Comments (8)
I incline OpenRewrite might be slightly better at suggesting the fixes.
Perhaps; as a long-time user of Error Prone and one of the primary devs behind Error Prone Support I'm likely biased. ;)
I do agree that OpenRewrite is better at handling the transitive (cross-compilation unit) rewrites that may be required for an automated fix.
from forbidden-apis.
Great idea. In terms of "how to implement": likely Error Prone is more suitable for such a check (with the added benefit that it can automatically emit appropriate fixes).
NB: A low-false positive check would have to both consider method overrides, as well as constraints imposed by the APIs (if any) to which the Function
(etc.) parameters are be passed.
from forbidden-apis.
Perhaps; as a long-time user of Error Prone and one of the primary devs behind Error Prone Support I'm likely biased. ;)
Ah, nice. I tend adding Error Prone to all Java projects I'm working with (I'm quite happy with performance and output messages), so thanks for keeping it afloat. It is sad error-prone does not work for Kotlin though :-/
from forbidden-apis.
with the added benefit that it can automatically emit appropriate fixes
I incline OpenRewrite might be slightly better at suggesting the fixes.
However, suggesting a fix is complicated as adding variance to the parameter would likely require changes subsequent code: it might require adding variance to the fields (e.g. if the Function
is passed in constructor and stored to a field), it might require adding variance to the local variables, and so on.
likely Error Prone is more suitable for such a check
Technically speaking, the set of checks for Error Prone and forbidden-apis overlap, however, I find that forbidden-apis is lightweight (it does not require extra compiler, etc), so I consider forbidden-apis as a reasonable location for the check even though I understand there will be no "automatic code fix".
However, I agree variance check might be a stretch for forbidden-apis goals.
On the other hand, Function<A, B>
is used a lot, and it would be nice if the invariant usages could be detected early.
NB: A low-false positive check would have to both consider method overrides, as well as constraints imposed by the APIs (if any) to which the Function (etc.) parameters are be passed.
You are right. It should probably avoid cases like Consumer<? extends String>
.
from forbidden-apis.
Hi,
the problem is that the information you are requesting may not be available in the bytecode. Forbiddenapis is for parsing mathod invocations in bytecode, but it does not handle the java syntax.
I am not sure if this can be implemented in forbiddenapis at all, as this is not related to "forbidden method invocations".
from forbidden-apis.
Great idea. In terms of "how to implement": likely Error Prone is more suitable for such a check (with the added benefit that it can automatically emit appropriate fixes).
NB: A low-false positive check would have to both consider method overrides, as well as constraints imposed by the APIs (if any) to which the
Function
(etc.) parameters are be passed.
I agree with that.
Focus on forbiddenapis is to quickly parse bytecode and detect invalid patterns (method invocations and class usage from there). Because it works on bytecode/class files, it is good at parsing output of any compiler (so kotlin and scala is known to work perfectly with forbiddenapis, Groovy also kinda works), but the limitation to bytecode checks makes it not a good match for such type-based checks that require source code or more detailed type information that is erased from byte code.
I am not fully sure, but for method declarations in class files bytecode saves the so-called "signature" including generics as an attribute, but at moment this one is not checked. So there is possiblility to check the usage of those classes in code, but its another code path than general forbidden-apis checks as implemented at moment.
from forbidden-apis.
the problem is that the information you are requesting may not be available in the bytecode
Generic signatures are very well available on the bytecode, see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.7.9
from forbidden-apis.
Because it works on bytecode/class files, it is good at parsing output of any compiler (so kotlin and scala is known to work perfectly with forbiddenapis, Groovy also kinda works), but the limitation to bytecode checks makes it not a good match for such type-based checks that require source code or more detailed type information that is erased from byte code.
That is exactly why I believe adding check in forbidden-apis would be great for both Java and Kotlin users.
Suppose someone adds a function in Kotlin, and they receive java.util.function.Function
as a parameter.
Since java.util.function.Function
has no declaration-site variance, Kotlin does not automatically generate Function<? super...
.
So Kotlin users need to remember to use Function<in INPUT, out OUTPUT>
when using Java-based interfaces.
In other words, the check would be useful for Java, Kotlin, and Scala, users, and it would be non-trivial to achieve in Error Prone, and OpenRewrite.
Focus on forbiddenapis is to quickly parse bytecode and detect invalid patterns
What I suggest here is to parse signatures of methods only, so it would be way faster than the current "parse method body".
However, it might require "superclass" analysis (e.g. to check if a method overrides another method).
from forbidden-apis.
Related Issues (20)
- (Gradle) How to avoid creation of a forbiddenApisTest task HOT 2
- Unable to suppress violation in a field declaration HOT 3
- Allow to ignore failures for some signature files only HOT 3
- Improve messsages in the bundled signatures so they are actionable HOT 1
- Forbidding constructors doesn't always work HOT 2
- build warning about parameter "localRepository" after upgrading to maven 3.9.1 HOT 28
- Remove HttpResponse.BodyHandlers.ofFile(Path) from banned method list in Java 21 signatures HOT 2
- Provide option to enabled DEBUG level logging when using the CLI HOT 12
- Clarify Maven configuration parameter "includes" and "excludes" HOT 2
- Consider JEP 400 for jdk-unsafe Bundled Signatures HOT 1
- Check fails with "Bundled signatures resource not found: jdk-unsafe-21" despite failOnUnsupportedJava/failOnViolation disabled HOT 7
- Remove jdk.jfr from non portable exceptions list HOT 1
- Require at least Maven 3.2.5 HOT 3
- static method hiding produces false positives when original method is forbidden HOT 28
- Please publish PGP signature for the plugin at Gradle Plugin Portal HOT 6
- Add commons-io 2.15.1 HOT 1
- Add new (default) signatures
- "Parsing signatures failed" if class is not found on classpath HOT 3
- Clarify what retention scope is required for forbiddenapis suppression annotations HOT 3
- compatibility with Gradle 9.x HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forbidden-apis.