Supporting Java programming in the Svace static analyzer

The paper is devoted to the works performed within the Svace static analysis tool to support Java language. First, the approach to intercept compilation process for transparently building the analyzer internal representation should be extended to cover usage of the Java compiler API that is popular in Ant and Maven tools. We achieve this goal with implementing our custom Java agent that instruments all calls to the compiler API and notifies the analyzer with the actual compilation parameters. Second, the modified Javac compiler builds the analyzer IR. The changes we made to the compiler include avoiding unnecessary bytecode duplication for easier mapping of bytecode instructions to source code and properly marking the code added by the compiler itself. Third, we discuss the process of bytecode translation to the Svace IR proper (which is a low-level 3-address IR akin to the LLVM IR). It is a straightforward code generation algorithm with further code cleanups that treats stack locations as local variables made possible by the fact that we know the maximum stack size consumed by the method. Finally, we discuss the devirtualization heuristics that assume we know the full class hierarchy and specific Java checkers including synchronization issue checkers. Experimental results obtained on Android 5 source code show that the checkers have high quality (more than 80% true positives). It can be seen that the general infrastructure for analysis and checkers implemented in Svace works well for the Java programming language with the adaptations described in the paper.

static analysis, Java, bytecode, devirtualization

1. V.P. Ivannikov, A.A. Belevantsev, A.E. Borodin, V.N. Ignatiev, D.M. Zhurikhin, A.I. Avetisyan, M.I. Leonov. Static analyzer Svace for finding of defects in program source code. Trudy ISP RAN/ Procf ISP RAS, vol. 26, issue 1, 2014, pp. 231-250 (in Russian). DOI: 10.15514/ISPRAS-2014-26(1)-7

2. A. Borodin, A. Belevancev. A Static Analysis Tool Svace as a Collection of Analyzers with Various Complexity Levels. Trudy ISP RAS/ Proc. ISP RAS, vol. 27, issue 6, pp. 111-134 (in Russian). DOI: 10.15514/ISPRAS-2015-27(6)-8

3. Java virtual machine specification. http://docs.oracle.com/javase/specs/jvms/se7/html/, accessed 20.06.2017

4. The Javac compiler. http://docs.oracle.com/javase/7/docs/technotes/tools/windows/javac.html, accessed 20.06.2017

5. Java compiler API. http://openjdk.java.net/groups/compiler/guide/compilerAPI.html, accessed 20.06.2017

6. Ant build system. http://ant.apache.org/, accessed 20.06.2017

7. Maven build system. https://maven.apache.org/, accessed 20.06.2017

8. Android operating system. https://source.android.com/, accessed 20.06.2017

9. The Eclipse ECJ compiler. https://mvnrepository.com/artifact/org.eclipse.jdt.core.compiler/ecj, accessed 20.06.2017

10. Instrumenting Java bytecode with Java agents. https://docs.oracle.com/javase/7/docs/api/java/lang/instrument/package-summary.html, accessed 20.06.2017