typetools · iamsanjaymalakar · Apr 3, 2026 · Apr 3, 2026 · Apr 4, 2026 · Apr 9, 2026
diff --git a/.../src/main/java/org/checkerframework/checker/rlccalledmethods/RLCCalledMethodsChecker.java b/.../src/main/java/org/checkerframework/checker/rlccalledmethods/RLCCalledMethodsChecker.java
@@ -19,7 +19,7 @@
  * CalledMethodsChecker} used as a subchecker in the ResourceLeakChecker, and never independently.
  * Runs the MustCallChecker as a subchecker in order to share the CFG.
  */
-@StubFiles("IOUtils.astub")
+@StubFiles({"IOUtils.astub", "log4j.astub"})
 public class RLCCalledMethodsChecker extends CalledMethodsChecker {
 
   /** Creates a RLCCalledMethodsChecker. */

diff --git a/checker/src/main/java/org/checkerframework/checker/rlccalledmethods/jdk.astub b/checker/src/main/java/org/checkerframework/checker/rlccalledmethods/jdk.astub
@@ -0,0 +1,32 @@
+package java.lang;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import org.checkerframework.checker.lock.qual.GuardSatisfied;
+import org.checkerframework.dataflow.qual.SideEffectFree;
+
+public interface AutoCloseable {
+  @SideEffectFree
+  void close(@GuardSatisfied AutoCloseable this) throws Exception;
+}
+
+public class Throwable {
+  @SideEffectFree
+  public void printStackTrace();
+
+  @SideEffectFree
+  public void printStackTrace(PrintStream s);
+
+  @SideEffectFree
+  public void printStackTrace(PrintWriter s);
+}
+
+package java.io;
+
+import org.checkerframework.checker.lock.qual.GuardSatisfied;
+import org.checkerframework.dataflow.qual.SideEffectFree;
+
+public interface Closeable extends AutoCloseable {
+  @SideEffectFree
+  public void close(@GuardSatisfied Closeable this) throws IOException;
+}
diff --git a/checker/src/main/java/org/checkerframework/checker/rlccalledmethods/log4j.astub b/checker/src/main/java/org/checkerframework/checker/rlccalledmethods/log4j.astub
@@ -0,0 +1,19 @@
+import org.checkerframework.dataflow.qual.SideEffectFree;
+
+// Log4j 1.x API stubs (package org.apache.log4j).
+package org.apache.log4j;
+
+class Logger {
+  @SideEffectFree public void debug(Object message);
+  @SideEffectFree public void warn(Object message);
+  @SideEffectFree public void error(Object message);
+}
+
+// Log4j 2.x API stubs (package org.apache.logging.log4j).
+package org.apache.logging.log4j;
+
+interface Logger {
+  @SideEffectFree void debug(Object message);
+  @SideEffectFree void warn(Object message);
+  @SideEffectFree void error(Object message);
+}
diff --git a/checker/tests/resourceleak/TwoResourcesECM.java b/checker/tests/resourceleak/TwoResourcesECM.java
@@ -12,19 +12,12 @@
 class TwoResourcesECM {
   @Owning Socket s1, s2;
 
-  // The contracts.postcondition error below is thrown because s1 is not final,
-  // and therefore might theoretically be side-effected by the call to s2.close()
-  // even on the non-exceptional path. See ReplicaInputStreams.java for a variant
-  // of this test where such an error is not issued. Because this method can leak
-  // along both regular and exceptional exits, both errors are issued.
-  //
   // The contracts.exceptional.postcondition error is thrown because destructors
   // have to close their resources even on exception.  If s1.close() throws an
   // exception, then s2.close() will not be called.
   @EnsuresCalledMethods(
       value = {"this.s1", "this.s2"},
       methods = {"close"})
-  // :: error: [contracts.postcondition]
   // :: error: [contracts.exceptional.postcondition]
   public void dispose() throws IOException {
     s1.close();

diff --git a/checker/tests/resourceleak/sideeffect-free-stubs/AutoCloseableClose.java b/checker/tests/resourceleak/sideeffect-free-stubs/AutoCloseableClose.java
@@ -0,0 +1,30 @@
+// RLC uses Called Methods facts to remember that a resource has already been closed.
+// This test checks that the RLC-specific SideEffectFree stub for AutoCloseable.close()
+// preserves those facts across another close call in the same destructor, rather than
+// conservatively forgetting them after the first invocation.
+
+import org.checkerframework.checker.calledmethods.qual.EnsuresCalledMethods;
+import org.checkerframework.checker.mustcall.qual.Owning;
+
+final class TestAutoCloseable implements AutoCloseable {
+  @Override
+  public void close() {}
+}
+
+class AutoCloseableClose implements AutoCloseable {
+  private @Owning AutoCloseable first = new TestAutoCloseable();
+  private @Owning AutoCloseable second = new TestAutoCloseable();
+
+  @Override
+  @EnsuresCalledMethods(
+      value = {"this.first", "this.second"},
+      methods = "close")
+  public void close() {
+    try {
+      first.close();
+      second.close();
+    } catch (Exception e) {
+      throw new AssertionError(e);
+    }
+  }
+}
diff --git a/checker/tests/resourceleak/sideeffect-free-stubs/CloseableClose.java b/checker/tests/resourceleak/sideeffect-free-stubs/CloseableClose.java
@@ -0,0 +1,34 @@
+// RLC uses Called Methods facts to remember that a resource has already been closed.
+// This test checks that the RLC-specific SideEffectFree stub for Closeable.close()
+// preserves those facts across another close call in the same destructor, rather than
+// conservatively forgetting them after the first invocation.
+
+import java.io.Closeable;
+import org.checkerframework.checker.calledmethods.qual.EnsuresCalledMethods;
+import org.checkerframework.checker.mustcall.qual.Owning;
+
+final class TestCloseable implements Closeable {
+  @Override
+  public void close() {}
+}
+
+class CloseableClose implements Closeable {
+  private @Owning Closeable first = new TestCloseable();
+  private @Owning Closeable second = new TestCloseable();
+
+  @Override
+  @EnsuresCalledMethods(
+      value = {"this.first", "this.second"},
+      methods = "close")
+  public void close() {
+    try {
+      try {
+        first.close();
+      } catch (Exception ignored) {
+      }
+      second.close();
+    } catch (Exception e) {
+      throw new AssertionError(e);
+    }
+  }
+}
diff --git a/checker/tests/resourceleak/sideeffect-free-stubs/Log4j1ObjectCalls.java b/checker/tests/resourceleak/sideeffect-free-stubs/Log4j1ObjectCalls.java
@@ -0,0 +1,59 @@
+// This test covers the Log4j 1.x API in package org.apache.log4j.
+// The local Logger class below is just a tiny stand-in for the real library API.
+// The RLC-specific stub marks debug/warn/error(Object) as @SideEffectFree, so
+// logging after a resource is closed should not wipe out the close fact.
+
+package org.apache.log4j;
+
+import java.io.Closeable;
+import org.checkerframework.checker.calledmethods.qual.EnsuresCalledMethods;
+import org.checkerframework.checker.mustcall.qual.Owning;
+
+class Logger {
+  public void debug(Object message) {}
+
+  public void warn(Object message) {}
+
+  public void error(Object message) {}
+}
+
+final class CloseableResource implements Closeable {
+  @Override
+  public void close() {}
+}
+
+class Log4j1DebugObject implements Closeable {
+  private final Logger logger = new Logger();
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    logger.debug("after close");
+  }
+}
+
+class Log4j1WarnObject implements Closeable {
+  private final Logger logger = new Logger();
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    logger.warn("after close");
+  }
+}
+
+class Log4j1ErrorObject implements Closeable {
+  private final Logger logger = new Logger();
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    logger.error("after close");
+  }
+}
diff --git a/checker/tests/resourceleak/sideeffect-free-stubs/Log4j2ObjectCalls.java b/checker/tests/resourceleak/sideeffect-free-stubs/Log4j2ObjectCalls.java
@@ -0,0 +1,79 @@
+// This test covers the Log4j 2.x API in package org.apache.logging.log4j.
+// The local Logger and LogManager declarations below are tiny stand-ins for the
+// real library API. The RLC-specific stub marks Logger.debug/warn/error(Object)
+// as @SideEffectFree, so logging after a resource is closed should not wipe out
+// the close fact.
+
+package org.apache.logging.log4j;
+
+import java.io.Closeable;
+import org.checkerframework.checker.calledmethods.qual.EnsuresCalledMethods;
+import org.checkerframework.checker.mustcall.qual.Owning;
+
+interface Logger {
+  void debug(Object message);
+
+  void warn(Object message);
+
+  void error(Object message);
+}
+
+final class SimpleLogger implements Logger {
+  @Override
+  public void debug(Object message) {}
+
+  @Override
+  public void warn(Object message) {}
+
+  @Override
+  public void error(Object message) {}
+}
+
+final class LogManager {
+  private LogManager() {}
+
+  static Logger getLogger() {
+    return new SimpleLogger();
+  }
+}
+
+final class CloseableResource implements Closeable {
+  @Override
+  public void close() {}
+}
+
+class Log4j2DebugObject implements Closeable {
+  private static final Logger logger = LogManager.getLogger();
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    logger.debug("after close");
+  }
+}
+
+class Log4j2WarnObject implements Closeable {
+  private static final Logger logger = LogManager.getLogger();
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    logger.warn("after close");
+  }
+}
+
+class Log4j2ErrorObject implements Closeable {
+  private static final Logger logger = LogManager.getLogger();
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    logger.error("after close");
+  }
+}
diff --git a/checker/tests/resourceleak/sideeffect-free-stubs/ThrowablePrintStackTrace.java b/checker/tests/resourceleak/sideeffect-free-stubs/ThrowablePrintStackTrace.java
@@ -0,0 +1,52 @@
+// RLC-specific stubs mark Throwable.printStackTrace overloads as SideEffectFree so
+// that debugging/logging after a resource is closed does not wipe out the close fact.
+// This file checks the no-arg, PrintStream, and PrintWriter variants.
+
+import java.io.Closeable;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import org.checkerframework.checker.calledmethods.qual.EnsuresCalledMethods;
+import org.checkerframework.checker.mustcall.qual.Owning;
+
+final class CloseableResource implements Closeable {
+  @Override
+  public void close() {}
+}
+
+class ThrowablePrintStackTrace implements Closeable {
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    new RuntimeException("debug").printStackTrace();
+  }
+}
+
+class ThrowablePrintStackTracePrintStream implements Closeable {
+  private static final PrintStream STREAM = System.err;
+
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    new RuntimeException("debug").printStackTrace(STREAM);
+  }
+}
+
+class ThrowablePrintStackTracePrintWriter implements Closeable {
+  private static final PrintWriter WRITER = new PrintWriter(new StringWriter());
+
+  private @Owning CloseableResource resource = new CloseableResource();
+
+  @Override
+  @EnsuresCalledMethods(value = "this.resource", methods = "close")
+  public void close() {
+    resource.close();
+    new RuntimeException("debug").printStackTrace(WRITER);
+  }
+}