Add assertNull as the source

While assertNotNull can work as a null check for NPE.RET, assertNull can be treated as a null source, since the method will continue its execution only if the parameter of the call is null. See below:

package com.klocwork.jdefects.checkers.dfa.binding_walkthrough;

import static junit.framework.Assert.assertNull;

public class SourceSample {
  

   private Object field;
   
   public void setField(Object field) {      
      this.field = field;
   }
   
   public String toString() {     
      StringBuilder sb = new StringBuilder();     
      assertNull(field);      
      sb.append('[');      
      sb.append(field.hashCode());      
      sb.append(']');     
      return sb.toString();   
   }
}

In the sample above, assertNull guarantees that field is null, however there is an attempt to dereference this null value at

sb.append(field.hashCode());

In order to detect this situation we have to add @Source to the knowledge base and bind it to the checker:

package junit.framework;


@Bind("NPE.RET")
class Assert {   
   public static void assertNull(@Source Object object);
}

To test your knowledge base:

1. Import the knowledge base into your project using kwcheck:

   kwcheck import sink.jkb
   

2. Run the analysis:

   kwcheck run
   

When you run kwcheck you will see that NPE.RET is detected.