Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs (Artifact)
Gespeichert in:
| Titel: | Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs (Artifact) |
|---|---|
| Autoren: | Chakraborty, Madhurima, Olivares, Renzo, Sridharan, Manu, Hassanshahi, Behnaz |
| Weitere Verfasser: | Madhurima Chakraborty and Renzo Olivares and Manu Sridharan and Behnaz Hassanshahi |
| Verlagsinformationen: | Schloss Dagstuhl – Leibniz-Zentrum für Informatik |
| Publikationsjahr: | 2022 |
| Bestand: | DROPS - Dagstuhl Research Online Publication Server (Schloss Dagstuhl - Leibniz Center for Informatics ) |
| Schlagwörter: | JavaScript, call graph construction, static program analysis |
| Beschreibung: | Building sound and precise static call graphs for real-world JavaScript applications poses an enormous challenge, due to many hard-to-analyze language features. Further, the relative importance of these features may vary depending on the call graph algorithm being used and the class of applications being analyzed. In this paper, we present a technique to automatically quantify the relative importance of different root causes of call graph unsoundness for a set of target applications. The technique works by identifying the dynamic function data flows relevant to each call edge missed by the static analysis, correctly handling cases with multiple root causes and inter-dependent calls. We apply our approach to perform a detailed study of the recall of a state-of-the-art call graph construction technique on a set of framework-based web applications. The study yielded a number of useful insights. We found that while dynamic property accesses were the most common root cause of missed edges across the benchmarks, other root causes varied in importance depending on the benchmark, potentially useful information for an analysis designer. Further, with our approach, we could quickly identify and fix a recall issue in the call graph builder we studied, and also quickly assess whether a recent analysis technique for Node.js-based applications would be helpful for browser-based code. All of our code and data is publicly available, and many components of our technique can be re-used to facilitate future studies. |
| Publikationsart: | article in journal/newspaper |
| Dateibeschreibung: | application/pdf |
| Sprache: | English |
| Relation: | Is Part Of DARTS, Volume 8, Issue 2, Special Issue of the 36th European Conference on Object-Oriented Programming (ECOOP 2022); https://drops.dagstuhl.de/entities/document/10.4230/DARTS.8.2.7 |
| DOI: | 10.4230/DARTS.8.2.7 |
| Verfügbarkeit: | https://doi.org/10.4230/DARTS.8.2.7 https://nbn-resolving.org/urn:nbn:de:0030-drops-162052 https://drops.dagstuhl.de/entities/document/10.4230/DARTS.8.2.7 |
| Rights: | https://creativecommons.org/licenses/by/4.0/legalcode |
| Dokumentencode: | edsbas.887B391 |
| Datenbank: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Building sound and precise static call graphs for real-world JavaScript applications poses an enormous challenge, due to many hard-to-analyze language features. Further, the relative importance of these features may vary depending on the call graph algorithm being used and the class of applications being analyzed. In this paper, we present a technique to automatically quantify the relative importance of different root causes of call graph unsoundness for a set of target applications. The technique works by identifying the dynamic function data flows relevant to each call edge missed by the static analysis, correctly handling cases with multiple root causes and inter-dependent calls. We apply our approach to perform a detailed study of the recall of a state-of-the-art call graph construction technique on a set of framework-based web applications. The study yielded a number of useful insights. We found that while dynamic property accesses were the most common root cause of missed edges across the benchmarks, other root causes varied in importance depending on the benchmark, potentially useful information for an analysis designer. Further, with our approach, we could quickly identify and fix a recall issue in the call graph builder we studied, and also quickly assess whether a recent analysis technique for Node.js-based applications would be helpful for browser-based code. All of our code and data is publicly available, and many components of our technique can be re-used to facilitate future studies. |
|---|---|
| DOI: | 10.4230/DARTS.8.2.7 |