Static Code Analysis and Change Impact Assessment for Financial Risk Prevention

In recent years, a static analysis tool and a dynamic analysis tool were developed for risk prevention; this article summarizes the static analysis technology and change‑impact techniques.

1. Background

As financial services scale to billions of users and trillions of funds, any major fault can cause severe losses, so the goal is to achieve "nuclear‑plant‑level" safety with zero risk events and zero financial loss. However, the long system chain and complex business logic often lead to missed scenario analyses, causing online issues.

More than 50% of online problems stem from omitted scenario analyses, with thousands of risk fields across code bases. Human expert experience alone cannot guarantee complete coverage.

1.2 Solution Idea

To eliminate reliance on human experts, the approach converts expert knowledge into system capabilities by building an automated technical risk‑assessment platform based on static analysis. Change code is used as input to infer impacted business scenarios, use cases, and verification items.

The goal is to derive impacted JAVA fields and DB fields from code changes, then map those DB fields to affected use cases and verification steps.

1.3 Goal

The objective of change insight is to reduce online problems caused by missed scenario evaluations by more than 50%.

2. Solution

2.1 Domain Modeling

The impact inference follows these steps:

Match changed code lines to sliced code lines.

Locate the corresponding program slice.

Extract model fields from the slice.

Analyze model fields to obtain DB fields.

Derive verification items from DB fields.

Find related test cases from DB fields.

2.2 Implementation Plan

Change insight consists of four steps:

Source change notification – the whole process is triggered by a code change event and the system is packaged.

Program slice analysis – extract the slice of a field from bytecode.

Impact field analysis – identify DB fields affected by the change.

Change impact analysis – based on DB fields, determine affected test cases and verification items.

2.3 What Is Variable Lineage

Variable lineage describes the relationships between variables in a system and is obtained by analyzing method call chains and intra‑method variable dependencies.

2.4 Source Code Change Notification

Before program‑slice analysis, source code must be compiled and packaged.

Pre‑change: When a Tag Push event is received, the system uses AntCode to compile the release version.

Post‑change: When an MR event is received, AntCode compiles the current iteration branch.

2.5 Program Slice Extraction

2.5.1 What Is a Program Slice

Program slicing is a static analysis technique that extracts code fragments related to a particular line of code (the slicing criterion). For example, the backward slice of printf("%d\n", i); includes all statements that affect the value of i .

The resulting slice contains only code that is data‑ or condition‑dependent on the variable of interest.

Forward slicing examples are also shown.

2.5.2 Obtaining the Slicing Criterion

The input to slice extraction is the slicing criterion and the program bytecode; the output is the program slice for that criterion. DB fields are obtained via red‑blue analysis, and corresponding JAVA fields are extracted from SQLMAP mappings.

2.5.3 JAVA Field to Program Slice

Static analysis cannot achieve 100% completeness; to reduce false negatives, a dual‑engine approach is used: an internal static analysis engine and the open‑source WALA framework (enhanced with a custom pointer‑analysis patch).

2.6 Impact Field Analysis

The process uses diffs and program slices to determine whether a slice is affected, then maps the slice to JAVA fields and finally to DB fields via SQLMAP.

2.6.1 Impacted JAVA Fields

Changes can be additions, deletions, or modifications (the latter being a combination of add and delete). By intersecting pre‑change slices with deleted code and post‑change slices with added code, impacted JAVA fields are identified.

2.6.1 Impacted DB Fields

JAVA‑to‑DB field relationships are derived from the resultMap tags in SQLMAP files.

3. Static Analysis Optimization

3.1 Problems in Variable Lineage Analysis

Three categories of challenges exist: precision, speed, and scale. Fourteen precision issues, one speed issue, and one scalability issue were identified.

3.2 Core Solution Analysis

Seventeen core problems were identified, with solutions ranging from implementing research‑paper algorithms (e.g., dispatch improvement, object‑sensitivity optimization) to introducing dynamic analysis for cross‑system issues.

序号

问题分类

问题子类

问题点

解法

1

系统级精度问题

系统调用链断开

消息通讯

依赖动态链路刻画

2

RPC通讯

3

系统调用关系错误

SPI调用

4

方法级精度

调用链断开

IOC容器创建实例

实现论文算法《dispatch改进》提升效果‑40%

5

回调调用

6

反射调用

依赖动态链路刻画

7

异步调用

8

切面拦截

9

动态代理

10

配置类

11

调用链错误

单接口多实现

实现论文《对象敏感性优化》和《混合敏感性分析》，精度提升40%

12

单方法多调用

13

指令级精度

变量关系错误

集合类读写

14

流敏感性分析，获取运行时关系

依赖动态链路刻画

15

动态代码（DRM开关）

依赖动态链路刻画

16

分析速度

调用链越长分析越慢

实现论文算法《摘要类建模》，速度提升20%~40%

17

分析规模

分析内容的大小和开销指数级增长

分析任务垂直拆分

If further accuracy improvements are needed, dynamic code analysis can be introduced; ongoing work includes dynamic link tracing and dynamic code analysis.