Abstract
Java reflection is increasingly used in a range of software and framework architectures.
It allows a software system to examine itself and make changes that affect its
execution at run-time, but creates significant challenges to static analysis. This is
because the usages of reflection are quite complicated in real-world Java programs,
and their dynamic behaviors are mainly specified by string arguments, which are
usually unknown statically. As a result, in almost all the static analysis tools,
reflection is either ignored or handled partially, resulting in missed, important behaviors,
i.e., unsound results. Improving or even achieving soundness in reflection
analysis will provide significant benefits to many clients, such as bug detectors,
security analyzers and program verifiers.
This thesis first introduces what Java reflection is, and conducts an empirical
study on how reflection is used in real-world Java applications. Many useful
findings are concluded for guiding the designs of more effective reflection analysis
methods and tools. Based on this study, this thesis then presents two new techniques
for handling reflection statically: a self-inferencing analysis called Elf, and
a soundness-guided analysis called Solar.
Elf is able to analyze reflection more effectively than the previous string
resolution approach by exploiting a self-inferencing property found in our
study. Such property is inherent in almost every reflective call, but not fully
exploited by existing methods. Elf could make a disciplined trade-off among
soundness, precision and scalability, while also discovering usually more reflective
targets than in the previous work.
Solar allows its soundness to be reasoned about when some reasonable assumptions
are met, and yields significantly improved under-approximations
otherwise. In addition, Solar is able to accurately identify where reflection
is analyzed unsoundly or imprecisely and it provides a mechanism to guide
users to iteratively refine the analysis results by lightweight annotations until
their specific requirements are satisfied.
For both Elf and Solar, this thesis presents their methodologies and formalisms
and evaluates them against the state-of-the-art solutions with a set of
large Java benchmarks and applications. The experimental results demonstrate
their effectiveness as the new state-of-the-art reflection analyses in practice. Both
Elf and Solar have been made available as open-source tools.