1 / 10

Assumption Hierarchy for a CHA Call Graph Construction Algorithm Jason Sawin & Atanas Rountev

Assumption Hierarchy for a CHA Call Graph Construction Algorithm Jason Sawin & Atanas Rountev. Call Graphs. Represent the calling relationships between methods Critical component in many interprocedural static analyses Unsound when applied to applications which use dynamic features.

iokina
Download Presentation

Assumption Hierarchy for a CHA Call Graph Construction Algorithm Jason Sawin & Atanas Rountev

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assumption Hierarchy for a CHA Call Graph Construction AlgorithmJason Sawin & AtanasRountev

  2. Call Graphs • Represent the calling relationships between methods • Critical component in many interprocedural static analyses • Unsound when applied to applications which use dynamic features

  3. Dynamic Features of Java • Dynamic Class Loading • Ability to install classes at run time • Reflection • Ability to examine or modify run-time behavior of a running application • JVM • Implicitly calls certain code elements • Native Method • Ability to interface with libraries written in non-Java languages

  4. Dynamic Features in Action Class c; String className; Method m; Object h; ... Class c = Class.forName(className, true, cl); m = c.getMethod("handle", …); h = c.newInstance(); m.invoke(h,…) ...

  5. CHA Call Graph Construction Algorithm • Class Hierarchy Analysis (CHA) • For every virtual call site e.m(…) where T is the static type of e, it examines all subtypes of T for methods which override m(…) • The set of overriding methods are considered possible targets of the call

  6. CHA and Dynamic Features • Every implementation of CHA makes assumptions about dynamic features • Wide range of possible assumptions • Very conservative to unsound • Different assumptions allow for different resolution techniques • String analysis • Cast information

  7. Assumption Hierarchy • Behaved-CLS: Dynamic features could call every method • Encap-Respect: Dynamic features respect normal encapsulation bounds • Correct Casting: Allows for casing information to be used to resolve certain features • Correct-String: Allows for use of a string analysis • Correct-Env: Allows for use of a semi static string analysis

  8. Experimental Results: Edges

  9. Summary of Results • The Correct-Env version of CHA created a graphs that contained, on average, 10% fewer nodes and 54% fewer edges than the fully conservative version • The Correct-Env version was able to resolve an average of 6% of reflective invocation calls, 50% of dynamic class loading sites, and 61% of reflective instantiation sites • Under very reasonable assumptions, a much more precise call graph can be created

  10. Conclusion • We created a hierarchy of assumptions that could be used to classify future analyses • We incorporated several new techniques for resolving dynamic features into a CHA Call Graph • Our experiments showed that assumptions have a significant impact on the graph produced

More Related