Pick Your Call Graphs Well: On Scaling IFDS-Based Data-Flow Analyses (SOAP 2025 - State Of the Art in Program Analysis)

Mon 16 - Fri 20 June 2025 Seoul, South Korea

Who

Kadiray Karakaya, Palaniappan Muthuraman, Eric Bodden

Track

SOAP 2025 State Of the Art in Program Analysis

Time Zone

The program is currently displayed in (GMT+09:00) Seoul.

Use conference time zone: (GMT+09:00) SeoulSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 16 Jun 2025 10:50 - 11:10 at Orchid - SOAP 2 Chair(s): Michael Schwarz

Abstract

Recent works on scaling IFDS-based analyses propose sophisticated techniques ranging from sparsification and disk-assisted computing to intelligent garbage collection. Yet, they choose a fixed call graph, thereby disregarding its implications on scalability.

This work presents an empirical evaluation of call graph precision's impact on the precision and scalability of the IFDS framework. To this end, we build QCG, a call graph generation tool for Android that extends the Qilin pointer analysis framework, and integrate it with FlowDroid, a state-of-the-art IFDS-based taint analysis solver. We assess the precision of 27 call graphs built with QCG and 4 default call graphs in FlowDroid, on the TaintBench benchmark of Android malware. We then evaluate how increasing the call-graph precision impacts FlowDroid's runtime performance and memory consumption on real-world apps.

We report that the time invested in building precise context-sensitive call graphs pays off: They significantly reduce IFDS analyses' runtimes while also improving their precision. However, there appears to be a sweet spot in the trade-off between the call graph construction time and the reduction in total analysis runtime.

DOI

https://doi.org/10.1145/3735544.3735587

Kadiray Karakaya

Heinz Nixdorf Institute at Paderborn University

Germany

Palaniappan Muthuraman

Heinz Nixdorf Institute at Paderborn University

Germany

Eric Bodden

Heinz Nixdorf Institute at Paderborn University; Fraunhofer IEM

Germany

Time Zone

The program is currently displayed in (GMT+09:00) Seoul.

Use conference time zone: (GMT+09:00) SeoulSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 16 Jun
Displayed time zone: Seoul change

10:30 - 12:00	SOAP 2SOAP at Orchid Chair(s): Michael Schwarz TU Munich

10:30 20m Talk		Scalable Language Agnostic Taint Tracking using Explicit Data Dependencies SOAP Sedick David Baker Effendi Stellenbosch University, Xavier Pinho StackGen, Andrei Michael Dreyer Whirly Labs, Fabian Yamaguchi Whirly Labs DOI Pre-print File Attached
10:50 20m Talk		Pick Your Call Graphs Well: On Scaling IFDS-Based Data-Flow Analyses SOAP Kadiray Karakaya Heinz Nixdorf Institute at Paderborn University, Palaniappan Muthuraman Heinz Nixdorf Institute at Paderborn University, Eric Bodden Heinz Nixdorf Institute at Paderborn University; Fraunhofer IEM DOI
11:10 20m Talk		Universal High-Performance CFL-Reachability via Matrix Multiplication SOAP Ilia Muravev Explyt, Semyon Grigorev Saint-Petersburg State University DOI
11:30 20m Talk		Beyond Affine Loops: A Geometric Approach to Program SynthesisRecorded SOAP Erdenebayar Bayarmagnai KU Leuven, Fatemeh Mohammadi KU Leuven, Rémi Prébet Inria DOI