The Research Of Field-sensitive Side Effect Analysis For Java Programs

The purpose of the side effects analysis is to find what variables might be read or modified by the execution of procedures. This analysis can provide useful information for optimizing compilers, improve the accuracy for intraprocedural analysis and provide assistance for dependency analysis, program slicing, etc.In this paper, Jimple, which is one of the Java intermediate representations, is worked as the target language. This thesis designs and implements a flow-insensitive, context-sensitive and field-sensitive side effect analysis algorithm based on method summaries to improve the time and space efficiency for the vulnerabilities detection of large-scale WEB applications. The whole algorithm is divided into three stages, which are pre-processing by Soot, intraprocedural analysis and interprocedural analysis.Java source codes and bytecodes can be transformed to Jimple, which is a 3-address intermediate representation by Soot. This intermediate representation has a clear structure to lay the foundation for the flow-insensitive, context-sensitive and field-sensitive side effect analysis.In the intraprocedural analysis, the points-to graph can be used to get a collection of all the objects the variable points to, and analysis precisely the set information of variables read or modified in methods.Summaries are used to record the results of side effect analysis. The summary objects can be saved to the hard disk and restored by Java serialization and deserialization.The context information and the relations of class inheritance can be used to handle the virtual invoke methods so as to determine the specific called methods. The tarjan algorithm and call graph can be adopted to handle the recursive calls to find out all strongly connected components in the methods. Instantiating the summaries of methods in the inverse topological sorting strongly connected components and merging into the called methods so as to iterate to an fixed point. The iterative processing is time-consuming and difficult to reach the fixed point, so that it needs to be optimized. As it believes the read and write information in the method summaries of the strongly connected components are similar when iterate to a fixed point, instantiate summaries by points-to graph and merge summaries directly to improve time efficiency.