[Soot-list] Spark Error with Flowdroid

[Bodden, Eric]

Hi Marc-Andre.

If this issue still persist, can you please raise a bug report?

Cheers,
Eric

On 17.06.2013, at 17:48, Marc-André Laverdière-Papineau <marc-andre.laverdiere-papineau at polymtl.ca> wrote:

> For some odd reason, trying with this updated version from the author
> seems to work...
> 
> http://servlets.com/cos/
> 
> So that removes the urgency for the fix :)
> 
> Marc-André Laverdière-Papineau
> Doctorant - PhD Candidate
> 
> On 17/06/13 10:58 AM, Quentin Sabah wrote:
>>> My only concern is the 'probable' part. I need to report to the
>>> programmer that there is a security issue, and I'm sure that they'd like
>>> precise report. So whatever information is in the tag needs to be sound.
>>> I am not super excited about an over-approximation, but that is better
>>> than the alternative.
>> 
>> 
>> Of course the tag will report names with fidelity regarding the class annotations.
>> The problem is that the local name table found in the class file doesn't have to be consistent with the source code. Compilers may put whatever information they want and there is no way this can be checked. The table is only for debug purpose.
>> 
>> In the MultipartRequest class file, we clearly see that the compiler didn't insert all the necessary informations. The table could contain two names for the same local at the same bytecode index, and we couldn't tell much to the programmer.
>> 
>> The worst is that currently, use-original-names may silently generate unsound jimple (not preserving the original bytecode semantics).
>> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list

--
Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt