NoCFG: A Lightweight Approach for Sound Call Graph Approximation DOI Creative Commons

Aharon Abadi,

Bar Makovitzki,

Ron Shemer

и другие.

arXiv (Cornell University), Год журнала: 2021, Номер unknown

Опубликована: Янв. 1, 2021

Interprocedural analysis refers to gathering information about the entire program rather than for a single procedure only, as in intraprocedural analysis. enables more precise analysis; however, it is complicated due difficulty of constructing an accurate call graph. Current algorithms sound and graphs analyze complex dependencies, therefore they might be difficult scale. Their complexity stems from kind type-inference use, particular use some variations points-to To address this problem, we propose NoCFG, new scalable method approximating graph that supports wide variety programming languages. A key property NoCFG works on coarse abstraction program, discarding many language constructs. Due abstraction, extending support also other languages easy. We provide formal proof soundness evaluations real-world projects written both Python C#. The experimental results demonstrate high precision rate 90% (lower bound) scalability through security use-case over with up 2 million lines code.

Язык: Английский

NoCFG: A Lightweight Approach for Sound Call Graph Approximation DOI Creative Commons

Aharon Abadi,

Bar Makovitzki,

Ron Shemer

и другие.

arXiv (Cornell University), Год журнала: 2021, Номер unknown

Опубликована: Янв. 1, 2021

Interprocedural analysis refers to gathering information about the entire program rather than for a single procedure only, as in intraprocedural analysis. enables more precise analysis; however, it is complicated due difficulty of constructing an accurate call graph. Current algorithms sound and graphs analyze complex dependencies, therefore they might be difficult scale. Their complexity stems from kind type-inference use, particular use some variations points-to To address this problem, we propose NoCFG, new scalable method approximating graph that supports wide variety programming languages. A key property NoCFG works on coarse abstraction program, discarding many language constructs. Due abstraction, extending support also other languages easy. We provide formal proof soundness evaluations real-world projects written both Python C#. The experimental results demonstrate high precision rate 90% (lower bound) scalability through security use-case over with up 2 million lines code.

Язык: Английский

Процитировано

0