Systematic Comparison of Six Open-source Java Call Graph Construction Tools

Call graphs provide the groundwork for numerous analysis algorithms and tools. However, in practice, their construction may have several ambiguities, especially for object-oriented programming languages like Java. The characteristics of the call graphs – which are influenced by building requirements such as scalability, efficiency, completeness, and precision – can greatly affect the output of the algorithms utilizing them. Therefore, it is important for developers to know a well-defined set of criteria based on which they can choose the most appropriate call graph builder tool for their static analysis applications. In this paper, we studied and compared six static call graph creator tools for Java. Our aim was to identify linguistic and technical properties that might induce differences in the generated call graphs besides the obvious differences caused by the various call graph construction algorithms. We evaluated the tools on multiple real-life open-source Java systems and performed a quantitative and qualitative assessment of the resulting graphs. We have shown how different outputs could be generated by the different tools. By manually analyzing the differences found on larger programs, we also found differences that we did not expect based on our preliminary assumptions.

[1]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[2]  Michael Eichberg,et al.  Call graph construction for Java libraries , 2016, SIGSOFT FSE.

[3]  Michael A. Harrison,et al.  Accurate static estimators for program optimization , 1994, PLDI '94.

[4]  Tibor Gyimóthy,et al.  Static JavaScript Call Graphs: a Comparative Study , 2018 .

[5]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[6]  David F. Bacon,et al.  Fast static analysis of C++ virtual function calls , 1996, OOPSLA '96.

[7]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[8]  Chao Liu,et al.  Mining Behavior Graphs for "Backtrace" of Noncrashing Bugs , 2005, SDM.

[9]  Michael Eichberg,et al.  Systematic evaluation of the unsoundness of call graph construction algorithms for Java , 2018, ISSTA/ECOOP Workshops.

[10]  David Grove,et al.  Call graph construction in object-oriented languages , 1997, OOPSLA '97.

[11]  Laurie J. Hendren,et al.  Practical virtual method call resolution for Java , 2000, OOPSLA '00.

[12]  Jens Palsberg,et al.  Scalable propagation-based call graph construction algorithms , 2000, OOPSLA '00.

[13]  David Grove,et al.  A framework for call graph construction algorithms , 2001, TOPL.

[14]  Renaud Pawlak,et al.  SPOON: A library for implementing analyses and transformations of Java source code , 2016, Softw. Pract. Exp..

[15]  Ondrej Lhoták,et al.  Comparing call graphs , 2007, PASTE '07.

[16]  David Notkin,et al.  An empirical study of static call graph extractors , 1998, TSEM.

[17]  Zoltán Ságodi,et al.  A Preparation Guide for Java Call Graph Comparison , 2019, Acta Cybern..

[18]  Ondrej Lhoták,et al.  Application-Only Call Graph Construction , 2012, ECOOP.

[19]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[20]  David Grove,et al.  Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis , 1995, ECOOP.

[21]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[22]  Klemens Böhm,et al.  Mining Edge-Weighted Call Graphs to Localise Software Bugs , 2008, ECML/PKDD.

[23]  Jing Li,et al.  The Qualitas Corpus: A Curated Collection of Java Code for Empirical Studies , 2010, 2010 Asia Pacific Software Engineering Conference.