skip to main content
10.1145/2771284.2771287acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

Combining type-analysis with points-to analysis for analyzing Java library source-code

Published: 14 June 2015 Publication History

Abstract

The predominant work in static program analysis is focused on whole program analysis assuming that the whole program is present at analysis time and the only unknowns are program inputs. However, for library designers it is of paramount importance to perform semantic checks via static program analysis tools without the presence of an application. The literature offers only little research on partial program analysis for object-oriented programming languages including Java. Analyzing libraries statically requires novel abstractions for all possible applications that are not known a-priori. In this work, we present a static program analysis technique that reasons about the state of the library by approximating the behaviour of all possible applications. The key contribution is (1) the combination of type-analysis with points-to analysis and (2) the development of a most-general application (MGA) as a type, which represents the interaction of the library with all possible applications.

References

[1]
{AHV95} S. Abiteboul, R. Hull, and V. Vianu. Foundations of Databases. Addison-Wesley, 1995.
[2]
{AL13} K. Ali and O. Lhoták. AVERROES: Whole-program analysis without the whole program. In ECOOP, LNCS 7920, pages 378–400, 2013.
[3]
{ASK15} N. Allen, B. Scholz, and P. Krishnan. Staged points-to analysis for large code bases. In Compiler Construction, LNCS 9031, pages 131–150, 2015.
[4]
{BS09} M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In OOPSLA, pages 243–262, 2009.
[5]
{CC02} P. Cousot and R. Cousot. Modular static program analysis. In Compiler Construction, LNCS 2304, pages 159–179, 2002.
[6]
{DH08} B. Dagenais and L. Hendren. Enabling static analysis for partial Java programs. In OOPSLA, pages 313–328, 2008.
[7]
{GAK12} T. J. Green, M. Aref, and G. Karvounarakis. Logicblox, platform and language: A tutorial. In Datalog in Academia and Industry, LNCS 7494, pages 1–8, 2012.
[8]
{KDGS12} R. Karim, M. Dhawan, V. Ganapathy, and C-C. Shan. An analysis of the Mozilla Jetpack extension framework. In ECOOP, LNCS 7313, pages 333–355, 2012.
[9]
{LWH + 10} B. Lee, B. Wiedermann, M. Hirzel, R. Grimm, and K. S. McKinley. Jinn: Synthesizing dynamic bug detectors for foreign language interfaces. In PLDI, pages 36–49, 2010.
[10]
{MAM12} J. Midtgaard, M. D. Adams, and M. Might. A structural soundness proof for Shiver’s escape technique: A case for Galois connections. In SAS, LNCS 7460, pages 352–369, 2012.
[11]
{MLF13} M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In (ESEC/FSE), pages 499–509, 2013.
[12]
{MRR05} A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Transaction on Software Engineering Methodolology, 14(1):1–41, 2005.
[13]
{NNH99} F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer, 2 edition, 1999.
[14]
{Ryd03} B. G. Ryder. Dimensions of precision in reference analysis of object-oriented programming languages. In CC, LNCS 2622, pages 126–137, 2003.
[15]
{SL07} D. Spinellis and P. Louridas. A framework for the static verification of API calls. Journal of Systems and Software, 80(7):1156–1168, 2007.
[16]
{TP00} Frank Tip and Jens Palsberg. Scalable propagation-based call graph construction algorithms. In OOPSLA, pages 281–293, 2000.
[17]
{ZDD13} H. Zhu, T. Dillig, and I. Dillig. Automated inference of library specifications for source-sink property verification. In APLAS, LNCS 8301, pages 290–306, 2013.

Cited By

View all
  • (2024)Partial program analysis for staged compilation systemsFormal Methods in System Design10.1007/s10703-024-00458-xOnline publication date: 13-Jun-2024
  • (2023)Persisting and Reusing Results of Static Program Analyses on a Large ScaleProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00080(888-900)Online publication date: 11-Nov-2023
  • (2023)The Role of Program Analysis in Security Vulnerability Detection: Then and NowComputers & Security10.1016/j.cose.2023.103463(103463)Online publication date: Oct-2023
  • Show More Cited By

Index Terms

  1. Combining type-analysis with points-to analysis for analyzing Java library source-code

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SOAP 2015: Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis
    June 2015
    30 pages
    ISBN:9781450335850
    DOI:10.1145/2771284
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 June 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Libraries
    2. Static Analysis
    3. Type-based abstraction

    Qualifiers

    • Research-article

    Conference

    PLDI '15
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 11 of 11 submissions, 100%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)17
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 28 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Partial program analysis for staged compilation systemsFormal Methods in System Design10.1007/s10703-024-00458-xOnline publication date: 13-Jun-2024
    • (2023)Persisting and Reusing Results of Static Program Analyses on a Large ScaleProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00080(888-900)Online publication date: 11-Nov-2023
    • (2023)The Role of Program Analysis in Security Vulnerability Detection: Then and NowComputers & Security10.1016/j.cose.2023.103463(103463)Online publication date: Oct-2023
    • (2023)Declarative static analysis for multilingual programs using CodeQLSoftware: Practice and Experience10.1002/spe.319953:7(1472-1495)Online publication date: 9-Mar-2023
    • (2022)SnRProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510061(1982-1993)Online publication date: 21-May-2022
    • (2022)Principles of Staged Static+Dynamic Partial AnalysisStatic Analysis10.1007/978-3-031-22308-2_4(44-73)Online publication date: 2-Dec-2022
    • (2021)[Engineering] eNYPD—Entry Points Detector Jakarta Server Faces Use Case2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM52516.2021.00013(30-35)Online publication date: Oct-2021
    • (2021)A Multilanguage Static Analysis of Python Programs with Native C ExtensionsStatic Analysis10.1007/978-3-030-88806-0_16(323-345)Online publication date: 13-Oct-2021
    • (2020)On the recall of static call graph construction in practiceProceedings of the ACM/IEEE 42nd International Conference on Software Engineering10.1145/3377811.3380441(1049-1060)Online publication date: 27-Jun-2020
    • (2020)Pipelining bottom-up data flow analysisProceedings of the ACM/IEEE 42nd International Conference on Software Engineering10.1145/3377811.3380425(835-847)Online publication date: 27-Jun-2020
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media