<div dir="ltr"><div dir="ltr" style="font-size:13.3333339691162px"><div>Hi Peter,</div> My suspicion is that the callgraph is correct here. You never add anything the the objects ArrayList, so whenever you try to read a BaseTweet object out of the list, the analysis (correctly) concludes that only null could be returned. If you call a method on null (like isFinished), the call graph (correctly) concludes that this would result in an NPE and thus does not add the edge. If you want to see these edges in the callgraph, extend your code to add something to the objects ArrayList:<div><div><br></div><div>objects.add(new BaseTweet())</div><div><br></div><div>When debugging your static analysis results, it's often helpful to concretely execute your target program and be sure that it behaves as you expect!</div><div><br></div><div>- Sam</div></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 9, 2015 at 12:40 PM, Peter Kim <span dir="ltr"><<a href="mailto:chpkim@gmail.com" target="_blank">chpkim@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Steven,<div><br></div><div>Here is a complete minimal example as an Eclipse project (just import into your workspace): <a href="https://drive.google.com/file/d/0B9KLXcAovVUHa0FuN3gzRGJETmc/view" target="_blank">https://drive.google.com/file/d/0B9KLXcAovVUHa0FuN3gzRGJETmc/view</a></div><div><br></div><div>I retrieve the CFG of this app at Infoflow.runAnalysis(final ISourceSinkManager sourcesSinks, final Set<String> additionalSeeds), calling "CallGraph cg = Scene.v().getCallGraph();" right before "iCfg = icfgFactory.buildBiDirICFG(callgraphAlgorithm);". I use cg, not iCfg.</div><div><br></div><div>The edges out of com.example.toyandroid.ChpkimMainActivity.chpkimUpdate() I get are:</div><div><br></div><div><div><java.util.ArrayList: int size()></div><div><java.util.ArrayList: java.lang.Object get(int)></div><div><java.util.ArrayList: java.lang.Object remove(int)><br></div><div><br></div><div>But they should be:</div><div><div><br></div><div><java.util.ArrayList: int size()></div><div><java.util.ArrayList: java.lang.Object get(int)></div><div><java.util.ArrayList: java.lang.Object remove(int)><br></div></div><div><com.example.toyandroid.BaseTweet: boolean isFinished()></div><div><com.example.toyandroid.BaseTweet: void free()><br></div><div><com.example.toyandroid.BaseTweet: void update(float)><br></div><div><br></div><div>Thanks for your help.</div><div><br></div></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 9, 2015 at 8:40 AM, Steven Arzt <span dir="ltr"><<a href="mailto:Steven.Arzt@cased.de" target="_blank">Steven.Arzt@cased.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="DE" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi Peter,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Can you please send me a more complete minimal example with which I can reproduce the issue?<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Best regards,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> Steven<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a> [mailto:<a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>Peter Kim<br><b>Gesendet:</b> Sonntag, 8. Februar 2015 19:05<br><b>An:</b> Steven Arzt<br><b>Cc:</b> <a href="mailto:soot-list@cs.mcgill.ca" target="_blank">soot-list@cs.mcgill.ca</a><br><b>Betreff:</b> Re: [Soot-list] Missing call graph edges<u></u><u></u></span></p><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">eliminateDeadCode() is *not* being called and I'm still running into the problem. Thanks in advance for your help.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">On Sun, Feb 8, 2015 at 5:37 PM, Peter Kim <<a href="mailto:chpkim@gmail.com" target="_blank">chpkim@gmail.com</a>> wrote:<u></u><u></u></p><div><p class="MsoNormal">Hi Steven,<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I'm still running into the same problem after pulling from Github.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div></div><div><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">On Fri, Feb 6, 2015 at 9:24 AM, Steven Arzt <<a href="mailto:Steven.Arzt@cased.de" target="_blank">Steven.Arzt@cased.de</a>> wrote:<u></u><u></u></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi Peter,</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">that might have to do with an optimization I added recently. In short, FlowDroid removes these callgraph edges for which it can easily decide that having them does not influence the outcome of the taint analysis. I can however fully understand that this might lead to surprising results if you are using the FlowDroid components for other analyses, so I decided to make this optimization optional and turn it off by default.</span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The new code is on Github and a new nightly build will be available tomorrow.</span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Best regards,</span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> Steven</span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:13.5pt;font-family:"Courier New";color:black">M.Sc. M.Sc. Steven Arzt</span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";color:black">Secure Software Engineering Group (SSE)</span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";color:black">European Center for Security and Privacy by Design (EC SPRIDE) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Rheinstraße 75</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">D-64293 Darmstadt</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Phone: +49 61 51 869-336</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Fax: <a href="tel:%2B49%2061%2051%2016-72118" target="_blank">+49 61 51 16-72118</a></span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";color:black">eMail: </span><span style="font-size:10.0pt;font-family:"Courier New";color:black"><a href="mailto:steven.arzt@ec-spride.de" target="_blank"><span lang="EN-US">steven.arzt@ec-spride.de</span></a></span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Web: <a href="http://sse.ec-spride.de/" target="_blank">http://sse.ec-spride.de</a></span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a> [mailto:<a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>Peter Kim<br><b>Gesendet:</b> Freitag, 6. Februar 2015 00:05<br><b>An:</b> <a href="mailto:soot-list@cs.mcgill.ca" target="_blank">soot-list@cs.mcgill.ca</a><br><b>Betreff:</b> [Soot-list] Missing call graph edges</span><u></u><u></u></p><div><div><p class="MsoNormal"> <u></u><u></u></p><div><p class="MsoNormal">Hi,<u></u><u></u></p><div><p class="MsoNormal"> <u></u><u></u></p></div><div><p class="MsoNormal">I'm extending FlowDroid to construct an Android app's call graph. More specifically, I get the call graph by modifying Infoflow.runAnalysis(final ISourceSinkManager sourcesSinks, final Set<String> additionalSeeds) to call Scene.v().getCallGraph(). The call graph is missing edges in an odd way - for a function, the graph has some outgoing edges but is missing ones that should be there. Namely, given the following function (shown in Java rather than jimple for readability), the called methods should be "get()", "isFinished()", "remove()", "free()", "size()", "update()", but I'm only getting "get()", "size()", and "remove()". I don't understand why "remove()" is included but "free()" is not since they are in the same basic block. I'm using soot.jimple.toolkits.callgraph.TransitiveTargets to analyze the call graph.<u></u><u></u></p></div><div><p class="MsoNormal"> <u></u><u></u></p></div><div><div><p class="MsoNormal">public void update(float x) {<u></u><u></u></p></div><div><p class="MsoNormal"> for (...size()..) {<u></u><u></u></p></div><div><p class="MsoNormal"> get();<u></u><u></u></p></div><div><p class="MsoNormal"> if (isFinished()) {<u></u><u></u></p></div><div><p class="MsoNormal"> remove();<u></u><u></u></p></div><div><p class="MsoNormal"> free();<u></u><u></u></p></div><div><p class="MsoNormal"> }<u></u><u></u></p></div><div><p class="MsoNormal"> }<u></u><u></u></p></div><div><p class="MsoNormal"> <u></u><u></u></p></div><div><p class="MsoNormal"> if (y) {<u></u><u></u></p></div><div><p class="MsoNormal"> if (x) {<u></u><u></u></p></div><div><p class="MsoNormal"> for (... size()...) get().update(x);<u></u><u></u></p></div><div><p class="MsoNormal"> } else {<u></u><u></u></p></div><div><p class="MsoNormal"> for (...size()...) get().update(x);<u></u><u></u></p></div><div><p class="MsoNormal"> }<u></u><u></u></p></div><div><p class="MsoNormal"> }<u></u><u></u></p></div><div><p class="MsoNormal">}<u></u><u></u></p></div></div><div><p class="MsoNormal"> <u></u><u></u></p></div><div><p class="MsoNormal">Thank you for your help.<u></u><u></u></p></div><div><p class="MsoNormal"> <u></u><u></u></p></div></div></div></div></div></div></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Soot-list mailing list<br>
<a href="mailto:Soot-list@CS.McGill.CA">Soot-list@CS.McGill.CA</a><br>
<a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" target="_blank">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br>
<br></blockquote></div><br></div>