@Nullable field dereferencing, without any check, show no warnings

  • Operating system: Windows 10
  • SonarLint plugin version: 3.20.2
  • Programming language you’re coding in: Java
  • Is connected mode used: no

See the screenshot I think it is self explaining.
I expect NPE warning to show at lines 10 and 16.

Hey there.

Can you please include a text-based code sample (not a screenshot)?

1 Like
import org.springframework.lang.Nullable;

public class NullSample {
    private String some;

    public void do1() {
        some.length(); // warning expected, @Nullable field

    public void do2() {
        some = null;
        some.length(); // warning expected, even when field is not @Nullable
1 Like

Hello @brokenpipe.coder,

Unfortunately, the Symbolic Execution engine we use to detect NPEs is not able to detect field-related issues. We didn’t design this old engine to support field-sensitivity from its inception, making it extremely hard to adapt to palliate this limitation. To give you an example, our engine is currently not able to differentiate the following uses of some:

NullSample A = new NullSample();
A.some = "42";

A.some.length(); // issue?
some.length(); // issue?

Thankfully, we started developing a new engine internally, that should be able to cover such cases. We are not yet ready to enable it for null detection as it still needs some work, but this is definitely in our roadmap for the future. Some rules relying on this new engine are already available on SonarCloud and on commercial versions of SonarQube. You can find the new rules already available for java here.


1 Like