GH-37286: [Java] Start adding nullability/nullness annotations

[davisusanibar]

Rationale for this change

Closes: #37286

What changes are included in this PR?

Initial support for:

• Use the Checker Framework to enhances Java’s type system to make it more powerful and useful. Planning to start with Nullness Checker

Are these changes tested?

These are the activities involved on this PR:

• Configure the Checker Framework
• Treat checker errors as warnings initially
• Applying Nullness Checker annotation as needed: @nonnull / @nullable
• Check if building timer increases after this checker is added
• Fixes for code review

Are there any user-facing changes?

Yes

• Closes: [Java] Start adding JSpecify nullability/nullness annotations #37286
• GitHub Issue: [Java] Start adding JSpecify nullability/nullness annotations #37286

[github-actions]

Thanks for opening a pull request!

If this is not a minor PR. Could you open an issue for this pull request on GitHub? https://github.com/apache/arrow/issues/new/choose

Opening GitHub issues ahead of time contributes to the Openness of the Apache Arrow project.

Then could you also rename the pull request title in the following format?

GH-${GITHUB_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}

or

MINOR: [${COMPONENT}] ${SUMMARY}

In the case of PARQUET issues on JIRA the title also supports:

PARQUET-${JIRA_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}

See also:

• Other pull requests
• Contribution Guidelines - How to contribute patches

[github-actions]

⚠️ GitHub issue #37286 has been automatically assigned in GitHub to PR creator.

[davisusanibar]

Hello @lidavidm, could you please provide me with an initial review of how I intend to integrate Nullness evaluation into Java modules (please consider only: arrow-memory-core initially)?

I have these 02 doubts:

• There are a lots of warning message if we are planning to include Nullness Checker ... then is needed to define an initial scope that could be:
  1. Define what modules need to be analyzed by Nullness Checker, or
  2. Define what classes need to be analyzed by Nullness Checker.
• The building time of Java modules has doubled since Nullness Checker has been added.

Could you please help me with these two doubts so that I know how to proceed?

Thank you in advance

[lidavidm]

For (1), what are some examples of the warnings? Ideally, we'd only enable it one module at a time.

For (2), can we enable it only in a separate profile, and have that be run in CI? That way it does not affect the 'normal' builds.

[lidavidm]

More reason to drop JDK8 ASAP.

[lidavidm]

IMO, we don't bother enabling this for JDK8. In fact, I'd be OK with dropping error-prone for JDK8 as well, and only enabling these checks only on the latest LTS.

[lidavidm]

nit: is it possible to make the UNSAFE constant private to avoid other problems like this? (We can do that in a separate ticket.)

[lidavidm]

This seems wrong: this is a primitive and should never be null.

[lidavidm]

This also seems wrong.

[lidavidm]

IMO, there is no harm in always initializing this.

[lidavidm]

What are the warnings here?

[lidavidm]

Can we initialize fields instead of suppressing the warnings?

[lidavidm]

Does Checker Framework have anything for static initializers?

[danepitkin]

I didn't see anything at first glance besides this https://checkerframework.org/api/org/checkerframework/checker/initialization/InitializationChecker.html

[davisusanibar]

For (1), what are some examples of the warnings? Ideally, we'd only enable it one module at a time.

For (2), can we enable it only in a separate profile, and have that be run in CI? That way it does not affect the 'normal' builds.

(1) You could see warning messages here, search for [WARNING] /arrow/java/ inside of {2_AMD64 Debian 9 Java JDK 11 Maven 3.6.2.txt, ...}

(2) Ok, let me add that inside a custom profile only for CI

[lidavidm]

(1) let's only run the checker on memory-core to start with

[lidavidm]

For https://github.com/apache/arrow/tree/main/java/format/src/main/java/org/apache/arrow/flatbuf

let's add a package-info.java with a @DefaultQualifiers annotation to mark everything in the package as nullable-by-default

[danepitkin]

Thanks for opening up this PR @davisusanibar!

I see there are a lot of Suppressed warnings. Are they truly all needed? (I haven't looked into all of them). I would like to see zero suppressed warnings if possible. Otherwise, the checker doesn't feel as useful.

[danepitkin]

v3.39.0 just released a few days ago, which adds additional support for Java 21 compilation

[danepitkin]

Should we try v3.39.0? It might be worth rebasing so that the Java 21 CI job can run to see if its required.

[danepitkin]

Can you expand on why this is suppressed? nullness:assignment warning makes me think we can just check the length of the stack trace to make sure we are assigning valid entries.

[davisusanibar]

Can you expand on why this is suppressed? nullness:assignment warning makes me think we can just check the length of the stack trace to make sure we are assigning valid entries.

It is not necessary, I will update it.

[danepitkin]

Hmm, is this needed? It's not used.

[davisusanibar]

Hmm, is this needed? It's not used.

Not needed, I am going to delete that

[davisusanibar]

Thanks for opening up this PR @davisusanibar!

I see there are a lot of Suppressed warnings. Are they truly all needed? (I haven't looked into all of them). I would like to see zero suppressed warnings if possible. Otherwise, the checker doesn't feel as useful.

Hi @danepitkin yes this is possible to suppress some warnings such as @SuppressWarnings("nullness:dereference.of.nullable") adding more if/else logic.

Let me add that logic explicitly.

[lidavidm]

Why do you use String.valueOf?

Suggested change

	if (parent == null) {
	throw new IllegalArgumentException(String.valueOf("Accountant(parent) must not be null"));
	}
	Preconditions.checkArgument(parent != null, "parent must not be null");

[davisusanibar]

As I mention at #37723 (comment) (1st option) if I added Preconditions.xxx then that finished also with errors, then, is needed to add inline throw validation.

Finished OK:

final BufferLedger oldLedger = map.remove(allocator);
if (oldLedger == null) {
  throw new IllegalArgumentException(String.valueOf("BufferLedger(oldLedger) must not be null"));
}
BufferAllocator oldAllocator = oldLedger.getAllocator();

Finished with errors:

final BufferLedger oldLedger = map.remove(allocator);
Preconditions.checkArgument(oldLedger != null, "BufferLedger(oldLedger) must not be null");
BufferAllocator oldAllocator = oldLedger.getAllocator();

Error message:
error: [dereference.of.nullable] dereference of possibly-null reference oldLedger

[lidavidm]

You need to annotate the Preconditions methods so that Checker Framework recognizes them...

[davisusanibar]

Changed

[lidavidm]

@davisusanibar can you review this?

[lidavidm]

@davisusanibar can you follow up here? File an issue?

[lidavidm]

I don't see any change.

[lidavidm]

@github-actions crossbow submit java

[github-actions]

Revision: f92f376

Submitted crossbow builds: ursacomputing/crossbow @ actions-b35c84940e

Task	Status
java-jars
verify-rc-source-java-linux-almalinux-8-amd64
verify-rc-source-java-linux-conda-latest-amd64
verify-rc-source-java-linux-ubuntu-20.04-amd64
verify-rc-source-java-linux-ubuntu-22.04-amd64
verify-rc-source-java-macos-amd64

[conbench-apache-arrow]

After merging your PR, Conbench analyzed the 5 benchmarking runs that have been run so far on merge-commit ccc79e9.

There were no benchmark performance regressions. 🎉

The full Conbench report has more details. It also includes information about 3 possible false positives for unstable benchmarks that are known to sometimes produce them.