pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3a629e46ce'
${ noResults }
infer_clone/infer/src/nullsafe/Nullability.ml

96 lines
3.3 KiB
Raw Normal View History Unescape

[nullsafe] Introduce Nullability module and make NullsafeRules use it Summary: In previous refactoring stages, we operated on AnnotatedNullability (nullability of a field or method signature together with its origin), and InferredNullability (nullability of a value in typestate together with its origin). Now it is time to extract common Nullability as a type system concept, together with `<:` and `join` functionality. This was sketched in `NullsafeRules`, so this diff consolidates this as well. In follow up diffs, we will reduce/get rid of direct usages of things like `InferredNullability.is_nullable`. This will simplify introducing intermediate Nullability types. Reviewed By: artempyanykh Differential Revision: D17789599 fbshipit-source-id: f1b9d2dd0
5 years ago
(*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*)
open! IStd
[nullsafe] Directly model nullability of values from third-party code Summary: We need to be able to differentiate `UncheckedNonnull`s in internal vs third-party code. Previously, those were under one `UncheckedNonnull` nullability which led to hacks for optmistic third-party parameter checks in `eradicateChecks.ml` and lack of third-party enforcement in `Nullsafe(LOCAL, trust=all)` mode (i.e. we want to trust internal unchecked code, but don't want to trust unvetted third-party). Now such values are properly modelled and can be accounted for regularly within rules. Also, various whitelists are refactored using `Nullability.is_considered_nonnull ~nullsafe_mode nullability`. `ErrorRenderingUtils` became a tad more convoluted, but oh well, one step at a time. Reviewed By: mityal Differential Revision: D19977086 fbshipit-source-id: 8337a47b9
5 years ago
module F = Format
[nullsafe] Introduce Nullability module and make NullsafeRules use it Summary: In previous refactoring stages, we operated on AnnotatedNullability (nullability of a field or method signature together with its origin), and InferredNullability (nullability of a value in typestate together with its origin). Now it is time to extract common Nullability as a type system concept, together with `<:` and `join` functionality. This was sketched in `NullsafeRules`, so this diff consolidates this as well. In follow up diffs, we will reduce/get rid of direct usages of things like `InferredNullability.is_nullable`. This will simplify introducing intermediate Nullability types. Reviewed By: artempyanykh Differential Revision: D17789599 fbshipit-source-id: f1b9d2dd0
5 years ago
type t =
[nullsafe] Introduce Null nullability type Summary: This will allow us tune nullsafe behavior in a more fine-grained way. See e.g. a follow up diff when we report errors more clearly. Reviewed By: ngorogiannis Differential Revision: D18683747 fbshipit-source-id: 7b5c42a03
5 years ago
| Null (** The only possible value for that type is null *)
[nullsafe] Introduce Nullability module and make NullsafeRules use it Summary: In previous refactoring stages, we operated on AnnotatedNullability (nullability of a field or method signature together with its origin), and InferredNullability (nullability of a value in typestate together with its origin). Now it is time to extract common Nullability as a type system concept, together with `<:` and `join` functionality. This was sketched in `NullsafeRules`, so this diff consolidates this as well. In follow up diffs, we will reduce/get rid of direct usages of things like `InferredNullability.is_nullable`. This will simplify introducing intermediate Nullability types. Reviewed By: artempyanykh Differential Revision: D17789599 fbshipit-source-id: f1b9d2dd0
5 years ago
| Nullable (** No guarantees on the nullability *)
[nullsafe] Directly model nullability of values from third-party code Summary: We need to be able to differentiate `UncheckedNonnull`s in internal vs third-party code. Previously, those were under one `UncheckedNonnull` nullability which led to hacks for optmistic third-party parameter checks in `eradicateChecks.ml` and lack of third-party enforcement in `Nullsafe(LOCAL, trust=all)` mode (i.e. we want to trust internal unchecked code, but don't want to trust unvetted third-party). Now such values are properly modelled and can be accounted for regularly within rules. Also, various whitelists are refactored using `Nullability.is_considered_nonnull ~nullsafe_mode nullability`. `ErrorRenderingUtils` became a tad more convoluted, but oh well, one step at a time. Reviewed By: mityal Differential Revision: D19977086 fbshipit-source-id: 8337a47b9
5 years ago
| ThirdPartyNonnull
(** Values coming from third-party methods and fields not explictly annotated as [@Nullable].
We still consider those as non-nullable but with the least level of confidence. *)
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
| UncheckedNonnull
[ocamlformat] Enable parsing and reformatting docstrings Summary: This diff enables parsing and auto-formatting documentation comments (aka docstrings). I have looked at this entire diff and manually made some changes to improve the formatting. In some cases it looked like it would take too much time, or benefit from someone more familiar with the code doing it, and I instead disabled auto-formatting docstrings in those files. Also, there are some source files where the docstrings are invalid, and some where the structure detected by the parser appears not to match what was intended. Auto-formatting has been disabled for these files. Reviewed By: ezgicicek Differential Revision: D18755888 fbshipit-source-id: 68d72465d
5 years ago
(** The type comes from a signature that is annotated (explicitly or implicitly according to
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
conventions) as non-nullable. However, it might still contain null since the truthfulness
[ocamlformat] Enable parsing and reformatting docstrings Summary: This diff enables parsing and auto-formatting documentation comments (aka docstrings). I have looked at this entire diff and manually made some changes to improve the formatting. In some cases it looked like it would take too much time, or benefit from someone more familiar with the code doing it, and I instead disabled auto-formatting docstrings in those files. Also, there are some source files where the docstrings are invalid, and some where the structure detected by the parser appears not to match what was intended. Auto-formatting has been disabled for these files. Reviewed By: ezgicicek Differential Revision: D18755888 fbshipit-source-id: 68d72465d
5 years ago
of the declaration was not checked. *)
[nullsafe] Support Nullsafe(Local, trust=all/none) mode Summary: Add support for nullsafe mode with `trust=all` and `trust=none` a case with a specific trust list is not supported yet and needs to be implemented separately. Tests introduce one unexpected `ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION` issue which complains about `this` having incorrect nullability; it is a bug and needs to be fixed separately. Reviewed By: mityal Differential Revision: D19662708 fbshipit-source-id: 3bc1e3952
5 years ago
| LocallyCheckedNonnull
(** Non-nullable value the comes from a class checked under local mode. Local mode type-checks
files against its dependencies but does not require the dependencies to be transitively
checked. Therefore this type of non-nullable value is differentiated from StrictNonnull. *)
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
| StrictNonnull
(** Non-nullable value with the highest degree of certainty, because it is either:
- a non-null literal,
- an expression that semantically cannot be null,
- comes from internal code checked under strict mode,
- comes from a third-party method with an appropriate built-in model or user-defined
nullability signature.
The latter two are potential sources of unsoundness issues for nullsafe, but we need to
strike the balance between the strictness of analysis, convenience, and real-world risk. *)
[nullsafe] Introduce Nullability module and make NullsafeRules use it Summary: In previous refactoring stages, we operated on AnnotatedNullability (nullability of a field or method signature together with its origin), and InferredNullability (nullability of a value in typestate together with its origin). Now it is time to extract common Nullability as a type system concept, together with `<:` and `join` functionality. This was sketched in `NullsafeRules`, so this diff consolidates this as well. In follow up diffs, we will reduce/get rid of direct usages of things like `InferredNullability.is_nullable`. This will simplify introducing intermediate Nullability types. Reviewed By: artempyanykh Differential Revision: D17789599 fbshipit-source-id: f1b9d2dd0
5 years ago
[@@deriving compare, equal]
[nullsafe] Support Nullsafe(Local, trust=all/none) mode Summary: Add support for nullsafe mode with `trust=all` and `trust=none` a case with a specific trust list is not supported yet and needs to be implemented separately. Tests introduce one unexpected `ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION` issue which complains about `this` having incorrect nullability; it is a bug and needs to be fixed separately. Reviewed By: mityal Differential Revision: D19662708 fbshipit-source-id: 3bc1e3952
5 years ago
type pair = t * t [@@deriving compare, equal]
[nullsafe] Consolidate over-annotated issues Summary: This diff proceeds work for consolidating nullsafe logic and making it type-agnostic Reviewed By: artempyanykh Differential Revision: D17808485 fbshipit-source-id: 85356c625
5 years ago
let top = Nullable
[nullsafe] Introduce Nullability module and make NullsafeRules use it Summary: In previous refactoring stages, we operated on AnnotatedNullability (nullability of a field or method signature together with its origin), and InferredNullability (nullability of a value in typestate together with its origin). Now it is time to extract common Nullability as a type system concept, together with `<:` and `join` functionality. This was sketched in `NullsafeRules`, so this diff consolidates this as well. In follow up diffs, we will reduce/get rid of direct usages of things like `InferredNullability.is_nullable`. This will simplify introducing intermediate Nullability types. Reviewed By: artempyanykh Differential Revision: D17789599 fbshipit-source-id: f1b9d2dd0
5 years ago
let join x y =
[nullsafe] Introduce DeclaredNonnull Summary: This is an intermediate nullability type powering future Strict mode. See the next diff. Reviewed By: artempyanykh Differential Revision: D17977909 fbshipit-source-id: 2d5ab66d4
5 years ago
match (x, y) with
[nullsafe] Introduce Null nullability type Summary: This will allow us tune nullsafe behavior in a more fine-grained way. See e.g. a follow up diff when we report errors more clearly. Reviewed By: ngorogiannis Differential Revision: D18683747 fbshipit-source-id: 7b5c42a03
5 years ago
| Null, Null ->
Null
| Null, _ | _, Null ->
Nullable
[nullsafe] Introduce DeclaredNonnull Summary: This is an intermediate nullability type powering future Strict mode. See the next diff. Reviewed By: artempyanykh Differential Revision: D17977909 fbshipit-source-id: 2d5ab66d4
5 years ago
| Nullable, _ | _, Nullable ->
Nullable
[nullsafe] Directly model nullability of values from third-party code Summary: We need to be able to differentiate `UncheckedNonnull`s in internal vs third-party code. Previously, those were under one `UncheckedNonnull` nullability which led to hacks for optmistic third-party parameter checks in `eradicateChecks.ml` and lack of third-party enforcement in `Nullsafe(LOCAL, trust=all)` mode (i.e. we want to trust internal unchecked code, but don't want to trust unvetted third-party). Now such values are properly modelled and can be accounted for regularly within rules. Also, various whitelists are refactored using `Nullability.is_considered_nonnull ~nullsafe_mode nullability`. `ErrorRenderingUtils` became a tad more convoluted, but oh well, one step at a time. Reviewed By: mityal Differential Revision: D19977086 fbshipit-source-id: 8337a47b9
5 years ago
| ThirdPartyNonnull, _ | _, ThirdPartyNonnull ->
ThirdPartyNonnull
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
| UncheckedNonnull, _ | _, UncheckedNonnull ->
UncheckedNonnull
[nullsafe] Support Nullsafe(Local, trust=all/none) mode Summary: Add support for nullsafe mode with `trust=all` and `trust=none` a case with a specific trust list is not supported yet and needs to be implemented separately. Tests introduce one unexpected `ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION` issue which complains about `this` having incorrect nullability; it is a bug and needs to be fixed separately. Reviewed By: mityal Differential Revision: D19662708 fbshipit-source-id: 3bc1e3952
5 years ago
| LocallyCheckedNonnull, _ | _, LocallyCheckedNonnull ->
LocallyCheckedNonnull
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
| StrictNonnull, StrictNonnull ->
StrictNonnull
[nullsafe] Introduce Nullability module and make NullsafeRules use it Summary: In previous refactoring stages, we operated on AnnotatedNullability (nullability of a field or method signature together with its origin), and InferredNullability (nullability of a value in typestate together with its origin). Now it is time to extract common Nullability as a type system concept, together with `<:` and `join` functionality. This was sketched in `NullsafeRules`, so this diff consolidates this as well. In follow up diffs, we will reduce/get rid of direct usages of things like `InferredNullability.is_nullable`. This will simplify introducing intermediate Nullability types. Reviewed By: artempyanykh Differential Revision: D17789599 fbshipit-source-id: f1b9d2dd0
5 years ago
let is_subtype ~subtype ~supertype = equal (join subtype supertype) supertype
[nullsafe] Directly model nullability of values from third-party code Summary: We need to be able to differentiate `UncheckedNonnull`s in internal vs third-party code. Previously, those were under one `UncheckedNonnull` nullability which led to hacks for optmistic third-party parameter checks in `eradicateChecks.ml` and lack of third-party enforcement in `Nullsafe(LOCAL, trust=all)` mode (i.e. we want to trust internal unchecked code, but don't want to trust unvetted third-party). Now such values are properly modelled and can be accounted for regularly within rules. Also, various whitelists are refactored using `Nullability.is_considered_nonnull ~nullsafe_mode nullability`. `ErrorRenderingUtils` became a tad more convoluted, but oh well, one step at a time. Reviewed By: mityal Differential Revision: D19977086 fbshipit-source-id: 8337a47b9
5 years ago
let is_considered_nonnull ~nullsafe_mode nullability =
let least_required =
match nullsafe_mode with
| NullsafeMode.Strict ->
StrictNonnull
| NullsafeMode.Local (NullsafeMode.Trust.Only _classes) ->
(* TODO(T61473665). For now treat trust with specified classes as trust=none. *)
LocallyCheckedNonnull
| NullsafeMode.Local NullsafeMode.Trust.All ->
UncheckedNonnull
| NullsafeMode.Default ->
ThirdPartyNonnull
in
is_subtype ~subtype:nullability ~supertype:least_required
let is_nonnullish t = is_considered_nonnull ~nullsafe_mode:NullsafeMode.Default t
[nullsafe] Introduce DeclaredNonnull Summary: This is an intermediate nullability type powering future Strict mode. See the next diff. Reviewed By: artempyanykh Differential Revision: D17977909 fbshipit-source-id: 2d5ab66d4
5 years ago
let to_string = function
[nullsafe] Introduce Null nullability type Summary: This will allow us tune nullsafe behavior in a more fine-grained way. See e.g. a follow up diff when we report errors more clearly. Reviewed By: ngorogiannis Differential Revision: D18683747 fbshipit-source-id: 7b5c42a03
5 years ago
| Null ->
"Null"
[nullsafe] Introduce DeclaredNonnull Summary: This is an intermediate nullability type powering future Strict mode. See the next diff. Reviewed By: artempyanykh Differential Revision: D17977909 fbshipit-source-id: 2d5ab66d4
5 years ago
| Nullable ->
"Nullable"
[nullsafe] Directly model nullability of values from third-party code Summary: We need to be able to differentiate `UncheckedNonnull`s in internal vs third-party code. Previously, those were under one `UncheckedNonnull` nullability which led to hacks for optmistic third-party parameter checks in `eradicateChecks.ml` and lack of third-party enforcement in `Nullsafe(LOCAL, trust=all)` mode (i.e. we want to trust internal unchecked code, but don't want to trust unvetted third-party). Now such values are properly modelled and can be accounted for regularly within rules. Also, various whitelists are refactored using `Nullability.is_considered_nonnull ~nullsafe_mode nullability`. `ErrorRenderingUtils` became a tad more convoluted, but oh well, one step at a time. Reviewed By: mityal Differential Revision: D19977086 fbshipit-source-id: 8337a47b9
5 years ago
| ThirdPartyNonnull ->
"ThirdPartyNonnull"
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
| UncheckedNonnull ->
"UncheckedNonnull"
[nullsafe] Support Nullsafe(Local, trust=all/none) mode Summary: Add support for nullsafe mode with `trust=all` and `trust=none` a case with a specific trust list is not supported yet and needs to be implemented separately. Tests introduce one unexpected `ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION` issue which complains about `this` having incorrect nullability; it is a bug and needs to be fixed separately. Reviewed By: mityal Differential Revision: D19662708 fbshipit-source-id: 3bc1e3952
5 years ago
| LocallyCheckedNonnull ->
"LocallyCheckedNonnull"
[nullsafe] Rename nullability variants Summary: Rename DeclaredNonnull -> UncheckedNonnull, Nonnull -> StrictNonnull. This is a preparatory step to introduce one more nullability option, specifically CheckedNonnull to support local nullsafe mode. Reviewed By: ngorogiannis, mityal Differential Revision: D19619289 fbshipit-source-id: 12a3ff814
5 years ago
| StrictNonnull ->
"StrictNonnull"
[nullsafe] Directly model nullability of values from third-party code Summary: We need to be able to differentiate `UncheckedNonnull`s in internal vs third-party code. Previously, those were under one `UncheckedNonnull` nullability which led to hacks for optmistic third-party parameter checks in `eradicateChecks.ml` and lack of third-party enforcement in `Nullsafe(LOCAL, trust=all)` mode (i.e. we want to trust internal unchecked code, but don't want to trust unvetted third-party). Now such values are properly modelled and can be accounted for regularly within rules. Also, various whitelists are refactored using `Nullability.is_considered_nonnull ~nullsafe_mode nullability`. `ErrorRenderingUtils` became a tad more convoluted, but oh well, one step at a time. Reviewed By: mityal Differential Revision: D19977086 fbshipit-source-id: 8337a47b9
5 years ago
let pp fmt t = F.fprintf fmt "%s" (to_string t)