[JSR308] A little prototype experience...
Perry James
perry.dsrg at gmail.com
Sat May 5 10:35:07 EDT 2007
I don't think we want to limit ourselves to static analysis, as dynamic
checking also has its place. Remember, Java's static type system is not
sound, but is only safe because of runtime checks.
A motivating example for our discussion: Casts are needed in a non-null type
system when a reference's non-null-ness can't be determined by type or flow
analysis. Runtime checks should be emitted to throw a cast exception if
null is ever cast to non-null. This would prevent a reference declared to
be non-null from ever becoming null, and thus prevent a later null-pointer
exception.
Perry
On 5/4/07, Arnout Engelen <arnouten at bzzt.net> wrote:
>
> Neal Gafter wrote:
> > I was unable to build the @NonNull checker, but I believe null
> > checking cannot be done statically in Java, even with user
> > annotations. Once I get the checker working I'll demonstrate with a
> > small program that throws a NullPointerException on the use of a
> > variable whose type was annotated @NonNull.
> I'd agree it's probably impossible to write a real-world @NonNull
> checker that is both sound and complete.
>
> However, I do think such a checker can be useful, even if it's neither
> sound nor complete - just look at existing tools like ESC/Java2 and
> FindBugs. And even in the abcense of tools, a programmer might wish to
> (`formally') express his design intentions, even if the tooling can't
> always check that the code indeed satisfies them.
>
>
> Arnout
>
> _______________________________________________
> JSR308 mailing list
> JSR308 at lists.csail.mit.edu
> https://lists.csail.mit.edu/mailman/listinfo/jsr308
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.csail.mit.edu/pipermail/jsr308/attachments/20070505/cc6f1bb7/attachment.html
More information about the JSR308
mailing list