tags:

views:

92

answers:

5
+1  Q: 

How to identify if an object returned was created during the execution of a method - Java

Original Question: Given a method I would like to determine if an object returned is created within the execution of that method. What sort of static analysis can or should I use?

Reworked Questions: Given a method I would like to determine if an object created in that method may be returned by that method. So, if I go through and add all instantiations of the return type within that method to a set, is there an analysis that will tell me, for each member of the set, if it may or may not be returned. Additionally, would it be possible to not limit the set to a single method but, all methods called by the original method to account for delegation?

This is not specific to any invocation.

It looks like method escape analysis may be the answer.

Thanks everyone for your suggestions.

A: 

I'm not sure if this would work for you circumstances, but one simple approach would be to populate a newly added 'instantiatedTime' field in the constructor of the object and compare that with the time the method was call was made. This assumes you have access to the source for the object in question.

btreat  2010-07-03 00:52:17
Thanks, but source may not always be available.
 2010-07-03 01:07:00
A: 

Are you sure static analysis is the right tool for the job? Static analysis can give you a result in some cases but not in all.

When running the JVM under a debugger, it assigns objects with increasing object IDs, which you can fetch via System.identityHashCode(Object o). You can use this fact to build a test case that creates an object (the checkpoint), and then calls the method. If the returned object as an id greater than the checkpoint id, then you know the object was created in the method.

Disclaimer: that this is observed behaviour under a debugger, under Windows XP.

mdma  2010-07-03 00:53:00
Static analysis is preferred even with loss of accuracy. However, I hadn't thought of your recommendation. Thanks.
 2010-07-03 01:11:41
@mdma - I'm pretty sure that identityHashCode values are initially derived from object addresses. That would mean that they are not monotonically increasing over time, even within a single thread. The ids will normally increase, but when the GC runs you are likely to see a big jump forwards or backwards.
Stephen C  2010-07-03 01:31:23
@Stephen - normally that's the case, but I see under a debugger, the ids are far more predictable.
mdma  2010-07-03 10:43:34
A: 

I have a feeling that this is impossible to do without a specially modified JVM. Here are some approaches ... and why they won't work in general.

The Static Analysis approach will work in simple cases. However, something like this is likely to stump any current generation static analysis tool:

// Bad design alert ... don't try this at home!
public class LazySingletonStringFactory {
    private String s;
    public String create(String initial) {
        if (s == null) {
            s = new String(initial);
        }
        return s;
    }
}

For a static analyser to figure out if a given call to LazySingletonStringFactory.create(...) returns a newly created String it must figure out that it has not been called previously. The Halting Problem tells us that this is theoretically impossible in some cases, and in practice this is beyond the "state of the art".

The IdentityHashCode approach may work in a single-threaded application that completes without the garbage collector running. However, if the GC runs you will get incorrect answers. And if you have multiple threads, then (depending on the JVM) you may find that objects are allocated in different "spaces" resulting in object "id" creation sequence that is no longer monotonic across all threads.

The Code Instrumentation approach works if you can modify the code of the Classes you are concerned about, either direct source-code changes, annotation-based code injection or by some kind of bytecode processing. However, in general you cannot do these things for all classes.

(I'm not aware of any other approaches that are materially different to the above three ... but feel free to suggest them as a comment.)

Stephen C  2010-07-03 01:58:01
Why is this example hard? A static analyzer checking that the results of a "new" could reach a "return" statement would conservatively say "yes", and the OP understands he can't get a perfect answer from static analysis.
Ira Baxter  2010-07-03 15:53:28
@Ira Baxter - that's the point. In a significant proportion of cases, a static analyser can only say "maybe". And that's not a useful answer ...
Stephen C  2010-07-03 16:24:03
@ StephenC: Whether "maybe" is useful depends on what the OP wants to do with the answer. If he is going to light up a nuclear weapon based on the answer, then "maybe" isn't good enough. If he can do a mechanical compile/runtime hueristic optimization as a result, then "maybe" will possibly give him better code. If he is willing to investigate the code in question manually then "maybe" is a fine answer. Static analyzers sometimes give exact results, but in the face of most code they pretty much *only* give you maybe, and they're clearly useful.
Ira Baxter  2010-07-03 16:30:40
A: 

Not sure of a reliable way to do this statically.

You could use:

  1. AspectJ or a similar AOP library could be use to instrument classes and increment a counter on object creation

  2. a custom classloader (or JVM agent, but classloader is easier) could be used similarly

jayshao  2010-07-03 02:10:12
A: 

Your question seems to be either a simple "reaching" analysis ("does a new value reach a return statements") if you are interested in any invocation and only if a method-local new creates the value. If you need to know if any invocation can return a new value from any subcomputation you need to compute the possible call-graph and determine if any called function can return a new value, or pass a new value from a called function to its parent.

There are a number of Java static analysis frameworks.

SOOT is a byte-code based analysis framework. You could probably implement your static query using this.

The DMS Software Reengineering Toolkit is a generic engine for building custom analyzers and transformation tools. It has a full Java front end, and computes various useful base analyses (def/use chains, call graph) on source code. It can process class files but presently only to get type information.

If you wanted a dynamic analysis, either by itself or as a way to tighten up the static analysis, DMS can be used to instrument the source code in arbitrary ways by inserting code to track allocations.

Ira Baxter  2010-07-03 16:14:28
You're spot on. I am in fact interested in any invocation. It seems like I'm asking after escape analysis. I'll see what Soot has to offer.
 2010-07-03 19:18:42

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java