Code Analysis

• static program analysis
• Analysis of software source code and other artifacts
• dynamic program analysis
• Analysis of output/trace data from running programs

Uses for Static Analysis

• Search/Query
• Metrics
• Support Program Understanding/Comprehension, Code Review
• Reverse Engineering
• Program Transformation
• Program Optimization
• Program Correctness

Use of Graphs

• Form of software visualization
• Allows us to see the overall view instead of getting lost in details
• focus + context
• Onion UML Diagrams

Major Graphs

• Call Graph
• Control Flow Graph (CFG)
• Data Flow Diagram (DFD)
• Program Dependency Graph (PDG)

Call Graph

• Nodes: methods/functions
• Edges: method/function calls
• Large call graph graph comparison

Call Graph: Functions

Demo: Create Call Graph

GraphViz Online

Call Graph: Methods

Call Graph: Macros

Call Graph: Function Pointers

Call Graph: Arrays of Functions

points-to analysis

• AKA, pointer analysis
• conservative
• Different call-graph generators produce different call graphs

What do we do with a call graph?

• Directly: Examine them for interesting patterns
• Indirectly: Generate, then use the information for computation

Control-Flow Graph

• Nodes: statements
• Edges: control flow

Binary Search

Binary Search