When using 3rd party null annotations, please ensure that those are properly defined using at least a <code>@Target</code>

meta annotation, because otherwise the compiler can not distinguish between declaration annotations (Java 5)

and type annotations (Java 8). 

Semantic details of annotation based null analysis are presented here, by explaining the rules

that the compiler checks and the messages it issues upon violation of a rule.

</p>

<p>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en">

<head>

<meta name="copyright" content="Copyright (c) GK Software AG and others 2014. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page." >

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

<meta http-equiv="Content-Style-Type" content="text/css">

<link rel="stylesheet" href="../book.css" charset="ISO-8859-1" type="text/css">

<title>Using null type annotations</title>

</head>

<body>

<h1> Using null type annotations </h1>

<p>

Starting with Java 8, null annotations can be used in a new and more powerful way,

because the new concept of "type annotations" (JSR 308) supports the use of 

annotations as an extension to the type system.

</p>

<p>

Technically, this is determined by two new elements in

the enum <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/annotation/ElementType.html"

    ><code>java.lang.annotation.ElementType</code></a>: <code>TYPE_USE</code> and

<code>TYPE_PARAMETER</code>. Notably, when saying <code>@Target(ElementType.TYPE_USE)</code>

the annotation thus marked can be attached basically to all usages of a type. 

</p>

<p>

By interpreting null annotations as part of the type system we interpret each

class or interface <code>Cn</code> in the system as introducing two distinct types: 

"<code>@NonNull Cn</code>" and "<code>@Nullable Cn</code>".

The former type contains all instances of <code>Cn</code> whereas the latter type

additionally contains the value <code>null</code>.

This implies that <code>@NonNull Cn</code> is a subtype of <code>@Nullable Cn</code>

with all regular consequences regarding assignability.

So ideally for every value in a program we will know if it can be null 

(and must be checked before dereference) or not.

The un-annotated type will be considered a legacy type just like raw types are legacy

types since the introduction of generics: a way for interfacing with old code,

to be flagged with warnings about unchecked conversions.

If we systematically avoid such legacy types, then the compiler can rigorously

flag <em>every</em> unsafe usage.

</p>

<p>

In order to achieve completeness of null analysis, checks regarding null type annotations

have been integrated with all type checking tasks of the compiler (active if null annotations

are enabled).

</p>

<p>

Users <em>migrating</em> from null annotations in previous versions to Java-8-style

null type annotations are advised to check the section about <a href="#compatibility">compatibility</a>.

</p>

<h2 id="generics">Generics</h2>

Perhaps the main advantage of type annotations for null analysis is the ability to annotate

the parameters and arguments of generic classes and interfaces.

Programmers only <em>using</em> generic classes may directly skip to the section on

<a href="#typeArguments">type arguments</a> but designers of generic classes should

take the time to understand the different implications of annotating these elements:

<ul>

<li><a href="#typeParameters">type parameters</a></li>

<li><a href="#typeVariables">type variables</a></li>

<li><a href="#typeArguments">type arguments</a></li>

</ul>

<h3 id="typeParameters">Type parameters</h3>

<p>

A generic class, interface or method may <em>declare</em> one or more type parameters.

Technically these are declarations, and hence it was a mere oversight that these cannot

be annotated in Java 5. 

In Java 8 an annotation can declare <code>@Target(ElementType.TYPE_PARAMETER)</code>

to be applicable in this position. JDT's null type annotations

<a href="/help/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/annotation/NonNull.html"><code>@NonNull</code></a> and

<a href="/help/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/annotation/Nullable.html"><code>@Nullable</code></a>

are declared with

<code>@Target({ TYPE_USE })</code>, which includes usage on type parameter declarations.

</p>

<p>

With respect to null type annotations, each type parameter can be specified at one

of these levels:

</p>

<dl>

<dt><strong>unconstrained</strong></dt>

<dd>the type parameter does not impose any nullness-constraints on the arguments that

  a client my substitute for the type parameter.</dd>

<dt><strong>constrained by an upper bound</strong></dt>

<dd>the type parameter has an <code>extends</code> clause that specifies

  minimal nullness-requirements on type arguments provided by clients</dd>

<dt><strong>exactly specified</strong></dt>

<dd>the type parameter restricts usage to types of exactly one particular nullness</dd>

</dl>

<p>

Constraining a type parameter via an <strong>upper bound</strong> relies on the fact that each type

'<code>@NonNull Cn</code>' is a subtype of the corresponding type '<code>@Nullable Cn</code>'.

Hence, a <code>@Nullable</code> upper bound does not impose any restriction, whereas a

<code>@NonNull</code> upper bound prohibits the substitution by a <code>@Nullable</code>

type argument:

<pre>    // declarations:

    class C0<T0 extends @Nullable Object> {} // meaningless, no constraint imposed

    class C1<T1 extends @NonNull Object> {}

    ...

    // usage:

    C1<@NonNull String> c1String;  // legal

    C1<@Nullable String> c1String; // illegal

</pre>

<p>

For <strong>exact specification</strong> a null annotation may be attached to the type parameter

declaration itself, which is interpreted as defining both an upper and a lower bound.

In other words, only types with the exact same null type annotation are legal as type arguments:

</p>

<pre>    // declaration:

    class C2<@Nullable T2> {}

    ...

    // usage:

    C2<@NonNull String> c2String;  // illegal

    C2<@Nullable String> c2String; // legal

</pre>

<p>

Given the asymmetry, that in Java a type parameter may declare only upper bounds but

no lower bounds, the following three styles can be recommended:

<ul>

<li>Use a <code>@NonNull</code> upper bound for constraining type arguments to nonnull types.</li>

<li>Directly specify a type parameter as <code>@Nullable</code> for constraining type arguments to nullable types.</li>

<li>Use an unconstrained type parameter to support type arguments of either nullness.</li>

</ul>

<h3 id="typeVariables">Type variables</h3>

<p>

Within the scope of a generic declaration (class, interface or method), the name of a

type parameter can be used as a <em>type variable</em>, i.e., a placeholder for a type

that is not known at this point.

</p>

<p>

A type variable corresponding to a type parameter with a <strong><code>@NonNull</code> upper bound</strong>

denotes a type that is <em>known to be nonnull</em>.

</p>

<pre>    class C1&lt;T1 extends @NonNull Number&gt; {

        int consume(T1 t) {

            return t.intValue(); // OK: dereference is safe since T1 is known to be nonnull

        }

        T1 provide() {

            return null;         // NOT OK: returning null is unsafe since T1 requires nonnull

        }

    }

</pre>

<p>

A type variable corresponding to a type parameter <strong>specified as <code>@Nullable</code></strong>

denotes a type that is <em>known to be nullable</em>.

</p>

<pre>    class C2&lt;@Nullable T2 extends Number&gt; {

        int consume(T2 t) {

            return t.intValue(); // NOT OK: dereference is unsafe since T2 is known to be nullable

        }

        T2 provide() {

            return null;         // OK: returning null is safe

        }

    }

</pre>

<p>

A type variable corresponding to an <strong>unconstrained</strong> type parameter requires <strong>pessimistic

checking</strong> in order to guarantee safety with all legal substitutions: this type can

neither be assumed to be nullable nor nonnull.

</p>

<pre>    class C&lt;T extends Number&gt; {

        int consume(T t) {

            return t.intValue(); // NOT OK: dereference is unsafe since T could be nullable

        }

        T provide() {

            return null;         // NOT OK: returning null is unsafe since T could require nonnull

        }

    }

</pre>

<p>

The last point may look surprising at first, but please see that an unconstrained type parameter

implies that we may not assume anything about the nullness of the type represented by

the corresponding type variable. Even more: we must actively support nullable <em>and</em>

nonnull types. On the other hand this simply extends the existing rule that the only

type being compatible with an unbounded type variable is the type variable itself.

To explain this situation in the context of null analysis, the compiler will raise the 

following error against the return in <code>provide()</code>:

</p>

<blockquote>

Null type mismatch (type annotations): 'null' is not compatible to the free type variable 'T'

</blockquote>

<p>

By enforcing this defensive strategy regarding unconstrained type parameters we obtain the benefit

of allowing clients to freely choose the rules for a particular generic instantiation,

as will be shown next.

</p>

<h3 id="typeArguments">Type arguments</h3>

<p>

When instantiating a generic type or when invoking a generic method, the constraints put

forward by the type parameter must be observed. Hence, when a provider of a generic type or method

specified the required nullness, this must be obeyed and the compiler will flag any violations.

</p>

<p>

When, on the other hand, a type parameter does not impose any restrictions, a client may

freely choose the nullness of his type arguments:

<pre>

    int processWithoutNulls (@NonNull List&lt;<strong>@NonNull Integer</strong>&gt; ints) {

        int result = 0;

        for (int i = 0; i < ints.size(); i++) {

            Integer element = ints.get(i);

            result += element.intValue(); // OK: list element is known to be nonnull

            ints.set(i, null);            // NOT OK: list does not accept null value

        }

        return result;

    }

    int processWithNulls (@NonNull List&lt;<strong>@Nullable Integer</strong>&gt; ints) {

        int result = 0;

        for (int i = 0; i < ints.size(); i++) {

            Integer element = ints.get(i);

            result += element.intValue(); // NOT OK: list element can be null

            ints.set(i, null);            // OK: list accepts null value

        }

        return result;

    }

</pre>

<h2 id="inference">Inference</h2>

<p>

With null type annotations affecting type arguments, the language features one

more location amenable to inference: during type inference for the invocation

of a generic method (lambda expression etc.), type inference shyly attempts to

also infer the appropriate null type annotations. Example:

</p>

<pre>    &lt;T&gt; T check(T in) { return in; }

    void test(@NonNull List<@Nullable String> someStrings) {

        @NonNull List<@Nullable String> checked;

        checked = check(someStrings); // inferring types for this invocation

        ...

    }

</pre>

<p>

In this trivial example, inference will indeed instantiate the generic parameter <code>&lt;T&gt;</code>

to <code>@NonNull List&lt;@Nullable String&gt;</code>. More complex scenarios are inferred, too,

but no guarantee is made, that a possible solution will always be found. In that case users

are advised to revert to explicitly specify type arguments even of a generic method invocation.

</p>

<h2 id="more_locations">More locations</h2>

<h3>Cast and instanceof</h3>

<p>

Syntactically, type annotations can be used also in casts and instanceof expressions.

For null annotations, however, this has limited value.

</p>

<p>

<strong>Casting</strong> to a null-annotated type is always an <em>unchecked cast</em> because the

compiler is not allowed to insert runtime checks that would make the cast meaningful.

If a runtime check is desired, please consider using a small helper function like:

</p>

<pre>    static @NonNull &lt;T&gt; T castToNonNull(@Nullable T value, @Nullable String msg) {

        if (value == null) throw new NullPointerException(msg);

        return value;

    }

</pre>

<p>

Casts affecting the type arguments of a generic type will always be unchecked casts due to erasure.

</p>

<p>

<strong>instanceof</strong> checks with null type annotations are not meaningful.

Hence the compiler flags this as illegal usage of a null type annotation.

</p>

<h3>Locations that are nonnull by definition</h3>

<p>

Syntactically, type annotations can also be used for

</p>

<ul>

<li>allocation expressions</li>

<li>method receiver (pseudo argument by the name of <strong>this</strong>)</li>

<li>catch parameter</li>

</ul>

<p>

In each of these constructs, the type is nonnull by definition.

Hence a null type annotation in one of these positions is flagged as illegal use.

This doesn't, however, restrict the use of null type annotations on type arguments

of the given type.

</p>

<h2 id="compatibility">Compatibility</h2>

<p>

Migrating from declaration annotations to type annotations has a few unavoidable

implications, regarding the syntax, regarding project configuration and regarding

the semantics.

</p>

<h3 id="compatibility_syntax">Syntax</h3>

<p>

For two constructs the JLS introduces a syntactic change:

</p>

<table border="1" cellspacing="0" cellpadding="5" summary="Syntax Changes">

<tr><th>Declaration Annotations (Java 7 or below)</th><th>Type Annotation (Java 8)</th></tr>

<tr><td><code>@NonNull String[]</code></td><td><code>String @NonNull[]</code></td></tr>

<tr><td><code>@NonNull java.lang.String</code></td><td><code>java.lang.@NonNull String</code></td></tr>

</table>

<p>

In both cases the new syntax has been introduced to provide more options.

</p>

<p>

For <strong>arrays</strong> a type annotation before the leaf element type will now denote

an array whose individual cells have the given nullness - here: cells cannot be null.

In Java 7 and below the same syntax expressed a property of the corresponding variable

and hence captured the nullness of the array itself.

To express the same using Java-8 type annotations, viz. that the array itself can or cannot be null,

the type annotation is placed before the square brackets denoting the array dimensions.

This implies that the old syntax is still valid, but its meaning has changed:

</p>

<pre>

    // annotated leaf type:

    @NonNull Object [] o1;

    o1 = null;          // OK

    o1 = new Object[1];

    o1[0] = null;       // NOT OK

    ...

    // annotated array type:

    Object @NonNull[] o2;

    o2 = null;          // NOT OK

    o2 = new Object[1];

    o2[0] = null;       // OK

    ...

    // multi-dimensional array:

    Object @NonNull[] @Nullable[] o3;

    o3 = null;          // NOT OK, outer array is nonnull

    o3 = new Object[1] @Nullable[];

    o3[0] = null;       // OK, inner array is nullable

</pre>

<p>

Unfortunately, checking proper initialization of an array with nonnull content

is beyond the capabilities of JDT's static analysis.

</p>

<p>

For <strong>qualified type names</strong> the type annotation must be placed directly preceding the

actual type name. This way it is possible to give different type annotations for

inner classes and their enclosing like in <code>org.project.@Immutable Outer.@Nullable Inner</code>.

This distinction, however, is not useful for null annotations, because the enclosing

of a non-static inner class is by definition always non-null. Users of null type

annotations only need to understand that the old syntax for this case is illegal

for type annotations and how to convert this into legal Java 8 code (see the table above).

</p>

<h3 id="compatibility_configuration">Project configuration</h3>

<p>

Properly designed annotation types can be distinguished by looking at their <code>@Target</code>

declaration (the use of null annotations lacking a <code>@Target</code> declaration is discouraged).

To support both styles of annotations, JDT has published a major update of the annotation

bundle <a href="/help/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/annotation/package-summary.html"><code>org.eclipse.jdt.annotation</code></a>: 

Versions 1.1.x are old style declaration annotations; versions 2.0.0 and onward are type annotations.

By increasing the major version an incompatibility is signaled. Users are advised to

reference this library with an explicit version range, either <code>[1.1.0,2.0.0)</code>

for declaration annotations or <code>[2.0.0,3.0.0)</code> for type annotations.

</p>

<p>

The exact configuration depends of course on the flavor of project:

<dl>

<dt>Plain Java</dt>

<dd>JDT continues to offer a quickfix for copying the annotation library into the

project. The version will be determined by the compliance settings of the project.</dd>

<dt>Maven</dt>

<dd>Both versions of the annotation bundle will be published to <code>repo.eclipse.org</code>,

from where they can be consumed using the regular maven mechanisms: be sure to specify

the correct version; specifying <code>&lt;scope&gt;compile&lt;/scope&gt;</code> is recommended

for this dependency.</dd>

<dt>OSGi / Eclipse</dt>

<dd>When developing OSGi bundles / Eclipse plugins the version range should be specified as

mentioned above. Unfortunately, OSGi doesn't support a concept of compile time dependencies.

The PDE specific mechanism in file <code>build.properties</code> is problematic because

it doesn't support specifying a version range. Thus the best approximation of the desired

semantics is to use a <code>Require-Bundle</code> dependency. 

qualified with <code>resolution:=optional</code> in order to avoid forcing this dependency

on the runtime.</dd>

</dl>

<h3 id="compatibility_semantics">Semantics</h3>

<p>

While the fundamental semantics of null annotation remains unchanged,

the annotation <a href="/help/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/annotation/NonNullByDefault.html"

	><code>@NonNullByDefault</code></a> has been changed slightly:

<ul>

<li>This annotation can now affect more locations.</li>

<li>The locations to be affected can be fine tuned using the 

<a href="/help/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/annotation/NonNullByDefault.html#value--"

	><code>value</code></a> property of the annotation

	(see also the enum <a href="/help/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/annotation/DefaultLocation.html"

	><code>DefaultLocation</code></a>).</li>

<li>As a consequence, the notation for canceling a default from an outer scope has been changed, too:

<table border="1" cellspacing="0" cellpadding="5" summary="Cancelling a default">

<tr><th>Declaration Annotations (Java 7 or below)</th><th>Type Annotation (Java 8)</th></tr>

<tr><td><code>@NonNullByDefault(false)</code></td><td><code>@NonNullByDefault({})</code></td></tr>

</table>

</li>

</ul>

<h2 id="compiler_messages_explained">Compiler messages explained</h2>

<p>

In addition to <a href="/help/topic/org.eclipse.jdt.doc.user/tasks/task-using_null_annotations.htm#compiler_messages_explained">compiler messages of the previous version</a> the following

messages may be issued, if null type annotations are enabled for analysis:

<em>TODO</em>

</p>

</body>

</html>

			<topic href="tasks/task-using_null_type_annotations.htm" label="Using null type annotations">

				<topic href="tasks/task-using_null_type_annotations.htm#generics" label="Generics">

					<topic href="tasks/task-using_null_type_annotations.htm#typeParameters" label="Type parameters"></topic>

					<topic href="tasks/task-using_null_type_annotations.htm#typeVariables" label="Type variables"></topic>

					<topic href="tasks/task-using_null_type_annotations.htm#typeArguments" label="Type arguments"></topic>

				</topic>

				<topic href="tasks/task-using_null_type_annotations.htm#inference" label="Inference"></topic>

				<topic href="tasks/task-using_null_type_annotations.htm#more_locations" label="More locations"></topic>

				<topic href="tasks/task-using_null_type_annotations.htm#compatibility" label="Compatibility">

					<topic href="tasks/task-using_null_type_annotations.htm#compatibility_syntax" label="Syntax"></topic>

					<topic href="tasks/task-using_null_type_annotations.htm#compatibility_configuration" label="Project configuration"></topic>

					<topic href="tasks/task-using_null_type_annotations.htm#compatibility_semantics" label="Semantics"></topic>

				</topic>

			</topic>