@Nullable and SonarQube 'Conditionally executed blocks should be reachable' warning

Dmitri Maximovich

unread,

Oct 20, 2017, 9:36:18 AM10/20/17

to SonarQube

This is continuation of discussion started at StackOverflow:

https://stackoverflow.com/questions/46836447/nullable-and-sonarqube-conditionally-executed-blocks-should-be-reachable-warn

I would copy the original message here for convenience:

============================================================================

Package has following package-info.java:

@ParametersAreNonnullByDefault
package foo;
import javax.annotation.ParametersAreNonnullByDefault;

Class has the following method:

private static String toIsoString(@Nullable Instant dateTime) {
  return dateTime == null ? null : dateTime.toString();
}

On which SonarQube (Version 6.2, SonarJava 4.14.0.11784) gives the following warning (squid:S2583):

How can I convince SonarQube that the code is actually correct?

Interestingly, SonarLint plugin (3.0.0.2041) in Idea and FindBugs doesn't generate the same warning

(but do correctly generate warning in case of omitted @Nullable annotation on argument).

Nicolas Peru

unread,

Oct 24, 2017, 5:38:59 AM10/24/17

to Dmitri Maximovich, SonarQube

Hi,

This is quite suprising that you have a discrepancy between what you see on SonarQube and in SonarLint : are you using the connected mode ?

If yes, how do you analyse the project on the server and how is configured sonar.java.libraries ?

Cheers,

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e9f1651b-552f-4aac-a551-1814f2f92001%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Nicolas Peru | SonarSource

Senior Developer

https://t witter.com/benzonico

https://sonarsource.com

Dmitri Maximovich

unread,

Oct 24, 2017, 3:11:04 PM10/24/17

to Nicolas Peru, SonarQube

SonarLint is used in connected mode, pointing to the same SonarQube server.

Analysis is triggered in Jenkins, via 'Execute SonarQube Scanner' post-step.

I'm not setting 'sonar.java.libraries' in analysis properties - only '*.sonar.sources=src/main/java' and '*.sonar.java.binaries=target/classes'.

Scanner does complain about it: WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property

This is multi-module maven project, so it's not clear to me how to specify sonar.java.libraries?

Thanks,

On Tue, Oct 24, 2017 at 5:38 AM, Nicolas Peru <nicola...@sonarsource.com> wrote:

Hi,

This is quite suprising that you have a discrepancy between what you see on SonarQube and in SonarLint : are you using the connected mode ?
If yes, how do you analyse the project on the server and how is configured sonar.java.libraries ?

Cheers,

Le ven. 20 oct. 2017 à 15:36, Dmitri Maximovich <ma...@maximdim.com> a écrit :

This is continuation of discussion started at StackOverflow:

https://stackoverflow.com/questions/46836447/nullable-and-sonarqube-conditionally-executed-blocks-should-be-reachable-warn

I would copy the original message here for convenience:

============================================================================
Package has following package-info.java:
@ParametersAreNonnullByDefault
package foo;
import javax.annotation.ParametersAreNonnullByDefault;
Class has the following method:
private static String toIsoString(@Nullable Instant dateTime) {
  return dateTime == null ? null : dateTime.toString();
}
On which SonarQube (Version 6.2, SonarJava 4.14.0.11784) gives the following warning (squid:S2583):

How can I convince SonarQube that the code is actually correct?

Interestingly, SonarLint plugin (3.0.0.2041) in Idea and FindBugs doesn't generate the same warning
(but do correctly generate warning in case of omitted @Nullable annotation on argument).

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e9f1651b-552f-4aac-a551-1814f2f92001%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Nicolas Peru | SonarSource
Senior Developer
https://t witter.com/benzonico
https://sonarsource.com

--

Sincerely,
Dmitri Maximovich

Nicolas Peru

unread,

Nov 6, 2017, 8:46:05 AM11/6/17

to Dmitri Maximovich, SonarQube

Hi Dmitri,

As far as I understand you are not using sonar-scanner for maven on your maven project : I can only advise you to do so as the scanner will take part of configuring the dependencies for you.

What is most probably happening here is that one of the annotation is not recognized on your server analysis (can you specify what is the full name of the annotation used on the parameter of your method ? ) and leads to the FP you see in that case.

Cheers,

To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e9f1651b-552f-4aac-a551-1814f2f92001%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Nicolas Peru | SonarSource
Senior Developer
https://t witter.com/benzonico
https://sonarsource.com

--
Sincerely,
Dmitri Maximovich

Dmitri Maximovich

unread,

Nov 7, 2017, 10:38:05 AM11/7/17

to Nicolas Peru, SonarQube

Nicolas,

Thanks for getting back to me. I have switched from sonar-scanner to sonar maven plugin and the issue indeed seems to be resolved now.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e9f1651b-552f-4aac-a551-1814f2f92001%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Nicolas Peru | SonarSource
Senior Developer
https://t witter.com/benzonico
https://sonarsource.com

--
Sincerely,
Dmitri Maximovich

--
Nicolas Peru | SonarSource
Senior Developer
https://t witter.com/benzonico
https://sonarsource.com

--

Sincerely,
Dmitri Maximovich

Nicolas Peru

unread,

Nov 7, 2017, 10:49:51 AM11/7/17

to Dmitri Maximovich, SonarQube

Great, thanks for letting me know it worked out and thanks for completing your question on StackOverflow !

Cheers,

To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e9f1651b-552f-4aac-a551-1814f2f92001%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Nicolas Peru | SonarSource
Senior Developer
https://t witter.com/benzonico
https://sonarsource.com

--
Sincerely,
Dmitri Maximovich

--
Nicolas Peru | SonarSource
Senior Developer
https://t witter.com/benzonico
https://sonarsource.com

--
Sincerely,
Dmitri Maximovich

Reply all

Reply to author

Forward