More Sound Static Handling of Java Reflection

  • Yannis SmaragdakisEmail author
  • George Balatsouras
  • George Kastrinis
  • Martin Bravenboer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9458)


Reflection is a highly dynamic language feature that poses grave problems for static analyses. In the Java setting, reflection is ubiquitous in large programs. Any handling of reflection will be approximate, and overestimating its reach in a large codebase can be catastrophic for precision and scalability. We present an approach for handling reflection with improved empirical soundness (as measured against prior approaches and dynamic information) in the context of a points-to analysis. Our approach is based on the combination of string-flow and points-to analysis from past literature augmented with (a) substring analysis and modeling of partial string flow through string builder classes; (b) new techniques for analyzing reflective entities based on information available at their use-sites. In experimental comparisons with prior approaches, we demonstrate a combination of both improved soundness (recovering the majority of missing call-graph edges) and increased performance.


Class Object Object Invention Reflection Analysis Substring Flow Analysis Object Flow 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We gratefully acknowledge funding by the European Research Council under grant 307334 (Spade).


  1. 1.
    Ali, K., Lhoták, O.: Application-only call graph construction. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 688–712. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Ali, K., Lhoták, O.: Averroes: whole-program analysis without the whole program. In: Castagna, G. (ed.) ECOOP 2013. LNCS, vol. 7920, pp. 378–400. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  3. 3.
    Blackburn, S.M., et al.: The DaCapo benchmarks: Java benchmarking development and analysis. In: Proceedings of the 21st Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, OOPSLA 2006, pp. 169–190. ACM, New York (2006)Google Scholar
  4. 4.
    Bodden, E., Sewe, A., Sinschek, J., Oueslati, H., Mezini, M.: Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In: Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 241–250. ACM, New York (2011)Google Scholar
  5. 5.
    Bravenboer, M., Smaragdakis, Y.: Exception analysis and points-to analysis: Better together. In: Proceedings of the 18th International Symposium on Software Testing and Analysis, ISSTA 2009, pp. 1–12. ACM, New York (2009)Google Scholar
  6. 6.
    Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: Proceedings of the 24th Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, OOPSLA 2009. ACM, New York (2009)Google Scholar
  7. 7.
    Christensen, A.S., Møller, A., Schwartzbach, M.I.: Precise analysis of string expressions. In: Proceedings of the 10th International Symposium on Static Analysis, SAS 2003, pp. 1–18. Springer (2003)Google Scholar
  8. 8.
    Fink, S.J., et al.: WALA UserGuide: PointerAnalysis.
  9. 9.
    Furr, M., An, J.D., Foster, J.S.: Profile-guided static typing for dynamic scripting languages. In: Proceedings of the 24th Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, OOPSLA 2009, pp. 283–300. ACM, New York (2009)Google Scholar
  10. 10.
    Guarnieri, S., Livshits, B.: GateKeeper: mostly static enforcement of security and reliability policies for Javascript code. In: Proceedings of the 18th USENIX Security Symposium, SSYM 2009, pp. 151–168. USENIX Association, Berkeley (2009)Google Scholar
  11. 11.
    Hirzel, M., von Dincklage, D., Diwan, A., Hind, M.: Fast online pointer analysis. ACM Trans. Program. Lang. Syst. 29(2), 11 (2007)CrossRefGoogle Scholar
  12. 12.
    Hirzel, M., Diwan, A., Hind, M.: Pointer analysis in the presence of dynamic class loading. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 96–122. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  13. 13.
    Kastrinis, G., Smaragdakis, Y.: Efficient and effective handling of exceptions in java points-to analysis. In: Jhala, R., De Bosschere, K. (eds.) Compiler Construction. LNCS, vol. 7791, pp. 41–60. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  14. 14.
    Kastrinis, G., Smaragdakis, Y.: Hybrid context-sensitivity for points-to analysis. In: Proceedings of the 2013 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013. ACM, New York (2013)Google Scholar
  15. 15.
    Lam, M.S., Whaley, J., Livshits, V.B., Martin, M.C., Avots, D., Carbin, M., Unkel, C.: Context-sensitive program analysis as database queries. In: Proceedings of the 24th Symposium on Principles of Database Systems, PODS 2005, pp. 1–12. ACM, New York (2005)Google Scholar
  16. 16.
    Li, Y., Tan, T., Sui, Y., Xue, J.: Self-inferencing reflection resolution for Java. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 27–53. Springer, Heidelberg (2014) Google Scholar
  17. 17.
    Liang, P., Naik, M.: Scaling abstraction refinement via pruning. In: Proceedings of the 2011 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 590–601. ACM, New York (2011)Google Scholar
  18. 18.
    Livshits, B.: Improving Software Security with Precise Static and Runtime Analysis. Ph.D. thesis, Stanford University, December 2006Google Scholar
  19. 19.
    Livshits, B., et al.: In defense of soundiness: A manifesto. Commun. ACM 58(2), 44–46 (2015)CrossRefGoogle Scholar
  20. 20.
    Livshits, B., Whaley, J., Lam, M.S.: Reflection analysis for Java. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 139–160. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  21. 21.
    Madsen, M., Livshits, B., Fanning, M.: Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In: Proceedings of the ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2013, pp. 499–509. ACM (2013)Google Scholar
  22. 22.
    Naik, M., Aiken, A., Whaley, J.: Effective static race detection for java. In: Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2006, pp. 308–319. ACM, New York (2006)Google Scholar
  23. 23.
    Reps, T.W.: Demand interprocedural program analysis using logic databases. In: Ramakrishnan, R. (ed.) Applications of Logic Databases, pp. 163–196. Kluwer Academic Publishers, Boston (1994)Google Scholar
  24. 24.
    Stancu, C., Wimmer, C., Brunthaler, S., Larsen, P., Franz, M.: Comparing points-to static analysis with runtime recorded profiling data. In: Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java Platform Virtual Machines, Languages and Tools, PPPJ 2014, pp. 157–168. ACM (2014)Google Scholar
  25. 25.
    Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using datalog with binary decision diagrams for program analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  26. 26.
    Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proceedings of the 2004 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2004, pp. 131–144. ACM, New York (2004)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yannis Smaragdakis
    • 1
    Email author
  • George Balatsouras
    • 1
  • George Kastrinis
    • 1
  • Martin Bravenboer
    • 2
  1. 1.University of AthensAthensGreece
  2. 2.LogicBlox Inc.AtlantaUSA

Personalised recommendations