Runtime-to-Static Graph Merge Algorithm

Module

Scanner

Status

IMPLEMENTED

Description

Merges runtime observations with static call graphs, marking existing edges as "observed" with confidence boost to 1.0, and adding new edges for dynamic dispatch paths discovered at runtime.

Implementation Details

Runtime-Static Merger:
- src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/RuntimeStaticMerger.cs - RuntimeStaticMerger merges runtime observations with static analysis graphs, boosting confidence of edges confirmed at runtime to 1.0 and adding new edges for dynamic dispatch paths
eBPF Signal Merger:
- src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfSignalMerger.cs - EbpfSignalMerger merges eBPF-sourced runtime signals into the static graph
Observed Path Slice Generator:
- src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/ObservedPathSliceGenerator.cs - Generates reachability slices from runtime-observed paths merged into static analysis
Trace Retention:
- src/Scanner/__Libraries/StellaOps.Scanner.Runtime/Retention/TraceRetentionManager.cs - TraceRetentionManager manages retention of runtime traces used in the merge process

E2E Test Plan

Merge a runtime observation set with a static call graph and verify existing edges that were observed at runtime have confidence boosted to 1.0
Verify new edges are added for dynamic dispatch paths discovered at runtime (e.g., reflection, virtual method dispatch) that are not present in the static graph
Verify the merged graph retains all static-only edges with their original confidence scores
Verify the merge algorithm handles conflicting information between static and runtime analysis (e.g., static says unreachable, runtime says observed)
Verify eBPF-sourced signals are correctly merged into the graph via EbpfSignalMerger

1.9 KiB Raw Blame History