chore: add checkerframework for nullness verification#1814
chore: add checkerframework for nullness verification#1814vlsi merged 3 commits intopgjdbc:masterfrom
Conversation
|
Just in case, the very first error is a true bug:
|
|
cool! |
Codecov Report
@@ Coverage Diff @@
## master #1814 +/- ##
============================================
- Coverage 68.73% 68.59% -0.15%
- Complexity 4223 4231 +8
============================================
Files 195 196 +1
Lines 17578 17740 +162
Branches 2892 2939 +47
============================================
+ Hits 12083 12168 +85
- Misses 4192 4219 +27
- Partials 1303 1353 +50 |
|
Very cool. Does this stick around as a runtime dependency or is it only test / build time? |
Nice catch. I doubt that'd happen in practice as you'd have to go out of your way to end up with a null value. Still nice to fix it, what should the fallback be? Classloader of the class itself ( |
|
There are reasons to keep the annotations in the published jars: other languages and tools would see the annotations and infer nullability of the parameters and the returned values. I know Kotlin rejects the code if you pass null to a Java parameter that is annotated as not null. I am not sure yet which annotation library to choose (there are multiple), however, the switch can probably be made by a global search and replace. There's a backfire from Java 1.7 though: it does not support type annotations, so we can't have |
|
@sehrope , I've improved classloader handling in 5937065#diff-b5476fa4ea51ca4548c14b11c8ec4179R100 |
|
Good point on keeping them in. I took a peek at the license for this one, it's GPL with classpath exception so should be good right? +1 for anything that gives us more reasons to drop 1.7 support. We have to drop it at some point, let's pick something and move on. It's been 5+ years that's it's EOL. |
LGTM. That looks like it could go in on it's own as it's own PR without the rest of the new annotations. I was going to suggest moving that logic into it's own method but the only other code reading a resource stream is in a test so not worth it. |
|
@sehrope , @bokken , @davecramer , do you have something to say regarding the changes like a688233 and d435f3b ? The change is like public void flush() throws IOException {
- checkClosed();
+ LargeObject lo = checkClosed();
try {
if (bpos > 0) {
lo.write(buf, 0, bpos);It looks like On the other hand, then Frankly speaking, I'm inclined to |
Looking at this I see no reason not to do it. Did you have specific concerns ? |
+1. Much cleaner.
I don't like this one as much, in particular the shading of the member variables. Can instead make the |
I thought behind the same lines as well, however, there are cases when nullifying might help to release resources. |
|
It is definitely more of a style thing, but I kind of like the changes in d435f3b |
|
Ok, less than 100 errors left :) |
|
Open question: is it legal to return Javadoc specifies: The current code has pgjdbc/pgjdbc/src/main/java/org/postgresql/jdbc/PgArray.java Lines 164 to 166 in 9a0d2b1 When receiving the array from DB, I expect that When sending data to the DB, the current API allows to pass Unfortunately, we have a single class Any thoughts? |
|
One more item: pgjdbc/pgjdbc/src/main/java/org/postgresql/copy/CopyManager.java Lines 44 to 47 in 9a0d2b1 I wonder if the following should be converted to an error rather than a silent log: pgjdbc/pgjdbc/src/main/java/org/postgresql/core/v3/QueryExecutorImpl.java Lines 1132 to 1135 in 9a0d2b1 |
vlsi
force-pushed
the
checkerframework
branch
4 times, most recently
from
8b30082 to
683ab4c
Compare
vlsi
force-pushed
the
checkerframework
branch
3 times, most recently
from
f9abdd7 to
7be56cf
Compare
|
AFAIK the PR is more-or-less ready. It builds (including jre6, jre7, and dependency-reduced-pom). |
vlsi
force-pushed
the
checkerframework
branch
8 times, most recently
from
28cf119 to
1231a79
Compare
|
I think the PR is ready for merge, and I'm inclined to merge it in 2-3 days. |
vlsi
force-pushed
the
checkerframework
branch
3 times, most recently
from
5260475 to
a514045
Compare
5 participants
See https://checkerframework.org/
Let's see how it works. The intention is to have non-nullable types by default, and add
@Nullablewhen the returned type is nullable.So far I'm not sure if we can use our own nullability annotations.
Dependencies
The added dependency
checkerframework:checker-qual:3.5.0. It is used for annotations only, so the dependency can be excluded.Note:
jre6,jre7, andsource releaseare produced with all the annotations commented out.Issues
Checker Framework relies on the annotated JDK for the verifications, and there might be issues there.
For instance,
BatchUpdateExceptionis not annotated with@Nullabletypetools/jdk#62
typetools/jdk#63
typetools/jdk#64
In practice, we can overrule that by placing
stubfiles toconfig/checkerframework/...folder, so we do not depend on CF releases.https://youtrack.jetbrains.com/issue/IDEA-245323 -- IDEA produces false positives for nested arrays.
Findings
CheckerFramework works on a method by method basis, so it seems to produce lots of errors when the precondition is verified in another method.
For instance:
As far as I understand,
EnsuresNonNullshould tell CF thatupdateValuesis non-null ifcheckUpdateable()completes successfully. However, it does not seem to work, and, on top of that, IDEA does not seem to recognize@EnsuresNonNulleither.The same goes for
if (wasNull()) { return null; } ... getString(...)which often appears in getters.We know
getStringcan't return null, however, CF produces warnings.Edge cases
pgjdbc/pgjdbc/src/main/java/org/postgresql/core/v3/replication/V3PGReplicationStream.java
Lines 67 to 75 in 9a0d2b1
read()Javadoc says the method never returnsnull, yet it would returnnullin casecopyDual.isActive()becomes false.Test code
It looks like verifying test code takes too much time, and the gain does not seem to be significant enough, so the test code is not verified.