ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION

  • Slides: 10
Download presentation
ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION ALGORITHM JASON SAWIN & ATANAS ROUNTEV

ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION ALGORITHM JASON SAWIN & ATANAS ROUNTEV

Call Graphs • Represent the calling relationships between methods • Critical component in many

Call Graphs • Represent the calling relationships between methods • Critical component in many interprocedural static analyses • Unsound when applied to applications which use dynamic features

Dynamic Features of Java • Dynamic Class Loading – Ability to install classes at

Dynamic Features of Java • Dynamic Class Loading – Ability to install classes at run time • Reflection – Ability to examine or modify run-time behavior of a running application • JVM – Implicitly calls certain code elements • Native Method – Ability to interface with libraries written in non-Java languages

Dynamic Features in Action Class c; String class. Name; Method m; Object h; .

Dynamic Features in Action Class c; String class. Name; Method m; Object h; . . . Class c = Class. for. Name(class. Name, true, cl); m = c. get. Method("handle", …); h = c. new. Instance(); m. invoke(h, …). . .

CHA Call Graph Construction Algorithm • Class Hierarchy Analysis (CHA) – For every virtual

CHA Call Graph Construction Algorithm • Class Hierarchy Analysis (CHA) – For every virtual call site e. m(…) where T is the static type of e, it examines all subtypes of T for methods which override m(…) – The set of overriding methods are considered possible targets of the call

CHA and Dynamic Features • Every implementation of CHA makes assumptions about dynamic features

CHA and Dynamic Features • Every implementation of CHA makes assumptions about dynamic features – Wide range of possible assumptions • Very conservative to unsound • Different assumptions allow for different resolution techniques – String analysis – Cast information

Assumption Hierarchy • Behaved-CLS: Dynamic features could call every method • Encap-Respect: Dynamic features

Assumption Hierarchy • Behaved-CLS: Dynamic features could call every method • Encap-Respect: Dynamic features respect normal encapsulation bounds • Correct Casting: Allows for casing information to be used to resolve certain features • Correct-String: Allows for use of a string analysis • Correct-Env: Allows for use of a semi static string analysis

Experimental Results: Edges 3000000 2500000 Bhv Encap Cast String Semi 1500000 1000000 500000 Benchmarks

Experimental Results: Edges 3000000 2500000 Bhv Encap Cast String Semi 1500000 1000000 500000 Benchmarks et ol Vi d Pa Vi et C Sa bl e. C fin uf dt in M M er m s w Jp JG ap t di JE c va Ja B 0 D Edges 2000000

Summary of Results • The Correct-Env version of CHA created a graphs that contained,

Summary of Results • The Correct-Env version of CHA created a graphs that contained, on average, 10% fewer nodes and 54% fewer edges than the fully conservative version • The Correct-Env version was able to resolve an average of 6% of reflective invocation calls, 50% of dynamic class loading sites, and 61% of reflective instantiation sites • Under very reasonable assumptions, a much more precise call graph can be created

Conclusion • We created a hierarchy of assumptions that could be used to classify

Conclusion • We created a hierarchy of assumptions that could be used to classify future analyses • We incorporated several new techniques for resolving dynamic features into a CHA Call Graph • Our experiments showed that assumptions have a significant impact on the graph produced