-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider adding @NotNull or similar to the code base #11848
Comments
Not a big fan, as it adds boilerplate. |
I'm not a fan either. There are so many annotations that can be applied to code that we're in danger having more annotations than code. Besides, if our AI overlords are as smart as predicted, then soon they won't need annotations to understand the code and suggest null checks etc to developers. |
I am a fan. This would benefit our users the most. Based on comment from @cowwoc at #11843 (comment) The following could be used... (copied from #11843 (comment)) The <dependency>
<groupId>org.eclipse.jdt</groupId>
<artifactId>org.eclipse.jdt.annotation</artifactId>
<version>2.3.0</version>
</dependency> It's pretty lightweight too ...
The pom also has no dependencies, or even a parent pom. |
Why not, as those static analysis tools are getting really popular and can be useful but is there any build tool plugin supporting this annotation I would prefer something we can set up to be integrated into build (CI etc..) for us or for users (for such static analysis we cannot rely only on IDE). |
I don't see any value added, and a lot of work to be done to change our code to add annotations, that would only work on parameters but not return values. It's like adding Plus, there are a million places where the parameter would actually be non-null in the real code, but we pass null in tests. And another million cases where the code flow is such that the parameter or field is assigned only once with a non-null value, but technically must be nullable (for example when we recycle objects). Sure, we can do 10x the work, and workaround all the above cases and more that I have not mentioned. Not worth it, and we have so much else more important to do than this. |
Not sure what you mean with stupid example but
And another class
The static analysis tool will fail and detect 2 possible errors which can help us and potentially our users:
Currently we are just writing javadoc but it's nothing but automated.
yes I definitely agree on useless
|
Your mileage may vary... The only annotation that I personally use is IntelliJ (and possibly others IDEs) are able to detect whether a method may return null or not, regardless of whether you annotate the method. What they can't detect is thread-safety and "intent" (how the API is meant to be used). For example, if your API exposes a builder pattern and the user forgets to invoke When it comes to tools like SpotBugs I opted to use PMD instead, mostly because I like that it scans source-code instead of class files. Both SpotBugs and PMD contain false-positives that will annoy you. So they will definitely add to your workload. At the same time, they will catch low-hanging bugs proactively before your users run into them. My suggestion is that if you use a tool like SpotBugs or PMD, don't enable all the rules. Pick a small subset of rules that are dependable (low false-positive rate) and run with them. Some rules, like the all-popular "cyclomatic complexity" measure, are very opaque so it becomes very difficult to tune them to a reasonable value. I just turn them off. On the other hand, simple rules like detecting unused imports or fields, or ensuring a consistent naming convention for constants... those are very transparent and useful, especially when it comes to PRs. They catch a lot of the low-hanging fruit for you. |
we already have spotbugs report available in CI https://jenkins.webtide.net/job/jetty.project/job/jetty-12.0.x/2057/analysis-jdk17/origin.-1831077759/ |
@olamy I fail the build on any violations so reports can't be ignored. But that's just me :) |
I'm not interested in anything for post analysis like spot-bugs. It is only worthwhile if the code actually fails to compile and you get warnings as you write the code. My limited experience with this is from working in the spring-framework and the benefits that I see are:
That code base appears to assume that all returns and parameters are not null unless annotated otherwise. That does remove the need to put in lots of annotations, but I fear we have lots of nullables, so probably not so much. I think there may be some small net benefit, but a bit effort would be needed to retrofit all the code.... now is probably not the time. Perhaps we could go with the (current) assumption that all returns and params are nullable, unless annotated otherwise. We could then optionally start using a notNull in new code.... but I'd like to see an experiment done before we added a dependency for this. |
springframework is using error-prone compiler with this https://github.com/uber/NullAway |
I don't think we have time to do this before 12.1, so I'm putting this into the roadmap for later consideration. |
I am not a fan of these annotations. In our PR for spring-framework, I was working on a websocket endpoint where we know So these annotations are restrictive in these situations where you have some context to know why it is not null, and if the null check is not there the code won't compile. It could be quite an effort to update all these cases in the code base and it could introduce a lot of unnecessary null checks. |
Jetty version(s)
Jetty 9.x is now at End of Community Support
Enhancement Description
But which one?
There is some suggestion that we can just make our own and modern IDEs will pattern match it?
The text was updated successfully, but these errors were encountered: