Soundness & Soundiness
Soundness: the analysis captures all program behaviors, or the analysis result models all possible executions of the program
• A sound analysis requires to capture all dynamic behaviors
• A soundy analysis aims to capture all dynamic behaviors with certain hard language features unsoundly handled within reason
• An unsound analysis deliberately ignores certain behaviors in its design for better efficiency, precision or accessibility
Hard Language Feature: Java Reflection
方法1: String Constant analysis + Pointer Analysis
当然,这只适应于非常简单的reflection
方法2: Type Inference + String analysis + Pointer Analysis
用reflective target method参数确定具体调用的方法和类。
方法3:结合动态分析
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
Hard Language Feature: Native Code
Native Code允许java代码调用非java代码,一般通过Java Native Interface执行来与c/c++进行交互。
对重要的native code手动建模。例如,对经常调用的arraycopy()函数进行建模,建模后就是一个拷贝循环,但从指针分析角度来讲,看到这个循环,我们就把数组指针进行传递。
https://www.jianshu.com/p/1ca6e11b1e72
