[Soot-list] Empty points-to-set

Octav Chipara ochipara at gmail.com
Wed Apr 15 04:15:31 EDT 2015 

Hi,

I am writing an static analysis that use call graph + point-to-sets on 
android applications. I was able to construct a call graph using infoflow's 
to generate a dummy main. Unfortunately, the point-to-sets that I am 
obtaining for local variables are always empty. Below are the relevant 
pieces of code. If you guys could point me in the right direction, I would 
really appreciate it.

Thanks!
-- Octav

===== Driver ====
public static void main(String[] args) throws Exception {
...
                SetupApplication app = new SetupApplication(sdkLocation, 
apkLocation);
app.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt"); 
                soot.G.reset();  

Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList(apkLocation));
Options.v().set_android_jars(sdkLocation);
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
 Options.v().setPhaseOption("jb","use-original-names:true");
Options.v().setPhaseOption("cg.spark", "on");
Options.v().setPhaseOption("cg.verbose", "true"); 
 Options.v().set_output_format(Options.output_format_none); 

Scene.v().loadNecessaryClasses();
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint)); 
PackManager.v().runPacks();

                CallGraph cg = Scene.v().getCallGraph();
PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
deadlineAnalysis(cg, pta);
...
}

==== deadlineAnalysis ====
Unit u = ...
PatchingChain<Unit> units = e.src().getActiveBody().getUnits();
Unit nextUnit = units.getSuccOf(u);
List<ValueBox> nextValues = nextUnit.getDefBoxes();
Local localValue = (Local) nextValues.get(0).getValue();
pta.reachingObjects(localValue)   ===> Returns empty point-to-sets for all 
the locals

=== testcase ===
protected void onResume() {
super.onResume();
 int s;
int s2;
s = 0;
 // junk code 
for (int i = 0; i < 100; i++) {
s = s + i;
}
s2 = s;

System.out.println(s2);
}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150415/5f02e037/attachment-0001.html

More information about the Soot-list mailing list