Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


An example of enforcing Hungarian Notation in Java using the Checker Framework.

System Requirements

  1. The Checker Framework
  2. Java 8, or the JSR 308 annotation tools (available on the Checker Framework website)

How it Works

The checker defines two type annotations @Safe and @Unsafe that specify whether or not an expression contains has been encoded/escaped.

The checker enforces that expressions with type @Unsafe are not used where a value with type @Safe is expected.

By default, the checker assumes everything is @Unsafe. The developer can write a @Safe annotation on a type to denote that the expression is encoded/escaped. The checker also supports Hungarian Notation: variables and parameters that start with the "s" prefix are automatically given the @Safe annotation.

Running the Checker

To run the checker, use javac with the -processor com.toddschiller.checker.HungarianChecker option. Remember to include the Hungarian Checker and the Checker Framework on the Java classpath (e.g., using the -cp flag).

javac -processor com.toddschiller.checker.HungarianChecker

The run the checker in debug mode, use the -Alint=debugSpew flag.

Example Output

Example source:

public @Safe String encode(String str){ ... }
public @Unsafe String getUserInput(String str){ ... }

// The sQuery parameter is given the @Safe annotation because of the prefix "s"
public void executeSqlQuery(String sQuery){ ... }

public void shouldWarn() {
  String user = getUserInput();

  // WARNING: user is known to be @Unsafe
  executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
  user = encode(user);

  // SAFE: user is known to be @Safe
  executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");

The corresponding checker output: error: [argument.type.incompatible] incompatible types in argument.
        executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
  found   : @Unsafe String
  required: @Safe String


Hungarian Notation checker for Java




No releases published


No packages published


You can’t perform that action at this time.