[Soot-list] Empty points-to-set

Octav Chipara ochipara at gmail.com
Wed Apr 15 19:42:41 EDT 2015 

I think I managed to get it to work, but I made a couple of newbie mistakes:

(1) My test example was incorrect. It does uses primitive variables rather 
than objects, so there is no aliasing. Duh!
(2) The biggest problem that I was having was to make sure that soot was 
initialized properly, particularly its class path. I ended up adapting 
initializeSoot() (in SetupApplication.java) from the infoflow-android 
project.

The only part that I was not able to figure out was how to keep the same 
variables names as in the source. In a standard java application, you can 
set 

Options.v().setPhaseOption("jb","use-original-names:true")

Is there an equivalent option for Android?

Thanks,
-- Octav

On Wednesday, April 15, 2015 at 3:16:05 AM UTC-5, Octav Chipara wrote:
>
> Hi,
>
> I am writing an static analysis that use call graph + point-to-sets on 
> android applications. I was able to construct a call graph using infoflow's 
> to generate a dummy main. Unfortunately, the point-to-sets that I am 
> obtaining for local variables are always empty. Below are the relevant 
> pieces of code. If you guys could point me in the right direction, I would 
> really appreciate it.
>
> Thanks!
> -- Octav
>
> ===== Driver ====
> public static void main(String[] args) throws Exception {
> ...
>                 SetupApplication app = new SetupApplication(sdkLocation, 
> apkLocation);
> app.calculateSourcesSinksEntrypoints("SourcesAndSinks.txt"); 
>                 soot.G.reset();  
>
> Options.v().set_src_prec(Options.src_prec_apk);
> Options.v().set_process_dir(Collections.singletonList(apkLocation));
> Options.v().set_android_jars(sdkLocation);
> Options.v().set_whole_program(true);
> Options.v().set_allow_phantom_refs(true);
>  Options.v().setPhaseOption("jb","use-original-names:true");
> Options.v().setPhaseOption("cg.spark", "on");
> Options.v().setPhaseOption("cg.verbose", "true"); 
>  Options.v().set_output_format(Options.output_format_none); 
>
> Scene.v().loadNecessaryClasses();
> SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
> Options.v().set_main_class(entryPoint.getSignature());
> Scene.v().setEntryPoints(Collections.singletonList(entryPoint)); 
> PackManager.v().runPacks();
>
>                 CallGraph cg = Scene.v().getCallGraph();
> PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
> deadlineAnalysis(cg, pta);
> ...
> }
>
> ==== deadlineAnalysis ====
> Unit u = ...
> PatchingChain<Unit> units = e.src().getActiveBody().getUnits();
> Unit nextUnit = units.getSuccOf(u);
> List<ValueBox> nextValues = nextUnit.getDefBoxes();
> Local localValue = (Local) nextValues.get(0).getValue();
> pta.reachingObjects(localValue)   ===> Returns empty point-to-sets for all 
> the locals
>
> === testcase ===
> protected void onResume() {
> super.onResume();
>  int s;
> int s2;
> s = 0;
>  // junk code 
> for (int i = 0; i < 100; i++) {
> s = s + i;
> }
> s2 = s;
>
> System.out.println(s2);
> }
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150415/166630d7/attachment.html

More information about the Soot-list mailing list