Bodden, Eric ; Sewe, Andreas ; Sinschek, Jan ; Oueslati, Hela ; Mezini, Mira (2011)
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders.
International Conference on Software Engineering. Waikiki, Honolulu, HI, USA (21.05.2011-28.05.2011)
doi: 10.1145/1985793.1985827
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can it get hold of classes that the program loads from remote locations or even generates on the fly? And if the analysis transforms classes, how can these classes be re-inserted into a program that uses custom class loaders?
In this paper, we present TamiFlex, a tool chain that offers a partial but often effective solution to these problems. With TamiFlex, programmers can use existing static-analysis tools to produce results that are sound at least with respect to a set of recorded program runs. TamiFlex inserts runtime checks into the program that warn the user in case the program executes reflective calls that the analysis did not take into account. TamiFlex further allows programmers to re-insert offline-transformed classes into a program.
We evaluate TamiFlex in two scenarios: benchmarking with the DaCapo benchmark suite and analysing large-scale interactive applications. For the latter, TamiFlex significantly improves code coverage of the static analyses, while for the former our approach even appears complete: the inserted runtime checks issue no warning. Hence, for the first time, TamiFlex enables sound static whole-program analyses on DaCapo. During this process, TamiFlex usually incurs less than 10% runtime overhead.
Typ des Eintrags: | Konferenzveröffentlichung | ||||
---|---|---|---|---|---|
Erschienen: | 2011 | ||||
Autor(en): | Bodden, Eric ; Sewe, Andreas ; Sinschek, Jan ; Oueslati, Hela ; Mezini, Mira | ||||
Art des Eintrags: | Bibliographie | ||||
Titel: | Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders | ||||
Sprache: | Englisch | ||||
Publikationsjahr: | 2011 | ||||
Ort: | New York, NY, USA | ||||
Buchtitel: | Proceedings of the 33rd International Conference on Software Engineering | ||||
Veranstaltungstitel: | International Conference on Software Engineering | ||||
Veranstaltungsort: | Waikiki, Honolulu, HI, USA | ||||
Veranstaltungsdatum: | 21.05.2011-28.05.2011 | ||||
DOI: | 10.1145/1985793.1985827 | ||||
Zugehörige Links: | |||||
Kurzbeschreibung (Abstract): | Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can it get hold of classes that the program loads from remote locations or even generates on the fly? And if the analysis transforms classes, how can these classes be re-inserted into a program that uses custom class loaders? In this paper, we present TamiFlex, a tool chain that offers a partial but often effective solution to these problems. With TamiFlex, programmers can use existing static-analysis tools to produce results that are sound at least with respect to a set of recorded program runs. TamiFlex inserts runtime checks into the program that warn the user in case the program executes reflective calls that the analysis did not take into account. TamiFlex further allows programmers to re-insert offline-transformed classes into a program. We evaluate TamiFlex in two scenarios: benchmarking with the DaCapo benchmark suite and analysing large-scale interactive applications. For the latter, TamiFlex significantly improves code coverage of the static analyses, while for the former our approach even appears complete: the inserted runtime checks issue no warning. Hence, for the first time, TamiFlex enables sound static whole-program analyses on DaCapo. During this process, TamiFlex usually incurs less than 10% runtime overhead. |
||||
Schlagworte: |
|
||||
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik Zentrale Einrichtungen LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > EC SPRIDE 20 Fachbereich Informatik > EC SPRIDE > Secure Software Engineering LOEWE LOEWE > LOEWE-Zentren |
||||
Hinterlegungsdatum: | 16 Jun 2011 09:40 | ||||
Letzte Änderung: | 05 Mär 2013 09:48 | ||||
PPN: | |||||
Schlagworte: |
|
||||
Export: | |||||
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |