Practical Inference of Nullability Types

NullPointerExceptions (NPEs), caused by dereferencing null, frequently cause crashes in Java programs. Pluggable type checking is highly effective in preventing Java NPEs. However, this approach is difficult to adopt for large, existing code bases, as it requires manually inserting a significant number of type qualifiers into the code. Hence, a tool to automatically infer these qualifiers could make adoption of type-based NPE prevention significantly easier. We present a novel and practical approach to automatic inference of nullability type qualifiers for Java. Our technique searches for a set of qualifiers that maximizes the amount of code that can be successfully type checked. The search uses the type checker as a black box oracle, easing compatibility with existing tools. However, this approach can be costly, as evaluating the impact of a qualifier requires re-running the checker. We present a technique for safely evaluating many qualifiers in a single checker run, dramatically reducing running times. We also describe extensions to make the approach practical in a real-world deployment. We implemented our approach in an open-source tool NULLAWAYANNOTATOR, designed to work with the NullAway type checker. We evaluated NULLAWAYANNOTATOR'S effectiveness on both open-source projects and commercial code. NULLAWAYANNOTATOR reduces the number of reported NullAway errors by 69.5% on average. Further, our optimizations enable NULLAWAYANNOTATOR to scale to large Java programs. NULLAWAYANNOTATOR has been highly effective in practice: in a production deployment, it has already been used to add NullAway checking to 160 production modules totaling over 1.3 million lines of Java code.