A Cocktail Approach to Practical Call Graph Construction

Explore a novel approach to call graph construction for modern C-based software in this 18-minute conference talk from OOPSLA2 2023. Discover how researchers Yuandao Cai and Charles Zhang tackle the challenge of resolving function pointers efficiently and precisely. Learn about their comprehensive empirical study of function pointer manipulations in popular open-source systems and the innovative "cocktail approach" they developed. Understand how this method tailors and synergizes increasingly precise algorithms to reduce the need for expensive refinements. Examine the encouraging results of their prototype, Coral, which achieves similar precision to previous methods while scaling up to millions of lines of code. Gain insights into how this approach improves downstream applications such as use-after-free detection, thin slicing, and directed grey-box fuzzing. Hear about the discovery of twelve confirmed bugs in popular systems, demonstrating the practical impact of this research on vulnerability hunting and software understanding.