Dynamically Generating Callback Summaries for Enhancing Static Analysis (Artifact)

Authors Steven Arzt , Marc Miltenberger , Julius Näumann



PDF
Thumbnail PDF

Artifact Description

DARTS.10.2.2.pdf
  • Filesize: 0.58 MB
  • 5 pages

Document Identifiers

Author Details

Steven Arzt
  • Fraunhofer SIT | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Germany
Marc Miltenberger
  • Fraunhofer SIT | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Germany
Julius Näumann
  • TU Darmstadt | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Germany

Cite AsGet BibTex

Steven Arzt, Marc Miltenberger, and Julius Näumann. Dynamically Generating Callback Summaries for Enhancing Static Analysis (Artifact). In Special Issue of the 38th European Conference on Object-Oriented Programming (ECOOP 2024). Dagstuhl Artifacts Series (DARTS), Volume 10, Issue 2, pp. 2:1-2:5, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/DARTS.10.2.2

Artifact

Artifact Evaluation Policy

The artifact has been evaluated as described in the ECOOP 2024 Call for Artifacts and the ACM Artifact Review and Badging Policy.

Abstract

Interprocedural static analyses require a complete and precise callgraph. Since third-party libraries are responsible for large portions of the code of an app, a substantial fraction of the effort in callgraph generation is therefore spent on the library code for each app. For analyses that are oblivious to the inner workings of a library and only require the user code to be processed, the library can be replaced with a summary that allows to reconstruct the callbacks from library code back to user code. To improve performance, we propose the automatic generation and use of precise pre-computed callgraph summaries for commonly used libraries. Reflective method calls within libraries and callback-driven APIs pose further challenges for generating precise callgraphs using static analysis. Pre-computed summaries can also help analyses avoid these challenges. We present CGMiner, an approach for automatically generating callgraph models for library code. It dynamically observes sample apps that use one or more particular target libraries. As we show, CGMiner yields more than 94% of correct edges, whereas existing work only achieves around 33% correct edges. CGMiner avoids the high false positive rate of existing tools. We show that CGMiner integrated into FlowDroid uncovers 40% more data flows than our baseline without callback summaries. This artifact description describes how the artifacts can be build.

Subject Classification

ACM Subject Classification
  • Software and its engineering → Dynamic analysis
Keywords
  • dynamic analysis
  • callback detection
  • java
  • android

Metrics

References

  1. Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. Androzoo: collecting millions of android apps for the research community. In Proceedings of the 13th International Conference on Mining Software Repositories, MSR '16, pages 468-471, New York, NY, USA, 2016. Association for Computing Machinery. URL: https://doi.org/10.1145/2901739.2903508.
  2. Marc Miltenberger and Steven Arzt. Extensible and scalable architecture for hybrid analysis. In Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, pages 34-39, 2023. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail