[Soot-list] Is this a bug in Soot? Same var, different types!!

Modhi Alsobiehy m99m20 at hotmail.com
Thu Aug 28 01:35:56 EDT 2014 

Hi all,


I have the following issues with the attached code which is supposed to run flowdroid and produce the CFG of the apk..


1. for most of the apps, I get an exception indicating that one of the values has two types, resulting from line: PackManager.v().runPacks();


2. app.runInfoflow(); does not run for some apps, yet running flowdroid on the app from the command line works!..


Your quick response is deeply appreciated!


Thank you,
Modhi


code snippets:

--------------------------
  String apk = "D:/APKs/xxxx.apk";
  
  SetupApplication app = new SetupApplication("D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms",apk);
  
   try {
  app.calculateSourcesSinksEntrypoints("D:/FlowDroid/SourcesAndSinks.txt");
  
  app.printSinks();
  
  ResultsAvailableHandler rah = new ResAvailable();
  InfoflowResults ir = new InfoflowResults();
  ir = app.runInfoflow(rah);
  System.out.println("FlowDroid Results:");
  System.in.read(); 
  if(ir != null)
   ir.printResults(); // here sometimes ir is null
  System.out.println("FlowDroid Results ends..");
  System.in.read();
  
    } catch (IOException e) {
  // TODO Auto-generated catch block
  e.printStackTrace();
    } catch (XmlPullParserException e) {
  // TODO Auto-generated catch block
  e.printStackTrace();
    }
 
   soot.G.reset();
 
   Options.v().set_src_prec(Options.src_prec_apk);
 
   Options.v().set_process_dir(Collections.singletonList(apk));
 
   Options.v().set_android_jars("D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms");
 
   Options.v().set_whole_program(true);
 
   Options.v().set_allow_phantom_refs(true);
 
   Options.v().set_output_format(Options.output_format_none);
 
   Options.v().setPhaseOption("cg.spark", "on");
 
   Scene.v().loadNecessaryClasses();      
 
   SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
 
   Options.v().set_main_class(entryPoint.getSignature());
 
   Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
 
   System.out.println(entryPoint.getActiveBody());
  
   PackManager.v().runPacks(); // the exception always refers to this line

------------------------------------------------------------


the exception I got:

---------------------------
   
Exception in thread "main" java.lang.RuntimeException: Value $r0 of type de.underflow.calc.CalculatorPreferenceActivity previously had type android.os.Bundle
 at soot.jimple.spark.pag.PAG.makeLocalVarNode(PAG.java:543)
 at soot.jimple.spark.builder.MethodNodeFactory.caseLocal(MethodNodeFactory.java:219)
 at soot.jimple.internal.JimpleLocal.apply(JimpleLocal.java:136)
 at soot.jimple.spark.builder.MethodNodeFactory$1.caseAssignStmt(MethodNodeFactory.java:76)
 at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:238)
 at soot.jimple.spark.builder.MethodNodeFactory.handleStmt(MethodNodeFactory.java:69)
 at soot.jimple.spark.pag.MethodPAG.buildNormal(MethodPAG.java:179)
 at soot.jimple.spark.pag.MethodPAG.build(MethodPAG.java:148)
 at soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:64)
 at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:56)
 at soot.jimple.spark.builder.ContextInsensitiveBuilder.build(ContextInsensitiveBuilder.java:77)
 at soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:84)
 at soot.SceneTransformer.transform(SceneTransformer.java:39)
 at soot.Transform.apply(Transform.java:90)
 at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
 at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
 at soot.Pack.apply(Pack.java:116)
 at soot.PackManager.runWholeProgramPacks(PackManager.java:538)
 at soot.PackManager.runPacksNormally(PackManager.java:443)
 at soot.PackManager.runPacks(PackManager.java:389)
 at apkCFG.CFG.main(CFG.java:79)
------------------------------------------

For another app: 

-----------------------
Exception in thread "main" java.lang.RuntimeException: Value $r2 of type com.google.ads.AdActivity previously had type com.google.ads.AdSize
 at soot.jimple.spark.pag.PAG.makeLocalVarNode(PAG.java:543)
 at soot.jimple.spark.builder.MethodNodeFactory.caseLocal(MethodNodeFactory.java:219)
 at soot.jimple.internal.JimpleLocal.apply(JimpleLocal.java:136)
 at soot.jimple.spark.builder.MethodNodeFactory.getNode(MethodNodeFactory.java:60)
 at soot.jimple.spark.pag.PAG.addCallTarget(PAG.java:1045)
 at soot.jimple.spark.pag.PAG.addCallTarget(PAG.java:781)
 at soot.jimple.spark.solver.OnFlyCallGraph.processCallEdges(OnFlyCallGraph.java:74)
 at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:57)
 at soot.jimple.spark.solver.PropWorklist.handleVarNode(PropWorklist.java:122)
 at soot.jimple.spark.solver.PropWorklist.propagate(PropWorklist.java:52)
 at soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:152)
 at soot.SceneTransformer.transform(SceneTransformer.java:39)
 at soot.Transform.apply(Transform.java:90)
 at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
 at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
 at soot.Pack.apply(Pack.java:116)
 at soot.PackManager.runWholeProgramPacks(PackManager.java:538)
 at soot.PackManager.runPacksNormally(PackManager.java:443)
 at soot.PackManager.runPacks(PackManager.java:389)
 at apkCFG.CFG.main(CFG.java:79)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140828/d3461c3b/attachment-0003.html

More information about the Soot-list mailing list