<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div class="gmail_default">Thanks for the suggestion, Dacong. So I rephrase it here :</div><div class="gmail_default"><br></div><div class="gmail_default"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px"><b>* Test input:</b></span></div><div class="gmail_default"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">Android app: my_test.apk </span></div><div class="gmail_default"><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px"><b>* Here's the command I executed (the soot configuration is the same with flowDroid):</b></span></div><div class="gmail_default"><font face="arial, helvetica, sans-serif">java -cp $JAVA_CLASSPATH path_to_my_test_class</font><br></div><div class="gmail_default"><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><b><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">* I expect the results of getUnits() to be:</span><br></b></div><div class="gmail_default"><span class="im"><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">r0 := @this: edu.ucsd.mytest.BasicActivity;</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">$r1 := @parameter0: android.os.Bundle;</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void onCreate(android.os.Bundle)>($r1);</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace" color="#ff0000">$r2 = new com.turbomanage.httpclient.BasicHttpClient;<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"> </div></font></div></span><span class="im"><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void <init>()>();</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: com.turbomanage.httpclient.HttpResponse get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("<a href="http://www.google.com/" target="_blank">http://www.google.com</a>", null);</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">return;</font></div></span></div><div class="gmail_default"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px"><br></span></div><div class="gmail_default"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px"><b>* But the results of getUnits() is (lack the statement marked in red): </b></span></div><div class="gmail_default"><span class="im"><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">r0 := @this: edu.ucsd.mytest.BasicActivity;</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">$r1 := @parameter0: android.os.Bundle;</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void onCreate(android.os.Bundle)>($r1);</font></div></span><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:monospace,monospace;font-size:12.8000001907349px">specialinvoke $r2.<com.turbomanage.</span><span style="font-family:monospace,monospace;font-size:12.8000001907349px">httpclient.BasicHttpClient: void <init>()>();</span><br></div><span class="im"><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: com.turbomanage.httpclient.HttpResponse get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("<a href="http://www.google.com/" target="_blank">http://www.google.com</a>", null);</font></div><div style="font-family:arial,sans-serif;font-size:12.8000001907349px"><font face="monospace, monospace">return;</font></div><div><font face="monospace, monospace"><br></font></div></span></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 8, 2015 at 10:26 AM, Dacong Yan <span dir="ltr"><<a href="mailto:tonywinslow1986@gmail.com" target="_blank">tonywinslow1986@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">To help better diagnose the problem, could you rephrase the bug<br>
reproduction description into something like:<br>
* Here's the input (maybe an apk file?)<br>
* Here's the command I executed: java soot.Main -my -flags ...<br>
* I expect the results of getUnits() to be "...", but it actually is "..."<br>
<br>
With concrete input, output and command, everybody can look at the<br>
same thing and discuss.<br>
<div><div class="h5"><br>
On Wed, Apr 8, 2015 at 10:10 AM, Xinxin Jin <<a href="mailto:xinxinjin89@gmail.com">xinxinjin89@gmail.com</a>> wrote:<br>
> Thank you for the explanation ! But the problem still remains ... To make<br>
> it concrete, I put the whole analysis of the problematic method in the<br>
> following:<br>
><br>
> (a). Source code :<br>
> protected void onCreate(Bundle savedInstanceState) {<br>
> super.onCreate(savedInstanceState);<br>
> BasicHttpClient basicClient = new BasicHttpClient();<br>
> HttpResponse response = basicClient.get("<a href="http://www.google.com" target="_blank">http://www.google.com</a>",<br>
> null);<br>
> }<br>
><br>
> (b). Jimple of method onCreate() :<br>
> protected void onCreate(android.os.Bundle)<br>
> {<br>
> edu.ucsd.mytest.BasicActivity $r0;<br>
> android.os.Bundle $r1;<br>
> com.turbomanage.httpclient.BasicHttpClient $r2;<br>
> $r0 := @this: edu.ucsd.mytest.BasicActivity;<br>
> $r1 := @parameter0: android.os.Bundle;<br>
><br>
> specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void<br>
> onCreate(android.os.Bundle)>($r1);<br>
> $r2 = new com.turbomanage.httpclient.BasicHttpClient;<br>
> // Do not appear in getUnits()<br>
> specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void<br>
> <init>()>();<br>
> virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:<br>
> com.turbomanage.httpclient.HttpResponse<br>
> get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("<a href="http://www.google.com" target="_blank">http://www.google.com</a>",<br>
> null);<br>
> return;<br>
> }<br>
><br>
> (c). Output of m.retrieveActiveBody().getUnits():<br>
> $r0 := @this: edu.ucsd.mytest.BasicActivity<br>
> $r1 := @parameter0: android.os.Bundle<br>
> specialinvoke $r0.<android.support.v7.app.ActionBarActivity: void<br>
> onCreate(android.os.Bundle)>($r1)<br>
> specialinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient: void<br>
> <init>()>() //No def on $r2!<br>
> virtualinvoke $r2.<com.turbomanage.httpclient.BasicHttpClient:<br>
> com.turbomanage.httpclient.HttpResponse<br>
> get(java.lang.String,com.turbomanage.httpclient.ParameterMap)>("<a href="http://www.google.com" target="_blank">http://www.google.com</a>",<br>
> null)<br>
> return<br>
><br>
><br>
> So you can see the statement "$r2 = new<br>
> com.turbomanage.httpclient.BasicHttpClient" does not appear in the output of<br>
> getUnits().<br>
> Particularly, the statement marked in blue refers to the local $r2, however,<br>
> there is no def on $r2 in getUnits() !<br>
><br>
> Any suggestion is appreciated !<br>
><br>
><br>
> On Wed, Apr 8, 2015 at 1:00 AM, Steven Arzt <<a href="mailto:Steven.Arzt@cased.de">Steven.Arzt@cased.de</a>> wrote:<br>
>><br>
>> Hi Xinxin,<br>
>><br>
>><br>
>><br>
>> Then I have to agree with Eric that such a behavior is completely<br>
>> impossible: Soot reads in the APK file, and stores the unit in the units<br>
>> collections of the respective SootMethods. This is also the only source from<br>
>> which the units are then written out to Jimples files. If the Jimple files<br>
>> on disk are complete, the unit collections must have been as well. The<br>
>> output writer does not inference any new units.<br>
>><br>
>><br>
>><br>
>> Best regards,<br>
>><br>
>> Steven<br>
>><br>
>><br>
>><br>
>> Von: Xinxin Jin [mailto:<a href="mailto:xinxinjin89@gmail.com">xinxinjin89@gmail.com</a>]<br>
>> Gesendet: Mittwoch, 8. April 2015 09:57<br>
>> An: Steven Arzt<br>
>> Cc: Bodden, Eric; <a href="mailto:soot-list@cs.mcgill.ca">soot-list@cs.mcgill.ca</a><br>
>><br>
>><br>
>> Betreff: Re: [Soot-list] Soot Body.getUnits() does not get ALL units<br>
>><br>
>><br>
>><br>
>> Hi Steven,<br>
>><br>
>><br>
>><br>
>> My code is from an Android app. I use Dexpler to transform the apk to<br>
>> jimple files.<br>
>><br>
>><br>
>><br>
>> Thanks,<br>
>><br>
>><br>
>><br>
>> On Wed, Apr 8, 2015 at 12:54 AM, Steven Arzt <<a href="mailto:Steven.Arzt@cased.de">Steven.Arzt@cased.de</a>> wrote:<br>
>><br>
>> Hi Xinxin,<br>
>><br>
>><br>
>><br>
>> Can you provide a complete test case? From where did you read in your<br>
>> Jimple code? Did you parse jimple files on disk or Java class files, or an<br>
>> Android APK?<br>
>><br>
>><br>
>><br>
>> Best regards,<br>
>><br>
>> Steven<br>
>><br>
>><br>
>><br>
>> Von: <a href="mailto:soot-list-bounces@CS.McGill.CA">soot-list-bounces@CS.McGill.CA</a><br>
>> [mailto:<a href="mailto:soot-list-bounces@CS.McGill.CA">soot-list-bounces@CS.McGill.CA</a>] Im Auftrag von Xinxin Jin<br>
>> Gesendet: Mittwoch, 8. April 2015 09:07<br>
>> An: Bodden, Eric<br>
>> Cc: <a href="mailto:soot-list@cs.mcgill.ca">soot-list@cs.mcgill.ca</a><br>
>> Betreff: Re: [Soot-list] Soot Body.getUnits() does not get ALL units<br>
>><br>
>><br>
>><br>
>> It sounds unreasonable to me too, but that is indeed the problem I<br>
>> encountered ... So I'm just wondering if there are some corner cases not<br>
>> handled by Soot or not ?<br>
>><br>
>><br>
>><br>
>> On Tue, Apr 7, 2015 at 11:40 PM, Bodden, Eric<br>
>> <<a href="mailto:eric.bodden@sit.fraunhofer.de">eric.bodden@sit.fraunhofer.de</a>> wrote:<br>
>><br>
>> Hi Xinxin.<br>
>><br>
>> I am afraid that does not make much sense. By definition, the units of a<br>
>> body are the ones returned by getUnits(). This is a very strong invariant<br>
>> that should never be broken by Soot.<br>
>><br>
>> Cheers,<br>
>> Eric<br>
>><br>
>><br>
>> > On 08.04.2015, at 08:02, Xinxin Jin <<a href="mailto:xinxinjin89@gmail.com">xinxinjin89@gmail.com</a>> wrote:<br>
>> ><br>
>> > Hi there,<br>
>> ><br>
>> > I got a weird problem: Sometimes Body.getUnits() does not list all the<br>
>> > units of a method. The following is one example:<br>
>> ><br>
>> > Simplified code snippet:<br>
>> ><br>
>> > void foo() {<br>
>> > ...<br>
>> > BasicHttpClient basicClient = new BasicHttpClient();<br>
>> > ...<br>
>> > }<br>
>> ><br>
>> > And in the Jimple file, there are two statements related with "new<br>
>> > BasicHttpClient()" :<br>
>> ><br>
>> > $r5 = new com.turbomanage.httpclient.BasicHttpClient;<br>
>> > specialinvoke $r5.<com.turbomanage.httpclient.BasicHttpClient: void<br>
>> > <init>()>();<br>
>> ><br>
>> > However, when I use retriveActiveBody().getUnits() to print out all the<br>
>> > units of foo(), I can only see one statement:<br>
>> > specialinvoke $r5.<com.turbomanage.httpclient.BasicHttpClient: void<br>
>> > <init>()>()<br>
>> ><br>
>> > I don't know why getUnits() cannot obtain "$r5 = new<br>
>> > com.turbomanage.httpclient.BasicHttpClient" ?<br>
>> > What kind of units are ignored by Soot ?<br>
>> ><br>
>> > Thanks a lot for any advices !<br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > Xinxin<br>
>><br>
>> > _______________________________________________<br>
>> > Soot-list mailing list<br>
>> > <a href="mailto:Soot-list@CS.McGill.CA">Soot-list@CS.McGill.CA</a><br>
>> > <a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" target="_blank">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br>
>><br>
>> --<br>
>> Prof. Eric Bodden, Ph.D., <a href="http://sse.ec-spride.de/" target="_blank">http://sse.ec-spride.de/</a> <a href="http://bodden.de/" target="_blank">http://bodden.de/</a><br>
>> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC<br>
>> SPRIDE<br>
>> Tel: <a href="tel:%2B49%206151%2016-75422" value="+4961511675422">+49 6151 16-75422</a> Fax: <a href="tel:%2B49%206151%20869-127" value="+496151869127">+49 6151 869-127</a><br>
>> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> --<br>
>><br>
>> Xinxin<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> --<br>
>><br>
>> Xinxin<br>
><br>
><br>
><br>
><br>
> --<br>
> Xinxin<br>
><br>
> _______________________________________________<br>
> Soot-list mailing list<br>
> <a href="mailto:Soot-list@CS.McGill.CA">Soot-list@CS.McGill.CA</a><br>
> <a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" target="_blank">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br>
><br>
<br>
<br>
<br>
--<br>
</div></div>Dacong (Tony) Yan | Software Engineer | Google Inc.<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><font face="arial, helvetica, sans-serif">Xinxin</font></div>
</div>