add a README for NullPath

Author: ShuMengZhang00

README.md

@@ -1,153 +1,71 @@
-<div align="center">
-  <img src="tai-e-logo.png" height="200">
-
-# Tai-e
-
-[![test](https://github.com/pascal-lab/Tai-e/actions/workflows/test.yml/badge.svg)](https://github.com/pascal-lab/Tai-e/actions/workflows/test.yml)
-[![java](https://img.shields.io/badge/Java-17-informational)](https://openjdk.java.net/)
-[![maven-central](https://img.shields.io/badge/dynamic/xml.svg?label=maven-central&color=f1834d&query=//metadata/versioning/latest&url=https://repo1.maven.org/maven2/net/pascal-lab/tai-e/maven-metadata.xml)](https://search.maven.org/artifact/net.pascal-lab/tai-e)
-[![codecov](https://codecov.io/gh/pascal-lab/Tai-e/branch/master/graph/badge.svg)](https://codecov.io/gh/pascal-lab/Tai-e)
-[![DOI](https://img.shields.io/badge/DOI-10.1145/3597926.3598120-blue)](https://doi.org/10.1145/3597926.3598120)
-</div>
-
-## Table of Contents
-
-- [What is Tai-e?](#what-is-tai-e)
-- [How to Obtain Runnable Jar of Tai-e?](#how-to-obtain-runnable-jar-of-tai-e)
-- [How to Include Tai-e in Your Project?](#how-to-include-tai-e-in-your-project)
-    - [Stable Version](#stable-version)
-    - [Latest Version](#latest-version)
-- [Documentation](#documentation)
-    - [Reference Documentation](#reference-documentation)
-    - [Changelog](#changelog)
-- [Tai-e Assignments](#tai-e-assignments)
-
-## What is Tai-e?
-
-Tai-e (Chinese: 太阿; pronunciation: [ˈtaɪə:]) is a new static analysis framework for Java (please see our [ISSTA 2023 paper](https://cs.nju.edu.cn/tiantan/papers/issta2023.pdf) for details), which features arguably the "best" designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and SpotBugs.
-Tai-e is easy-to-learn, easy-to-use, efficient, and highly extensible, allowing you to easily develop new analyses on top of it.
-
-Currently, Tai-e provides the following major analysis components (and more analyses are on the
-way):
-
-- Powerful pointer analysis framework
-  - On-the-fly call graph construction
-  - Various classic and advanced techniques of heap abstraction and context sensitivity for pointer analysis
-  - Extensible analysis plugin system (allows to conveniently develop and add new analyses that interact with pointer analysis)
-- Configurable security analysis
-  - Taint analysis, which allows to configure sources, sinks, taint transfers, and sanitizers
-  - Detection of various information leakages and injection vulnerabilities
-  - Various precision and efficiency tradeoffs (benefit from the pointer analysis framework)
-- Various fundamental/utility analyses
-  - Fundamental analyses, e.g., reflection analysis and exception analysis
-  - Modern language feature analyses, e.g., lambda and method reference analysis, and invokedynamic analysis
-  - Utility tools like analysis timer, constraint checker (for debugging), and various graph dumpers
-- Control/Data-flow analysis framework
-  - Control-flow graph construction
-  - Classic data-flow analyses, e.g., live variable analysis, constant propagation
-  - Your data-flow analyses
-- SpotBugs-like bug detection system
-  - Bug detectors, e.g., null pointer detector, incorrect `clone()` detector
-  - Your bug detectors
-
-Tai-e is developed in Java, and it can run on major operating systems including Windows, Linux, and macOS.
-
-As a courtesy to the developers, we expect that you **please [cite](CITATION.bib) the paper** from ISSTA 2023 describing the Tai-e framework in your research work:
-
-Tian Tan and Yue Li. 2023.
-**Tai-e: A Developer-Friendly Static Analysis Framework for Java by Harnessing the Good Designs of Classics.**
-In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '23), July 17–21, 2023, Seattle, WA, USA ([pdf](https://cs.nju.edu.cn/tiantan/papers/issta2023.pdf), [bibtex](CITATION.bib)).
-
-## How to Obtain Runnable Jar of Tai-e?
-The simplest way is to download it from [GitHub Releases](https://github.com/pascal-lab/Tai-e/releases).
-
-Alternatively, you might build the latest Tai-e yourself from the source code. This can be simply accomplished via Gradle (be sure that Java 17 (or higher version) is available on your system).
-You just need to run command `gradlew fatJar`, and then the runnable jar will be generated in `tai-e/build/`, which includes Tai-e and all its dependencies.
-
-## How to Include Tai-e in Your Project?
-Tai-e is designed as a standalone tool, but you also have the option to include it in your project as a dependency.
-It is available on Maven repositories, allowing you to easily integrate it into your Java projects using build tools such as Gradle and Maven.
-We maintain both stable and latest versions of Tai-e, and here are the corresponding coordinates in Gradle and Maven script formats:
-
-### Stable Version
-For Gradle:
-
-```kotlin
-dependencies {
-    implementation("net.pascal-lab:tai-e:0.2.2")
-}
-```
+# NullPath
 
-For Maven:
+NullPath is a static analysis tool for Java designed to detect NullPointerException (NPE) issues. It leverages the [Tai-e static analysis framework](https://github.com/pascal-lab/Tai-e) to perform a deep and precise analysis of Java bytecode or source code. Compared to existing approaches, NullPath can efficiently discover much more NPE bugs while maintaining a reasonable precision. Statically finding NPEs is valuable because it helps prevent runtime errors, improves application reliability, and enhances overall software quality by identifying potential crashes before they occur in production.
 
-```xml
+## Getting Started
 
-<dependencies>
-    <dependency>
-        <groupId>net.pascal-lab</groupId>
-        <artifactId>tai-e</artifactId>
-        <version>0.2.2</version>
-    </dependency>
-</dependencies>
-```
+As NullPath is built upon [Tai-e](https://github.com/pascal-lab/Tai-e), its prerequisites and fundamental build procedures are consistent with Tai-e. The primary difference in the build process is the addition of a specific Gradle task, `nullpath`, designed to generate a JAR file with `pascal.taie.analysis.bugfinder.pathsensnullpointer.NullPointerMain` as its main entry point.
 
-### Latest Version
+### Prerequisites
 
-For Gradle:
+*   **Java Development Kit (JDK):** NullPath requires Java 17 or higher, consistent with Tai-e. Please ensure your `JAVA_HOME` environment variable is set correctly.
 
-```kotlin
-repositories {
-    mavenCentral()
-    maven { url = uri("https://s01.oss.sonatype.org/content/repositories/snapshots/") }
-}
+### Building NullPath
 
-dependencies {
-    implementation("net.pascal-lab:tai-e:0.5.1-SNAPSHOT")
-}
-```
+1.  **Clone the Repository:**
+    ```bash
+    git clone <YOUR_NULLPATH_REPOSITORY_URL> # Replace with your actual NullPath repository URL
+    cd nullpath # Or your project's directory name
+    ```
+2.  **Build the Project:**
+    NullPath uses Gradle for its build system. To generate the specific NullPath JAR with `NullPointerMain` as the entry point, run:
+    ```bash
+    ./gradlew nullpath
+    ```
+    The resulting JAR (e.g., `nullpath-[version].jar`) will typically be found in the `build/libs/` directory. For the command examples below, we'll refer to this as `nullpath.jar`. Please check your build output for the precise filename.
 
-For Maven:
-
-```xml
-<repositories>
-    <repository>
-        <id>snapshots</id>
-        <name>Sonatype snapshot server</name>
-        <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url>
-    </repository>
-</repositories>
-
-<dependencies>
-    <dependency>
-        <groupId>net.pascal-lab</groupId>
-        <artifactId>tai-e</artifactId>
-        <version>0.5.1-SNAPSHOT</version>
-    </dependency>
-</dependencies>
-```
+    For other build operations consistent with Tai-e (like generating a `tai-e-all.jar` if configured), you would use the standard Tai-e Gradle tasks (e.g., `./gradlew fatJar`).
+
+## How to Run NullPath (command-line options)?
 
-You can use these coordinates in your Gradle or Maven scripts to include the desired version of Tai-e in your project.
+As NullPath is built upon [Tai-e](https://github.com/pascal-lab/Tai-e), its command-line parameters and general usage align with Tai-e's conventions. For comprehensive details on all available Tai-e command-line options, please consult the [official Tai-e Command-Line Options Documentation](https://tai-e.pascal-lab.net/docs/current/reference/en/command-line-options.html).
 
-## Documentation
+NullPath offers two primary ways to execute the NPE detection analysis:
 
-### Reference Documentation
+### 1. Using `NullPointerMain` (Recommended for Standard NPE Detection)
+To simplify the execution of NPE detection, which involves a complex set of underlying analyses and parameters, NullPath provides a dedicated entry point: `pascal.taie.analysis.bugfinder.pathsensnullpointer.NullPointerMain`. This method conveniently bundles all the required analysis configurations.
 
-We have provided detailed information of Tai-e in the [Reference Documentation](https://tai-e.pascal-lab.net/docs/current/reference/en/index.html), which covers various aspects such as [Setup in IntelliJ IDEA](https://tai-e.pascal-lab.net/docs/current/reference/en/setup-in-intellij-idea.html), [Command-Line Options](https://tai-e.pascal-lab.net/docs/current/reference/en/command-line-options.html), and [Development of New Analysis](https://tai-e.pascal-lab.net/docs/current/reference/en/develop-new-analysis.html).
+In most cases, you only need to specify the parameters related to the program you want to analyze (i.e., Tai-e's "Program options").
 
-Please note that the reference documentation mentioned above pertains to *the latest version* of Tai-e.
-If you need documentation for a specific stable version, please refer to the [Documentation Index](https://tai-e.pascal-lab.net/docs).
-Additionally, the documentation is included within the repository and maintained alongside the source code.
-You can access the reference documentation for a particular version of Tai-e (in AsciiDoc format) by exploring the [docs/en](docs/en) directory, starting from [index.adoc](docs/en/index.adoc).
-This allows you to access version-specific documentation for Tai-e.
+**Command Example:**
+```bash
+java -jar build/libs/nullpath.jar -cp <path_to_java_project_classes_or_jar> -m <main_class_of_target_project> [other_program_options]
+```
+*   `build/libs/nullpath.jar`: The runnable fat JAR for NullPath. Remember to use the actual filename generated in your `build/libs/` directory.
+*   `-cp <path_to_java_project_classes_or_jar>`: This is the classpath for the Java project you want to analyze. This can be a path to a directory containing `.class` files, or a path to a JAR file.
+*   `-m <main_class_of_target_project>`: The fully qualified name of the main class of the application you are analyzing (e.g., `com.example.MyApplication`). This helps Tai-e determine the entry points for the analysis.
+*   `[other_program_options]`: Additional Tai-e program options, such as `-java <version>` to specify the Java version of the target project. Refer to the [Tai-e documentation](https://tai-e.pascal-lab.net/docs/current/reference/en/command-line-options.html) for defaults and available program options.
 
-In addition to the reference
-documentation, [Javadocs](https://tai-e.pascal-lab.net/docs/current/api/index.html) for Tai-e are
-also available as a useful reference resource.
+This command will run the pre-configured set of analyses for NPE detection on the specified target program.
+
+**Output:**
+The analysis results, including detected potential NullPointerExceptions, are typically printed to the console or logged to files (as configured by Log4j2 within Tai-e). The `NullPointerResultProcessor` component is responsible for formatting and presenting these findings.
+
+### 2. Using Tai-e's `pascal.taie.Main` (For Advanced Control)
+If you require more fine-grained control over the analysis process (e.g., specifying parameters for pointer analysis, or modifying the analysis chain), you can directly use Tai-e's original Main class (`pascal.taie.Main`).
+
+When using this approach, you will need to manually specify all relevant analysis options (the `-a` flags as used in Tai-e), including those specific to `path-sens-nullpointer`, its dependencies, and any custom configurations you require, in addition to the program options.
+
+**Conceptual Example:**
+```bash
+java -cp build/libs/nullpath.jar pascal.taie.Main \\\
+     -cp <path_to_java_project_classes_or_jar> \\\
+     -m <main_class_of_target_project> \\\
+     -a must-alias \\\n     -a non-null \\\n     -a icfg \\\n     -a side-effect \\\n     -a cg \\\n     -a null-slice \\\n     -a path-sens-nullpointer \\\n     -a nullpointer-result-processor \\\n     -a \"pta=cs:2-type;plugins:[pascal.taie.analysis.bugfinder.pathsensnullpointer.NullPointerAnalysis,pascal.taie.analysis.pta.plugin.NumberLiteralHandler];propagate-types:[reference,null,int,long,boolean];\" \\\
+     [other_tai-e_options]
+```
+To get the exact list of analyses and their configurations as bundled in `NullPointerMain`, you can refer to the `src/main/java/pascal/taie/analysis/bugfinder/pathsensnullpointer/NullPointerMain.java` source file.
 
-### Changelog
-Since we are actively developing and updating Tai-e, we record the notable changes we made, especially the new features and breaking changes, in [CHANGELOG](CHANGELOG.md).
-If you find something wrong after updating Tai-e, maybe you could check [CHANGELOG](CHANGELOG.md) for useful information.
+## Acknowledgements
 
-## Tai-e Assignments
-In addition, we have developed an [educational version of Tai-e](https://tai-e.pascal-lab.net/en/intro/overview.html) where eight programming assignments are carefully designed for systematically training learners to implement various static analysis techniques to analyze real Java programs.
-The educational version shares a large amount of code with Tai-e, thus doing the assignments would be a good way to get familiar with Tai-e.
+*   This project is built using the **Tai-e static analysis framework**. We extend our gratitude to the Tai-e developers and contributors for their excellent work. You can find the Tai-e framework at [https://github.com/pascal-lab/Tai-e](https://github.com/pascal-lab/Tai-e).