Current Situation:
ArchUnit currently relies on Class Hierarchy Analysis (CHA) for call graph construction, which introduces significant limitations due to the framework’s restrictions. CHA generates a large number of false positives because it does not account for runtime behavior, making the resulting call graph overly conservative and imprecise. This affects the accuracy of architectural tests and can reduce the usability of programming exercises.

Proposed Solution:
By integrating the WALA framework into Architectural tests, we can implement a more precise call graph construction algorithm—k-CFA (k-callsite-sensitive)—to offer an alternative to CHA. This will allow for more accurate architectural tests with fewer false positives, leading to better usability and a more reliable analysis.

Why Use k-CFA for Call Graph Construction Instead of CHA:

• Improved Precision:
  CHA creates overly broad call graphs by assuming that any method in a class hierarchy could be invoked. This conservative approach results in many edges between methods that are never actually invoked, leading to a high rate of false positives. k-CFA improves precision by analyzing call sites and distinguishing between different call paths.

• Context Sensitivity:
  k-CFA is context-sensitive, tracking multiple (k) call sites leading up to each method invocation. This context information allows k-CFA to differentiate between calls made from different locations, providing a more precise call graph than CHA, which does not account for such distinctions.

• Reduction of False Positives:
  k-CFA analyzes control flow and call sites, effectively reducing the number of spurious edges in the call graph. This leads to a more realistic representation of potential execution paths, making the analysis more useful for optimizations, security checks, and performance enhancements.

• Handling Dynamic Dispatch:
  Java's dynamic dispatch (polymorphism) is a challenge for CHA, as it only considers static inheritance relationships. k-CFA handles dynamic dispatch more accurately by analyzing the context of each method invocation, improving the precision of method resolution at runtime.

• Scalability and Precision:
  While CHA is fast and scales well for large codebases, its lack of precision can lead to a combinatorial explosion in the call graph size. k-CFA offers a balanced trade-off between scalability and accuracy, making it a better choice for complex or security-sensitive applications.

Next Steps:

• Implement the WALA framework to support k-CFA as an option for call graph analysis as an additional Setting

• Compare the efficiency and precision of k-CFA with CHA and other frameworks, especially for detecting security-related violations.