Pure Danger Tech


navigation
home

JavaOne: Pluggable Type Checking

02 Jun 2009

I clearly remember talking to Michael Nygard last year after he saw a JSR 308 talk where he proclaimed that the Javapocalypse was near. The concern was that this JSR gave you the ability to annotate many more things and create much robust type systems, although in doing so you would so thoroughly annotate your code that there wasn’t much actual code left.

I didn’t see that talk but I really enjoyed this talk and its introduction to how you can make your programs safer and fix bugs with annotations and compiler plugins. I definitely see that you can go crazy and create ornate type systems that do indeed render your code highly annoying. But I also see that you can use this stuff in moderation, creating type checkers where it is really important to your code. Overall, I’m much more interested in JSR 308 than I was before the talk.

Michael Ernst started with an overview of the benefits of pluggable type checkers: better program documentation, find bugs, actually guarantee that certain kinds of bugs don’t exist, and aid compilers and other tools in their work. The downsides are that you actually have to define the type system and write down the annotations in your program. Also, there is the strong possibility of false positives.

They have implemented a Checker Framework and a bunch of sample checkers for things like:

  • @NonNull – finds null dereference errors
  • @Immutable – detects incorrect mutation and side effects
  • @Interned – incorrect equality tests (== vs .equals())
  • security – encryption, tainting, access control, etc

Using a checker is done with a compiler plugin-in, as defined by JSR 269 pluggable annotation processors: [source:java]

javac -processor NullnessChecker MyFile.java

[/source]

In analysis that they’ve done, they have found that checkers are effective and feasible to run even on large programs (100ks LOC). They found bugs worth fixing in all programs they analyzed.

Checkers can’t generally find problems when you use reflection, native methods, stuff that is compiled separately, etc.

One interesting note was that all the different compilers use their own compilers (even though there is a standard), so that has to be dealt with for javac, Eclipse, etc.

You can find the Checker Framework online now and the new annotation support will be in the JDK 7 code base at the end of this week.