dotnet
Nullness issue - Downcasting should preserve nullness information
Issue description
Downcasting is an operation that returns null when input is null. However, when the explicit coercion type is not nullable, the downcasting result currently won't be nullable either. Either a nullable type should be required (:?> string | null) or the downcasting operator should automatically adjust nullness based on the input type.
Choose one or more from the following categories of impact
- [ ] Unexpected nullness warning (false positive in nullness checking, code uses --checknulls and langversion:preview).
- [X] Missing nullness warning in a case which can produce nulls (false negative, code uses --checknulls and langversion:preview).
- [ ] Breaking change related to older
nullconstructs in code not using the checknulls switch. - [ ] Breaking change related to generic code and explicit type constraints (
null,not null). - [ ] Type inference issue (i.e. code worked without type annotations before, and applying the --checknulls enforces type annotations).
- [ ] C#/F# interop issue related to nullness metadata.
- [ ] Other (none of the categories above apply).
Operating System
Windows (Default)
What .NET runtime/SDK kind are you seeing the issue on
.NET SDK (.NET Core, .NET 5+)
.NET Runtime/SDK version
9.0.0-preview.7.24405.7
Reproducible code snippet and actual behavior
((null: obj | null) :?> string).Length
No warning, throws NRE.
Possible workarounds
No response
Desribed in https://github.com/fsharp/fslang-design/blob/main/RFCs/FS-1060-nullable-reference-types.md#meaning-of-unbox, perhaps forgotten or ignored for the time being?
I think there are two perspectives:
- Admit that with downcasting, the code is inherently dangerous at runtime. i.e. allow downcasting e.g. a nullable obj into a DU
- Try to maintain nullness (similar to
[NotNullIfNotNull]in C# flow analysis), even though this might complicate downcasting-heavy code.
This is further complicated by the fslib Unboxing functions doing a runtime lookup, where nullness information is no longer known.
A solution which would insist on downcasting a nullable source into a nullable target ( :?> string | null) would only work on target types which can carry nullness, which is not equal to all types that can be downcasted to (tuples, anon records).
A safe but not all-scenarios-covering change would be:
- If source is nullable
- Target can be enhanced to be nullable
- Insist on the downcasting target to be decorated
| null, report a nullness warning if it isn't
Would that meet the expectations here?
((null: obj | null) :?> string).Length
This shouldn't throw an NRE but should throw an exception during the :?> string cast.
f(x: string | null) = x :?> string should succeed if x is a string, and fail if x is null (since, post NRTs, null is not a string).
No separate warning should be given since now new danger is introduced: :?> is known to throw if the LHS is not of the type on the RHS.
If there is a warning it should apply to all uses of :?> ("don't use this").
but should throw an exception during the :?> string cast
Feel free to take up that breaking change (which is what a different exception constitutes, I think) with the runtime team (unless you're suggesting F# should start injecting extra null checks before the unbox.any instruction).