Skip to main content
SpringerLink
Log in

Improving static resolution of dynamic class loading in Java using dynamically gathered environment information

  • Published:
Automated Software Engineering Aims and scope Submit manuscript

Abstract

In Java software, one important flexibility mechanism is dynamic class loading. Unfortunately, the vast majority of static analyses for Java treat dynamic class loading either unsoundly or too conservatively. We present a novel semi-static approach for resolving dynamic class loading by combining static string analysis with dynamically gathered information about the execution environment. The insight behind the approach is that dynamic class loading often depends on characteristics of the environment that are encoded in various environment variables. Such variables are not static elements; however, their run-time values typically remain the same across multiple executions of the application. Thus, the string values reported by our technique are tailored to the current installation of the system under analysis. Additionally, we propose extensions of string analysis to increase the number of sites that can be resolved purely statically, and to track the names of environment variables. An experimental evaluation on the Java 1.4 standard libraries shows that a state-of-the-art purely static approach resolves only 28% of non-trivial sites, while our approach resolves 74% of such sites. We also demonstrate how the information gained from resolved dynamic class loading can be used to determine the classes that can potentially be instantiated through the use of reflection. Our extensions of string analysis greatly increase the number of resolvable reflective instantiation sites. This work is a step towards making static analysis tools better equipped to handle the dynamic features of Java.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • Bacon, D., Sweeney, P.: Fast static analysis of C++ virtual function calls. In: ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 324–341 (1996)

  • Braux, M., Noye, J.: Towards partially evaluating reflection in Java. In: ACM Workshop on Partial Evaluation and Semantics-based Program Manipulation, pp. 2–11 (1999)

  • Choi, T.H., Lee, O., Kim, H., Doh, K.G.: A practical string analyzer by the widening approach. In: Asian Symposium on Programming Languages and Systems, pp. 374–388 (2006)

  • Christensen, A.S., Møller, A., Schwartzbach, M.: Precise analysis of string expressions. In: Static Analysis Symposium, pp. 1–18 (2003a)

  • Christensen, A.S., Møller, A., Schwartzbach, M.I.: Extending Java for high-level Web service construction. ACM Trans. Program. Lang. Syst. 25(6), 814–875 (2003b)

    Article  Google Scholar 

  • Christodorescu, M., Kidd, N., Goh, W.H.: String analysis for x86 binaries. In: ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pp. 88–95 (2005)

  • Codish, M., Debray, S., Giacobazzi, R.: Compositional analysis of modular logic programs. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 451–464 (1993)

  • Dean, J., Grove, D., Chambers, C.: Optimizations of object-oriented programs using static class hierarchy analysis. In: European Conference on Object-Oriented Programming, pp. 77–101 (1995)

  • Futamura, Y.: Partial evaluation of computation process—an approach to a compiler-compiler. Syst. Comput. Controls 2, 45–50 (1971)

    Google Scholar 

  • Gould, C., Su, Z., Devanbu, P.: JDBC checker: A static analysis tool for SQL/JDBC applications. In: International Conference on Software Engineering, pp. 697–698 (2004a)

  • Gould, C., Su, Z., Devanbu, P.: Static checking of dynamically generated queries in database applications. In: International Conference on Software Engineering, pp. 645–654 (2004b)

  • Halfond, W.G., Orso, A.: AMNESIA: Analysis and monitoring for neutralizing SQL-injection attacks. In: IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183 (2005)

  • Hirzel, M., Diwan, A., Hind, M.: Pointer analysis in the presence of dynamic class loading. In: European Conference on Object-Oriented Programming, pp. 96–122 (2004)

  • Hirzel, M., Dincklage, D.V., Diwan, A., Hind, M.: Fast online pointer analysis. ACM Trans. Program. Lang. Syst. 29(2), 11 (2007)

    Article  Google Scholar 

  • Jones, N.D., Gomard, C.K., Sestoft, P.: Partial Evaluation and Automatic Program Generation. Prentice Hall, New York (1993)

    MATH  Google Scholar 

  • Kirkegaard, C., Møller, A., Schwartzbach, M.I.: Static analysis of XML transformations in Java. IEEE Trans. Softw. Eng. 3(3), 181–192 (2004)

    Article  Google Scholar 

  • Lhoták, O., Hendren, L.: Scaling Java points-to analysis using Spark. In: International Conference on Compiler Construction, pp. 153–169 (2003)

  • Liang, S., Bracha, G.: Dynamic class loading in the Java virtual machine. In: ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 36–44 (1998)

  • Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Addison-Wesley, Reading (1999)

    Google Scholar 

  • Livshits, B., Whaley, J., Lam, M.: Reflection analysis for Java. In: Asian Symposium on Programming Languages and Systems, pp. 139–160 (2005)

  • Martin, E., Xie, T.: Understanding software application interfaces via string analysis. In: International Conference on Software Engineering, pp. 901–904 (2006)

  • Minamide, Y.: Static approximation of dynamically generated web pages. In: International Conference on World Wide Web, pp. 432–441 (2005)

  • Mohri, M., Nederhof, M.J.: Regular approximation of context-free grammars through transformation. In: Junqua, J.C., van Noord, G. (eds.) Robustness in Language and Speech Technology, pp. 251–261. Kluwer Academic, Norwell (2000)

    Google Scholar 

  • Müller, H., Klashinsky, K.: Rigi—a system for programming-in-the-large. In: International Conference on Software Engineering, pp. 80–86 (1988)

  • Pechtchanski, I., Sarkar, V.: Dynamic optimistic interprocedural analysis: A framework and an application. In: ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 195–210 (2001)

  • Qian, F., Hendren, L.: Towards dynamic interprocedural analysis in JVMs. In: Virtual Machine Research and Technology Symposium, pp. 139–150 (2004)

  • Storey, M.A., Müller, H.: Manipulating and documenting software structures using SHriMP views. In: IEEE International Conference on Software Maintenance, pp. 275–284 (1995)

  • Storey, M.A., Wong, K., Müller, H.: How do program understanding tools affect how programmers understand programs? Sci. Comput. Program. 36(23), 183–207 (2000)

    Article  Google Scholar 

  • Sundaresan, V., Hendren, L., Razafimahefa, C., Vallee-Rai, R., Lam, P., Gagnon, E., Godin, C.: Practical virtual method call resolution for Java. In: ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 264–280 (2000)

  • Sundaresan, V., Maier, D., Ramarao, P., Stoodley, M.: Experiences with multi-threading and dynamic class loading in a Java just-in-time compiler. In: IEEE/ACM International Symposium on Code Generation and Optimization, pp. 87–97 (2006)

  • Tabuchi, N., Sumii, E., Yonezawa, A.: Regular expression types for strings in a text processing language. In: Proceedings of International Workshop on Types in Programming, pp. 1–18 (2002)

  • Thiemann, P.: Grammar-based analysis of string expressions. In: ACM SIGPLAN Workshop on Types in Languages Design and Implementation, pp. 59–70 (2005)

  • Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 281–293 (2000)

  • Tip, F., Laffra, C., Sweeney, P., Streeter, D.: Practical experience with an application extractor for Java. In: ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 292–305 (1999)

  • Vallée-Rai, R., Gagnon, E., Hendren, L., Lam, P., Pominville, P., Sundaresan, V.: Optimizing Java bytecode using the Soot framework: Is it feasible? In: International Conference on Compiler Construction, pp. 18–34 (2000)

  • Wassermann, G., Su, Z.: An analysis framework for security in web applications. In: Workshop on Specification and Verification of Component-Based Systems, pp. 70–78 (2004)

  • Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 32–41 (2007)

Download references

Author information

Authors and Affiliations

  1. The Ohio State University, 395 Dreese Labs, 2015 Neil Ave, Columbus, OH, 43210, USA

    Jason Sawin & Atanas Rountev

Authors
  1. Jason Sawin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Atanas Rountev
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jason Sawin.

Additional information

This material is based upon work supported by the National Science Foundation under CAREER grant CCF-0546040.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sawin, J., Rountev, A. Improving static resolution of dynamic class loading in Java using dynamically gathered environment information. Autom Softw Eng 16, 357–381 (2009). https://doi.org/10.1007/s10515-009-0049-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10515-009-0049-9

Keywords

Search

Navigation