Reflection Analysis for Java
Reflection has always been a thorn in the side of Java static analysis tools. Without a full treatment of reflection, static analysis tools are both incomplete because some parts of the program may not be included in the application call graph, and unsound because the static analysis does not take into account reflective features of Java that allow writes to object fields and method invocations. However, accurately analyzing reflection has always been difficult, leading to most static analysis tools treating reflection in an unsound manner or just ignoring it entirely. This is unsatisfactory as many modern Java applications make significant use of reflection.
In this paper we propose a static analysis algorithm that uses points-to information to approximate the targets of reflective calls as part of call graph construction. Because reflective calls may rely on input to the application, in addition to performing reflection resolution, our algorithm also discovers all places in the program where user-provided specifications are necessary to fully resolve reflective targets. As an alternative to user-provided specifications, we also propose a reflection resolution approach based on type cast information that reduces the need for user input, but typically results in a less precise call graph.
We have implemented the reflection resolution algorithms described in this paper and applied them to a set of six large, widely-used benchmark applications consisting of more than 600,000 lines of code combined. Experiments show that our technique is effective for resolving most reflective calls without any user input. Certain reflective calls, however, cannot be resolved at compile time precisely. Relying on a user-provided specification to obtain a conservative call graph results in graphs that contain 1.43 to 6.58 times more methods that the original. In one case, a conservative call graph has 7,047 more methods than a call graph that does not interpret reflective calls. In contrast, ignoring reflection leads to missing substantial portions of the application call graph.
KeywordsCall Graph Method Invocation Cast Operation Static Analysis Tool Call Site
Unable to display preview. Download preview PDF.
- 1.Forman, I.R., Forman, N.: Java Reflection in Action. Manning Publications (2004)Google Scholar
- 2.Koved, L., Pistoia, M., Kershenbaum, A.: Access rights analysis for Java. In: Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 359–372 (2002)Google Scholar
- 3.Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Alpern, B., Johnson, R.D., Kershenbaum, A., Koved, L.: SABER: Smart Analysis Based Error Reduction. In: Proceedings of International Symposium on Software Testing and Analysis, pp. 243–251 (2004)Google Scholar
- 4.Weimer, W., Necula, G.: Finding and preventing run-time error handling mistakes. In: Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 419–431 (2004)Google Scholar
- 5.Hirzel, M., Diwan, A., Hind, M.: Pointer analysis in the presence of dynamic class loading. In: Proceedings of the European Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 96–122 (2004)Google Scholar
- 6.Andersen, L.O.: Program analysis and specialization for the C programming language. PhD thesis, University of Copenhagen (1994)Google Scholar
- 8.Livshits, B., Whaley, J., Lam, M.S.: Reflection analysis for Java. Technical report, Stanford University (2005), http://suif.stanford.edu/~livshits/papers/tr/reflection_tr.pdf
- 9.Whaley, J., Lam, M.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proceedings of the ACM Conference on Programming Language Design and Implementation, pp. 131–144 (2004)Google Scholar
- 10.Dean, J., Grove, D., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)Google Scholar
- 11.Bacon, D.F.: Fast and Effective Optimization of Statically Typed Object-Oriented Languages. PhD thesis, University of California at Berkeley (1998)Google Scholar
- 13.Lam, M.S., Whaley, J., Livshits, V.B., Martin, M.C., Avots, D., Carbin, M., Unkel, C.: Context-sensitive program analysis as database queries. In: Proceedings of the ACM Symposium on Principles of Database Systems, pp. 1–12 (2005)Google Scholar
- 14.Aho, A., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading (1986)Google Scholar
- 15.Guéhéneuc, Y.G., Cointe, P., Ségura-Devillechaise, M.: Java reflection exercises, correction, and FAQs (2002), http://www.yann-gael.gueheneuc.net/Work/Teaching/Documents/Practical-ReflectionCourse.doc.pdf
- 16.Thiemann, P.: Towards partial evaluation of full Scheme. In: Reflection 1996 (1996)Google Scholar
- 17.Braux, M., Noyé, J.: Towards partially evaluating reflection in Java. In: Proceedings of the ACM Workshop on Partial Evaluation and Semantics-based Program Manipulation, pp. 2–11 (1999)Google Scholar
- 18.Ruf, E.: Partial evaluation in reflective system implementations. In: Workshop on Reflection and Metalevel Architecture (1993)Google Scholar
- 20.Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call graph construction in object-oriented languages. In: Proceedings of the ACM Conference on Object-oriented Programming, Systems, Languages, and Applications, pp. 108–124 (1997)Google Scholar
- 22.Agrawal, G., Li, J., Su, Q.: Evaluating a demand driven technique for call graph construction. In: Computational Complexity, pp. 29–45 (2002)Google Scholar