TU Darmstadt / ULB / TUbiblio

Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders

Bodden, Eric ; Sewe, Andreas ; Sinschek, Jan ; Oueslati, Hela ; Mezini, Mira (2011)
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders.
International Conference on Software Engineering. Waikiki, Honolulu, HI, USA (21.05.2011-28.05.2011)
doi: 10.1145/1985793.1985827
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can it get hold of classes that the program loads from remote locations or even generates on the fly? And if the analysis transforms classes, how can these classes be re-inserted into a program that uses custom class loaders?

In this paper, we present TamiFlex, a tool chain that offers a partial but often effective solution to these problems. With TamiFlex, programmers can use existing static-analysis tools to produce results that are sound at least with respect to a set of recorded program runs. TamiFlex inserts runtime checks into the program that warn the user in case the program executes reflective calls that the analysis did not take into account. TamiFlex further allows programmers to re-insert offline-transformed classes into a program.

We evaluate TamiFlex in two scenarios: benchmarking with the DaCapo benchmark suite and analysing large-scale interactive applications. For the latter, TamiFlex significantly improves code coverage of the static analyses, while for the former our approach even appears complete: the inserted runtime checks issue no warning. Hence, for the first time, TamiFlex enables sound static whole-program analyses on DaCapo. During this process, TamiFlex usually incurs less than 10% runtime overhead.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Autor(en): Bodden, Eric ; Sewe, Andreas ; Sinschek, Jan ; Oueslati, Hela ; Mezini, Mira
Art des Eintrags: Bibliographie
Titel: Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
Sprache: Englisch
Publikationsjahr: 2011
Ort: New York, NY, USA
Buchtitel: Proceedings of the 33rd International Conference on Software Engineering
Veranstaltungstitel: International Conference on Software Engineering
Veranstaltungsort: Waikiki, Honolulu, HI, USA
Veranstaltungsdatum: 21.05.2011-28.05.2011
DOI: 10.1145/1985793.1985827
Zugehörige Links:
Kurzbeschreibung (Abstract):

Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can it get hold of classes that the program loads from remote locations or even generates on the fly? And if the analysis transforms classes, how can these classes be re-inserted into a program that uses custom class loaders?

In this paper, we present TamiFlex, a tool chain that offers a partial but often effective solution to these problems. With TamiFlex, programmers can use existing static-analysis tools to produce results that are sound at least with respect to a set of recorded program runs. TamiFlex inserts runtime checks into the program that warn the user in case the program executes reflective calls that the analysis did not take into account. TamiFlex further allows programmers to re-insert offline-transformed classes into a program.

We evaluate TamiFlex in two scenarios: benchmarking with the DaCapo benchmark suite and analysing large-scale interactive applications. For the latter, TamiFlex significantly improves code coverage of the static analyses, while for the former our approach even appears complete: the inserted runtime checks issue no warning. Hence, for the first time, TamiFlex enables sound static whole-program analyses on DaCapo. During this process, TamiFlex usually incurs less than 10% runtime overhead.

Schlagworte:
Einzelne SchlagworteSprache
dynamic class loaders, dynamic class loading, native code, reflection, static analysis, tracingEnglisch
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Softwaretechnik
Zentrale Einrichtungen
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > EC SPRIDE
20 Fachbereich Informatik > EC SPRIDE > Secure Software Engineering
LOEWE
LOEWE > LOEWE-Zentren
Hinterlegungsdatum: 16 Jun 2011 09:40
Letzte Änderung: 05 Mär 2013 09:48
PPN:
Schlagworte:
Einzelne SchlagworteSprache
dynamic class loaders, dynamic class loading, native code, reflection, static analysis, tracingEnglisch
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen