search

awslabs / ar-go-tools

ar-go-tools (Argot) is a collection of analysis tools for Go
Apache License 2.0
5 stars 1 forks source link

Context Sensitive Call Graph #56

Closed amzn-jasonrk closed 2 months ago

amzn-jasonrk commented 6 months ago

The callgraph generated by the pointer analysis is sound*, but not precise in some places involving closures or interfaces. This causes unfeasible call edges which reduces the precision of downstream analyzes.

We can compute a new callgraph that is context sensitive (more precise) for certain important cases, such as:

  1. Once.Do
  2. sort.Sort
  3. http handlers

In at least some of these cases, we can compute the new callgraph with a lightweight analysis that tracks closures through variables/function calls on the stack, and thus doesn't require any complex reasoning about memory.

This change would have the following effects:

  1. There would no longer be a 1-to-1 correspondence between callgraph nodes and ssa.Functions. Instead, the same function would have potentially many nodes corresponding to it's possible calling context(s).
  2. We could no longer query the pointer analysis to determine the functions at a callsite, as the more precise callgraph could have fewer calls.
  3. When traversing the syntax of the program (i.e. to look for sources/sinks), the callgraph must be used instead of looking at ssa.Functions directly.

We can create our own graphs (possibly based on an existing graph) using New, CreateNode, and AddEdge from the callgraph package.

github-actions[bot] commented 2 months ago

Stale issue message