This is of course only my opinion, but I believe that there is a real
risk of "the perfect is the enemy of the good" in trying to capture too
much detail. The risk is that the annotation set is so large and
complicated, that people will either not use it, or use it incorrectly.
I think we agree that what we have now (nothing) is "too little". My
assertion is that there is a point that is "too much". So, our job is
to find "just right", or at least "close enough for V1."
Information is quantized, so the point immediately to the right of
"none" on the spectrum above is "one bit of information". While there
are numerous one-bit solutions, the most useful one bit of information
we can capture is a class-level @ThreadSafe annotation; this is a
statement of design intent, where the programmer says "I intend for this
class to be safe to be used concurrently without additional coordination
or synchronization."
So, let's take as our strawman the annotation set containing
@ThreadSafe. Clearly this is better than no annotations at all. It is
useful for capturing an important element of design intent. Moreover,
it requires very little additional thought on the part of the class
writer; when writing a class, you generally already know whether you
intend it to be thread-safe or not. So capturing it requires no thought
and a small number of keystrokes. The information is useful to the
clients of a class, for sure -- this is useful documentation. And
potentially might be useful to tools, a primary focus of JSR 305 (but
with only one bit of information, the tools won't be able to do all that
much more than they do with no bits of information.)
It is my belief that we can't add too many concurrency annotations
without undermining many of the benefits of the one-bit approach. The
more annotations there are, the more complexity, the more likely class
writers will use none of them. Its probably better to get 100%
penetration of @ThreadSafe than 5% penetration of "provably correct."
The other problem with the larger sets of annotations is that they still
end up being approximations. If we could construct a 30-annotation set
that asserted everything we might ever want to assert about concurrent
behavior, I might be more tempted. But I'm pretty convinced that the
30-annotation set is only an incremental refinement of the 3-annotation
set, and the 300-annotation set is only an incremental refinement of the
30-annotation set.
I realize that Brian is talking about concurrency annotations far
beyond Swing, however lack of Swing concurrency annotations are my
major pain point. In that arena, the more the annotations can spot my
mistakes (or verify their absence) ahead of time, the more I will use
them. Compile time is obviously the best time. For Swing, if the
needs of a good tool dictated the annotations required, I would adapt.
Does attacking the problem from the other side make it any simpler?
What is the highest number of concurrency annotations that anybody
from the tool community sees any value in?
Right instinct, but we need to rephrase the question. I can think of
dozens of annotations (with possibly hundreds of variants) that can meet
the "any value" bar. We need to set the "pulls its own weight" bar
higher. But I agree that its reasonable to try and work it from both
sides and see what comes out of such an experiment.