Scalable Call Graph Constructor for Maven

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

As a rich source of data, Call Graphs are used for various applications including security vulnerability detection. Despite multiple studies showing that Call Graphs can drastically improve the accuracy of analysis, existing ecosystem-scale tools like Dependabot do not use Call Graphs and work at the package-level. Using Call Graphs in ecosystem use cases is not practical because of the scalability problems that Call Graph generators have. Call Graph generation is usually considered to be a 'full program analysis' resulting in large Call Graphs and expensive computation. To make an analysis applicable to ecosystem scale, this pragmatic approach does not work, because the number of possible combinations of how a particular artifact can be combined in a full program explodes. Therefore, it is necessary to make the analysis incremental. There are existing studies on different types of incremental program analysis. However, none of them focuses on Call Graph generation for an entire ecosystem. In this paper, we propose an incremental implementation of the CHA algorithm that can generate Call Graphs on-demand, by stitching together partial Call Graphs that have been extracted for libraries before. Our preliminary evaluation results show that the proposed approach scales well and outperforms the most scalable existing framework called OPAL.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE/ACM 43rd International Conference on Software Engineering
Subtitle of host publicationCompanion Proceedings, ICSE-Companion 2021
EditorsL. O'Conner
Place of PublicationPiscataway
PublisherIEEE
Pages99-101
Number of pages3
ISBN (Print)978-1-6654-1219-3
DOIs
Publication statusPublished - 2021
Event43rd IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2021 - Virtual, Online, Spain
Duration: 25 May 202128 May 2021

Conference

Conference43rd IEEE/ACM International Conference on Software Engineering: Companion, ICSE-Companion 2021
CountrySpain
CityVirtual, Online
Period25/05/2128/05/21

Keywords

  • Logic and verification
  • Program analysis
  • Theory of computation

Fingerprint

Dive into the research topics of 'Scalable Call Graph Constructor for Maven'. Together they form a unique fingerprint.

Cite this