This comment is about:

Title:   State Machines as Mixins
Authors:   McNeile and Simons

By Anthony J H Simons, University of Sheffield, Sheffield, UK

The authors refer to our "Plug and Play" paper's claim that extending state machines in subtypes is unsafe.

We claim specifically that adding external states is unsafe in the context of multiple handles of different types on the same object. It is still OK to add internal states that are substates of existing states.

Cook and others only considered the subtype object's behaviour from the point of view that it was accessed through a supertype handle. In this case, you can censor the trace of the subtype and always get supertype behaviour; but in our multiple-handle case this is not so.

Consider an object X with one state A and a self-transition p : A->A. So long as it is in state A, the p transition is valid. Now, a subclass object Y extends X by adding nother
external state B, which is reached by a new transition q : A->B. The aximalbehaviour of Y is any sequence of p's followed by a single q.

Now, in Cook's approach, I can alias: var : X := obj : Y and safely expect messages to var to behave exactly like an X. I can send any sequence of p's and obj will still be in
state A.

In our more careful approach, we consider the possibility that var1 : X := obj : Y and also var2 : Y := obj : Y. In other words, there are two handles, var1 and var2, of different types, aliasing the same object obj. A program may expect var1 to behave always like an X. This will be true, up to the moment var2.q is executed, when obj will enter state B and var1.p will fail. This may be invisible from var1's point of view.

Note that this is a very common occurrence in practical programs, because objects are passed into algorithms that are distributed up and down a class hierarchy (eg as in the Template Method design pattern).

5 December 2003