Null Pointer check not working for field variables

VersionInfo:
SonarQube: Version 6.7 (build 33306)
SonarJava Plugin: Version 5.5 (build 14655)
SonarLint for Eclipse: Version 3.4.0.201803051332

Take a look at the following (very simple) class:

public class NullCheck {

	private FunctionBean fieldMemberBean;

	public void foo() {
		fieldMemberBean.toString(); //Sonar DOES NOT complain --> But it should
	}

	public void foo2() {
		FunctionBean localVarBean = null;
		localVarBean.toString(); //Sonar DOES complain
	}

}

Both Methods (foo and foo2) share the same problem. A call to any of those will end in getting a NullPointerException. While Sonar complains correctly for method foo2() it completly ignores the problem in foo().

This check seems very easy, therefore i consider this as a bug.

Hello,

unfortunately, this is not easy to detect. You have to consider the fact that foo() can be invoked from different contexts and it is very difficult to understand data flow considering all the possible execution paths. We have plans to improve our bug detection engine to handle cross-procedural analysis, stay tuned for future releases.

Hi Tibor

Thank you for your answer. What do you mean exactly with “different contexts”? I don’t see any way that fieldMemberBean cannot be null at that place because:

  • fieldMemberBean is private
  • There is no assignment to fieldMemberBean in the whole class
  • fieldMemberBean is never used as a parameter to any method in a different class (no access via reference possible)
  • there is no getter or setter for fieldMemberBean

If these 4 statements are true, IMO there is no way that fieldMemberBean can ever be anything other than NULL.

Yes, in this concrete case it is probably possible to prove that non-null value is impossible in that place. However it is hard to generalize this concept to real world use cases.