![]() ![]() These customizations can be divided as follows: In general, dynamic features allow programmers to customize some aspects of the execution semantics of a program. “Analyses are often expected to be sound in that their result models all possible executions of the program under analysis.” The notion of possible program execution is used as ground truth to assess the soundness and the precision of call graph construction tools. Similarly, precision can be defined with respect to possible program executions as well.įor static analysis, a “precise analysis” can only model possible executions. The Soundness Manifesto defines the soundness of static analysis with respect to possible program executions. Static analysis differs from dynamic analysis techniques.ĭynamic techniques are inherently unsound as they depend on workloads to execute the program under analysis.įor real-world programs, these workloads will not cover all possible execution paths.ĭue to the dynamic features that are prevalent in Java programs, it turns out that most static analyses are not sound.Īs explained in the rest of this post, these dynamic features are notoriously difficult to model. It is based on the idea of extracting a model from the program without executing it, and then to reason about this model in order to detect flaws in the program.” “Static analysis is a popular technique to detect bugs and vulnerabilities early in the life cycle of a program when it is still relatively inexpensive to fix those issues. The existence of dynamic features in Java impacts its footprint at runtime.įor instance, a Java program can read strings from external files, register those strings as classes, load those classes via custom class loaders, create proxies, serialize them, and so on, all at runtime!Ĭonsequently, program analysis tools based on static analysis can’t afford to make assumptions about what should be kept at runtime and what should not. These behaviors could include an extension of the program, by adding new code, by extending objects and definitions, or by modifying the type system.” “Dynamic programming languages execute many common programming behaviours at runtime that static programming languages perform during compilation. Dynamic Language FeaturesĪs such, it supports dynamic features just like other dynamic languages such as Ruby, Python, and JavaScript.ĭynamic language features were introduced in Java since the very beginning, for example, Dynamic Proxies are available since v1.3 of the JDK. © The dynamic features of Java remain an untamed horse for static analysis. This blog post covers the fundamental dynamic features of Java and the reasons why they pose a significant challenge for GraalVM and static analysis tools in general. However, the presence of dynamic features in most Java programs is a fundamental challenge for GraalVM.Ĭonsequently, recognizing these features is key to understand the current limitations of AOT. This is due to the undecidability of resolving and analyzing code that is not reachable at compile time.Īs I mentioned in a previous blog post, the promising GraalVM compiler performs Ahead of Time Compilation (AOT) through static analysis on Java bytecode. These dynamic language features are helpful, but their usage also hinders the accuracy of static analysis tools. The existence of dynamic features built-in within the language allows Java developers to dynamically transform their program executions at runtime.įor example, using the Java Reflection API, one can inspect and interact with otherwise static language constructs such as classes, fields, and methods, e.g., to instantiate objects, set fields and invoke methods. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |