Can you tell me the scenario for null pointer

Mahesh_Raju · May 19, 2022, 10:56am

Please provide

Operating system: Windows
IDE name and flavor/env: Eclipse 2020-09
SonarLint plugin version: 7.4
Is connected mode used: No
- Connected to SonarCloud or SonarQube (and which version):

And a thorough description of the problem / question:

I got one more scenario where i dont believe there is no chance for null pointer as per flow, i wrote a Test java file to replicates

import java.util.HashMap;
import java.util.Map;

public class Test {

public static void main(String[] args) {
	int lob=2;
	function(lob);
	lob=1;
	function(lob);
}

private static void function(int lob) {
	Map map1 = null;
	Map map2 = null;
	if(lob == 1) 
		map1 = getMap();
	else
		map2 = getMap();
	int val = getValue(lob,map1,map2);
	System.out.println(val);
}

private static int getValue(int lob, Map map1, Map map2) {
	if(lob == 1) 
		return (int) map1.get("key");
	else
		return (int) map2.get("key");
}

private static Map getMap() {
	Map map = new HashMap();
	map.put("key", 1);
	return map;
}

}

Sonarlint saying Nullpointer can be thrown at below line
int val = getValue(lob,map1,map2);

Can you tell for what input for lob i can get Nullpointer

Mahesh_Raju · May 24, 2022, 9:45am

Can i expect any reply
Or do i need to think still sonar is not 100% efficient in saying issues

Michael · May 25, 2022, 4:13pm

Hello @Mahesh_Raju,

Thank you for your patience. Please note that this community forum is operated at best, developers involved in answering threads and helping our users are doing this on a voluntary basis. If the current solution is not fitting your needs, you might want to consider our commercial support offering.

Now, regarding your question:

You are right, there is no scenario that could lead to a null-pointer exception being thrown in your code snippet. This is indeed a False-Positive (FP) from the rule java:S2259. You can safely mark the issue as such, and ignore it.
The FP is caused by the Java Analyzer Symbolic Execution (SE) engine not handling integer constants and relationships between integers. This is a known limitation of our SE engine, and having this in mind, it is likely to raise FPs as soon as there is integer-based logic in code. I know for a fact that our C++ engine does support such logic, but Java does not yet. I created the following ticket to track the FP, but I can not guarantee that we will fix the limitation soon, as it requires a significant amount of work to support the feature: SONARJAVA-4258.

Regards,
Michael

system · June 1, 2022, 4:14pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.