On the Recall of Static Call Graph Construction in Practice
Static analyses have problems modelling dynamic language features soundly while retaining acceptable precision. The problem is well-understood in theory, but there is little evidence on how this impacts the analysis of real-world programs. We have studied this issue for call graph construction on a set of \datasetsize real-world Java programs using an oracle of actual program behaviour recorded from executions of built-in and synthesised test cases with high coverage, have measured the recall that is being achieved by various static analysis algorithms and configurations, and investigated which language features lead to static analysis false negatives.
We report that (1) the median recall is 0.884 suggesting that standard static analyses have significant gaps with respect to the proportion of the program modelled (2) built-in tests are significantly better to expose dynamic program behaviour than synthesised tests (3) adding precision to the static analysis has little impact on recall indicating that those are separate concerns (4) state-of-the-art support for dynamic language features can significantly improve recall (the median observed is 0.935), but it comes with a hefty performance penalty, and (5) the main sources of unsoundness are not reflective method invocations, but objects allocated or accessed via native methods, and invocations initiated by the JVM, without matching call sites in the program under analysis.
These results provide some novel insights into the interaction between static and dynamic program analyses that can be used to assess the utility of static analyse results and to guide the development of future static and hybrid analyses.
Tue 6 Oct
|14:00 - 14:20|
|14:20 - 14:40|
Li SuiMassey University, New Zealand, Jens DietrichVictoria University of Wellington, Amjed TahirMassey University, George FourtounisUniversity of AthensPre-print
|14:40 - 15:00|
Manuel BenzUniversity of Paderborn, Erik Krogh KristensenAarhus University, Denmark, Linghui LuoPaderborn University, Nataniel Borges Jr.CISPA Helmholtz Center for Information Security, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Andreas ZellerCISPA Helmholtz Center for Information SecurityFile Attached
|15:00 - 15:10|
|15:10 - 15:25|
Roman HaasCQSE GmbH, Rainer NiedermayrCQSE GmbH, Tobias RoehmCQSE GmbH, Sven ApelSaarland UniversityPre-print
|15:25 - 15:40|