Convert Figma logo to code with AI

uber logoNullAway

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

3,619
290
3,619
109
View on GitHub

Top Related Projects

google's avatar

error-prone

6,825

Catch common Java mistakes as compile-time errors

facebook's avatar

infer

14,889

A static analyzer for Java, C, C++, and Objective-C

spotbugs's avatar

spotbugs

3,450

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

checkstyle's avatar

checkstyle

8,282

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

pmd's avatar

pmd

4,797

An extensible multilanguage static code analyzer.

detekt's avatar

detekt

6,200

Static code analysis for Kotlin

Quick Overview

NullAway is a tool to help eliminate NullPointerExceptions (NPEs) in Java programs. It is a type-based null-safety checker for Java that aims to be low-overhead, fast, and practical. NullAway is designed to be used as part of the Error Prone framework and can be easily integrated into Gradle and Maven builds.

Pros

  • Fast and low-overhead, suitable for use in large codebases
  • Integrates seamlessly with Error Prone and build tools like Gradle and Maven
  • Provides a good balance between soundness and precision
  • Customizable through annotations and configuration options

Cons

  • Not a fully sound analysis, may miss some potential null pointer exceptions
  • Requires some code annotations to work effectively
  • Limited to Java language (not applicable to other JVM languages)
  • May require changes to existing codebases for full adoption

Code Examples

  1. Annotating a method parameter as non-null:
import javax.annotation.Nonnull;

public void processName(@Nonnull String name) {
    System.out.println("Processing: " + name.toUpperCase());
}
  1. Using @Nullable annotation for optional values:
import javax.annotation.Nullable;

public class Person {
    private @Nullable String middleName;

    public @Nullable String getMiddleName() {
        return middleName;
    }
}
  1. Initializing fields in constructors to avoid null checks:
public class Car {
    private final String make;
    private final String model;

    public Car(String make, String model) {
        this.make = make;
        this.model = model;
    }
}

Getting Started

To use NullAway in a Gradle project:

  1. Add the following to your build.gradle file:
plugins {
    id "net.ltgt.errorprone" version "2.0.2"
}

dependencies {
    errorprone "com.google.errorprone:error_prone_core:2.10.0"
    errorproneJavac "com.google.errorprone:javac:9+181-r4173-1"
    implementation "com.uber.nullaway:nullaway:0.9.7"
}

tasks.withType(JavaCompile) {
    options.errorprone {
        check("NullAway", CheckSeverity.ERROR)
        option("NullAway:AnnotatedPackages", "com.example")
    }
}
  1. Run your Gradle build as usual, and NullAway will report potential null pointer issues.

Competitor Comparisons

google logo

error-prone

6,825

Catch common Java mistakes as compile-time errors

Pros of Error Prone

  • Broader scope: Detects a wide range of potential errors beyond null pointer issues
  • More mature project: Longer development history and larger community support
  • Integration with popular build tools: Seamless integration with Maven, Gradle, and Bazel

Cons of Error Prone

  • Higher complexity: Steeper learning curve due to extensive configuration options
  • Potential for false positives: May flag some valid code patterns as errors
  • Performance impact: Can slow down build times, especially for large projects

Code Comparison

Error Prone:

@Nullable String name;
void greet() {
  System.out.println("Hello, " + name.toLowerCase());
}

NullAway:

@Nullable String name;
void greet() {
  if (name != null) {
    System.out.println("Hello, " + name.toLowerCase());
  }
}

In this example, Error Prone would flag the potential null pointer dereference in the first snippet, while NullAway would require the null check as shown in the second snippet to pass its analysis.

facebook logo

infer

14,889

A static analyzer for Java, C, C++, and Objective-C

Pros of Infer

  • Supports multiple languages (Java, C/C++, Objective-C)
  • More comprehensive analysis, including memory safety and concurrency issues
  • Can analyze large codebases incrementally

Cons of Infer

  • Slower analysis compared to NullAway
  • More complex setup and integration process
  • May produce more false positives due to its conservative analysis

Code Comparison

NullAway:

@Nullable
String getName() {
    return null;
}

void printName() {
    System.out.println(getName().length()); // NullAway warns about potential NPE
}

Infer:

@Nullable
String getName() {
    return null;
}

void printName() {
    System.out.println(getName().length()); // Infer reports a null dereference error
}

Both tools can detect potential null pointer exceptions, but Infer provides more detailed analysis and can catch a wider range of issues beyond null safety. NullAway is faster and easier to integrate, making it suitable for quick checks during development, while Infer is better suited for thorough analysis in larger projects across multiple languages.

spotbugs logo

spotbugs

3,450

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Pros of SpotBugs

  • Broader scope: Detects a wide range of bug patterns beyond null pointer issues
  • Mature project: Long-standing history and extensive community support
  • Flexible integration: Works with various build tools and IDEs

Cons of SpotBugs

  • Performance: Generally slower analysis compared to NullAway
  • False positives: May produce more false positives, requiring manual review
  • Setup complexity: Can be more challenging to configure and customize

Code Comparison

SpotBugs annotation:

@CheckForNull
public String getName() {
    return name;
}

NullAway annotation:

@Nullable
public String getName() {
    return name;
}

Both tools use annotations to indicate nullable references, but SpotBugs uses @CheckForNull while NullAway uses @Nullable. NullAway's approach is more aligned with the standard Java nullability annotations.

SpotBugs offers a comprehensive static analysis tool that covers various bug patterns, making it suitable for projects requiring extensive code quality checks. NullAway, on the other hand, focuses specifically on null pointer exceptions, providing faster analysis and easier integration for projects primarily concerned with nullability issues.

checkstyle logo

checkstyle

8,282

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

Pros of Checkstyle

  • Broader scope: Checks a wide range of coding style and formatting issues beyond null pointer exceptions
  • Highly configurable: Offers extensive customization options for coding standards
  • Language agnostic: Can be used with multiple programming languages, not just Java

Cons of Checkstyle

  • Performance: May be slower for large codebases compared to NullAway's focused approach
  • Learning curve: More complex configuration due to its extensive feature set
  • False positives: May generate more false positives due to its broader scope

Code Comparison

Checkstyle configuration example:

<module name="Checker">
  <module name="TreeWalker">
    <module name="NullPointerException"/>
  </module>
</module>

NullAway usage example:

@NullAway(checkOptionalEmptiness = true, suggestSuppressions = true)
public class MyClass {
    // Your code here
}

Both tools aim to improve code quality, but NullAway focuses specifically on null pointer exceptions in Java, while Checkstyle offers a more comprehensive approach to code style and formatting across multiple languages. NullAway may be more suitable for projects primarily concerned with null safety, while Checkstyle is better for enforcing broader coding standards.

pmd logo

pmd

4,797

An extensible multilanguage static code analyzer.

Pros of PMD

  • Broader scope: Analyzes various code quality issues beyond null pointer exceptions
  • Language support: Works with multiple programming languages, not just Java
  • Customizable: Allows users to define custom rules and rulesets

Cons of PMD

  • Performance: May be slower for large codebases compared to NullAway
  • False positives: Can generate more false positives, requiring manual review
  • Setup complexity: Requires more configuration and setup than NullAway

Code Comparison

PMD example:

<rule ref="category/java/errorprone.xml/NullAssignment"/>
<rule ref="category/java/errorprone.xml/ReturnFromFinallyBlock"/>

NullAway example:

@NullAway(checkOptionalEmptiness = true, suggestSuppressions = true)
public class MyClass {
    // Your code here
}

PMD offers a wide range of rules across multiple categories, while NullAway focuses specifically on null pointer exceptions in Java. PMD's XML configuration allows for fine-grained control over rule selection, whereas NullAway uses annotations for configuration. NullAway is generally faster and more focused, making it easier to integrate into large Java projects, while PMD provides a more comprehensive code analysis tool for multiple languages.

detekt logo

detekt

6,200

Static code analysis for Kotlin

Pros of detekt

  • Broader scope: Analyzes various code quality issues beyond null safety
  • Highly customizable with extensive rule sets and configuration options
  • Supports multiple output formats for integration with various tools

Cons of detekt

  • Potentially slower analysis due to broader scope
  • May require more setup and configuration for specific use cases
  • Not as specialized in null pointer analysis as NullAway

Code Comparison

detekt example:

val config = DetektConfiguration {
    formatting {
        MaximumLineLength(120)
    }
    style {
        MagicNumber(active = false)
    }
}

NullAway example:

@Nullable
public String getName() {
    return name;
}

Key Differences

  • detekt focuses on overall code quality for Kotlin, while NullAway specializes in null pointer analysis for Java
  • detekt offers a wider range of code style and quality checks, whereas NullAway is more targeted and lightweight
  • NullAway integrates seamlessly with the Java compiler, while detekt runs as a separate analysis tool

Use Cases

  • Choose detekt for comprehensive Kotlin code quality analysis and customizable rule sets
  • Opt for NullAway when focusing specifically on null pointer issues in Java projects with minimal overhead

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

NullAway: Fast Annotation-Based Null Checking for Java Build Status Coverage Status

NullAway is a tool to help eliminate NullPointerExceptions (NPEs) in your Java code. To use NullAway, first add @Nullable annotations in your code wherever a field, method parameter, or return value may be null. Given these annotations, NullAway performs a series of type-based, local checks to ensure that any pointer that gets dereferenced in your code cannot be null. NullAway is similar to the type-based nullability checking in the Kotlin and Swift languages, and the Checker Framework and Eradicate null checkers for Java.

NullAway is fast. It is built as a plugin to Error Prone and can run on every single build of your code. In our measurements, the build-time overhead of running NullAway is usually less than 10%. NullAway is also practical: it does not prevent all possible NPEs in your code, but it catches most of the NPEs we have observed in production while imposing a reasonable annotation burden, giving a great "bang for your buck."

Installation

Overview

NullAway requires that you build your code with Error Prone, version 2.14.0 or higher. See the Error Prone documentation for instructions on getting started with Error Prone and integration with your build system. The instructions below assume you are using Gradle; see the docs for discussion of other build systems.

Gradle

Java (non-Android)

To integrate NullAway into your non-Android Java project, add the following to your build.gradle file:

plugins {
  // we assume you are already using the Java plugin
  id "net.ltgt.errorprone" version "<plugin version>"
}

dependencies {
  errorprone "com.uber.nullaway:nullaway:<NullAway version>"

  // Some source of nullability annotations; JSpecify recommended,
  // but others supported as well.
  api "org.jspecify:jspecify:1.0.0"

  errorprone "com.google.errorprone:error_prone_core:<Error Prone version>"
}

import net.ltgt.gradle.errorprone.CheckSeverity

tasks.withType(JavaCompile) {
  // remove the if condition if you want to run NullAway on test code
  if (!name.toLowerCase().contains("test")) {
    options.errorprone {
      check("NullAway", CheckSeverity.ERROR)
      option("NullAway:AnnotatedPackages", "com.uber")
    }
  }
}

Let's walk through this script step by step. The plugins section pulls in the Gradle Error Prone plugin for Error Prone integration.

In dependencies, the first errorprone line loads NullAway, and the api line loads the JSpecify library which provides suitable nullability annotations, e.g., org.jspecify.annotations.Nullable. NullAway allows for any @Nullable annotation to be used, so, e.g., @Nullable from the AndroidX annotations Library or JetBrains annotations is also fine. The second errorprone line sets the version of Error Prone is used.

Finally, in the tasks.withType(JavaCompile) section, we pass some configuration options to NullAway. First check("NullAway", CheckSeverity.ERROR) sets NullAway issues to the error level (it's equivalent to the -Xep:NullAway:ERROR standard Error Prone argument); by default NullAway emits warnings. Then, option("NullAway:AnnotatedPackages", "com.uber") (equivalent to the -XepOpt:NullAway:AnnotatedPackages=com.uber standard Error Prone argument) tells NullAway that source code in packages under the com.uber namespace should be checked for null dereferences and proper usage of @Nullable annotations, and that class files in these packages should be assumed to have correct usage of @Nullable (see the docs for more detail). NullAway requires at least the AnnotatedPackages configuration argument to run, in order to distinguish between annotated and unannotated code. See the configuration docs for other useful configuration options. For even simpler configuration of NullAway options, use the Gradle NullAway plugin.

We recommend addressing all the issues that Error Prone reports, particularly those reported as errors (rather than warnings). But, if you'd like to try out NullAway without running other Error Prone checks, you can use options.errorprone.disableAllChecks (equivalent to passing "-XepDisableAllChecks" to the compiler, before the NullAway-specific arguments).

Android

Versions 3.0.0 and later of the Gradle Error Prone Plugin no longer support Android. So if you're using a recent version of this plugin, you'll need to add some further configuration to run Error Prone and NullAway. Our sample app build.gradle file shows one way to do this, but your Android project may require tweaks. Alternately, 2.x versions of the Gradle Error Prone Plugin still support Android and may still work with your project.

Beyond that, compared to the Java configuration, the JSpecify dependency can be removed; you can use the androidx.annotation.Nullable annotation from the AndroidX annotation library instead.

Annotation Processors / Generated Code

Some annotation processors like Dagger and AutoValue generate code into the same package namespace as your own code. This can cause problems when setting NullAway to the ERROR level as suggested above, since errors in this generated code will block the build. Currently the best solution to this problem is to completely disable Error Prone on generated code, using the -XepExcludedPaths option added in Error Prone 2.1.3 (documented here, use options.errorprone.excludedPaths= in Gradle). To use, figure out which directory contains the generated code, and add that directory to the excluded path regex.

Note for Dagger users: Dagger versions older than 2.12 can have bad interactions with NullAway; see here. Please update to Dagger 2.12 to fix the problem.

Lombok

Unlike other annotation processors above, Lombok modifies the in-memory AST of the code it processes, which is the source of numerous incompatibilities with Error Prone and, consequently, NullAway.

We do not particularly recommend using NullAway with Lombok. However, NullAway encodes some knowledge of common Lombok annotations and we do try for best-effort compatibility. In particular, common usages like @lombok.Builder and @Data classes should be supported.

In order for NullAway to successfully detect Lombok generated code within the in-memory Java AST, the following configuration option must be passed to Lombok as part of an applicable lombok.config file:

lombok.addLombokGeneratedAnnotation = true

This causes Lombok to add @lombok.Generated to the methods/classes it generates. NullAway will ignore (i.e. not check) the implementation of this generated code, treating it as unannotated.

Code Example

Let's see how NullAway works on a simple code example:

static void log(Object x) {
    System.out.println(x.toString());
}
static void foo() {
    log(null);
}

This code is buggy: when foo() is called, the subsequent call to log() will fail with an NPE. You can see this error in the NullAway sample app by running:

cp sample/src/main/java/com/uber/mylib/MyClass.java.buggy sample/src/main/java/com/uber/mylib/MyClass.java
./gradlew build

By default, NullAway assumes every method parameter, return value, and field is non-null, i.e., it can never be assigned a null value. In the above code, the x parameter of log() is assumed to be non-null. So, NullAway reports the following error:

warning: [NullAway] passing @Nullable parameter 'null' where @NonNull is required
    log(null);
        ^

We can fix this error by allowing null to be passed to log(), with a @Nullable annotation:

static void log(@Nullable Object x) {
    System.out.println(x.toString());
}

With this annotation, NullAway points out the possible null dereference:

warning: [NullAway] dereferenced expression x is @Nullable
    System.out.println(x.toString());
                        ^

We can fix this warning by adding a null check:

static void log(@Nullable Object x) {
    if (x != null) {
        System.out.println(x.toString());
    }
}

With this change, all the NullAway warnings are fixed.

For more details on NullAway's checks, error messages, and limitations, see our detailed guide.

Support

Please feel free to open a GitHub issue if you have any questions on how to use NullAway. Or, you can join the NullAway Discord server and ask us a question there.

Contributors

We'd love for you to contribute to NullAway! Please note that once you create a pull request, you will be asked to sign our Uber Contributor License Agreement.

License

NullAway is licensed under the MIT license. See the LICENSE.txt file for more information.