[Soot-list] Can FlowDroid recognize source and sink in a worker thread?
Jin Li
lijin1988 at gmail.com
Mon Aug 25 21:44:43 EDT 2014
Hi Stefan & All,
Thanks for your reply.
After read your email, I checked the dummyMainMethod. I found some points
that I can't understand.
1, In the FlowDroid paper, it says FlowDroid would associate
components(activities, services, etc.) with the callbacks they register.
However, In my example, I found callbacks of a service appeared
between the onResume() and onPause events of a activity.
2, It seemed that user defined callback didn't be recongnized. But, I
think it should have runtime type infomation of the user defined class.
Can you give me some explanations?
dummyMainMethod code snippets:
public static void dummyMainMethod()
{
int $i0, $i1;
org.traccar.client.TraccarActivity $r0;
android.os.Bundle $r1, $r6, $r13, $r15, $r23, $r34;
org.traccar.client.PositionProvider $r2, $r3, $r7, $r19, $r20,
$r24, $r30, $r31, $r35;
org.traccar.client.PositionProvider$1 $r4, $r21, $r32;
org.traccar.client.PositionProvider$InternalLocationListener $r5,
$r22, $r33;
org.traccar.client.PositionProvider$2 $r8, $r25, $r36;
org.traccar.client.TraccarService $r9, $r16;
org.traccar.client.TraccarService$2 $r10, $r26, $r37;
boolean $z0, $z1, $z2, $z3;
org.traccar.client.TraccarActivity$1 $r11, $r27, $r38;
org.traccar.client.AboutActivity $r12;
org.traccar.client.StatusActivity $r14;
android.content.Intent $r17, $r18, $r28, $r40;
android.os.IBinder $r29;
org.traccar.client.AutostartReceiver $r39;
$i0 = 0;
label01:
if $i0 == 0 goto label04;
$r0 = new org.traccar.client.TraccarActivity;
specialinvoke $r0.<org.traccar.client.TraccarActivity: void
<init>()>();
if $i0 == 1 goto label04;
$r1 = new android.os.Bundle;
specialinvoke $r1.<android.os.Bundle: void <init>()>();
virtualinvoke $r0.<org.traccar.client.TraccarActivity: void
onCreate(android.os.Bundle)>($r1);
$r1 = null;
label02:
virtualinvoke $r0.<org.traccar.client.TraccarActivity: void
onResume()>();
label03:
$r2 = new org.traccar.client.PositionProvider;
specialinvoke $r2.<org.traccar.client.PositionProvider: void
<init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r0,
"", 0L, null);
$r3 = null;
$r4 = new org.traccar.client.PositionProvider$1;
specialinvoke $r4.<org.traccar.client.PositionProvider$1: void
<init>(org.traccar.client.PositionProvider)>($r3);
$r5 = new
org.traccar.client.PositionProvider$InternalLocationListener;
specialinvoke
$r5.<org.traccar.client.PositionProvider$InternalLocationListener: void
<init>(org.traccar.client.PositionProvider,org.traccar.client.PositionProvider$1)>($r2,
$r4);
$r6 = new android.os.Bundle;
specialinvoke $r6.<android.os.Bundle: void <init>()>();
virtualinvoke
$r5.<org.traccar.client.PositionProvider$InternalLocationListener: void
onStatusChanged(java.lang.String,int,android.os.Bundle)>("", 0, $r6);
$r6 = null;
$r7 = new org.traccar.client.PositionProvider;
specialinvoke $r7.<org.traccar.client.PositionProvider: void
<init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r0,
"", 0L, null);
$r8 = new org.traccar.client.PositionProvider$2;
specialinvoke $r8.<org.traccar.client.PositionProvider$2: void
<init>(org.traccar.client.PositionProvider)>($r7);
virtualinvoke $r8.<org.traccar.client.PositionProvider$2: void
onGpsStatusChanged(int)>(0);
$r9 = new org.traccar.client.TraccarService;
specialinvoke $r9.<org.traccar.client.TraccarService: void
<init>()>();
$r10 = new org.traccar.client.TraccarService$2;
specialinvoke $r10.<org.traccar.client.TraccarService$2: void
<init>(org.traccar.client.TraccarService)>($r9);
virtualinvoke $r10.<org.traccar.client.TraccarService$2: void
onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
"");
$z0 = virtualinvoke $r0.<org.traccar.client.TraccarActivity:
boolean onCreateOptionsMenu(android.view.Menu)>(null);
$z1 = virtualinvoke $r0.<org.traccar.client.TraccarActivity:
boolean onOptionsItemSelected(android.view.MenuItem)>(null);
$r11 = new org.traccar.client.TraccarActivity$1;
specialinvoke $r11.<org.traccar.client.TraccarActivity$1: void
<init>(org.traccar.client.TraccarActivity)>($r0);
virtualinvoke $r11.<org.traccar.client.TraccarActivity$1: void
onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
"");
if $i0 == 8 goto label03;
if $i0 == 9 goto label03;
virtualinvoke $r0.<org.traccar.client.TraccarActivity: void
onPause()>();
if $i0 == 10 goto label02;
if $i0 == 11 goto label04;
if $i0 == 12 goto label02;
label04:
if $i0 == 14 goto label06;
$r12 = new org.traccar.client.AboutActivity;
specialinvoke $r12.<org.traccar.client.AboutActivity: void
<init>()>();
if $i0 == 15 goto label06;
$r13 = new android.os.Bundle;
specialinvoke $r13.<android.os.Bundle: void <init>()>();
virtualinvoke $r12.<org.traccar.client.AboutActivity: void
onCreate(android.os.Bundle)>($r13);
$r13 = null;
label05:
if $i0 == 18 goto label06;
if $i0 == 19 goto label05;
label06:
if $i0 == 21 goto label09;
$r14 = new org.traccar.client.StatusActivity;
specialinvoke $r14.<org.traccar.client.StatusActivity: void
<init>()>();
if $i0 == 22 goto label09;
$r15 = new android.os.Bundle;
specialinvoke $r15.<android.os.Bundle: void <init>()>();
virtualinvoke $r14.<org.traccar.client.StatusActivity: void
onCreate(android.os.Bundle)>($r15);
$r15 = null;
label07:
staticinvoke <org.traccar.client.StatusActivity: void <clinit>()>();
$z2 = virtualinvoke $r14.<org.traccar.client.StatusActivity:
boolean onOptionsItemSelected(android.view.MenuItem)>(null);
$z3 = virtualinvoke $r14.<org.traccar.client.StatusActivity:
boolean onCreateOptionsMenu(android.view.Menu)>(null);
if $i0 == 26 goto label07;
if $i0 == 27 goto label07;
if $i0 == 28 goto label07;
if $i0 == 29 goto label08;
if $i0 == 30 goto label07;
label08:
virtualinvoke $r14.<org.traccar.client.StatusActivity: void
onDestroy()>();
label09:
if $i0 == 32 goto label13;
$r16 = new org.traccar.client.TraccarService;
specialinvoke $r16.<org.traccar.client.TraccarService: void
<init>()>();
virtualinvoke $r16.<org.traccar.client.TraccarService: void
onCreate()>();
$r17 = new android.content.Intent;
specialinvoke $r17.<android.content.Intent: void <init>()>();
virtualinvoke $r16.<org.traccar.client.TraccarService: void
onStart(android.content.Intent,int)>($r17, 0);
$r17 = null;
$r18 = new android.content.Intent;
specialinvoke $r18.<android.content.Intent: void <init>()>();
$i1 = virtualinvoke $r16.<org.traccar.client.TraccarService: int
onStartCommand(android.content.Intent,int,int)>($r18, 0, 0);
$r18 = null;
label10:
$r19 = new org.traccar.client.PositionProvider;
specialinvoke $r19.<org.traccar.client.PositionProvider: void
<init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
"", 0L, null);
$r20 = null;
$r21 = new org.traccar.client.PositionProvider$1;
specialinvoke $r21.<org.traccar.client.PositionProvider$1: void
<init>(org.traccar.client.PositionProvider)>($r20);
$r22 = new
org.traccar.client.PositionProvider$InternalLocationListener;
specialinvoke
$r22.<org.traccar.client.PositionProvider$InternalLocationListener: void
<init>(org.traccar.client.PositionProvider,org.traccar.client.PositionProvider$1)>($r19,
$r21);
$r23 = new android.os.Bundle;
specialinvoke $r23.<android.os.Bundle: void <init>()>();
virtualinvoke
$r22.<org.traccar.client.PositionProvider$InternalLocationListener: void
onStatusChanged(java.lang.String,int,android.os.Bundle)>("", 0, $r23);
$r23 = null;
$r24 = new org.traccar.client.PositionProvider;
specialinvoke $r24.<org.traccar.client.PositionProvider: void
<init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
"", 0L, null);
$r25 = new org.traccar.client.PositionProvider$2;
specialinvoke $r25.<org.traccar.client.PositionProvider$2: void
<init>(org.traccar.client.PositionProvider)>($r24);
virtualinvoke $r25.<org.traccar.client.PositionProvider$2: void
onGpsStatusChanged(int)>(0);
$r26 = new org.traccar.client.TraccarService$2;
specialinvoke $r26.<org.traccar.client.TraccarService$2: void
<init>(org.traccar.client.TraccarService)>($r16);
virtualinvoke $r26.<org.traccar.client.TraccarService$2: void
onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
"");
$r27 = new org.traccar.client.TraccarActivity$1;
specialinvoke $r27.<org.traccar.client.TraccarActivity$1: void
<init>(org.traccar.client.TraccarActivity)>($r0);
virtualinvoke $r27.<org.traccar.client.TraccarActivity$1: void
onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
"");
if $i0 == 37 goto label10;
$r28 = new android.content.Intent;
specialinvoke $r28.<android.content.Intent: void <init>()>();
$r29 = virtualinvoke $r16.<org.traccar.client.TraccarService:
android.os.IBinder onBind(android.content.Intent)>($r28);
$r28 = null;
label11:
$r30 = new org.traccar.client.PositionProvider;
specialinvoke $r30.<org.traccar.client.PositionProvider: void
<init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
"", 0L, null);
$r31 = null;
$r32 = new org.traccar.client.PositionProvider$1;
specialinvoke $r32.<org.traccar.client.PositionProvider$1: void
<init>(org.traccar.client.PositionProvider)>($r31);
$r33 = new
org.traccar.client.PositionProvider$InternalLocationListener;
specialinvoke
$r33.<org.traccar.client.PositionProvider$InternalLocationListener: void
<init>(org.traccar.client.PositionProvider,org.traccar.client.PositionProvider$1)>($r30,
$r32);
$r34 = new android.os.Bundle;
specialinvoke $r34.<android.os.Bundle: void <init>()>();
virtualinvoke
$r33.<org.traccar.client.PositionProvider$InternalLocationListener: void
onStatusChanged(java.lang.String,int,android.os.Bundle)>("", 0, $r34);
$r34 = null;
$r35 = new org.traccar.client.PositionProvider;
specialinvoke $r35.<org.traccar.client.PositionProvider: void
<init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
"", 0L, null);
$r36 = new org.traccar.client.PositionProvider$2;
specialinvoke $r36.<org.traccar.client.PositionProvider$2: void
<init>(org.traccar.client.PositionProvider)>($r35);
virtualinvoke $r36.<org.traccar.client.PositionProvider$2: void
onGpsStatusChanged(int)>(0);
$r37 = new org.traccar.client.TraccarService$2;
specialinvoke $r37.<org.traccar.client.TraccarService$2: void
<init>(org.traccar.client.TraccarService)>($r16);
virtualinvoke $r37.<org.traccar.client.TraccarService$2: void
onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
"");
$r38 = new org.traccar.client.TraccarActivity$1;
specialinvoke $r38.<org.traccar.client.TraccarActivity$1: void
<init>(org.traccar.client.TraccarActivity)>($r0);
virtualinvoke $r38.<org.traccar.client.TraccarActivity$1: void
onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
"");
if $i0 == 42 goto label11;
if $i0 == 43 goto label12;
if $i0 == 44 goto label11;
label12:
virtualinvoke $r16.<org.traccar.client.TraccarService: void
onDestroy()>();
label13:
if $i0 == 45 goto label15;
$r39 = new org.traccar.client.AutostartReceiver;
specialinvoke $r39.<org.traccar.client.AutostartReceiver: void
<init>()>();
if $i0 == 46 goto label15;
$r40 = new android.content.Intent;
specialinvoke $r40.<android.content.Intent: void <init>()>();
label14:
virtualinvoke $r39.<org.traccar.client.AutostartReceiver: void
onReceive(android.content.Context,android.content.Intent)>(null, $r40);
$r40 = null;
if $i0 == 47 goto label14;
label15:
if $i0 == 48 goto label01;
return;
}
Best Regards,
Jin
2014-08-25 22:02 GMT+08:00 Stefan Gommer <gommeriphone at googlemail.com>:
> Hi Jin,
>
> this is an answer I got from Steven on a similar topic a short time ago.
> Maybe this is also the answer to your question.
>
> Cheers,
> Stefan
>
> Message from Steven:
> Callgraph edges are never transitive, so there is only an edge from the
> direct caller to the direct callee. Additionally, note that the SPARK
> callgraph algorithm only finds an edge for a virtual method call if it has
> only seen a constructor call for the respective base object. Take the
> following code:
>
> A a = new A();
> a.foo();
>
> There will be an edge to foo(). On the other hand, take this code:
>
> A a = Factory.getA();
> a.foo();
>
> Assume that “Factory” is an Android framework class. In this case, the
> constructor call for the A class is buried somewhere in the framework and
> not visible to SPARK. Consequently, SPARK has no runtime type information
> for variable “a” and will not produce a call graph edge for foo(). This is
> a known problem. Adaptive callgraph algorithms that dynamically scale
> between precision and approximations for unavailable information are an
> open research problems and, in fact, we are currently looking for a Master
> student to work on this topic as a thesis. In FlowDroid, we simply use the
> direct target of the call (and ignore the call graph) for library calls
> handled through a taint wrapper (see the paper for more information on
> taint wrappers).
>
>
>
> Am 25.08.2014 um 14:45 schrieb Jin Li <lijin1988 at gmail.com>:
>
> Hi All,
>
> I use FlowDroid to analysis my apk files and then manually check the
> results it produced.
>
> It seemed when the source or sink appeared in a worker thread, FlowDroid
> would omit this source or sink. The paths reported by FlowDroid would be
> less than it supposed.
>
> I attached the apk.
>
> Can anybody shed light on the reason? or Did I use a wrong configuration?
>
> I really need your help, Thanks
>
> Best Regards,
> Jin
> <traccar-client-debug-unaligned.rar>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140826/2228d1aa/attachment-0001.html
More information about the Soot-list
mailing list