JSR-305: Annotations for Software Defect Detection



JSR-305: Annotations for Software Defect Detection

Static Analysis tools such as FindBugs, IntelliJ, Checkstyle and PMD are widely used in Java development. The tools are sophisticated, but there are a common set of problems which they handle poorly. These are generally implicit design decisions in the APIs such as where a value can be null, or where a numeric value is not expected to be negative. In Java, a well written API will capture these design details in the JavaDoc but they are not easily accessible to the analysis tools and, in consequence, may either be missed or result in false positives.

To work around this problem a number of static analysis tool developers are exploring using annotations to define these details. For example FindBugs and IntelliJ both define their own annotations to indicate when a method may return null. The two tools use slightly different annotations however and so there is a case for standardisation. JSR-305, led by FindBugs' creator Bill Pugh, is looking to create both a standard set of annotations that analysis tools can use, and a mechanism to allow developers to add additional annotations as they need to. The current proposal includes annotations for nullness, sign, language, and threading amongst others.

In a tech talk Bill Pugh gave at Google he goes through a number of concrete examples, starting with nullness. The idea is to allow a method to define parameters, return values and fields that should always be nonnull, and those whose arguments should accept a null. Pugh's solution involves using three annotations:
@Nonnull - interpreted as should be nonnull after the object is initialised.
@NullFeasible - code should always worry that this value might be null. Tools should flag any dereference that isn't preceded by a null check. If you mark a return value as NullFeasible you may have to go through a number of other code changes as the effects of a possible null parameter ripple through the code.
@UnknownNullness - this is the same as no annotation but is needed to support default and inherited annotations.


Read full article from JSR-305: Annotations for Software Defect Detection


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Labels

Algorithm (219) Lucene (130) LeetCode (97) Database (36) Data Structure (33) text mining (28) Solr (27) java (27) Mathematical Algorithm (26) Difficult Algorithm (25) Logic Thinking (23) Puzzles (23) Bit Algorithms (22) Math (21) List (20) Dynamic Programming (19) Linux (19) Tree (18) Machine Learning (15) EPI (11) Queue (11) Smart Algorithm (11) Operating System (9) Java Basic (8) Recursive Algorithm (8) Stack (8) Eclipse (7) Scala (7) Tika (7) J2EE (6) Monitoring (6) Trie (6) Concurrency (5) Geometry Algorithm (5) Greedy Algorithm (5) Mahout (5) MySQL (5) xpost (5) C (4) Interview (4) Vi (4) regular expression (4) to-do (4) C++ (3) Chrome (3) Divide and Conquer (3) Graph Algorithm (3) Permutation (3) Powershell (3) Random (3) Segment Tree (3) UIMA (3) Union-Find (3) Video (3) Virtualization (3) Windows (3) XML (3) Advanced Data Structure (2) Android (2) Bash (2) Classic Algorithm (2) Debugging (2) Design Pattern (2) Google (2) Hadoop (2) Java Collections (2) Markov Chains (2) Probabilities (2) Shell (2) Site (2) Web Development (2) Workplace (2) angularjs (2) .Net (1) Amazon Interview (1) Android Studio (1) Array (1) Boilerpipe (1) Book Notes (1) ChromeOS (1) Chromebook (1) Codility (1) Desgin (1) Design (1) Divide and Conqure (1) GAE (1) Google Interview (1) Great Stuff (1) Hash (1) High Tech Companies (1) Improving (1) LifeTips (1) Maven (1) Network (1) Performance (1) Programming (1) Resources (1) Sampling (1) Sed (1) Smart Thinking (1) Sort (1) Spark (1) Stanford NLP (1) System Design (1) Trove (1) VIP (1) tools (1)

Popular Posts