I've been doing research of analyzing Android application for a semester. Today, when I'm having bath, I guess I get some of the insight of the static program analysis research.
I think the program analysis research at the early stage is just use information get at compiling stage to
In the compiling process, compiler will translate the higher level language to the basic operation that the assembly language could recognize. When we do static analysis, we care about how some specific variable propagate in the whole execution process or which API call was trigger in what kind of context. The so called program behavior is just those kinds of things(Method invocation, variable propagation(including basic computation), reachability or dead code(The impact of certain code snippet to output of program) etc. To be complement) We can almost get any information through 3 structured representation: Control flow graph, Data flow graph, and Call graph.
In the current project I've been doing, we need to also handle the manifest file(A configuration for the components in Android application.) From the pure code perspective, we can regard this manifest file as the input of the program. Because we can get no information from it through the compiling procedure. But from the application perspective, as it's a static configuration file, it is part of the program. The information in it can use for static program analysis.
From this point, we can see that the static program analysis is actually a prediction of all the possible behavior the program could have in the runtime execution. So this behavior prediction can no longer get from the the compiling information alone. Because the runtime behavior is not only rely on the byte code of the program, it also rely on the configuration file of the program. That's where the inference rule comes in in our project.
Another thing worth noticing is that the interaction to the system itself. I still need to figure out how the current static analysis tool analyze the JDK code to get some insight of that.
When talking about access control, we are not only monitoring the program behavior of current program, we are more or less predicting what kind of operation it will execute when different possible program interact with current program interface.
没有评论:
发表评论