Practical Automated Program Analysis for Improving Java Software: Repairing Static Analysis Violations and Analyzing Exception Behavior

You are cordially invited to attend the PhD Dissertation Defence of Diego Venâncio Marcílio on Thursday 23 November 2023 at 12:30 in room D1.15 (USI East Campus).

Abstract:
Finding and fixing bugs are among the most time-consuming activities of the software development process. This thesis presents work that increases the level of automation in finding and fixing bugs in Java software: by automatically repairing static analysis warnings and by analyzing exception behavior. In both directions, we aim to provide actionable feedback to developers and to demonstrate practical applicability. Developers widely use static analysis tools (SATs) to identify bugs early in the development process. However, using SATs comes with challenges, such as too many reported warnings, false positives, and limitations in detecting issues that relate to libraries and external project dependencies. To improve the usability of SATs when they report a high number of violations, we propose to automatically address some of the violations by synthesizing source-code fixes. We designed a technique, SpongeBugs, to produce fixes for violations of simple, widely used rules detected by popular static analyzers (SonarQube and SpotBugs). Our technique can often generate fixes quickly and that are similar to those developers would write. In an experimental evaluation, maintainers of popular Java open-source projects accepted 87% of 946 fixes generated automatically by SpongeBugs. To widen the scope of static analysis to issues involving external libraries, we focus on exception behavior, which is notoriously often poorly documented, associated with anti-patterns, and a frequent source of software failures. We first examined how Java developers test exception behavior and identified the most frequently tested exceptions. Building on these insights, we introduced the WIT technique, which automatically extracts precise exception preconditions in Java methods. We demonstrated several practical applications of using WIT on realistic programs. First, we used WIT's extracted preconditions to add to and improve the Javadoc documentation of popular Apache Commons projects: Lang, IO, and Text. We then repurposed WIT so that it could analyze client code to detect calls that violate the exception preconditions of library calls. We applied this approach to 1,523 open-source Java projects in 21 widely used open-source Java libraries, including the Java Development Kit (JDK); we found 4,115 cases of calls to library methods that may result in an exception. To our knowledge, this kind of analysis of exceptions that originate in calls to external libraries is beyond the capabilities of most commercial static analyzers. Overall, our contributions were designed so that they can work with limited requirements on the analyzed codebases. This emphasizes providing practical tools and actionable and reliable feedback, which can help developers be more productive when finding and fixing bugs.

Dissertation Committee:
- Prof. Carlo Alberto Furia, Università della Svizzera italiana, Switzerland (Research Advisor)
- Prof. Gabriele Bavota, Università della Svizzera italiana, Switzerland (Internal Member)
- Prof. Matthias Hauswirth, Università della Svizzera italiana, Switzerland (Internal Member)
- Prof. Maurício Aniche, TU Delft, the Netherlands (External Member)
- Prof. Harald Gall, University of Zurich, Switzerland (External Member)