Challenges for Static Analysis of Java Reflection - Literature Review and Empirical Study

@article{Landman2017ChallengesFS,
  title={Challenges for Static Analysis of Java Reflection - Literature Review and Empirical Study},
  author={Davy Landman and Alexander Serebrenik and Jurgen J. Vinju},
  journal={2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)},
  year={2017},
  pages={507-518}
}
The behavior of software that uses the Java Reflection API is fundamentally hard to predict by analyzing code. Only recent static analysis approaches can resolve reflection under unsound yet pragmatic assumptions. We survey what approaches exist and what their limitations are. We then analyze how real-world Java code uses the Reflection API, and how many Java projects contain code challenging state-of-the-art static analysis. Using a systematic literature review we collected and categorized all… 

Figures and Tables from this paper

Understanding and Analyzing Java Reflection
TLDR
A comprehensive understanding of Java reflection is provided through examining its underlying concept, API, and real-world usage, and a new static approach to resolving Java reflection effectively in practice is introduced.
Reflection Analysis for Java: Uncovering More Reflective Targets Precisely
TLDR
MIRROR is introduced, the first automatic reflection analysis for Java that increases significantly the code coverage of dynamic analysis while keeping false reflective targets low and reduces substantially its false positive rate.
Java reflection API: revealing the dark side of the mirror
TLDR
A technique to detect underdetermined specifications and non-conformances between the Javadoc and the implementations of the Java Reflection API is proposed and evaluated.
On the Use of Mined Stack Traces to Improve the Soundness of Statically Constructed Call Graphs
TLDR
This paper investigates the question whether information harvested from stack traces obtained from the GitHub issue tracker and Stack Overflow Q&A forums can be used in order to complement statically built call graphs, and finds edges that Doop misses when analysing real-world programs, even when reflection analysis is enabled.
On the construction of soundness oracles
TLDR
A methodology that can be used to check the (un)soundness of a particular static analysis, call-graph construction, based on soundness oracles is discussed, which can also be used for hybrid analyses.
1 Motivating Example 1 : Late Linking
TLDR
This paper shows that a static analysis can predictively model uses of invokedynamic while also cooperating with extra rules to handle the runtime code generation of lambdas, and plugs into an existing static analysis and helps eliminate all unsoundness in the handling of Lambdas.
Static analysis of Java dynamic proxies
TLDR
It is shown how the semantics of dynamic proxies can be modeled in a straightforward manner as logical rules in the Doop static analysis framework, which enables Doop’s standard analyses to process code behind dynamic proxies.
Reflection-aware static regression test selection
TLDR
This paper investigates five techniques—three purely static techniques and two hybrid static-dynamic techniques—that aim to make static RTS safe with respect to reflection, and implements these reflection-aware (RA) techniques by extending the reflection-unaware (RU) class-levelstatic RTS technique in a tool called STARTS.
A Study of Single Statement Bugs Involving Dynamic Language Features
TLDR
This paper sets out to quantify some of the effects of using dynamic language features in Java programs – that is, the error-proneness of using those features with respect to a particular type of bug known as single statement bugs, and provides developers a better understanding when designing bug detection tools for such feature.
JShrink: in-depth investigation into debloating modern Java applications
TLDR
JShrink develops an end-to-end bytecode debloating framework that augments traditional static reachability analysis with dynamic profiling and type dependency analysis and renovates existing bytecode transformations to account for new language features in modern Java.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 85 REFERENCES
Reflection Analysis for Java
TLDR
A static analysis algorithm is proposed that uses points-to information to approximate the targets of reflective calls as part of call graph construction and is effective for resolving most reflective calls without any user input.
An empirical study of PHP feature usage: a static analysis perspective
TLDR
This work has conducted a study over a significant corpus of open-source PHP systems, looking at the sizes of actual PHP programs, which features of PHP are actually used, how often dynamic features appear, and how distributed these features are across the files that make up a PHP website.
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
TLDR
For the first time, TamiFlex enables sound static whole-program analyses on DaCapo and significantly improves code coverage of the static analyses, while for the former the approach even appears complete: the inserted runtime checks issue no warning.
Determinacy in static analysis for jQuery
TLDR
This work presents a static dataflow analysis for JavaScript that infers and exploits determinacy information on-the-fly, to enable analysis of some of the most complex parts of jQuery.
More Sound Static Handling of Java Reflection
TLDR
This work presents an approach for handling reflection with improved empirical soundness (as measured against prior approaches and dynamic information) in the context of a points-to analysis and demonstrates a combination of both improved soundness and increased performance.
Self-inferencing Reflection Resolution for Java
TLDR
A static reflection analysis, called Elf, is introduced by exploiting a self-inferencing property inherent in many reflective calls by automatically infer its targets methods or fields based on the dynamic types of the arguments of its target calls and the downcasts if any on their returned values.
DroidRA: taming reflection to support whole-program analysis of Android apps
TLDR
The DroidRA instrumentation-based approach to address the issue of reflective calls in Android apps in a non-invasive way, and allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware.
Dynamic determinacy analysis
TLDR
An analysis for identifying determinate variables and expressions that always have the same value at a given program point that is completely dynamic and only needs to observe a single execution of the program, yet the determinacy facts it infers hold for any execution.
Improved Static Resolution of Dynamic Class Loading in Java
  • Jason Sawin, A. Rountev
  • Computer Science
    Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007)
  • 2007
TLDR
This work presents a novel semi-static approach, which combines static string analysis with dynamically gathered information about the execution environment, and proposes generalizations of string analysis to increase the number of sites that can be resolved purely statically, and to track the names of environment variables.
Improving static resolution of dynamic class loading in Java using dynamically gathered environment information
TLDR
This work presents a novel semi-static approach for resolving dynamic class loading by combining static string analysis with dynamically gathered information about the execution environment, and proposes extensions of string analysis to increase the number of sites that can be resolved purely statically, and to track the names of environment variables.
...
1
2
3
4
5
...