Blogs (61) >>
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
Fri 20 Jul 2018 12:00 - 12:15 at Hamburg - Java

Call graphs are at the core of many static analyses ranging from the detection of unused methods to advanced control- and data-flow analyses. Therefore, a comprehensive understanding of the precision and recall of the respective graphs is crucial to enable an assessment which call-graph construction algorithms are suited in which analysis scenario. For example, malware is often obfuscated and tries to hide its intent by using Reflection. Call graphs that do not represent reflective method calls are, therefore, of limited use when analyzing such apps. In general, the precision is well understood, but the recall is not; i.e., in which cases a call graph will not contain any call edges. In this paper, we discuss the design of a comprehensive test suite that enables us to compute a fingerprint of the soundiness of the respective call-graph construction algorithms. This suite also enables us to make a comparative evaluation of static analysis frameworks. Comparing Soot and WALA shows that WALA currently has better support for new Java 8 features and also for Java Reflection. However, in some cases, both fail to include expected edges.

Fri 20 Jul

11:00 - 12:30: SOAP - Java at Hamburg
SOAP-2018-papers153207720000011:00 - 11:10
Day opening
Omer TrippGoogle Inc., Ben HermannUniversity of Paderborn
SOAP-2018-papers153207780000011:10 - 12:00
Jens PalsbergUniversity of California, Los Angeles, Crista Lopes
SOAP-2018-papers153208080000012:00 - 12:15
Michael ReifTU Darmstadt, Germany, Florian KüblerTU Darmstadt, Germany, Michael EichbergTU Darmstadt, Germany, Mira MeziniTU Darmstadt
Pre-print Media Attached
SOAP-2018-papers153208170000012:15 - 12:30
Michael D. ShahNortheastern University, USA, Samuel Guyer