Heapster and DroidMacroBench artifacts for the ICSE 2020 paper "Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis"

Heapster and DroidMacroBench artifacts for the ICSE 2020 paper "Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis"

For instructions on how to use the artifact, please follow the README.md file located in heapster_artifact.tar.gz.

Paper abstract:

The assessment of information flows is an essential part of analyzing

Android apps, and is frequently supported by static taint

analysis. Its precision, however, can suffer from the analysis not

being able to precisely determine what elements a pointer can (and

cannot) point to. Recent advances in static analysis suggest that

incorporating dynamic heap snapshots, taken at one point at runtime,

can significantly improve general static analysis. In this paper,

we investigate to what extent this also holds for taint analysis, and

how various design decisions, such as when and how many snapshots

are collected during execution, and how exactly they are used,

impact soundness and precision. We have extended FlowDroid to

incorporate heap snapshots, yielding our prototype Heapster, and

evaluated it on DroidMacroBench, a novel benchmark comprising

real-world Android apps that we also make available as an artifact.

The results show (1) the use of heap snapshots lowers analysis time

and memory consumption while increasing precision; (2) a very

good trade-off between precision and recall is achieved by a mixed

mode in which the analysis falls back to static points-to relations

for objects for which no dynamic data was recorded; and (3) while

a single heap snapshot (ideally taken at the end of the execution)

suffices to improve performance and precision, a better trade-off

can be obtained by using multiple snapshots.