[Soot-list] Missing call graph edges

Peter Kim chpkim at gmail.com
Sun Feb 8 12:37:50 EST 2015 

Hi Steven,

I'm still running into the same problem after pulling from Github.


On Fri, Feb 6, 2015 at 9:24 AM, Steven Arzt <Steven.Arzt at cased.de> wrote:

> Hi Peter,
>
>
>
> that might have to do with an optimization I added recently. In short,
> FlowDroid removes these callgraph edges for which it can easily decide that
> having them does not influence the outcome of the taint analysis. I can
> however fully understand that this might lead to surprising results if you
> are using the FlowDroid components for other analyses, so I decided to make
> this optimization optional and turn it off by default.
>
>
>
> The new code is on Github and a new nightly build will be available
> tomorrow.
>
>
>
> Best regards,
>
>   Steven
>
>
>
>
>
> M.Sc. M.Sc. Steven Arzt
>
> Secure Software Engineering Group (SSE)
>
> European Center for Security and Privacy by Design (EC SPRIDE)
>
> Rheinstraße 75
>
> D-64293 Darmstadt
>
> Phone: +49 61 51 869-336
>
> Fax: +49 61 51 16-72118
>
> eMail: steven.arzt at ec-spride.de
>
> Web: http://sse.ec-spride.de
>
>
>
>
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Peter Kim
> *Gesendet:* Freitag, 6. Februar 2015 00:05
> *An:* soot-list at cs.mcgill.ca
> *Betreff:* [Soot-list] Missing call graph edges
>
>
>
> Hi,
>
>
>
> I'm extending FlowDroid to construct an Android app's call graph. More
> specifically, I get the call graph by modifying Infoflow.runAnalysis(final
> ISourceSinkManager sourcesSinks, final Set<String> additionalSeeds) to call
> Scene.v().getCallGraph(). The call graph is missing edges in an odd way -
> for a function, the graph has some outgoing edges but is missing ones that
> should be there. Namely, given the following function (shown in Java rather
> than jimple for readability), the called methods should be "get()",
> "isFinished()", "remove()", "free()", "size()", "update()", but I'm only
> getting "get()", "size()", and "remove()". I don't understand why
> "remove()" is included but "free()" is not since they are in the same basic
> block. I'm using soot.jimple.toolkits.callgraph.TransitiveTargets to
> analyze the call graph.
>
>
>
> public void update(float x) {
>
>   for (...size()..) {
>
>       get();
>
>       if (isFinished()) {
>
>         remove();
>
>         free();
>
>       }
>
>   }
>
>
>
>   if (y) {
>
>     if (x) {
>
>       for (... size()...)  get().update(x);
>
>     } else {
>
>       for (...size()...)  get().update(x);
>
>     }
>
>   }
>
> }
>
>
>
> Thank you for your help.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150208/b39cb416/attachment.html

More information about the Soot-list mailing list