SonarJava Symbolic execution not support well?


(Dreaminpast) #1
class NpeSymbolicExample{
static void foo(){
    int a = 3;
    String s = null;
    if (a > 2)
        s = "dreamin";
    System.out.println(s.length());
}

}

SonarJava reports that s.length() raises NPE, actually it won’t.
But If I use Infer(https://fbinfer.com/), it doesn’t report this… (Meantime, if i change branch condition to a > 4, infer will report this.

Here, SonarJava is not that intelligent? We can call it false-positive…
Here I have any solution to skip this FP?