[Soot-list] Spark Error with Flowdroid
Marc-André Laverdière-Papineau
marc-andre.laverdiere-papineau at polymtl.ca
Mon Jun 17 11:48:10 EDT 2013
For some odd reason, trying with this updated version from the author
seems to work...
http://servlets.com/cos/
So that removes the urgency for the fix :)
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 17/06/13 10:58 AM, Quentin Sabah wrote:
>> My only concern is the 'probable' part. I need to report to the
>> programmer that there is a security issue, and I'm sure that they'd like
>> precise report. So whatever information is in the tag needs to be sound.
>> I am not super excited about an over-approximation, but that is better
>> than the alternative.
>
>
> Of course the tag will report names with fidelity regarding the class annotations.
> The problem is that the local name table found in the class file doesn't have to be consistent with the source code. Compilers may put whatever information they want and there is no way this can be checked. The table is only for debug purpose.
>
> In the MultipartRequest class file, we clearly see that the compiler didn't insert all the necessary informations. The table could contain two names for the same local at the same bytecode index, and we couldn't tell much to the programmer.
>
> The worst is that currently, use-original-names may silently generate unsound jimple (not preserving the original bytecode semantics).
>
More information about the Soot-list
mailing list