CODEWITHSUNDEEP
eclipsenullpointerexceptionfindbugs
Kiva
Kiva

Reputation: 9353

FindBugs doesn't find a bug

I would like to use FindBugs to create a report about an application.

I run it and it doesn't find a potential bug like this:

public List<String> getListTrace(A object) {

    String arg = object.getArg();
    ...
}

If object is null, my application will be down.

Why FindBugs doesn't raise an alert?

Upvotes: 2

Views: 643

Answers (4)

Tagir Valeev
Tagir Valeev

Reputation: 100169

Raising bug report in such case would result in really big noise. You would get thousands of irrelevant bug messages in the perfectly correct code. Actually FindBugs does smarter thing. If it discovers that the method dereferences the argument without a null-check, it marks internally this method argument as @Nonnull. If you have an explicit annotation (like in TimK answer) which contradicts with this, you will get a warning. Otherwise FindBugs assumes that nobody uses this method with possibly-null argument. And when somebody actually does this, you will get a corresponding warning on the call site. Here's an example:

import java.util.Collections;
import java.util.List;

public class FBNull {
    static class A {
        String getArg() {
            return "str";
        }
    }

    public static List<String> getListTrace(A object) {
        String arg = object.getArg();
        return Collections.singletonList(arg);
    }

    public void callSite(A a) {
        if (a == null) {
            System.out.println("a is null");
        }
        System.out.println(getListTrace(a)); // NP_NULL_PARAM_DEREF 
    }
}

From the FindBugs poit of view getListTrace() method is ok. However the callSite method has a bug. It checks its argument for null explicitly, thus it can be null due to application logic. However, it's later passed to getListTrace() which immediately dereferences the argument. Thus you have a bug warning inside the getListTrace() method saying:

Bug: Null passed for non-null parameter of getListTrace(FBNull$A) in FBNull.callSite(FBNull$A)

This method call passes a null value for a non-null method parameter. Either the parameter is annotated as a parameter that should always be non-null, or analysis has shown that it will always be dereferenced.

So if you actually can pass nulls, it can be detected on the call sites.

Upvotes: 0

TimK
TimK

Reputation: 4835

Findbugs doesn't know if object is allowed to be null or not. You can tell it by using annotations:

import javax.annotation.Nullable;
...
public List<String> getListTrace(@Nullable A object) {

This tells Findbugs (and people reading the code) that it is okay to pass null as the argument to getListTrace. So Findbugs will warn you if you dereference object without checking for null.

Upvotes: 2

Bananeweizen
Bananeweizen

Reputation: 22070

Findbug cannot detect potential null pointer accesses. But Eclipse can give you a warning for potential null pointer access, if you activate the corresponding compiler warning in the preferences.

Upvotes: 0

user1084944
user1084944

Reputation:

That code doesn't look like it has a bug.

If you changed the code to check if object was null, what would you do? The most reasonable action would probably to throw a NullPointerException, right?

That's exactly what your code snippet does; it just lets java do the test automatically when accessing a method.

That this function doesn't check for a null pointer is not a bug. The bug would be if someone passed a null pointer into your function and wasn't prepared for it raising a NullPointerException.

Upvotes: 0

Related Questions