CRR0027 - Possible System.NullReferenceException

  • 5 min to read

This analyzer detects unprotected code that can potentially raise a System.NullReferenceException exception.

CodeRush checks the following elements: member's qualifiers, collections inside of a foreach loop, collections used to call indexers.

How to Enable

Choose the Possible System.NullReferenceException issue in the Editor | Language | Code Analysis | Code Issues Catalog options page and check the Enabled checkbox.

Enable

Null Reference Analysis Modes

CodeRush can analyze values in Trusting, Skeptical, and Thorough diagnostic modes. You can specify the Possible System.NullReferenceException diagnostic mode for methods, properties, parameters, fields, and local variables.

The following sections describe each diagnostic mode in details.

Trusting

If an element is not checked for null in the current scope and does not have the [CanBeNull] attribute, the analyzer trusts this element and does not show the diagnostic.

In the example below, the SortElements method does not provide information whether Elements are null or not null. The analyzer considers Elements as not null in Trusting mode and does not show the diagnostic in the Code Issues window.

class TrustingMode {
    public List<string> Elements { get; set; }

    public void SortElements() {
        Elements.Sort();
    }
}

The analyzer shows the diagnostic in Trusting mode, for example, if the following code has a null check error:

class TrustingMode {
    public List<string> Elements { get; set; }

    public void SortElements() {
        if (Elements == null)
            Elements.Sort();
    }
}

You can mark the Elements property with the [CanBeNull] code annotation attribute to indicate this property can be null. In this case, the analyzer shows the diagnostic even if the code does not have a null check expression.

class TrustingMode {
    [CanBeNull]
    public List<string> Elements { get; set; }

    public void SortElements() {
        Elements.Sort();
    }
}

Skeptical

If an element is not checked for null in the current scope, the analyzer does not show the diagnostic only for elements that have the [NotNull] attribute.

In the example below, the analyzer shows the diagnostic for the Elements property because this property is not checked for null.

class SkepticalMode {
    public List<string> Elements { get; set; }

    public int GetEmptyElementCount() {
        var count = 0;

        foreach (var element in Elements) {

            if (string.IsNullOrEmpty(element))
                count++;
        }
        return count;
    }
}

If you want the analyzer does not show this diagnostic, add the null check.

class SkepticalMode {
    public List<string> Elements { get; set; }

    public int GetEmptyElementCount() {
        var count = 0;

        if (Elements == null)
            return 0;

        foreach (var element in Elements) {

            if (string.IsNullOrEmpty(element))
                count++;
        }
        return count;
    }
}

You can also use the [NotNull] code attribute to indicate the analyzer the Elements property is not null.

class SkepticalMode {

    [NotNull]
    public List<string> Elements { get; set; }

    public int GetEmptyElementCount() {
        var count = 0;        

        foreach (var element in Elements) {

            if (string.IsNullOrEmpty(element))
                count++;
        }
        return count;
    }
}

Thorough

If an element is not checked for null in the current scope and the element does not have the [CanBeNull] or [NotNull] attribute, the analyzer checks if the element can never be null (lazy initialized, returns new created object, etc). The mode works more slowly than others.

In the following code, the analyzer shows the diagnostic in Skeptical mode and does not show in Thorough mode. This happens because the Elements property always returns a not null value.

class ThoroughMode {

    List<string> elements;

    public List<string> Elements {

        get

        {   
            if (elements == null)
                elements = new List<string>();
            return elements;
            }
        }

    public int GetEmptyElementCount() {

        var count = 0;

        foreach (var element in Elements) {

            if (string.IsNullOrEmpty(element))

                count++;
        }
        return count;
    }
}

Annotation Attributes

CodeRush checks annotation attributes by a partial name. This means you do not need to reference annotations, just declare them in code.

Customization

You can configure the Possible System.NullReferenceException diagnostic' settings in the Editor | Language | Code Analysis | Possible NullReferenceException options page. The following screenshot shows the default settings.

Options

CodeRush also provides an option to check anonymous methods' parameters.