Dynamically Generating Callback Summaries for Enhancing Static Analysis
Interprocedural static analyses require a complete and precise callgraph. Since third-party libraries are responsible for large portions of the code of an app, a substantial fraction of the effort in callgraph generation is therefore spent on the library code for each app. For analyses that are oblivious to the inner workings of a library and only require the user code to be processed, the library can be replaced with a summary that allows to reconstruct the callbacks from library code back to user code. To improve performance, we propose the automatic generation and use of precise pre-computed callgraph summaries for commonly used libraries. Reflective method calls within libraries and callback-driven APIs pose further challenges for generating precise callgraphs using static analysis. Pre-computed summaries can also help analyses avoid these challenges.
We present CGMiner, an approach for automatically generating callgraph models for library code. It dynamically observes sample apps that use one or more particular target libraries. As we show, CGMiner yields more than 91% of correct edges, whereas existing work only achieves around 30% correct edges. CGMiner avoids the high false positive rate of existing tools. We show that CGMiner integrated into FlowDroid uncovers 39% more data flows than our baseline without callback summaries.
Mon 16 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | |||
15:30 15mTalk | Partial Redundancy Elimination in Two Iterative Data Flow Analyses Technical Papers Reshma Roy National Institute of Technology, Calicut, Sreekala S National Institute of Technology, Calicut, Vineeth Paleri National Institute of Technology, Calicut | ||
15:45 15mTalk | Indirection-Bounded Call Graph Analysis Technical Papers Madhurima Chakraborty University of California, Riverside, Aakash Gnanakumar University of California, Riverside, Manu Sridharan University of California at Riverside, Anders Møller Aarhus University | ||
16:00 15mTalk | Dynamically Generating Callback Summaries for Enhancing Static Analysis Technical Papers Steven Arzt Fraunhofer SIT; ATHENE, Marc Miltenberger Fraunhofer SIT | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Julius Näumann TU Darmstadt | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt | ||
16:15 15mTalk | A CFL-Reachability Formulation of Callsite-Sensitive Pointer Analysis with Built-in On-the-Fly Call Graph Construction Technical Papers Dongjie He Chongqing University, China, Jingbo Lu University of New South Wales, Jingling Xue UNSW Sydney | ||
16:30 15mTalk | Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications Technical Papers Fabian Schiebel Fraunhofer IEM, Florian Sattler Saarland Informatics Campus, Saarland University, Philipp Dominik Schubert Heinz Nixdorf Institut, Paderborn University, Sven Apel Saarland University, Eric Bodden | ||