1 / 20

Static and Dynamic Analysis of Call Chains in Java

Static and Dynamic Analysis of Call Chains in Java. Atanas Rountev Scott Kagan Michael Gibas Ohio State University. Call Chains. Sequence of call graph edges <e1, e4>, <e1, e4, e3>, <e2, e3>, etc. e2. X.m(). X.n(). e1. e3. e4. X.o(). Y.p(). Analysis of Call Chains. Static analysis

sheila-bentley
Download Presentation

Static and Dynamic Analysis of Call Chains in Java

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Static and Dynamic Analysis of Call Chains in Java Atanas Rountev Scott Kagan Michael Gibas Ohio State University

  2. Call Chains • Sequence of call graph edges • <e1, e4>, <e1, e4, e3>, <e2, e3>, etc e2 X.m() X.n() e1 e3 e4 X.o() Y.p()

  3. Analysis of Call Chains • Static analysis • Input: static call graph • Output: set of static call chains • Dynamic analysis • Input: set of static call chains • Output: run-time coverage of the chains

  4. Uses of Call Chain Information • Software Understanding • Reverse engineering of UML sequence diagrams • Original motivation • Code browsing • Sequences of calls that may lead to a method being executed • Software Testing • Coverage of “interesting” chains • Integration testing • Object interactions

  5. Our Work • Defined an approach for static and dynamic analysis of call chains in Java components • Performed an experimental evaluation of the imprecision of static call chain analysis

  6. Static Analysis Input • Component and static call graph • Component: set of classes • Static call graph for the component • Entry methods X.m() c2,X X.n() c1,X c3,Y c4,Y X.o() Y.p()

  7. Static Analysis Output • Data structure which represents a set of call chains • Based on calling context tree • Ammons et al., PLDI 1997 • Nodes correspond to procedures • Edges correspond to calling relationships • Each node represents a chain • Statically built • Represents a component, not a program • Calling context forest

  8. Example X.m() c1,X c2,X X.o() X.n() c4,Y c3,Y X.n() Y.p() c3,Y Y.p()

  9. Forest Construction • Traverse call graph • Stopping mechanism • Limit depth • Filter infeasible chains • Calls through implicit formal parameter this

  10. Dynamic Analysis • Input: calling context forest and an executable that contains the component • Goal: traverse forest, visit nodes • Obvious application: chain coverage • Traversal can be in different states • Start: not yet entered component • Active: currently traversing forest • Limited: tree node not present • External: left component, waiting to return • Instrument component code

  11. Instrumentation • Generate run-time events • entered(m) • m is an entry method • Entering component code • exited(m) • Exiting component code • before(c, X) • c is call site, X is receiver class • after(c, X) • c is call site, X is receiver class • Instrumentation localized

  12. Limitations • No exceptions are thrown • Developed solution • Single threaded execution • Static and dynamic checks to ensure constraints

  13. Basic Example X.m() Event entered(X.m) before(c2,X) before(c3,Y) before(c5,Z) after(c5,Z) after(c3,Y) after(c2,X) exited(X.m) State Start Active Limited External Limited Active Start c1,X c2,X X.o() X.n() Counter 1 0 Previous State Limited

  14. Our Work • Defined an approach for static and dynamic analysis of call chains in Java components • Performed an experimental evaluation of the imprecision of static call chain analysis

  15. Experimental Evaluation • Chains are statically constructed • Some chains may be infeasible • What is the degree of imprecision? • What are the causes of imprecision? • Ultimate goal: better static analysis

  16. Analysis Implementation • Soot framework (www.sable.mcgill.ca) • Input: a component and set of tests • Output: call chains coverage • Call graph construction • Fragment analysis (Rountev et al., TSE 2004) • Placeholder main method • RTA, Andersen’s style points-to analysis • Static Analysis • Infeasibility filter, depth-limited chains

  17. Degree of Imprecision • Open source set of tests for Java standard library classes • Formed 6 components • Average 101 methods • Determined run-time coverage of statically computed call chains • Were uncovered chains feasible or infeasible? • Enhanced test suite for maximal coverage • Uncovered chains from enhanced test suite were infeasible

  18. Cause of Imprecision Experiment • Approximations made by the static analysis • if (flag) x.foo(); • Abstracted semantics • All branches of non-reference conditions possible • Otherwise, same as regular Java semantics • What if infeasible chains are feasible in new semantics? • Imprecision in any static analysis with same approximation • For all components, 94.5% of infeasible chains were feasible in new semantics

  19. Future Work • Exceptions • no new states, only new instrumentation • Multi-threading • Increase data sets • Study more causes of infeasibility • Speed optimized implementation

More Related