Taming Reflection – Static Analysis in the Presence of Reflection and Custom Class Loaders

Eric | March 25, 2010

I am happy to announce the first release of TamiFlex, our new tool suite for “taming reflection”. TamiFlex comes with an accompanying Technical Report. Using TamiFlex, you can, in combination with static-analysis tools such as Soot 2.4.0, analyze even such programs statically that use reflection and custom class loaders.

For instance, we describe how to use TamiFlex to statically analyze the new DaCapo “bach” release with Soot. This document gives an overview of the architecture of TamiFlex.

Here’s the abstract of our Tech Report:

“Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can the analysis get hold of a class that the program may load from a remote location or even generate on the fly? And if its results are used to transform classes offline, how can it ensure that the transformed classes are re-inserted into a running program that uses custom class loaders?

In this paper we present TamiFlex, a tool set for taming reflection. TamiFlex consists of two novel instrumentation agents. The Play-out Agent logs reflective calls into a log file and gathers all loaded classes, including generated ones. The Play-in Agent re-inserts offline-transformed classes into a running program. To show how researchers can use TamiFlex, we modified the Soot framework for static analysis, and in particular it’s points-to-analysis component Spark, so that it uses the log file to construct a sound call graph and points-to sets even for programs that use reflection, custom class loaders, and dynamic class generation.

We prove our approach feasible by applying TamiFlex to the 9.12-bach release of the DaCapo benchmark suite, which uses all the aforementioned dynamic features. For the first time, TamiFlex enables researchers to conduct static whole-program analyses on this version of DaCapo. Our experiments show that our combination of Soot and TamiFlex produces sound call graphs, that TamiFlex usually produces less than 10% runtime overhead and that the reflection log files do not depend much on program input.”