5hadowblad3
commented
1 year ago In a high-level view, they are both served for finding the reachable program points to prune those irrelevant ones.
However, due to the precision of static analysis, different granularities could influence how many we can prune. This issue is an open question for future research.
Hi! I'm very interested in your research, and I have a question about tool implementation. The functions doDfsCFL and getReachableNodesForTarget in the source code are both used to obtain reachable nodes. Is there any difference between the two? Specifically, I observed that the function doDfsCFL additionally considers the loop situation of the function call graph. What impact will this have on the analysis?