[Soot-list] Soot Body.getUnits() does not get ALL units

Xinxin Jin xinxinjin89 at gmail.com
Wed Apr 8 13:37:29 EDT 2015 

Thanks for the suggestion, Dacong. So I rephrase it here :

** Test input:*
Android app: my_test.apk

** Here's the command I executed (the soot configuration is the same with
flowDroid):*
java -cp $JAVA_CLASSPATH path_to_my_test_class


** I expect the results of getUnits() to be:*
r0 := @this: edu.ucsd.mytest.BasicActivity;
$r1 := @parameter0: android.os.Bundle;
specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void
onCreate(android.os.Bundle)>($r1);
$r2 = new com.turbomanage.httpclient.BasicHttpClient;
​
specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void
<init>()>();
virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
com.turbomanage.httpclient.HttpResponse
get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("
http://www.google.com", null);
return;

** But the results of getUnits() is (lack the statement marked in red): *
r0 := @this: edu.ucsd.mytest.BasicActivity;
$r1 := @parameter0: android.os.Bundle;
specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void
onCreate(android.os.Bundle)>($r1);
specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void
<init>()>();
virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
com.turbomanage.httpclient.HttpResponse
get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("
http://www.google.com", null);
return;


On Wed, Apr 8, 2015 at 10:26 AM, Dacong Yan <tonywinslow1986 at gmail.com>
wrote:

> To help better diagnose the problem, could you rephrase the bug
> reproduction description into something like:
>   * Here's the input (maybe an apk file?)
>   * Here's the command I executed: java soot.Main -my -flags ...
>   * I expect the results of getUnits() to be "...", but it actually is
> "..."
>
> With concrete input, output and command, everybody can look at the
> same thing and discuss.
>
> On Wed, Apr 8, 2015 at 10:10 AM, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> > Thank you for the explanation !  But the problem still remains ... To
> make
> > it concrete, I put the whole analysis of the problematic method in the
> > following:
> >
> > (a). Source code :
> >  protected void onCreate(Bundle savedInstanceState) {
> >         super.onCreate(savedInstanceState);
> >        BasicHttpClient basicClient = new BasicHttpClient();
> >         HttpResponse response = basicClient.get("http://www.google.com",
> > null);
> > }
> >
> > (b). Jimple of method onCreate() :
> >  protected void onCreate(android.os.Bundle)
> >     {
> >         edu.ucsd.mytest.BasicActivity $r0;
> >         android.os.Bundle $r1;
> >         com.turbomanage.httpclient.BasicHttpClient $r2;
> >         $r0 := @this: edu.ucsd.mytest.BasicActivity;
> >         $r1 := @parameter0: android.os.Bundle;
> >
> >         specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void
> > onCreate(android.os.Bundle)>($r1);
> >         $r2 = new com.turbomanage.httpclient.BasicHttpClient;
> > // Do not appear in getUnits()
> >         specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
> void
> > <init>()>();
> >         virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
> > com.turbomanage.httpclient.HttpResponse
> > get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("
> http://www.google.com",
> > null);
> >         return;
> >     }
> >
> > (c). Output of m.retrieveActiveBody().getUnits():
> > $r0 := @this: edu.ucsd.mytest.BasicActivity
> > $r1 := @parameter0: android.os.Bundle
> > specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void
> > onCreate(android.os.Bundle)>($r1)
> > specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void
> > <init>()>() //No def on $r2!
> > virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
> > com.turbomanage.httpclient.HttpResponse
> > get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("
> http://www.google.com",
> > null)
> > return
> >
> >
> > So you can see the statement "$r2 = new
> > com.turbomanage.httpclient.BasicHttpClient" does not appear in the
> output of
> > getUnits().
> > Particularly, the statement marked in blue refers to the local $r2,
> however,
> > there is no def on $r2 in getUnits() !
> >
> > Any suggestion is appreciated !
> >
> >
> > On Wed, Apr 8, 2015 at 1:00 AM, Steven Arzt <Steven.Arzt at cased.de>
> wrote:
> >>
> >> Hi Xinxin,
> >>
> >>
> >>
> >> Then I have to agree with Eric that such a behavior is completely
> >> impossible: Soot reads in the APK file, and stores the unit in the units
> >> collections of the respective SootMethods. This is also the only source
> from
> >> which the units are then written out to Jimples files. If the Jimple
> files
> >> on disk are complete, the unit collections must have been as well. The
> >> output writer does not inference any new units.
> >>
> >>
> >>
> >> Best regards,
> >>
> >>   Steven
> >>
> >>
> >>
> >> Von: Xinxin Jin [mailto:xinxinjin89 at gmail.com]
> >> Gesendet: Mittwoch, 8. April 2015 09:57
> >> An: Steven Arzt
> >> Cc: Bodden, Eric; soot-list at cs.mcgill.ca
> >>
> >>
> >> Betreff: Re: [Soot-list] Soot Body.getUnits() does not get ALL units
> >>
> >>
> >>
> >> Hi Steven,
> >>
> >>
> >>
> >> My code is from an Android app. I use Dexpler to transform the apk to
> >> jimple files.
> >>
> >>
> >>
> >> Thanks,
> >>
> >>
> >>
> >> On Wed, Apr 8, 2015 at 12:54 AM, Steven Arzt <Steven.Arzt at cased.de>
> wrote:
> >>
> >> Hi Xinxin,
> >>
> >>
> >>
> >> Can you provide a complete test case? From where did you read in your
> >> Jimple code?  Did you parse jimple files on disk or Java class files,
> or an
> >> Android APK?
> >>
> >>
> >>
> >> Best regards,
> >>
> >>   Steven
> >>
> >>
> >>
> >> Von: soot-list-bounces at CS.McGill.CA
> >> [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Xinxin Jin
> >> Gesendet: Mittwoch, 8. April 2015 09:07
> >> An: Bodden, Eric
> >> Cc: soot-list at cs.mcgill.ca
> >> Betreff: Re: [Soot-list] Soot Body.getUnits() does not get ALL units
> >>
> >>
> >>
> >> It sounds unreasonable to me too, but that is indeed the problem I
> >> encountered ... So I'm just wondering if there are some corner cases not
> >> handled by Soot or not ?
> >>
> >>
> >>
> >> On Tue, Apr 7, 2015 at 11:40 PM, Bodden, Eric
> >> <eric.bodden at sit.fraunhofer.de> wrote:
> >>
> >> Hi Xinxin.
> >>
> >> I am afraid that does not make much sense. By definition, the units of a
> >> body are the ones returned by getUnits(). This is a very strong
> invariant
> >> that should never be broken by Soot.
> >>
> >> Cheers,
> >> Eric
> >>
> >>
> >> > On 08.04.2015, at 08:02, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> >> >
> >> > Hi there,
> >> >
> >> > I got a weird problem: Sometimes Body.getUnits() does not list all the
> >> > units of a method. The following is one example:
> >> >
> >> > Simplified code snippet:
> >> >
> >> > void foo() {
> >> >     ...
> >> >     BasicHttpClient basicClient = new BasicHttpClient();
> >> >     ...
> >> > }
> >> >
> >> > And in the Jimple file, there are two statements related with "new
> >> > BasicHttpClient()" :
> >> >
> >> > $r5 = new com.turbomanage.httpclient.BasicHttpClient;
> >> > specialinvoke $r5.<com.turbomanage.httpclient.BasicHttpClient: void
> >> > <init>()>();
> >> >
> >> > However, when I use retriveActiveBody().getUnits() to print out all
> the
> >> > units of foo(), I can only see one statement:
> >> > specialinvoke $r5.<com.turbomanage.httpclient.BasicHttpClient: void
> >> > <init>()>()
> >> >
> >> > I don't know why getUnits() cannot obtain "$r5 = new
> >> > com.turbomanage.httpclient.BasicHttpClient" ?
> >> > What kind of units are ignored by Soot ?
> >> >
> >> > Thanks a lot for any advices !
> >> >
> >> >
> >> >
> >> > --
> >> > Xinxin
> >>
> >> > _______________________________________________
> >> > Soot-list mailing list
> >> > Soot-list at CS.McGill.CA
> >> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >>
> >> --
> >> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> >> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and
> EC
> >> SPRIDE
> >> Tel: +49 6151 16-75422    Fax: +49 6151 869-127
> >> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Xinxin
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Xinxin
> >
> >
> >
> >
> > --
> > Xinxin
> >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
>
>
>
> --
> Dacong (Tony) Yan | Software Engineer | Google Inc.
>



-- 
Xinxin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150408/bb082b0f/attachment-0001.html

More information about the Soot-list mailing list