[Soot-list] Application classes vs library classes in FlowDroid

Steven Arzt Steven.Arzt at cased.de
Wed Mar 11 10:33:10 EDT 2015 

Hi all,

FlowDroid actually has a slightly different semantics as it configures and launches Soot on its own. During this process, all classes usually end up on the normal Soot classpath and become library classes to make sure that we only load what we definitely need. The generated dummy main class and the classes containing Android entry points however need to be application classes s we always need their full implementations.

In short, do not rely on distinguishing application classes and library classes if you are accessing classes from inside FlowDroid callbacks.

Best regards,
  Steven

-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Bodden, Eric
Gesendet: Mittwoch, 11. März 2015 15:09
An: Roy Liu
Cc: soot-list at cs.mcgill.ca
Betreff: Re: [Soot-list] Application classes vs library classes in FlowDroid

Hi Roy.

This is a Soot issue, not a FlowDroid issue. Please refer to the first paragraph here:
https://ssebuild.cased.de/nightly/soot/doc/soot_options.htm

Cheers,
Eric

> On 11.03.2015, at 11:56, Roy Liu <royliudev at gmail.com> wrote:
> 
> Dear All,
> 
> I want to ask about the differences between application classes and library classes in FlowDroid.
> The former can be listed by performing a for-each loop on 
> Scene.v().getApplicationClasses(),
> whereas the latter can be listed by performing a similar iteration over Scene.v().getLibraryClasses().
> It seems that FlowDroid uses some set of heuristics in determining if a class is to be considered as either an application or a library class.
> 
> I have two following questions:
> - How does FlowDroid/Soot determine if a class should be categorized as an application or a library class?
> - If a class is considered as a library class, does that mean that it won't be subject to the data-flow analysis,
>   i.e. it will be excluded from the ICFG, thus making the class basically unreachable?
> 
> Thank you so much in advance for the help.
> 
> Best Regards,
> Roy
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

--
Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/ Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 869-127
Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt

More information about the Soot-list mailing list