An Opinionated Overview on Static Analysis for Java

Explore an in-depth overview of static analysis for Java in this conference talk from the JVM Language Summit. Dive into the complexities of whole-program points-to analysis, examining its various applications including call graph construction, security analysis, and program debugging. Learn about different analysis flavors, from sound to unsound, context-sensitive to flow-sensitive. Discover why static analysis for Java is more challenging than it appears, with a focus on often-overlooked concepts like reflection, JNI, and unsafe memory access. Gain insights into handling dynamic features without compromising analysis precision, illustrated through the static analysis framework developed for GraalVM Native Image. Examine real-world examples demonstrating both the successes and limitations of points-to analysis in proving whole-program properties crucial for optimizations and security analysis.