Add nullable annotations for XmlDataDocument

[terrajobst]

No description provided.

[ghost]

Tagging subscribers to this area: @roji, @ajcvickers
See info in area-owners.md if you want to be subscribed.

[pgovind]

This might cause a NRE if someone calls Row.Something. We should make the property return a DataRow? instead I think.

[terrajobst]

Fixed

[stephentoub]

Why is this ! needed?

[terrajobst]

Because the smart person that I am I only changed the return type of the property 😟

Fixed

[eerhardt]

Can you use [MemberNotNull] on the Init and AttachDataSet methods instead? You can get rid of this null! if you do.

[jozkee]

The same for _pointers, _columnChangeList, _foliationLock and _attrXml.

[terrajobst]

I tried that. The problem is that there is this constructor as well:

        internal XmlDataDocument(XmlImplementation imp) : base(imp)
        {
        }

For now, I've null! initialized the values there.

[stephentoub]

We may not be entirely consistent, but anywhere we've used = null!; on fields we've tried to add a comment next to it indicating why.

[stephentoub]

The problem is that there is this constructor as well

What ensures _dataSet is set to non-null when that ctor is used? Or the field is never used when that ctor is used?

[terrajobst]

What ensures _dataSet is set to non-null when that ctor is used? Or the field is never used when that ctor is used?

I believe the field is never used in that instance. It's instantiated by XmlDataImplementation which exposes it as XmlDocument.

[eerhardt]

Same here - use [MemberNotNull] on the Init method

[terrajobst]

#41541 (comment)

[eerhardt]

What's protecting _curNode.Value from being null? (here and below)

[terrajobst]

Quite frankly I don't know. But I can't make the property nullable because the base definition isn't nullable. But changing the code to return an empty string when _curNode.Value is null seems worse than potentially lying.

[stephentoub]

But I can't make the property nullable because the base definition isn't nullable

Does that mean the base is defined incorrectly?

[terrajobst]

Looking through the code it seems like other overrides return an empty string instead, so it seems the intent was non-nullable.

[carlossanlop]

Line 16 of this file: CurrentNode should probably be nullable. This is an internal class, and is the base class for other two classes, which are in this same PR.
At some point, the underlying private field for the currentNode is set to null. For example, line 61 of RegionIterator.cs.

[carlossanlop]

Line 91 in RegionIterator.cs is doing the same, setting the value to null.

[carlossanlop]

TreeIterator.cs seems to be doing the same.

[terrajobst]

Good point. Since this follows the typical iterator pattern, I have annotated the NextXxx methods with [MemberNotNullIf(true, CurrentNode)]. Sadly this doesn't do much for us because the compiler still can't infer that iter.CurrentNode isn't null. for cases like this:

for (bool fMore = iter.NextRowElement(); fMore; fMore = iter.NextRowElement())
{
    rowElem = (XmlBoundElement)(iter.CurrentNode!);
    EnsureDisconnectedDataRow(rowElem);
}

[pgovind]

Why change node to n here? I think we should revert this

[terrajobst]

Because node is a parameter, which is non-nullable. The code assigns to the parameter, which then can include null values as the loop goes. And the assert would null ref when one passes null to the method. So in order to have a nullable variable for the loop but keep the parameter as non-nullable I had to introduce a local 😢

[pgovind]

This is a possible NRE. Row currently could return a null! and the next line will fail.

[terrajobst]

The way I understand the code is that when _column is non-null, Row will have a value (see the definition of Row). Sadly I don't know how to express this invariant. Marking Row as non-null seems worse though.

[pgovind]

Another possible NRE from using the Row property

[terrajobst]

See #41541 (comment)

[carlossanlop]

I mean, technically the change is not really wrong (aside from the fact that now it could throw if the cast fails), but it's not a change related to nullability.
Up to you if you want to revert it.

[jozkee]

This still represents a change of behavior from returning null to throwing InvalidCastException plus the method is already expected to return null.

If we lack code coverage, we would not catch if this is an invasive change regardless of the assertions.

[terrajobst]

The previous code was this:

rowElem = _node as XmlBoundElement;
Debug.Assert(rowElem != null);

• If the cast doesn't succeed, the next line asserts
• If the _node is null, the cast will succeed but the next line asserts
• In release builds, a null reference would be returned

My reasoning was: a hard cast seems more desirable because at least that makes the code fail consistently, rather than asserting in debug builds an null referencing in release builds.

But if you guys feel we shouldn't do this, I can revert.

[stephentoub]

I would expect a simpler change would still satisfy the compiler:

return CurrentNode is XmlBoundElement be && be.Row != null;

Does it not?

[terrajobst]

It does. For some reason, this doesn't work:

XmlBoundElement? be = CurrentNode as XmlBoundElement;
return ((be != null) && (be.Row != null));

Fixed

[stephentoub]

For some reason, this doesn't work

The compiler doesn't track the relationship between variables for nullability.

[stephentoub]

You can also use the ctor that takes a params array (though you'll likely also need to suppress a CLS compliance warning).

[eerhardt]

(Random side question: why do we get CLS compliance warnings on attributes of non-public members?)

[terrajobst]

AFAIK CLS compliance is about consistent attribution and doesn't take visibility into consideration. If you say "the entire assembly/type is CLS compliant", then the compiler will force you to mark the ones that aren't, no matter their visibility. Presumably, that was done to make the rules simpler.

[terrajobst]

You can also use the ctor that takes a params array (though you'll likely also need to suppress a CLS compliance warning).

I noticed the CLS compliance warning and looked around what other parts did. The other locations in S.D.C seemed use multiple applications, so that's what I did. Do you want me to change them all?

[eerhardt]

AFAIK CLS compliance is about consistent attribution and doesn't take visibility into consideration.

That isn't true for method return types:

[stephentoub]

Do you want me to change them all?

You don't need to. I was just calling out the alternative.

[terrajobst]

AFAIK CLS compliance is about consistent attribution and doesn't take visibility into consideration.

That isn't true for method return types:

OK, now I'm confused :-)

[eerhardt]

Me too. ;)

[eerhardt]

(nit) if AttachDataSet was annotated with [MemberNotNull(nameof(_dataSet))], this ! wouldn't be needed.

[terrajobst]

Good call! Fixed.

[eerhardt]

Do we need both the = null! here and in the field initializers at the top of the class?

 private DataSet _dataSet = null!;

[terrajobst]

My apologies, I thought I reverted them already, which I didn't. Fixed.

[eerhardt]

I'm not sure if this comment is 100% accurate. From looking at the code, it looks like XmlDataImplementation.CreateDocument() can be called publicly:

using System.Xml;

var x = new XmlDataDocument();
x.AppendChild(x.CreateElement("h"));

var y = (XmlDataDocument)x.Implementation.CreateDocument();

Console.WriteLine(y.DataSet?.ToString() ?? "<null>");

The code above prints <null>.

[terrajobst]

That is fair. But a document constructed from there will also null ref, for example:

y.GetRowFromElement(y.DocumentElement);

Without some surgery I don't believe an XmlDataDocument that was created via XmlDataImplementation.CreateDocument() can be used safely today 😢

[eerhardt]

Doesn't this need to be XmlNode? n = node;? As written, I don't think you will ever get into the loop.

[terrajobst]

Damn. Good catch! Fixed.

[eerhardt]

This looks good.

[pgovind]

LGTM now.

[jozkee]

Other than this comment, LGTM.

[roji]

@terrajobst sorry for not reviewing, personal issues... Not sure I'd have a lot to contribute on the XML stuff anyway :)