effective soundness guided reflection analysis
play

Effective Soundness-Guided Reflection Analysis Yue Li , Tian Tan and - PowerPoint PPT Presentation

Mar 15, 2024 •343 likes •1.22k views

Effective Soundness-Guided Reflection Analysis Yue Li , Tian Tan and Jingling Xue Complier Research Group @ UNSW, Australia September 10, 2015 SAS 2015 Saint-Malo Static analysis for OO in practice ? Static analysis for OO in practice ? re re

  1. Effective Soundness-Guided Reflection Analysis Yue Li , Tian Tan and Jingling Xue Complier Research Group @ UNSW, Australia September 10, 2015 SAS 2015 Saint-Malo

  2. Static analysis for OO in practice ?

  3. Static analysis for OO in practice ? re re re … reflection !

  4. Class Person { void setName(String nm) {…}; … … } Person p = new Person(); p.setName(“John”);

  5. Class Person { void setName(String nm) {…}; … … } Person p = new Person(); p.setName(“John”);

  6. Class Person { void setName(String nm) {…}; … … } Person p = new Person(); p.setName(“John”);

  7. Class Person { void setName(String nm) {…}; … … } Person p = new Person(); class p.setName(“John”); field method

  8. Class Person { void setName(String nm) {…}; … … } Person p = new Person(); class p.setName(“John”); field method

  9. Class c = Class.forName(“Person”); Method m = c.getMethod(“setName”, …); Object p = c.newInstance(); m.invoke(p, “John”); Class Person { void setName(String nm) {…}; … … } Person p = new Person(); class p.setName(“John”); field method

  10. Class c = Class.forName(“Person”); Method m = c.getMethod(“setName”, …); Object p = c.newInstance(); m.invoke(p, “John”); Class Person { void setName(String nm) {…}; … … Compile Time } Person p = new Person(); class p.setName(“John”); field method

  11. Class c = Class.forName(“Person”); Method m = c.getMethod(“setName”, …); Object p = c.newInstance(); m.invoke(p, “John”); Class Person { void setName(String nm) {…}; … … Compile Time } Person p = new Person(); class p.setName(“John”); field method

  12. Class c = Class.forName(“Person”); Method m = c.getMethod(“setName”, …); Runtime Object p = c.newInstance(); m.invoke(p, “John”); Class Person { void setName(String nm) {…}; … … Compile Time } Person p = new Person(); class p.setName(“John”); field method

  13. n o i t c e t e D g u B Class c = Class.forName(cName); Method m = c.getMethod(mName, …); A a = new A(); m.invoke(a, …);

  14. n o i t c e t e D g u B Class c = Class.forName(cName); Method m = c.getMethod(mName, …); A a = new A(); m.invoke(a, …); Method 1 Method 2 Method 3 Bug

  15. n o i t c e t e D g u B Class c = Class.forName(cName); Method m = c.getMethod(mName, …); A a = new A(); m.invoke(a, …); Method 1 Method 2 Method 3 Soundness Bug

  16. Soundness

  17. Soundness ECOOP’14 ICSE’11 OOPSLA’09 APLAS’05

  18. Soundness Best-Effort ECOOP’14 ICSE’11 OOPSLA’09 APLAS’05

  19. Soundness Best-Effort SAS’15 ECOOP’14 ICSE’11 OOPSLA’09 APLAS’05

  20. Soundness Best-Effort SAS’15 ECOOP’14 ICSE’11 OOPSLA’09 More sound 1 APLAS’05

  21. Unsoundness Soundness Best-Effort SAS’15 ECOOP’14 ICSE’11 OOPSLA’09 More sound 1 APLAS’05

  22. Unsoundness Soundness Best-Effort SAS’15 ECOOP’14 ICSE’11 OOPSLA’09 More sound 1 APLAS’05 Controllable 2

  23. Unsoundness Soundness Best-Effort SAS’15 ECOOP’14 Soundness-Guided ICSE’11 OOPSLA’09 More sound 1 APLAS’05 Controllable 2

  24. More sound Controllable 1 2

  25. More sound 1

  26. The Challenging Problem unknown Class c = Class.forName(cName) i: Object v = c1.newInstance( )

  27. Existing Approach unknown Class c = Class.forName(cName) i: Object v = c1.newInstance( ) A a = (A) v2 Intra-procedural post-dominant cast operations

  28. Existing Approach unknown Class c = Class.forName(cName) c A i: Object v = c1.newInstance( ) A a = (A) v2 Intra-procedural post-dominant cast operations

  29. Existing Approach unknown Class c = Class.forName(cName) c A i: Object v = c1.newInstance( ) A a = (A) v2 Intra-procedural post-dominant cast operations only works for this intra-post-dominance pattern

  30. Existing Approach unknown Class c = Class.forName(cName) c A d d e e r r o o n n i: Object v = c1.newInstance( ) g g I I A a = (A) v2 Intra-procedural post-dominant cast operations only works for this intra-post-dominance pattern

  31. Lazy Heap Modeling (LHM)

  32. Lazy Heap Modeling (LHM) Observation A reflectively created object (returned by newInstance()) is usually used in two cases in practice

  33. Lazy Heap Modeling (LHM) Observation A reflectively created object (returned by newInstance()) is usually used in two cases in practice Intuition The side effect of a newInstance() call can be modeled lazily at these usage points

  34. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) i: Object v = c1.newInstance( )

  35. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( )

  36. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) o u i

  37. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) o u i Abstract Heap Objects of newInstance() are created lazily ( at LHM points )

  38. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) o u i A a = (A) v1 B b = (B) v2 Case ( I ) Abstract Heap Objects of newInstance() are created lazily ( at LHM points )

  39. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) o u i A a = (A) v1 B b = (B) v2 Case ( I ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points )

  40. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points )

  41. Lazy Heap Modeling (LHM) unknown Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points )

  42. Lazy Heap Modeling (LHM) unknown c D Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points )

  43. Lazy Heap Modeling (LHM) unknown c D Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) v3.mName(args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points )

  44. Lazy Heap Modeling (LHM) unknown c D Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) v3.mName(args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points ) D | o D | v3 | i i

  45. Lazy Heap Modeling (LHM) unknown c D Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) v3.mName(args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points ) D | o D | v3 | i i ? B | o B v3 | i | i

  46. Lazy Heap Modeling (LHM) unknown c D Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) v3.mName(args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points ) D | o D | v3 | i i X ? B | o B v3 | i | i

  47. Lazy Heap Modeling (LHM) unknown c D Class c = Class.forName(cName) c u i: Object v = c1.newInstance( ) Method m = c2.getDeclaredMethod(mName, ...) o u i A a = (A) v1 B b = (B) v2 m1.invoke(v3, args) v3.mName(args) Case ( I ) Case ( II ) Abstract Heap Objects | | | Type Object Location Pointed by | a of newInstance() A | o A | i i are created lazily b, v4 | o B | i | o B i b B | | | B i i ( at LHM points ) D | o D | v3 | i i X ? B | o B v3 | i | i o B i b, v3 | | | B i

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS 1. Tag soundness 2. Performance cost of soundness 3. Evaluation method 4. Conclusions TYPE-TAG SOUNDNESS Type Soundness e : If

1.28k views • 64 slides
Towards an Effective e-Assessment System and Framework: Documentation, Reflection and

Towards an Effective e-Assessment System and Framework: Documentation, Reflection and

Towards an Effective e-Assessment System and Framework: Documentation, Reflection and Application Joane V. Serrano, PhD Associate Professor UP Open University Los Banos, Laguna, Philippines jserrano@upou.edu.ph Sherry B. Marasigan

329 views • 28 slides
Ultrasound-Guided Microthrombectomy: An Effective Symptomatic Treatment For Uncomplicated

Ultrasound-Guided Microthrombectomy: An Effective Symptomatic Treatment For Uncomplicated

Ultrasound-Guided Microthrombectomy: An Effective Symptomatic Treatment For Uncomplicated Superficial Venous Thrombophlebitis Agnieszka Witkowska MD 1 , DaeHee Kim MD 1,2 , Ali Ardestani MD MSC 1 , Christopher Bolus MD 1 , Shams Iqbal MD 1 ,

567 views • 15 slides
On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of Computer Science Nanjing University luping@ics.nju.edu.cn, myou@ics.nju.edu.cn Contents Introduction to Workflow Nets Basic Properties of Workflow

558 views • 27 slides
A Sound Type System for Secure Flow Analysis Dennis Volpano, Geoffrey Smith, Cynthia Irvine

A Sound Type System for Secure Flow Analysis Dennis Volpano, Geoffrey Smith, Cynthia Irvine

A Sound Type System for Secure Flow Analysis Dennis Volpano, Geoffrey Smith, Cynthia Irvine Presenter: Lantian Zheng CS 711 September 29, 2003 Soundness of Denings Program Certification Mechanism Define the soundness property: S ( P )

819 views • 24 slides
Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller, Yannis Smaragdakis OOPSLA 2018 1 A New Pointer Analysis T echnique for Object-Oriented Programs 2 Pointer Analysis Determines which

841 views • 64 slides
The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Completeness: Proof idea . . . . . . . . . . . . . . . . . . . . . . 2 2

361 views • 3 slides
FFR Guided Functional FFR Guided Functional FFR Guided Functional FFR Guided Functional

FFR Guided Functional FFR Guided Functional FFR Guided Functional FFR Guided Functional

FFR Guided Functional FFR Guided Functional FFR Guided Functional FFR Guided Functional Angioplasty Angioplasty g g p p y y in Complex Anatomy in Complex Anatomy Jung-Min Ahn, MD g , Heart Institute Asan Medical Center Heart

671 views • 27 slides
MVC Guided Pathways Brief review of Guided Pathways at MVC Plan for Today Spring

MVC Guided Pathways Brief review of Guided Pathways at MVC Plan for Today Spring

MVC Guided Pathways Brief review of Guided Pathways at MVC Plan for Today Spring 2018-Summer 2019 Action Plan and Budget Guided Pathways in California A Framework for Improving Completion Multiple Guided Pathways Initiatives

407 views • 13 slides
Topic 9: Lighting & Reflection models Lighting & reflection The Phong reflection

Topic 9: Lighting & Reflection models Lighting & reflection The Phong reflection

9/10/2016 Topic 9: Lighting & Reflection models Lighting & reflection The Phong reflection model diffuse component ambient component specular component Spot the differences Terminology Illumination The transport

339 views • 5 slides
The Evolution of Expert Guided Sentiment Analysis William D. MacMillan, Ph.D. Evan A. Schnidman,

The Evolution of Expert Guided Sentiment Analysis William D. MacMillan, Ph.D. Evan A. Schnidman,

The Evolution of Expert Guided Sentiment Analysis William D. MacMillan, Ph.D. Evan A. Schnidman, Ph.D. QWAFAFEW, Feb. 16, 2016 Built for Amazon Reviews Sentiment Analysis Download Word Dictionaries Good - Bad Buzz ????

357 views • 21 slides
Topic 10: Lighting & Reflection models Lighting & reflection The Phong reflection

Topic 10: Lighting & Reflection models Lighting & reflection The Phong reflection

Topic 10: Lighting & Reflection models Lighting & reflection The Phong reflection model diffuse component ambient component specular component Spot the differences Terminology Illumination The transport of

1.08k views • 30 slides
Topic 8: Lighting & Reflection models Lighting & reflection The Phong reflection

Topic 8: Lighting & Reflection models Lighting & reflection The Phong reflection

Topic 8: Lighting & Reflection models Lighting & reflection The Phong reflection model diffuse component ambient component specular component Showtime Logistics Welcome back Professor Singh is away for the

1.24k views • 87 slides
An Analysis of Techniques and Methods for Technical Debt Management: a Reflection from the

An Analysis of Techniques and Methods for Technical Debt Management: a Reflection from the

An Analysis of Techniques and Methods for Technical Debt Management: a Reflection from the Architecture Perspective Carlos Fernndez Snchez, Juan Garbajosa, Carlos Vidal, Agustn Yage Technical University of Madrid (UPM) Second

204 views • 8 slides
Specular Reflection CS418 Computer Graphics John C. Hart Diffuse Reflection diffuse reflection

Specular Reflection CS418 Computer Graphics John C. Hart Diffuse Reflection diffuse reflection

Specular Reflection CS418 Computer Graphics John C. Hart Diffuse Reflection diffuse reflection Specular Reflection diffuse reflection diffuse + specular reflection Specular Reflection n v l Specular gleem is a diffused mirror

860 views • 19 slides
Improving Virtually Guided Product Certification with Implicit Finite Element Analysis at Scale

Improving Virtually Guided Product Certification with Implicit Finite Element Analysis at Scale

Improving Virtually Guided Product Certification with Implicit Finite Element Analysis at Scale Seid Koric 1 , Robert F. Lucas 2 , Erman Guleryuz 1 1 National Center for Supercomputing Applications (NCSA) 2 Livermore Software Technology Corporation

180 views • 13 slides
Lexical analysis Lexical analysis NFA N for ( a | b )* abb ( | ) A = {0, 1, 2, 4, 7} (=

Lexical analysis Lexical analysis NFA N for ( a | b )* abb ( | ) A = {0, 1, 2, 4, 7} (=

Lexical analysis Lexical analysis NFA N for ( a | b )* abb ( | ) A = {0, 1, 2, 4, 7} (= -closure(0)) B = {1, 2, 3, 4, 6, 7, 8} (= move({0, 1, 2, 4, 7}, a) = move(A, a)) C = {1, 2, 4, 5, 6, 7} (= move({0, 1, 2, 4, 7}, b) =

429 views • 4 slides
Big Picture: Compilation Process Source program Scanner Lexical CSCI: 4500/6500 Programming

Big Picture: Compilation Process Source program Scanner Lexical CSCI: 4500/6500 Programming

Big Picture: Compilation Process Source program Scanner Lexical CSCI: 4500/6500 Programming Analyzer Lexical units, token stream Languages Parser Syntax Analyzer Parse tree Lex & Yacc Intermediate Code Generator Symbol Optimizer

396 views • 10 slides
Compiler Construction Christian Rinderknecht 31 October 2008 1 Why study compiler construction?

Compiler Construction Christian Rinderknecht 31 October 2008 1 Why study compiler construction?

Compiler Construction Christian Rinderknecht 31 October 2008 1 Why study compiler construction? Few professionals design and write compilers. So why teach how to make compilers? A good software/telecom engineer understands the high-level

1.27k views • 80 slides
Lexical analysis Lexical analysis Lexical analysis checks the correctness of program words and

Lexical analysis Lexical analysis Lexical analysis checks the correctness of program words and

Lexical analysis Lexical analysis Lexical analysis checks the correctness of program words and transforms a program to the stream of tokens: removes empty symbols and commentaries; identifies keywords, indentifiers and literal

400 views • 37 slides
Martin Luther and the Reformation (Part 2 of 3) Luther -vs- the Roman Catholic Church

Martin Luther and the Reformation (Part 2 of 3) Luther -vs- the Roman Catholic Church

Martin Luther and the Reformation (Part 2 of 3) Luther -vs- the Roman Catholic Church (1517-1522) The 95 Theses - 10/31/1517 Points of dispute against the sale of indulgences Written in Latin for the university faculty to discuss

345 views • 6 slides
signal electron is single mono energetic delayed The signal electron

signal electron is single mono energetic delayed The signal electron

Proton - Production high-P low-P BG e - e - Signal - Spectrometer Magnet -e Conversion Muonic Atom Formation in-flight Production Secondary Beamline Target signal electron is

166 views • 16 slides
rr rs rr s

rr rs rr s

rr rs rr s rr rs rr s r rr rs

370 views • 20 slides
An abstract approach to Glivenkos theorem Darllan Concei c ao Pinto

An abstract approach to Glivenkos theorem Darllan Concei c ao Pinto

Category Theory 2015 An abstract approach to Glivenkos theorem Darllan Concei c ao Pinto (IME-USP/CAPES-PROEX) Joint work with H.L. Mariano D.C. Pinto, H.L. Mariano (IME-USP) 1 / 32 Introduction Index Introduction 1

651 views • 46 slides

More recommend