[Soot-list] How to get context-sensitive result of flowdroid

润青杨 rainkin1993 at gmail.com
Tue May 5 12:26:27 EDT 2015 

Hi Steven,
    I try to call infoflow.setPathAgnosticResults(false), but it still only
shows one path.
    I don't know why it happened?

Rainkin

2015-04-22 17:57 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:

> Hi Raikin,
>
>
>
> The Infoflow class supports the setPathAgnosticResults() method. The
> default is “true” which means that paths which have same source and sink
> are merged into one. If you set it to “false”, you will get the two
> different paths. However, beware: In general, the number of propagation
> paths is exponential in the number of branching statements on the way. You
> can quickly end up with an infeasible number of paths and that’s why the
> default merges all these paths.
>
>
>
> Best regards,
>
>   Steven
>
>
>
> *Von:* 润青杨 [mailto:rainkin1993 at gmail.com]
> *Gesendet:* Mittwoch, 22. April 2015 11:26
> *An:* Steven Arzt
> *Cc:* soot-list at cs.mcgill.ca
> *Betreff:* Re: [Soot-list] How to get context-sensitive result of
> flowdroid
>
>
>
> HI Steven,
>
>     Two different propagation paths are what I want. But the result only
> have 1 path;
>
>     Can you tell me how to get it?
>
> Thanks,
>
> Rainkin
>
>
>
>
>
> 2015-04-22 17:00 GMT+08:00 Steven Arzt <Steven.Arzt at cased.de>:
>
> Hi Rainkin,
>
>
>
> I do not understand your question. In this code example, there is only a
> single context. The method “foo” is always called with a tainted element
> which originated from sourceOne(10). In terms of contexts, the two
> source-to-sink connections are equal. Moreover, there is only one call to
> “System.out.println()” in the code, so I’m not sure how you want to get two
> different statements out of that.
>
>
>
> The only thing you could do is to obtain two different propagation paths
> to record that one flow was propagated over the first call to “foo” and the
> other one over the second call. I’m not sure what the use case for that
> should be, though.
>
>
>
> Best regards,
>
>   Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *???
> *Gesendet:* Mittwoch, 22. April 2015 10:50
> *An:* soot-list at CS.McGill.CA
> *Betreff:* [Soot-list] How to get context-sensitive result of flowdroid
>
>
>
> Hi guys,
>
>     this is a example:
>
>     public void test(){
>         String sourceOne = sourceOne(10); // source
>         foo(sourceOne);
>         foo(sourceOne);
>     }
>
>     public String sourceOne(int number){
>         return number>0 ? "positive" : "negative";
>     }
>
>     public void foo(String s){
>         System.out.println(s); // sink
>     }
>
>
>
>   the method sourceOne is a source and System.out.println() is a sink.
>
>   After analysis, I get the following result:
>
> [main] INFO soot.jimple.infoflow.Infoflow - Source lookup done, found 1
> sources and 1 sinks.
> [main] INFO soot.jimple.infoflow.Infoflow - IFDS problem with 14 forward
> and 0 backward edges solved, processing 1 results...
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder -
> Context-sensitive path reconstructor started
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder -
> Obtainted 1 connections between sources and sinks
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder -
> Building path 1
> [main] INFO
> soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Path
> processing took 0.008987293 seconds in total
> [main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke
> $r2.<java.io.PrintStream: void println(java.lang.String)>(r1) in method
> <TestCode: void foo(java.lang.String)> was called with values from the
> following sources:
> [main] INFO soot.jimple.infoflow.Infoflow - - r1 = virtualinvoke
> r0.<TestCode: java.lang.String sourceOne(int)>(10) in method <TestCode:
> void test()>
> [main] INFO soot.jimple.infoflow.Infoflow -     on Path:
> [main] INFO soot.jimple.infoflow.Infoflow -      -> <TestCode: void
> foo(java.lang.String)>
> [main] INFO soot.jimple.infoflow.Infoflow -          -> virtualinvoke
> $r2.<java.io.PrintStream: void println(java.lang.String)>(r1)
>
>
>
>  I want to know how to get a context-sensitive result, in which
> sourceOne() will point to 2 different system.out.println()
>
> Thx,
>
> Rainkin
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150506/49ed439f/attachment.html

More information about the Soot-list mailing list