[Soot-list] About Terms of Data-Flow Analysis
Marc-Andre Laverdiere-Papineau
marc-andre.laverdiere-papineau at polymtl.ca
Fri Feb 28 10:17:54 EST 2014
Hi Steven,
The traditional framework is for intraprocedural analyses. If you want
to do interprocedural, please use Heros or Flowdroid.
Back to your question, I first admit that this is a bit outside my
sphere. But here it goes: side-effects analysis is really another word
for purity analysis. Have a look:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.73.5717&rep=rep1&type=pdf
Essentially, a method is pure if and only if it doesn't change any
fields and only calls pure methods.
Soot already has support for those analyses. From what I can tell, you'd
have to check the annotations.
http://www.sable.mcgill.ca/soot/tutorial/sideeffect/
You probably would need to add a transformer to read them after they are
computed.
In case you want to roll your own for didactical reasons, I think that
you probably don't need to use a data flow analysis. You could just
check for field assignments and method calls. Ideally, you should
traverse your call graph from the leaves back to the roots.
Regards,
--
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 2014-02-24 02:12, Steven Lee wrote:
> Hello everyone, I am writing a paper about Android Security. Then it
> comes to a problem like this:
>
> class A(){
>
> private static int a;
>
> public static void someMethod();
>
> ......
>
> }
>
> I use this example to show that if A.someMethod() is called somewhere,
> then the value of A.a may be changed, or when the method and field are
> not static, or there are some hierarchy problems involved in. I am going
> to detect this potential issue through static analysis like data-flow
> analysis with Soot.
>
> Now my question is: how do I describe this in the terms of data-flow
> analysis or class hierarchy analysis in Soot? I am using "side-effect"
> and considering it an unprofessional expression. Is there a better and
> more formal one?
>
> Moreover, the data-flow tutorial of Soot is confusing to me. I’m
> following Soot Survivors’ Guide, the part of using Soot as a standalone
> tool is easy to understand, however how do I use it as a data-flow
> frame? Should I include it in my analysis program and call some methods
> in it, or is there a more detailed example?
>
> Thanks for your help!
>
> Steven Lee
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list