[Soot-list] FlowDroid: call graph doesn't look context sensitive

Steven Arzt Steven.Arzt at cased.de
Thu Mar 3 17:28:32 EST 2016 

Hi Denis,

 

You don’t actually need an implementation of java.* in your Android platform JAR file, because FlowDroid provides explicit models for threads. If you use FlowDroid’s default models, your callgraph should be able to distinguish the two calls, i.e., there should not be a path from emptyThread() to sensitive(). You have two different instances of the Thread class, two different implementations (and thus also instances thereof) of Runnable, and I don’t see any good reason for FlowDroid to combine the two paths.

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Denis Bogdanas
Gesendet: Donnerstag, 3. März 2016 23:04
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] FlowDroid: call graph doesn't look context sensitive

 

Suppose we have 2 threads called from 2 UI callbacks. One of them calls method sensitive(), another one is empty. In the call graph, both events will have a path to sensitive(), as if the two Thread instances were modeled as one:

protected void onCreate(Bundle savedInstanceState) {
    threadWithSensitive();
}

@Override
public boolean onOptionsItemSelected(MenuItem item) {
    emptyThread();
    return false;
}
private void threadWithSensitive() {
    new Thread(new Runnable() {
        public void run() {
            sensitive();
        }
    }).start();
}

private void emptyThread() {
    new Thread(new Runnable() {
        public void run() { }
    }).start();
}

Shouldn't only onCreate() lead to sensitive() ?

My setup: a crafted android.jar that has stubs for android classes but full implementation for java.* and javax.* packages.

 

I also noticed that class MethodContext which is supposed to model a method in its context, is never instantiated, regardless of what call graph algorithm I use.

What am I missing?

thanks,

-- 

Denis

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160303/2aaf17df/attachment.html

More information about the Soot-list mailing list