[Soot-list] Recarding spark
Steven Arzt
Steven.Arzt at cased.de
Tue Jul 7 07:45:32 EDT 2015
Hi Ding,
You are trying to use SPARK on an Android app. SPARK requires an entry point which Android applications, however, do not have. Android apps instead tightly integrate with the Android OS using a pre-defined lifecycle. One approach to build a callgraph for Android apps is thus to generate a dummy entry point (i.e., main method) which simulates the interactions between the app and the OS. You can build such a dummy main method using FlowDroid as follows:
SetupApplication app = new SetupApplication
("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",
"D:/Temp/com.tweakersoft.aroundme-1.apk");
app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android Analyse/soot-infoflow-android/SourcesAndSinks.txt");
soot.G.reset();
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList("D:/Temp/com.tweakersoft.aroundme-1.apk"));
Options.v().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms");
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_class);
Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
System.out.println(entryPoint.getActiveBody());
PackManager.v().runPacks();
JimpleBasedInterproceduralCFG icfg = new JimpleBasedInterproceduralCFG();
System.out.println(Scene.v().getCallGraph().size());
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Ding Li
Gesendet: Dienstag, 7. Juli 2015 04:01
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Recarding spark
Hi I have encountered some problem with spark:
My code is like this:
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_android_jars(androidpath);
Options.v().set_whole_program(true);
Options.v().set_verbose(false);
Options.v().setPhaseOption("cg.spark", "on");
Options.v().set_output_format(Options.src_prec_J);
Options.v().set_keep_line_number(true);
Options.v().set_keep_offset(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_process_dir(path_list);
Scene.v().loadNecessaryClasses();
Scene.v().setEntryPoints(entryPoints);
PackManager.v().runPacks();
PAG pag=(PAG)Scene.v().getPointsToAnalysis();
//for any method
while (stmtIt.hasNext()) {
Unit u = (Unit) stmtIt.next();
Stmt stmt=(Stmt)u;
if(stmt.containsInvokeExpr())
{
InvokeExpr exp = stmt.getInvokeExpr();
if(exp.getUseBoxes().size()>1)
{
Value l=exp.getUseBoxes().get(0).getValue();
if(l instanceof Local)
{
Node n=pag.findLocalVarNode((Local) l);
System.out.println(n); //it is null
PointsToSetInternal pset=(PointsToSetInternal)pag.reachingObjects((Local) l);
System.out.println(pset.size()); //the size is 0
}
}
}
}
I initialize soot with the first half, and then for any methods, I check the PointedToSet for the first arg of each method invocation. However, for any , I always get size of 0 in the PointedToSet and the Node of the argument in PAG is always null. I think at list the PointedToSet should contain the variable itself and the size should be at least 1, instead of empty. I am not quite sure where is wrong here, what should I set in oder to get pag.reachingObjects return a non-empty set? Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150707/8b5db5b5/attachment-0001.html
More information about the Soot-list
mailing list