Non-null References by Default in Java: Alleviating the Nullity Annotation Burden

  • Patrice Chalin
  • Perry R. James
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4609)

Abstract

With Java 5 annotations, we note a marked increase in tools that statically detect potential null dereferences. To be effective such tools require that developers annotate declarations with nullity modifiers and have annotated API libraries. Unfortunately, in our experience specifying moderately large code bases, the use of non-null annotations is more labor intensive than it should be. Motivated by this experience, we conducted an empirical study of 5 open source projects totaling 700 KLOC which confirms that on average, 3/4 of declarations are meant to be non-null, by design. Guided by these results, we propose adopting a non-null-by-default semantics. This new default has advantages of better matching general practice, lightening developer annotation burden and being safer. We adapted the Eclipse JDT Core to support the new semantics, including the ability to read the extensive API library specifications written in the Java Modeling Language (JML). Issues of backwards compatibility are addressed.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barnett, M., DeLine, R., Jacobs, B., Faehndrich, M., Leino, K.R.M., Schulte, W., Venter, H.: The Spec# Programming System: Challenges and Directions. In: International Conference on Verified Software: Theories, Tools, Experiments, Zürich, Switzerland (2005)Google Scholar
  2. 2.
    Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# Programming System: An Overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Bloch, J.: Effective Java Programming Language Guide. Addison-Wesley, Reading (2001)Google Scholar
  4. 4.
    Bonniot, D.: Using kinds to type partially-polymorphic methods. Electronic Notes in Theoretical Computer Science 75, 1–20 (2003)CrossRefGoogle Scholar
  5. 5.
    Bonniot, D.: The Nice programming language (2005), http://nice.sourceforge.net/
  6. 6.
    Bonniot, D.: Type safety in Nice: Why programs written in Nice have less bugs (2005)Google Scholar
  7. 7.
    Burdy, L., Cheon, Y., Cok, D.R., Ernst, M.D., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An Overview of JML Tools and Applications. International Journal on Software Tools for Technology Transfer (STTT) 7(3), 212–232 (2005)CrossRefGoogle Scholar
  8. 8.
    Chalin, P.: Towards Support for Non-null Types and Non-null-by-default in Java. In: Proceedings of the 8th Workshop on Formal Techniques for Java-like Programs (FTfJP’06), Nantes, France (July 2006)Google Scholar
  9. 9.
    Chalin, P., Rioux, F.: Non-null References by Default in the Java Modeling Language. In: SAVCBS. Proceedings of the Workshop on the Specification and Verification of Component-Based Systems, Lisbon, Portugal, September 2005, ACM Press, New York (2005)Google Scholar
  10. 10.
    Cielecki, M., Fulara, J., Jakubczyk, K., Jancewicz, L.: Propagation of JML non-null annotations in Java programs. In: Proceedings of the International Conference on Principles and Practices of Programming. In Java (PPPJ’06), Mannheim, Germany (2006)Google Scholar
  11. 11.
    DeLine, R., Leino, K.R.M., Boogie, P.L.: A Typed Procedural Language for Checking Object-Oriented Programs, Microsoft Research, Technical Report (2005)Google Scholar
  12. 12.
    Detlefs, D.L., Leino, K.R.M., Nelson, G., Saxe, J.B.: Extended Static Checking, Compaq Systems Research Center, Research Report 159 (December 1998)Google Scholar
  13. 13.
    ECMA International, Eiffel Analysis, Design and Programming Language, ECMA-367 (June 2005)Google Scholar
  14. 14.
    Ekman, T.: Extensible Compiler Construction. Ph.D. thesis. CS Dept. Lund University (2006)Google Scholar
  15. 15.
    Ekman, T., Hedin, G.: Pluggable non-null types for Java, Dept. of CS, Lund University, Technical Report 2006 (unpublished)Google Scholar
  16. 16.
    Engelen, A.F.M.: Nullness Analysis of Java Source Code. Master’s thesis. Nijmegen Institute for Computing and Information Sciences, Radboud University Nijmegen, Netherlands (2006)Google Scholar
  17. 17.
    Ernst, M., Coward, D.: Annotations on Java Types, JCP.org, JSR 308 (2006)Google Scholar
  18. 18.
    Evans, D.: Using Specifications to Check Source Code, MIT, MIT/LCS/TR 628 (June 1994)Google Scholar
  19. 19.
    Evans, D.: Static Detection of Dynamic Memory Errors. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, Philadelphia, Pennsylvania, United States, ACM Press, New York (1996)Google Scholar
  20. 20.
    Evans, D.: Annotation-Assisted Lightweight Static Checking. In: First International Workshop on Automated Program Analysis, Testing and Verification (February 2000)Google Scholar
  21. 21.
    Evans, D.: Splint User Manual, Secure Programming Group, University of Virginia (June 5, 2003)Google Scholar
  22. 22.
    Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Software 19(1), 42–51 (2002)CrossRefGoogle Scholar
  23. 23.
    Fähndrich, M., Leino, K.R.M.: Non-Null Types in an Object-Oriented Language. In: Proceedings of the Workshop on Formal Techniques for Java-like Languages, Malaga, Spain (2002)Google Scholar
  24. 24.
    Fähndrich, M., Leino, K.R.M.: Declaring and Checking Non-null Types in an Object-Oriented Language. In: OOPSLA’03. Proceedings of the 18th annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 302–312. ACM Press, New York (2003)Google Scholar
  25. 25.
    Flanagan, C., Leino, K.R.M.: Houdini, an Annotation Assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 500–517. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Flanagan, D.: Java in a Nutshell: A Desktop Quick Reference. O’Reilly (1996)Google Scholar
  27. 27.
    Fowler, M.: Refactoring: Improving the Design of Existing Code. Addison-Wesley, Reading (1999)Google Scholar
  28. 28.
    Fowler, M.: Patterns of Enterprise Application Architecture. Addison-Wesley, Reading (2003)Google Scholar
  29. 29.
    Freund, J.E., Walphole, R.E.: Mathematical Statistics. Prentice-Hall, Englewood Cliffs (1980)MATHGoogle Scholar
  30. 30.
    Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification, 3rd edn. Addison-Wesley, Reading (2005)Google Scholar
  31. 31.
    Grossman, D., Hicks, M., Jim, T., Morrisett, G.: Cyclone: a Type-safe Dialect of C. C/C++ Users Journal 23(1) (2005)Google Scholar
  32. 32.
    Guttag, J.V., Horning, J.J.: Larch: Languages and Tools for Formal Specification. Springer, Heidelberg (1993)MATHGoogle Scholar
  33. 33.
    Hedin, G., Magnusson, E.: JastAdd–an aspect-oriented compiler construction system. Science of Computer Programming 47(1), 37–58 (2003)MATHCrossRefMathSciNetGoogle Scholar
  34. 34.
    Hovemeyer, D., Pugh, W.: Finding Bugs is Easy. ACM SIGPLAN Notices 39(12), 92–106 (2004)CrossRefGoogle Scholar
  35. 35.
    Hovemeyer, D., Spacco, J., Pugh, W.: Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs. SIGSOFT Software Engineering Notes 31(1), 13–19 (2006)CrossRefGoogle Scholar
  36. 36.
    INRIA, “Pointers in Caml”, in Caml Documentation, Specific Guides (2006), http://caml.inria.fr/resources/doc/
  37. 37.
    JetBrains, “Nullable How-To”, in IntelliJ IDEA 5.x Developer Documentation: JetBrains (2006)Google Scholar
  38. 38.
    Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: Proceedings of the USENIX Annual Technical Conference, Monterey, CA, June 2002, pp. 275–288 (2002)Google Scholar
  39. 39.
    Lea, K.: Nully (2005), https://nully.dev.java.net/
  40. 40.
    Leavens, G.T.: The Java Modeling Language (JML) (2006), http://www.jmlspecs.org
  41. 41.
    Leavens, G.T., Cheon, Y.: Design by Contract with JML, Draft paper (2005)Google Scholar
  42. 42.
    Meyer, B.: Attached Types and Their Application to Three Open Problems of Object-Oriented Programming. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 1–32. Springer, Heidelberg (2005)Google Scholar
  43. 43.
    Park, R.: Software Size Measurement: A Framework for Counting Source Statements, CMU, Software Engineering Institute, Pittsburgh CMU/SEI-92-TR-20 (1992)Google Scholar
  44. 44.
    Paulson, L.C.: ML for the Working Programmer. Cambridge University Press, Cambridge (1991)Google Scholar
  45. 45.
    Pugh, W.: Annotations for Software Defect Detection, JCP.org, JSR 305 (2006)Google Scholar
  46. 46.
    Pugh, W.: How do you fix an obvious bug (2006), http://findbugs.blogspot.com/
  47. 47.
    Rioux, F., Chalin, P.: Improving the Quality of Web-based Enterprise Applications with Extended Static Checking: A Case Study. Electronic Notes in Theoretical Computer Science 157(2), 119–132 (2006)CrossRefGoogle Scholar
  48. 48.
    Stallman, R.: Using the GNU Compiler Collection (GCC): GCC Version 4.1.0, Free Software Foundation (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Patrice Chalin
    • 1
  • Perry R. James
    • 1
  1. 1.Dependable Software Research Group, Dept. of Computer Science and Software Engineering, Concordia University Montréal, QuébecCanada

Personalised recommendations