Oracle Corporation
Scalable pre-analysis of dynamic applications

Abstract:

A method may include dividing code into trusted and untrusted components, and identifying a dynamic invocation in a first component of the code. The first component may be an untrusted component. The method may further include extracting dynamic information from the dynamic invocation, and identifying, using the dynamic information and metadata describing a dynamic behavior of the code, a target for the dynamic invocation. The target may correspond to a second component of the code. The method may further include determining that the target matches the dynamic invocation, and in response to determining that the target matches the dynamic invocation, adding, to a call graph generated from the code, an edge from the dynamic invocation to the target.