[Soot-list] FlowDroid: call graph doesn't look context sensitive
Denis Bogdanas
denis.bogdanas at gmail.com
Thu Mar 3 17:04:03 EST 2016
Suppose we have 2 threads called from 2 UI callbacks. One of them calls
method sensitive(), another one is empty. In the call graph, both events
will have a path to sensitive(), as if the two Thread instances were
modeled as one:
protected void onCreate(Bundle savedInstanceState) {
threadWithSensitive();
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
emptyThread();
return false;
}
private void threadWithSensitive() {
new Thread(new Runnable() {
public void run() {
sensitive();
}
}).start();
}
private void emptyThread() {
new Thread(new Runnable() {
public void run() { }
}).start();
}
Shouldn't only onCreate() lead to sensitive() ?
My setup: a crafted android.jar that has stubs for android classes but full
implementation for java.* and javax.* packages.
I also noticed that class MethodContext which is supposed to model a method
in its context, is never instantiated, regardless of what call graph
algorithm I use.
What am I missing?
thanks,
--
Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160303/5f16a98a/attachment.html
More information about the Soot-list
mailing list