The tutorial I am visiting this morning is preventing errors before they happen by Werner Dietl from University of Waterloo, which is mainly about the CheckerFramework.
The aim of this framework is to introduce extra code checking at compile time. For this they have created an additional loop in the java 8 compiler to do this. Additionally annotation are introduced that can be attached to types (which is possible since java 8). The below image contains all the currently available annotations of the CheckerFramework
He uses an example with Java Regular expressions. To add an extra check the
@Regex annotation can be used on a String variable saying the value assigned to this String must be a valid regex pattern. To satisfy this extra check, you have to do some input validation using the utilities that ship with the Checker framework.They have taken care to set the most suitable default behavior when enabling this static code check when calling javac.
Advantages of types systems are that you find bugs earlier, improve documentation and aid compilers, optimizers and analysis tools. Disadvantages are that you have extra work writing the types and false positives are possible.
To make it possible that you specify the annotation from the CheckerFramework on existing classes from a Jar, they have supplied a mechanism to attach annotations to a class from a jar file by specifing it in a separate stub file.
Furthermore because not everybody uses java 8 yet, they have thought of applying still these annotations, but using a workaround to overcome the limitations or java 7.
Furthermore because not everybody uses java 8 yet, they have thought of applying still these annotations, but using a workaround to overcome the limitations or java 7.
Overall I am not completely convinced yet. Although the concepts are good, the way they have set it up at this moment is not very practical in a bussines like situation. The current approach they have taken to create a special javac version and the backwards compatibility mechanism to support java 7 seem not a very good solution and will cause problems. Furthermore it seems not really maintainable the way it is now.
What they showed was a bare compiler command. Tools like a plugin in an IDE seems not to be available. He talked about running with an without checker. To be able to make it usable I think you should be able to have some sort of compiler profile in your IDE.
Another thing I am not really fond of is the fact that you have to use CheckerFramework classes for runtime validations to satisfy your static code checking. By doing this, you use the CheckerFramework not only as static code checking tool but also as runtime validation tool. The library must also be used in every part of your code. For libaries like this, I would prefer to have it integrated in the JDK
All in all, I think the product is not mature enough yet and tools are missing to make the using it convenient.
