Total Recall? How Good Are Static Call Graphs Really?
Static call graphs are a fundamental building block of program analysis.
However, differences in call-graph construction and the use of specific language features can yield unsoundness and imprecision.
Call-graph analyses are evaluated using measures of precision and recall, but this is hard when a ground truth for real-world programs is generally unobtainable.
In this work, we propose to use carefully constructed dynamic baselines based on fixed entry points and input corpora.
The creation of this dynamic baseline is posed as an approximation of the ground truth—an optimization problem.
We use manual extension and coverage-guided fuzzing for creating suitable input corpora.
With these dynamic baselines, we study call-graph quality of multiple algorithms and implementations using four real-world Java programs.
We find that our methodology provides valuable insights into call-graph quality and how to measure it.
With this work, we provide a novel methodology to advance the field of static program analysis as we assess the computation of one of its core data structures—the call graph.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | Call Graphs and Static AnalysisTechnical Papers at EI 9 Hlawka Chair(s): Julia Rubin The University of British Columbia | ||
10:30 20mTalk | Unimocg: Modular Call-Graph Algorithms for Consistent Handling of Language Features Technical Papers Dominik Helm University of Duisburg-Essen; TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Tobias Roth TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Sven Keidel TU Darmstadt, Michael Reif CQSE, Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE DOI Pre-print | ||
10:50 20mTalk | Total Recall? How Good Are Static Call Graphs Really? Technical Papers Dominik Helm University of Duisburg-Essen; TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Sven Keidel TU Darmstadt, Anemone Kampkötter TU Dortmund, Johannes Düsing TU Dortmund, Tobias Roth TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Ben Hermann TU Dortmund, Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE DOI Pre-print | ||
11:10 20mTalk | Call Graph Soundness in Android Static Analysis Technical Papers Jordan Samhi CISPA Helmholtz Center for Information Security, René Just University of Washington, Tegawendé F. Bissyandé University of Luxembourg, Michael D. Ernst University of Washington, Jacques Klein University of Luxembourg Link to publication DOI Pre-print | ||
11:30 20mTalk | Synthesis of Sound and Precise Storage Cost Bounds via Unsound Resource Analysis and Max-SMT Technical Papers Elvira Albert Complutense University of Madrid, Jesús Correas Complutense University of Madrid, Pablo Gordillo Complutense University of Madrid, Guillermo Román-Díez Universidad Politécnica de Madrid, Albert Rubio Complutense University of Madrid DOI | ||