[Soot-list] Requiring main method for doing inter-procedural analysis Heros/Soot

Guru Devanla gdevan2 at uic.edu
Wed Jan 15 13:48:29 EST 2014 

Hi,

My primary need is to do inter-procedural analysis and capture data flow
between pair-wise methods in different classes. I have not gotten to trying
this yet, but I believe I will have to initialize the DefaultSeeds object
used by Hero's to help it do analysis for all pair-wise methods. It's
possible I might hit some hurdles doing this and thats something I might
have to work on in the coming weeks!

So, since you mentioned I might have have to take the same approach as
Flowdroid, where I do a pass of all the public methods and then seed that
into the DefaultSeeds object. But, is there any need for entry points to he
static? I am not able to see any reason at least for my purpose.

As always thanks for your informative emails!

Thanks


On Wed, Jan 15, 2014 at 10:44 AM, Guru Devanla <gurudev.devanla at gmail.com>wrote:

> Hi,
>
> My primary need is to do inter-procedural analysis and capture data flow
> between pair-wise methods in different classes. I have not gotten to trying
> this yet, but I believe I will have to initialize the DefaultSeeds object
> used by Hero's to help it do analysis for all pair-wise methods. It's
> possible I might hit some hurdles doing this and thats something I might
> have to work on in the coming weeks!
>
> So, since you mentioned I might have have to take the same approach as
> Flowdroid, where I do a pass of all the public methods and then seed that
> into the DefaultSeeds object. But, is there any need for entry points to he
> static? I am not able to see any reason at least for my purpose.
>
> As always thanks for your informative emails!
>
> Thanks
> Guru
>
>
>
> On Wed, Jan 15, 2014 at 7:12 AM, Marc-André Laverdière <
> marc-andre.laverdiere-papineau at polymtl.ca> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello,
>>
>> Another factor that bears repeating is that you need static entry
>> points to get things rolling.
>>
>> What kind of stuff do you want to analyze?
>>
>> Flowdroid has an entry point generator that works for Android, but
>> requires an a-priori list of things you want to call, and so needs two
>> passes.
>>
>> Bernhard and I have developed an entry point generator that works for
>> JEE and will eventually be published :)
>>
>> Marc-André Laverdière-Papineau
>> Doctorant - PhD Candidate
>>
>> On 01/13/2014 01:52 AM, Bodden, Eric wrote:
>> > Hello.
>> >
>> > Yes, this is possible as documented here:
>> > http://www.bodden.de/2012/07/26/soot-custom-entry-points/
>> >
>> > The API is not great but it works ;-)
>> >
>> > @Mustafa: We should add this documentation to the wiki.
>> >
>> > Best wishes, Eric
>> >
>> >
>> >
>> >
>> > On 11.01.2014, at 20:41, Guru Devanla <gdevan2 at uic.edu> wrote:
>> >
>> >> Hello  Sooters,
>> >>
>> >> While doing inter-procedural analysis I see that the Heros/Soot
>> >> api always needs an 'main' function. While I do understand this
>> >> helps build the graph for the ensuing analysis, isn't there a way
>> >> to start from different points if a 'main' method is not
>> >> available.  I am wondering if this is somehow intractable and if
>> >> any solutions exist.
>> >>
>> >> Any pointers to this would be great, since when I try to analyze
>> >> very many libraries I end up with an error.
>> >>
>> >> Also, if there are any suggestion I would love to extend this
>> >> functionality into Soot/Heros as it would immensely benefit me
>> >> and hopeful a lot others right away.
>> >>
>> >> Thanks _______________________________________________ Soot-list
>> >> mailing list Soot-list at sable.mcgill.ca
>> >> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >
>> > -- Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/
>> > http://bodden.de/ Head of Secure Software Engineering  at
>> > Fraunhofer SIT, TU Darmstadt and EC SPRIDE Tel: +49 6151 16-75422
>> > Fax: +49 6151 16-72051 Room 3.2.14, Mornewegstr. 30, 64293
>> > Darmstadt
>> >
>> >
>> >
>> > _______________________________________________ Soot-list mailing
>> > list Soot-list at sable.mcgill.ca
>> > http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQEcBAEBAgAGBQJS1qUxAAoJEGELVLHCizSf5wwH+wUgF+wRcUrBXQ0VQLRdEY1j
>> GKuldV36pmGYgImrz41QM6AHNMnjOy0yYoUtqWbF1DRJ3vvatqdoeKjUay+fP37i
>> rQ9x+6baVH5oadqnFwivjkoQ7lgz66TZ9rp8aFcTPkPoIRQEaIdFJdvZAeOCcR6K
>> o+oUAwJ7n+UZMCcoXKy/JtTEiKMZfkzQgsNiZn0RWeGAgx5Nr0J1R92Es/E1Z30K
>> NGGSjyn4gcYhNwG6mWoyemOUSD+J8uNADPH56XAFJYtQVZzw5/TIK63hEME2yIJw
>> +v9+cJsJCRrwimeYcrMFtu70sjqDHSRbhZsQW/tPBzsGvyfgaUl4GsTXGtKOQT4=
>> =dqas
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at sable.mcgill.ca
>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20140115/a4400200/attachment-0001.html

More information about the Soot-list mailing list