Reflection Analysis for Java

  • Benjamin Livshits
  • John Whaley
  • Monica S. Lam
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3780)


Reflection has always been a thorn in the side of Java static analysis tools. Without a full treatment of reflection, static analysis tools are both incomplete because some parts of the program may not be included in the application call graph, and unsound because the static analysis does not take into account reflective features of Java that allow writes to object fields and method invocations. However, accurately analyzing reflection has always been difficult, leading to most static analysis tools treating reflection in an unsound manner or just ignoring it entirely. This is unsatisfactory as many modern Java applications make significant use of reflection.

In this paper we propose a static analysis algorithm that uses points-to information to approximate the targets of reflective calls as part of call graph construction. Because reflective calls may rely on input to the application, in addition to performing reflection resolution, our algorithm also discovers all places in the program where user-provided specifications are necessary to fully resolve reflective targets. As an alternative to user-provided specifications, we also propose a reflection resolution approach based on type cast information that reduces the need for user input, but typically results in a less precise call graph.

We have implemented the reflection resolution algorithms described in this paper and applied them to a set of six large, widely-used benchmark applications consisting of more than 600,000 lines of code combined. Experiments show that our technique is effective for resolving most reflective calls without any user input. Certain reflective calls, however, cannot be resolved at compile time precisely. Relying on a user-provided specification to obtain a conservative call graph results in graphs that contain 1.43 to 6.58 times more methods that the original. In one case, a conservative call graph has 7,047 more methods than a call graph that does not interpret reflective calls. In contrast, ignoring reflection leads to missing substantial portions of the application call graph.


Call Graph Method Invocation Cast Operation Static Analysis Tool Call Site 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Forman, I.R., Forman, N.: Java Reflection in Action. Manning Publications (2004)Google Scholar
  2. 2.
    Koved, L., Pistoia, M., Kershenbaum, A.: Access rights analysis for Java. In: Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 359–372 (2002)Google Scholar
  3. 3.
    Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Alpern, B., Johnson, R.D., Kershenbaum, A., Koved, L.: SABER: Smart Analysis Based Error Reduction. In: Proceedings of International Symposium on Software Testing and Analysis, pp. 243–251 (2004)Google Scholar
  4. 4.
    Weimer, W., Necula, G.: Finding and preventing run-time error handling mistakes. In: Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 419–431 (2004)Google Scholar
  5. 5.
    Hirzel, M., Diwan, A., Hind, M.: Pointer analysis in the presence of dynamic class loading. In: Proceedings of the European Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 96–122 (2004)Google Scholar
  6. 6.
    Andersen, L.O.: Program analysis and specialization for the C programming language. PhD thesis, University of Copenhagen (1994)Google Scholar
  7. 7.
    Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. ACM SIGPLAN Notices 35, 281–293 (2000)CrossRefGoogle Scholar
  8. 8.
    Livshits, B., Whaley, J., Lam, M.S.: Reflection analysis for Java. Technical report, Stanford University (2005),
  9. 9.
    Whaley, J., Lam, M.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proceedings of the ACM Conference on Programming Language Design and Implementation, pp. 131–144 (2004)Google Scholar
  10. 10.
    Dean, J., Grove, D., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)Google Scholar
  11. 11.
    Bacon, D.F.: Fast and Effective Optimization of Statically Typed Object-Oriented Languages. PhD thesis, University of California at Berkeley (1998)Google Scholar
  12. 12.
    Grove, D., Chambers, C.: A framework for call graph construction algorithms. ACM Trans. Program. Lang. Syst. 23, 685–746 (2001)CrossRefGoogle Scholar
  13. 13.
    Lam, M.S., Whaley, J., Livshits, V.B., Martin, M.C., Avots, D., Carbin, M., Unkel, C.: Context-sensitive program analysis as database queries. In: Proceedings of the ACM Symposium on Principles of Database Systems, pp. 1–12 (2005)Google Scholar
  14. 14.
    Aho, A., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading (1986)Google Scholar
  15. 15.
    Guéhéneuc, Y.G., Cointe, P., Ségura-Devillechaise, M.: Java reflection exercises, correction, and FAQs (2002),
  16. 16.
    Thiemann, P.: Towards partial evaluation of full Scheme. In: Reflection 1996 (1996)Google Scholar
  17. 17.
    Braux, M., Noyé, J.: Towards partially evaluating reflection in Java. In: Proceedings of the ACM Workshop on Partial Evaluation and Semantics-based Program Manipulation, pp. 2–11 (1999)Google Scholar
  18. 18.
    Ruf, E.: Partial evaluation in reflective system implementations. In: Workshop on Reflection and Metalevel Architecture (1993)Google Scholar
  19. 19.
    Tip, F., Laffra, C., Sweeney, P.F., Streeter, D.: Practical experience with an application extractor for Java. ACM SIGPLAN Notices 34, 292–305 (1999)CrossRefGoogle Scholar
  20. 20.
    Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call graph construction in object-oriented languages. In: Proceedings of the ACM Conference on Object-oriented Programming, Systems, Languages, and Applications, pp. 108–124 (1997)Google Scholar
  21. 21.
    Sundaresan, V., Hendren, L., Razafimahefa, C., Vallée-Rai, R., Lam, P., Gagnon, E., Godin, C.: Practical virtual method call resolution for Java. ACM SIGPLAN Notices 35, 264–280 (2000)CrossRefGoogle Scholar
  22. 22.
    Agrawal, G., Li, J., Su, Q.: Evaluating a demand driven technique for call graph construction. In: Computational Complexity, pp. 29–45 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Benjamin Livshits
    • 1
  • John Whaley
    • 1
  • Monica S. Lam
    • 1
  1. 1.Computer Science DepartmentStanford UniversityStanfordUSA

Personalised recommendations