Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Call graph construction in object-oriented languages
Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Practical experience with an application extractor for Java
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Towards partially evaluating reflection in Java
PEPM '00 Proceedings of the 2000 ACM SIGPLAN workshop on Partial evaluation and semantics-based program manipulation
Practical virtual method call resolution for Java
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Scalable propagation-based call graph construction algorithms
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A framework for call graph construction algorithms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis
ECOOP '95 Proceedings of the 9th European Conference on Object-Oriented Programming
Evaluating a Demand Driven Technique for Call Graph Construction
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Fast and effective optimization of statically typed object-oriented languages
Fast and effective optimization of statically typed object-oriented languages
Java Reflection in Action (In Action series)
Java Reflection in Action (In Action series)
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
SABER: smart analysis based error reduction
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Finding and preventing run-time error handling mistakes
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Role-Based access control consistency validation
Proceedings of the 2006 international symposium on Software testing and analysis
Effective typestate verification in the presence of aliasing
Proceedings of the 2006 international symposium on Software testing and analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Identifying Data Transfer Objects in EJB Applications
WODA '07 Proceedings of the 5th International Workshop on Dynamic Analysis
Inferring aliasing and encapsulation properties for java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Effective typestate verification in the presence of aliasing
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hang analysis: fighting responsiveness bugs
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Static path conditions for Java
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Finding bugs in java native interface programs
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Automated Software Engineering
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Strictly declarative specification of sophisticated points-to analyses
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Soundly Handling Static Fields: Issues, Semantics and Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Pick your contexts well: understanding object-sensitivity
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sawja: static analysis workshop for java
FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
Static extraction of program configuration options
Proceedings of the 33rd International Conference on Software Engineering
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
Proceedings of the 33rd International Conference on Software Engineering
The eval that men do: A large-scale study of the use of eval in javascript applications
Proceedings of the 25th European conference on Object-oriented programming
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
F4F: taint analysis of framework-based web applications
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Defining datalog in rewriting logic
LOPSTR'09 Proceedings of the 19th international conference on Logic-Based Program Synthesis and Transformation
Datalog-Based program analysis with BES and RWL
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
Precomputing possible configuration error diagnoses
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Distributed deductive databases, declaratively: the L10 logic programming language
Proceedings of the 2011 ACM SIGPLAN X10 Workshop
Language design and analyzability: a retrospective
Software—Practice & Experience
RefaFlex: safer refactorings for reflective Java programs
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Finding errors in multithreaded GUI applications
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Practical static analysis of JavaScript applications in the presence of frameworks and libraries
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Automatic mediation of privacy-sensitive resource access in smartphone applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
Fissile type analysis: modular checking of almost everywhere invariants
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Alias analysis for object-oriented programs
Aliasing in Object-Oriented Programming
Hi-index | 0.00 |
Reflection has always been a thorn in the side of Java static analysis tools. Without a full treatment of reflection, static analysis tools are both incomplete because some parts of the program may not be included in the application call graph, and unsound because the static analysis does not take into account reflective features of Java that allow writes to object fields and method invocations. However, accurately analyzing reflection has always been difficult, leading to most static analysis tools treating reflection in an unsound manner or just ignoring it entirely. This is unsatisfactory as many modern Java applications make significant use of reflection. In this paper we propose a static analysis algorithm that uses points-to information to approximate the targets of reflective calls as part of call graph construction. Because reflective calls may rely on input to the application, in addition to performing reflection resolution, our algorithm also discovers all places in the program where user-provided specifications are necessary to fully resolve reflective targets. As an alternative to user-provided specifications, we also propose a reflection resolution approach based on type cast information that reduces the need for user input, but typically results in a less precise call graph. We have implemented the reflection resolution algorithms described in this paper and applied them to a set of six large, widely-used benchmark applications consisting of more than 600,000 lines of code combined. Experiments show that our technique is effective for resolving most reflective calls without any user input. Certain reflective calls, however, cannot be resolved at compile time precisely. Relying on a user-provided specification to obtain a conservative call graph results in graphs that contain 1.43 to 6.58 times more methods that the original. In one case, a conservative call graph has 7,047 more methods than a call graph that does not interpret reflective calls. In contrast, ignoring reflection leads to missing substantial portions of the application call graph.