@Nullable and SonarQube 'Conditionally executed blocks should be reachable' warning

Asked 19/10, 2017 at 18:20 Answered 7/11, 2017 at 15:42

Package has following package-info.java:

@ParametersAreNonnullByDefault
package foo;
import javax.annotation.ParametersAreNonnullByDefault;

Class has the following method:

private static String toIsoString(@Nullable Instant dateTime) {
  return dateTime == null ? null : dateTime.toString();
}

On which SonarQube (Version 6.2, SonarJava 4.14.0.11784) gives the following warning (squid:S2583):

How can I convince SonarQube that the code is actually correct?

Interestingly, SonarLint plugin (3.0.0.2041) in Idea doesn't generate the same warning.

Jota answered 19/10, 2017 at 18:20 Comment(1)

May be check from where this is being called? It might be detecting that you are always passing null into the method. – Jawbone 19/10, 2017 at 18:26

Apparently, this problem was caused by us using sonar-scanner without specifying sonar.java.libraries. Since it's multimodule maven project it wasn't clear to us how to specify sonar.java.libraries correctly.

Nicolas Peru, from SonarSource, suggested that we should use sonar maven plugin, instead of sonar-scanner, as the plugin has access to build classpath of the project. Indeed that solved this problem for us.

Jota answered 7/11, 2017 at 15:42 Comment(1)

Adding link to ggroup thread relevant to this conclusion : groups.google.com/forum/#!topic/sonarqube/yHH8IQ6Hhcw – Strepitous 7/11, 2017 at 16:42

-2

The JavaDoc of @Nullable says (emphasis mine)

This annotation is useful mostly for overriding a Nonnull annotation. Static analysis tools should generally treat the annotated items as though they had no annotation, unless they are configured to minimize false negatives.

Correspondingly, SonarJava ignores the annotation.

If you'd like to challenge the course of action taken in SonarJava, please open a thread :-)

Housewares answered 20/10, 2017 at 11:50 Comment(5)

I would agree that if just 'Nullable' annotation is present it could be ignored, as by default methods could take null arguments in Java. However, in this case the package-level annotation indicates that by default arguments cannot be null and 'Nullable' on particular argument overrides that default. Please look at javadoc for 'javax.annotation.ParametersAreNonnullByDefault', which says: "This annotation can be applied to a package, class or method to indicate that the method parameters in that element are nonnull by default unless there is...An explicit nullness annotation" – Jota 20/10, 2017 at 13:3

@Jota if you'd like to challenge the course of action taken in SonarJava, please open a thread – Housewares 20/10, 2017 at 13:4

Done. Thanks. groups.google.com/forum/#!topic/sonarqube/yHH8IQ6Hhcw – Jota 20/10, 2017 at 13:37

You have quoted the Javadoc for FindBugs's version of @Nullable. FindBugs has a crazy definition of @Nullable that is different from every other tool. FindBugs has no right to specify what other "static analysis tools should" do, so one should disregard the bolded part of your quote. – Reamonn 7/11, 2017 at 17:45

Downvoters: I've stated what the rule does. If you'd like to challenge the course of action taken in SonarJava, please open a thread in the SonarQube Google Group. – Housewares 14/11, 2017 at 12:42

Recommended topics

Hot tags