Precise null-pointer analysis

Abstract

In Java, C or C++, attempts to dereference the null value result in an exception or a segmentation fault. Hence, it is important to identify those program points where this undesired behaviour might occur or prove the other program points (and possibly the entire program) safe. To that purpose, null-pointer analysis of computer programs checks or infers non-null annotations for variables and object fields. With few notable exceptions, null-pointer analyses currently use run-time checks or are incorrect or only verify manually provided annotations. In this paper, we use abstract interpretation to build and prove correct a first, flow and context-sensitive static null-pointer analysis for Java bytecode (and hence Java) which infers non-null annotations. It is based on Boolean formulas, implemented with binary decision diagrams. For better precision, it identifies instance or static fields that remain always non-null after being initialised. Our experiments show this analysis faster and more precise than the correct null-pointer analysis by Hubert, Jensen and Pichardie. Moreover, our analysis deals with exceptions, which is not the case of most others; its formulation is theoretically clean and its implementation strong and scalable. We subsequently improve that analysis by using local reasoning about fields that are not always non-null, but happen to hold a non-null value when they are accessed. This is a frequent situation, since programmers typically check a field for non-nullness before its access. We conclude with an example of use of our analyses to infer null-pointer annotations which are more precise than those that other inference tools can achieve.

This is a preview of subscription content, log in to check access.

References

  1. 1

    Aho A.V., Sethi R., Ullman J.D.: Compilers, Principles Techniques and Tools. Addison-Wesley, Reading (1986)

    Google Scholar 

  2. 2

    Albert, E., Arenas, P., Genaim, S., Puebla, G.: Dealing with numeric fields in termination analysis of Java-like languages. In: Huisman, M. (ed.) Proceedings of the 10th Workshop on Formal Techniques for Java-like Programs (FTfJP’08), July 2008. http://clip.dia.fi.upm.es/~samir/home/viewpost.php?post=Publications

  3. 3

    Armstrong T., Marriott J., Schachte P., Søndergaard H.: Two classes of Boolean functions for dependency analysis. Sci. Comput. Program. 31(1), 3–45 (1998)

    Article  MATH  Google Scholar 

  4. 4

    Bloch, J.: Jsr 175: A Metadata Facility for the Java Programming Language (2004). http://jcp.org/en/jsr/detail?id=175

  5. 5

    Bryant R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986)

    Article  MATH  Google Scholar 

  6. 6

    Chalin, P., James, P.R.: Non-null references by default in Java: alleviating the nullity annotation burden. In: Ernst, E. (ed.) Proceedings of the 21st European Conference on Object-Oriented Programming (ECOOP’07). Lecture Notes in Computer Science, Berlin, Germany, July–August 2007, vol. 4609, pp. 227–247. Springer, Berlin (2007)

  7. 7

    Cielecki, M., Fulara, J., Jakubczyk, K., Jancewicz, Ł.: Propagation of JML non-null annotations in Java programs. In: Gitzel, R., Aleksy, M., Schader, M. (eds.) Proceedings of the 4th International Symposium on Principles and Practice of Programming in Java (PPPJ’06), Mannheim, Germany, August–September 2006, pp. 135–140. ACM, New York (2006)

  8. 8

    Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: Proceedings of the 2nd International Symposium on Programming, Paris, France, April 1976, pp. 106–130. Dunod, Paris (1976)

  9. 9

    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’77), pp. 238–252 (1977)

  10. 10

    Ekman T., Hedin, G.: The jastadd extensible Java compiler. In: Ernst, E. (ed.) Proceedings of the 21st European Conference on Object-Oriented Programming (ECOOP’07). Lecture Notes in Computer Science, Berlin, Germany, July–August 2007, vol. 4609, pp. 1–18. Springer, Berlin (2007)

  11. 11

    Engelen, A.F.M.: Nullness Analysis of Java Source Code. PhD thesis, University of Nijmegen, Department of Computer Science (2006)

  12. 12

    Ernst M.D., Perkins J.H., Guo P.J., McCamant S., Pacheco C., Tschantz M.S., Xiao C.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1–3), 35–45 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  13. 13

    Fähndrich, M., Leino, K.R.M.: Declaring and checking non-null types in an object-oriented language. In: Crocker, R., Steel, G.L. Jr. (eds.) Proceedings of the 2003 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA’03), Anaheim, CA, USA, October 2003, pp. 302–312. ACM, New York (2003)

  14. 14

    Fähndrich, M., Xia, S.: Establishing object invariants with delayed types. In: Gabriel, R.P., Bacon, D.F., Videira Lopes, C., Steele, G.L. Jr. (eds.) Proceedings of the 2007 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA’07), Montreal, Quebec, Canada, October 2007, pp. 337–350. ACM, New York (2007)

  15. 15

    Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) Proceedings of the 2001 International Symposium of Formal Methods Europe (FME’01). Lecture Notes in Computer Science, Berlin, Germany, March 2001, vol. 2021, pp. 500–517. Springer, Berlin (2001)

  16. 16

    Hill P.M., Spoto F.: Deriving escape analysis by abstract interpretation. High. Order Symb. Comput. 19(4), 415–463 (2006)

    Article  MATH  Google Scholar 

  17. 17

    Hovemeyer, D., Pugh, W.: Finding more null pointer bugs, but not too many. In: Das, M., Grossman, D. (eds.) Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE’07), San Diego, CA, USA, June 2007, pp. 9–14. ACM, New York (2007)

  18. 18

    Hovemeyer, D., Spacco, J., Pugh, W.: Evaluating and tuning a static analysis to find null pointer bugs. In: Ernst, M., Jensen, T.P. (eds.) Proceedings of the 2005 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis For Software Tools and Engineering (PASTE’05), Lisbon, Portugal, September 2005, pp. 13–19. ACM, New York (2005)

  19. 19

    Hubert, L., Jensen, T., Pichardie, D.: Semantic foundations and inference of non-null annotations. In: Barthe, G., de Boer, F.S. (eds.) Proceedings of the 10th International Conference on Formal Methods for Open Object-based Distributed Systems (FMOODS’08). Lecture Notes in Computer Science, vol. 5051, pp. 132–149. Springer, Berlin (2008)

  20. 20

    Leino, K.R.M., Saxe, J.B., Stata, R.: ESC/Java User’s Manual. Compaq Systems Research Center, technical note 2000-002 edition, October (2000)

  21. 21

    Lindholm T., Yellin F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (1999)

    Google Scholar 

  22. 22

    Male, C., Pearce, D.J., Potanin, A., Dymnikov, C.: Java bytecode verification for @NonNull types. In: Hendren, L. (ed.) Proceedings of the 17th Int. Conference on Compiler Construction (CC’2008). Lecture Notes in Computer Science, Budapest, Hungary, March–April 2008, vol. 4959, pp. 229–244. Springer, Budapest (2008)

  23. 23

    Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: Proceedings of OOPSLA’91. ACM SIGPLAN Notices, vol. 26(11), pp. 146–161. ACM, New York (1991)

  24. 24

    Papi, M.M., Ali, M., Correa, T.L., Perkins, J.H., Ernst, M.D.: Practical pluggable types for Java. In: Ryder, B.G., Zeller, A. (eds.) Proceedings of the ACM/SIGSOFT 2008 International Symposium on Software Testing and Analysis (ISSTA’08), Seattle, WA, USA, July 2008, pp. 201–212. ACM, New York (2008)

  25. 25

    Payet, É, Spoto, F.: Magic-sets transformation for the analysis of Java bytecode. In: Nielson, H.R., Filé, G. (eds.) Proceedings of the 14th International Static Analysis Symposium (SAS’07). Lecture Notes in Computer Science, Kongens Lyngby, Denmark, August 2007, vol. 4634, pp. 452–467. Springer, Berlin (2007)

  26. 26

    Secci S., Spoto, F.: Pair-sharing analysis of object-oriented programs. In: Hankin, C. (ed.) Proceedings of Static Analysis Symposium (SAS). Lecture Notes in Computer Science, London, UK, September 2005, vol. 3672, pp. 320–335. Springer, Berlin (2005)

  27. 27

    Spoto, F.: Nullness Analysis in Boolean form. In: Proceedings of the 6th IEEE International Conference on Software Engineering and Formal Methods (SEFM’08), Cape Town, South Africa, November 2008, pp. 21–30. IEEE Press, New York (2008)

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Fausto Spoto.

Additional information

Communicated by Dr. Antonio Cerone.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Spoto, F. Precise null-pointer analysis. Softw Syst Model 10, 219–252 (2011). https://doi.org/10.1007/s10270-009-0132-5

Download citation

Keywords

  • Null-pointer analysis
  • Java bytecode
  • Static analysis
  • Abstract interpretation
  • Automatic software verification