#1253 Null Pointer Exception not detected

[walid]

in the following example, a nullPointerException is not detected

public class Person {

public String name;

public void setName(String name) {
    this.name = name;
}

public void method2(int x) {
    Person p = null;
    if (x>0) {
        p = new Person();
        p.setName("name1");
    }
    if (x < 0) {
        p.setName("name2");
    }
}

}

[bogdan]

as for Findbug 2.0.3.20131122-15027 within Eclipse Java EE IDE Kepler nullPointer is detected on "p.setName("name2");" line.

[William Pugh]

FindBugs does not try to do sophisticated analysis (which tends to produce false positives); rather, it try to find clear errors that can be found with simple analysis.

This is not a case that null pointer analysis in FindBugs is designed to report.

[Tagir Valeev]

Actually I had an idea how to fix this based on my ValueRangeAnalysis. Currently it can split integer value ranges (in this case x value range will be splitted into (-inf,-1)&{0}&(1,+inf)). My idea is to generate new CFG for each range by cloning the existing CFG and removing unreachable edges, then create new VNA and INV dataflows for this updated CFG and redo the null analysis (at least partially). Doing this we can robustly detect that NPE will occur for (-inf,-1) x range. But this feature is hard to implement (probably harder than I think) and may be quite slow. So if I ever implement it, it would probably become an optional detector.

[William Pugh]

This is not the kind of bug FindBugs is designed to report. We have lots and lots of false negatives (buggy code that we don't report as a bug). And null pointer bugs aren't very serious bugs in Java (they are noisy bugs: if they occur, they are easy to notice and diagnose).

Rather, we strive to generate high quality reports of high impact buggy code using an simple understandable analysis model.

Trying to actually do feasible path analysis in a program is an undecidable problem, and hard to get even approximately right.