[Soot-list] Soot Body.getUnits() does not get ALL units

Bodden, Eric eric.bodden at sit.fraunhofer.de
Thu Apr 9 01:18:07 EDT 2015 

Sorry but those are not accurate steps to reproduce the problem. Please state the Soot command line you use and state how any where exactly you access the units from within Soot. You really have to help us help you.

Eric

> On 08.04.2015, at 19:37, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> 
> Thanks for the suggestion, Dacong. So I rephrase it here :
> 
> * Test input:
> Android app: my_test.apk
> 
> * Here's the command I executed (the soot configuration is the same with flowDroid):
> java -cp $JAVA_CLASSPATH path_to_my_test_class
> 
> * I expect the results of getUnits() to be:
> r0 := @this: edu.ucsd.mytest.BasicActivity;
> $r1 := @parameter0: android.os.Bundle;
> specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void onCreate(android.os.Bundle)>($r1);
> $r2 = new com.turbomanage.httpclient.BasicHttpClient;​
> specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void <init>()>();
> virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: com.turbomanage.httpclient.HttpResponse get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("http://www.google.com", null);
> return;
> 
> * But the results of getUnits() is (lack the statement marked in red):
> r0 := @this: edu.ucsd.mytest.BasicActivity;
> $r1 := @parameter0: android.os.Bundle;
> specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void onCreate(android.os.Bundle)>($r1);
> specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void <init>()>();
> virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: com.turbomanage.httpclient.HttpResponse get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("http://www.google.com", null);
> return;
> 
> 
> On Wed, Apr 8, 2015 at 10:26 AM, Dacong Yan <tonywinslow1986 at gmail.com> wrote:
> To help better diagnose the problem, could you rephrase the bug
> reproduction description into something like:
>   * Here's the input (maybe an apk file?)
>   * Here's the command I executed: java soot.Main -my -flags ...
>   * I expect the results of getUnits() to be "...", but it actually is "..."
> 
> With concrete input, output and command, everybody can look at the
> same thing and discuss.
> 
> On Wed, Apr 8, 2015 at 10:10 AM, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> > Thank you for the explanation !  But the problem still remains ... To make
> > it concrete, I put the whole analysis of the problematic method in the
> > following:
> >
> > (a). Source code :
> >  protected void onCreate(Bundle savedInstanceState) {
> >         super.onCreate(savedInstanceState);
> >        BasicHttpClient basicClient = new BasicHttpClient();
> >         HttpResponse response = basicClient.get("http://www.google.com",
> > null);
> > }
> >
> > (b). Jimple of method onCreate() :
> >  protected void onCreate(android.os.Bundle)
> >     {
> >         edu.ucsd.mytest.BasicActivity $r0;
> >         android.os.Bundle $r1;
> >         com.turbomanage.httpclient.BasicHttpClient $r2;
> >         $r0 := @this: edu.ucsd.mytest.BasicActivity;
> >         $r1 := @parameter0: android.os.Bundle;
> >
> >         specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void
> > onCreate(android.os.Bundle)>($r1);
> >         $r2 = new com.turbomanage.httpclient.BasicHttpClient;
> > // Do not appear in getUnits()
> >         specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void
> > <init>()>();
> >         virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
> > com.turbomanage.httpclient.HttpResponse
> > get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("http://www.google.com",
> > null);
> >         return;
> >     }
> >
> > (c). Output of m.retrieveActiveBody().getUnits():
> > $r0 := @this: edu.ucsd.mytest.BasicActivity
> > $r1 := @parameter0: android.os.Bundle
> > specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void
> > onCreate(android.os.Bundle)>($r1)
> > specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void
> > <init>()>() //No def on $r2!
> > virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:
> > com.turbomanage.httpclient.HttpResponse
> > get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("http://www.google.com",
> > null)
> > return
> >
> >
> > So you can see the statement "$r2 = new
> > com.turbomanage.httpclient.BasicHttpClient" does not appear in the output of
> > getUnits().
> > Particularly, the statement marked in blue refers to the local $r2, however,
> > there is no def on $r2 in getUnits() !
> >
> > Any suggestion is appreciated !
> >
> >
> > On Wed, Apr 8, 2015 at 1:00 AM, Steven Arzt <Steven.Arzt at cased.de> wrote:
> >>
> >> Hi Xinxin,
> >>
> >>
> >>
> >> Then I have to agree with Eric that such a behavior is completely
> >> impossible: Soot reads in the APK file, and stores the unit in the units
> >> collections of the respective SootMethods. This is also the only source from
> >> which the units are then written out to Jimples files. If the Jimple files
> >> on disk are complete, the unit collections must have been as well. The
> >> output writer does not inference any new units.
> >>
> >>
> >>
> >> Best regards,
> >>
> >>   Steven
> >>
> >>
> >>
> >> Von: Xinxin Jin [mailto:xinxinjin89 at gmail.com]
> >> Gesendet: Mittwoch, 8. April 2015 09:57
> >> An: Steven Arzt
> >> Cc: Bodden, Eric; soot-list at cs.mcgill.ca
> >>
> >>
> >> Betreff: Re: [Soot-list] Soot Body.getUnits() does not get ALL units
> >>
> >>
> >>
> >> Hi Steven,
> >>
> >>
> >>
> >> My code is from an Android app. I use Dexpler to transform the apk to
> >> jimple files.
> >>
> >>
> >>
> >> Thanks,
> >>
> >>
> >>
> >> On Wed, Apr 8, 2015 at 12:54 AM, Steven Arzt <Steven.Arzt at cased.de> wrote:
> >>
> >> Hi Xinxin,
> >>
> >>
> >>
> >> Can you provide a complete test case? From where did you read in your
> >> Jimple code?  Did you parse jimple files on disk or Java class files, or an
> >> Android APK?
> >>
> >>
> >>
> >> Best regards,
> >>
> >>   Steven
> >>
> >>
> >>
> >> Von: soot-list-bounces at CS.McGill.CA
> >> [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Xinxin Jin
> >> Gesendet: Mittwoch, 8. April 2015 09:07
> >> An: Bodden, Eric
> >> Cc: soot-list at cs.mcgill.ca
> >> Betreff: Re: [Soot-list] Soot Body.getUnits() does not get ALL units
> >>
> >>
> >>
> >> It sounds unreasonable to me too, but that is indeed the problem I
> >> encountered ... So I'm just wondering if there are some corner cases not
> >> handled by Soot or not ?
> >>
> >>
> >>
> >> On Tue, Apr 7, 2015 at 11:40 PM, Bodden, Eric
> >> <eric.bodden at sit.fraunhofer.de> wrote:
> >>
> >> Hi Xinxin.
> >>
> >> I am afraid that does not make much sense. By definition, the units of a
> >> body are the ones returned by getUnits(). This is a very strong invariant
> >> that should never be broken by Soot.
> >>
> >> Cheers,
> >> Eric
> >>
> >>
> >> > On 08.04.2015, at 08:02, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> >> >
> >> > Hi there,
> >> >
> >> > I got a weird problem: Sometimes Body.getUnits() does not list all the
> >> > units of a method. The following is one example:
> >> >
> >> > Simplified code snippet:
> >> >
> >> > void foo() {
> >> >     ...
> >> >     BasicHttpClient basicClient = new BasicHttpClient();
> >> >     ...
> >> > }
> >> >
> >> > And in the Jimple file, there are two statements related with "new
> >> > BasicHttpClient()" :
> >> >
> >> > $r5 = new com.turbomanage.httpclient.BasicHttpClient;
> >> > specialinvoke $r5.<com.turbomanage.httpclient.BasicHttpClient: void
> >> > <init>()>();
> >> >
> >> > However, when I use retriveActiveBody().getUnits() to print out all the
> >> > units of foo(), I can only see one statement:
> >> > specialinvoke $r5.<com.turbomanage.httpclient.BasicHttpClient: void
> >> > <init>()>()
> >> >
> >> > I don't know why getUnits() cannot obtain "$r5 = new
> >> > com.turbomanage.httpclient.BasicHttpClient" ?
> >> > What kind of units are ignored by Soot ?
> >> >
> >> > Thanks a lot for any advices !
> >> >
> >> >
> >> >
> >> > --
> >> > Xinxin
> >>
> >> > _______________________________________________
> >> > Soot-list mailing list
> >> > Soot-list at CS.McGill.CA
> >> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >>
> >> --
> >> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> >> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC
> >> SPRIDE
> >> Tel: +49 6151 16-75422    Fax: +49 6151 869-127
> >> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Xinxin
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> Xinxin
> >
> >
> >
> >
> > --
> > Xinxin
> >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
> 
> 
> 
> --
> Dacong (Tony) Yan | Software Engineer | Google Inc.
> 
> 
> 
> --
> Xinxin
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

--
Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 869-127
Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150409/adcc6655/attachment.bin

More information about the Soot-list mailing list