Explore an in-depth overview of static analysis for Java in this conference talk from the JVM Language Summit. Dive into the complexities of whole-program points-to analysis, examining its various applications including call graph construction, security analysis, and program debugging. Learn about different analysis flavors, from sound to unsound, context-sensitive to flow-sensitive. Discover why static analysis for Java is more challenging than it appears, with a focus on often-overlooked concepts like reflection, JNI, and unsafe memory access. Gain insights into handling dynamic features without compromising analysis precision, illustrated through the static analysis framework developed for GraalVM Native Image. Examine real-world examples demonstrating both the successes and limitations of points-to analysis in proving whole-program properties crucial for optimizations and security analysis.
Overview
Syllabus
An Opinionated Overview on Static Analysis for Java #JVMLS
Taught by
Java
Related Courses
-
Comparing Rapid Type Analysis with Points-To Analysis in GraalVM Native Image
-
On-The-Fly Static Analysis via Dynamic Bidirected Dyck Reachability
-
Static Analysis of Memory Models for SMT Encodings
-
CHERI Static Analysis - POCL'24
-
Static Code Analysis of Complex PHP Application Vulnerabilities
-
Reducing Static Analysis Unsoundness with Approximate Interpretation
