[Soot-list] Question
Hamid A. Toussi
hamid2c at gmail.com
Mon Jan 14 15:27:48 EST 2013
I don't think it's a really good idea since in a taint analysis you
have to identify the objects which may be tainted, this means that you
have to track the objects but in reaching definitions analysis, all
you get is defined over variables (or pointers). That is, your domain
is variables.
Hamid
> Hi Hamid,
> You are somehow right.
> I think the analysis that I mentioned can be done with both taint
> propagation and reaching defs, but because taint propagation would need more
> time while reaching def is ready I decided to use reaching defs.
> If there is anything wrong I would be grateful if you guided me.
>
>
>
> Best Regards,
>
>
>
>
> ----- Original Message -----
> From: Hamid A. Toussi <hamid2c at gmail.com>
> To: Zeinab Lashkaripour <lashkaripour at yahoo.com>
> Cc: soot-list <soot-list at sable.mcgill.ca>
> Sent: Monday, January 14, 2013 11:25 PM
> Subject: Re: [Soot-list] Question
>
> Hi Zeinab,
>
> On 1/14/13, Zeinab Lashkaripour <lashkaripour at yahoo.com> wrote:
>> Dear Reader,
>>
>> I am doing the following analysis:
>> I am looking for special function calls to see what variable they have
>> used
>> in order to track the value that the variable has taken before the call
>> which can be a simple assignment with out any branch or assignments inside
>> different kinds of branch. Up to now with the information I have I think
>> reaching definitions (def-use chain) is the suitable choice.
>
> I think, I read earlier in this mailing list that you are trying to do
> a taint-propagation analysis.
> Do you want to use def-use chain to do the taint-propagation analysis?
>
> Hamid
> http://hamid2c.github.com/
>
More information about the Soot-list
mailing list