Indirection-Bounded Call Graph Analysis

Authors Madhurima Chakraborty, Aakash Gnanakumar, Manu Sridharan , Anders Møller



PDF
Thumbnail PDF

File

LIPIcs.ECOOP.2024.10.pdf
  • Filesize: 0.89 MB
  • 22 pages

Document Identifiers

Author Details

Madhurima Chakraborty
  • University of California, Riverside, CA, USA
Aakash Gnanakumar
  • University of California, Riverside, CA, USA
Manu Sridharan
  • University of California, Riverside, CA, USA
Anders Møller
  • Aarhus University, Denmark

Cite AsGet BibTex

Madhurima Chakraborty, Aakash Gnanakumar, Manu Sridharan, and Anders Møller. Indirection-Bounded Call Graph Analysis. In 38th European Conference on Object-Oriented Programming (ECOOP 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 313, pp. 10:1-10:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.ECOOP.2024.10

Abstract

Call graphs play a crucial role in analyzing the structure and behavior of programs. For JavaScript and other dynamically typed programming languages, static call graph analysis relies on approximating the possible flow of functions and objects, and producing usable call graphs for large, real-world programs remains challenging. In this paper, we propose a simple but effective technique that addresses performance issues encountered in call graph generation. We observe via a dynamic analysis that typical JavaScript program code exhibits small levels of indirection of object pointers and higher-order functions. We demonstrate that a widely used analysis algorithm, wave propagation, closely follows the levels of indirections, so that call edges discovered early are more likely to be true positives. By bounding the number of indirections covered by this analysis, in many cases it can find most true-positive call edges in less time. We also show that indirection-bounded analysis can similarly be incorporated into the field-based call graph analysis algorithm ACG. We have experimentally evaluated the modified wave propagation algorithm on 25 large Node.js-based JavaScript programs. Indirection-bounded analysis on average yields close to a 2X speed-up with only 5% reduction in recall and almost identical precision relative to the baseline analysis, using dynamically generated call graphs for the recall and precision measurements. To demonstrate the robustness of the approach, we also evaluated the modified ACG algorithm on 10 web-based and 4 mobile-based medium sized benchmarks, with similar results.

Subject Classification

ACM Subject Classification
  • Theory of computation → Program analysis
Keywords
  • JavaScript
  • call graphs
  • points-to analysis

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Alexander Aiken. Introduction to set constraint-based program analysis. Science of Computer Programming, 35(2-3):79-111, 1999. Google Scholar
  2. Lars Ole Andersen. Program analysis and specialization for the C programming language. PhD thesis, University of Copenhagen, 1994. Google Scholar
  3. Gábor Antal, Péter Hegedüs, Zoltán Herczeg, Gábor Lóki, and Rudolf Ferenc. Is javascript call graph extraction solved yet? A comparative study of static and dynamic tools. IEEE Access, 11:25266-25284, 2023. URL: https://doi.org/10.1109/ACCESS.2023.3255984.
  4. Madhurima Chakraborty, Renzo Olivares, Manu Sridharan, and Behnaz Hassanshahi. Automatic root cause quantification for missing edges in JavaScript call graphs. In 36th European Conference on Object-Oriented Programming, ECOOP 2022, June 6-10, 2022, Berlin, Germany, volume 222 of LIPIcs, pages 3:1-3:28. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2022. URL: https://doi.org/10.4230/LIPIcs.ECOOP.2022.3.
  5. Madhurima Chakraborty, Renzo Olivares, Manu Sridharan, and Behnaz Hassanshahi. Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs (Extended Version). CoRR, 2022. URL: https://arxiv.org/abs/2205.06780.
  6. David R. Chase, Mark N. Wegman, and F. Kenneth Zadeck. Analysis of pointers and structures. In Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation (PLDI), White Plains, New York, USA, June 20-22, 1990, pages 296-310. ACM, 1990. URL: https://doi.org/10.1145/93542.93585.
  7. Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby, and Frank Tip. Efficient construction of approximate call graphs for JavaScript IDE services. In 35th International Conference on Software Engineering, ICSE '13, San Francisco, CA, USA, May 18-26, 2013, pages 752-761. IEEE Computer Society, 2013. URL: https://doi.org/10.1109/ICSE.2013.6606621.
  8. Stephen Fink et al. WALA. https://github.com/wala/WALA, 2024.
  9. Martin Fowler. FluentInterface. https://www.martinfowler.com/bliki/FluentInterface.html, 2005. Accessed: 2023-09-24.
  10. Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet, and Ryan Berg. Saving the world wide web from vulnerable JavaScript. In Proceedings of the 20th International Symposium on Software Testing and Analysis, ISSTA 2011, Toronto, ON, Canada, July 17-21, 2011, pages 177-187. ACM, 2011. URL: https://doi.org/10.1145/2001420.2001442.
  11. Susan Horwitz. Precise flow-insensitive may-alias analysis is NP-hard. ACM Trans. Program. Lang. Syst., 19(1):1-6, 1997. URL: https://doi.org/10.1145/239912.239913.
  12. Mathias Rud Laursen, Wenyuan Xu, and Anders Møller. Reducing static analysis unsoundness with approximate interpretation. Proceedings of the ACM on Programming Languages (PACMPL), 4(PLDI):194:1-194:24, 2024. Google Scholar
  13. Thanh Le-Cong, Hong Jin Kang, Truong Giang Nguyen, Stefanus Agus Haryono, David Lo, Xuan-Bach Dinh Le, and Huynh Quyet Thang. AutoPruner: transformer-based call graph pruning. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022, Singapore, Singapore, November 14-18, 2022, pages 520-532. ACM, 2022. URL: https://doi.org/10.1145/3540250.3549175.
  14. Peiming Liu, Yanze Li, Bradley Swain, and Jeff Huang. PUS: A fast and highly efficient solver for inclusion-based pointer analysis. In 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022, pages 1781-1792. ACM, 2022. URL: https://doi.org/10.1145/3510003.3510075.
  15. Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondrej Lhoták, José Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis. In defense of soundiness: a manifesto. Communications of the ACM, 58(2):44-46, 2015. URL: https://doi.org/10.1145/2644805.
  16. Anders Alnor Mathiasen and Andreas Pavlogiannis. The fine-grained and parallel complexity of Andersen’s pointer analysis. Proc. ACM Program. Lang., 5(POPL):1-29, 2021. URL: https://doi.org/10.1145/3434315.
  17. Jan Midtgaard. Control-flow analysis of functional programs. ACM Comput. Surv., 44(3):10:1-10:33, 2012. URL: https://doi.org/10.1145/2187671.2187672.
  18. Anders Møller, Benjamin Barslev Nielsen, and Martin Toldam Torp. Detecting locations in JavaScript programs affected by breaking library changes. Proc. ACM Program. Lang., 4(OOPSLA):187:1-187:25, 2020. URL: https://doi.org/10.1145/3428255.
  19. Anders Møller and Oskar Haarklou Veileborg. Jelly. https://github.com/cs-au-dk/jelly, 2024.
  20. Benjamin Barslev Nielsen, Martin Toldam Torp, and Anders Møller. Modular call graph construction for security scanning of Node.js applications. In ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, Denmark, July 11-17, 2021, pages 29-41, 2021. URL: https://doi.org/10.1145/3460319.3464836.
  21. Fernando Magno Quintão Pereira and Daniel Berlin. Wave propagation and deep propagation for pointer analysis. In Proceedings of the CGO 2009, The Seventh International Symposium on Code Generation and Optimization, Seattle, Washington, USA, March 22-25, 2009, pages 126-135. IEEE Computer Society, 2009. URL: https://doi.org/10.1109/CGO.2009.9.
  22. Michael Reif, Florian Kübler, Michael Eichberg, Dominik Helm, and Mira Mezini. Judge: identifying, understanding, and evaluating sources of unsoundness in call graphs. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, Beijing, China, July 15-19, 2019, pages 251-261. ACM, 2019. URL: https://doi.org/10.1145/3293882.3330555.
  23. Koushik Sen, Swaroop Kalasapur, Tasneem G. Brutch, and Simon Gibbs. Jalangi: a selective record-replay and dynamic analysis framework for JavaScript. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE'13, Saint Petersburg, Russian Federation, August 18-26, 2013, pages 488-498. ACM, 2013. URL: https://doi.org/10.1145/2491411.2491447.
  24. Olin Shivers. Control-flow analysis of higher-order languages. PhD thesis, Carnegie Mellon University, 1991. Google Scholar
  25. Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. Alias analysis for object-oriented programs. In David Clarke, Tobias Wrigstad, and James Noble, editors, Aliasing in Object-Oriented Programming. Springer, 2013. URL: https://doi.org/10.1007/978-3-642-36946-9_8.
  26. Li Sui, Jens Dietrich, Amjed Tahir, and George Fourtounis. On the recall of static call graph construction in practice. In ICSE '20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June - 19 July, 2020, pages 1049-1060. ACM, 2020. URL: https://doi.org/10.1145/3377811.3380441.
  27. Yulei Sui and Jingling Xue. SVF: interprocedural static value-flow analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, March 12-18, 2016, pages 265-266. ACM, 2016. URL: https://doi.org/10.1145/2892208.2892235.
  28. Haiyang Sun, Daniele Bonetta, Christian Humer, and Walter Binder. Efficient dynamic analysis for Node.js. In Christophe Dubach and Jingling Xue, editors, Proceedings of the 27th International Conference on Compiler Construction, CC 2018, February 24-25, 2018, Vienna, Austria, pages 196-206. ACM, 2018. URL: https://doi.org/10.1145/3178372.3179527.
  29. Kwangwon Sun and Sukyoung Ryu. Analysis of JavaScript programs: Challenges and research trends. ACM Comput. Surv., 50(4):59:1-59:34, 2017. URL: https://doi.org/10.1145/3106741.
  30. Akshay Utture, Shuyang Liu, Christian Gram Kalhauge, and Jens Palsberg. Striking a balance: Pruning false-positives from static call graphs. In 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022, pages 2043-2055. ACM, 2022. URL: https://doi.org/10.1145/3510003.3510166.
  31. Akshay Utture and Jens Palsberg. Fast and precise application code analysis using a partial library. In 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022, pages 934-945. ACM, 2022. URL: https://doi.org/10.1145/3510003.3510046.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail