Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flow based null check analysis for [<AllowNullLiteralAttribute>] types and alike #552

Closed
3 of 6 tasks
dmitry-a-morozov opened this issue Mar 22, 2017 · 3 comments
Closed
3 of 6 tasks

Comments

@dmitry-a-morozov
Copy link

Title of Suggestion

I propose we introduce flow based null check analysis for values of a type that marked as [<AllowNullLiteralAttribute>] and any typical .NET reference type (not defined in F#)

The existing way of approaching this problem in F# is to do explicit check

let s: string = CSharpClass().GetName()
if (s != null)
    printfn "%i" s.Length
else
    failwith "What do I do with NULL???"

Easy to forget checks lead to NullReferenceException.
It would make code more robust if F# compiler can enforce this checks.
e.g. following code won't compile complaining that s.Length can result in NRE without null checking

let s = CSharpClass().GetName()
printfn "%i" s.Length

This is similar to how Typescript or Kotlin compilers do null-safety analysis.

microsoft/TypeScript#8010
microsoft/TypeScript#7140

https://kotlinlang.org/docs/reference/null-safety.html

In F# nulls are slightly smaller issue that in other languages because native F# types cannot have null as normal value. Therefore this extra strict check should be opt-in. Thera are several ways to trigger verification:

  1. Introduce "--strictNullChecks" compiler switch.
    It means all code in a project should pass this check. I don't think it's practical to have only this option because all of sudden your whole code base doesn't compile and there are dozens if not hundred places where it has to be fixed. But somebody building mission-critical, super robust component might want to turn on this switch.

  2. More fine-grained approach is to have special attribute on function or method

[<StrictNullChecks>]
let f() = ...
//or
type Foo() = 
    [<StrictNullChecks>]
    member this.Bar() = 

It will force checks inside a body of marked function or method including input parameters.
This attribute should not be inherit-able.
It's possible that [<StrictNullChecks>] can be applied to a method parameter only but it seems not much gain over doing simple check or using Option<_> type.

The attribute can be applied on module or type level too.

Also would be nice if null check verification will flow within F# code base. e.g.

module Assert 
[<StrictNullChecks>]
let notNull x = ...


[<StrictNullChecks>]
let foo()= ...
    let s = CSharpClass().GetName()
    Assert.notNull s
    //safe to access properties like Length
    printfn "%i" s.Length
    ...

Pros and Cons

The advantages of making this adjustment to F# are: the code will be even more null-safe

The disadvantages of making this adjustment to F# are ... a lot of language design and compiler work

Extra informtion

Estimated cost (XS, S, M, L, XL, XXL): XL

Related suggestions: (put links to reated suggestions here)

Affadavit (must be submitted)

Please tick this by placing a cross in the box:

  • This is not a question (e.g. like one you might ask on stackoverflow) and I have searched stackoverflow for discussions of this issue
  • I have searched both open and closed suggestions on this site and believe this is not a duplicate
  • This is not something which has obviously "already been decided" in previous versions of F#. If you're questioning a fundamental design decision that has obviously already been taken (e.g. "Make F# untyped") then please don't submit it.

Please tick all that apply:

  • This is not a breaking change to the F# language design
  • I would be willing to help implement and/or test this
  • I or my company would be willing to help crowdfund F# Software Foundation members to work on this
@smoothdeveloper
Copy link
Contributor

it should probably come with the pending type annotation to allow to pass such reference with non-nil semantics.

Cobra Language (http://cobra-language.com/) does this with ! suffix on type names.

let doWithNonNull (text: string!) =
    printfn "%s is of length %i" text (text.Length)

Cobra also supports a to ! operator.

Also related: https://github.com/dotnet/csharplang/blob/master/proposals/nullable-reference-types.md

@dmitry-a-morozov
Copy link
Author

@smoothdeveloper This proposal is mostly to enforce strict checks on reference values coming out of non-F# APIs.
There is no need to add ! operator because F# is already great at null-tracking.
If it's F# API use Option<_> type like

let doWithNonNull (text: string option) =
    ...

If it's a value that is going to be passed to non-F# API use Option<_> to do all computations and convert it to a ref via Option.toObj

let x: string option = ... //compute
...
x |> Option.toObj |> doWithNonNull

@dsyme
Copy link
Collaborator

dsyme commented Nov 16, 2017

I think this will have to be part of a much broader question of how we interop with the proposed .NET/C# feature of non-nullable reference types https://blogs.msdn.microsoft.com/dotnet/2017/11/15/nullable-reference-types-in-csharp/

I'll close this and use #577 as the single issue for this

@dsyme dsyme closed this as completed Nov 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants