7:14 Yue Li,Tian Tan,and Jingling Xue ■Unknown ■Others Class::getComponentType Proxy::getProxyClass ClassLoader::loadClass ■Class::forName ■Object::getClass ■.class antir chart eclipse fop hsqldb jython lucene pmd xalan eclipse4 javac jedit jetty tomcat average 0% 20% 40% 60% 80% 100% Fig.8.Class-retrieving methods. In addition,getComponentType()should also be modeled if Array-related reflective-action methods are analyzed,as they are usually used together. Q6.Reflective-Action Methods.Figure 9 depicts the percentage frequency distribution of all the nine reflective-action methods in all the programs studied.We can see that newInstance()and invoke()are the ones that are most frequently used(46.3%and 32.7%,respectively,on average). Both of them are handled by existing static analysis tools such as Doop,Soor,WALA and BDDBDDB. However,Field-and Array-related reflective-action methods,which are also used in many programs,are ignored by most of these tools.Their handling is often necessary.For example, Eclipse (org.eclipse.osgi.util.NLS)uses Field.set()to initialize a large number of(non- primitive)fields of all given classes.Some JDK code (e.g.,java.util.AbstractCollection)uses Array.newInstance()to reflectively create a new non-primitive array whose type depends on the given argument. As far as we know,Field-and Array-related reflective-action methods are handled only by ELF [32],SOLAR [33]and DOop [51]. Remark 6.Reflection analysis should at least handle newInstance()and invoke()as they are the most frequently used reflective-action methods(79%on average),which will significantly affect a program's behavior,in general;otherwise,much of the codebase may be invisible for analysis. Effective reflection analysis should also consider Field-and Array-related reflective-action methods,as they are also commonly used. ACM Trans.Softw.Eng.Methodol,Vol.28,No.2,Article 7.Publication date:February 2019.7:14 Yue Li, Tian Tan, and Jingling Xue 0% 20% 40% 60% 80% 100% average tomcat jetty jedit javac eclipse4 xalan pmd lucene jython hsqldb fop eclipse chart antlr Unknown Others Class::getComponentType Proxy::getProxyClass ClassLoader::loadClass Class::forName Object::getClass .class Fig. 8. Class-retrieving methods. In addition, getComponentType() should also be modeled if Array-related reflective-action methods are analyzed, as they are usually used together. Q6. Reflective-Action Methods. Figure 9 depicts the percentage frequency distribution of all the nine reflective-action methods in all the programs studied. We can see that newInstance() and invoke() are the ones that are most frequently used (46.3% and 32.7%, respectively, on average). Both of them are handled by existing static analysis tools such as Doop, Soot, Wala and Bddbddb. However, Field- and Array-related reflective-action methods, which are also used in many programs, are ignored by most of these tools. Their handling is often necessary. For example, Eclipse (org.eclipse.osgi.util.NLS) uses Field.set() to initialize a large number of (non￾primitive) fields of all given classes. Some JDK code (e.g., java.util.AbstractCollection) uses Array.newInstance() to reflectively create a new non-primitive array whose type depends on the given argument. As far as we know, Field- and Array-related reflective-action methods are handled only by Elf [32], Solar [33] and Doop [51]. Remark 6. Reflection analysis should at least handle newInstance() and invoke() as they are the most frequently used reflective-action methods (79% on average), which will significantly affect a program’s behavior, in general; otherwise, much of the codebase may be invisible for analysis. Effective reflection analysis should also consider Field- and Array-related reflective-action methods, as they are also commonly used. ACM Trans. Softw. Eng. Methodol., Vol. 28, No. 2, Article 7. Publication date: February 2019