[Soot-list] Question about flowdroid

Steven Arzt Steven.Arzt at cased.de
Mon Jan 18 02:23:20 EST 2016 

Hi James,

 

FlowDroid’s implicit flow implementation is forward, not backward. You might take the general concepts and ideas from FlowDroid to build your slicer, though. The idea is to look at a conditional, see whether it depends on a tainted value, and if so, unconditionally taint all elements from the conditional till its postdominator. You can see that as a slicing approach as Eric said. However, note that FlowDroid’s implicit flow code is buried into the data flow part, so it’s not easy to just extract it and take it as a slicer. This was never the goal of our implementation.

 

Best regards,

  Steven

 

Von: James F [mailto:jamesfuhao at gmail.com] 
Gesendet: Sonntag, 17. Januar 2016 02:50
An: soot
Cc: nuaawangxiaolei at 163.com; soot-list at cs.mcgill.ca; Steven.Arzt at cased.de
Betreff: Re: [Soot-list] Question about flowdroid

 

Eric said "It computes implicit information flows (if enabled on the command line). While they are not represented in an explicit PDG but rather computed on the fly, they might be sufficient for your purpose. Note that this is a forward-slicing approach." inside https://mailman.cs.mcgill.ca/pipermail/soot-list/2014-February/006508.html. 

So is it to say we can leverage "implicit flow" part to implement our own backward slicing? 

On Sunday, November 29, 2015 at 8:51:15 AM UTC-8, Steven Arzt wrote:

Hi,

 

I have included the Soot mailing list in this reply. Some of the features you are asking for are not available in Soot, but have built them on top of Soot without contributing them back to the main development branch. Soot, for instance, does not have a slicer on its own. However, there are external implementations, for instance the one from the paper “Dynamic slicing with soot” by Adrian Treffer and Matthias Uflacker published at SOAP 2014. You can contact them to get their implementation. Another paper would be Nair’s master thesis: uwspace.uwaterloo.ca/bitstream/10012/5144/1/uw-ethesis.pdf. Our group has also built a slicer based on Soot in another research project, but, sadly, it’s much too specialized to be useful outside of that project.

 

For program dependence graphs, we do have support. Look into the package “soot.toolkits.graph.pdg”. Personally, I haven’t used these parts of Soot yet, but they exists and should work just fine.

 

Best regards,

  Steven

 

Von: nuaawangxiaolei [mailto:nuaawan... at 163.com <javascript:> ] 
Gesendet: Samstag, 28. November 2015 14:14
An: Steven Arzt
Betreff: Re:AW: Question about flowdroid

 

OK, thanks a lot, firstly.

The reason why I want to combine flowdroid with wala is that I want to learn program slice, program dependence graph, system dependence graph. Someone tell me that Soot cannot do this work.

Therefore, I want to combine flowdroid with wala.

 

Now that you are the maintainer of Soot. I want to ask you whether Soot can conveniently make program slice, program dependence graph ,system dependence graph using the results of Flowdroid.

If yes, would you like to share me some simple examples? And I can learn from them.

If no, I have to use WALA finally.

 

Look forwarding to your reply.





At 2015-11-27 22:38:49, "Steven Arzt" <Steve... at cased.de <javascript:> > wrote:

Hi,

 

FlowDroid is based on Soot, so the easiest way to create an analysis for Android apps is to write them using Soot. If you need a data flow analysis, that’s what FlowDroid is all about, so you can simply use the tool as-is.

 

If you want to nevertheless write your analysis in Wala and just need the dummy main method generated by FlowDroid, you can do it as you have proposed. To dump the dummy main method from FlowDroid, you need to set it as an application class and configure the Soot output format as “class”. Then, call the output writer.

 

To get a dummy main method in the first place, you can do something along these lines:

 

             SetupApplication app = new SetupApplication

                           ("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",

                           "D:/Temp/com.tweakersoft.aroundme-1.apk");

             app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android Analyse/soot-infoflow-android/SourcesAndSinks.txt");

             soot.G.reset();

             

             Options.v().set_src_prec(Options.src_prec_apk);

             Options.v().set_process_dir(Collections.singletonList("D:/Temp/com.tweakersoft.aroundme-1.apk"));

             Options.v().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms");

             Options.v().set_allow_phantom_refs(true);

             Options.v().set_output_format(Options.output_format_class);

             

             Scene.v().loadNecessaryClasses();

             

             SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();

             Options.v().set_main_class(entryPoint.getSignature());

             Scene.v().setEntryPoints(Collections.singletonList(entryPoint));

             System.out.println(entryPoint.getActiveBody());

             PackManager.v().writeOutput();

 

This should work. If it does not for some reason, feel free to contact me. Your “class” files (both for the dummy main method and for all of the classes inside your apk file) should then end up in the “sootOutput” folder.

 

Best regards,

  Steven

 

Von: nuaawangxiaolei [mailto:nuaawan... at 163.com <javascript:> ] 
Gesendet: Freitag, 27. November 2015 03:11
An: steve... at ec-spride.de <javascript:> 
Betreff: Question about flowdroid

 

Hi:

    Sorry to interrupt you. From your homepage, I know you are the maintainer of Flowdroid and Soot. Now I have a question. That is I want to combine flowdroid with wala.

    Someone on the website  said the way  to do this , as follows:

    Firstly, FlowDroid will build a dummy main method for the app and dump it in sootOutput/dummyMainClass. class. The name of the main method is dummyMainMethod. 

    Secondly, Load dummyMainClass. class along with the rest of the bytecodes for the app and wrap dummyMainClass. dummyMainMethod in a WALA DefaultEntrypoint.

 

    Therefore, I want to ask you whether this method is feasible. If this method is feasible, would you like to tell me how to dump the dummyMainClass.class and load the dummyMainClass.class with the rest of the bytecodes for the app? using Flowdroid

    Thanks a lot and look forward to hearing from you.

    

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160118/4bde7b77/attachment-0001.html

More information about the Soot-list mailing list