How to handle the 10 most common exceptions in Java

In this article, we’ll cover the ten most common exceptions in Java, their causes, and their solutions. These exceptions account for over 97% of all Java exceptions. Once you know how to handle them, you’ll be ready to tackle nearly any Java error that comes your way.

• What is the structure of exceptions in Java?
• 10 common exceptions in Java and how to solve them
  • 1. NullPointerException
  • 2. NumberFormatException
  • 3. IllegalArgumentException and IllegalStateException
  • 4. RuntimeException and Exception
  • 5. ClassCastException
  • 6. ClassNotFoundException
  • 7. OutOfMemoryError
  • 8. StackOverflowError
  • 9. IOException
  • 10. SQLException
• Conclusion: Troubleshoot Java errors faster
• Keep learning: Boost your Java skills

Before covering each exception, it’s important to know their overall structure. An exception in Java has as many as four elements:

1. A type (like IOException)

2. A message (like “too many open files”)

3. A stack trace (the list of calls from main onward that led to the line of code that triggered the exception)

4. A caused-by exception (which means the top-level exception is wrapping an earlier, lower-level exception)

Here is a simple exception:

In this stack trace, you can see that the exception type is IllegalArgumentException. Its message is “item quantity must be a number.” The stack trace shows that line 39 in DeliController gave Integer an invalid value. You can also see that NumberFormatException is the underlying cause.

Finding the underlying cause often means looking down the stack trace a few lines to get to your application code. This is because the exception often occurs in the Java or framework APIs that you are using.

By far the most common exception is the notorious NullPointerException. Java throws this exception whenever your application references a null variable.

There are obvious instances like the following:

But there are also more subtle ones like unboxing a wrapper type:

Or like when code assumes non-nullness in the parameters or return values it receives:

A NullPointerException usually stems from one of two concerns:

1. The value is invalid, and you should examine the upstream conditions, or

2. The value is unexpected, and you should guard its downstream usage

Invalid values

Let’s look at an example. It's not reasonable for a caller to expect parseDocument to work with a null document. In that case, it’s best to find out why the value is null and repair that.

You can also consider throwing a more informative exception. A common choice is IllegalArgumentException when the responsibility lies with the caller. You can also state this at compile time by using @NonNull and @NonNullApi annotations:

Integrated development environments (IDEs) also analyze code based on these annotations, providing additional benefits.

Valid values

As for lookupElement, it may be reasonable for doc to not have a span element. In that case, it’s better to use a guard or sentinel value:

Or you can use Optional or follow the Null Object pattern instead.

Java throws NumberFormatException when an application tries to convert a String into a number and fails. Here’s a simple example:

Often, this is caused by not sanitizing inputs from loosely-typed external systems. For example, you may have entries in a database for postal codes whose column is a VARCHAR instead of INT. Or, you may be taking input from an end user who accidentally mistyped their entry.

It’s uncommon that a method coercing input to a number also supports non-numeric values. Given that, it’s more robust and secure to fail so that the data is fixed at the source.

You can handle the failure in a few ways:

1. Propagate the exception. This ensures a quick fix to the issue. But this doesn't always provide enough context.

2. Wrap the exception. Wrapping in an IllegalArgumentException allows you to give more context to the caller.

3. Test against a regular expression. A good general practice is to validate all inputs before use. Consider validating before parsing, like so:

The above uses a regular expression to first see if the value is a five-digit number. If it passes, we already know that parseInt won't throw an exception. This approach can also avoid exceptions altogether, which offers performance benefits.

Frameworks can help here, too. For example, when building a REST API, Spring MVC handles this exception for you.

IllegalArgumentException and IllegalStateException have useful opposing semantics. Generally speaking, an IllegalArgumentException says the responsibility lies with the caller. An IllegalStateException says it lies with the callee.

In other words, if you see an IllegalArgumentException, it’s conventionally the caller’s fault. If you see an IllegalStateException, it’s conventionally the callee’s fault. 

For example, the Spring Framework provides an input validation API that does just this:

Because the caller is passing in an invalid value, Spring’s Assert class throws an IllegalArgumentException. To repair it, follow the instructions outlined in the exception message.

One rather curious instance of IllegalArgumentException is when the Java runtime version is lower than the compiler version.

IllegalStateException can be more complicated since the state of the application might not be anyone’s fault. Read the error message carefully and proceed with your research.

Sometimes you'll see blanket RuntimeException or Exception stack traces in logs.

A RuntimeException is commonly thrown to convert a checked exception into an unchecked one.

This is often to clean up API declarations. For example, you often see this when translating an IOException like this one:

Even though RuntimeException is less informative, remember that exceptions can have a caused-by element. Because this code wraps IOException, both stack traces will be available.

Note that sometimes developers use Exception just to log a call trace like so:

In this case, the developer isn't throwing an exception. They simply want the stack trace to be logged as they investigate the cause of a given phenomenon.

A ClassCastException occurs when your application casts one type to another and fails. You can see this one for yourself by trying to cast Object to anything else.

While the compiler catches many casting mistakes, it doesn’t catch all of them. And because of that, some of them need to wait until runtime.

The most common occurs when downcasting like so:

This should be avoided where possible. In this case, the code is taking an unnecessary risk due to the advantages of coding to interfaces.

You can address a ClassCastException in three ways:

1. Try operating without casting. It’s often better to code to an interface anyway, as this makes your code more flexible.

2. Try converting instead of casting. Sometimes you can convert the value you have into the value you want as this code does:

3. Check before casting. As a best practice, if you’re going to cast, you should check first. Recent versions of Java improved the syntax. For example, you could downcast Unit to UnitImpl like this:

This is nice because the code in the if block will only run when the cast succeeds. The else block allows you to provide alternative behavior.

In this section, we'll look at three related exceptions: ClassNotFoundException, MethodNotFoundException, and NoClassDefFoundError. These are often indications that the Java Runtime is seeing something different from what the compiler saw.

For example, you might be using a third-party library to parse JSON like this:

But then at runtime, you see the following:

This is likely because the jar containing ObjectMapper is not in your runtime classpath. So you’ll need to check how that could be missing from your deployment.

MethodNotFoundException is often a symptom of a slightly different, though related, problem. If there was a method at compile time, but not at runtime, then that may indicate that there’s a jar mismatch. You may be using a newer third-party jar locally while production is using an older version that doesn’t have that method. In this case, the solution is the same: check the deployment.

NoClassDefFoundError is slightly different. It typically means that the class failed to load. In my experience, this is most common when a class has a static initialization block that fails. You can find this by looking for <clinit> in the stack trace. This is a special method that the runtime calls to initialize a class during startup.

These can also be caused by the Reflection API. I recommend avoiding reflection in general since the compiler can’t help. If these exceptions happen and you’re using reflection, check for typos in your class and method names. Also, consider rigorous unit tests to cover what the compiler cannot.

An OutOfMemoryError is what it sounds like. If your application is using too much memory, you will see this exception.

This can be caused by the application legitimately needing more memory. In that case, you can increase the memory allocated to it through the -Xmx command line option. If you’re containerized, you may also need to update your container's memory limits. 

This exception can also be caused by memory leaks, such as Map instances that grow forever without eviction. Look for collections of objects that can grow over time and see if you can rework them to clear out old items. Tools like JConsole can help.

Finally, this exception can be caused by loading an external complex object into memory all at once. This can happen in a few ways:

• With Hibernate. When eagerly loading joins, a single call can create a complex query that hydrates a large, complicated object graph. The solution is often to lazily load or craft a SQL query directly.

• With XML Parsing. It can also happen when loading complex XML objects. This was once the source of a famous hack called Billion Laughs.

• With Collections. That specific XML problem is largely mitigated today by more secure Java XML APIs. That said, favor streaming data instead of pulling it all into memory at once. For example, you can query in Spring Data like so:

Depending on the size of the table, this may unnecessarily put memory pressure on the system. You can mitigate this by using Stream or paging like this:

In this way, the API gives you one value at a time.

One of the hardest exceptions to debug is a StackOverflowError. These can be quite tricky since they by definition are ones where the runtime can’t give you the full stack trace. The causing code may still exist in the stack trace, but sometimes you aren’t so lucky.

This is usually caused by some form of recursion. For example, your application may have a method calling itself erroneously. Or it may be a more complex set of classes that cyclically call each other.

By definition, these stack traces are very big. If the stack trace doesn't show the offending line, you can use the -Xss command-line parameter to extend its length. This can also be handy if you’re running inside of a framework with several layers of abstraction.

When something isn’t available in a stack trace, you can sometimes add logging to close in on the location. You can use these repeated logs to discover other parts of the code that are participating in the loop.

IOException is a parent exception for several kinds of runtime errors, including File I/O and Network I/O. 

You can see one in action by trying to open a file that doesn’t exist:

Or try connecting to a non-existent website:

If the underlying system, like a spotty network connection, is flaky, an application can sometimes recover. Likewise, an app can recover when redundant systems are present and the app can cycle through them when one fails. In these cases, you may also see an UncheckedIOException wrapping the underlying IOException.

That said, an IOException usually means the application can’t recover, often due to misconfiguration or an unanticipated outage. Check the related filesystem and network and see whether it or the code needs to change.

SQLException is also a parent exception. It encapsulates any error caused when communicating with a SQL database.

Like IOException, this exception may be thrown when connecting with a database. Most often, though, it indicates a problem with how the database rejected the SQL provided by the application. This may be due to a few things:

• A syntax error,

• A discrepancy in the table structure that the application is expecting, or

• A discrepancy in the SQL version or dialect that the database supports

Databases aren’t always the most helpful at determining the exact problem. When investigating, consider turning up logging to see the exact SQL query in question.

SQLException is also thrown by the Java API for formulating and transmitting queries. For example, ResultSet throws it when you try to read a non-queried column. And PreparedStatement throws this exception when your application sets a non-existent bind variable:

To fix it, correct your SQL statement, how you’re populating it, or how you’re reading the result.

In this article, you saw the ten most common exceptions in Java and how I’ve addressed them over the years. Understanding what each exception type means as well as their common causes and solutions can help you get to a better solution faster. 

Use the stack trace to gather context and pinpoint the error’s source. And remember that sometimes the responsibility to fix the error lies with the callee rather than the caller. Armed with this knowledge, you’re now better equipped to tackle Java errors head-on. Let’s go fix some bugs!

Ready to level up your Java skills? Check out Pluralsight's dedicated Java learning paths written for tech professionals, by tech professionals:

• Java SE 17

• Java SE 11 Developer Certification (1Z0-819)

• Java Coding Practices

If you're interested in Java, you may also want to check out these resources on the Spring framework, an open-source framework for building robust and scalable Java applications. Pluralsight offers paths on core Spring as well as Spring Security.