Abstract
Reflection is a highly dynamic language feature that poses grave problems for static analyses. In the Java setting, reflection is ubiquitous in large programs. Any handling of reflection will be approximate, and overestimating its reach in a large codebase can be catastrophic for precision and scalability. We present an approach for handling reflection with improved empirical soundness (as measured against prior approaches and dynamic information) in the context of a points-to analysis. Our approach is based on the combination of string-flow and points-to analysis from past literature augmented with (a) substring analysis and modeling of partial string flow through string builder classes; (b) new techniques for analyzing reflective entities based on information available at their use-sites. In experimental comparisons with prior approaches, we demonstrate a combination of both improved soundness (recovering the majority of missing call-graph edges) and increased performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In our context, sound = over-approximate, i.e., guaranteeing that all possible behaviors of reflection operations are modeled.
- 2.
E.g., SMUSH_STRINGS in Wala [8] and MERGE_STRING_BUFFERS in Doop.
- 3.
The +Backwards and +Invent techniques are both additions to the substring analysis, but neither includes the other.
References
Ali, K., Lhoták, O.: Application-only call graph construction. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 688–712. Springer, Heidelberg (2012)
Ali, K., Lhoták, O.: Averroes: whole-program analysis without the whole program. In: Castagna, G. (ed.) ECOOP 2013. LNCS, vol. 7920, pp. 378–400. Springer, Heidelberg (2013)
Blackburn, S.M., et al.: The DaCapo benchmarks: Java benchmarking development and analysis. In: Proceedings of the 21st Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, OOPSLA 2006, pp. 169–190. ACM, New York (2006)
Bodden, E., Sewe, A., Sinschek, J., Oueslati, H., Mezini, M.: Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In: Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 241–250. ACM, New York (2011)
Bravenboer, M., Smaragdakis, Y.: Exception analysis and points-to analysis: Better together. In: Proceedings of the 18th International Symposium on Software Testing and Analysis, ISSTA 2009, pp. 1–12. ACM, New York (2009)
Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: Proceedings of the 24th Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, OOPSLA 2009. ACM, New York (2009)
Christensen, A.S., Møller, A., Schwartzbach, M.I.: Precise analysis of string expressions. In: Proceedings of the 10th International Symposium on Static Analysis, SAS 2003, pp. 1–18. Springer (2003)
Fink, S.J., et al.: WALA UserGuide: PointerAnalysis. http://wala.sourceforge.net/wiki/index.php/UserGuide:PointerAnalysis
Furr, M., An, J.D., Foster, J.S.: Profile-guided static typing for dynamic scripting languages. In: Proceedings of the 24th Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, OOPSLA 2009, pp. 283–300. ACM, New York (2009)
Guarnieri, S., Livshits, B.: GateKeeper: mostly static enforcement of security and reliability policies for Javascript code. In: Proceedings of the 18th USENIX Security Symposium, SSYM 2009, pp. 151–168. USENIX Association, Berkeley (2009)
Hirzel, M., von Dincklage, D., Diwan, A., Hind, M.: Fast online pointer analysis. ACM Trans. Program. Lang. Syst. 29(2), 11 (2007)
Hirzel, M., Diwan, A., Hind, M.: Pointer analysis in the presence of dynamic class loading. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 96–122. Springer, Heidelberg (2004)
Kastrinis, G., Smaragdakis, Y.: Efficient and effective handling of exceptions in java points-to analysis. In: Jhala, R., De Bosschere, K. (eds.) Compiler Construction. LNCS, vol. 7791, pp. 41–60. Springer, Heidelberg (2013)
Kastrinis, G., Smaragdakis, Y.: Hybrid context-sensitivity for points-to analysis. In: Proceedings of the 2013 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013. ACM, New York (2013)
Lam, M.S., Whaley, J., Livshits, V.B., Martin, M.C., Avots, D., Carbin, M., Unkel, C.: Context-sensitive program analysis as database queries. In: Proceedings of the 24th Symposium on Principles of Database Systems, PODS 2005, pp. 1–12. ACM, New York (2005)
Li, Y., Tan, T., Sui, Y., Xue, J.: Self-inferencing reflection resolution for Java. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 27–53. Springer, Heidelberg (2014)
Liang, P., Naik, M.: Scaling abstraction refinement via pruning. In: Proceedings of the 2011 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 590–601. ACM, New York (2011)
Livshits, B.: Improving Software Security with Precise Static and Runtime Analysis. Ph.D. thesis, Stanford University, December 2006
Livshits, B., et al.: In defense of soundiness: A manifesto. Commun. ACM 58(2), 44–46 (2015)
Livshits, B., Whaley, J., Lam, M.S.: Reflection analysis for Java. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 139–160. Springer, Heidelberg (2005)
Madsen, M., Livshits, B., Fanning, M.: Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In: Proceedings of the ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2013, pp. 499–509. ACM (2013)
Naik, M., Aiken, A., Whaley, J.: Effective static race detection for java. In: Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2006, pp. 308–319. ACM, New York (2006)
Reps, T.W.: Demand interprocedural program analysis using logic databases. In: Ramakrishnan, R. (ed.) Applications of Logic Databases, pp. 163–196. Kluwer Academic Publishers, Boston (1994)
Stancu, C., Wimmer, C., Brunthaler, S., Larsen, P., Franz, M.: Comparing points-to static analysis with runtime recorded profiling data. In: Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java Platform Virtual Machines, Languages and Tools, PPPJ 2014, pp. 157–168. ACM (2014)
Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using datalog with binary decision diagrams for program analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005)
Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proceedings of the 2004 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2004, pp. 131–144. ACM, New York (2004)
Acknowledgments
We gratefully acknowledge funding by the European Research Council under grant 307334 (Spade).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Smaragdakis, Y., Balatsouras, G., Kastrinis, G., Bravenboer, M. (2015). More Sound Static Handling of Java Reflection. In: Feng, X., Park, S. (eds) Programming Languages and Systems. APLAS 2015. Lecture Notes in Computer Science(), vol 9458. Springer, Cham. https://doi.org/10.1007/978-3-319-26529-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-26529-2_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26528-5
Online ISBN: 978-3-319-26529-2
eBook Packages: Computer ScienceComputer Science (R0)