声纳能否动态捕获由JVM引起的空指针异常 [英] Can sonar catch null pointer exceptions caused by JVM Dynamically
问题描述
我想问一下声纳能否在运行时找到由Java虚拟机引起的空指针异常?如果是,请告诉我哪个声纳法则为我们做.我非常困惑,因为声纳findbugs配置文件中存在一些规则,这些规则说声纳捕获空指针异常. findbugs规则之一避免引发空指针异常说,我们应该避免引发空指针异常.
I would like to ask can sonar find null pointer exception caused by java virtual machine at run time?? if yes please tell me which sonar rule do it for us. I am very much puzzled with it as there are some rules exist in sonar findbugs profile which say sonar catch null pointer exception. One of findbugs rule Avoid Throwing Null Pointer Exception say we should avoid throwing null pointer exception.
请澄清一下声纳是否可以捕获空指针异常或是否由JVM抛出?或者它只能捕获自定义的空指针异常(由开发人员生成)以及这些声纳规则的含义(空指针异常,空指针取消引用等)
please clarify me on that can sonar catch null pointer exception or not threw by JVM?? OR it can catch only customized null pointer exception(generated by developer) and what these sonar rules meant for(null pointer exception, null pointer dereference etc.)
请指导我了解这些声纳规则的真实情况.
please guide me to understand the real picture of these sonar rules.
提前谢谢!
推荐答案
是的,Sonar可以通过使用引擎盖下的FindBugs工具检测JVM抛出的NullPointerException(NPE).但是,它不能在运行时动态地做到这一点,因为FindBugs是 静态分析工具.
Yes, Sonar can detect NullPointerExceptions (NPEs) thrown by the JVM by using the FindBugs tool under the hood. However, it can not do so dynamically at runtime, because FindBugs is a static analysis tool.
从 FindBugs检测器中,选择键中带有NP_前缀的检测器,例如作为NP_ALWAYS_NULL.大约有30个此类探测器处理空指针分析.
From the FindBugs detectors, choose those with the NP_ prefix in their key, such as NP_ALWAYS_NULL. There are roughly 30 such detectors that deal with null pointer analysis.
请注意,FindBugs通过对代码进行 static 分析来工作.换句话说,它不会动态捕获" NPE或以某种方式执行代码的模拟运行并捕获" NPE.这将很难做到,因为每个可能的代码路径都需要测试用例.相反,FindBugs仅使用其检测器来分析类文件.
因此,您不会发现所有可能发生NPE的情况,但是由于检测器的数量众多,您将捕获最多的东西.此外,即使总有改进的空间,该领域中的某些FindBugs检测器也相当复杂.
Note that FindBugs works by static analysis of the code. In other words, it does not dynamically "catch" NPEs or somehow perform a simulated run of the code and "catch" NPEs. This would be hard to do because test cases would be required for every possible code path. Instead, FindBugs only analyses the class files using its detectors.
So you are not going to find all cases where NPEs can occur, but due to the sheer number of detectors, you are going to catch most. Also, some FindBugs detectors in this field are quite sophisticated, even though there is always room for improvement.
Note also that in order to help the detectors do their jobs, you may have to annotate method arguments and return values with null pointer analysis annotations (also in JSR305 here). If you search SO for these annotations, you will find lots of helpful advice on their correct usage in various environments.
这篇关于声纳能否动态捕获由JVM引起的空指针异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
