Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
static analysis of java dynamic proxies

Static Analysis of Java Dynamic Proxies George Fourtounis - PowerPoint PPT Presentation

Aug 28, 2023 •172 likes •407 views

Static Analysis of Java Dynamic Proxies George Fourtounis (gfour@di.uoa.gr) George Kastrinis (gkastrinis@di.uoa.gr) Yannis Smaragdakis (yannis@smaragd.org) University of Athens, Greece ISSTA18, July 17, 2018, Amsterdam, Netherlands Dynamic

  1. Static Analysis of Java Dynamic Proxies George Fourtounis (gfour@di.uoa.gr) George Kastrinis (gkastrinis@di.uoa.gr) Yannis Smaragdakis (yannis@smaragd.org) University of Athens, Greece ISSTA’18, July 17, 2018, Amsterdam, Netherlands

  2. Dynamic proxies in Java ● GoF, “Proxy” design pattern: “ P r o v i d e a s u r r o g a t e o r p l a c e h o l d e r f o r a n o t h e r o b j e c t t o c o n t r o l a c c e s s t o i t . ” ● Proxy objects can be pregenerated at compile- time or dynamically generated at runtime (more fmexibility) ● Java 1.3 introduced an API to generate dynamic proxies 2 Static analysis of Java dynamic proxies

  3. Java dynamic proxies API ● “Give me some interfaces and method dispatch logic and I'll dynamically generate a class that implements all such interfaces” ● Method dispatch logic = the “invocation handler”, essentially an interpreter that refmectively handles all attempted method calls ● API + invocation handler = implemented API ● Using dynamic code generation/loading 3 Static analysis of Java dynamic proxies

  4. Example class A implements I { Object getField() ... float mult(float x, float y) ... } interface I { Object getField(); float mult(float x, float y); } 4 Static analysis of Java dynamic proxies

  5. Example class A implements I { Object getField() ... class AHandler implements InvocationHandler { float mult(float x, float y) ... private A a; } public AHandler(A a) { this.a = a; } public Object invoke(Object proxy, Method method, Object[] args) { if (method.getName().equals("getField")) return new B(); else if (method.getName().equals("mult") { interface I { float x = ((Float)args[0]).floatValue(); Object getField(); float y = ((Float)args[1]).floatValue(); float mult(float x, float y); return a.mult(x, y); } } else return null; }} 5 Static analysis of Java dynamic proxies

  6. Example class A implements I { Object getField() ... class AHandler implements InvocationHandler { float mult(float x, float y) ... private A a; } public AHandler(A a) { this.a = a; } public Object invoke(Object proxy, Method method, Object[] args) { if (method.getName().equals("getField")) return new B(); else if (method.getName().equals("mult") { interface I { float x = ((Float)args[0]).floatValue(); Object getField(); float y = ((Float)args[1]).floatValue(); float mult(float x, float y); return a.mult(x, y); } } else return null; handler = new AHandler(new A()); }} proxy = newProxyInstance({I.class}, handler); 6 Static analysis of Java dynamic proxies

  7. Points-to static analysis What values does “proxy” point to? I proxy = newProxyInstance(interfaces, handler); Problems: – newProxyInstance() is a black box: dynamic code generation means no statically-available classes – generated class depends on interfaces and handler, which are runtime values 7 Static analysis of Java dynamic proxies

  8. Dynamic proxies are a problem In a recent survey of 461 open-source Java projects, Landman et al. fjnd that 21% of them use dynamic proxies ● “very harmful for static analysis” ● “avoid the use of dynamic proxies at any cost” ● “no clear solution seems to be on the horizon” Davy Landman, Alexander Serebrenik, and Jurgen J. Vinju. C h a l l e n g e s f o r S t a t i c . ICSE 2017. A n a l y s i s o f J a v a R e fl e c t i o n - L i t e r a t u r e R e v i e w a n d E m p i r i c a l S t u d y 8 Static analysis of Java dynamic proxies

  9. We have a solution! ● Don't analyze the body of newProxyInstance() , model instead the Proxy API semantics ● To model the API we need: – a points-to analysis – good support for Java refmection – exception analysis 9 Static analysis of Java dynamic proxies

  10. Our solution ● Doop, a static analysis framework for Java – analyses written in Datalog – already provides a points-to analysis (with several context-sensitivity fmavors), a refmection analysis (with substring analysis), and an exception analysis ● Add rules to model dynamic proxies – mutually recursive: the new rules use existing analyses but also inform them 10 Static analysis of Java dynamic proxies

  11. A core rule (informally) handler = new AHandler(new A()) proxy = newProxyInstance({I.class}, handler) If: ● an instruction i calls newProxyInstance(), ● the interfaces argument points to an array that contains the Class for interface t_i, ● the handler argument points to a value obj_handler, and ● the instruction returns a value in v_ret, then v_ret points to an object that proxies t_i using obj_handler 11 Static analysis of Java dynamic proxies

  12. A core rule (in Doop) VarPointsTo(v_ret , obj_proxy), ProxyObjectHandler(obj_proxy, obj_handler) ← Call(i, "Proxy.newProxyInstance"), ActualArg(i, 1, arg_ifaces), VarPointsTo(arg_ifaces, obj_ifaces), ArrayContentsPointTo(obj_ifaces , Class_i), ReifiedType(t_i , Class_i), ActualArg(i, 2, arg_handler), VarPointsTo(arg_handler, obj_handler), AssignRetValue(i, v_ret), ReifiedProxyInstance(t_i, i, obj_proxy). 12 Static analysis of Java dynamic proxies

  13. A core rule (in Doop) VarPointsTo(v_ret , obj_proxy), ProxyObjectHandler(obj_proxy, obj_handler) ← Call(i, "Proxy.newProxyInstance"), ActualArg(i, 1, arg_ifaces), VarPointsTo(arg_ifaces, obj_ifaces), ArrayContentsPointTo(obj_ifaces , Class_i), ReifiedType(t_i , Class_i), ActualArg(i, 2, arg_handler), VarPointsTo(arg_handler, obj_handler), AssignRetValue(i, v_ret), ReifiedProxyInstance(t_i, i, obj_proxy). 13 Static analysis of Java dynamic proxies

  14. A core rule (in Doop) VarPointsTo(v_ret , obj_proxy), ProxyObjectHandler(obj_proxy, obj_handler) ← Call(i, "Proxy.newProxyInstance"), ActualArg(i, 1, arg_ifaces), VarPointsTo(arg_ifaces, obj_ifaces), ArrayContentsPointTo(obj_ifaces , Class_i), ReifiedType(t_i , Class_i), ActualArg(i, 2, arg_handler), VarPointsTo(arg_handler, obj_handler), AssignRetValue(i, v_ret), ReifiedProxyInstance(t_i, i, obj_proxy). 14 Static analysis of Java dynamic proxies

  15. A core rule (in Doop) VarPointsTo(v_ret , obj_proxy), ProxyObjectHandler(obj_proxy, obj_handler) ← Call(i, "Proxy.newProxyInstance"), ActualArg(i, 1, arg_ifaces), VarPointsTo(arg_ifaces, obj_ifaces), ArrayContentsPointTo(obj_ifaces , Class_i), ReifiedType(t_i , Class_i), ActualArg(i, 2, arg_handler), VarPointsTo(arg_handler, obj_handler), AssignRetValue(i, v_ret), ReifiedProxyInstance(t_i, i, obj_proxy). 15 Static analysis of Java dynamic proxies

  16. A core rule (in Doop) VarPointsTo(v_ret , obj_proxy), ProxyObjectHandler(obj_proxy, obj_handler) ← Call(i, "Proxy.newProxyInstance"), ActualArg(i, 1, arg_ifaces), VarPointsTo(arg_ifaces, obj_ifaces), ArrayContentsPointTo(obj_ifaces , Class_i), ReifiedType(t_i , Class_i), ActualArg(i, 2, arg_handler), VarPointsTo(arg_handler, obj_handler), AssignRetValue(i, v_ret), ReifiedProxyInstance(t_i, i, obj_proxy). 16 Static analysis of Java dynamic proxies

  17. A core rule (in Doop) VarPointsTo(v_ret , obj_proxy), ProxyObjectHandler(obj_proxy, obj_handler) ← Call(i, "Proxy.newProxyInstance"), ActualArg(i, 1, arg_ifaces), VarPointsTo(arg_ifaces, obj_ifaces), ArrayContentsPointTo(obj_ifaces , Class_i), ReifiedType(t_i , Class_i), ActualArg(i, 2, arg_handler), VarPointsTo(arg_handler, obj_handler), AssignRetValue(i, v_ret), ReifiedProxyInstance(t_i, i, obj_proxy). 17 Static analysis of Java dynamic proxies

  18. Looks simple! ● If you already have all the other analyses ● And interfacing with them is easy ● Mutual recursion ( VarPointsTo in last slide) ● In total, 29 Datalog rules (also taking care of corner cases, such as argument boxing, special java.lang.Object methods, proxy spec exceptions) 18 Static analysis of Java dynamic proxies

  19. Evaluation 1: XCorpus XCorpus, a suite of Java programs containing: – binaries ready for static analysis – entry points with good code coverage – report about calls to newProxyInstance() Taking the XCorpus report as ground truth, does our analysis resolve calls to proxies? J. Dietrich, H. Schole, L. Sui, E. Tempero. X C o r p u s – A n e x e c u t a b l e C o r p u s o f J a v a . jot.fm vol 16, no. 4. P r o g r a m s 19 Static analysis of Java dynamic proxies

  20. Evaluation 1: XCorpus Def- vs. Opt-refmective: full refmection vs. naive refmection support for scalability ● Both miss the same benchmark ( squirrel ) due to lack of coverage by the ● XCorpus entry points 20 Static analysis of Java dynamic proxies

  21. Evaluation 2: okhttp/guice ● Ground truth from manual inspection ● OkHttp, a popular HTTP library – OpenJDK/Android portability with dynamic proxies – we analyze okhttp-mockwebserver (its test server) ● Google Guice, dependency injection (DI) framework – we analyze guice-jndi (standalone test JNDI client) – many call-graph edges, as in XCorpus picocontainer (another DI library) 21 Static analysis of Java dynamic proxies

  22. Conclusion ● Dynamic proxies are no longer a source of unsoundness in static analysis! ● We can analyze code with proxies using limited support of refmection ● Writing analyses in mutual-recursive style is easy 22 Static analysis of Java dynamic proxies

  23. Thank you! 23 Static analysis of Java dynamic proxies

Recommend

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp .. -jar myapp.jar Java 9 java -cp .. -jar myapp.jar Today's journey Running on Java 9 Java 9 modules Migrating to modules Modularising code

853 views • 45 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.08k views • 44 slides
Java Comes Home to the Consumer Chet Haase Java SE Client Architect Java Comes Home to the

Java Comes Home to the Consumer Chet Haase Java SE Client Architect Java Comes Home to the

Java Comes Home to the Consumer Chet Haase Java SE Client Architect Java Comes Home to the Consumer Chet Haase Java SE Client Architect Agenda Java SE 6 Update N Java FX JDK7 Agenda Java SE 6 Update N Java FX

657 views • 51 slides
Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006) Java 7 (2010) Other topics Basic concurrency in Java Java Memory Model describes how threads interact through memory Single thread

816 views • 34 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

445 views • 4 slides
Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements Repetition statements (loops) Writing Classes in Java Selim Aksoy Class definitions Bilkent University Encapsulation and Java modifiers

351 views • 11 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

325 views • 7 slides
Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have to worry about types (+ Dynamic) Dependent on input (- Dynamic) Runtime overhead (- Dynamic) Serve as documentation (+ Static)

572 views • 24 slides
Wrap Up Static, Packages, Exceptions Static methods // Example: // Java's built in Math class

Wrap Up Static, Packages, Exceptions Static methods // Example: // Java's built in Math class

Wrap Up Static, Packages, Exceptions Static methods // Example: // Java's built in Math class public class Math { public static int abs(int a) { if (a >= 0) { return a; } else { return -a; } } public static double toDegrees(double

488 views • 21 slides
DTrace Topics: -> java/lang/System.arraycopy <- java/lang/System.arraycopy Java <-

DTrace Topics: -> java/lang/System.arraycopy <- java/lang/System.arraycopy Java <-

# ./jflow.d <- java/lang/Thread.sleep -> Greeting.greet -> java/io/PrintStream.println -> java/io/PrintStream.print -> java/io/PrintStream.write -> java/io/PrintStream.ensureOpen <- java/io/PrintStream.ensureOpen ->

637 views • 34 slides
How Java works The java compiler takes a .java file and generates a .class file The .class

How Java works The java compiler takes a .java file and generates a .class file The .class

How Java works The java compiler takes a .java file and generates a .class file The .class file contains Java bytecodes, the assembler language for Java programs Bytecodes are executed in a JVM (java virtual machine), the valid

427 views • 8 slides
OpenJDK The Future of Open Source Java on GNU/Linux Dalibor Topi Java F/OSS Ambassador

OpenJDK The Future of Open Source Java on GNU/Linux Dalibor Topi Java F/OSS Ambassador

OpenJDK The Future of Open Source Java on GNU/Linux Dalibor Topi Java F/OSS Ambassador Blog aggregated on http://planetjdk.org Java Implementations Become Open Source Java ME, Java SE, and Java EE 2 Why now? Java is everywhere

660 views • 39 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

434 views • 12 slides
Java without BlueJ public static void main main (String[] (String[] args args) ) public

Java without BlueJ public static void main main (String[] (String[] args args) ) public

Java without BlueJ public static void main main (String[] (String[] args args) ) public static void Java without BlueJ BlueJ is an BlueJ (IDE) for Java Java . is an Integrated Development Environment Integrated Development Environment (IDE)

162 views • 13 slides
Unified Solver Strategy for Floating-Point based on Proxy Theories FMCAD 2017 Student Forum

Unified Solver Strategy for Floating-Point based on Proxy Theories FMCAD 2017 Student Forum

Unified Solver Strategy for Floating-Point based on Proxy Theories FMCAD 2017 Student Forum Jaideep Ramachandran Northeastern University, Boston Oct 4, 2017 Jaideep Ramachandran Unified Solver Strategy for Floating-Point Model Lifting

329 views • 6 slides
An Evaluation of Fault- Tolerant TCP-Splice Based Web Server Architectures Manish Marwah Jacob

An Evaluation of Fault- Tolerant TCP-Splice Based Web Server Architectures Manish Marwah Jacob

An Evaluation of Fault- Tolerant TCP-Splice Based Web Server Architectures Manish Marwah Jacob Delgado Shivakant Mishra Christof Fetzer Department of Computer Science Department of Computer Science University of Colorado, Campus

301 views • 26 slides
Proxy Functions Jeffrey Snover Distinguished Engineer/Lead Architect Windows Server Demo New

Proxy Functions Jeffrey Snover Distinguished Engineer/Lead Architect Windows Server Demo New

Proxy Functions Jeffrey Snover Distinguished Engineer/Lead Architect Windows Server Demo New Features Get-Help Type MSType Out-Default ($LL) Format-Table IncludeIndex Start-Job Oncompleted {} New Features

460 views • 7 slides
OHT: Hierarchical Distributed Hash Tables Kun Feng, Tianyang Che Outline Introduction

OHT: Hierarchical Distributed Hash Tables Kun Feng, Tianyang Che Outline Introduction

OHT: Hierarchical Distributed Hash Tables Kun Feng, Tianyang Che Outline Introduction Contribution Motivation Hierarchy Design Fault Tolerance Design Evaluation Summary Future Work Introduction ZHT

354 views • 19 slides
Metaprogramming & JavaScript Object Proxies Prof. Tom Austin San Jos State University

Metaprogramming & JavaScript Object Proxies Prof. Tom Austin San Jos State University

CS 252: Advanced Programming Language Principles Metaprogramming & JavaScript Object Proxies Prof. Tom Austin San Jos State University ECMAScript Schism ECMAScript 4 was divisive A group broke off to create ECMAScript 3.1

480 views • 32 slides
Internet Technology 14. VoIP and NAT Traversal Paul Krzyzanowski Rutgers University Spring 2013

Internet Technology 14. VoIP and NAT Traversal Paul Krzyzanowski Rutgers University Spring 2013

Internet Technology 14. VoIP and NAT Traversal Paul Krzyzanowski Rutgers University Spring 2013 April 29, 2013 2013 Paul Krzyzanowski 1 Session Initiation Protocol (SIP) Dominant protocol for Voice over IP (VoIP) RFC 3261 Allows

577 views • 40 slides
The POD file NAME iaoptions.config Main (and only) configuration file for JACoW.upload,

The POD file NAME iaoptions.config Main (and only) configuration file for JACoW.upload,

File Upload / Download Perl Scripts The five Perl scripts must be installed on the conference file server to enable authors and editors to upload and download manuscript and talk files. The file server must have an up-to-date version of

278 views • 9 slides
Compact Explanation of Why Malware is Bad Speaker: Wei Chen 1 Joint Work with Charles Sutton 1 ,

Compact Explanation of Why Malware is Bad Speaker: Wei Chen 1 Joint Work with Charles Sutton 1 ,

Compact Explanation of Why Malware is Bad Speaker: Wei Chen 1 Joint Work with Charles Sutton 1 , David Aspinall 1 , Andrew D. Gordon 1 , 2 , Igor Muttik 3 , and Qi Shen 4 App Guarden Project 1 University of Edinburgh 2 Microsoft Research Cambridge

427 views • 31 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.