Unimocg: Modular Call-Graph Algorithms for Consistent Handling of Language Features
Traditional call-graph construction algorithms conflate the computation of possible runtime types with the actual resolution of (virtual) calls.
This tangled design impedes supporting complex language features and APIs and making systematic trade-offs between precision, soundness, and scalability.
It also impedes implementation of precise downstream analyses that rely on type information.
To address the problem, we propose Unimocg, a modular architecture for call-graph construction that decouples the computation of type information from resolving calls.
Due to its modular design, Unimocg can combine a wide range of different call-graph algorithms with algorithm-agnostic modules to support individual language features.
Moreover, these modules operate at the same precision as the chosen call-graph algorithm with no further effort. Additionally, Unimocg allows other analyses to easily reuse type information from the call-graph construction at full precision.
We demonstrate how Unimocg enables a framework of call-graph algorithms with different precision, soundness, and scalability trade-offs from reusable modules.
Unimocg currently supports ten call-graph algorithms from vastly different families, such as CHA, RTA, XTA, and $k$-$l$-CFA.
These algorithms show consistent soundness without sacrificing precision or performance.
We also show how an immutability analysis is improved using Unimocg.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | Call Graphs and Static AnalysisTechnical Papers at EI 9 Hlawka Chair(s): Julia Rubin The University of British Columbia | ||
10:30 20mTalk | Unimocg: Modular Call-Graph Algorithms for Consistent Handling of Language Features Technical Papers Dominik Helm University of Duisburg-Essen; TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Tobias Roth TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Sven Keidel TU Darmstadt, Michael Reif CQSE, Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE DOI Pre-print | ||
10:50 20mTalk | Total Recall? How Good Are Static Call Graphs Really? Technical Papers Dominik Helm University of Duisburg-Essen; TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Sven Keidel TU Darmstadt, Anemone Kampkötter TU Dortmund, Johannes Düsing TU Dortmund, Tobias Roth TU Darmstadt; National Research Center for Applied Cybersecurity ATHENE, Ben Hermann TU Dortmund, Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE DOI Pre-print | ||
11:10 20mTalk | Call Graph Soundness in Android Static Analysis Technical Papers Jordan Samhi CISPA Helmholtz Center for Information Security, René Just University of Washington, Tegawendé F. Bissyandé University of Luxembourg, Michael D. Ernst University of Washington, Jacques Klein University of Luxembourg Link to publication DOI Pre-print | ||
11:30 20mTalk | Synthesis of Sound and Precise Storage Cost Bounds via Unsound Resource Analysis and Max-SMT Technical Papers Elvira Albert Complutense University of Madrid, Jesús Correas Complutense University of Madrid, Pablo Gordillo Complutense University of Madrid, Guillermo Román-Díez Universidad Politécnica de Madrid, Albert Rubio Complutense University of Madrid DOI | ||