[Soot-list] Can FlowDroid recognize source and sink in a worker thread?
Jin Li
lijin1988 at gmail.com
Tue Aug 26 05:18:31 EDT 2014
Hi Steven,
Simplified code snippets are as follows:
public class PositionProvider{
public interface PositionListener {
public void onPositionUpdate(Location location);
}
public PositionProvider(Context context, String type, long period,
PositionListener
listener) {
handler = new Handler(context.getMainLooper());
locationManager = (LocationManager)
context.getSystemService(Context.LOCATION_SERVICE);
this.period = period;
this.listener = listener;
......
}
public void startUpdates() {
if (useFine) {
locationManager.requestLocationUpdates(LocationManager.GPS_PROVIDER,
period, 0, fineLocationListener);
}
if (useCoarse) {
locationManager.requestLocationUpdates(LocationManager.NETWORK_PROVIDER,
period, 0, coarseLocationListener);
}
List<String> list = locationManager.getProviders(true);
for(String str:list){
System.out.println(str);
}
handler.postDelayed(updateTask, period);
locationManager.addGpsStatusListener(gpsStatusListener);
}
private final Runnable updateTask = new Runnable() {
private boolean tryProvider(String provider) {
Location location =
locationManager.getLastKnownLocation(provider);
if (location != null && new Date().getTime() -
location.getTime() <= period + PERIOD_DELTA) {
listener.onPositionUpdate(location);
return true;
} else {
return false;
}
}
@Override
public void run() {
if (useFine && tryProvider(LocationManager.GPS_PROVIDER)) {
} else if (useCoarse &&
tryProvider(LocationManager.NETWORK_PROVIDER)) {
} else {
listener.onPositionUpdate(null);
}
handler.postDelayed(this, period);
}
};
}
public class TraccarService extends Service{
public IBinder onBind(Intent intent) {return null; }
public void onCreate(){}
public void onStart(){
.......
positionProvider = new PositionProvider(this, provider, interval * 1000,
positionListener);
positionProvider.startUpdates();
........
}
private PositionProvider.PositionListener positionListener = new
PositionProvider.PositionListener() {
@Override
public void onPositionUpdate(Location location) {
if (location != null) {
StatusActivity.addMessage(getString(R.string.status_location_update));
clientController.setNewLocation(Protocol.createLocationMessage(extended,
location, getBatteryLevel()));
}
}
};
}
Best Regards,
Jin
2014-08-26 15:15 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:
> Hi Jin,
>
>
>
> The analysis which callback belongs to which component is a conservative
> over-approximation: We will never miss an association, but we might have
> some spurious ones. The latter can especially happen when code registering
> callbacks is shared between multiple components. Ideas to make this more
> precise are always welcome.
>
>
>
> Where is the user-defined callback registered? If I understand you
> correctly, FlowDroid misses a callback. To look into this issue, I need the
> place in the code where the registration happens plus the information how
> this is reached (e.g. MyActivity.onStart() calls foo() which registers the
> callback using the given code).
>
>
>
> Best regards,
>
> Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im **Auftrag von *Jin Li
> *Gesendet:* Dienstag, 26. August 2014 03:45
> *An:* Stefan Gommer; soot-list at CS.McGill.CA
> *Betreff:* Re: [Soot-list] Can FlowDroid recognize source and sink in a
> worker thread?
>
>
>
> Hi Stefan & All,
>
> Thanks for your reply.
>
> After read your email, I checked the dummyMainMethod. I found some points
> that I can't understand.
>
> 1, In the FlowDroid paper, it says FlowDroid would associate
> components(activities, services, etc.) with the callbacks they register.
>
> However, In my example, I found callbacks of a service appeared
> between the onResume() and onPause events of a activity.
>
> 2, It seemed that user defined callback didn't be recongnized. But, I
> think it should have runtime type infomation of the user defined class.
>
> Can you give me some explanations?
>
>
>
> dummyMainMethod code snippets:
>
> public static void dummyMainMethod()
> {
> int $i0, $i1;
> org.traccar.client.TraccarActivity $r0;
> android.os.Bundle $r1, $r6, $r13, $r15, $r23, $r34;
> org.traccar.client.PositionProvider $r2, $r3, $r7, $r19, $r20,
> $r24, $r30, $r31, $r35;
> org.traccar.client.PositionProvider$1 $r4, $r21, $r32;
> org.traccar.client.PositionProvider$InternalLocationListener $r5,
> $r22, $r33;
> org.traccar.client.PositionProvider$2 $r8, $r25, $r36;
> org.traccar.client.TraccarService $r9, $r16;
> org.traccar.client.TraccarService$2 $r10, $r26, $r37;
> boolean $z0, $z1, $z2, $z3;
> org.traccar.client.TraccarActivity$1 $r11, $r27, $r38;
> org.traccar.client.AboutActivity $r12;
> org.traccar.client.StatusActivity $r14;
> android.content.Intent $r17, $r18, $r28, $r40;
> android.os.IBinder $r29;
> org.traccar.client.AutostartReceiver $r39;
>
> $i0 = 0;
>
> label01:
> if $i0 == 0 goto label04;
>
> $r0 = new org.traccar.client.TraccarActivity;
> specialinvoke $r0.<org.traccar.client.TraccarActivity: void
> <init>()>();
> if $i0 == 1 goto label04;
>
> $r1 = new android.os.Bundle;
> specialinvoke $r1.<android.os.Bundle: void <init>()>();
> virtualinvoke $r0.<org.traccar.client.TraccarActivity: void
> onCreate(android.os.Bundle)>($r1);
> $r1 = null;
>
> label02:
> virtualinvoke $r0.<org.traccar.client.TraccarActivity: void
> onResume()>();
>
> label03:
> $r2 = new org.traccar.client.PositionProvider;
> specialinvoke $r2.<org.traccar.client.PositionProvider: void
> <init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r0,
> "", 0L, null);
> $r3 = null;
> $r4 = new org.traccar.client.PositionProvider$1;
> specialinvoke $r4.<org.traccar.client.PositionProvider$1: void
> <init>(org.traccar.client.PositionProvider)>($r3);
> $r5 = new
> org.traccar.client.PositionProvider$InternalLocationListener;
> specialinvoke
> $r5.<org.traccar.client.PositionProvider$InternalLocationListener: void
> <init>(org.traccar.client.PositionProvider,org.traccar.client.PositionProvider$1)>($r2,
> $r4);
> $r6 = new android.os.Bundle;
> specialinvoke $r6.<android.os.Bundle: void <init>()>();
> virtualinvoke
> $r5.<org.traccar.client.PositionProvider$InternalLocationListener: void
> onStatusChanged(java.lang.String,int,android.os.Bundle)>("", 0, $r6);
> $r6 = null;
> $r7 = new org.traccar.client.PositionProvider;
> specialinvoke $r7.<org.traccar.client.PositionProvider: void
> <init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r0,
> "", 0L, null);
> $r8 = new org.traccar.client.PositionProvider$2;
> specialinvoke $r8.<org.traccar.client.PositionProvider$2: void
> <init>(org.traccar.client.PositionProvider)>($r7);
> virtualinvoke $r8.<org.traccar.client.PositionProvider$2: void
> onGpsStatusChanged(int)>(0);
> $r9 = new org.traccar.client.TraccarService;
> specialinvoke $r9.<org.traccar.client.TraccarService: void
> <init>()>();
> $r10 = new org.traccar.client.TraccarService$2;
> specialinvoke $r10.<org.traccar.client.TraccarService$2: void
> <init>(org.traccar.client.TraccarService)>($r9);
> virtualinvoke $r10.<org.traccar.client.TraccarService$2: void
> onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
> "");
> $z0 = virtualinvoke $r0.<org.traccar.client.TraccarActivity:
> boolean onCreateOptionsMenu(android.view.Menu)>(null);
> $z1 = virtualinvoke $r0.<org.traccar.client.TraccarActivity:
> boolean onOptionsItemSelected(android.view.MenuItem)>(null);
> $r11 = new org.traccar.client.TraccarActivity$1;
> specialinvoke $r11.<org.traccar.client.TraccarActivity$1: void
> <init>(org.traccar.client.TraccarActivity)>($r0);
> virtualinvoke $r11.<org.traccar.client.TraccarActivity$1: void
> onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
> "");
> if $i0 == 8 goto label03;
>
> if $i0 == 9 goto label03;
>
> virtualinvoke $r0.<org.traccar.client.TraccarActivity: void
> onPause()>();
> if $i0 == 10 goto label02;
>
> if $i0 == 11 goto label04;
>
> if $i0 == 12 goto label02;
>
> label04:
> if $i0 == 14 goto label06;
>
> $r12 = new org.traccar.client.AboutActivity;
> specialinvoke $r12.<org.traccar.client.AboutActivity: void
> <init>()>();
> if $i0 == 15 goto label06;
>
> $r13 = new android.os.Bundle;
> specialinvoke $r13.<android.os.Bundle: void <init>()>();
> virtualinvoke $r12.<org.traccar.client.AboutActivity: void
> onCreate(android.os.Bundle)>($r13);
> $r13 = null;
>
> label05:
> if $i0 == 18 goto label06;
>
> if $i0 == 19 goto label05;
>
> label06:
> if $i0 == 21 goto label09;
>
> $r14 = new org.traccar.client.StatusActivity;
> specialinvoke $r14.<org.traccar.client.StatusActivity: void
> <init>()>();
> if $i0 == 22 goto label09;
>
> $r15 = new android.os.Bundle;
> specialinvoke $r15.<android.os.Bundle: void <init>()>();
> virtualinvoke $r14.<org.traccar.client.StatusActivity: void
> onCreate(android.os.Bundle)>($r15);
> $r15 = null;
>
> label07:
> staticinvoke <org.traccar.client.StatusActivity: void
> <clinit>()>();
> $z2 = virtualinvoke $r14.<org.traccar.client.StatusActivity:
> boolean onOptionsItemSelected(android.view.MenuItem)>(null);
> $z3 = virtualinvoke $r14.<org.traccar.client.StatusActivity:
> boolean onCreateOptionsMenu(android.view.Menu)>(null);
> if $i0 == 26 goto label07;
>
> if $i0 == 27 goto label07;
>
> if $i0 == 28 goto label07;
>
> if $i0 == 29 goto label08;
>
> if $i0 == 30 goto label07;
>
> label08:
> virtualinvoke $r14.<org.traccar.client.StatusActivity: void
> onDestroy()>();
>
> label09:
> if $i0 == 32 goto label13;
>
> $r16 = new org.traccar.client.TraccarService;
> specialinvoke $r16.<org.traccar.client.TraccarService: void
> <init>()>();
> virtualinvoke $r16.<org.traccar.client.TraccarService: void
> onCreate()>();
> $r17 = new android.content.Intent;
> specialinvoke $r17.<android.content.Intent: void <init>()>();
> virtualinvoke $r16.<org.traccar.client.TraccarService: void
> onStart(android.content.Intent,int)>($r17, 0);
> $r17 = null;
> $r18 = new android.content.Intent;
> specialinvoke $r18.<android.content.Intent: void <init>()>();
> $i1 = virtualinvoke $r16.<org.traccar.client.TraccarService: int
> onStartCommand(android.content.Intent,int,int)>($r18, 0, 0);
> $r18 = null;
>
> label10:
> $r19 = new org.traccar.client.PositionProvider;
> specialinvoke $r19.<org.traccar.client.PositionProvider: void
> <init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
> "", 0L, null);
> $r20 = null;
> $r21 = new org.traccar.client.PositionProvider$1;
> specialinvoke $r21.<org.traccar.client.PositionProvider$1: void
> <init>(org.traccar.client.PositionProvider)>($r20);
> $r22 = new
> org.traccar.client.PositionProvider$InternalLocationListener;
> specialinvoke
> $r22.<org.traccar.client.PositionProvider$InternalLocationListener: void
> <init>(org.traccar.client.PositionProvider,org.traccar.client.PositionProvider$1)>($r19,
> $r21);
> $r23 = new android.os.Bundle;
> specialinvoke $r23.<android.os.Bundle: void <init>()>();
> virtualinvoke
> $r22.<org.traccar.client.PositionProvider$InternalLocationListener: void
> onStatusChanged(java.lang.String,int,android.os.Bundle)>("", 0, $r23);
> $r23 = null;
> $r24 = new org.traccar.client.PositionProvider;
> specialinvoke $r24.<org.traccar.client.PositionProvider: void
> <init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
> "", 0L, null);
> $r25 = new org.traccar.client.PositionProvider$2;
> specialinvoke $r25.<org.traccar.client.PositionProvider$2: void
> <init>(org.traccar.client.PositionProvider)>($r24);
> virtualinvoke $r25.<org.traccar.client.PositionProvider$2: void
> onGpsStatusChanged(int)>(0);
> $r26 = new org.traccar.client.TraccarService$2;
> specialinvoke $r26.<org.traccar.client.TraccarService$2: void
> <init>(org.traccar.client.TraccarService)>($r16);
> virtualinvoke $r26.<org.traccar.client.TraccarService$2: void
> onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
> "");
> $r27 = new org.traccar.client.TraccarActivity$1;
> specialinvoke $r27.<org.traccar.client.TraccarActivity$1: void
> <init>(org.traccar.client.TraccarActivity)>($r0);
> virtualinvoke $r27.<org.traccar.client.TraccarActivity$1: void
> onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
> "");
> if $i0 == 37 goto label10;
>
> $r28 = new android.content.Intent;
> specialinvoke $r28.<android.content.Intent: void <init>()>();
> $r29 = virtualinvoke $r16.<org.traccar.client.TraccarService:
> android.os.IBinder onBind(android.content.Intent)>($r28);
> $r28 = null;
>
> label11:
> $r30 = new org.traccar.client.PositionProvider;
> specialinvoke $r30.<org.traccar.client.PositionProvider: void
> <init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
> "", 0L, null);
> $r31 = null;
> $r32 = new org.traccar.client.PositionProvider$1;
> specialinvoke $r32.<org.traccar.client.PositionProvider$1: void
> <init>(org.traccar.client.PositionProvider)>($r31);
> $r33 = new
> org.traccar.client.PositionProvider$InternalLocationListener;
> specialinvoke
> $r33.<org.traccar.client.PositionProvider$InternalLocationListener: void
> <init>(org.traccar.client.PositionProvider,org.traccar.client.PositionProvider$1)>($r30,
> $r32);
> $r34 = new android.os.Bundle;
> specialinvoke $r34.<android.os.Bundle: void <init>()>();
> virtualinvoke
> $r33.<org.traccar.client.PositionProvider$InternalLocationListener: void
> onStatusChanged(java.lang.String,int,android.os.Bundle)>("", 0, $r34);
> $r34 = null;
> $r35 = new org.traccar.client.PositionProvider;
> specialinvoke $r35.<org.traccar.client.PositionProvider: void
> <init>(android.content.Context,java.lang.String,long,org.traccar.client.PositionProvider$PositionListener)>($r16,
> "", 0L, null);
> $r36 = new org.traccar.client.PositionProvider$2;
> specialinvoke $r36.<org.traccar.client.PositionProvider$2: void
> <init>(org.traccar.client.PositionProvider)>($r35);
> virtualinvoke $r36.<org.traccar.client.PositionProvider$2: void
> onGpsStatusChanged(int)>(0);
> $r37 = new org.traccar.client.TraccarService$2;
> specialinvoke $r37.<org.traccar.client.TraccarService$2: void
> <init>(org.traccar.client.TraccarService)>($r16);
> virtualinvoke $r37.<org.traccar.client.TraccarService$2: void
> onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
> "");
> $r38 = new org.traccar.client.TraccarActivity$1;
> specialinvoke $r38.<org.traccar.client.TraccarActivity$1: void
> <init>(org.traccar.client.TraccarActivity)>($r0);
> virtualinvoke $r38.<org.traccar.client.TraccarActivity$1: void
> onSharedPreferenceChanged(android.content.SharedPreferences,java.lang.String)>(null,
> "");
> if $i0 == 42 goto label11;
>
> if $i0 == 43 goto label12;
>
> if $i0 == 44 goto label11;
>
> label12:
> virtualinvoke $r16.<org.traccar.client.TraccarService: void
> onDestroy()>();
>
> label13:
> if $i0 == 45 goto label15;
>
> $r39 = new org.traccar.client.AutostartReceiver;
> specialinvoke $r39.<org.traccar.client.AutostartReceiver: void
> <init>()>();
> if $i0 == 46 goto label15;
>
> $r40 = new android.content.Intent;
> specialinvoke $r40.<android.content.Intent: void <init>()>();
>
> label14:
> virtualinvoke $r39.<org.traccar.client.AutostartReceiver: void
> onReceive(android.content.Context,android.content.Intent)>(null, $r40);
> $r40 = null;
> if $i0 == 47 goto label14;
>
> label15:
> if $i0 == 48 goto label01;
>
> return;
> }
>
>
>
> Best Regards,
>
> Jin
>
>
>
>
>
> 2014-08-25 22:02 GMT+08:00 Stefan Gommer <gommeriphone at googlemail.com>:
>
> Hi Jin,
>
>
>
> this is an answer I got from Steven on a similar topic a short time ago.
> Maybe this is also the answer to your question.
>
>
>
> Cheers,
>
> Stefan
>
>
>
> Message from Steven:
>
> Callgraph edges are never transitive, so there is only an edge from the
> direct caller to the direct callee. Additionally, note that the SPARK
> callgraph algorithm only finds an edge for a virtual method call if it has
> only seen a constructor call for the respective base object. Take the
> following code:
>
>
>
> A a = new A();
>
> a.foo();
>
>
>
> There will be an edge to foo(). On the other hand, take this code:
>
>
>
> A a = Factory.getA();
>
> a.foo();
>
>
>
> Assume that “Factory” is an Android framework class. In this case, the
> constructor call for the A class is buried somewhere in the framework and
> not visible to SPARK. Consequently, SPARK has no runtime type information
> for variable “a” and will not produce a call graph edge for foo(). This is
> a known problem. Adaptive callgraph algorithms that dynamically scale
> between precision and approximations for unavailable information are an
> open research problems and, in fact, we are currently looking for a Master
> student to work on this topic as a thesis. In FlowDroid, we simply use the
> direct target of the call (and ignore the call graph) for library calls
> handled through a taint wrapper (see the paper for more information on
> taint wrappers).
>
>
>
>
>
>
>
> Am 25.08.2014 um 14:45 schrieb Jin Li <lijin1988 at gmail.com>:
>
>
>
> Hi All,
>
> I use FlowDroid to analysis my apk files and then manually check the
> results it produced.
>
> It seemed when the source or sink appeared in a worker thread, FlowDroid
> would omit this source or sink. The paths reported by FlowDroid would be
> less than it supposed.
>
> I attached the apk.
>
> Can anybody shed light on the reason? or Did I use a wrong configuration?
>
> I really need your help, Thanks
>
>
>
> Best Regards,
>
> Jin
>
>
> <traccar-client-debug-unaligned.rar>_______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140826/5c9e06cd/attachment-0001.html
More information about the Soot-list
mailing list