SlideShare ist ein Scribd-Unternehmen logo

Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs

M
Michael Reif

Call graphs are widely used; in particular for advanced control- and data-flow analyses. Even though many call graph algorithms with different precision and scalability properties have been proposed, a comprehensive understanding of sources of unsoundness, their relevance, and the capabilities of existing call graph algorithms in this respect is missing. To address this problem, we propose Judge, a toolchain that helps with understanding sources of unsoundness and improving the soundness of call graphs. In several experiments, we use Judge and an extensive test suite related to sources of unsoundness to (a) compute capability profiles for call graph implementations of Soot, WALA, DOOP, and OPAL, (b) to determine the prevalence of language features and APIs that affect soundness in modern Java Bytecode, (c) to compare the call graphs of Soot, WALA, DOOP, and OPAL – highlighting important differences in their implementations, and (d) to evaluate the necessary effort to achieve project-specific reasonable sound call graphs. We show that soundness-relevant features/APIs are frequently used and that support for them differs vastly, up to the point where comparing call graphs computed by the same base algorithms (e.g., RTA) but different frameworks is bogus. We also show that Judge can support users in establishing the soundness of call graphs with reasonable effort.

Bildung
1 von 50
Downloaden Sie, um offline zu lesen
Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs Michael Reif, Florian Kübler, Michael Eichberg, Dominik Helm, and Mira Mezini Software Technology Group TU Darmstadt @Reifmi
Why We Shouldn’t Take 
 Call Graphs for Granted • Call graphs are a central data-structure for numerous static analyses • Call graphs directly impact a client analysis’ result • The chosen algorithm predetermines an analysis’ precision and recall • Programming languages evolve (APIs and features are added) and frameworks might not !2
State-of-the-art Call-graph Generators for Java • Many different static analysis frameworks are available • All can compute a different set of call graphs • All frameworks use different approaches and make unknown trade-offs or implementation choices • Are they actually comparable?? !3 OPAL
Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3
Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets
Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects.
Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile
Test Suite TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile
Test Suite TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile • Each category has: • a description • multiple test cases • Each test case has: • a scenario description • unique id • the test code • excepted calls • Available annotations: • CallSite • IndirectCall
Test Suite Language Features • Static Initializer • Polymorphic Calls • Java 8 Polymorphic Calls • Lambdas/Method References • Signature Polymorphic Methods • Non-Java bytecode • … !6 APIs • Reflection • Unsafe • Serialization • Method Handles • Dynamic Proxies • Classloading • …
Computing the Algorithms’ Profile !7 TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile
TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile Finding Features in Real Code !8
TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile Finding Features in Real Code !8 [1] Reif, Michael et al. Hermes: assessment and creation of effective test corpora. SOAP ’17. ACM, 43–48. • We used Hermes [1], a static analysis code query infrastructure • Each query is an analysis that checks if a specific feature is found in a given code base • We developed 15 Hermes queries to derive 107 Hermes features and map the derived features to the test case ids • All queries perform a most-conservative intra-procedural analysis
Potential Sources of Unsoundness !9 0✘ Lambda8 (Invokedynamic - Scala) Lambda3 (Invokedynamic - Java ≤ 10) 1✓ … …… TR1 (Reflection) 2✘ Extensions Count 3 Supported by CG(a) ✓ BPC2 (Polymorphic Call) Features (Based on Test Cases) ✘mz my ✓ mx ✘ ✓mu …… m4 ✓ m3 ✓ m2 ✘ Reached by CG(a) ✓m1 Name Methods Computed Using Feature Queries / Hermes LibraryCodeApplicationCode Sourceof Unsoundness For Project (p) ConditionalSource ofUnsoundness Extensions Mapping TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile • Sources of Unsoundness definitely make the call graph unsound • Conditional sources of Unsoundness might introduce unsoundness
Research Questions • RQ1: How prevalent are the language and API features? • RQ2: How do the frameworks compare to each other? • RQ3: Which framework is best suited for which kind of code base? • RQ4: How much effort is necessary to get a sound call graph? !10
Prevalent Language Features and APIs (RQ1) • All the API and language features supported by Java up to version 7 are used widely across all code bases • Support for Java 8 is a must, unless analyzing Android or Clojure code • Supporting classical Reflection and Serialization is strongly recommended, independent of the source code’s age • Support for many features is only required in specific scenarios !11
The Call Graphs’ Feature Support (RQ2) !12
The Call Graphs’ Feature Support (RQ2) !12
The Call Graphs’ Feature Support (RQ2) !12 Standard Java Features are well- supported
The Call Graphs’ Feature Support (RQ2) !12 Standard Java Features are well- supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported Standard Java Features are well- supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported Standard Java Features are well- supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported Reflection API partially supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported Reflection API partially supported
The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Some APIs and language features are unsupported Standard Java Features are well- supported Reflection API partially supported
Performance Results (RQ2) !13
Performance Results (RQ2) !13
Performance Results (RQ2) !13 avg. Runtimes largely differ
Performance Results (RQ2) !13 avg. Runtimes largely differ
Performance Results (RQ2) !13 avg. Runtimes largely differ Reachable Methods vary even for implementations of the same algorithm by more than 20x
RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341.
RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341.
RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet }
RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet }
RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet } { LinkedList, ArrayList, Vector}
RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet } {ArrayList, Vector}{ LinkedList, ArrayList, Vector}
Project-specific Evaluation (RQ3) !15
Project-specific Evaluation (RQ3) !15
Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive
Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive
Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive OPAL supports most features but has the smallest call graph
Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive OPAL supports most features but has the smallest call graph OPAL covers only 47 methods from Xalan (~0.3%)
Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive OPAL supports most features but has the smallest call graph OPAL covers only 47 methods from Xalan (~0.3%) Very few call sites have a huge impact
Is it worth it to do the work manually? (RQ 4) • GOAL: Get a reasonably sound call graph • JVM profiling and TamiFlex [3] as ground truth !16 [3] Bodden, Eric, et al. Taming Reflection--Static Analysis in the Presence of Reflection and Custom Class Loaders. (2010). Apply Judge Inspect Results Add Entry Points • Analyzed 10 reflective call sites • Added 50 entry points • manual analysis took roughly 90 minutes • The call graph then covered 91% of all methods contained in the profile and 121 from 198 reported by TamiFlex
!17
!17
!17
!17

Empfohlen

Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Sung Kim
 
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Thomas Wuerthinger
 
Graal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution PlatformGraal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution PlatformThomas Wuerthinger
 
Graal Tutorial at CGO 2015 by Christian Wimmer
Graal Tutorial at CGO 2015 by Christian WimmerGraal Tutorial at CGO 2015 by Christian Wimmer
Graal Tutorial at CGO 2015 by Christian WimmerThomas Wuerthinger
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code CoverageAlexandre (Shura) Iline
 
Graal and Truffle: One VM to Rule Them All
Graal and Truffle: One VM to Rule Them AllGraal and Truffle: One VM to Rule Them All
Graal and Truffle: One VM to Rule Them AllThomas Wuerthinger
 
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningDeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningSung Kim
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 

Empfohlen

Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Sung Kim
 
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Thomas Wuerthinger
 
Graal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution PlatformGraal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution PlatformThomas Wuerthinger
 
Graal Tutorial at CGO 2015 by Christian Wimmer
Graal Tutorial at CGO 2015 by Christian WimmerGraal Tutorial at CGO 2015 by Christian Wimmer
Graal Tutorial at CGO 2015 by Christian WimmerThomas Wuerthinger
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code CoverageAlexandre (Shura) Iline
 
Graal and Truffle: One VM to Rule Them All
Graal and Truffle: One VM to Rule Them AllGraal and Truffle: One VM to Rule Them All
Graal and Truffle: One VM to Rule Them AllThomas Wuerthinger
 
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningDeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningSung Kim
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesSung Kim
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2Engineering Software Lab
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim
 
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationA Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationSung Kim
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
JVM++: The Graal VM
JVM++: The Graal VMJVM++: The Graal VM
JVM++: The Graal VMMartin Toshev
 
Improving Automated Tests with Fluent Assertions
Improving Automated Tests with Fluent Assertions Improving Automated Tests with Fluent Assertions
Improving Automated Tests with Fluent Assertions TestingCR
 
Hi-Lite erts2012
Hi-Lite erts2012Hi-Lite erts2012
Hi-Lite erts2012AdaCore
 
Qtp (basics to advanced)
Qtp (basics to advanced)Qtp (basics to advanced)
Qtp (basics to advanced)G.C Reddy
 
Implementation of TypeGraphQL with Apollo Server
Implementation of TypeGraphQL with Apollo ServerImplementation of TypeGraphQL with Apollo Server
Implementation of TypeGraphQL with Apollo ServerFabien Pasquet
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...Sung Kim
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-PresentationHeather Harton
 
Agile analysis development
Agile analysis developmentAgile analysis development
Agile analysis developmentsetitesuk
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteAbhik Roychoudhury
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
 
Cppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedCppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedPVS-Studio
 
Clean Code V2
Clean Code V2Clean Code V2
Clean Code V2Jean Carlo Machado
 
Code Review with Sonar
Code Review with SonarCode Review with Sonar
Code Review with SonarMax Kleiner
 
News In The Net40
News In The Net40News In The Net40
News In The Net40Florin Cardasim
 

Weitere ähnliche Inhalte

Was ist angesagt?

ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesSung Kim
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim
 
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationA Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationSung Kim
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
Improving Automated Tests with Fluent Assertions
Improving Automated Tests with Fluent Assertions Improving Automated Tests with Fluent Assertions
Improving Automated Tests with Fluent Assertions TestingCR
 
Hi-Lite erts2012
Hi-Lite erts2012Hi-Lite erts2012
Hi-Lite erts2012AdaCore
 
Qtp (basics to advanced)
Qtp (basics to advanced)Qtp (basics to advanced)
Qtp (basics to advanced)G.C Reddy
 
Implementation of TypeGraphQL with Apollo Server
Implementation of TypeGraphQL with Apollo ServerImplementation of TypeGraphQL with Apollo Server
Implementation of TypeGraphQL with Apollo ServerFabien Pasquet
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...Sung Kim
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
Agile analysis development
Agile analysis developmentAgile analysis development
Agile analysis developmentsetitesuk
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
 
Cppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedCppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedPVS-Studio
 

Was ist angesagt? (20)

ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution Techniques
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
 
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationA Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
 
JVM++: The Graal VM
JVM++: The Graal VMJVM++: The Graal VM
JVM++: The Graal VM
 
Improving Automated Tests with Fluent Assertions
Improving Automated Tests with Fluent Assertions Improving Automated Tests with Fluent Assertions
Improving Automated Tests with Fluent Assertions
 
Hi-Lite erts2012
Hi-Lite erts2012Hi-Lite erts2012
Hi-Lite erts2012
 
Qtp (basics to advanced)
Qtp (basics to advanced)Qtp (basics to advanced)
Qtp (basics to advanced)
 
Implementation of TypeGraphQL with Apollo Server
Implementation of TypeGraphQL with Apollo ServerImplementation of TypeGraphQL with Apollo Server
Implementation of TypeGraphQL with Apollo Server
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talk
 
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-Presentation
 
Agile analysis development
Agile analysis developmentAgile analysis development
Agile analysis development
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 Keynote
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
 
Cppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedCppcheck and PVS-Studio compared
Cppcheck and PVS-Studio compared
 
Clean Code V2
Clean Code V2Clean Code V2
Clean Code V2
 

Ähnlich wie Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs

Code Review with Sonar
Code Review with SonarCode Review with Sonar
Code Review with SonarMax Kleiner
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
Optimising code using Span<T>
Optimising code using Span<T>Optimising code using Span<T>
Optimising code using Span<T>Mirco Vanini
 
Sista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performanceSista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performanceESUG
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
The Pill for Your Migration Hell
The Pill for Your Migration HellThe Pill for Your Migration Hell
The Pill for Your Migration HellDatabricks
 
AdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech Update
AdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech UpdateAdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech Update
AdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech Updatejamieayre
 
Boost your App with Gatling
Boost your App with GatlingBoost your App with Gatling
Boost your App with GatlingKnoldus Inc.
 
Real-time Programming in Java
Real-time Programming in JavaReal-time Programming in Java
Real-time Programming in JavaAleš Plšek
 
Reducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code AnalysisReducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code AnalysisSebastiano Panichella
 
Search-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing SystemsSearch-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing SystemsLionel Briand
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaMichael Reif
 
Tech talk specflow_bddx_hassa_nagy
Tech talk specflow_bddx_hassa_nagyTech talk specflow_bddx_hassa_nagy
Tech talk specflow_bddx_hassa_nagySkills Matter
 
Unit testing of spark applications
Unit testing of spark applicationsUnit testing of spark applications
Unit testing of spark applicationsKnoldus Inc.
 
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Martin Spier
 

Ähnlich wie Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs (20)

Code Review with Sonar
Code Review with SonarCode Review with Sonar
Code Review with Sonar
 
News In The Net40
News In The Net40News In The Net40
News In The Net40
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error prediction
 
Optimising code using Span<T>
Optimising code using Span<T>Optimising code using Span<T>
Optimising code using Span<T>
 
Sista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performanceSista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performance
 
Værktøjer udviklet på AAU til analyse af SCJ programmer
Værktøjer udviklet på AAU til analyse af SCJ programmerVærktøjer udviklet på AAU til analyse af SCJ programmer
Værktøjer udviklet på AAU til analyse af SCJ programmer
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questions
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questions
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
The Pill for Your Migration Hell
The Pill for Your Migration HellThe Pill for Your Migration Hell
The Pill for Your Migration Hell
 
AdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech Update
AdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech UpdateAdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech Update
AdaCore Paris Tech Day 2016: Jose Ruiz - QGen Tech Update
 
Boost your App with Gatling
Boost your App with GatlingBoost your App with Gatling
Boost your App with Gatling
 
Real-time Programming in Java
Real-time Programming in JavaReal-time Programming in Java
Real-time Programming in Java
 
Reducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code AnalysisReducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code Analysis
 
Search-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing SystemsSearch-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing Systems
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
 
Tech talk specflow_bddx_hassa_nagy
Tech talk specflow_bddx_hassa_nagyTech talk specflow_bddx_hassa_nagy
Tech talk specflow_bddx_hassa_nagy
 
Unit testing of spark applications
Unit testing of spark applicationsUnit testing of spark applications
Unit testing of spark applications
 
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)Ensuring Performance in a Fast-Paced Environment (CMG 2014)
Ensuring Performance in a Fast-Paced Environment (CMG 2014)
 

Kürzlich hochgeladen

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 

Kürzlich hochgeladen (20)

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 

Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs

  • 1. Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs Michael Reif, Florian Kübler, Michael Eichberg, Dominik Helm, and Mira Mezini Software Technology Group TU Darmstadt @Reifmi
  • 2. Why We Shouldn’t Take 
 Call Graphs for Granted • Call graphs are a central data-structure for numerous static analyses • Call graphs directly impact a client analysis’ result • The chosen algorithm predetermines an analysis’ precision and recall • Programming languages evolve (APIs and features are added) and frameworks might not !2
  • 3. State-of-the-art Call-graph Generators for Java • Many different static analysis frameworks are available • All can compute a different set of call graphs • All frameworks use different approaches and make unknown trade-offs or implementation choices • Are they actually comparable?? !3 OPAL
  • 4. Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3
  • 5. Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets
  • 6. Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects.
  • 7. Judge’s Overview TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile
  • 8. Test Suite TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile
  • 9. Test Suite TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile • Each category has: • a description • multiple test cases • Each test case has: • a scenario description • unique id • the test code • excepted calls • Available annotations: • CallSite • IndirectCall
  • 10. Test Suite Language Features • Static Initializer • Polymorphic Calls • Java 8 Polymorphic Calls • Lambdas/Method References • Signature Polymorphic Methods • Non-Java bytecode • … !6 APIs • Reflection • Unsafe • Serialization • Method Handles • Dynamic Proxies • Classloading • …
  • 11. Computing the Algorithms’ Profile !7 TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile
  • 12. TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile Finding Features in Real Code !8
  • 13. TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile Finding Features in Real Code !8 [1] Reif, Michael et al. Hermes: assessment and creation of effective test corpora. SOAP ’17. ACM, 43–48. • We used Hermes [1], a static analysis code query infrastructure • Each query is an analysis that checks if a specific feature is found in a given code base • We developed 15 Hermes queries to derive 107 Hermes features and map the derived features to the test case ids • All queries perform a most-conservative intra-procedural analysis
  • 14. Potential Sources of Unsoundness !9 0✘ Lambda8 (Invokedynamic - Scala) Lambda3 (Invokedynamic - Java ≤ 10) 1✓ … …… TR1 (Reflection) 2✘ Extensions Count 3 Supported by CG(a) ✓ BPC2 (Polymorphic Call) Features (Based on Test Cases) ✘mz my ✓ mx ✘ ✓mu …… m4 ✓ m3 ✓ m2 ✘ Reached by CG(a) ✓m1 Name Methods Computed Using Feature Queries / Hermes LibraryCodeApplicationCode Sourceof Unsoundness For Project (p) ConditionalSource ofUnsoundness Extensions Mapping TC1.jarTC2.jar⟨Test Case⟩ .jar ⟨Advanced Test Case⟩ .jar compile test cases AllTestCases <Test Fixtures Category>.md Test Case 1(TC1) … Test Case 3 (TCN) ⟨Test Fixtures⟩.md Test Case 1 … Test Case 3 ⟨CG⟩ .json compute CG Done for each CG per supported static analysis framework. ⟨CG Algorithm Profile⟩ .tsvcompute profile using CG and expected call targets ⟨Project⟩ .jar ⟨Features & Locations⟩ .json ⟨CG⟩ .json compute CG run Hermes Infrastructure used for computing the prevalence of features in real projects. ⟨Potential Sources of Unsoundness⟩ .tsv compute suitability of CG algo. use the respective CG profile • Sources of Unsoundness definitely make the call graph unsound • Conditional sources of Unsoundness might introduce unsoundness
  • 15. Research Questions • RQ1: How prevalent are the language and API features? • RQ2: How do the frameworks compare to each other? • RQ3: Which framework is best suited for which kind of code base? • RQ4: How much effort is necessary to get a sound call graph? !10
  • 16. Prevalent Language Features and APIs (RQ1) • All the API and language features supported by Java up to version 7 are used widely across all code bases • Support for Java 8 is a must, unless analyzing Android or Clojure code • Supporting classical Reflection and Serialization is strongly recommended, independent of the source code’s age • Support for many features is only required in specific scenarios !11
  • 17. The Call Graphs’ Feature Support (RQ2) !12
  • 18. The Call Graphs’ Feature Support (RQ2) !12
  • 19. The Call Graphs’ Feature Support (RQ2) !12 Standard Java Features are well- supported
  • 20. The Call Graphs’ Feature Support (RQ2) !12 Standard Java Features are well- supported
  • 21. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported Standard Java Features are well- supported
  • 22. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported Standard Java Features are well- supported
  • 23. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported
  • 24. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported
  • 25. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported Reflection API partially supported
  • 26. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Standard Java Features are well- supported Reflection API partially supported
  • 27. The Call Graphs’ Feature Support (RQ2) !12 Java 8 Features are partially supported The JVM is not fully covered Some APIs and language features are unsupported Standard Java Features are well- supported Reflection API partially supported
  • 30. Performance Results (RQ2) !13 avg. Runtimes largely differ
  • 31. Performance Results (RQ2) !13 avg. Runtimes largely differ
  • 32. Performance Results (RQ2) !13 avg. Runtimes largely differ Reachable Methods vary even for implementations of the same algorithm by more than 20x
  • 33. RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341.
  • 34. RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341.
  • 35. RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet }
  • 36. RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet }
  • 37. RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet } { LinkedList, ArrayList, Vector}
  • 38. RTA-Example !14 void program(boolean condition){ Collection c1 = new LinkedList(); Collection c2; if(condition){ c2 = new ArrayList(); } else { c2 = new Vector(); } c2.add(null); Collection c3 = new HashSet(); } • RTA [2] depends on the program’s instantiated types • Soot, WALA, and OPAL behave complete differently [2] D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. OOPSLA '96. ACM, 324-341. { LinkedList, ArrayList, Vector, HashSet } {ArrayList, Vector}{ LinkedList, ArrayList, Vector}
  • 43. Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive OPAL supports most features but has the smallest call graph
  • 44. Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive OPAL supports most features but has the smallest call graph OPAL covers only 47 methods from Xalan (~0.3%)
  • 45. Project-specific Evaluation (RQ3) !15 Soot supports CSR but its expensive OPAL supports most features but has the smallest call graph OPAL covers only 47 methods from Xalan (~0.3%) Very few call sites have a huge impact
  • 46. Is it worth it to do the work manually? (RQ 4) • GOAL: Get a reasonably sound call graph • JVM profiling and TamiFlex [3] as ground truth !16 [3] Bodden, Eric, et al. Taming Reflection--Static Analysis in the Presence of Reflection and Custom Class Loaders. (2010). Apply Judge Inspect Results Add Entry Points • Analyzed 10 reflective call sites • Added 50 entry points • manual analysis took roughly 90 minutes • The call graph then covered 91% of all methods contained in the profile and 121 from 198 reported by TamiFlex
  • 47. !17
  • 48. !17
  • 49. !17
  • 50. !17