[Soot-list] Missing call graph edges

Peter Kim chpkim at gmail.com
Sun Feb 8 13:05:03 EST 2015 

eliminateDeadCode() is *not* being called and I'm still running into the
problem. Thanks in advance for your help.

On Sun, Feb 8, 2015 at 5:37 PM, Peter Kim <chpkim at gmail.com> wrote:

> Hi Steven,
>
> I'm still running into the same problem after pulling from Github.
>
>
> On Fri, Feb 6, 2015 at 9:24 AM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>
>> Hi Peter,
>>
>>
>>
>> that might have to do with an optimization I added recently. In short,
>> FlowDroid removes these callgraph edges for which it can easily decide that
>> having them does not influence the outcome of the taint analysis. I can
>> however fully understand that this might lead to surprising results if you
>> are using the FlowDroid components for other analyses, so I decided to make
>> this optimization optional and turn it off by default.
>>
>>
>>
>> The new code is on Github and a new nightly build will be available
>> tomorrow.
>>
>>
>>
>> Best regards,
>>
>>   Steven
>>
>>
>>
>>
>>
>> M.Sc. M.Sc. Steven Arzt
>>
>> Secure Software Engineering Group (SSE)
>>
>> European Center for Security and Privacy by Design (EC SPRIDE)
>>
>> Rheinstraße 75
>>
>> D-64293 Darmstadt
>>
>> Phone: +49 61 51 869-336
>>
>> Fax: +49 61 51 16-72118
>>
>> eMail: steven.arzt at ec-spride.de
>>
>> Web: http://sse.ec-spride.de
>>
>>
>>
>>
>>
>>
>>
>> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
>> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Peter Kim
>> *Gesendet:* Freitag, 6. Februar 2015 00:05
>> *An:* soot-list at cs.mcgill.ca
>> *Betreff:* [Soot-list] Missing call graph edges
>>
>>
>>
>> Hi,
>>
>>
>>
>> I'm extending FlowDroid to construct an Android app's call graph. More
>> specifically, I get the call graph by modifying Infoflow.runAnalysis(final
>> ISourceSinkManager sourcesSinks, final Set<String> additionalSeeds) to call
>> Scene.v().getCallGraph(). The call graph is missing edges in an odd way -
>> for a function, the graph has some outgoing edges but is missing ones that
>> should be there. Namely, given the following function (shown in Java rather
>> than jimple for readability), the called methods should be "get()",
>> "isFinished()", "remove()", "free()", "size()", "update()", but I'm only
>> getting "get()", "size()", and "remove()". I don't understand why
>> "remove()" is included but "free()" is not since they are in the same basic
>> block. I'm using soot.jimple.toolkits.callgraph.TransitiveTargets to
>> analyze the call graph.
>>
>>
>>
>> public void update(float x) {
>>
>>   for (...size()..) {
>>
>>       get();
>>
>>       if (isFinished()) {
>>
>>         remove();
>>
>>         free();
>>
>>       }
>>
>>   }
>>
>>
>>
>>   if (y) {
>>
>>     if (x) {
>>
>>       for (... size()...)  get().update(x);
>>
>>     } else {
>>
>>       for (...size()...)  get().update(x);
>>
>>     }
>>
>>   }
>>
>> }
>>
>>
>>
>> Thank you for your help.
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150208/cd27f7b5/attachment.html

More information about the Soot-list mailing list