Understanding and Analyzing Java Reflection by Yue Li A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY IN THE SCHOOL OF Computer Science and Engineering 26 July, 2016 All rights reserved. This work may not be reproduced in whole or in part, by photocopy or other means, without the permission of the author. c Yue Li 2016 PLEASE TYPE THE UNIVERSITY OF NEW SOUTH WALES Thesis/Dissertation Sheet Surname or Family name: Li First name: Yue Other name/s: Abbreviation for degree as given in the University calendar: PhD School: Computer Science and Engineering Faculty: Engineering Title: Understanding and Analyzing Java Reflection Abstract 350 words maximum: (PLEASE TYPE) Java reflection is increasingly used in a range of software and framework architectures. It allows a software system to examine itself and make changes that affect its execution at run-time, but creates significant challenges to static analysis. This is because the usages of reflection are quite complicated in real-world Java programs, and their dynamic behaviors are mainly specified by string arguments, which are usually unknown statically. As a result, in almost all the static analysis tools, reflection is either ignored or handled partially, resulting in missed, important behaviors, i.e., unsound results. Improving or even achieving soundness in reflection analysis will provide significant benefits to many clients, such as bug detectors, security analyzers and program verifiers. This thesis first introduces what Java reflection is, and conducts an empirical study on how reflection is used in real-world Java applications. Many useful findings are concluded for guiding the designs of more effective reflection analysis methods and tools. Based on this study, this thesis then presents two new techniques for handling reflection statically: a self-inferencing analysis called ELF, and a soundness-guided analysis called SOLAR. ELF is able to analyze reflection more effectively than the previous string resolution approach by exploiting a self- inferencing property found in our study. Such property is inherent in almost every reflective call, but not fully exploited by existing methods. ELF could make a disciplined trade-off among soundness, precision and scalability, while also discovering usually more reflective targets than in the previous work. SOLAR allows its soundness to be reasoned about when some reasonable assumptions are met, and yields significantly improved under-approximations otherwise. In addition, SOLAR is able to accurately identify where reflection is analyzed unsoundly or imprecisely and it provides a mechanism to guide users to iteratively refine the analysis results by lightweight annotations until their specific requirements are satisfied. For both ELF and SOLAR, this thesis presents their methodologies and formalisms and evaluates them against the state-of- the-art solutions with a set of large Java benchmarks and applications. The experimental results demonstrate their effectiveness as the new state-of-the-art reflection analyses in practice. Both ELF and SOLAR have been made available as open-source tools. Declaration relating to disposition of project thesis/dissertation I hereby grant to the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or in part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all property rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstracts International (this is applicable to doctoral theses only). …………………………………………………………… ……………………………………..……………… ……….……………………...…….… Signature Witness Date The University recognises that there may be exceptional circumstances requiring restrictions on copying or conditions on use. Requests for restriction for a period of up to 2 years must be made in writing. Requests for a longer period of restriction may be considered in exceptional circumstances and require the approval of the Dean of Graduate Research. FOR OFFICE USE ONLY Date of completion of requirements for Award: THIS SHEET IS TO BE GLUED TO THE INSIDE FRONT COVER OF THE THESIS ORIGINALITY STATEMENT ‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project's design and conception or in style, presentation and linguistic expression is acknowledged.’ Signed …………………………………………….............. Date …………………………………………….............. COPYRIGHT STATEMENT ‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstract International (this is applicable to doctoral theses only). I have either used no substantial portions of copyright material in my thesis or I have obtained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation.' Signed ……………………………………………........................... Date ……………………………………………........................... AUTHENTICITY STATEMENT ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format.’ Signed ……………………………………………........................... Date ……………………………………………........................... Abstract Java reflection is increasingly used in a range of software and framework architec- tures. It allows a software system to examine itself and make changes that affect its execution at run-time, but creates significant challenges to static analysis. This is because the usages of reflection are quite complicated in real-world Java programs, and their dynamic behaviors are mainly specified by string arguments, which are usually unknown statically. As a result, in almost all the static analysis tools, reflection is either ignored or handled partially, resulting in missed, important be- haviors, i.e., unsound results. Improving or even achieving soundness in reflection analysis will provide significant benefits to many clients, such as bug detectors, security analyzers and program verifiers. This thesis first introduces what Java reflection is, and conducts an empiri- cal study on how reflection is used in real-world Java applications. Many useful findings are concluded for guiding the designs of more effective reflection analysis methods and tools. Based on this study, this thesis then presents two new tech- niques for handling reflection statically: a self-inferencing analysis called Elf, and a soundness-guided analysis called Solar. • Elf is able to analyze reflection more effectively than the previous string resolution approach by exploiting a self-inferencing property found in our study. Such property is inherent in almost every reflective call, but not fully i exploited by existing methods. Elf could make a disciplined trade-off among soundness, precision and scalability, while also discovering usually more re- flective targets than in the previous work. • Solar allows its soundness to be reasoned about when some reasonable as- sumptions are met, and yields significantly improved under-approximations otherwise. In addition, Solar is able to accurately identify where reflection is analyzed unsoundly or imprecisely and it provides a mechanism to guide users to iteratively refine the analysis results by lightweight annotations until their specific requirements are satisfied. For both Elf and Solar, this thesis presents their methodologies and for- malisms and evaluates them against the state-of-the-art solutions with a set of large Java benchmarks and applications. The experimental results demonstrate their effectiveness as the new state-of-the-art reflection analyses in practice. Both Elf and Solar have been made available as open-source tools. ii Publications • Tian Tan, Yue Li and Jingling Xue. Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting. 23rd International Static Anal- ysis Symposium (SAS’16). • Yue Li, Tian Tan, Yifei Zhang and Jingling Xue. Program Tailoring: Slicing by Sequential Criteria. 30th European Conference on Object-Oriented Pro- gramming (ECOOP’16). (Distinguished Paper Award) • Yue Li, Tian