Understanding and analyzing Java reflection

Download files
Access & Terms of Use
open access
Copyright: Li, Yue
Altmetric
Abstract
Java reflection is increasingly used in a range of software and framework architectures. It allows a software system to examine itself and make changes that affect its execution at run-time, but creates significant challenges to static analysis. This is because the usages of reflection are quite complicated in real-world Java programs, and their dynamic behaviors are mainly specified by string arguments, which are usually unknown statically. As a result, in almost all the static analysis tools, reflection is either ignored or handled partially, resulting in missed, important behaviors, i.e., unsound results. Improving or even achieving soundness in reflection analysis will provide significant benefits to many clients, such as bug detectors, security analyzers and program verifiers. This thesis first introduces what Java reflection is, and conducts an empirical study on how reflection is used in real-world Java applications. Many useful findings are concluded for guiding the designs of more effective reflection analysis methods and tools. Based on this study, this thesis then presents two new techniques for handling reflection statically: a self-inferencing analysis called Elf, and a soundness-guided analysis called Solar. Elf is able to analyze reflection more effectively than the previous string resolution approach by exploiting a self-inferencing property found in our study. Such property is inherent in almost every reflective call, but not fully exploited by existing methods. Elf could make a disciplined trade-off among soundness, precision and scalability, while also discovering usually more reflective targets than in the previous work. Solar allows its soundness to be reasoned about when some reasonable assumptions are met, and yields significantly improved under-approximations otherwise. In addition, Solar is able to accurately identify where reflection is analyzed unsoundly or imprecisely and it provides a mechanism to guide users to iteratively refine the analysis results by lightweight annotations until their specific requirements are satisfied. For both Elf and Solar, this thesis presents their methodologies and formalisms and evaluates them against the state-of-the-art solutions with a set of large Java benchmarks and applications. The experimental results demonstrate their effectiveness as the new state-of-the-art reflection analyses in practice. Both Elf and Solar have been made available as open-source tools.
Persistent link to this record
Link to Publisher Version
Link to Open Access Version
Additional Link
Author(s)
Li, Yue
Supervisor(s)
Xue, Jingling
Creator(s)
Editor(s)
Translator(s)
Curator(s)
Designer(s)
Arranger(s)
Composer(s)
Recordist(s)
Conference Proceedings Editor(s)
Other Contributor(s)
Corporate/Industry Contributor(s)
Publication Year
2016
Resource Type
Thesis
Degree Type
PhD Doctorate
UNSW Faculty
Files
download public version.pdf 1.66 MB Adobe Portable Document Format
Related dataset(s)