New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What if a tool provided an option to check only @NullMarked code? #236
Comments
This is an interesting point. NullAway has concepts of "excluded" and "unannotated" source classes (admittedly not carefully-chosen terms). If a class is "excluded," then we do not check it for nullability errors, but we treat its API as I personally prefer the tool behavior of not doing nullability checking inside It might be interesting to consider the variant that NullAway already supports, skipping checking for certain |
Thanks! To answer your question about the checker we're using inside Google: Checking and annotating code are currently completely independent. So it's possible to check code without annotating it and vice versa. In practice, we have code in the "annotated and checked" bucket and code in the "annotated but not checked" bucket (and probably almost all of that second bucket is only partially annotated, aside from the generated-code case you mentioned) -- and of course lots of code in the "neither annotated nor checked" bucket -- but a very small amount in the "checked but not annotated" bucket. I have wondering if "checked but not annotated" will be more useful in the future, but I haven't been placing a lot of hope in that. Theoretically, it could make it easier for us to flip checking on by default for our depot. And even before turning on full checking, I could imagine some kind of more conservative checking that we'd try to enable for the whole depot, even if only one-off checks more like |
Running one-off checks like |
I've belatedly thought of more precedent for coupling checking and annotating: the Checker Framework. The Checker Framework does something similar but in the opposite direction: If you enable checking, then the Checker Framework's modified javac writes inferred annotations to the generated bytecode. We don't plan to go that direction with JSpecify because we don't want for the same code to be treated differently depending on which compiler it was built with. Nevertheless, this is another case that demonstrates how users may be used to coupling checking and annotating. |
I think this is the right general point; we "don't want" tools to treat our annotations as meaning anything other than what we say they mean, and will try to discourage them from doing that somehow. In this case maybe it's reasonable though. "I see there {will/won't} be a critical mass of usable information in this code, so I {will/won't} analyze it....." |
(Thanks, the "critical mass" phrasing expresses that point of view well.) I remembered another benign(?) possible case case for "assigning meaning to our annotations that they aren't meant to have": Past discussions have touched on the idea that some users may want tools to enforce the rule like "All classes in this directory must be This would mean that tools act differently when they see |
One other thing that I'd forgotten was to connect this proposal to the problem of package-level Now, different projects will have different opinions on whether they're ready to start annotating and checking their tests. But setting that aside, the main point is that we'd be making package-level |
Another thing to consider for further down the road, when users can realistically expect their build tools and the IDEs to come with extensive support for JSpecify's feature set: Someone who is adopting nullness checking incrementally would be happy to be able to share configuration for that checking across tools. After all, no one is going to be excited to update both a build configuration and an IDE configuration whenever it's time to enable checking for a new class. If tools were to recognize I worry that that's actually too convenient and that it will lead users to not run nullness checking on unannotated code at all. That wouldn't be the end of the world, but it could be sad for a lone |
It sounds like |
I have no issue with a tool deciding to check only null-marked code, or have an option for checking only null-marked code. And I definitely don't think we should need to worry about a possible Closeable? |
(prompted in part by #127 (comment), but I'm not claiming that Lázaro was proposing this)
One important feature of JSpecify is that it is designed to be possible to run a nullness checker on unannotated code and get useful results -- some errors from the nullness information that is available (from annotated dependencies or usages of
null
literals) but not errors for every method that, e.g., should someday have a@Nullable
annotation on its return type.Another important feature is that it's possible to sprinkle annotations across a codebase without first making the entire thing pass nullness checking.
Nevertheless... code that is run through a nullness checker is much more likely to be correctly annotated.
Plus, configuring a build to apply nullness checking to exactly the right set of files can be annoying.
It's easy to imagine, for example, that someone might enable nullness checking for a codebase, start to put
@NullMarked
on packages, and then respond to nullness errors in those packages by adding@SuppressWarnings("nullness")
to some classes. This leaves behind classes that are in the scope of@NullMarked
but probably don't have correct nullness information.So: Would it be reasonable for a tool to offer, hopefully in addition to its normal behavior (of checking all given code, all code that matches a given pattern, etc.), a mode in which it checks only code that is in the scope of a
@NullMarked
annotation (and, presumably, not negated by a@NullUnmarked
annotation)? This would nudge users toward running the checker on any code that they make a serious attempt to annotate, and it would encourage them to put@NullUnmarked
(rather than just a suppression) on sections that they choose not to seriously annotate.Is this even "a JSpecify question?" I'm not sure:
@NullMarked
as an instruction to check code (if they're running in that mode), then they're assigning meaning to our annotations that they aren't meant to have.Opinions?
[edit: much later, a proposal of such an option]
The text was updated successfully, but these errors were encountered: