Taming ReflectionAiding Static Analysis in the Presence of Reflection                           and Custom Class Loaders    ...
necti ons!”                    ose d   con          rite to cl“D on’t w
Reflective method calls               public class Main {           	       public static void main(String[] args) throws E...
Reflective method calls               public class Main {           	       public static void main(String[] args) throws E...
Reflective method calls               public class Main {           	       public static void main(String[] args) throws E...
Reflective method calls               public class Main {           	       public static void main(String[] args) throws E...
Important reflective callsClass.forName(String
className)Class.newInstance()

Method.invoke(Object
tgt,
Object[]
args)Const...
Uses of ReflectionExtensibilitySeparate CompilationRuntime class generation“Hacking”: call private methods                5
Reflection is...   used a lot   unsound to ignore   often impossible to resolve
Play-Out   Boost       Analyse &   Play-In                       Transform                   7
y-O ut     1 :P laStep       8
Play-Out    public class Main {	       public static void main(String[] args) throws Exception {           Connection c = ...
Play-Out    public class Main {	       public static void main(String[] args) throws Exception {           Connection c = ...
Play-Out    public class Main {	       public static void main(String[] args) throws Exception {           Connection c = ...
Play-Out    public class Main {	       public static void main(String[] args) throws Exception {           Connection c = ...
Play-Out    public class Main {	       public static void main(String[] args) throws Exception {           Connection c = ...
Play-Out    public class Main {	       public static void main(String[] args) throws Exception {           Connection c = ...
Why dump classes?10
Why dump classes?     Static     analysis     needs to     know the     code10
Why dump classes?                $
java
‐jar
dacapo‐9.12‐bach.jar
fop                =====
DaCapo
9.12
fop
starting
===== ...
Why dump classes?                $
java
‐jar
dacapo‐9.12‐bach.jar
fop                =====
DaCapo
9.12
fop
starting
===== ...
Play-out AgentProgram         ClassLoader               Play‐Out
Agent                      11
Play-out AgentProgram         ClassLoader                     Main.class               Play‐Out
Agent                     ...
Play-out Agent          load class java.lang.reflect.MethodProgram                    ClassLoader                         ...
Play-out Agent          load class java.lang.reflect.MethodProgram                    ClassLoader                         ...
Play-out Agent          load class java.lang.reflect.MethodProgram                    ClassLoader                         ...
Play-out Agent               load class java.lang.reflect.Method Program                         ClassLoaderMethod.class  ...
Play-out Agent                   load class java.lang.reflect.Method Program                              ClassLoaderMetho...
Play-out Agent                       load class java.lang.reflect.Method     Program                              ClassLoa...
Play-out Agent                          load class java.lang.reflect.Method     Program                              Class...
Step 2: Boosting         12
Booster transforms program into                                  statically analyzable version    public class Main {     ...
Booster transforms program into                                  statically analyzable version    public class Main {     ...
Booster transforms program into                                statically analyzable version    public class Main {	      ...
Booster transforms program into                                statically analyzable version    public class Main {	      ...
BoosterImplemented on top of SootOperates on 3-address code (Jimple)generated from bytecodeInput: class files recorded by p...
Booster     Program                         ClassLoader                                                                   ...
Booster     Program                         ClassLoader                                                                   ...
Booster     Program                         ClassLoader                                                                   ...
Booster     Program                         ClassLoader                                                                   ...
Step       3: Pla              y-In          16
Play-in Agent                                                        load from                                            ...
Play-in Agent                                                        load from                                            ...
Play-in Agent                                                              load from                                      ...
Play-in Agent                                                        load from                                            ...
Play-in Agent                                                 load from                                                som...
Just whenwe thoughtwe weredone...
ge nerate d   classes      m ay bearran d o mize d names!         19
Play-in Agent             Program        Custom
                          ClassLoader                        Play‐In
Agent...
Play-in Agent             Program               Custom
                                 ClassLoader         ≠             ...
Play-in Agent             Program              Custom
                                ClassLoader                 C$23.cla...
SolutionNormalization: replace randomized name bynormalized name  in the log, the binaries, everywhere...Quite involved: c...
Evaluation    22
Evaluation     an th is be s o u n d?How c             22
Evaluation     an th is be s o u n d?How c                     It’s not!           But it’s sounder!             22
Evaluation     an th is be s o u n d?How c                      It’s not!            But it’s sounder!      It’s “represen...
Correctnessstatic call graph ⊇   ∪{recorded call graph} ?                       23
Correctness    static call graph ⊇    ∪{recorded call graph} ?computed with Soot/Spark         recorded with JVMTI agent  ...
Correctness    static call graph ⊇    ∪{recorded call graph} ?computed with Soot/Spark         recorded with JVMTI agent  ...
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file  quality depend on program input?        Dacapo “bach” release                  24
Effectiveness: How much does log-file   quality depend on program input?Can now safely use static analyses on DaCapo:      ...
Effectiveness: How much does log-file  quality depend on program input? Other prominent programs/frameworks                ...
Effectiveness: How much does log-file  quality depend on program input? Appro ach requ ires go o d   “feature co verage”   ...
3.00                                                                                                                      ...
Related WorkPartial evaluationBraux & Noyé, PEPM 1999String analysisChristensen et al., SAS 2003Livshits et al., APLAS 200...
Related WorkOnline Call-Graph ConstructionHirzel et al., TOPLAS 2007Blended AnalysisDufour et al., ISSTA 2007Runtime type ...
http://tamiflex.googlecode.com/               First external users Cheng Zhang, SJTU        Saswat Anand, Georgia Tech     ...
http://tamiflex.googlecode.com/Play-Out   Boost    Analyse &    Play-In                    TransformCorrect     Effective  ...
http://tamiflex.googlecode.com/               MODULARITY - aosd 2012                submit to         2nd of 3 submission d...
Upcoming SlideShare
Loading in …5
×

ICSE 2011 - TamiFlex

860 views

Published on

Available under the Creative Commons “Attribution-ShareAlike” license.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
860
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • With this, even works for runtime-generated classes!\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • TODO: Warnings never triggered\nTODO: Venn: num of Methods or num of edges?\n
  • \n
  • \n
  • TODO: redo with Numbers, split up into POA and PIA\n
  • \n
  • TODO: talk about relative number of resolved call sites\n
  • \n
  • \n
  • \n
  • \n
  • ICSE 2011 - TamiFlex

    1. 1. Taming ReflectionAiding Static Analysis in the Presence of Reflection and Custom Class Loaders Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati and Mira Mezini
    2. 2. necti ons!” ose d con rite to cl“D on’t w
    3. 3. Reflective method calls public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class);Evil.doEvil(c); m.invoke(null,c); c.write("ohoh..."); } public class Evil { public static void doEvil(Connection c) { c.close(); } } 3
    4. 4. Reflective method calls public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class);Evil.doEvil(c); m.invoke(null,c); c.write("ohoh..."); } public class Evil { hard to analyze statically! public static void doEvil(Connection c) { c.close(); } } 3
    5. 5. Reflective method calls public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( args[0] ); "Evil" Method m = c.getMethod("doEvil", Connection.class);Evil.doEvil(c); m.invoke(null,c); c.write("ohoh..."); } imp ossible public class Evil { hard to analyze statically! public static void doEvil(Connection c) { c.close(); } } 3
    6. 6. Reflective method calls public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( args[0] ); "Evil" Method m = c.getMethod("doEvil", Connection.class);Evil.doEvil(c); m.invoke(null,c); c.write("ohoh..."); } imp ossible public class Evil { hard to analyze statically! public static void doEvil(Connection c) { c.close(); } Present a pragmatic, } partial solution 3
    7. 7. Important reflective callsClass.forName(String
className)Class.newInstance()

Method.invoke(Object
tgt,
Object[]
args)Constructor.newInstance(Object[]
args)... 4
    8. 8. Uses of ReflectionExtensibilitySeparate CompilationRuntime class generation“Hacking”: call private methods 5
    9. 9. Reflection is... used a lot unsound to ignore often impossible to resolve
    10. 10. Play-Out Boost Analyse & Play-In Transform 7
    11. 11. y-O ut 1 :P laStep 8
    12. 12. Play-Out public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class); m.invoke(null,c); c.write("ohoh..."); } public class Evil { public static void doEvil(Connection c) { c.close(); } } 9
    13. 13. Play-Out public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class); m.invoke(null,c); c.write("ohoh..."); } public class Evil { $
javac
Main.java
 public static void doEvil(Connection c) { $
java
‐javaagent:poa‐trunk.jar=out
Main c.close(); } ============================================= } TamiFlex
Play‐Out
Agent
Version
trunk Found
2
new
log
entries. Log
file
written
to:
out/refl.log $
cat
out/refl.log
 Class.forName;Evil;Main.main;6 Method.invoke;<Evil:
void
doEvil(Connection)>;Main.main;8; 9
    14. 14. Play-Out public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class); m.invoke(null,c); c.write("ohoh..."); } public class Evil { $
javac
Main.java
 public static void doEvil(Connection c) { $
java
‐javaagent:poa‐trunk.jar=out
Main c.close(); } ============================================= } TamiFlex
Play‐Out
Agent
Version
trunk Found
2
new
log
entries. Log
file
written
to:
out/refl.log $
cat
out/refl.log
 Class.forName;Evil;Main.main;6 Method.invoke;<Evil:
void
doEvil(Connection)>;Main.main;8; kind of call 9
    15. 15. Play-Out public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class); m.invoke(null,c); c.write("ohoh..."); } public class Evil { $
javac
Main.java
 public static void doEvil(Connection c) { $
java
‐javaagent:poa‐trunk.jar=out
Main c.close(); } ============================================= } TamiFlex
Play‐Out
Agent
Version
trunk Found
2
new
log
entries. Log
file
written
to:
out/refl.log $
cat
out/refl.log
 Class.forName;Evil;Main.main;6 fully resolved Method.invoke;<Evil:
void
doEvil(Connection)>;Main.main;8; target of call 9
    16. 16. Play-Out public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class); m.invoke(null,c); c.write("ohoh..."); } public class Evil { $
javac
Main.java
 public static void doEvil(Connection c) { $
java
‐javaagent:poa‐trunk.jar=out
Main c.close(); } ============================================= } TamiFlex
Play‐Out
Agent
Version
trunk Found
2
new
log
entries. Log
file
written
to:
out/refl.log $
cat
out/refl.log
 Class.forName;Evil;Main.main;6 Method.invoke;<Evil:
void
doEvil(Connection)>;Main.main;8; location of call 9
    17. 17. Play-Out public class Main { public static void main(String[] args) throws Exception { Connection c = new Connection(); Class c = Class.forName( "Evil" ); Method m = c.getMethod("doEvil", Connection.class); m.invoke(null,c); c.write("ohoh..."); } public class Evil { $
find
out
‐name
*.class public static void doEvil(Connection c) { out/com/apple/java/BackwardsCompatibility.class c.close(); } out/java/io/BufferedInputStream.class out/java/io/BufferedOutputStream.class } out/java/io/BufferedReader.class out/java/io/BufferedWriter.class out/java/io/ByteArrayInputStream.class out/java/io/ByteArrayOutputStream.class out/java/io/Closeable.class out/java/io/DataInput.class ... 9
    18. 18. Why dump classes?10
    19. 19. Why dump classes? Static analysis needs to know the code10
    20. 20. Why dump classes? $
java
‐jar
dacapo‐9.12‐bach.jar
fop =====
DaCapo
9.12
fop
starting
===== =====
DaCapo
9.12
fop
PASSED
in
2503
msec
===== Static analysis needs to know the code10
    21. 21. Why dump classes? $
java
‐jar
dacapo‐9.12‐bach.jar
fop =====
DaCapo
9.12
fop
starting
===== =====
DaCapo
9.12
fop
PASSED
in
2503
msec
===== Static analysis needs to know the code10
    22. 22. Play-out AgentProgram ClassLoader Play‐Out
Agent 11
    23. 23. Play-out AgentProgram ClassLoader Main.class Play‐Out
Agent 11
    24. 24. Play-out Agent load class java.lang.reflect.MethodProgram ClassLoader Play‐Out
Agent dump every loaded class to disk Main.class 11
    25. 25. Play-out Agent load class java.lang.reflect.MethodProgram ClassLoader Method.class Play‐Out
Agent dump every loaded class to disk Main.class 11
    26. 26. Play-out Agent load class java.lang.reflect.MethodProgram ClassLoader Method.class Play‐Out
Agent dump every loaded class to disk Main.class 11
    27. 27. Play-out Agent load class java.lang.reflect.Method Program ClassLoaderMethod.class Play‐Out
Agent dump every loaded class to disk Main.class Method.class 11
    28. 28. Play-out Agent load class java.lang.reflect.Method Program ClassLoaderMethod.class call to Method.invoke Play‐Out
Agent dump every loaded class to disk Main.class Method.class 11
    29. 29. Play-out Agent load class java.lang.reflect.Method Program ClassLoader Method.class call to Method.invoke Play‐Out
Agent dump every loaded class to diskwrite entry Main.classto log file Method.class 11
    30. 30. Play-out Agent load class java.lang.reflect.Method Program ClassLoader Method.class call to Method.invoke Play‐Out
Agent Constructor.class dump every loaded class to disk Class.classwrite entry Main.class Constructor.classto log file Method.class Class.class 11
    31. 31. Step 2: Boosting 12
    32. 32. Booster transforms program into statically analyzable version public class Main { Connection.<init> public static void main(String[] args) throws Exception { ? Connection c = new Connection(); Class cl = Class.forName(args[0]); ? Method m = cl.getMethod("do"+"Evil", Connection.class); Class.forName Main.main m.invoke(null,c); c.write("ohoh..."); Class.getMethod } public class Evil { Method.invoke public static void doEvil(Connection c) { c.close(); } Connection.write } 13
    33. 33. Booster transforms program into statically analyzable version public class Main { Connection.<init> public static void main(String[] args) throws Exception { ? Connection c = new Connection(); Class cl = Class.forName(args[0]); ? Method m = cl.getMethod("do"+"Evil", Connection.class); Class.forName Main.main m.invoke(null,c); c.write("ohoh..."); Class.getMethod } public class Evil { Method.invoke public static void doEvil(Connection c) { c.close(); } Connection.write } $
cat
out/refl.log
 Class.forName;Evil;Main.main;6 Method.invoke;<Evil:
void
doEvil(Connection)>;Main.main;8; 13
    34. 34. Booster transforms program into statically analyzable version public class Main { public static void main(String[] args) throws Exception { Connection.<init> Connection c = new Connection(); Class cl; if(args[0].equals("Evil")) cl = Evil.class; else { Class.forName TamiFlexRT.warnClassForName(args[0]); Main.main cl = Class.forName(args[0]); } Class.getMethod Method m = cl.getMethod("do"+"Evil", Connection.class); if(m.getDeclaringClass().getName().equals("Evil") && Method.invoke m.getName().equals("doEvil")) Evil.doEvil(c); else { TamiFlexRT.warnMethodInvoke(m); Connection.write m.invoke(null,c); } c.write("ohoh..."); } Evil.doEvil Connection.close ... } 13
    35. 35. Booster transforms program into statically analyzable version public class Main { public static void main(String[] args) throws Exception { Connection.<init> Connection c = new Connection(); Class cl; if(args[0].equals("Evil")) cl = Evil.class; else { Class.forName TamiFlexRT.warnClassForName(args[0]); Main.main cl = Class.forName(args[0]); } Class.getMethod Method m = cl.getMethod("do"+"Evil", Connection.class); if(m.getDeclaringClass().getName().equals("Evil") && Method.invoke m.getName().equals("doEvil")) Evil.doEvil(c); else { TamiFlexRT.warnMethodInvoke(m); Connection.write m.invoke(null,c); } c.write("ohoh..."); } Evil.doEvil Connection.close ... } 13
    36. 36. BoosterImplemented on top of SootOperates on 3-address code (Jimple)generated from bytecodeInput: class files recorded by play-out agentEmits class files of “boosted” programSome nitty-gritty details with respect to theuse of non-standard class loaders (see paper) 14
    37. 37. Booster Program ClassLoader Main.class Method.class Main.class Play‐Out
Agent Constructor.class dump every loaded class to disk Class.classwrite entryto log file Main.class 15
    38. 38. Booster Program ClassLoader Main.class Method.class Main.class Play‐Out
Agent Constructor.class dump every loaded class to disk Class.classwrite entryto log file Booster Main.class Main.class 15
    39. 39. Booster Program ClassLoader Main.class Method.class Main.class Play‐Out
Agent Main.class Constructor.class dump every loaded class to disk Class.classwrite entry Static Analysisto log file Booster Main.class Main.class 15
    40. 40. Booster Program ClassLoader Main.class Method.class Main.class Play‐Out
Agent ? Main.class Constructor.class dump every loaded class to disk Class.classwrite entry Static Analysisto log file Booster Main.class Main.class 15
    41. 41. Step 3: Pla y-In 16
    42. 42. Play-in Agent load from somewhere, load class Main or generate Program Custom
 ClassLoader Play‐In
AgentMain.class 17
    43. 43. Play-in Agent load from somewhere, load class Main or generate Program Custom
 ClassLoader Play‐In
AgentMain.class 17
    44. 44. Play-in Agent load from somewhere, load class Main or generate Program Custom
 ClassLoader Main.class Play‐In
AgentMain.class 17
    45. 45. Play-in Agent load from somewhere, load class Main or generate Program Custom
 ClassLoader Play‐In
Agent searchMain.class transformed version of Main 17
    46. 46. Play-in Agent load from somewhere, load class Main or generateProgram Custom
 ClassLoaderreplace Main by Main.class transformed class Play‐In
Agent search transformed version of Main 17
    47. 47. Just whenwe thoughtwe weredone...
    48. 48. ge nerate d classes m ay bearran d o mize d names! 19
    49. 49. Play-in Agent Program Custom
 ClassLoader Play‐In
AgentC$42.class 20
    50. 50. Play-in Agent Program Custom
 ClassLoader ≠ Play‐In
AgentC$42.class C$23.class 20
    51. 51. Play-in Agent Program Custom
 ClassLoader C$23.class Play‐In
AgentC$42.class 20
    52. 52. SolutionNormalization: replace randomized name bynormalized name in the log, the binaries, everywhere...Quite involved: classes to normalize may beinterdependentDetails in the paperMore details in our Tech ReportYet more details in the source 21
    53. 53. Evaluation 22
    54. 54. Evaluation an th is be s o u n d?How c 22
    55. 55. Evaluation an th is be s o u n d?How c It’s not! But it’s sounder! 22
    56. 56. Evaluation an th is be s o u n d?How c It’s not! But it’s sounder! It’s “representative”! 22
    57. 57. Correctnessstatic call graph ⊇ ∪{recorded call graph} ? 23
    58. 58. Correctness static call graph ⊇ ∪{recorded call graph} ?computed with Soot/Spark recorded with JVMTI agent 23
    59. 59. Correctness static call graph ⊇ ∪{recorded call graph} ?computed with Soot/Spark recorded with JVMTI agent Yes! (call graphs are representative;tested with Lhotak’s Call-graph comparison tool ProBe) 23
    60. 60. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    61. 61. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    62. 62. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    63. 63. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    64. 64. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    65. 65. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    66. 66. Effectiveness: How much does log-file quality depend on program input? Dacapo “bach” release 24
    67. 67. Effectiveness: How much does log-file quality depend on program input?Can now safely use static analyses on DaCapo: Warnings never triggered! 24
    68. 68. Effectiveness: How much does log-file quality depend on program input? Other prominent programs/frameworks 25
    69. 69. Effectiveness: How much does log-file quality depend on program input? Appro ach requ ires go o d “feature co verage” 26
    70. 70. 3.00 2.62 2.00 1.22 1.18 1.02 1.02 1.08 1.06 1.09 1.03 1.05 1.04 1.00 1.00Play-Out 1.00 vro ra ati k e ips fo p h2 on e x h arc pm d ow s p an soa xala n a b cl j yth ind e nfl e eb rade e lu lus su d tra t 3.00 2.00 1.12 1.09 1.06 1.06 1.04 1.05 1.03 1.00 1.04 1.03 1.04 1.00 1.00Play-In 1.00 vro r a ati k e ips fo p h2 o n e x h arc pm d o w s p an soa xala n a b cl jyth i nd e nfl e eb rade e lu lus su d tra t
    71. 71. Related WorkPartial evaluationBraux & Noyé, PEPM 1999String analysisChristensen et al., SAS 2003Livshits et al., APLAS 2005Application extractionTip et. al, TOPLAS 2002“Finding the code”Bessey et. al (Coverity), CACM 2010 28
    72. 72. Related WorkOnline Call-Graph ConstructionHirzel et al., TOPLAS 2007Blended AnalysisDufour et al., ISSTA 2007Runtime type inference in PRubyFurr et al., OOPSLA 2009 29
    73. 73. http://tamiflex.googlecode.com/ First external users Cheng Zhang, SJTU Saswat Anand, Georgia Tech Jochen Huck, KITPlay-out, Soot, Play-In Play-out, Soot Play-out, SootCall frequency analysis Points-to, Symb. Exec. Side-Effects, Dominance
    74. 74. http://tamiflex.googlecode.com/Play-Out Boost Analyse & Play-In TransformCorrect Effective Efficient
    75. 75. http://tamiflex.googlecode.com/ MODULARITY - aosd 2012 submit to 2nd of 3 submission deadlines: July 14th Record number of submitted & accepted July 17th-21st, 2011, Toronto papersattend

    ×