Towards Practical and Automated Type-Based Program Analysis in Java
Gardado en:
| Publicado en: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor Principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en liña: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sen Etiquetas, Sexa o primeiro en etiquetar este rexistro!
|
| Resumo: | Null pointer exceptions (NPEs) and tainted data flows remain among the most pervasive and critical classes of bugs in modern software systems, particularly in languages like Java. Type-based static analysis offers powerful tools to eliminate these errors at compile time. However, widespread adoption of such tools in industry has been hindered by the substantial annotation burden they impose on developers. This proposal presents a series of techniques that bridge this gap, enabling scalable and practical adoption of type-based analyses in real-world codebases. First, we introduce an automated inference system that efficiently infers nullability type qualifiers by leveraging the underlying type checker as a black-box oracle. Our tool dramatically reduces the number of reported NPE warnings and has been deployed at scale in industrial settings. We then investigate how to rigorously evaluate such inference tools, identifying key biases in prior evaluation methodologies and proposing a principled alternative definition of "best" annotations. This leads to the first direct comparison of existing nullability inference tools. Building on these foundations, we extend our work to a new domain, type-based taint analysis by developing a modular, high precision, high recall taint checker alongside a scalable annotation inference technique. Our solution outperforms whole-program taint analyses in both recall and performance, while remaining practical for real-world adoption. Finally, we close the automation loop with a novel framework that leverages large language models (LLMs) to automatically synthesize code patches for residual nullability issues, enabling full automation of null safety onboarding in legacy codebases.Together, these contributions chart a path toward fully automated adoption of type-based program analysis, blending foundational static analysis techniques with cutting-edge advances in AI to make software safer and more maintainable at scale.  |
|---|---|
| ISBN: | 9798263308476 |
| Fonte: | ProQuest Dissertations & Theses Global |