New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resource Leak Checker's rules for owning fields rely on a stronger contract for @EnsuresCalledMethods than the actual contract #4838
Comments
I see two possible paths forward on this issue:
I think the second option is the better one. The fix will likely be smaller, though there is still the unexplained More detail on my proposal to fix the Resource Leak Checker: in a class C with owning fields Because there isn't an assignment tree, we won't be able to use the existing |
A third possible option: insert a new kind of postcondition annotation, such as |
@msridhar @mernst @Nargeshdb what do you think of these proposed fixes? |
I like the second option. One comment.
I wonder instead of tracking new |
That's fair, but I was planning to do it this way for implementation reasons - I think this approach is actually simpler rather than adding another check that requires digging into the Called Methods store. We already have to machinery to do so, so we may as well use it.
We still need a dataflow analysis to compute the "going-out-of-scope" point; I don't think there's a hook in the visitor to run a check at the end of a method. I think it could be done, if somewhat awkwardly, but I'd rather use the existing machinery that we have that will find the right "going-out-of-scope" points automatically (I think). |
Thinking more, my hesitation is that the consistency analyzer knows nothing about tracking a field as a resource alias right now; it only knows about locals. Probably you could just create a temporary local yourself associated with the field, but I still think you'd need special logic in the actual consistency check at the exit stores to look up the info for the field in place of the local. It might work out, just may end up being rather hackish.
My assumption was that the Resource Leak Checker's visitor runs after type inference has completed. So, if you can get access to the exceptional exit store somehow, you could just implement the check in |
The contract of the
@EnsuresCalledMethods
annotation is that it guarantees that the given method(s) are called on the given expression(s) if the method exits normally. The rules used by the Resource Leak Checker, however, assume that the given methods are called on all paths. This was first noticed by @msridhar in https://github.com/typetools/checker-framework/pull/4808/files#r673287910.As a concrete example, consider the following program:
Currently, the Resource Leak Checker incorrectly verifies this program (i.e. running
javac -processor resourceleak ReplicaInputStreams.java
does not issue any errors). I would expect some kind of error to be issued about this implementation ofclose()
, because it does not guarantee thatin2.close()
is called on all paths - there is an exceptional exit path fromin1.close()
.Confusingly, a similar example I wrote up does issue an error:
In this nearly identical example, the Called Methods Checker rejects
dispose()
, issuing the following error:The text was updated successfully, but these errors were encountered: