Static analysis tools typically address the problem of excessive false positives by requiring programmers to explicitly annotate their code. However, when faced with incomplete annotations, many analysis tools are either too conservative, yielding false positives, or too optimistic, resulting in unsound analysis results. In order to flexibly and soundly deal with partially-annotated programs, we propose to build upon and adapt the gradual typing approach to abstract-interpretation-based program analyses. Specifically, we focus on null-pointer analysis and demonstrate that a gradual null-pointer analysis hits a sweet spot, by gracefully applying static analysis where possible and relying on dynamic checks where necessary for soundness. In addition to formalizing a gradual null-pointer analysis for a core imperative language, we build a prototype using the Infer static analysis framework, and present preliminary evidence that the gradual null-pointer analysis reduces false positives compared to two existing null-pointer checkers for Infer. Further, we discuss ways in which the gradualization approach used to derive the gradual analysis from its static counterpart can be extended to support more domains. This work thus provides a basis for future analysis tools that can smoothly navigate the tradeoff between human effort and run-time overhead to reduce the number of reported false positives.

中文翻译：

---

空指针的逐步程序分析

静态分析工具通常通过要求程序员显式地注释其代码来解决过多的误报问题。但是，当面对不完整的注释时，许多分析工具要么过于保守，产生假阳性，要么过于乐观，导致分析结果不可靠。为了灵活，合理地处理部分注释的程序，我们建议在基于抽象解释的程序分析的基础上逐步采用渐进类型化方法。具体来说，我们专注于空指针分析，并通过在可能的情况下适当地应用静态分析并在必要时依赖动态检查以确保稳健性，来证明渐进式空指针分析达到了最佳效果。除了对核心命令式语言进行逐步的空指针分析之外，我们使用Infer静态分析框架构建了一个原型，并提供了初步证据，与现有的两个Infer零指针检查器相比，渐进式零指针分析减少了误报。此外，我们讨论了可用于扩展从其静态对等物得出渐进分析的渐进方法以支持更多域的方式。因此，这项工作为将来的分析工具提供了基础，这些工具可以顺利地在人工和运行时间开销之间进行权衡，以减少报告的误报次数。我们讨论了用于扩展从其静态对等物进行渐进分析的渐进方法可以扩展以支持更多领域的方法。因此，这项工作为将来的分析工具提供了基础，这些工具可以顺利地在人工和运行时间开销之间进行权衡，以减少报告的误报次数。我们讨论了用于扩展从其静态对等物进行渐进分析的渐进方法可以扩展以支持更多领域的方法。因此，这项工作为将来的分析工具提供了基础，这些工具可以顺利地在人工和运行时间开销之间进行权衡，以减少报告的误报次数。