Understanding and Analyzing Java Reflection 7:11 ■Unknown String Manipulation Unresolved String Manipulation Resolved String Constant 40% 20% (a)Calls to class-retrieving methods (b)Calls to member-retrieving methods Fig.5.Classification of the String arguments of two class-retrieving methods,forName()and loadclass(),and four member-retrieving methods,getMethod(),getDeclaredMethod(),getField()and getDeclaredField(). object named by its first parameter;getDeclaredField(String)and getField(String)each return a Field object named by its single parameter. As shown in Figure 5,string constants are commonly used when calling the two class-retrieving methods(34.7%on average)and the four member-retrieving methods(63.1%on average).In the presence of string manipulations,many class/method/field names are unknown exactly.This is mainly because their static resolution requires precise handling of many different operations e.g., subString()and append().In fact,many cases are rather complex and thus cannot be handled well by simply modeling the java.lang.String-related API.Thus,SoLAR does not currently handle string manipulations.However,the incomplete information about class/method/field names (i.e.,partial string information)can be exploited beneficially [22,51]. We also found that many string arguments are Unknown(55.3%for calling class-retrieving methods and 25.1%for calling member-retrieving methods,on average).These are the strings that may be read from,say,configuration files,command lines,or even Internet URLs.Finally,string constants are found to be more frequently used for calling the four member-retrieving methods than the two class-retrieving methods:146 calls to getDeclaredMethod()and getMethod(),27 calls to getDeclaredField()and getField()in contrast with 98 calls to forName()and loadclass(). This suggests that the analyses that ignore string constants flowing into some member-retrieving methods may fail to exploit such valuable information and thus become imprecise. Remark 1.Resolving reflective targets by string constants does not always work.On average,only 49%reflective call sites (where string arguments are used to specify reflective targets)use string constants.In addition,fully resolving non-constant string arguments by string manipulation, although mentioned elsewhere [5,38],may be hard to achieve,in practice. Q2.Retrieving an Array of Member Objects.As introduced in Section 2.2.2,half of member- retrieving methods(e.g.,getMethods())return an array of member metaobjects.Although not as frequently used as the ones returning single member metaobject(e.g,getMethod()),they play an important role in introducing new program behaviours in some applications.For example,in the two Eclipse programs studied,there are four invoke()call sites called on an array of Method ACM Trans.Softw.Eng.Methodol.,Vol.28,No.2,Article 7.Publication date:February 2019.Understanding and Analyzing Java Reflection 7:11 0% 20% 40% 60% 80% 100% antlr chart eclipse fop hsqldb jython lucene pmd xalan eclipse4 javac jedit jetty tomcat average antlr chart eclipse fop hsqldb jython lucene pmd xalan eclipse4 javac jedit jetty tomcat average Unknown String Manipulation Unresolved String Manipulation Resolved String Constant (a) Calls to class-retrieving methods (b) Calls to member-retrieving methods Fig. 5. Classification of the String arguments of two class-retrieving methods, forName() and loadClass(), and four member-retrieving methods, getMethod(), getDeclaredMethod(), getField() and getDeclaredField(). object named by its first parameter; getDeclaredField(String) and getField(String) each return a Field object named by its single parameter. As shown in Figure 5, string constants are commonly used when calling the two class-retrieving methods (34.7% on average) and the four member-retrieving methods (63.1% on average). In the presence of string manipulations, many class/method/field names are unknown exactly. This is mainly because their static resolution requires precise handling of many different operations e.g., subString() and append(). In fact, many cases are rather complex and thus cannot be handled well by simply modeling the java.lang.String-related API. Thus, Solar does not currently handle string manipulations. However, the incomplete information about class/method/field names (i.e., partial string information) can be exploited beneficially [22, 51]. We also found that many string arguments are Unknown (55.3% for calling class-retrieving methods and 25.1% for calling member-retrieving methods, on average). These are the strings that may be read from, say, configuration files, command lines, or even Internet URLs. Finally, string constants are found to be more frequently used for calling the four member-retrieving methods than the two class-retrieving methods: 146 calls to getDeclaredMethod() and getMethod(), 27 calls to getDeclaredField() and getField() in contrast with 98 calls to forName() and loadClass(). This suggests that the analyses that ignore string constants flowing into some member-retrieving methods may fail to exploit such valuable information and thus become imprecise. Remark 1. Resolving reflective targets by string constants does not always work. On average, only 49% reflective call sites (where string arguments are used to specify reflective targets) use string constants. In addition, fully resolving non-constant string arguments by string manipulation, although mentioned elsewhere [5, 38], may be hard to achieve, in practice. Q2. Retrieving an Array of Member Objects. As introduced in Section 2.2.2, half of member￾retrieving methods (e.g., getMethods()) return an array of member metaobjects. Although not as frequently used as the ones returning single member metaobject (e.g., getMethod()), they play an important role in introducing new program behaviours in some applications. For example, in the two Eclipse programs studied, there are four invoke() call sites called on an array of Method ACM Trans. Softw. Eng. Methodol., Vol. 28, No. 2, Article 7. Publication date: February 2019