Paper Reading: StubDroid Automatic Inf

High-level

Summary:

StubDroid is an automatic approach of inferring library models for taint-analysis problems.

Evaluation:

The goal of this research is to reduce the total time of analyzing a target program.

I can''t find a single number describing how good their approach is compared to the full analysis.

Takeaways:

Three ways of analyzing application code with libraries: (1) manual model (2) analyze library code as application code (3) over-approximation based on signature

The second section, closely following the first one, is a motivating example.

http://blogs.upb.de/sse/tools/stubdroid/

Summary model: The taint summaries are rules: "this.o1. is tainted if parameter 1. is tainted" (based on model).

Implicit flow: index flow to indexed element.

It is very helpful and solid to give small code snippet of examples' abstraction.

"A summary approach such as STUBDROID can only be as precise & sound as the analysis on which it is based". STUBDROID is better than hadn-written ones though. However, I didn't find any direction comparison.

Practical Value

What you can learn from this to make your research better?

Select meaningful baselines and scope well

Details and Problems From the presenters’ point of view, what questions might audience ask?

For small things like Integer.toDecimalString(), which contains implicit dataflow, hand-written summary is better.

How applicable is this approach to summarizing other kind of code?

IDFS method summaries is linked to concrete client analysis -> does this mean that StubDroid is just persisting what is already there?

In this sense, this feels like a system flavor work, in which the key issue is how to make it usable and transparent, with good abstraction and generality. However, I don't think this work is good at this, or even caring about this at all.