S2259: how deep does flow analysis go?

I’m seeing a FP for java:S2259 (possible NPE) where the flow indicated by SQ (on the web portal) seems to suggest it’s not recognizing an exception within a catch clause.

A simplified version of the code is like this, where number comments indicate the tags in the flow given by SQ:

/*1*/ foo = null;
try {
    foo = /*2*/ bar(x);
} catch (/*3*/ someException ex) {
    throwItMyWay(ex, "Here in method xxx");
/*4*/ y = foo.someField;

The method bar() can’t return null, but can throw someException. SQ seems to recognize that bar() can’t return null because it only complains about the catch clause. The method throwItMyWay() reconstructs the exception in our preferred form and throws it, 100% guaranteed. Since there’s no try within the catch, the exception thrown by throwItMyWay() is guaranteed to be thrown by the method containing this code, meaning the last line cannot be reached.

However, SQ seems to think throwItMyWay() can return normally.

Is S2259 expected to be able to make this kind of analysis? Or have I just hit some natural limitation in how deep it can analyze?

Hey @MisterPi

You forgot to tell us your SonarQube version – and if it’s still v8.6, I can only encourage you to test on a newer version (or SonarCloud, or SonarLint) to see if the FP is raised before I can ask the relevant team to take a look. Implementation varies by version, and the theoretical “how deep does it go?” is really version specific.