This work addresses runtime errors in Java applications caused by type mismatches between SQL and Java types in JDBC database access. By extending the Java compiler with the Checker Framework, the authors present the first static analysis technique capable of enforcing JDBC type safety across method boundaries. The approach requires no source code modifications and leverages optional annotations to enhance type inference, enabling static verification of Java type correctness during both PreparedStatement parameter setting and ResultSet value retrieval. A fallback checking mode is also provided for legacy systems. Experimental evaluation demonstrates that the technique effectively detects real-world type mismatch bugs, prevents runtime exceptions, and incurs acceptable compilation overhead, achieving a practical balance between soundness and usability.

JDBC remains a key technology for database access in Java applications. Since the database dictionary and the Java type system have distinct scopes, developers inevitably need to deal with bugs in SQL-to-Java type mappings. We propose an extension of the Java compiler, based on the established Checker Framework, which allows us to bridge this gap. Our approach verifies statically that the correct Java types are used when setting prepared statement parameters or when getting values from result sets. This allows us to lift a practically important class of runtime errors to compile time. Our approach is sound and, therefore, is guaranteed not to produce false negatives. Our prototype implementation also offers a degraded mode for type-checking legacy software, if developers are only interested in a subset of errors. Our experiments show that our approach detects a wide range of type mismatches in realworld application code and can indeed prevent errors which might otherwise surface as runtime errors. From the perspective of the developer, our approach is extremely lightweight: it processes the unmodified Java code, yet developers may add their own annotations. This allows us to perform type-checking even across method boundaries, whereas commercial developer tools are restricted to local checks. Finally, we show that we can type-check real-world JDBC software with reasonable overhead during compilation.