Checker framework report violation on theoretcally possible cases but practiacally impossible

[romani]

it was around for long and made very clear at
#18451 (comment)

if we consider Class methods wihtout context of execution, Checker is absolutely right that

    private static Set<String> getRecordComponentNames(DetailAST recordDef) {
        final Set<String> names = new HashSet<>();
        final DetailAST recordComponents = recordDef.findFirstToken(TokenTypes.RECORD_COMPONENTS);
        DetailAST child = recordComponents.getFirstChild();
        while (child != null) {
            if (child.getType() == TokenTypes.RECORD_COMPONENT_DEF) {
                names.add(child.findFirstToken(TokenTypes.IDENT).getText());
            }
            child = child.getNextSibling();
        }
        return names;
    }

has null potential probelm:

  <checkerFrameworkError unstable="false">
    <fileName>src/main/java/com/puppycrawl/tools/checkstyle/checks/annotation/MissingOverrideOnRecordAccessorCheck.java</fileName>
    <specifier>dereference.of.nullable</specifier>
    <message>dereference of possibly-null reference recordComponents</message>
    <lineContent>DetailAST child = recordComponents.getFirstChild();</lineContent>
  </checkerFrameworkError>

but due to limitations of Checkstyle, that we execute only on compiled sources only, this becomes not possible.
So we can not satisfy Checker, as it will produce dead code that will conflict with jacoco/pitest that we vale more that Checker.

Checker propose to disable such violations in code https://checkerframework.org/manual/#suppressing-warnings-nullness:

The Checker Framework supplies several ways to suppress warnings, most notably the @SuppressWarnings("nullness") annotation (see Chapter ‍33). An example use is

    // might return null
    @Nullable Object getObject(...) { ... }
    void myMethod() {
      @SuppressWarnings("nullness") // with argument x, getObject always returns a non-null value
      @NonNull Object o2 = getObject(x);
    }

This approach is very verbose and can pollute code, so we unlikely to use it, especially in middle of method body.

or special util method
https://checkerframework.org/manual/#suppressing-warnings-with-assertions
this might be interesting compromise to split cases where null is not possible(due to context that AST is of compiled sources) and cases where search for token can actaully return nothing/null.

    private static Set<String> getRecordComponentNames(DetailAST recordDef) {
        final Set<String> names = new HashSet<>();
        final DetailAST recordComponents = CheckstyleAssertUtil.notNull(recordDef.findFirstToken(TokenTypes.RECORD_COMPONENTS));
        DetailAST child = recordComponents.getFirstChild();
        while (child != null) {
            if (child.getType() == TokenTypes.RECORD_COMPONENT_DEF) {
                names.add(child.findFirstToken(TokenTypes.IDENT).getText());
            }
            child = child.getNextSibling();
        }
        return names;
    }

I do not like to have compilation dependency for Checker framework for now, so we can copy https://github.com/typetools/checker-framework/blob/master/checker-util/src/main/java/org/checkerframework/checker/nullness/util/NullnessUtil.java of some methods only to our project.

this might be good strategic point in scope of https://github.com/checkstyle/checkstyle/wiki/Checkstyle-GSoC-2025-Project-Ideas#project-name-extend-checker-framework-integration

[vivek-0509]

Hey @romani
I was analyzing the suppressions file and found that dereference.of.nullable is the largest category. Most of these involve patterns like findFirstToken(TokenTypes.IDENT).getText() or accessing child nodes that are guaranteed to exist by Java grammar, exactly the "theoretically possible but practically impossible" cases you mentioned. This makes it a good candidate to start with. We could create the utility class with a notNull() method and begin migrating these 294 suppressions incrementally, starting with the most common patterns like IDENT, PARAMETERS, and MODIFIERS lookups. Once the utility is in place and proven on a few files, it could also serve as a template for contributors who can further contribute to clear the suppression list.

[romani]

yes, we need first update to be prove of concept (POC) to see how code will looks like, to make sure it will not be ugly and hard to read.
ability to read clearly and quickly code is paramount in our project.

this should be not be very annoying technical noise, and we should see value in cases where null is actually possible, so we will be ok with technical until method usage in 50% of cases if we know it helps in other 50% (random numbers are used).

[vivek-0509]

Understood, I'll create a POC PR applying the utility to one check so we can evaluate the code readability together.

[seshathri044]

Hi I am Seshathri
I’m very interested in contributing to this project as part of GSoC. I would love to work on this first issue and learn more about the project. Could you please guide me on how to get started?

Thank you!

[vivek-0509]

@seshathri044
Please start with good first issues then move to good second and so on till good fifth then take any other issues that you like to solve. Comment on the issue "i am on it" if no one else is already working on the issue and start working.
Please read and watch videos on Youtube.
Then you can start contributing with the good-* issues.