Java 8 has type annotations now; perfect time to add bug detection annotations

Sat Jun 15 19:04:26 UTC 2013

One of the many reasons for JSR-308 type annotations (as I understand it) was to improve support for static code analyzers. The additional places that annotations can be placed now allows static code analyzers to more accurately assess code for potential bugs, such as NPEs.

However, the various tools out there (FindBugs, IntelliJ IDEA, and more) all provide their own set of annotations to support such analysis, and there are a few problems with this:

1) In order to take advantage of type annotations, these tools will have to provide two versions of their annotation libraries: a Java 8 version with ElementType.TYPE_USE and ElementType.TYPE_PARAMETER, and a Java < 8 version without these.

2) This isn't portable. As a developer of an application, if I decide I need to change static code analyzers for some reason, I have to change all of my annotations.

3) As a consumer of other libraries that have used annotations for this purpose, I likely have to use the same static code analyzer they do in order for their annotations to be useful when my application is being analyzed.

JSR-305 ("Annotations for Software Defect Detection") was created for just this purpose. It was supposed to define a set of annotations that could be relied on universally to support software defect detection. Unfortunately, it eventually became dormant. I'd love to see the following:

1) The JSR revived (this is outside the scope of this mailing list, I know; I may try to join the expert group to revive it).

2) The annotations defined in the JSR added to Java SE 8 (this is where this mailing list comes in).

3) A separate, standalone JAR of these annotations (minus ElementType.TYPE_USE and ElementType.TYPE_PARAMETER) that can be used in Java 6 and 7 libraries and applications.

What's the best way to proceed with this and make this happen? I'm not suggesting a major functional change or a change to the language spec; I'm just talking about putting a bunch of annotations in the core libs that don't do anything by themselves without static code analysis tools like FindBugs.

Nick