[Soot-list] Question

Eric Bodden eric.bodden at ec-spride.de
Tue Jan 15 03:15:12 EST 2013 

Hi Zeinab.

In Soot you can use the class SimpleLocalDefs to compute use-def
chains, which is probably what you asked for.

But I agree with the others that it will only give you an
approximation (that may be unsound, depending on how you use it).
Taint analysis for Java is a hard problem that usually requires
pointer analysis and a sophisticated treatment of fields, arrays, etc.
Simple use-def or def-use chains don't give any of this.

Eric

On 14 January 2013 21:39, Zeinab Lashkaripour <lashkaripour at yahoo.com> wrote:
> Don't you think that I can find those objects and work with the variables
> they have used?
> Due to the short time that I have and that I don't have taint propagation
> just like I have reaching defs in Soot, Isn't reaching defs better?
>
> Best Regards,
>
> ----- Original Message -----
> From: Hamid A. Toussi <hamid2c at gmail.com>
> To: Zeinab Lashkaripour <lashkaripour at yahoo.com>
> Cc: soot-list <soot-list at sable.mcgill.ca>
> Sent: Monday, January 14, 2013 11:57 PM
> Subject: Re: [Soot-list] Question
>
> I don't think it's a really good idea since in a taint analysis you
> have to identify the objects which may be tainted, this means that you
> have to track the objects but in reaching definitions analysis, all
> you get is defined over variables (or pointers). That is, your domain
> is variables.
>
> Hamid
>
>> Hi Hamid,
>> You are somehow right.
>> I think the analysis that I mentioned can be done with both taint
>> propagation and reaching defs, but because taint propagation would need
>> more
>> time while reaching def is ready I decided to use reaching defs.
>> If there is anything wrong I would be grateful if you guided me.
>>
>>
>>
>> Best Regards,
>>
>>
>>
>>
>> ----- Original Message -----
>> From: Hamid A. Toussi <hamid2c at gmail.com>
>> To: Zeinab Lashkaripour <lashkaripour at yahoo.com>
>> Cc: soot-list <soot-list at sable.mcgill.ca>
>> Sent: Monday, January 14, 2013 11:25 PM
>> Subject: Re: [Soot-list] Question
>>
>> Hi Zeinab,
>>
>> On 1/14/13, Zeinab Lashkaripour <lashkaripour at yahoo.com> wrote:
>>> Dear Reader,
>>>
>>> I am doing the following analysis:
>>> I am looking for special function calls to see what variable they have
>>> used
>>> in order to track the value that the variable has taken before the call
>>> which can be a simple assignment with out any branch or assignments
>>> inside
>>> different kinds of branch. Up to now with the information I have I think
>>> reaching definitions (def-use chain) is the suitable choice.
>>
>> I think, I read earlier in this mailing list that you are trying to do
>> a taint-propagation analysis.
>> Do you want to use def-use chain to do the taint-propagation analysis?
>>
>> Hamid
>> http://hamid2c.github.com/
>>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>



-- 
Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt

More information about the Soot-list mailing list