Challenges for static analysis of Java Reflection: literature review and empirical study

D. Landman, A. Serebrenik, J. Vinju

    Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

    42 Citaten (Scopus)


    The behavior of software using the Java Reflection API is fundamentally hard to predict by analyzing code. Only recently static analysis approaches resolve reflection in the context of a set of unsound yet pragmatic assumptions. In this paper we survey what approaches exist and what their limitations are. We then analyze how real-world Java code uses the Reflection API, and how many Java projects contain code challenging state-of-the-art static analysis.
    Using a systematic literature review we collected and categorized all known methods of statically approximating reflective Java code. Next to this we constructed a representative corpus of Java systems and collected descriptive statistics of the usage of the Reflection API. We then applied an analysis on the abstract syntax trees of all source code to count code idioms which go beyond the limitation boundaries of static analysis approaches. The resulting data answers the research questions. The corpus, the tool and the results are openly available.

    We conclude that the need for unsound assumptions to resolve reflection is widely supported. In our corpus, reflection can not be ignored for 78% of the projects. Common challenges for analysis tools such as non-exceptional exceptions, programmatic filtering meta objects, semantics of collections, and dynamic proxies, widely occur in the corpus. For Java Software Engineers prioritizing on robustness, we list tactics to obtain more easy to analyze reflection code, and for static analysis tool builders we provide a list of opportunities to have significant impact on real Java code.
    Originele taal-2Engels
    Titel2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)
    Plaats van productiePiscataway
    UitgeverijInstitute of Electrical and Electronics Engineers
    Aantal pagina's12
    ISBN van elektronische versie978-1-5386-3868-2
    ISBN van geprinte versie978-1-5386-3869-9
    StatusGepubliceerd - 19 jul 2017
    Evenement39th International Conference on Software Engineering (ICSE 2017) - Buenos Aires, Argentinië
    Duur: 20 mei 201728 mei 2017
    Congresnummer: 39


    Congres39th International Conference on Software Engineering (ICSE 2017)
    Verkorte titelICSE 2017
    StadBuenos Aires
    Internet adres

    Vingerafdruk Duik in de onderzoeksthema's van 'Challenges for static analysis of Java Reflection: literature review and empirical study'. Samen vormen ze een unieke vingerafdruk.

    Citeer dit