Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java
Call graphs are at the core of many static analyses ranging from the detection of unused methods to advanced control- and data-flow analyses. Therefore, a comprehensive understanding of the precision and recall of the respective graphs is crucial to enable an assessment which call-graph construction algorithms are suited in which analysis scenario. For example, malware is often obfuscated and tries to hide its intent by using Reflection. Call graphs that do not represent reflective method calls are, therefore, of limited use when analyzing such apps. In general, the precision is well understood, but the recall is not; i.e., in which cases a call graph will not contain any call edges. In this paper, we discuss the design of a comprehensive test suite that enables us to compute a fingerprint of the soundiness of the respective call-graph construction algorithms. This suite also enables us to make a comparative evaluation of static analysis frameworks. Comparing Soot and WALA shows that WALA currently has better support for new Java 8 features and also for Java Reflection. However, in some cases, both fail to include expected edges.
Fri 20 Jul
|11:00 - 11:10|
|11:10 - 12:00|
|12:00 - 12:15|
Michael ReifTU Darmstadt, Germany, Florian KüblerTU Darmstadt, Germany, Michael EichbergTU Darmstadt, Germany, Mira MeziniTU DarmstadtPre-print Media Attached
|12:15 - 12:30|