Understanding and Analyzing Java Reflection 7:3 and precision.As a static analysis,a(more)sound reflection analysis is one that allows (more) true reflective targets(i.e.,targets that are actually accessed at runtime)to be resolved statically. In practice,any reflection analysis must inevitably make a trade-off among soundness,precision, scalability,and(sometimes)automation. In addition,existing reflection analyses [2,8,20,22,28,32,35,38,51,68]cannot answer two critical questions that are raised naturally,in practice:Q(1)how sound is a given reflection analysis and Q(2)which reflective calls are resolved unsoundly or imprecisely?We argue for their importance as follows: If Q(1)is unanswered,users would be unsure (or lose confidence)about the effectiveness of the analysis results produced.For example,a bug detector that reports no bugs may actually miss many bugs if some reflective calls are resolved unsoundly. If Q(2)is unanswered,users would not have an opportunity to contribute in improving the precision and soundness of the analysis results,e.g.,by providing some user annotations.For some client analyses (e.g.,verification),soundness is required. 1.3 Contributions In this paper,we attempt to uncover the mysterious veil of Java reflection and change the informed opinion in the program analysis community about static reflection analysis:"Java reflection is a dynamic feature which is nearly impossible to handle effectively in static analysis".Specifically,we make the following contributions: We provide a comprehensive understanding of Java reflection through examining its under- lying concept (what it is),interface (how its API is designed),and real-world usage (how it is used in practice).As a result,we will provide the answers to several critical questions,which are somewhat related,including: What is reflection,why is it introduced in programming languages,and how is Java reflection derived from the basic reflection concept? Which methods of the Java reflection API should be analyzed carefully and how are they related,as the API is large and complex(with about 200 methods)? How is reflection used in real-world Java programs and what can we learn from its common uses?We have conducted a comprehensive study about reflection usage in a set of 16 representative Java programs by examining their 1,423 reflective call sites.We report 7 useful findings to enable the development of improved practical reflection analysis techniques and tools in future research. We introduce a new static analysis approach,called SoLAR (soundness-guided reflection analy- sis),to resolve Java reflection effectively in practice.As shown in Figure 1,SoLAR has three unique advantages compared with previous work: SoLAR is able to yield significantly more sound results than the state-of-the-art reflec- tion analysis.In addition,SoLAR allows its soundness to be reasoned about when some reasonable assumptions are met. SoLAR is able to accurately identify the parts of the program where reflection is analyzed unsoundly or imprecisely,making it possible for users to be aware of the effectiveness of their analysis results(as discussed in Section 1.2). -SoLAR provides a mechanism to guide users to iteratively refine the analysis results by adding lightweight annotations until their specific requirements are satisfied,enabling reflection to be analyzed in a controlled manner. ACM Trans.Softw.Eng.Methodol.,Vol.28,No.2,Article 7.Publication date:February 2019.Understanding and Analyzing Java Reflection 7:3 and precision. As a static analysis, a (more) sound reflection analysis is one that allows (more) true reflective targets (i.e., targets that are actually accessed at runtime) to be resolved statically. In practice, any reflection analysis must inevitably make a trade-off among soundness, precision, scalability, and (sometimes) automation. In addition, existing reflection analyses [2, 8, 20, 22, 28, 32, 35, 38, 51, 68] cannot answer two critical questions that are raised naturally, in practice: Q(1) how sound is a given reflection analysis and Q(2) which reflective calls are resolved unsoundly or imprecisely? We argue for their importance as follows: • If Q(1) is unanswered, users would be unsure (or lose confidence) about the effectiveness of the analysis results produced. For example, a bug detector that reports no bugs may actually miss many bugs if some reflective calls are resolved unsoundly. • If Q(2) is unanswered, users would not have an opportunity to contribute in improving the precision and soundness of the analysis results, e.g., by providing some user annotations. For some client analyses (e.g., verification), soundness is required. 1.3 Contributions In this paper, we attempt to uncover the mysterious veil of Java reflection and change the informed opinion in the program analysis community about static reflection analysis: “Java reflection is a dynamic feature which is nearly impossible to handle effectively in static analysis”. Specifically, we make the following contributions: • We provide a comprehensive understanding of Java reflection through examining its under￾lying concept (what it is), interface (how its API is designed), and real-world usage (how it is used in practice). As a result, we will provide the answers to several critical questions, which are somewhat related, including: – What is reflection, why is it introduced in programming languages, and how is Java reflection derived from the basic reflection concept? – Which methods of the Java reflection API should be analyzed carefully and how are they related, as the API is large and complex (with about 200 methods)? – How is reflection used in real-world Java programs and what can we learn from its common uses? We have conducted a comprehensive study about reflection usage in a set of 16 representative Java programs by examining their 1,423 reflective call sites. We report 7 useful findings to enable the development of improved practical reflection analysis techniques and tools in future research. • We introduce a new static analysis approach, called Solar (soundness-guided reflection analy￾sis), to resolve Java reflection effectively in practice. As shown in Figure 1, Solar has three unique advantages compared with previous work: – Solar is able to yield significantly more sound results than the state-of-the-art reflec￾tion analysis. In addition, Solar allows its soundness to be reasoned about when some reasonable assumptions are met. – Solar is able to accurately identify the parts of the program where reflection is analyzed unsoundly or imprecisely, making it possible for users to be aware of the effectiveness of their analysis results (as discussed in Section 1.2). – Solar provides a mechanism to guide users to iteratively refine the analysis results by adding lightweight annotations until their specific requirements are satisfied, enabling reflection to be analyzed in a controlled manner. ACM Trans. Softw. Eng. Methodol., Vol. 28, No. 2, Article 7. Publication date: February 2019