[Soot-list] loosing reflection precision with spark

Steven Arzt Steven.Arzt at cased.de
Sat Dec 6 09:57:13 EST 2014 

Hi all,

Tamiflex is a good suggestion. In general, the problem due to the design of
SPARK. If you do not enable SPARK, Soot runs with CHA which just takes the
class hierarchy for finding callgraph edges. If you have a call to
"wired.doSomething()", it will assume all subclasses of "wired" that
implement the "doSomething()" method as possible targets. SPARK on the other
hand propagates allocation nodes, so it must see an allocation node for
"wired" at some point, or else it will not report any outgoing edges for
"wird.doSomething()". If the precision of CHA is sufficient for you, you
might want to stay with that. Otherwise, look at approaches like Tamiflex.

Best regards,
  Steven

-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Bodden, Eric
Gesendet: Samstag, 6. Dezember 2014 13:43
An: Ivan Postolski
Cc: Soot list
Betreff: Re: [Soot-list] loosing reflection precision with spark

Hi Ivan.

Did you try out TamiFlex? https://code.google.com/p/tamiflex/

Cheers,
Eric


> On 05.12.2014, at 20:41, Ivan Postolski <ivan.postolski at gmail.com> wrote:
> 
> Hi guys,
> 
> Is there a way to enable or increase the reflection support when creating
a call graph using spark?
> 
> Let me show you an example. I want to analyze a code like the following:
> 
> public class FieldInjectionMain {
> 
>     private WiredInterface wired;
> 
>     public static void main(String[] args) throws NoSuchFieldException,
IllegalAccessException {
>         FieldInjectionMain main = new FieldInjectionMain();
>         Field wiredField = main.getClass().getDeclaredField("wired");
>         wiredField.setAccessible(true);
>         wiredField.set(main,new WiredImpl());
>         assert main.doSomething() == 2014;
>     }
> 
>     public int doSomething() {
>         return wired.doSomething();
>     }
> }
> 
> So a call graph aware of reflection will know that the following is a
feasible path
> 
> FieldInjectionMain.main(..) -> FieldInjectionMain.doSomething() ->
WiredImpl.doSomething()
> 
> And in fact using default call graph, the path is there. But when I enable
spark is not longer there.
> 
> Cheers
> 
> Ivan.-
> 
> 
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

More information about the Soot-list mailing list