Improving the recall of static analysis of applications using frameworks by generating equivalent code
News
Improving the recall of static analysis of applications using frameworks by generating equivalent code
Abstract
Static analysis of .NET applications using frameworks such as WPF and Entity Framework Core faces significant challenges due to incomplete call graphs. These frameworks rely on declarative markup files (XAML, Razor) processed at runtime, creating semantic gaps invisible to traditional static analyzers that work only with C# source code. This paper describes the approach to increase analysis recall through equivalent code generation from specialized files. The method reconstructs implicit connections between user interface elements and event handlers by parsing markup, extracting semantic relationships, and generating equivalent C# code that models user interaction scenarios. The technique was implemented in the SharpChecker static analyzer with focus on WPF applications. It includes XAML parsing, ViewModel extraction for MVVM patterns, and CodeDOM-based code generation simulating button clicks and command invocations. Experiments on five open-source WPF projects revealed 77 new true positive warnings, including division-by-zero errors and null pointer dereferences previously missed. The approach adds minimal analysis overhead and integrates seamlessly with existing analyzers. The results demonstrate that equivalent code generation significally enhances static analysis of framework-based applications.
Keywords
Edition
Proceedings of the Institute for System Programming, vol. 38, issue 2, 2026, pp. 95-110
ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).
DOI: 10.15514/ISPRAS-2026-38(2)-7
For citation
Full text of the paper in pdf (in Russian)
Back to the contents of the volume