Scalable Call Graph Constructor for Maven

机译：可扩展的呼叫图构造函数maven

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

As a rich source of data, Call Graphs are used for various applications including security vulnerability detection. Despite multiple studies showing that Call Graphs can drastically improve the accuracy of analysis, existing ecosystem-scale tools like Dependabot do not use Call Graphs and work at the package-level. Using Call Graphs in ecosystem use cases is not practical because of the scalability problems that Call Graph generators have. Call Graph generation is usually considered to be a "full program analysis" resulting in large Call Graphs and expensive computation. To make an analysis applicable to ecosystem scale, this pragmatic approach does not work, because the number of possible combinations of how a particular artifact can be combined in a full program explodes. Therefore, it is necessary to make the analysis incremental. There are existing studies on different types of incremental program analysis. However, none of them focuses on Call Graph generation for an entire ecosystem. In this paper, we propose an incremental implementation of the CHA algorithm that can generate Call Graphs on-demand, by stitching together partial Call Graphs that have been extracted for libraries before. Our preliminary evaluation results show that the proposed approach scales well and outperforms the most scalable existing framework called OPAL.

机译：作为丰富的数据来源，呼叫图用于各种应用程序，包括安全漏洞检测。尽管有多项研究表明，呼叫图可以大大提高分析的准确性，但现有的生态系统级工具，如依赖性，请勿在包级别使用呼叫图和工作。由于调用图形生成器具有的可扩展性问题，使用生态系统中的呼叫图并不实用。呼叫图生成通常被认为是“完整程序分析”，导致大的呼叫图和昂贵的计算。为了进行适用于生态系统规模的分析，这种语用方法不起作用，因为在完整的程序中如何组合特定工件的可能组合的数量爆炸。因此，有必要进行分析增量。存在关于不同类型的增量计划分析的研究。但是，它们都没有侧重于整个生态系统的呼叫图生成。在本文中，我们提出了一种增量实现，其可以通过以前为库中提取的部分呼叫图拼接在一起，以便按需生成呼叫图。我们的初步评估结果表明，所提出的方法衡量良好并优于称为蛋白石的最可扩展的现有框架。

著录项

来源
《International Conference on Software Engineering: Companion Proceedings》|2021年|99-101|共3页
会议地点
作者
Mehdi Keshani;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Scalability; Ecosystems; Tools; Libraries; Security; Software engineering; Pragmatics;

机译：可扩展性;生态系统;工具;图书馆;安全;软件工程;语用学;

相似文献

外文文献
中文文献
专利

1. Constructor Graphs as Useful Tools for the Classification of Hydrogen Bonded Solids: The Case Study of the Cationic (Dimethylphosphoryl)methanaminium ( dpma H + ) Tecton [J] . Guido J. Reiss Crystals . 2016,第1期

机译：构造图作为氢键结合固体分类的有用工具：阳离子（二甲基磷酰基）甲铵（dpma H +）构造子的案例研究
2. Constructor Graphs as Useful Tools for the Classification of Hydrogen Bonded Solids: The Case Study of the Cationic (Dimethylphosphoryl)methanaminium (dpmaH+) Tecton [J] . Guido J. Reiss, S#x142, awomir J. Grabowski Crystals . 2015,第1期

机译：构造图作为氢键结合固体分类的有用工具：阳离子（二甲基磷酰基）甲铵（dpmaH + ）构造子的案例研究
3. Thin Current Sheets of Sub-ion Scales observed by MAVEN in the Martian Magnetotail [J] . Grigorenko E. E., Zelenyi L. M., DiBraccio G., Geophysical Research Letters . 2019,第12期

机译：MAVEN在Martian Magnetotail中观察到薄的子离子尺度薄板
4. The Maven Dependency Graph: A Temporal Graph-Based Representation of Maven Central [C] . Amine Benelallam, Nicolas Harrand, César Soto-Valero, IEEE/ACM International Conference on Mining Software Repositories . 2019

机译：Maven依赖图：基于时间图的Maven Central表示
5. Every Field in Minnesota: Building a Geographically Scalable Satellite Imagery Analytics System for Mapping Crop Fields [D] . Bakker, Jesse. 2020

机译：明尼苏达州的每个领域：构建地理上可扩展的卫星图像分析系统，用于映射裁剪字段
6. A Novel Graph Constructor for Semisupervised Discriminant Analysis: Combined Low-Rank and k-Nearest Neighbor Graph [O] . Baokai Zu, Kewen Xia, Yongke Pan, 2017

机译：一种用于半监督判别分析的新型图构造器：组合的低秩和k最近邻图
7. Scalable Call Graph Constructor for Maven [O] . Mehdi Keshani 2021

机译：可伸缩的呼叫图构造函数用于maven

Scalable Call Graph Constructor for Maven

摘要

著录项

相似文献

相关主题

期刊订阅