NullPointerExceptions (NPEs), caused by dereferencing null, frequently cause crashes in Java programs. Pluggable type checking is highly effective in preventing Java NPEs. However, this approach is difficult to adopt for large, existing code bases, as it requires manually inserting a significant number of type qualifiers into the code. Hence, a tool to automatically infer these qualifiers could make adoption of type-based NPE prevention significantly easier.
We present a novel and practical approach to automatic inference of nullability type qualifiers for Java. Our technique searches for a set of qualifiers that maximizes the amount of code that can be successfully type checked. The search uses the type checker as a black box oracle, easing compatibility with existing tools. However, this approach can be costly, as evaluating the impact of a qualifier requires re-running the checker. We present a technique for safely evaluating many qualifiers in a single checker run, dramatically reducing running times. We also describe extensions to make the approach practical in a real-world deployment.
We implemented our approach in an open-source tool ToolName, designed to work with the NullAway type checker. We evaluated ToolName’s effectiveness on both open-source projects and commercial code. ToolName reduces the number of reported NullAway errors by 69.5% on average. Further, our optimizations enable ToolName to scale to large Java programs. ToolName significantly eases adopting type-based nullness checking on existing code, and has already been used to add NullAway checking to eight production modules, totaling over 95,000 lines of Java code.
Thu 7 DecDisplayed time zone: Pacific Time (US & Canada) change
11:00 - 12:30 | Program Analysis IIIDemonstrations / Research Papers / Industry Papers at Golden Gate C3 Chair(s): Marsha Chechik University of Toronto | ||
11:00 15mTalk | Practical Inference of Nullability Types Research Papers Nima Karimipour University of California, Riverside, Justin Pham University of California, Riverside, Lazaro Clapp Uber Technologies Inc, Manu Sridharan University of California at Riverside Media Attached | ||
11:15 15mTalk | LibKit: Detecting Third-Party Libraries in iOS Apps Research Papers Daniel Dominguez Alvarez University of Verona and IMDEA Software Institute, Alejandro de la Cruz IMDEA Software Institute, Alessandra Gorla IMDEA Software Institute, Juan Caballero IMDEA Software Institute Media Attached | ||
11:30 15mTalk | Compositional Taint Analysis for Enforcing Security Policies at Scale Industry Papers Subarno Banerjee Amazon Web Services, Siwei Cui Texas A & M University, Michael Emmi Amazon Web Services, Antonio Filieri Amazon Web Services, Liana Hadarean Amazon Web Services, Peixuan Li Amazon Web Services, Linghui Luo Amazon Web Services, Goran Piskachev Amazon Web Services, Nico Rosner Amazon Web Services, Aritra Sengupta Amazon Web Services, Omer Tripp Amazon, Jingbo Wang University of Southern California DOI Media Attached | ||
11:45 15mTalk | FunProbe: Probing Functions from Binary Code through Probabilistic Analysis Research Papers Media Attached | ||
12:00 15mTalk | BigDataflow: A Distributed Interprocedural Dataflow Analysis Framework Research Papers Zewen Sun Nanjing University, Duanchen Xu Nanjing University, Yiyu Zhang Nanjing University, Yun Qi Nanjing University, Yueyang Wang Nanjing University, Zhiqiang Zuo Nanjing University, Zhaokang Wang Nanjing University, Yue Li Nanjing University, Xuandong Li Nanjing University, Qingda Lu Alibaba Group, Wenwen Peng Alibaba Group, Shengjian (Daniel) Guo Baidu Security Media Attached | ||
12:15 7mTalk | CONAN: Statically Detecting Connectivity Issues in Android Applications Demonstrations Alejandro Mazuera-Rozo Universita della Svizzera italiana, Lugano, Switzerland and Universidad de los Andes, Colombia, Camilo Escobar-Velásquez Universidad de los Andes, Juan Espitia-Acero Universidad de los Andes, Colombia, Mario Linares-Vásquez Universidad de los Andes, Gabriele Bavota Software Institute, USI Università della Svizzera italiana Media Attached | ||