checker-framework icon indicating copy to clipboard operation
checker-framework copied to clipboard

Published 20 hours ago verified publisher icon typetools

`@MustCall` subtyping

Open mernst opened this issue 2 years ago • 2 comments

This code passes the Must Call Checker:

  @MustCall({"toString"}) String foo(@MustCall({"hashCode"}) String arg) {
    return arg;
  }

However, it seems wrong to permit one @MustCall type to be permitted to be used as another.

A test case appears in MustCallSubtypingTest.java.

mernst avatar Apr 07 '23 22:04 mernst

This is expected behavior: arg is a non-owning parameter, so its @MustCall type is ignored.

The manual section for the Must Call Checker doesn't explain this behavior, specifically, and I can see how it might be confusing. We could view this issue as a request for better documentation.

Alternatively, maybe the checker should warn about explicit @MustCall annotations that are ignored due to being written on a non-owning parameter? Or, we could modify the checker's rules to implicitly make such parameters @Owning, which might conform better to user expectations when writing an @MustCall annotation?

@mernst what would be your preferred action to take to address this confusion? Would better documentation be enough, or would you like us to do more?

kelloggm avatar Apr 10 '23 15:04 kelloggm

Thanks for the explanation.

the checker should warn about explicit @MustCall annotations that are ignored due to being written on a non-owning parameter

I think this is the best behavior.

we could modify the checker's rules to implicitly make such parameters @Owning, which might conform better to user expectations when writing an @MustCall annotation?

I fear this would be surprising. It would also make separate compilation (with regular javac) behave differently than compiling every file together while running the Checker Framework, which I would like to avoid.

mernst avatar Apr 10 '23 17:04 mernst