Static Analysis of Java Enterprise Applications: Frameworks and Caches, the Elephants in the Room
Enterprise applications are a major success domain of Java, and Java is the default setting for much modern static
analysis research. It would stand to reason that high-quality static analysis of Java enterprise applications would
be commonplace, but this is far from true. Major analysis frameworks feature virtually no support for enterprise applications and offer analyses that are woefully incomplete and vastly imprecise, when at all scalable.
In this work, we present two techniques for drastically enhancing the completeness and precision of static analysis
for Java enterprise applications. The first technique identifies domain-specific concepts underlying all enterprise application frameworks, captures them in an extensible, declarative form, and achieves modeling of components and
entry points in a largely framework-independent way. The second technique offers precision and scalability via a sound-modulo-analysis modeling of standard data structures.
In realistic enterprise applications (an order of magnitude larger than prior benchmarks in the literature) our
techniques achieve high degrees of completeness (on average more than 4x higher than conventional techniques)
and speedups of about 6x compared to the most precise conventional analysis, with higher precision on multiple metrics.
The result is JackEE, an enterprise analysis framework that can offer precise, high-completeness static modeling of realistic enterprise applications.
Fri 19 Jun Times are displayed in time zone: (GMT-07:00) Pacific Time (US & Canada) change
|16:00 - 16:20|
|16:20 - 16:40|
|16:40 - 17:00|
Anastasios AntoniadisUniversity of Athens, Greece, Nikos FilippakisCERN, Switzerland, Paddy KrishnanOracle Labs, Australia, Raghavendra RameshConsenSys, Australia, Nicholas AllenOracle Labs, Australia, Yannis SmaragdakisUniversity of Athens, GreecePre-print