Optimizer incorrectly assumes immutable field accesses are side-effect free

[latkin]

Came across this when investigating #367. Consider the following code:

[<AllowNullLiteral>]
type A(x:int) =
    member __.X = x

let getX (a:A) =
    try a.X
    with _ -> -1

getX null

This code crashes with nullref, because the optimizer has stripped away the try/catch block completely, assuming that immutable field accesses are side-effect free and cannot trigger an exception.

See culprit code here and here.

I can understand intent of this - within pure-F# code, use of immutable F#-defined types should prevent stuff like nullrefs. However this breaks pretty easily in some cases:

• [<AllowNullLiteral>]
• Unchecked.defaultof<T>
• C# interop

Perhaps we can blame the developer for shooting themselves in the foot on nos. 1 and 2. But for no. 3, it seems very terrifying that we silently remove the error handling.

[latkin]

The rabbit hole goes deeper...

If I'm a good library dev I won't be null-checking by catching nullref, I'll just check for null directly. Well, I can't do that unless I add [<AllowNullLiteral>] to my type. Bummer! Workaround would be to check input against Unchecked.defaultof< >. Ok that works fine...

...unless it's a record type. [<AllowNullLiteral>] isn't allowed on record types, so my only option is to compare against Unchecked.defaultof. Trying it:

type A = { X : int }

let getX a =
    if a = Unchecked.defaultof<A> then -1
    else a.X

getX Unchecked.defaultof<A> // or C# call passing null

But this crashes with nullref, as the "null check" codegens as a call to a.Equals( ... )!

Thankfully we can catch this, as it appears Unchecked.defaultof is assumed to have side effects, so try/catch is not removed this time.

let getX a =
    try
        if a = Unchecked.defaultof<A> then -1
        else a.X
    with _ -> -2

getX Unchecked.defaultof<A> // returns -2

[latkin]

Ok I'll calm down now. After some reading I see that it's recommended to do null checks with match box x with null -> ... and that will work for everything.

There is also our new isNull, though now I'm thinking this API would be more useful if it were applicable even to non-nullable types. Something like internal helper notnullPrim.

Regardless, this try/catch removal optimization still seems risky/bogus.

[dsyme]

I'll follow up in more detail tomorrow, but there is a bit in the F# language spec about what assumptions can/can't be made about nullness. In general the compiler is allowed to assume that a range of values for which null is an abnormal value (functions, tuples, records, unions etc) are non-null.

For AllowNullLiteral types, we should regard dereferencing a field as an effect and we should do that for F# 4.0.

[dsyme]

(sorry - there's some github-on-mobile problem where pressing enter closes the bug!)

[latkin]

Fair enough. Very interesting scenarios to ponder... I assume this is maybe related:

[<AllowNullLiteral>]
type A() =
    member this.IsNull() = (this = null)

(null : A).IsNull()  // returns true, no nullref

IsNull gets completely inlined, based (presumably) on the same logic of "this can't be null, so there is no chance of a nullref, so it is semantically equivalent to just inline everything"