Friends of OpenJDK Today

Null Safety: Kotlin vs. Java

February 13, 2023

Author(s)

  • Avatar photo
    Nicolas Frankel

    Nicolas is a developer advocate with 15+ years experience consulting for many different customers, in a wide range of contexts (such as telecoms, banking, insurances, large retail and public sector). ... Learn more

Last week, I was at the FOSDEM conference. FOSDEM is specific in that it has multiple rooms, each dedicated to a different theme and organized by a team. I had two talks:

The second talk is from an earlier post. Martin Bonnin did a tweet from a single slide, and it created quite a stir, even attracting Brian Goetz.

In this post, I'd like to expand on the problem of nullability and how it's solved in Kotlin and Java and add my comments to the Twitter thread.

Nullability

I guess that everybody in software development with more than a couple of years of experience has heard the following quote:

I call it my billion-dollar mistake. It was the invention of the null reference in 1965. At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn't resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years.

-- Tony Hoare

The basic idea behind null is that one can define an uninitialized variable. If one calls a member of such a variable, the runtime locates the memory address of the variable... and fails to dereference it because there's nothing behind it.

Null values are found in many programming languages under different names:

  • Python has None
  • JavaScript has null
  • So do Java, Scala, and Kotlin
  • Ruby has nil
  • etc.

Some languages do not allow uninitialized values, such as Rust.

Null-safety in Kotlin

As I mentioned, Kotlin does allow null values. However, they are baked into the type system. In Kotlin, every type X has two indeed two types:

  • X, which is non-nullable. No variable of type X can be null. The compiler guarantees it.
    val str: String = null

    The code above won't compile.

  • X?, which is nullable.
    val str: String? = null

    The code above does compile.

If Kotlin allows null values, why do its proponents tout its null safety? The compiler refuses to call members on possible null values, i.e., nullable types.

val str: String? = getNullableString()
val int: Int? = str.toIntOrNull()           //1
  1. Doesn't compile

The way to fix the above code is to check whether the variable is null before calling its members:

val str: String? = getNullableString()
val int: Int? = if (str == null) null
          else str.toIntOrNull()

The above approach is pretty boilerplate-y, so Kotlin offers the null-safe operator to achieve the same:

val str: String? = getNullableString()
val int: Int? = str?.toIntOrNull()

Null-safety in Java

Now that we have described how Kotlin manages null values, it's time to check how Java does it. First, there are neither non-nullable types nor null-safe operators in Java. Thus, every variable can potentially be null and should be considered so.

var MyString str = getMyString();           //1
var Integer anInt = null;                   //2
if (str != null) {
    anInt = str.toIntOrNull();
}
  1. String has no toIntOrNull() method, so let's pretend MyString is a wrapper type and delegates to String
  2. A mutable reference is necessary

If you chain multiple calls, it's even worse as every return value can potentially be null. To be on the safe side, we need to check whether the result of each method call is null. The following snippet may throw a NullPointerException:

var baz = getFoo().getBar().getBaz();

Here's the fixed but much more verbose version:

var foo = getFoo();
var bar = null;
var baz = null;
if (foo != null) {
    bar = foo.getBar();
    if (bar != null) {
        baz = bar.getBaz();
    }
}

For this reason, Java 8 introduced the Optional type. Optional is a wrapper around a possibly null value. Other languages call it Maybe, Option, etc.

Java language's designers advise that a method returns:

  • Type X if X cannot be null
  • Type Optional if X can be null

If we change the return type of all the above methods to Optional, we can rewrite the code in a null-safe way - and get immutability on top:

final var baz = getFoo().flatMap(Foo::getBar)
                        .flatMap(Bar::getBaz)
                        .orElse(null);

My main argument regarding this approach is that the Optional itself could be null. The language doesn't guarantee that it's not. Also, it's not advised to use Optional for method input parameters.

To cope with this, annotation-based libraries have popped up:

Project Package Non-null annotation Nullable annotation
JSR 305 javax.annotation @Nonnull @Nullable
Spring org.springframework.lang @NonNull @Nullable
JetBrains org.jetbrains.annotations @NotNull @Nullable
Findbugs edu.umd.cs.findbugs.annotations @NonNull @Nullable
Eclipse org.eclipse.jdt.annotation @NonNull @Nullable
Checker framework org.checkerframework.checker.nullness.qual @NonNull @Nullable
JSpecify org.jspecify @NonNull @Nullable
Lombok org.checkerframework.checker.nullness.qual @NonNull -

However, different libraries work in different ways:

  • Spring produces WARNING messages at compile-time
  • FindBugs requires a dedicated execution
  • Lombok generates code that adds a null check but throws a NullPointerException if it's null anyway
  • etc.

Thanks to Sébastien Deleuze for mentioning JSpecify, which I didn't know previously. It's an industry-wide effort to deal with the current mess. Of course, the famous XKCD comic immediately comes to mind:

How standards proliferate by XKCD

I still hope it will work out!

Conclusion

Java was incepted when null-safety was not a big concern. Hence, NullPointerException occurrences are common. The only safe solution is to wrap every method call in a null check. It works, but it's boilerplate-y and makes the code harder to read.

Multiple alternatives are available, but they have issues: they aren't bulletproof, compete with each other, and work very differently.

Developers praise Kotlin for its null-safety: it's the result of its null-handling mechanism baked into the language design. Java will never be able to compete with Kotlin in this regard, as Java language architects value backward compatibility over code safety. It's their decision, and it's probably a good one when one remembers the pain of migration from Python 2 to Python 3. However, as a developer, it makes Kotlin a much more attractive option than Java to me.

To go further:

Originally published at A Java Geek on February 12th, 2023

Topics:

Related Articles

View All
  • Much Ado About Nothing in Java

    Occasionally something in Java pops up that I thought I knew about, but it turns out I didn’t appreciate all the subtle details.

    This was recently the case for “nul”. Before I started using Java, the main programming language I used was C.  This was great for things like operating systems and device drivers because it uses explicit pointers. References to data are through a numerical address that can be manipulated if required.

    Although null might seem like a simple, straightforward concept, there are some edge cases that make its use require a little more thought. I hope this provides you with a better understanding of nothing (null).

    Read More
    February 23, 2021
  • Handling Null: Optional and Nullable Types

    Java is infamous for its NullPointerException: calling a method or accessing an attribute of an object that has not been initialized.

    Read More
    Avatar photo
    April 04, 2022
  • Avoiding NullPointerException

    The terrible NullPointerException (NPE for short) is the most frequent Java exception occurring in production, according to a 2016 study. In this article we’ll explore the main techniques to fight it: the self-validating model and the Optional wrapper.

    You should consider upgrading your entity model to either reject a null via self-validation or present the nullable field via a getter that returns Optional. The effort of changing the getters of the core entities in your app is considerable, but along the way, you may find many dormant NPEs.

    Read More
    December 22, 2020

Author(s)

  • Avatar photo
    Nicolas Frankel

    Nicolas is a developer advocate with 15+ years experience consulting for many different customers, in a wide range of contexts (such as telecoms, banking, insurances, large retail and public sector). ... Learn more

Comments (1)

Your email address will not be published. Required fields are marked *

Highlight your code snippets using [code lang="language name"] shortcode. Just insert your code between opening and closing tag: [code lang="java"] code [/code]. Or specify another language.

Save my name, email, and website in this browser for the next time I comment.

Filip Procházka

You should check out Nullaway, it checks the nullability in compile-time

https://github.com/uber/NullAway

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard