Check for SPDX license identifiers.

[chriseth]

Closes #7738.

[axic]

This might be the first-ever compliant contract: axic/eth2-deposit-contract@3aaf6f0

(Pushed yesterday)

[chriseth]

I wonder what prompted me to start this...

[axic]

It is still unclear what to use for closed source:
a) "Proprietary" perhaps?
b) avoiding the field?

[chriseth]

Provide the field with UNLICENSED or CLOSED-SOURCE or PROPRIETARY - do we need to specify that?

[axic]

I think we should provide a recommendation given SPDX does not provide one.

[chriseth]

npm proposes UNLICENSED: https://docs.npmjs.com/files/package.json#license

[axic]

Sounds good, we should document this and link to npm as well.

[chriseth]

Once we merge this, we should maybe start adding the field to common libraries?

[hrkrshnn]

We could also implement a feature for solidity-upgrade to do add a license.

[chriseth]

@hrkrshnn good idea!

[chriseth]

As it is now, this can also be found in strings. Do we want to extend this to ^// SPDX...? Then it would not work for /*-comments, though.

[chriseth]

Taken over by @aarlt.
We would like to get this finished quickly, so please report your progress so that others can take over because of timezones.

[stackenbotten]

There was an error when running chk_coding_style for commit 021444e697d84e928661cadb443ac0b0ae77068b:

Coding style error:
 libsolidity/parsing/Parser.cpp:1997: for (auto& node : _nodes)
 libsolidity/parsing/Parser.cpp:1999: for (auto& remove : toBeRemoved)

Please check that your changes are working as intended.

[aarlt]

@chriseth I mainly added testing support. Sadly I didn't saw the current errors locally. These errors need to be fixed.

[chriseth]

That's a good idea, but we could also find all places that match the regex and see if we ended up inside one of the nodes.

[chriseth]

Is there a situation where we would insert the version but not the license pragma?

[axic]

ErrorIds... Why are the above two the same errors?

[axic]

Nit: Is non-open-source the best term? Why not just closed-source?

[chriseth]

"open source", "source accessible", "proprietary", "closed-source" - all different terms...

[axic]

We could also say "free software" as that is even a smaller subset of open source and we advocate for that 😉

[axic]

Didn't we had some PR/issue discussing that we shouldn't have null fields? Maybe it is out of scope here.

[chriseth]

there is an open pr about it.

[axic]

Nit: why not preamble as in the other files?

[axic]

Should add a parser test for MIT OR Apache-2.0 and GPL-2.0 AND GPL-3.0. I know we do not deal with expression, but as we instruct people to use in a warning, we should make sure they are parsed correctly.

[axic]

Will the documentation changes be part of a different PR?

Can we also have parser tests for different comment styles (if we support them):

//SPDX-License-Identifier:
///SPDX-License-Identifier:
// SPDX-License-Identifier:
/// SPDX-License-Identifier:
/* SPDX-License-Identifier:
 * SPDX-License-Identifier:

[chriseth]

/// will not work, it is a doxygen comment.

[chriseth]

will add a test for /// and also multpile licenses.

[chriseth]

Added documentation.

[axic]

Should we mention this is also the suggested way by npm?

[chriseth]

I don't think this is needed.

[aarlt]

I just saw that there is a spdx license identifier UNLICENSE. I'm wondering whether UNLICENSE vs UNLICENSED can create confusions.

    {
      "reference": "./Unlicense.html",
      "isDeprecatedLicenseId": false,
      "isFsfLibre": true,
      "detailsUrl": "http://spdx.org/licenses/Unlicense.json",
      "referenceNumber": "179",
      "name": "The Unlicense",
      "licenseId": "Unlicense",
      "seeAlso": [
        "https://unlicense.org/"
      ],
      "isOsiApproved": false
    }

[chriseth]

This is also recommended by npm, I don't think we should just make an arbitrary new suggestion.

[axic]

Looks good.

[chriseth]

Fingers crossed...

[chriseth]

Ah! The joy of external tests!

[chriseth]

The failure seems to be an SMT failure. Re-running...

[aarlt]

typo: copyright