SONARJAVA-1460 - Nullability constraint on an object checked with Objects null checking methods

Author: DidierBesset

java-squid/src/main/java/org/sonar/java/se/ConstraintManager.java

@@ -21,6 +21,7 @@
 
 import com.google.common.base.Preconditions;
 import com.google.common.collect.ImmutableList;
+import org.sonar.java.se.symbolicvalues.NullCheckSymbolicValue;
 import org.sonar.java.se.symbolicvalues.RelationalSymbolicValue;
 import org.sonar.java.se.symbolicvalues.SymbolicValue;
 import org.sonar.plugins.java.api.semantic.Symbol;
@@ -103,6 +104,14 @@ public SymbolicValue createMethodSymbolicValue(MethodInvocationTree syntaxNode,
       SymbolicValue leftOp = values.get(0);
       SymbolicValue rightOp = values.get(1);
       result.computedFrom(ImmutableList.of(rightOp, leftOp));
+    } else if (ExplodedGraphWalker.isObjectsMethod(syntaxNode, "isNull", 1)) {
+      result = new NullCheckSymbolicValue(counter, true);
+      SymbolicValue operand = values.get(1);
+      result.computedFrom(ImmutableList.of(operand));
+    } else if (ExplodedGraphWalker.isObjectsMethod(syntaxNode, "nonNull", 1)) {
+      result = new NullCheckSymbolicValue(counter, false);
+      SymbolicValue operand = values.get(1);
+      result.computedFrom(ImmutableList.of(operand));
     } else {
       result = createDefaultSymbolicValue(syntaxNode);
     }

java-squid/src/main/java/org/sonar/java/se/ExplodedGraphWalker.java

@@ -81,6 +81,7 @@ public class ExplodedGraphWalker extends BaseTreeVisitor {
   private static final int MAX_STEPS = 10000;
   private static final Logger LOG = LoggerFactory.getLogger(ExplodedGraphWalker.class);
   private static final Set<String> THIS_SUPER = ImmutableSet.of("this", "super");
+  public static final String OBJECT_CLASS_NAME = "java.lang.Object";
 
   private static final boolean DEBUG_MODE_ACTIVATED = false;
   private static final int MAX_EXEC_PROGRAM_POINT = 2;
@@ -574,6 +575,17 @@ private static boolean isLocalMethodInvocation(MethodInvocationTree tree) {
     return false;
   }
 
+  public static boolean isObjectsMethod(MethodInvocationTree syntaxNode, String methodName, int numberOfParameter) {
+    Symbol symbol = syntaxNode.symbol();
+    if (symbol.isMethodSymbol()) {
+      Symbol.MethodSymbol methodSymbol = (Symbol.MethodSymbol) symbol;
+      if (methodSymbol.owner().type().is("java.util.Objects") && methodName.equals(methodSymbol.name())) {
+        return methodSymbol.parameterTypes().size() == numberOfParameter;
+      }
+    }
+    return false;
+  }
+
   private void resetFieldValues() {
     programState = programState.resetFieldValues(constraintManager);
   }

java-squid/src/main/java/org/sonar/java/se/checks/NullDereferenceCheck.java

@@ -26,6 +26,7 @@
 import org.sonar.check.Rule;
 import org.sonar.java.model.DefaultJavaFileScannerContext;
 import org.sonar.java.se.CheckerContext;
+import org.sonar.java.se.ExplodedGraphWalker;
 import org.sonar.java.se.ObjectConstraint;
 import org.sonar.java.se.ProgramState;
 import org.sonar.java.se.symbolicvalues.SymbolicValue;
@@ -51,6 +52,8 @@
 @ActivatedByDefault
 public class NullDereferenceCheck extends SECheck implements JavaFileScanner {
 
+  private static final String REQUIRE_NON_NULL_METHOD_NAME = "requireNonNull";
+
   @Override
   public void scanFile(JavaFileScannerContext context) {
     Multimap<Tree, String> issues = ((DefaultJavaFileScannerContext) context).getSEIssues(NullDereferenceCheck.class);
@@ -70,6 +73,14 @@ public ProgramState checkPreStatement(CheckerContext context, Tree syntaxNode) {
     if (syntaxNode.is(Tree.Kind.METHOD_INVOCATION)) {
       MethodInvocationTree methodInvocation = (MethodInvocationTree) syntaxNode;
       toCheck = methodInvocation.methodSelect();
+      if (ExplodedGraphWalker.isObjectsMethod(methodInvocation, REQUIRE_NON_NULL_METHOD_NAME, 1)) {
+        final List<SymbolicValue> values = context.getState().peekValues(2);
+        return context.getState().addConstraint(values.get(1), ObjectConstraint.NOT_NULL);
+      } else if (ExplodedGraphWalker.isObjectsMethod(methodInvocation, REQUIRE_NON_NULL_METHOD_NAME, 2)
+        || ExplodedGraphWalker.isObjectsMethod(methodInvocation, REQUIRE_NON_NULL_METHOD_NAME, 2)) {
+        final List<SymbolicValue> values = context.getState().peekValues(3);
+        return context.getState().addConstraint(values.get(2), ObjectConstraint.NOT_NULL);
+      }
     }
     if (toCheck.is(Tree.Kind.MEMBER_SELECT)) {
       return checkMemberSelect(context, (MemberSelectExpressionTree) toCheck, currentVal);

java-squid/src/main/java/org/sonar/java/se/symbolicvalues/NullCheckSymbolicValue.java

@@ -0,0 +1,49 @@
+/*
+ * SonarQube Java
+ * Copyright (C) 2012-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.java.se.symbolicvalues;
+
+import com.google.common.collect.ImmutableList;
+import org.sonar.java.se.ConstraintManager.BooleanConstraint;
+import org.sonar.java.se.ObjectConstraint;
+import org.sonar.java.se.ProgramState;
+import org.sonar.java.se.symbolicvalues.SymbolicValue.UnarySymbolicValue;
+
+import java.util.List;
+
+public class NullCheckSymbolicValue extends UnarySymbolicValue {
+
+  private boolean isNull;
+
+  public NullCheckSymbolicValue(int id, boolean isNull) {
+    super(id);
+    this.isNull = isNull;
+  }
+
+  @Override
+  public List<ProgramState> setConstraint(ProgramState programState, BooleanConstraint booleanConstraint) {
+    final ObjectConstraint constraint;
+    if (BooleanConstraint.TRUE.equals(booleanConstraint)) {
+      constraint = isNull ? ObjectConstraint.NULL : ObjectConstraint.NOT_NULL;
+    } else {
+      constraint = isNull ? ObjectConstraint.NOT_NULL : ObjectConstraint.NULL;
+    }
+    return ImmutableList.of(programState.addConstraint(operand, constraint));
+  }
+}

java-squid/src/test/files/se/NullDereferenceCheck.java

@@ -1,7 +1,10 @@
 @SomeAnnotation(name = value)
 package javax.annotation;
 
+import java.util.function.Supplier;
+
 import java.util.List;
+import java.util.Objects;
 
 @interface CheckForNull {}
 

java-squid/src/test/files/se/ObjectsMethodsTest.java

@@ -0,0 +1,73 @@
+package java.util;
+
+import java.util.Objects;
+
+public class ObjectsNullCheck {
+  
+  public void parameterMaybeNullable(Object a) {
+    Object x = checkForNullMethod();
+    if (a.equals(x)) {
+      x.toString(); // Compliant: x cannot be null hereafter because of equality
+    }
+  }
+  
+  public void parameterNoLongerNullable(Object a) {
+    Object x = checkForNullMethod();
+    if (Objects.nonNull(x)) {
+      x.toString(); // Compliant: x was checked for non null
+    } else {
+      x.logNull(); // Noncompliant {{NullPointerException might be thrown as 'x' is nullable here}}
+    }
+  }
+  
+  public void parameterStillNullable(Object a) {
+    Object x = checkForNullMethod();
+    if (Objects.isNull(x)) {
+      log("was null");
+    } else {
+      x.toString(); // Compliant: x was checked for non null
+    }
+  }
+    
+  public void testRequireNull(Supplier<String> supplier) {
+    Object x = checkForNullMethod();
+    Objects.requireNonNull(x);
+    x.toString(); // Compliant: x was checked for non null
+    Object y = checkForNullMethod();
+    Objects.requireNonNull(y, "Should not be null!");
+    y.toString(); // Compliant: y was checked for non null
+    Object z = checkForNullMethod();
+    Objects.requireNonNull(z, supplier);
+    z.toString(); // Compliant: z was checked for non null
+  }
+}
+
+// Needed to ensure that all methods of Objects are declared (for tests with Java version prior to 1.8
+
+class Objects {
+  public static boolean isNull(Object obj) {
+    return obj == null;
+  }
+
+  public static boolean nonNull(Object obj) {
+    return obj != null;
+  }
+  
+  public static <T> T  requireNonNull(T obj) {
+    if (obj == null) {
+      throw new NullPointerException();
+    }
+  }
+  
+  public static <T> T  requireNonNull(T obj, String message) {
+    if (obj == null) {
+      throw new NullPointerException(message);
+    }
+  }
+  
+  public static <T> T  requireNonNull(T obj, Supplier<String> supplier) {
+    if (obj == null) {
+      throw new NullPointerException(supplier.get());
+    }
+  }
+}

java-squid/src/test/java/org/sonar/java/se/checks/NullDereferenceCheckTest.java

@@ -29,4 +29,9 @@ public void test() {
     JavaCheckVerifier.verify("src/test/files/se/NullDereferenceCheck.java", new NullDereferenceCheck());
   }
 
+  @Test
+  public void objectsMethodsTest() {
+    JavaCheckVerifier.verify("src/test/files/se/ObjectsMethodsTest.java", new NullDereferenceCheck());
+  }
+
 }