Add an analyzer for PublishSingleFile

[agocke]

When publishing single-file applications, certain APIs are very likely
to return incorrect results. Most notably, asking for the Location of
any Assembly loaded from the single-file will return an empty string,
instead of a file path. To minimize suprise, this analyzer flags all
usages of the APIs most likely to break when used in single-file when
the PublishSingleFile property is set to true, and the
IncludeAllContentForSelfExtractProperty is not true (which provides the
legacy API behavior).

[agocke]

@vitek-karas @sbomer @mateoatr @tlakollo @samsp-msft Can you all take a look at this and tell me what you think? There are certainly some instances with potential false positives (as I included in my test case), but it seems like this mistake is so easy to make and this scenario is so new that it would be better to produce extra warnings up front.

[codecov]

Codecov Report

Merging #3921 into master will decrease coverage by 0.00%.
The diff coverage is 99.18%.

@@            Coverage Diff             @@
##           master    #3921      +/-   ##
==========================================
- Coverage   95.62%   95.61%   -0.01%     
==========================================
  Files        1151     1151              
  Lines      254095   253903     -192     
  Branches    15223    15209      -14     
==========================================
- Hits       242977   242773     -204     
- Misses       9180     9182       +2     
- Partials     1938     1948      +10     

[vitek-karas]

I don't like the word "valid" - it makes it sound like something completely wrong. Maybe just explain what it does:
"Property 'Assembly.Location' returns empty string when publishing the app as a single-file."

But I'm not a native speaker, so maybe your version actually sounds better...

[vitek-karas]

Actually maybe we should include the fact that the assembly has to be part of the app:
"Property Assembly.Location returns empty string for any assembly from application when published as single-file"

[samsp-msft]

Saying it returns empty string is better as it's then a condition the app can check against.

[agocke]

In that case we'll probably need individual diagnostic rules for each API to describe its behavior.

[agocke]

Updated

[vitek-karas]

I do agree that having one for each is lot of work - on the other hand it might give us opportunity to include some actionable feedback in the messages (if there's any). For example for Assembly.Location we may point users to AppDomain.CurrentDomain.BaseDirectory as a reasonable replacement for certain cases.

[vitek-karas]

These are now obsolete (dotnet/runtime#39261) - not sure what's the UX - will I get two warnings for the same thing?

[agocke]

Probably. I didn't know we were going to obsolete them, so I can remove this.

[Evangelink]

There is a TryGetOrCreateTypeByMetadataName method you could use here instead.

[Evangelink]

Could you please use the markup syntax instead? It looks like {|#0:a.Location|} (where 0 is the index) and then to test the arg you can do VerifyCS.Diagnostic.WithLocation(0).WithArgs....

[agocke]

This style of diagnostics verification is what Roslyn uses for all the compiler tests. Why invent something different here? I don't see the value making the source code harder to read.

[vitek-karas]

Maybe it would be better to similarly to Location describe the actual behavior. In this case the API is going to throw an exception (it already does for in-memory assemblies outside of single-file).

[agocke]

The issue at dotnet/runtime#38405 seems to imply the expected behavior is to return null or empty array.

[vitek-karas]

We'll probably have to update that issue. More recent discussions:

• Assembly.CodeBase: Assembly.CodeBase returns nonexistent path for assemblies from single-file runtime#40087 - the agreement is to actually throw PlatformNotSupported - it's "safer" and we're obsoleting these anyway, so making them work feels contraproductive.
• Module.FullyQualifiedName Module.FullyQualifiedName throws in single-file app runtime#40103 - should return <Unknown>. This will make it work the same as memory-loaded assemblies. This also means that GetFile/GetFiles will throw (as it does in non-single-file for memory-loaded assemblies).

[agocke]

What about AssemblyName.CodeBase? AFAIK that's not even obsolete

[vitek-karas]

I personally would expect Assembly.CodeBase and AssemblyName.CodeBase to behave the same. There has been discussion on it, but it sort of disappeared: dotnet/runtime#31127
I'll start it again.

[sbomer]

Is the plan to share warning codes with a future single-file analysis done by the linker? If so we should make sure to reserve IL3000/IL3001 in mono/linker to avoid conflicts - or if not we might want to use a different prefix here.

[agocke]

@sbomer Yeah this was basically a set up for that exact idea. That we could move warnings back and forth between the linker and this analyzer framework by re-using error codes. I agree, it seems like a good idea to reserve those codes in the linker. Do you know how I should do that?

[sbomer]

I filed dotnet/linker#1393 to document this - I think it's enough for now. If we wanted to we could add a check to ensure we don't use those warning numbers.

[tlakollo]

So I'm assuming this means 1XXX for linker and single file errors(?), 2XXX for linker warnings 3XXX for single file warnings

[agocke]

@tlakollo Yup, that was the idea.

[mavasani]

Consider adding a new range row to https://github.com/dotnet/roslyn-analyzers/blob/master/src/Utilities/Compiler/DiagnosticCategoryAndIdRanges.txt. This is an additional file which is used by a meta-analyzer on the repo that enforces few things:

1. No two analyzers share the same diagnostic ID in an analyzer package in this repo
2. There are no gaps introduced in the diagnostic ID range
3. Diagnostic ID selected for a specific category falls in the allowed range for that category

[mavasani]

Fix ID in doc comment?

[mavasani]

We follow the Roslyn IDE conventions in this repo for local function names

Suggested change

	static bool contains<T, TComp>(List<T> list, T elem, TComp comparer)
	static bool Contains<T, TComp>(List<T> list, T elem, TComp comparer)

[agocke]

yuck :)

[agocke]

I'll do it, but I'd like to register my objection as the designer and author of local functions 😄

[mavasani]

Will this data structure be thread-safe given we will get concurrent callbacks?

[mavasani]

Might be best to use an ImmutableHashSet/ImmutableArray for these.

[mavasani]

If you decide to use ImmutableHashSet, then you can use this extension method:

roslyn-analyzers/src/Utilities/Compiler/Extensions/ImmutableHashSetExtensions.cs

Line 95 in 194d144

public static void AddIfNotNull<T>(this ImmutableHashSet<T>.Builder builder, T? item)

[agocke]

This should be safe given that threading model. ImmutableHashSet is probably a bad idea for lists of < 8 elements. I can move to ImmutableArray instead.

[mavasani]

This resource string is used as both the title and message for IL3001. Title string should not have any string format arguments, so you probably want to use separate resource strings.

[agocke]

Actually I meant to re-use AvoidAssemblyLocationInSingleFileTitle, since the title actually makes sense for both. good catch.

[mavasani]

Suggested change

	static TSymbol? tryGetSingleSymbol<TSymbol>(ImmutableArray<ISymbol> members) where TSymbol : class, ISymbol
	static TSymbol? TryGetSingleSymbol<TSymbol>(ImmutableArray<ISymbol> members) where TSymbol : class, ISymbol

[mavasani]

Suggested change

	static void addIfNotNull<TSymbol>(List<TSymbol> properties, TSymbol? p) where TSymbol : class, ISymbol
	static void AddIfNotNull<TSymbol>(List<TSymbol> properties, TSymbol? p) where TSymbol : class, ISymbol

[mavasani]

Do we want to create issue(s) on https://github.com/MicrosoftDocs/visualstudio-docs/issues to add documentation for the rules at https://docs.microsoft.com/visualstudio/code-quality/il3000 and https://docs.microsoft.com/visualstudio/code-quality/il3001?

[mavasani]

Overall LGTM, just have some minor nit suggestions.

[agocke]

@mavasani You can merge this if you want, I don't have commit privileges for this repo

[mavasani]

You can merge this if you want, I don't have commit privileges for this repo

Interesting, I though all roslyn team members have the permissions. Let me explicitly add you.

[mavasani]

@agocke Can you try again?

[agocke]

@mavasani I'm not a Roslyn team member any more 😄

[carlossanlop]

@agocke FYI, the change made to the file src/NetAnalyzers/Core/AnalyzerReleases.Unshipped.md added a space before the two new table rows, and markdown is not including them in the table:

https://github.com/dotnet/roslyn-analyzers/blob/master/src/NetAnalyzers/Core/AnalyzerReleases.Unshipped.md

[agocke]

Woops, fixed here #3944