[Soot-list] Recarding spark

Steven Arzt Steven.Arzt at cased.de
Wed Jul 8 05:25:21 EDT 2015 

The code for querying the PointTo-sets is still the same. The normal approach, however, is to not use any internal Soot objects, but stay at the interface level. Normally, you pick two locals for which you want to find out whether they can potentially alias, get their respective PointsTo sets, and then call hasNonEmptyIntersection() on them. If there is a non-empty intersection, you know that the respective objects may potentially alias at runtime.

 

Von: Ding Li [mailto:dingli at usc.edu] 
Gesendet: Dienstag, 7. Juli 2015 21:00
An: Steven Arzt; soot-list at cs.mcgill.ca
Betreff: Re: [Soot-list] Recarding spark

 

Thanks Steven, I have tried your code, but it still doesn't give me any result. Could you give me a more concrete example? Maybe include how to query the result. Thanks a lot

 

On Tue, Jul 7, 2015 at 4:45 AM Steven Arzt <Steven.Arzt at cased.de> wrote:

Hi Ding,

 

You are trying to use SPARK on an Android app. SPARK requires an entry point which Android applications, however, do not have. Android apps instead tightly integrate with the Android OS using a pre-defined lifecycle. One approach to build a callgraph for Android apps is thus to generate a dummy entry point (i.e., main method) which simulates the interactions between the app and the OS. You can build such a dummy main method using FlowDroid as follows:

 

             SetupApplication app = new SetupApplication

                           ("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",

                           "D:/Temp/com.tweakersoft.aroundme-1.apk");

             app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android Analyse/soot-infoflow-android/SourcesAndSinks.txt");

             soot.G.reset();

             

             Options.v().set_src_prec(Options.src_prec_apk);

             Options.v().set_process_dir(Collections.singletonList("D:/Temp/com.tweakersoft.aroundme-1.apk"));

             Options.v().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms");

             Options.v().set_whole_program(true);

             Options.v().set_allow_phantom_refs(true);

             Options.v().set_output_format(Options.output_format_class);

             Options.v().setPhaseOption("cg.spark", "on");

             

             Scene.v().loadNecessaryClasses();

             

             SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();

             Options.v().set_main_class(entryPoint.getSignature());

             Scene.v().setEntryPoints(Collections.singletonList(entryPoint));

             System.out.println(entryPoint.getActiveBody());

             

             PackManager.v().runPacks();

             JimpleBasedInterproceduralCFG icfg = new JimpleBasedInterproceduralCFG();             

             System.out.println(Scene.v().getCallGraph().size()); 

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Ding Li
Gesendet: Dienstag, 7. Juli 2015 04:01
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Recarding spark

 

Hi I have encountered some problem with spark:

My code is like this:

Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_android_jars(androidpath);
Options.v().set_whole_program(true);
Options.v().set_verbose(false);
Options.v().setPhaseOption("cg.spark", "on");
Options.v().set_output_format(Options.src_prec_J);
Options.v().set_keep_line_number(true);
Options.v().set_keep_offset(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_process_dir(path_list);
Scene.v().loadNecessaryClasses();
Scene.v().setEntryPoints(entryPoints);
PackManager.v().runPacks();
PAG pag=(PAG)Scene.v().getPointsToAnalysis();


//for any method
while (stmtIt.hasNext()) {
    Unit u = (Unit) stmtIt.next();
    Stmt stmt=(Stmt)u;

    if(stmt.containsInvokeExpr())
    {
        InvokeExpr exp = stmt.getInvokeExpr();
        if(exp.getUseBoxes().size()>1)
        {
            Value l=exp.getUseBoxes().get(0).getValue();
            if(l instanceof Local)
            {
                Node n=pag.findLocalVarNode((Local) l);
                System.out.println(n); //it is null
                PointsToSetInternal pset=(PointsToSetInternal)pag.reachingObjects((Local) l);
                System.out.println(pset.size()); //the size is 0

            }



        }

    }
}

 

I initialize soot with the first half, and then for any methods, I check the PointedToSet for the first arg of each method invocation. However, for any , I always get size of 0 in the PointedToSet and the Node of the argument in PAG is always null. I think at list the PointedToSet should contain the variable itself and the size should be at least 1, instead of empty. I am not quite sure where is wrong here, what should I set in oder to get pag.reachingObjects return a non-empty set? Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150708/f1141a73/attachment-0001.html

More information about the Soot-list mailing list