Zhiyuan Wan,Bo Zhou

DOI: https://doi.org/10.3785/j.issn.1008-973X.2015.06.005

2015-01-01

Abstract:A points-to analysis approach was proposed to generate partial call graphs of application part without analyzing the method bodies of libraries. A set of rules was bulit to model the interaction between application and libraries in order to infer the pointer information libraries. The approach was implemented based on the Soot program analysis framework. The performance, completeness and precision of generated call graphs were evaluated on 14 Java benchmarks. The experimental results showed that the proposed approach was faster than Averroes and Spark call graph construction approaches by a factor of 4.9 xand13. 7xrespectively. Meanwhile, the proposed approach can construct complete and precise partial call graphs.

Kaifeng Huang,Yixuan Yan,Bihuan Chen,Zixin Tao,Xin Peng

2024-09-10

Abstract:Call graph construction is the foundation of inter-procedural static analysis. PYCG is the state-of-the-art approach for constructing call graphs for Python programs. Unfortunately, PyCG does not scale to large programs when adapted to whole-program analysis where application and dependent libraries are both analyzed. Moreover, PyCG is flow-insensitive and does not fully support Python's features, hindering its accuracy. To overcome these drawbacks, we propose a scalable and precise approach for constructing application-centered call graphs for Python programs, and implement it as a prototype tool JARVIS. JARVIS maintains a type graph (i.e., type relations of program identifiers) for each function in a program to allow type inference. Taking one function as an input, JARVIS generates the call graph on-the-fly, where flow-sensitive intra-procedural analysis and inter-procedural analysis are conducted in turn and strong updates are conducted. Our evaluation on a micro-benchmark of 135 small Python programs and a macro-benchmark of 6 real-world Python applications has demonstrated that JARVIS can significantly improve PYCG by at least 67% faster in time, 84% higher in precision, and at least 20% higher in recall.

Software Engineering

Yuying Yan,Kaifeng Huang,Bihuan Chen,Zheng-Ming Tao,Xin Peng

DOI: https://doi.org/10.48550/arxiv.2305.05949

2023-01-01

Abstract:Call graph generation is the foundation of inter-procedural static analysis. PyCG is the state-of-the-art approach for generating call graphs for Python programs. Unfortunately, PyCG does not scale to large programs when adapted to whole-program analysis where dependent libraries are also analyzed. Further, PyCG does not support demand-driven analysis where only the reachable functions from given entry functions are analyzed. Moreover, PyCG is flow-insensitive and does not fully support Python's features, hindering its accuracy. To overcome these drawbacks, we propose a scalable demand-driven approach for generating call graphs for Python programs, and implement it as a prototype tool Jarvis. Jarvis maintains an assignment graph (i.e., points-to relations between program identifiers) for each function in a program to allow reuse and improve scalability. Given a set of entry functions as the demands, Jarvis generates the call graph on-the-fly, where flow-sensitive intra-procedural analysis and inter-procedural analysis are conducted in turn. Our evaluation on a micro-benchmark of 135 small Python programs and a macro-benchmark of 6 real-world Python applications has demonstrated that Jarvis can significantly improve PyCG by at least 67% faster in time, 84% higher in precision, and at least 10% higher in recall.

Gharib Gharibi,Rashmi Tripathi,Yugyung Lee

DOI: https://doi.org/10.1145/3238147.3240484

2018-09-03

Abstract:A static call graph is an imperative prerequisite used in most interprocedural analyses and software comprehension tools. However, there is a lack of software tools that can automatically analyze the Python source-code and construct its static call graph. In this paper, we introduce a prototype Python tool, named code2graph, which automates the tasks of (1) analyzing the Python source-code and extracting its structure, (2) constructing static call graphs from the source code, and (3) generating a similarity matrix of all possible execution paths in the system. Our goal is twofold: First, assist the developers in understanding the overall structure of the system. Second, provide a stepping stone for further research that can utilize the tool in software searching and similarity detection applications. For example, clustering the execution paths into a logical workflow of the system would be applied to automate specific software tasks. Code2graph has been successfully used to generate static call graphs and similarity matrices of the paths for three popular open-source Deep Learning projects (TensorFlow, Keras, PyTorch). A tool demo is available at https://youtu.be/ecctePpcAKU.

Anne Veenendaal,Elliot Daly,Eddie Jones,Zhao Gang,Sumalini Vartak,Rahul S Patwardhan

DOI: https://doi.org/10.48550/arXiv.1610.04594

2016-07-27

Software Engineering

Abstract:Enterprise level software is implemented using multi-layer architecture. These layers are often implemented using de-coupled solutions with millions of lines of code. Programmers often have to track and debug a function call from user interface layer to the data access layer while troubleshooting an issue. They have to inspect the code based on search results or use design documents to construct the call graph. This process is time consuming and laborious. The development environment tools are insufficient or confined to analyzing only the code in the loaded solution. This paper proposes a method to construct a call graph of the call across several layers of the code residing in different code bases to help programmers better understand the design and architecture of the software. The signatures of class, methods, and properties were evaluated and then matched against the code files. A graph of matching functions was created. The recursive search stopped when there were no matches or the data layer code was detected. The method resulted in 78.26% accuracy when compared with manual search.

Yuanyi Zhen,Lanqin Zheng,Penghe Chen

DOI: https://doi.org/10.1109/access.2021.3106324

IF: 3.9

2021-01-01

IEEE Access

Abstract:This study aimed to automatically construct knowledge graphs for online collaborative programming. We proposed several models and developed a system to construct knowledge graphs based on online discussion texts and the target knowledge graph for the C programming language. Our system included two main modules, namely, entity recognition and relation extraction. We proposed an innovative approach for recognizing knowledge entities, which included sequence tagging, text classification, and keyword matching. The extraction of relationships among knowledge entities was performed through queries of the target knowledge graph. The six kinds of knowledge graphs could be automatically generated through our method, including the activated and unactivated knowledge graphs of each student, each group, and each class. The accuracy of entity recognition reached 87.27%. The accuracies of relation extraction for students, groups, and the class reached 89.7%, 90.4%, and 90.2%, respectively. This study is very promising and significant for both teachers and practitioners to provide interventions and personalized learning services based on the constructed knowledge graphs.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhiyuan Wan,Bo Zhou,Ye Wang,Yuanhong Shen

2014-01-01

Abstract:Many static analysis tools provide whole-program analysis to generate call graphs. However, the whole-program analysis suffers from scalability issue. The increasing size of the libraries exacerbates the issue. For many Web applications, the libraries (e.g. Servlet containers) are even not available for whole-program analysis. We present HyPta, a points-to analysis approach, to construct partial call graphs for Java programs. HyPta extends the standard points-to analysis by establishing a hybrid heap model. Since our approach does not analyze the method bodies of the library classes, the heap model distinguishes between the abstract memory locations in the application and those in the library. HyPta infers the pointer information in the library from the interactions between the application and the library. We implement HyPta based on Spark framework and evaluate it on 14 widely cited Java benchmarks. The evaluation shows that HyPta is faster than Averroes and Spark by a factor of 4.9x and 13.7x, respectively. Meanwhile, it constructs sound and precise partial call graphs.

Robert Husák,F. Zavoral,J. Kofroň

DOI: https://doi.org/10.14279/tuj.eceasst.77.1109

2019-10-21

Abstract:In order to prevent and fix errors in program code, developers need to understand its semantics to a significant extent. For this purpose, they use various approaches, such as manual call graph exploration or dynamic analysis with a debugger. However, these techniques tend to be cumbersome in a larger codebase, because they provide either underapproximate or overapproximate results and it is often hard to combine them. Therefore, we present AskTheCode, a Microsoft Visual Studio extension enabling to interactively explore a call graph, ensuring that only feasible execution traces are taken into consideration. AskTheCode is based on control flow analysis and backward symbolic execution. We show its potential to significantly improve developers' experience on a complex code example.

Computer Science

Qing Chen,Nan Chen,Wei Shuai,Guande Wu,Zhe Xu,Hanghang Tong,Nan Cao

DOI: https://doi.org/10.1109/tvcg.2023.3326925

IF: 5.2

2024-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:Graph or network data are widely studied in both data mining and visualization communities to review the relationship among different entities and groups. The data facts derived from graph visual analysis are important to help understand the social structures of complex data, especially for data journalism. However, it is challenging for data journalists to discover graph data facts and manually organize correlated facts around a meaningful topic due to the complexity of graph data and the difficulty to interpret graph narratives. Therefore, we present an automatic graph facts generation system, Calliope-Net, which consists of a fact discovery module, a fact organization module, and a visualization module. It creates annotated node-link diagrams with facts automatically discovered and organized from network data. A novel layout algorithm is designed to present meaningful and visually appealing annotated graphs. We evaluate the proposed system with two case studies and an in-lab user study. The results show that Calliope-Net can benefit users in discovering and understanding graph data facts with visually pleasing annotated visualizations.

Tao Xie,David Notkin

2001-01-01

Abstract:A dynamic call graph is the invocation relation that represents a specific set of runtime executions of a program. Dynamic call graph extraction is a typical application of dynamic analysis to aid compiler optimization, performance analysis, program understanding, etc. In this paper, we empirically compare the results of nine Java dynamic call graph extractors quantitatively and qualitatively. We investigate those differences among the dynamic call graph extracted by different tools mainly caused by different underlying Java program instrumentation techniques and other design decisions. A comparison between static call graph and dynamic call graph shows software engineering tools for program understanding place a different requirement on dynamic call graph from compilers or profilers whose main purpose is optimization or performance tuning. Dynamic call graphs require some complementary static information and an effective representation to aid program understanding. Choosing an appropriate instrumentation technique, integrating static and dynamic information, and providing flexible user manipulation for dynamic call graphs can better facilitate program understanding task. In this paper, we discuss the study and sketch the design considerations for an effective dynamic call graph tool to support program understanding.

Mehdi Keshani

DOI: https://doi.org/10.48550/arXiv.2103.15162

2021-03-29

Abstract:As a rich source of data, Call Graphs are used for various applications including security vulnerability detection. Despite multiple studies showing that Call Graphs can drastically improve the accuracy of analysis, existing ecosystem-scale tools like Dependabot do not use Call Graphs and work at the package-level. Using Call Graphs in ecosystem use cases is not practical because of the scalability problems that Call Graph generators have. Call Graph generation is usually considered to be a "full program analysis" resulting in large Call Graphs and expensive computation. To make an analysis applicable to ecosystem scale, this pragmatic approach does not work, because the number of possible combinations of how a particular artifact can be combined in a full program explodes. Therefore, it is necessary to make the analysis incremental. There are existing studies on different types of incremental program analysis. However, none of them focuses on Call Graph generation for an entire ecosystem. In this paper, we propose an incremental implementation of the CHA algorithm that can generate Call Graphs on-demand, by stitching together partial Call Graphs that have been extracted for libraries before. Our preliminary evaluation results show that the proposed approach scales well and outperforms the most scalable existing framework called OPAL.

Software Engineering

Mingzhe Hu,Qi Zhao,Yu Zhang,Yan Xiong

DOI: https://doi.org/10.1109/saner56733.2023.00024

2023-01-01

Abstract:Modern software systems are increasingly multi-lingual, which consist of components developed in different programming languages to reuse existing libraries and com-bine language features. Foreign function interface (FFI) is a mechanism that enables interoperation between a host language and a guest language. CFFI interoperating with external C is part of the language standard for almost all languages. For example, Python/C API is the CFFI between Python and C/C++. Python host with C guest can achieve both productivity and performance, and is widely used by many mainstream software systems in different application domains. The popularity of these software systems makes high demands on program analysis of multilingual codebases. A fundamental challenge is to construct call graphs that capture the connectivity between host and guest languages. In this work, we present a novel approach to call graph construction for calls from different host languages to C/C++ foreign functions. The semantics of the foreign function declaration interfaces are modeled to establish cross-language call relationships, taking into account the semantic abstraction to support different host languages. Graph transformation and function node fusions are defined to build the complete call graphs. We demonstrate experimentally that static call graphs for Python and JavaScript calling C/C++ can be constructed effectively and automatically. The call graph construction can further efficiently work as an IDE language server and integrate with other tools.

Li Sui,Jens Dietrich,Michael Emery,Shawn Rasheed,Amjed Tahir

DOI: https://doi.org/10.1007/978-3-030-02768-1_4

2018-01-01

Abstract:Static program analysis is widely used to detect bugs and vulnerabilities early in the life cycle of software. It models possible program executions without executing a program, and therefore has to deal with both false positives (precision) and false negatives (soundness). A particular challenge for sound static analysis is the presence of dynamic language features, which are prevalent in modern programming languages, and widely used in practice.We catalogue these features for Java and present a micro-benchmark that can be used to study the recall of static analysis tools. In many cases, we provide examples of real-world usage of the respective feature. We then study the call graphs constructed with soot, wala and doop using the benchmark. We find that while none of the tools can construct a sound call graph for all benchmark programs, they all offer some support for dynamic language features.We also discuss the notion of possible program execution that serves as the ground truth used to define both precision and soundness. It turns out that this notion is less straight-forward than expected as there are corner cases where the (language, JVM and standard library) specifications do not unambiguously define possible executions.

Tu Peng,Kai Wang

DOI: https://doi.org/10.1007/978-3-319-14717-8_46

2014-01-01

Abstract:Dynamic call graph represents runtime calls between entities in a program. Existed studies have used call graph to facilitate program comprehension and verification. However, the dynamic call graph produced by a program execution is complicated, especially when multithreads, loops and recursions are involved. In this paper, we retrieve dynamic call graph from program execution and transform it to call tree, and provide an approach of tree simplification by reducing loops and recursions. We formally define reachability properties over a call tree and reachability based tree isomorphism. We prove the soundness of tree simplification and the applicability to transform safety concerns verification to reachability properties searching. We implement the Dynamic Program Analyzer, and show how the behaviors of multithread programs can be retrieved, comprehended and verified.

Ibrahim Abdelaziz,Julian Dolby,Jamie McCusker,Kavitha Srinivas

DOI: https://doi.org/10.48550/arXiv.2002.09440

2021-09-28

Abstract:Knowledge graphs have been proven extremely useful in powering diverse applications in semantic search and natural language understanding. In this paper, we present GraphGen4Code, a toolkit to build code knowledge graphs that can similarly power various applications such as program search, code understanding, bug detection, and code automation. GraphGen4Code uses generic techniques to capture code semantics with the key nodes in the graph representing classes, functions, and methods. Edges indicate function usage (e.g., how data flows through function calls, as derived from program analysis of real code), and documentation about functions (e.g., code documentation, usage documentation, or forum discussions such as StackOverflow). Our toolkit uses named graphs in RDF to model graphs per program, or can output graphs as JSON. We show the scalability of the toolkit by applying it to 1.3 million Python files drawn from GitHub, 2,300 Python modules, and 47 million forum posts. This results in an integrated code graph with over 2 billion triples. We make the toolkit to build such graphs as well as the sample extraction of the 2 billion triples graph publicly available to the community for use.

Databases,Artificial Intelligence

Min Gao,Zheng Li,Ruichen Li,Chenhao Cui,Xinyuan Chen,Bodian Ye,Yupeng Li,Weiwei Gu,Qingyuan Gong,Xin Wang,Yang Chen

DOI: https://doi.org/10.1016/j.patter.2023.100839

2023-01-01

Abstract:Networks are powerful tools for representing the relationships and interactions between entities in various disciplines. However, existing network analysis tools and packages either lack powerful functionality or are not scalable for large networks. In this descriptor, we present EasyGraph, an open-source network analysis library that supports several network data formats and powerful network mining algorithms. EasyGraph provides excellent operating efficiency through a hybrid Python/C++ implementation and multiprocessing optimization. It is applicable to various disciplines and can handle large-scale networks. We demonstrate the effectiveness and efficiency of EasyGraph by applying crucial metrics and algorithms to random and real-world networks in domains such as physics, chemistry, and biology. The results demonstrate that EasyGraph improves the network analysis efficiency for users and reduces the difficulty of conducting large-scale network analysis. Overall, it is a comprehensive and efficient open-source tool for interdisciplinary network analysis.

Yuhao Yang,Jiabin Tang,Lianghao Xia,Xingchen Zou,Yuxuan Liang,Chao Huang

2024-12-22

Abstract:Real-world data is represented in both structured (e.g., graph connections) and unstructured (e.g., textual, visual information) formats, encompassing complex relationships that include explicit links (such as social connections and user behaviors) and implicit interdependencies among semantic entities, often illustrated through knowledge graphs. In this work, we propose GraphAgent, an automated agent pipeline that addresses both explicit graph dependencies and implicit graph-enhanced semantic inter-dependencies, aligning with practical data scenarios for predictive tasks (e.g., node classification) and generative tasks (e.g., text generation). GraphAgent comprises three key components: (i) a Graph Generator Agent that builds knowledge graphs to reflect complex semantic dependencies; (ii) a Task Planning Agent that interprets diverse user queries and formulates corresponding tasks through agentic self-planning; and (iii) a Task Execution Agent that efficiently executes planned tasks while automating tool matching and invocation in response to user queries. These agents collaborate seamlessly, integrating language models with graph language models to uncover intricate relational information and data semantic dependencies. Through extensive experiments on various graph-related predictive and text generative tasks on diverse datasets, we demonstrate the effectiveness of our GraphAgent across various settings. We have made our proposed GraphAgent open-source at: <a class="link-external link-https" href="https://github.com/HKUDS/GraphAgent" rel="external noopener nofollow">this https URL</a>.

Artificial Intelligence

Jiayun Lu,Xia Hou,Haoxiang Wang,Xiuming Qiao,Wenfeng Song

DOI: https://doi.org/10.1109/cisce62493.2024.10653047

2024-01-01

Abstract:Traditional code knowledge graphs have problems such as broad and complex knowledge coverage, incomplete code granularity, insufficient semantic richness in code relationships, and difficulty in comprehension. To address these challenges, a method for constructing a multi-granularity and multidimensional code knowledge graph was proposed. Firstly, a code knowledge graph ontology model was designed, capable of describing various granularity levels of code entities in the source code and multiple relationship dimensions between entities. Leveraging this ontology model, a methodology for constructing the code knowledge graph through knowledge extraction, fusion, and reasoning was proposed, with examples illustrating its multi-granularity and multidimensional characteristics. A prototype system capable of generating a code knowledge graph for project source code was implemented, and its application value was demonstrated using test case optimization as an example. The experimental results show that using multi-granularity and multidimensional code knowledge in the code knowledge graph can more effectively analyze the scope of code changes and help optimize test cases.

Peiyang Li,Zixin Liu,Yuening Su,Hao Wang,Bo Jiang

DOI: https://doi.org/10.18293/seke2023-123

2023-01-01

Abstract:Tracking the flow of external inputs in a program with taint-analysis techniques can help developers better identify potential security vulnerabilities in the software.However, directly using the static taint analysis provided by Clang Static Analyzer is inefficient for large-scale software due to the huge but redundant ExplodedGraph generated.Therefore, we propose an efficient Whole-Program Critical Paths Search (CAPS) framework.It first performs a set of optimizations to reduce the ExplodedGraph of each function.Then, it constructs a global exploded graph by inserting call edges among the reduced ExplodedGraphs for each function within the Neo4j graph database.Finally, it proposes loop removal and graph segmentation to optimize the search process for critical paths on the global exploded graph.Our experiments on 3 large-scale software show that CAPS can significantly improve the efficiency of critical path search for large-scale software.

Jingfeng Xue,Changzhen Hu,Kunsheng Wang,Rui Ma,Bingxin Leng

DOI: https://doi.org/10.1109/ICCEE.2009.66

2009-01-01

Abstract:Software structure is very important for software security. But it is very difficult to obtain software structure by software execution trace. In this paper, by researching system call sequences in the process of software execution, similar call graph is proposed. We present how to generate similar call graph by observed system call sequences. Based on this, a knowledge base for software security detection is constructed. Experiments show false alarm rate can be decreased effectively by the knowledge base and detection rate is higher by using appropriate threshold.