Challenges for static analysis of Java Reflection: literature review and empirical study

D. Landman, A. Serebrenik, J. Vinju

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    45 Citations (Scopus)

    Abstract

    The behavior of software using the Java Reflection API is fundamentally hard to predict by analyzing code. Only recently static analysis approaches resolve reflection in the context of a set of unsound yet pragmatic assumptions. In this paper we survey what approaches exist and what their limitations are. We then analyze how real-world Java code uses the Reflection API, and how many Java projects contain code challenging state-of-the-art static analysis.
    Using a systematic literature review we collected and categorized all known methods of statically approximating reflective Java code. Next to this we constructed a representative corpus of Java systems and collected descriptive statistics of the usage of the Reflection API. We then applied an analysis on the abstract syntax trees of all source code to count code idioms which go beyond the limitation boundaries of static analysis approaches. The resulting data answers the research questions. The corpus, the tool and the results are openly available.

    We conclude that the need for unsound assumptions to resolve reflection is widely supported. In our corpus, reflection can not be ignored for 78% of the projects. Common challenges for analysis tools such as non-exceptional exceptions, programmatic filtering meta objects, semantics of collections, and dynamic proxies, widely occur in the corpus. For Java Software Engineers prioritizing on robustness, we list tactics to obtain more easy to analyze reflection code, and for static analysis tool builders we provide a list of opportunities to have significant impact on real Java code.
    Original languageEnglish
    Title of host publication2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)
    Place of PublicationPiscataway
    PublisherInstitute of Electrical and Electronics Engineers
    Pages507-518
    Number of pages12
    ISBN (Electronic)978-1-5386-3868-2
    ISBN (Print)978-1-5386-3869-9
    DOIs
    Publication statusPublished - 19 Jul 2017
    Event39th International Conference on Software Engineering (ICSE 2017) - Buenos Aires, Argentina
    Duration: 20 May 201728 May 2017
    Conference number: 39
    http://icse2017.gatech.edu/

    Conference

    Conference39th International Conference on Software Engineering (ICSE 2017)
    Abbreviated titleICSE 2017
    CountryArgentina
    CityBuenos Aires
    Period20/05/1728/05/17
    Internet address

    Keywords

    • Empirical Study
    • Java
    • Reflection
    • Static Analysis
    • Systematic Literature Review

    Fingerprint

    Dive into the research topics of 'Challenges for static analysis of Java Reflection: literature review and empirical study'. Together they form a unique fingerprint.

    Cite this