[Soot-list] Using soot and heros : Inter procedural Flow Analysis

Steven Arzt Steven.Arzt at cased.de
Thu Feb 27 12:40:52 EST 2014 

Hi Utsav,

 

There are two aspects to data flow analysis with Soot and Heros. One is the
analysis developer who implements a new analysis. From what I have
understood from your e-mail, this is not what you are trying to achieve.
Instead, you are trying to run a reaching definitions analysis out of the
box, right? In this case, you don’t have to deal with the different types of
flow functions, but can just instantiate the correct InfoflowProblem and
pass it on to Heros:

 

                           IFDSTabulationProblem<Unit, Pair<Value,
Set<DefinitionStmt>>, SootMethod,

                                               InterproceduralCFG<Unit,
SootMethod>> problem =

                                  new IFDSReachingDefinitions(icfg);

                           IFDSSolver<Unit,Pair<Value,
Set<DefinitionStmt>>,SootMethod,

 
InterproceduralCFG<Unit,SootMethod>> solver =

                                  new IFDSSolver<Unit,Pair<Value,
Set<DefinitionStmt>>,SootMethod,

 
InterproceduralCFG<Unit,SootMethod>>(problem); 

                           solver.solve();

 

After that, you can use solver.ifdsResultsAt() to obtain your analysis
results.

 

If you are on the other hand interested in designing your own analysis, you
need to provide a new implementation of IFDSTabulationProblem. There, you
can use the existing analysis classes such as IFDSReachingDefinitions as an
example.

 

Best regards,

  Steven

 

 

M.Sc. M.Sc. Steven Arzt

Secure Software Engineering Group (SSE)

European Center for Security and Privacy by Design (EC SPRIDE) 

Mornewegstraße 32

D-64293 Darmstadt

Phone: +49 61 51 16-75426

Fax: +49 61 51 16-72118

eMail:  <mailto:steven.arzt at ec-spride.de> steven.arzt at ec-spride.de

Web:  <http://sse.ec-spride.de/> http://sse.ec-spride.de

 

 

 

 

Von: soot-list-bounces at sable.mcgill.ca
[mailto:soot-list-bounces at sable.mcgill.ca] Im Auftrag von Utsav Chokshi
Gesendet: Donnerstag, 27. Februar 2014 08:14
An: soot-list at sable.mcgill.ca
Betreff: [Soot-list] Using soot and heros : Inter procedural Flow Analysis

 

Hello Soot-Community,

I am currently using 'heros and soot' combination for interprocedural data
flow analysis.
For that,  I am going through 'Reaching Definition' example provided under
'soot.jimple.toolkits.ide'
In that I am unable to manipulate 'FlowFunction' reference returned by
flowFunctions.NormalFlowFunction

Below is code, I am using for getting NormalFlowFunction between Unit and
Successor Unit of single method. [ also I have written my difficulties in
comments.]

See the code, if you find my approach for getting reaching definition wrong
then tell me.
If any one have good document over this thing, then do provide me. [ I
already read paper published by Erric Bodden on this.]
I am aiming to use IFDS framework for performing Intraprocedural Analysis
(normal flow function is for that ,right?) as well as Interprocedural Flow
analysis (other threee flow functions).

[Note : I am using nightly build version [ 24th Feb, 2014] of soot]

And lastly, is there any other way of doing inter procedural data flow
analysis (using soot).

Thanks in advance for reading this much.

Code written under SceneTransformer :

SootMethod mainMethod=mainClass.getMethod(

"void main(java.lang.String[])");

JimpleBasedInterproceduralCFG icfg=
new JimpleBasedInterproceduralCFG();

IFDSReachingDefinitions reachingDefs=
new IFDSReachingDefinitions(icfg);

reachingDefs.computeValues();

Set<SootMethod> calledMethodSet=
new HashSet<SootMethod>();

calledMethodSet.add(mainMethod);

for(Unit unit, icfg.getCallsFromWithin(mainMethod)){

InvokeExpr expr=((Stmt)unit).getInvokeExpr();

 if(!expr.getMethod().isJavaLibraryMethod()){

calledMethodSet.add(expr.getMethod());
}

}

UnitGraph unitGraph;

FlowFunction<Pair<Value, Set<DefinitionStmt>>> flowFunction;

for

(SootMethod sootMethod : calledMethodSet){

System.out.println("Currently in : " + sootMethod.toString());

jimpleBody=(JimpleBody) sootMethod.getActiveBody();

unitGraph=

new BriefUnitGraph(jimpleBody);

for(Unit unit : jimpleBody.getUnits()){

System.out.println(" Current unit : " + unit.toString());

if((Stmt)unit instanceof DefinitionStmt){

for(Unit succUnit : unitGraph.getSuccsOf(unit)){

 flowFunction = reachingDefs.flowFunctions().getNormalFlowFunction(unit,
succUnit); 
 // Now what to do with this refrence 'flowFunction'
 // Only method it provides is 'computevalues()' which requires source as
argument

 // So what should be that argument ?
 // I have tried providing an arg : left operand of definition stmt and
definition set, but it is returning empty set
 // And What is puropse of having 'succ unit' as second argument in
'NormalFlowFunction' ?

   }

}

}

}

- Utsav Chokshi
[ Intern ,TCS Innovation Labs , Pune, India]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20140227/ddaa6709/attachment-0001.html

More information about the Soot-list mailing list