Understanding and Analyzing Java Reflection

Java reflection has been widely used in a variety of applications and frameworks. It allows a software system to inspect and change the behaviour of its classes, interfaces, methods, and fields at runtime, enabling the software to adapt to dynamically changing runtime environments. However, this dynamic language feature imposes significant challenges to static analysis, because the behaviour of reflection-rich software is logically complex and statically hard to predict. As a result, existing static analysis tools either ignore reflection or handle it partially, resulting in missed, important behaviours, i.e., unsound results. Therefore, improving or even achieving soundness in static reflection analysis—an analysis that infers statically the behaviour of reflective code—will provide significant benefits to many analysis clients, such as bug detectors, security analyzers, and program verifiers. In this article, we provide a comprehensive understanding of Java reflection through examining its underlying concept, API, and real-world usage, and, building on this, we introduce a new static approach to resolving Java reflection effectively in practice. We have implemented our reflection analysis in an open-source tool, called SOLAR, and evaluated its effectiveness extensively with large Java programs and libraries. Our experimental results demonstrate that SOLAR is able to (1) resolve reflection more soundly than the state-of-the-art reflection analyses; (2) automatically and accurately identify the parts of the program where reflection is resolved unsoundly or imprecisely; and (3) guide users to iteratively refine the analysis results by using lightweight annotations until their specific requirements are satisfied.

[1]  Atanas Rountev,et al.  Improving static resolution of dynamic class loading in Java using dynamically gathered environment information , 2009, Automated Software Engineering.

[2]  Eric Bodden,et al.  Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques , 2016, NDSS.

[3]  Bharat Jayaraman,et al.  Interactive visualization of Java programs , 2002, Proceedings IEEE 2002 Symposia on Human Centric Computing Languages and Environments.

[4]  Mira Mezini,et al.  Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[5]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI '03.

[6]  Philip T. Cox,et al.  Human Centric Computing Languages and Environments , 2003 .

[7]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[8]  Fabio Massacci,et al.  StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications , 2015, CODASPY.

[9]  Amer Diwan,et al.  Fast online pointer analysis , 2007, TOPL.

[10]  Michael D. Ernst,et al.  Collaborative Verification of Information Flow for a High-Assurance App Store , 2014, Software Engineering & Management.

[11]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[12]  Yannis Smaragdakis,et al.  Hybrid context-sensitivity for points-to analysis , 2013, PLDI.

[13]  Eran Yahav,et al.  Alias Analysis for Object-Oriented Programs , 2013, Aliasing in Object-Oriented Programming.

[14]  Yifei Zhang,et al.  Program Tailoring: Slicing by Sequential Criteria , 2016, ECOOP.

[15]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[16]  Theo D'Hondt,et al.  Reflection for the Masses , 2008, S3.

[17]  Manu Sridharan,et al.  Thin slicing , 2007, PLDI '07.

[18]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.

[19]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[20]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[21]  LiYue,et al.  Efficient and precise points-to analysis: modeling the heap by merging equivalent automata , 2017 .

[22]  Jingling Xue,et al.  Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting , 2016, SAS.

[23]  Alexander Serebrenik,et al.  Challenges for Static Analysis of Java Reflection - Literature Review and Empirical Study , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[24]  Shay Artzi,et al.  F4F: taint analysis of framework-based web applications , 2011, OOPSLA '11.

[25]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[26]  Yannis Smaragdakis,et al.  Static analysis of Java dynamic proxies , 2018, ISSTA.

[27]  Hausi A. Müller,et al.  Monitoring in adaptive systems using reflection , 2008, SEAMS '08.

[28]  Jingling Xue,et al.  Efficient and precise points-to analysis: modeling the heap by merging equivalent automata , 2017, PLDI.

[29]  Yannis Smaragdakis,et al.  Scalability-first pointer analysis with self-tuning context-sensitivity , 2018, ESEC/SIGSOFT FSE.

[30]  Jingling Xue,et al.  Self-inferencing Reflection Resolution for Java , 2014, ECOOP.

[31]  Walter Cazzola SmartReflection: Efficient Introspection in Java , 2004, J. Object Technol..

[32]  Jingling Xue,et al.  Interprocedural Side-Effect Analysis and Optimisation in the Presence of Dynamic Class Loading , 2005, ACSC.

[33]  Shigeru Chiba,et al.  Load-Time Structural Reflection in Java , 2000, ECOOP.

[34]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[35]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[36]  Ira R. Forman,et al.  Java reflection in action , 2005 .

[37]  Jingling Xue,et al.  Completeness Analysis for Incomplete Object-Oriented Programs , 2005, CC.

[38]  Ira R. Forman,et al.  Java Reflection in Action (In Action series) , 2004 .

[39]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[40]  Yifei Zhang,et al.  Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments , 2017, CODASPY.

[41]  Yannis Smaragdakis,et al.  More Sound Static Handling of Java Reflection , 2015, APLAS.

[42]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[43]  Pattie Maes Concepts and experiments in computational reflection , 1987, OOPSLA 1987.

[44]  Yi Lu,et al.  Dynamic symbolic execution for polymorphism , 2017, CC.

[45]  G. Agha,et al.  Reflecting on Adaptive Distributed Monitoring , 2007 .

[46]  MaesPattie Concepts and experiments in computational reflection , 1987 .

[47]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[48]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[49]  Jingling Xue,et al.  Query-directed adaptive heap cloning for optimizing compilers , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[50]  Gilad Bracha,et al.  Mirrors: design principles for meta-level facilities of object-oriented programming languages , 2004, OOPSLA.

[51]  Dominique Colnet,et al.  Efficient compilation strategy for object‐oriented languages under the closed‐world assumption , 2014, Softw. Pract. Exp..

[52]  Jingling Xue,et al.  Effective Soundness-Guided Reflection Analysis , 2015, SAS.

[53]  Amer Diwan,et al.  The DaCapo benchmarks: java benchmarking development and analysis , 2006, OOPSLA '06.

[54]  Yannis Smaragdakis,et al.  Pointer Analysis , 2015, Found. Trends Program. Lang..

[55]  Gul A. Agha,et al.  Reflecting on Aspect-Oriented Programming, Metaprogramming, and Adaptive Distributed Monitoring , 2006, FMCO.

[56]  Yannis Smaragdakis,et al.  Efficient Reflection String Analysis via Graph Coloring , 2018, ECOOP.

[57]  Jacques Malenfant,et al.  Reflection in logic, functional and object-oriented programming: a Short Comparative Study , 1995 .

[58]  Brian Cantwell Smith,et al.  Procedural reflection in programming languages , 1982 .

[59]  Yannis Smaragdakis,et al.  Strictly declarative specification of sophisticated points-to analyses , 2009, OOPSLA.

[60]  Ruzanna Chitchyan,et al.  Persistence as an aspect , 2003, AOSD '03.

[61]  Jie Liu,et al.  Reflection Analysis for Java: Uncovering More Reflective Targets Precisely , 2017, 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE).

[62]  Andy Chou,et al.  Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code. , 2001, SOSP 2001.

[63]  Matthew L. Dering,et al.  Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[64]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[65]  Li Yue Precision-Guided Context Sensitivity for Pointer Analysis , 2018 .

[66]  Ondrej Lhoták,et al.  In defense of soundiness , 2015, Commun. ACM.

[67]  Jacques Klein,et al.  DroidRA: taming reflection to support whole-program analysis of Android apps , 2016, ISSTA.

[68]  Benjamin Livshits,et al.  Reflection Analysis for Java , 2005, APLAS.

[69]  Marcelo d'Amorim,et al.  Static Analysis of Implicit Control Flow: Resolving Java Reflection and Android Intents (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[70]  Ondrej Lhoták,et al.  Context transformations for pointer analysis , 2017, PLDI.

[71]  David Grove,et al.  Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis , 1995, ECOOP.