NoCFG: A Lightweight Approach for Sound Call Graph Approximation
share
Interprocedural analysis refers to gathering information about the entire program rather than for a single procedure only, as in intraprocedural analysis. Interprocedural analysis enables a more precise analysis; however, it is complicated due to the difficulty of constructing an accurate program call graph. Current algorithms for constructing sound and precise call graphs analyze complex program dependencies, therefore they might be difficult to scale. Their complexity stems from the kind of type-inference analysis they use, in particular the use of some variations of points-to analysis. To address this problem, we propose NoCFG, a new sound and scalable method for approximating a call graph that supports a wide variety of programming languages. A key property of NoCFG is that it works on a coarse abstraction of the program, discarding many of the programming language constructs. Due to the coarse program abstraction, extending it to support also other languages is easy. We provide a formal proof for the soundness of NoCFG and evaluations for real-world projects written in both Python and C#. The experimental results demonstrate a high precision rate of 90 a security use-case over projects with up to 2 million lines of code.
READ FULL TEXT