go

[Dictionary.git] / jars / icu4j-4_4_2-src / main / classes / core / src / com / ibm / icu / util / Freezable.java

/*\r
 ******************************************************************************\r
 * Copyright (C) 200-2009, International Business Machines Corporation and    *\r
 * others. All Rights Reserved.                                               *\r
 ******************************************************************************\r
*/\r
package com.ibm.icu.util;\r
\r
/**\r
 * Provides a flexible mechanism for controlling access, without requiring that\r
 * a class be immutable. Once locked, an object can never be unlocked, so it is\r
 * thread-safe from that point onward. The implementation of both methods must\r
 * be synchronized. Once the object has been locked, it must guarantee that no\r
 * changes can be made to it. Any attempt to alter it must raise an\r
 * UnsupportedOperationException exception. This means that when the object\r
 * returns internal objects, or if anyone has references to those internal\r
 * objects, that those internal objects must either be immutable, or must also\r
 * raise exceptions if any attempt to modify them is made. Of course, the object\r
 * can return clones of internal objects, since those are safe.\r
 * <h2>Background</h2>\r
 * <p>\r
 * There are often times when you need objects to be objects 'safe', so that\r
 * they can't be modified. Examples are when objects need to be thread-safe, or\r
 * in writing robust code, or in caches. If you are only creating your own\r
 * objects, you can guarantee this, of course -- but only if you don't make a\r
 * mistake. If you have objects handed into you, or are creating objects using\r
 * others handed into you, it is a different story. It all comes down to whether\r
 * you want to take the Blanche Dubois approach (&quot;depend on the kindness of\r
 * strangers&quot;) or the Andy Grove approach (&quot;Only the Paranoid\r
 * Survive&quot;).\r
 * </p>\r
 * <p>\r
 * For example, suppose we have a simple class:\r
 * </p>\r
 * \r
 * <pre>\r
 * public class A {\r
 *      protected Collection b;\r
 * \r
 *      protected Collection c;\r
 * \r
 *      public Collection get_b() {\r
 *              return b;\r
 *      }\r
 * \r
 *      public Collection get_c() {\r
 *              return c;\r
 *      }\r
 * \r
 *      public A(Collection new_b, Collection new_c) {\r
 *              b = new_b;\r
 *              c = new_c;\r
 *      }\r
 * }\r
 * </pre>\r
 * \r
 * <p>\r
 * Since the class doesn't have any setters, someone might think that it is\r
 * immutable. You know where this is leading, of course; this class is unsafe in\r
 * a number of ways. The following illustrates that.\r
 * </p>\r
 * \r
 * <pre>\r
 *  public test1(SupposedlyImmutableClass x, SafeStorage y) {\r
 *    // unsafe getter\r
 *    A a = x.getA();\r
 *    Collection col = a.get_b();\r
 *    col.add(something); // a has now been changed, and x too\r
 *\r
 *    // unsafe constructor\r
 *    a = new A(col, col);\r
 *    y.store(a);\r
 *    col.add(something); // a has now been changed, and y too\r
 *  }\r
 * </pre>\r
 * \r
 * <p>\r
 * There are a few different techniques for having safe classes.\r
 * </p>\r
 * <ol>\r
 * <li>Const objects. In C++, you can declare parameters const.</li>\r
 * <li>Immutable wrappers. For example, you can put a collection in an\r
 * immutable wrapper.</li>\r
 * <li>Always-Immutable objects. Java uses this approach, with a few\r
 * variations. Examples:\r
 * <ol>\r
 * <li>Simple. Once a Color is created (eg from R, G, and B integers) it is\r
 * immutable.</li>\r
 * <li>Builder Class. There is a separate 'builder' class. For example,\r
 * modifiable Strings are created using StringBuffer (which doesn't have the\r
 * full String API available). Once you want an immutable form, you create one\r
 * with toString().</li>\r
 * <li>Primitives. These are always safe, since they are copied on input/output\r
 * from methods.</li>\r
 * </ol>\r
 * </li>\r
 * <li>Cloning. Where you need an object to be safe, you clone it.</li>\r
 * </ol>\r
 * <p>\r
 * There are advantages and disadvantages of each of these.\r
 * </p>\r
 * <ol>\r
 * <li>Const provides a certain level of protection, but since const can be and\r
 * is often cast away, it only protects against most inadvertent mistakes. It\r
 * also offers no threading protection, since anyone who has a pointer to the\r
 * (unconst) object in another thread can mess you up.</li>\r
 * <li>Immutable wrappers are safer than const in that the constness can't be\r
 * cast away. But other than that they have all the same problems: not safe if\r
 * someone else keeps hold of the original object, or if any of the objects\r
 * returned by the class are mutable.</li>\r
 * <li>Always-Immutable Objects are safe, but usage can require excessive\r
 * object creation.</li>\r
 * <li>Cloning is only safe if the object truly has a 'safe' clone; defined as\r
 * one that <i>ensures that no change to the clone affects the original</i>.\r
 * Unfortunately, many objects don't have a 'safe' clone, and always cloning can\r
 * require excessive object creation.</li>\r
 * </ol>\r
 * <h2>Freezable Model</h2>\r
 * <p>\r
 * The <code>Freezable</code> model supplements these choices by giving you\r
 * the ability to build up an object by calling various methods, then when it is\r
 * in a final state, you can <i>make</i> it immutable. Once immutable, an\r
 * object cannot <i>ever </i>be modified, and is completely thread-safe: that\r
 * is, multiple threads can have references to it without any synchronization.\r
 * If someone needs a mutable version of an object, they can use\r
 * <code>cloneAsThawed()</code>, and modify the copy. This provides a simple,\r
 * effective mechanism for safe classes in circumstances where the alternatives\r
 * are insufficient or clumsy. (If an object is shared before it is immutable,\r
 * then it is the responsibility of each thread to mutex its usage (as with\r
 * other objects).)\r
 * </p>\r
 * <p>\r
 * Here is what needs to be done to implement this interface, depending on the\r
 * type of the object.\r
 * </p>\r
 * <h3><b>Immutable Objects</b></h3>\r
 * <p>\r
 * These are the easiest. You just use the interface to reflect that, by adding\r
 * the following:\r
 * </p>\r
 * \r
 * <pre>\r
 *  public class A implements Freezable<A> {\r
 *   ...\r
 *   public final boolean isFrozen() {return true;}\r
 *   public final A freeze() {return this;}\r
 *   public final A cloneAsThawed() { return this; }\r
 *   }\r
 * </pre>\r
 * \r
 * <p>\r
 * These can be final methods because subclasses of immutable objects must\r
 * themselves be immutable. (Note: <code>freeze</code> is returning\r
 * <code>this</code> for chaining.)\r
 * </p>\r
 * <h3><b>Mutable Objects</b></h3>\r
 * <p>\r
 * Add a protected 'flagging' field:\r
 * </p>\r
 * \r
 * <pre>\r
 * protected boolean immutable;\r
 * </pre>\r
 * \r
 * <p>\r
 * Add the following methods:\r
 * </p>\r
 * \r
 * <pre>\r
 * public final boolean isFrozen() {\r
 *      return frozen;\r
 * };\r
 * \r
 * public A freeze() {\r
 *      frozen = true;\r
 *      return this;\r
 * }\r
 * </pre>\r
 * \r
 * <p>\r
 * Add a <code>cloneAsThawed()</code> method following the normal pattern for\r
 * <code>clone()</code>, except that <code>frozen=false</code> in the new\r
 * clone.\r
 * </p>\r
 * <p>\r
 * Then take the setters (that is, any method that can change the internal state\r
 * of the object), and add the following as the first statement:\r
 * </p>\r
 * \r
 * <pre>\r
 * if (isFrozen()) {\r
 *      throw new UnsupportedOperationException(&quot;Attempt to modify frozen object&quot;);\r
 * }\r
 * </pre>\r
 * \r
 * <h4><b>Subclassing</b></h4>\r
 * <p>\r
 * Any subclass of a <code>Freezable</code> will just use its superclass's\r
 * flagging field. It must override <code>freeze()</code> and\r
 * <code>cloneAsThawed()</code> to call the superclass, but normally does not\r
 * override <code>isFrozen()</code>. It must then just pay attention to its\r
 * own getters, setters and fields.\r
 * </p>\r
 * <h4><b>Internal Caches</b></h4>\r
 * <p>\r
 * Internal caches are cases where the object is logically unmodified, but\r
 * internal state of the object changes. For example, there are const C++\r
 * functions that cast away the const on the &quot;this&quot; pointer in order\r
 * to modify an object cache. These cases are handled by mutexing the internal\r
 * cache to ensure thread-safety. For example, suppose that UnicodeSet had an\r
 * internal marker to the last code point accessed. In this case, the field is\r
 * not externally visible, so the only thing you need to do is to synchronize\r
 * the field for thread safety.\r
 * </p>\r
 * <h4>Unsafe Internal Access</h4>\r
 * <p>\r
 * Internal fields are called <i>safe</i> if they are either\r
 * <code>frozen</code> or immutable (such as String or primitives). If you've\r
 * never allowed internal access to these, then you are all done. For example,\r
 * converting UnicodeSet to be <code>Freezable</code> is just accomplished\r
 * with the above steps. But remember that you <i><b>have</b></i> allowed\r
 * access to unsafe internals if you have any code like the following, in a\r
 * getter, setter, or constructor:\r
 * </p>\r
 * \r
 * <pre>\r
 * Collection getStuff() {\r
 *      return stuff;\r
 * } // caller could keep reference &amp; modify\r
 * \r
 * void setStuff(Collection x) {\r
 *      stuff = x;\r
 * } // caller could keep reference &amp; modify\r
 * \r
 * MyClass(Collection x) {\r
 *      stuff = x;\r
 * } // caller could keep reference &amp; modify\r
 * </pre>\r
 * \r
 * <p>\r
 * These also illustrated in the code sample in <b>Background</b> above.\r
 * </p>\r
 * <p>\r
 * To deal with unsafe internals, the simplest course of action is to do the\r
 * work in the <code>freeze()</code> function. Just make all of your internal\r
 * fields frozen, and set the frozen flag. Any subsequent getter/setter will\r
 * work properly. Here is an example:\r
 * </p>\r
 * \r
 * <pre>\r
 * public A freeze() {\r
 *      if (!frozen) {\r
 *              foo.freeze();\r
 *              frozen = true;\r
 *      }\r
 *      return this;\r
 * }\r
 * </pre>\r
 * \r
 * <p>\r
 * If the field is a <code>Collection</code> or <code>Map</code>, then to\r
 * make it frozen you have two choices. If you have never allowed access to the\r
 * collection from outside your object, then just wrap it to prevent future\r
 * modification.\r
 * </p>\r
 * \r
 * <pre>\r
 * zone_to_country = Collections.unmodifiableMap(zone_to_country);\r
 * </pre>\r
 * \r
 * <p>\r
 * If you have <i>ever</i> allowed access, then do a <code>clone()</code>\r
 * before wrapping it.\r
 * </p>\r
 * \r
 * <pre>\r
 * zone_to_country = Collections.unmodifiableMap(zone_to_country.clone());\r
 * </pre>\r
 * \r
 * <p>\r
 * If a collection <i>(or any other container of objects)</i> itself can\r
 * contain mutable objects, then for a safe clone you need to recurse through it\r
 * to make the entire collection immutable. The recursing code should pick the\r
 * most specific collection available, to avoid the necessity of later\r
 * downcasing.\r
 * </p>\r
 * <blockquote>\r
 * <p>\r
 * <b>Note: </b>An annoying flaw in Java is that the generic collections, like\r
 * <code>Map</code> or <code>Set</code>, don't have a <code>clone()</code>\r
 * operation. When you don't know the type of the collection, the simplest\r
 * course is to just create a new collection:\r
 * </p>\r
 * \r
 * <pre>\r
 * zone_to_country = Collections.unmodifiableMap(new HashMap(zone_to_country));\r
 * </pre>\r
 * \r
 * </blockquote>\r
 * @stable ICU 3.8\r
 */\r
public interface Freezable<T> extends Cloneable {\r
    /**\r
     * Determines whether the object has been locked or not.\r
     * @stable ICU 3.8\r
     */\r
    public boolean isFrozen();\r
\r
    /**\r
     * Locks the object.\r
     * @return the object itself.\r
     * @stable ICU 3.8\r
     */\r
    public T freeze();\r
\r
    /**\r
     * Provides for the clone operation. Any clone is initially unlocked.\r
     * @stable ICU 3.8\r
     */\r
    public T cloneAsThawed();\r
}\r