A Non-Null Annotation Inferencer for Java Bytecode

We present a non-null annotations inferencer for the Java bytecode language. We previously proposed an analysis to infer non-null annotations and proved it soundness and completeness with respect to a state of the art type system. This paper proposes extensions to our former analysis in order to deal with the Java bytecode language. We have implemented both analyses and compared their behaviour on several benchmarks. The results show a substantial improvement in the precision and, despite being a whole-program analysis, production applications can be analyzed within minutes

Sawja: Static Analysis Workshop for Java

Static analysis is a powerful technique for automatic verification of programs but raises major engineering challenges when developing a full-fledged analyzer for a realistic language such as Java. This paper describes the Sawja library: a static analysis framework fully compliant with Java 6 which provides OCaml modules for efficiently manipulating Java bytecode programs. We present the main features of the library, including (i) efficient functional data-structures for representing program with implicit sharing and lazy parsing, (ii) an intermediate stack-less representation, and (iii) fast computation and manipulation of complete programs

Soundly Handling Static Fields: Issues, Semantics and Analysis

Although in most cases class initialization works as expected, some static fields may be read before being initialized, despite being initialized in their corresponding class initializer. We propose an analysis which compute, for each program point, the set of static fields that must have been initialized and discuss its soundness. We show that such an analysis can be directly applied to identify the static fields that may be read before being initialized and to improve the precision while preserving the soundness of a null-pointer analysis.Comment: Proceedings of the Fourth Workshop on Bytecode Semantics, Verification, Analysis and Transformation (BYTECODE 2009

On Leveraging Tests to Infer Nullable Annotations

Issues related to the dereferencing of null pointers are a pervasive and widely studied problem, and numerous static analyses have been proposed for this purpose. These are typically based on dataflow analysis, and take advantage of annotations indicating whether a type is nullable or not. The presence of such annotations can significantly improve the accuracy of null checkers. However, most code found in the wild is not annotated, and tools must fall back on default assumptions, leading to both false positives and false negatives. Manually annotating code is a laborious task and requires deep knowledge of how a program interacts with clients and components. We propose to infer nullable annotations from an analysis of existing test cases. For this purpose, we execute instrumented tests and capture nullable API interactions. Those recorded interactions are then refined (santitised and propagated) in order to improve their precision and recall. We evaluate our approach on seven projects from the spring ecosystems and two google projects which have been extensively manually annotated with thousands of @Nullable annotations. We find that our approach has a high precision, and can find around half of the existing @Nullable annotations. This suggests that the method proposed is useful to mechanise a significant part of the very labour-intensive annotation task

An Immutability Type System for Classes and Objects: Improvements, Experiments, and Comparisons

Mutability, the ability for an object to change, is frequently cited as one of the sources of software problems. Ensuring the immutability of objects opens opportunities for optimizations, e.g., removing the need for locks in a concurrent environment for an immutable object. This thesis explores an approach to analyze immutability of classes and objects by using static analysis with pluggable type systems. A properly implemented pluggable type system can statically analyze the mutability property of an object without execution. This thesis presents (1) the analysis of some previous work, including Javari, ReIm, and Glacier, (2) improvements to a pluggable type system, PICO, to enhance the soundness of the formalization and to improve the user experience, and (3) experiments with the enhanced PICO with real projects, and comparisons with the results of the previous work. PICO is an immutability type system that analyzes and enforces the mutability property of an object so that a mutation on an immutable object can be statically detected. Although many modern programming languages have various means of declaring this property, PICO provides an easier, more flexible, and foolproof way to declare the mutability property of a class by automating the check of immutability. While PICO is a novel work in improving the flexibility of the immutability type system, it has certain bad designs for defaulting in parts of the immutability rules. Such bad designs would lead to the risk of allowing the mutation of an immutable object, known as the false negative. To solve this problem, this thesis provides more sound formalization to fix the false negative. Also, PICO contains counterintuitive logic, such as unsafe defaulting. To solve the counterintuitive logic, this thesis presents a new defaulting scheme for PICO, and reports various minor changes made to improve the user-friendliness during the type checking process. This thesis conducts experiments on small code snippets and large real-world projects, and also compares the new PICO with previous works on immutability to find more potential problems and demonstrates the flexibility and usability of PICO compared with previous projects, e.g., Glacier