Paper Reading: StubDroid Automatic Inf
High-level
Summary:
StubDroid is an automatic approach of inferring library models for taint-analysis problems.
Evaluation:
The goal of this research is to reduce the total time of analyzing a target program.
I can''t find a single number describing how good their approach is compared to the full analysis.
Takeaways:
Three ways of analyzing application code with libraries: (1) manual model (2) analyze library code as application code (3) over-approximation based on signature
The second section, closely following the first one, is a motivating example.
http://blogs.upb.de/sse/tools/stubdroid/
Summary model: The taint summaries are rules: "this.o1. is tainted if parameter 1. is tainted" (based on model).
Implicit flow: index flow to indexed element.
It is very helpful and solid to give small code snippet of examples' abstraction.
"A summary approach such as STUBDROID can only be as precise & sound as the analysis on which it is based". STUBDROID is better than hadn-written ones though. However, I didn't find any direction comparison.
Practical Value
What you can learn from this to make your research better?
- Select meaningful baselines and scope well
Details and Problems From the presenters’ point of view, what questions might audience ask?
For small things like Integer.toDecimalString(), which contains implicit dataflow, hand-written summary is better.
How applicable is this approach to summarizing other kind of code?
IDFS method summaries is linked to concrete client analysis -> does this mean that StubDroid is just persisting what is already there?
In this sense, this feels like a system flavor work, in which the key issue is how to make it usable and transparent, with good abstraction and generality. However, I don't think this work is good at this, or even caring about this at all.