[Soot-list] How to get context-sensitive result of flowdroid

润青杨 rainkin1993 at gmail.com
Wed Apr 22 04:49:48 EDT 2015 

Hi guys,
    this is a example:

>     public void test(){
>         String sourceOne = sourceOne(10); // source
>         foo(sourceOne);
>         foo(sourceOne);
>     }
>
>     public String sourceOne(int number){
>         return number>0 ? "positive" : "negative";
>     }
>
>     public void foo(String s){
>         System.out.println(s); // sink
>     }
>

  the method sourceOne is a source and System.out.println() is a sink.

  After analysis, I get the following result:

> [main] INFO soot.jimple.infoflow.Infoflow - Source lookup done, found 1
> sources and 1 sinks.
> [main] INFO soot.jimple.infoflow.Infoflow - IFDS problem with 14 forward
> and 0 backward edges solved, processing 1 results...
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder -
> Context-sensitive path reconstructor started
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder -
> Obtainted 1 connections between sources and sinks
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder -
> Building path 1
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Path
> processing took 0.008987293 seconds in total
> [main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke
> $r2.<java.io.PrintStream: void println(java.lang.String)>(r1) in method
> <TestCode: void foo(java.lang.String)> was called with values from the
> following sources:
> [main] INFO soot.jimple.infoflow.Infoflow - - r1 = virtualinvoke
> r0.<TestCode: java.lang.String sourceOne(int)>(10) in method <TestCode:
> void test()>
> [main] INFO soot.jimple.infoflow.Infoflow -     on Path:
> [main] INFO soot.jimple.infoflow.Infoflow -      -> <TestCode: void
> foo(java.lang.String)>
> [main] INFO soot.jimple.infoflow.Infoflow -          -> virtualinvoke
> $r2.<java.io.PrintStream: void println(java.lang.String)>(r1)
>

 I want to know how to get a context-sensitive result, in which
sourceOne() will point to 2 different system.out.println()

Thx,
Rainkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150422/61b2bf41/attachment.html

More information about the Soot-list mailing list