Skip to content

Program Analysis EngineΒΆ

The program analysis engine is the core of the Lian code analysis framework. It is responsible for semantic analyses on GIR intermediate-language code, including control-flow analysis, data-flow analysis, and points-to analysis. It consists of three parts:

  • P1 - Basic structural analysis: The basic structural analysis module performs static structural analysis on GIR, such as scope hierarchy, module and import relationships, type hierarchy, control flow, and def-use relationships. Its code is mainly in the basics/ directory.

  • P2 - Bottom-up semantic analysis: The bottom-up semantic analysis module performs function-level data-flow and points-to relationship analysis, applies callee summaries to caller functions, and generates new data-flow and points-to relationships. Its code mainly includes core/prelim_semantics.py and core/stmt_states.py.

  • P3 - Top-down semantic analysis: The top-down semantic analysis module analyzes starting from the entry function and proceeds downward level by level, generating function-level data-flow and points-to relationships. Most of its implementation reuses the bottom-up semantic analysis, mainly including core/global_semantics.py and core/global_stmt_states.py.