TamiFlex – Taming Reflection in Java Programs

TamiFlex is our solution to the dreaded “reflection problem” in static program analysis for Java. Using reflection, Java programs can invoke methods and access fields and classes indirectly, by passing a String value to some special methods of the reflection API. Those string values can be generated at runtime, making them impossible to analyze statically.

TamiFlex solves this problem in part, on a best-effort basis: it logs information about reflective calls at runtime and then transforms the program's code to include non-reflective versions of those calls. Static analysis tools can then “see” those calls in the modified program version, thus allowing for a “more sound” analysis of those programs. TamiFlex also integrates with Soot. Results on TamiFlex have been published at ICSE 2011.