Reflection analysis for java
Benjamin Livshits,John Whaley,Monica S. Lam +2 more
- 02 Nov 2005
- pp 139-160
TL;DR: A static analysis algorithm is proposed that uses points-to information to approximate the targets of reflective calls as part of call graph construction and is effective for resolving most reflective calls without any user input.
read more
Abstract: Reflection has always been a thorn in the side of Java static analysis tools. Without a full treatment of reflection, static analysis tools are both incomplete because some parts of the program may not be included in the application call graph, and unsound because the static analysis does not take into account reflective features of Java that allow writes to object fields and method invocations. However, accurately analyzing reflection has always been difficult, leading to most static analysis tools treating reflection in an unsound manner or just ignoring it entirely. This is unsatisfactory as many modern Java applications make significant use of reflection.
In this paper we propose a static analysis algorithm that uses points-to information to approximate the targets of reflective calls as part of call graph construction. Because reflective calls may rely on input to the application, in addition to performing reflection resolution, our algorithm also discovers all places in the program where user-provided specifications are necessary to fully resolve reflective targets. As an alternative to user-provided specifications, we also propose a reflection resolution approach based on type cast information that reduces the need for user input, but typically results in a less precise call graph.
We have implemented the reflection resolution algorithms described in this paper and applied them to a set of six large, widely-used benchmark applications consisting of more than 600,000 lines of code combined. Experiments show that our technique is effective for resolving most reflective calls without any user input. Certain reflective calls, however, cannot be resolved at compile time precisely. Relying on a user-provided specification to obtain a conservative call graph results in graphs that contain 1.43 to 6.58 times more methods that the original. In one case, a conservative call graph has 7,047 more methods than a call graph that does not interpret reflective calls. In contrast, ignoring reflection leads to missing substantial portions of the application call graph.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Android permissions demystified
Adrienne Porter Felt,Erika Chin,Steve Hanna,Dawn Song,David Wagner +4 more
- 17 Oct 2011
TL;DR: Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.
Information-Flow Analysis of Android Applications in DroidSafe
Michael I. Gordon,Deokhwan Kim,Jeff H. Perkins,Limei Gilham,Nguyen Nguyen,Martin Rinard +5 more
- 01 Jan 2015
TL;DR: DroidSafe achieves unprecedented precision and accuracy for Android information flow analysis and detects all malicious information flow leaks inserted into 24 real-world Android applications by three independent, hostile Red-Team organizations.
DynaMine: finding common error patterns by mining software revision histories
Benjamin Livshits,Thomas Zimmermann +1 more
- 01 Jan 2005
TL;DR: The combination of revision history mining and dynamic analysis techniques leveraged in DynaMine proves effective for both discovering new application-specific patterns and for finding errors when applied to very large applications with many man-years of development and debugging effort behind them.
Effective typestate verification in the presence of aliasing
Stephen J. Fink,Eran Yahav,Nurit Dor,Ganesan Ramalingam,Emmanuel Geay +4 more
- 21 Jul 2006
TL;DR: A novel framework for verification of typestate properties, including several new techniques to precisely treat aliases without undue performance costs, is presented, including a flowsensitive, context-sensitive, integrated verifier that utilizes a parametric abstract domain combining typestate and aliasing information.
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
Eric Bodden,Andreas Sewe,Jan Sinschek,Hela Oueslati,Mira Mezini +4 more
- 21 May 2011
TL;DR: For the first time, TamiFlex enables sound static whole-program analyses on DaCapo and significantly improves code coverage of the static analyses, while for the former the approach even appears complete: the inserted runtime checks issue no warning.
265
References
•Book
Compilers: Principles, Techniques, and Tools
Alfred V. Aho,Ravi Sethi,Jeffrey D. Ullman +2 more
- 01 Jan 1986
TL;DR: This book discusses the design of a Code Generator, the role of the Lexical Analyzer, and other topics related to code generation and optimization.
9.7K
Program Analysis and Specialization for the C Programming Language
Lars Ole Andersen,Peter Lee +1 more
- 01 Jan 2005
TL;DR: This thesis presents an automatic partial evaluator for the Ansi C programming language, and proves that partial evaluation at most can accomplish linear speedup, and develops an automatic speedup analysis.
1.1K
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
John Whaley,Monica S. Lam +1 more
- 09 Jun 2004
TL;DR: This paper presents the first scalable context-sensitive, inclusion-based pointer alias analysis for Java programs, and develops a system called bddbddb that automatically translates Datalog programs into highly efficient BDD implementations.
Context-sensitive interprocedural points-to analysis in the presence of function pointers
Maryam Emami,Rakesh Ghiya,Laurie Hendren +2 more
- 01 Jun 1994
TL;DR: This paper reports on the design, implementation, and empirical results of a new method for dealing with the aliasing problem in C based on approximating the points-to relationships between accessible stack locations that allows the smooth integration for handling general function pointers in C.
Fast static analysis of C++ virtual function calls
David F. Bacon,Peter F. Sweeney +1 more
- 01 Oct 1996
TL;DR: This work investigates the ability of three static analysis algorithms to improve C++ programs by resolving virtual function calls, thereby reducing compiled code size and reducing program complexity so as to improve both human and automated program understanding and analysis.
Related Papers (5)
Ondřej Lhoták,Laurie Hendren +1 more
- 07 Apr 2003
David F. Bacon,Peter F. Sweeney +1 more
- 01 Oct 1996