Call graph generation is critical for program understanding and analysis, but achieving both accuracy and precision is challenging. Existing methods trade off one for the other, particularly in dy- namic languages like JavaScript. This paper introduces "Graphia," an approach that combines structural and semantic information using a Graph Neural Network (GNN) to enhance call graph accu- racy. Graphia’s two-step process employs an initial call graph as training data for the GNN, which then uncovers true call edges in new programs. Experimental results show Graphia significantly improves true positive rates in vulnerability detection, achieving up to 95%. This approach advances call graph accuracy by effectively incorporating code structure and context, particularly in complex dynamic language scenarios.
European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)
2023-11-30
2024-06-19