Procedure Tier

The procedure tier uses the set of data flow paths found at the data type tier to construct a data flow graph that shows the data flow relationships between formal input and formal output parameters passed between procedures. Unlike previous tiers, procedure tier data flow paths explicitly identify the formal parameter index that data is being passed to. This helps to further isolate data flow paths from one another and improves the overall accuracy of paths that are selected. The graph is generated using the one-to-many table that was populated during generalization which conveys the procedure data flow paths that were generalized by the set of qualified data type data flow paths. The graph that is generated as a result is shown in figure 17.

Figure 17: Procedure tier data flow graph for the web application representing potentially reachable paths between the source and sink flow descriptor. These paths were qualified by reachable paths found at the data type tier.

Using the graph, the algorithm is again employed to find paths between the source and sink flow descriptor at the procedure tier. Due to the simplicity of the example application, only a few data flow paths were rendered. The complete data flow path from fout(get_QueryString, 0) to fin(Start, 0) can be clearly seen.