[Soot-list] relevance analysis

Marc-André Laverdière marc-andre.laverdiere-papineau at polymtl.ca
Sun May 4 23:43:29 EDT 2014 

Hi Mohammad,

That is where domain knowledge gets useful. Of course, doing the simple
analysis I talked about will only tell you that ArrayList.put updates
some field.

Another option for you is to get the call graph and see all the callers
of methods that deal with fields for instance.

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 05/04/2014 06:01 PM, Mohammad Ghafari wrote:
> 
> Yes, but in the given example in my first post, there is _no assignment_
> in general form, i.e., there is not any assignment operator but there
> are method calls in which those assignments should happen finally (lets
> say the implementation of an ArrayList in the given example). So, does
> Soot manage this automatically? I mean, when I do linear parsing of
> Method1, does it show
> _col.put("item")_ as an assignment statement?
> 
> 
> On Sun, May 4, 2014 at 11:49 PM, Marc-André Laverdière
> <marc-andre.laverdiere-papineau at polymtl.ca
> <mailto:marc-andre.laverdiere-papineau at polymtl.ca>> wrote:
> 
>     Hi Mohammad,
> 
>     Knowing read/write is trivial. Just look at the AssignStmt left and
>     right ops. If the FieldRef is on the left, that's a write, if it is in
>     the right, that's a read.
> 
>     The only trick you need to be careful with is that Jimple requires local
>     variables to store field references, so an operation that is
>     obj.field1 = obj.field2 is two operations in Jimple:
> 
>     tmp = obj.field2
>     obj.field1 = tmp
> 
>     As for flowdroid, you can have a look in the code on stuff related to
>     taint wrappers,
>     https://github.com/secure-software-engineering/soot-infoflow
> 
>     Marc-André Laverdière-Papineau
>     Doctorant - PhD Candidate
> 
>     On 05/04/2014 05:42 PM, Mohammad Ghafari wrote:
>     >
>     > Hi Marc-André,
>     >
>     > Yes, the bytecode is available at the end. Given that example, I
>     wanted
>     > to ask whether I should dive into the implementation of an
>     ArrayList to
>     > know if there is a read or write (please note that knowing
>     filed-access
>     > is not enough to me and should know whether it is a read or write)?
>     > For example, if I do a linear pass over jimple representation of
>     Method1
>     > will that show there is a _write_ operation to col field?
>     >
>     > p.s., Where can I find more info about "domain knowledge" in
>     flowdroid?
>     >
>     >
>     >
>     >
>     > On Sun, May 4, 2014 at 10:52 PM, Marc-André Laverdière
>     > <marc-andre.laverdiere-papineau at polymtl.ca
>     <mailto:marc-andre.laverdiere-papineau at polymtl.ca>
>     > <mailto:marc-andre.laverdiere-papineau at polymtl.ca
>     <mailto:marc-andre.laverdiere-papineau at polymtl.ca>>> wrote:
>     >
>     >     Hi Mohammad,
>     >
>     >     I am not sure I understand your question.
>     >     We totally have the source code for those methods. Its called
>     OpenJDK.
>     >     But even if we didn't, Soot can read bytecode pretty decently
>     and allow
>     >     you to do whatever you want.
>     >
>     >     But you may still take a short-cut by using 'domain
>     knowledge', as we
>     >     have been doing in flowdroid. You can have a look a the taint
>     >     wrappers :)
>     >
>     >     As a general thing, in order to do what you want, you just
>     need to do a
>     >     linear pass over your program to record field access. Or you
>     can query
>     >     Spark, but you're not necessarily required to get a call graph
>     to do
>     >     this.
>     >
>     >     Marc-André Laverdière-Papineau
>     >     Doctorant - PhD Candidate
>     >
>     >     On 05/04/2014 07:15 AM, Mohammad Ghafari wrote:
>     >     >
>     >     > Hello everybody,
>     >     >
>     >     > I want to find if two methods are related, i.e., they read
>     >     from/write to
>     >     > the same field. For example:
>     >     >
>     >     >  List<String> col = new ArrayList<String>();
>     >     >
>     >     >  Method1(){
>     >     >   col.put("item");
>     >     >  }
>     >     >
>     >     >  Method2(){
>     >     >   col.get();
>     >     >  }
>     >     >
>     >     > Intuitively, these two methods are related because the first
>     method
>     >     > write to a list from which the second method reads. However,
>     as we
>     >     don't
>     >     > have the source code of java libraries like List, how can I use
>     >     Soot to
>     >     > know that col.put() writes to col while col.get() reads from
>     this
>     >     list?
>     >     >
>     >     > Thnaks
>     >     >
>     >     >
>     >     >
>     >     > _______________________________________________
>     >     > Soot-list mailing list
>     >     > Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
>     <mailto:Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>>
>     >     > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>     >     >
>     >     _______________________________________________
>     >     Soot-list mailing list
>     >     Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
>     <mailto:Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>>
>     >     https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>     >
>     >
>     >
>     >
>     > --
>     > Mohammad Ghafari
>     >
>     > DeepSE group @ DEIB - Politecnico di Milano
>     > http://home.deib.polimi.it/ghafari
>     _______________________________________________
>     Soot-list mailing list
>     Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
>     https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> 
> 
> 
> 
> -- 
> Mohammad Ghafari
> 
> DeepSE group @ DEIB - Politecnico di Milano
> http://home.deib.polimi.it/ghafari

More information about the Soot-list mailing list