External API calls are not considered in the side-effect analysis

[khatchad]

Ariadne doesn't analyze external libraries. Instead, it uses summaries (e.g., tensorflow.xml). Even then, I'm unsure whether such files can capture the memory being altered by API calls. And, for unsummarized libraries, there's no chance. For example, you may pass an object, e.g., a list, reference to an API, and the API implementation can modify the members of the object through the reference. Or, it may be a method call that modifies (mutates) the receiver.

Questions

1. Is there a way in the summaries to say which parameters may be altered by the API? Can you also say which methods are mutators (modifying self)?
2. Can we tell when we hit an unsummarized API?
3. When we hit a summarized API, do we assume that it's a TF operation that doesn't cause Python side-effects (I think the answer is yes).

For #2 above, I think it's very easy. You'd see in the pointer analysis that the function doesn't pointer to a summarized function instance (it would be blank). Basically, you'd be looking for function invocations whose function has an empty points-to set (that would be one way to do it). Should we conservatively assume that any external calls (outside of TF operations) cause side-effects? We already do this for the built-in print() function.