Solar is a static analysis framework that strives to automate sound reflection analysis for Java programs (under some assumptions) introduced in our paper titled "Effective Soundness-Guided Reflection Analysis", SAS'2015. Solar can identify the places in a program where reflection is resolved unsoundly or imprecisely, enabling lightweight annotations to improve the quality of analysis and make the analysis controllable.
Solar is implemented on top of Elf. To ease the understanding of the Datalog rules used in our implementation, we have rewritten the rules inherited from Elf and added new ones in a uniform manner. Users are expected to understand how different parts of the Java reflection API are handled easily and precisely when applying Solar to analyse their applications.
Solar can output its reflection analysis results with the format that is supported by Soot. You can let Soot receive the results of Solar easily by following the instructions in the tutorial.
The tar.gz file includes four important files:
tutorial: a step-by-step guide to installing Solar on top of Doop (version r160113) by using the two patch files (available below). The main differences between Solar and Doop are also summarised.
solar.patch: a patch file for updating the Datalog rules and some auxiliary scripts used in Doop.
gen.patch: a patch file for updating the fact generator (version r958) provided by Doop.
_Unknown_.class: an auxiliary class which is used to introduce the Unknown type into the existing type system. In addition, this class will help Solar soundly model the pointer-affecting methods, such as getClass() and toString(), which are directly invoked on the unknown objects before reaching the LHM points. See the comments in the _Unknown_.java file for details.
The authors wish to thank the Doop team for making Doop available, and LogicBlox Inc. for providing us its Datalog engine.