-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Soundly handle must call obligations with unknown must call methods #5912
Conversation
…o precision issues)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am ok with getting this change in to fix the soundness bug. However, if we can fix the false positive in the near future, that would be good too. Without that I'm not sure there is a good way to work around the new warnings other than a suppression.
@msridhar this needs to be re-reviewed, because CI failed. The failure occurred because this change introduced new typechecking errors from the RLC in the Checker Framework itself. I've removed those by writing some I would prefer to handle this problem by defaulting type variables to |
@kelloggm I'm a little concerned about these new warnings and the impacts they are going to have on users, particularly since the warnings seem to appear in code that has nothing to do with resource management. I think we should spend a bit of time trying to see if we can change defaulting of type variables to avoid these issues. |
I agree. But, I figured adding them here would make the scope of the problem clear. I'd prefer a version of this PR with no new annotations but which does a better job defaulting type variables. |
I was able to change some of the As far as type variable defaulting, you can make the upper bound of type variables What about changing the default of return types that are type variables to For example:
|
… into issue5908-change-defaults
@smillst, thanks for your suggestions. Here are some notes on these two alternatives; I'd appreciate your (and @msridhar's) help in deciding which of them to take.
I looked into doing this. It's technically possible and relatively easy (the change would need to be made in The problem is that this causes some tests to fail, in a way that suggests to me that this change might be unsound. In particular, the following tests fail:
In each of these cases, we have something like
I looked into this too, in some detail. The number of new warnings is actually not as large as your comment suggested it might be, and this change actually would remove a large number of false positives in the Checker Framework itself (i.e., would remove warning suppressions) without introducing any new false positives. So, I think we ought to seriously consider it. You can look at the changes yourself on the The problem with this change is that it becomes an error to write
One thing that I do like about this option is that it limits the false positives to code that actually uses a resource, which is extremely desirable. On the other hand, though, it doesn't give the programmer any real tools to verify code that uses arbitrarily-sized collections of resources (but, as @Calvin-L discovered in #5969, this is already true of the RLC). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re-approving the changes. This is assuming nothing needs to be re-reviewed @kelloggm
which prevents many false positives in code with type variables that makes | ||
no use of resources --- an important design principle. | ||
However, this defaulting rule does have an unfortunate consequence: it is | ||
an error to write \code{List<Socket>} and any other use of a type variable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand "and any other use of a type variable", since this paragraph has not yet used a type variable. Maybe a concrete code example would help.
@smillst Could you take a look at the code changes to determine the interactions with your |
This pull request makes explicit and implicit upper bounds use the same default, so nothing in this branch will need to change. In the |
@smillst Great, thanks for confirming. |
Fixes #5908.
I'm investigating the false positive in the "correct" version of the test case separately, because I can reproduce it with just the Called Methods Checker (and it's more important to close the soundness loophole).This PR also changes the defaulting scheme used for type variable upperbounds. See the documentation.
Merge with codespecs/daikon#492
and plume-lib/plume-util#314.