic: modifier = createModifier(Modifier.ModifierKeyword.PUBLIC_KEYWORD); break; // more cases } }
I have a copy of this method where I only added a few lines to one of the case blocks.
Compiles fine against any version of the JDT. But Eclipse hangs when I install this plugin on top of a wrong JDT version. What’s wrong?
The problem lies in the (internal) interface TerminalTokens. The required constants TokenNameabstract etc. are of course present in all versions of this interface, however the values of these constants change every time the parser is generated anew. If constants were really abstractions that encapsulate their implementation values, all would be fine, but the Java byte code knows nothing about such an abstraction, all constant values are inlined during compilation. In other words: the meaning of a constant depends solely on the definitions which the compiler sees during compilation. Thus compiling the above switch statement hardcodes a dependency on one particular version of the interface TerminalTokens. BAD.
After recognizing the problem, I had to copy some different versions of the interface into my plug-in, implement some logic to translate between the different encodings and that problem was solved.
What’s next?
Nothing is next. At this point I could apply the nullity plug-in to all six versions of the JDT and all are behaving well.
Mix-n-match
Would you like Java with our without the version 7 enhancements (stable release or milestone)? May I add some role and team classes? How about a dash more static analysis? It turns out we have more than just one product, we have a full little product line with features to pick or opt-out:
| Java 6 | Java 7 | |||
|---|---|---|---|---|
| Indigo | Indigo SR1 | Juno M1 | ||
| no null annotations | Plain JDT | |||
| OTDT | ||||
| with null annotations | Plain JDT | |||
| OTDT | ||||
- OTDT: http://www.eclipse.org/objectteams/download.php
- Null ananlysis: http://wiki.eclipse.org/JDT_Core/Null_Analysis
Just make your choice 🙂
Happy hacking with null annotations and try-with-resources in OT/J.
 |
BTW: if you want to hear a bit more about the work on null annotations, you should really come to EclipseCon Europe — why not drop a comment at this submission 🙂 |
Follow-up: Object Teams Tutorial at EclipseCon 2011
At our EclipseCon tutorial we mentioned a bonus excercise, for which we didn’t have the time at the tutorial.
Now it’s time to reveal the solution.
Task
“Implement the following demo-mode for the JDT:
- • When creating a Java project let the user select:
- ❒ Project is for demo purpose only
- • When creating a class in a Demo project:
- insert class name as “Foo1”, “Foo2” …”
So creating classes in demo mode is much easier, and you’ll use the names “Foo1″… anyway 🙂
(See also our slides (#39)).
Granted, this is a toy example, yet it combines a few properties that I frequently find in real life and which cause significant pains without OT/J:
- The added behavior must tightly integrate with existing behavior.
- The added behavior affects code at distant locations,
here two plug-ins are affected:org.eclipse.jdt.uiandorg.eclipse.jdt.core. - The added behavior affects execution at different points in time,
here creation of a project plus creation of a class inside a project. - The added behavior requires to maintain more state at existing objects,
here a JavaProject must remember if it is a demo project.
Despite these characteristics the task can be easily described in a few English sentences. So the solution should be similarly concise and delivered as a single coherent piece.
Strategy
With a little knowledge about the JDT the solution can be outlined as this
- Add a checkbox to the New Java Project wizard
- When the wizard creates the project mark it as a demo project if the box is checked.
- Let the project also count the names of
Foo..classes it has created. - When the new class wizard creates a class inside a demo project pre-set the generated class name and make the name field unselectable.
From this we conclude the need to define 4 roles, playedBy these existing types:
org.eclipse.jdt.ui.wizards.NewJavaProjectWizardPageOne.NameGroup:
the wizard page section where the project name is entered and where we want to add the checkbox.org.eclipse.jdt.ui.wizards.NewJavaProjectWizardPageTwo:
the part of the wizard that triggers setup of the JavaProject.org.eclipse.jdt.core.IJavaProject:
this is where we need to add more state (isDemoProject and numFooClasses).org.eclipse.jdt.ui.wizards.NewTypeWizardPage:
this is where the user normally specifies the name for a new class to be created.
Note, that 3 classes in this list resided in org.eclipse.jdt.ui, but IJavaProject is from org.eclipse.jdt.core, which leads us to the next step:
Plug-in configuration
Our solution is developed as an OT/Equinox plug-in, with the following architecture level connections:
This simply says that the same team demohelper.ProjectAdaptor is entitled to bind roles to classes from both org.eclipse.jdt.ui and org.eclipse.jdt.core.
One more detail in these extensions shouldn’t go unmentioned: Don’t forget to set “activation: ALL_THREADS” for the team (otherwise you won’t see any effect …).
Now we’re ready to do the coding.
Implementing the roles
protected class DialogExtender playedBy NameGroup { protected SelectionButtonDialogField isDemoField; void createControl(Composite parent) <- after Control createControl(Composite composite) with { parent <- (Composite) result } private void createControl(Composite parent) { isDemoField= new SelectionButtonDialogField(SWT.CHECK); isDemoField.setLabelText("Project is for demo purpose only"); isDemoField.setSelection(false); isDemoField.doFillIntoGrid(parent, 4); } }
Our first role adds the checkbox. The implementation of createControl is straight-forward UI business. Lines 22,23 hook our role method into the one from the bound base class NameGroup. After the with keyword, we are piping the result from the base method into the parameter parent of the role method (with a cast). This construct is a parameter mapping.
Here’s the result:
Next we want to store the demo-flag to instances of IJavaProject, so we write this role:
protected class EnhancedJavaProject playedBy IJavaProject { protected boolean isDemoProject; private int numFooClasses = 1; protected String getTypeName() { return "Foo"+(numFooClasses++); } }
Great, now any IJavaProject can play the role EnhancedJavaProject which holds the two additional fields, and we can automatically serve an arbitrary number of class names Foo1 …
In the IDE you will actually see a warning, telling you that binding a role to a base interface currently imposes a few restrictions, but these don’t affect us in this example.
Next comes a typical question: how to transfer the flag from role DialogExtender to role EnhancedJavaProject?? The roles don’t know about each other nor do the bound base classes. The answer is: use a chain of references.
protected class FirstPage playedBy NewJavaProjectWizardPageOne { DialogExtender getFNameGroup() -> get NameGroup fNameGroup; protected boolean isDemoProject() { return getFNameGroup().isDemoField.isSelected(); } } protected class WizardExtender playedBy NewJavaProjectWizardPageTwo { FirstPage getFFirstPage() -> get NewJavaProjectWizardPageOne fFirstPage; markDemoProject <- after initializeBuildPath; private void markDemoProject(EnhancedJavaProject javaProject) { if (getFFirstPage().isDemoProject()) javaProject.isDemoProject = true; } }
Role WizardExtender intercepts the event when the wizard initializes the IJavaProject (line 46). Method initializedBuildPath receives a parameter of type IJavaProject but the OT/J runtime transparently translates this into an instance of type EnhancedJavaProject (this – statically type safe – operation is called lifting). Another indirection is needed to access the checkbox: The base objects are linked like this:
This link structure is lifted to the role level by the callout bindings in lines 35 and 44.
We’re ready for our last role:
protected class NewTypeExtender playedBy NewTypeWizardPage { void setTypeName(String name, boolean canBeModified) -> void setTypeName(String name, boolean canBeModified); void initTypePage(EnhancedJavaProject prj) <- after void initTypePage(IJavaElement element) with { prj <- element.getJavaProject() } private void initTypePage(EnhancedJavaProject prj) { if (prj.isDemoProject) setTypeName(prj.getTypeName(), false); } }
Here we intercept the initialization of the type page of a New Java Project wizard (lines 66,67). Another parameter mapping is used to perform two adjustments in one go: fetch the IJavaProject from the enclosing element and lift it to its EnhancedJavaProject role. This follows the rule-of-thumb that base-type operations (like navigating from IJavaElement to IJavaProject) should happen at the right hand side, so that we are ready to lift the IJavaProject to EnhancedJavaProject when the data flow enters the team.
The EnhancedJavaProject can now be asked for its stored flag (isDemoProject) and it can be asked for a generated class name (getTypeName()). The generated class name is then inserted into the dialog using the callout binding in line 64. Looks like this:
See this? No need to think of a good class name 🙂
Wrap-up
So that’s it. All these roles are collected in one team class and here is the fully expanded outline:
All this is indeed one concise and coherent module. In the tutorial I promised to do this no more than 80 LOC, and indeed the team class has 74 lines including imports and white space.
Or, if you are interested just in how this module connects to the existing implementation, you may use the “binding editor” in which you see all playedBy, callout and callin bindings:
The full sources are also available for download.
have fun
The Object Teams Blog 
