-
Notifications
You must be signed in to change notification settings - Fork 10.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate off of jsr305 #2960
Comments
AFAICT these are the annotations from that package that we use:
The others are less clear to me - they're technically just for static analysis, but they all have It sounds like we should maybe be avoiding |
I agree that this is more a long-term action. I created this issue more to raise the awareness of the problems with Regarding
I appreciate that you didn't forget about |
Seems to me that the others are significantly less heavily used. |
Migrating off the jsr305 annotations makes sense to me. Hopefully most tools care only about the simple class name of the annotations, not their packages. For starters, I checked Error Prone's If we're moving off the "standard" annotations, I wonder what it makes the most sense for us to migrate to. Spotbugs is a natural choice, since we know it has all the annotations that we want. But of course there are many nullability annotations. And arguably we aren't targeting Spotbugs nowadays so much as we're targeting Error Prone. Maybe Error Prone would be interested in adding some annotations of their own. Or maybe, for some of the annotations we use less frequently, we could have our own (package-private?) versions to avoid committing to any tool. (One other note about |
Adopting the Checker Framework's annotations may make sense here. Considering that, AFAIK, its nullability annotations are the most plentiful and advanced out there, it may encourage more people to try the framework out. But if its annotations count as type annotations, then we'd be unable to use them... |
This is not true of Kotlin, although they'll be receptive to adding your annotations to their list. |
Looking at the options, it seems to me that Checker Framework would be a good solution. Thanks for pointing me to that, @jbduncan. |
I'm curious what the replacement for |
@kashike I admit that I don't know if the Checker Framework has an |
...but that's not even considering the other sorts of annotations that we're already using and will probably still want to use, like This may get tricky. |
The Checker Framework authors themselves suggest that their own type annotations are backwards-compatible with Java 6, but only if they're written inside comments. That's not exactly ideal... |
Does it? I don't see everything that was listed above - it appears as if some annotations that are used by Guava are not in spotbugs. As for Checker Framework: it appears to have most things, except
|
@kashike Apologies if I've not explained myself very well before, but I just want to make sure we're both on the same page with regards to the Checker Framework's annotations. It seems to me from what @cpovirk's said already and what I personally know of the Checker Framework's annotations that, sadly, since they are type annotations, they can only be used in Java 8+ projects - JSR308, which is what type annotations are derived from, is only implemented in compilers that understand Java 8. This is a problem because The only workaround I've found so far (suggested by the Checker Framework authors here) is to write type annotations in comments. So, for example, instead of: List<@Nullable String> listOfNullsAndStrings = ...; we'd have: List</*@Nullable*/ String> listOfNullsAndStrings = ...; The Checker Framework understands type annotations written like this, but I somewhat doubt other tools like IntelliJ IDEA, {Find,Spot}Bugs, and Google's internal tools understand them written like this too. Thus, we may not be able to use the Checker Framework's annotations in Guava until Android catches up. If you did understand this already, apologies! Otherwise, I hope that this has cleared things up a bit. :) |
Thanks for the reply, @jbduncan. I'm also looking at what to use in my own projects (which are Java 8) - sorry for not stating this. I've been using I'm trying to find a replacement that has everything I need, but I haven't been able to yet. Perhaps I'll delay switching until the Guava team comes to a solution for this issue in Guava. |
The first release of SpotBugs is backwards compatible, so almost nothing changes, but you need to run "ant spotbugs" now. Furthermore, we need to add a dependency on jsr305 for the javax.annotations package, which was previously included in the findbugs-annotations package, but this was actually bad because Guava also has a dependency on jsr305, so we ended up with the annotations twice on the class path. In the future, we will probably need to migrate away from these annotations, as both SpotBugs and Guava consider: spotbugs/spotbugs#130 spotbugs/spotbugs#180 google/guava#2960
Progress update + summary for people new to this:
|
Will there be a version of guava that uses both old and new in the interim,
or will this be a hard cut off between versions?
…On Mon, Dec 11, 2017, 5:16 AM Chris Povirk ***@***.***> wrote:
Progress update + summary for people new to this:
- jsr305 doesn't play well with Java 9 modules
<https://blog.codefx.org/java/jsr-305-java-9/> because it lives in
javax.annotation, which is used by other modules.
- To address this, we're migrating Guava off the jsr305 annotations
and onto those from Error Prone <http://errorprone.info/> and the
Checker Framework <https://checkerframework.org/>. This is done and
will be in 23.6, except...
- We still need to make sure that Kotlin understands the new
annotations, including the Checker Framework @NullableDecl
<JetBrains/kotlin#1421> and some annotation to
mark parameters as non-null by default
<https://youtrack.jetbrains.com/issue/KT-21408>.
- Other tools that read our annotations may need to be updated to look
for the new annotations. We'll mention this in our release notes.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2960 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAUN4khif1bh5T6FtA7pnt9PQdEyyEdYks5s_SsAgaJpZM4PxSdM>
.
|
Hmm, good question. I have been hoping to just cut from one to the other, on the theory that tools can be updated to recognize both ahead of time. But if anyone knows of problems that we could avoid by having both present, let me know. |
Since making this happen is in some ways more important to JSpecify right now than it even is to Guava, we're also tracking this in jspecify/jspecify#239, and that might be a better place to follow along. |
See google/guava#2960 for some of the reasons SpotBugs and Checkerframework are frequently mentioned as alternatives, but SpotBugs still depends on JSR305 (spotbugs/spotbugs#421) and CheckerFramework looks more complex than the jetbrains annotations, while still not covering all of the ones we used. Jetbrains covers Nullable/NotNull with intellij support for the null-analysis and is Apache licensed. This PR vendors some of the other annotations (Immutable, ThreadSafe, GuardedBy). We use these mainly for documentation purposes.
See google/guava#2960 for some of the reasons SpotBugs and Checkerframework are frequently mentioned as alternatives, but SpotBugs still depends on JSR305 (spotbugs/spotbugs#421) and CheckerFramework looks more complex than the jetbrains annotations, while still not covering all of the ones we used. Jetbrains covers Nullable/NotNull with intellij support for the null-analysis and is Apache licensed. This PR vendors some of the other annotations (Immutable, ThreadSafe, GuardedBy). We use these mainly for documentation purposes.
See google/guava#2960 for some of the reasons SpotBugs and Checkerframework are frequently mentioned as alternatives, but SpotBugs still depends on JSR305 (spotbugs/spotbugs#421) and CheckerFramework looks more complex than the jetbrains annotations, while still not covering all of the ones we used. Jetbrains covers Nullable/NotNull with intellij support for the null-analysis and is Apache licensed. This PR vendors some of the other annotations (Immutable, ThreadSafe, GuardedBy). We use these mainly for documentation purposes.
We've been using these internally for over a year. With JSpecify 1.0 not far off and wider adoption to gradually follow, now seems like the time to expand our public usage of the annotations. We've already been using them in a few projects, but Truth may become the mostly widely used project that users actually link against to use them. At the same time, it's a library that's used only in testing code, so the stakes remain relatively low. Most users will see no effect from this change, since most users don't use nullness checking and since we already used some nullness annotations in our public release. The main effect users are likely to see is if they pass nullable values for parameters that are now recognized as non-nullable. Under Kotlin, the effect should normally be a warning, not an error, at least until [Kotlin 2.1 or so](https://youtrack.jetbrains.com/issue/KT-55586/Handle-nullability-from-jspecify-annotations-properly#focus=Comments-27-8368666.0-0). Please still [report any problems](https://github.com/google/truth/issues/new). (progress toward JSpecify adoption in our projects in general, including google/guava#2960) RELNOTES=Added more nullness information to our APIs (in the form of [JSpecify](https://jspecify.dev/) annotations). This could lead to additional warnings (or even errors) for users of Kotlin and other nullness checkers. Please [report any problems](https://github.com/google/truth/issues/new). PiperOrigin-RevId: 646988261
We've been using these internally for over a year. With JSpecify 1.0 not far off and wider adoption to gradually follow, now seems like the time to expand our public usage of the annotations. We've already been using them in a few projects, but Truth may become the mostly widely used project that users actually link against to use them. At the same time, it's a library that's used only in testing code, so the stakes remain relatively low. Most users will see no effect from this change, since most users don't use nullness checking and since we already used some nullness annotations in our public release. The main effect users are likely to see is if they pass nullable values for parameters that are now recognized as non-nullable. Under Kotlin, the effect should normally be a warning, not an error, at least until [Kotlin 2.1 or so](https://youtrack.jetbrains.com/issue/KT-55586/Handle-nullability-from-jspecify-annotations-properly#focus=Comments-27-8368666.0-0). Please still [report any problems](https://github.com/google/truth/issues/new). (progress toward JSpecify adoption in our projects in general, including google/guava#2960) RELNOTES=Added more nullness information to our APIs (in the form of [JSpecify](https://jspecify.dev/) annotations). This could lead to additional warnings (or even errors) for users of Kotlin and other nullness checkers. Please [report any problems](https://github.com/google/truth/issues/new). PiperOrigin-RevId: 647012817
…ault` annotations. This is the first step toward [using JSpecify in Guava](jspecify/jspecify#239 (comment)). At the end of that path, we'll be able to [remove our dependency on JSR-305](#2960) (and on the Checker Framework's annotations), and we'll have one less blocker to [providing a `module-info`](#2970). `@NullMarked` allows tools like kotlinc to produce errors for code like `ImmutableList<String?>`. (Before releasing this change, I'll conduct some further testing to more fully characterize the effects, both under Kotlin 2.1 and prior.) As we make further changes, it will allow kotlinc to detect even more nullness problems. We will make these changes in a series of incremental releases so that users can pick them up gradually, as we did inside Google. In simple cases, users may wish to pick up all the changes at once instead by upgrading straight from Guava 33.4.0 (or an earlier version) to Guava 33.4.4 (or whatever the version to make the final changes ends up being). RELNOTES=Replaced our custom `@ElementTypesAreNonnullByDefault` annotations with the JSpecify `@NullMarked` annotation. PiperOrigin-RevId: 707134516
There are several issues with using
jsr305.jar
by Guava.JSR-305 is dormant, has been for a long while and shows no hope of ever producing an agreed set of annotations in our lifetime. Further more these annotations use
javax.
packages which it is not possible to use according to the Oracle Java binary licence, so applications can not use and ship these dependencies along with a JRE without violating the Oracle licence agreement.The JSR-305 group has not defined any official releases according to its jsr page so the only implementations is a seemingly random implementation provided by the FindBugs team. Even if the team where experts on the JSR (which some where) they are not official as there has been no vote and are not available from the JSR hompage - so the javax package name restriction still applies.
Using
jsr305
causes additional issues, if Guava is used in a modular JDK9 applications, because it puts the annotations intojavax.annotation
package, which is also used by a couple of other JAR-s and a legacy JDK modulejava.xml.ws.annotation
. If one wants to create a modular JDK9 application with two dependencies to conflicting JAR-s, Java refuses to compile and run it because of a package split. Example:jsr305
automatic module,java.xml.ws.annotation
orjsr250
automatic module.All of the modules use
javax.annotation
.Findbugs has been rebooted as Spotbugs and they are going to make a switch from JSR-305 to their own internal annotations in version 4.0.0 that do not break anything:
spotbugs/spotbugs#180
I think Guava should consider switching to them in order not to pollute application dependencies with
jsr305
JAR.The text was updated successfully, but these errors were encountered: