<div dir="ltr"><div><div>Hi Steven,<br></div>    To make sure the flag works, I directly use the test case soot.jimple.infoflow.test.securibench.AliasingTests.java aliasing5()<br></div>    and I add the call <span style="color:rgb(255,0,0)"><b>infoflow.setPathAgnosticResults(false);</b></span><br>    @Test<br>    public void aliasing5() {<br>        List&lt;String&gt; epoints = new ArrayList&lt;String&gt;();<br>        epoints.add(&quot;&lt;securibench.micro.aliasing.Aliasing5: void             doGet(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)&gt;&quot;);   <br>        Infoflow infoflow = initInfoflow(epoints);<br>       <span style="color:rgb(255,0,0)"><b> infoflow.setPathAgnosticResults(false);</b></span><br>        infoflow.computeInfoflow(abppPath, libPath, entryPointCreator, sources, sinks);<br>        checkInfoflow(infoflow, 1);<br>    } <br><div>   <br></div><div>   And I change the corresponding test code, the red line is what I add:<br><br>   protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {<br>           StringBuffer buf = new StringBuffer(&quot;abc&quot;); <br>           foo(buf, buf, resp, req);<br>          <span style="color:rgb(255,0,0)"><b> foo(buf, buf, resp, req);</b></span><br>    }<br><br></div><div>    Finally, I got the following result:<br>    <br>   Using following locations as sources for classes: /home/rainkin/Desktop/soot-infoflow-develop/bin:/home/rainkin/Desktop/soot-infoflow-develop/build/classes/home/rainkin/Desktop/soot-infoflow-develop/build/testclasses, /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/rt.jar:/home/rainkin/Desktop/soot-infoflow-develop/lib/j2ee.jar:/home/rainkin/Desktop/soot-infoflow-develop/lib/cos.jar<br>SLF4J: Class path contains multiple SLF4J bindings.<br>SLF4J: Found binding in [jar:file:/home/rainkin/Desktop/soot-infoflow-develop/lib/slf4j-simple-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]<br>SLF4J: Found binding in [jar:file:/home/rainkin/Downloads/heros-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class]<br>SLF4J: Found binding in [jar:file:/home/rainkin/Downloads/soot-trunk.jar!/org/slf4j/impl/StaticLoggerBinder.class]<br>SLF4J: See <a href="http://www.slf4j.org/codes.html#multiple_bindings">http://www.slf4j.org/codes.html#multiple_bindings</a> for an explanation.<br>SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]<br>[main] INFO soot.jimple.infoflow.Infoflow - Resetting Soot...<br>Warning: javax.crypto.SecretKey is a phantom class!<br>[main] INFO soot.jimple.infoflow.Infoflow - Basic class loading done.<br>[Call Graph] For information on where the call graph may be incomplete, use the verbose option to the cg phase.<br>[Spark] Pointer Assignment Graph in 1.7 seconds.<br>[Spark] Type masks in 0.1 seconds.<br>[Spark] Pointer Graph simplified in 0.0 seconds.<br>[Spark] Propagation in 9.0 seconds.<br>[Spark] Solution found in 9.0 seconds.<br>[main] INFO soot.jimple.infoflow.util.InterproceduralConstantValuePropagator - Removing side-effect free methods is disabled<br>[main] INFO soot.jimple.infoflow.Infoflow - Dead code elimination took 0.479650968 seconds<br>[main] INFO soot.jimple.infoflow.Infoflow - Callgraph has 10477 edges<br>[main] INFO soot.jimple.infoflow.Infoflow - Implicit flow tracking is NOT enabled<br>[main] INFO soot.jimple.infoflow.Infoflow - Running with a maximum access path length of 5<br><span style="color:rgb(255,0,0)"><b>[main] INFO soot.jimple.infoflow.Infoflow - Using path-sensitive result collection</b></span><br>[main] INFO soot.jimple.infoflow.Infoflow - Recursive access path shortening is enabled<br>[main] INFO soot.jimple.infoflow.Infoflow - Looking for sources and sinks...<br>[main] INFO soot.jimple.infoflow.Infoflow - Source lookup done, found 1 sources and 1 sinks.<br>[main] INFO soot.jimple.infoflow.Infoflow - IFDS problem with 2270 forward and 430 backward edges solved, processing 1 results...<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Context-sensitive path reconstructor started<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Obtainted 1 connections between sources and sinks<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Building path 1<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Path processing took 0.020252891 seconds in total<br>[main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke r6.&lt;java.io.PrintWriter: void println(java.lang.String)&gt;($r8) in method &lt;securibench.micro.aliasing.Aliasing5: void foo(java.lang.StringBuffer,java.lang.StringBuffer,javax.servlet.ServletResponse,javax.servlet.ServletRequest)&gt; was called with values from the following sources:<br>[main] INFO soot.jimple.infoflow.Infoflow - - r5 = interfaceinvoke r4.&lt;javax.servlet.ServletRequest: java.lang.String getParameter(java.lang.String)&gt;(&quot;name&quot;) in method &lt;securibench.micro.aliasing.Aliasing5: void foo(java.lang.StringBuffer,java.lang.StringBuffer,javax.servlet.ServletResponse,javax.servlet.ServletRequest)&gt;<br>[main] INFO soot.jimple.infoflow.Infoflow -     on Path: <br>[main] INFO soot.jimple.infoflow.Infoflow -      -&gt; &lt;securibench.micro.aliasing.Aliasing5: void foo(java.lang.StringBuffer,java.lang.StringBuffer,javax.servlet.ServletResponse,javax.servlet.ServletRequest)&gt;<br>[main] INFO soot.jimple.infoflow.Infoflow -          -&gt; virtualinvoke r6.&lt;java.io.PrintWriter: void println(java.lang.String)&gt;($r8)<br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-06 0:27 GMT+08:00 Steven Arzt <span dir="ltr">&lt;<a href="mailto:Steven.Arzt@cased.de" target="_blank">Steven.Arzt@cased.de</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="DE"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">Are you sure that you set this flag before you start the actual data flow analysis?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">Von:</span></b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> <a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a> [mailto:<a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>???<br><b>Gesendet:</b> Dienstag, 5. Mai 2015 18:26<br><b>An:</b> Steven Arzt<br><b>Cc:</b> <a href="mailto:soot-list@CS.McGill.CA" target="_blank">soot-list@CS.McGill.CA</a></span></p><div><div class="h5"><br><b>Betreff:</b> Re: [Soot-list] How to get context-sensitive result of flowdroid<u></u><u></u></div></div><p></p><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Hi Steven,<u></u><u></u></p><div><p class="MsoNormal">    I try to call infoflow.setPathAgnosticResults(false), but it still only shows one path.<u></u><u></u></p></div><div><p class="MsoNormal">    I don&#39;t know why it happened?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Rainkin<u></u><u></u></p></div></div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">2015-04-22 17:57 GMT+08:00 Steven Arzt &lt;<a href="mailto:Steven.Arzt@cased.de" target="_blank">Steven.Arzt@cased.de</a>&gt;:<u></u><u></u></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">Hi Raikin,</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">The Infoflow class supports the setPathAgnosticResults() method. The default is “true” which means that paths which have same source and sink are merged into one. If you set it to “false”, you will get the two different paths. However, beware: In general, the number of propagation paths is exponential in the number of branching statements on the way. You can quickly end up with an infeasible number of paths and that’s why the default merges all these paths.</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">Best regards,</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">  Steven</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;" lang="EN-US">Von:</span></b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;" lang="EN-US"> </span><span style="font-size:10.0pt;font-family:&quot;PMingLiU&quot;,&quot;serif&quot;">润青杨</span><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;" lang="EN-US"> [mailto:<a href="mailto:rainkin1993@gmail.com" target="_blank">rainkin1993@gmail.com</a>] <br><b>Gesendet:</b> Mittwoch, </span><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">22. April 2015 11:26<br><b>An:</b> Steven Arzt<br><b>Cc:</b> <a href="mailto:soot-list@cs.mcgill.ca" target="_blank">soot-list@cs.mcgill.ca</a><br><b>Betreff:</b> Re: [Soot-list] How to get context-sensitive result of flowdroid</span><u></u><u></u></p><div><div><p class="MsoNormal"> <u></u><u></u></p><div><div><div><div><div><p class="MsoNormal">HI Steven,<u></u><u></u></p></div><p class="MsoNormal">    Two different propagation paths are what I want. But the result only have 1 path;<u></u><u></u></p></div><p class="MsoNormal" style="margin-bottom:12.0pt">    Can you tell me how to get it?<u></u><u></u></p></div><p class="MsoNormal">Thanks,<u></u><u></u></p></div><p class="MsoNormal">Rainkin<u></u><u></u></p><div><div><p class="MsoNormal"> <u></u><u></u></p></div></div></div><div><p class="MsoNormal"> <u></u><u></u></p><div><p class="MsoNormal">2015-04-22 17:00 GMT+08:00 Steven Arzt &lt;<a href="mailto:Steven.Arzt@cased.de" target="_blank">Steven.Arzt@cased.de</a>&gt;:<u></u><u></u></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">Hi Rainkin,</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">I do not understand your question. In this code example, there is only a single context. The method “foo” is always called with a tainted element which originated from sourceOne(10). In terms of contexts, the two source-to-sink connections are equal. Moreover, there is only one call to “System.out.println()” in the code, so I’m not sure how you want to get two different statements out of that.</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">The only thing you could do is to obtain two different propagation paths to record that one flow was propagated over the first call to “foo” and the other one over the second call. I’m not sure what the use case for that should be, though.</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">Best regards,</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US">  Steven</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d" lang="EN-US"> </span><u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">Von:</span></b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> <a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a> [mailto:<a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>???<br><b>Gesendet:</b> Mittwoch, 22. April 2015 10:50<br><b>An:</b> <a href="mailto:soot-list@CS.McGill.CA" target="_blank">soot-list@CS.McGill.CA</a><br><b>Betreff:</b> [Soot-list] How to get context-sensitive result of flowdroid</span><u></u><u></u></p><div><div><p class="MsoNormal"> <u></u><u></u></p><div><div><div><div><p class="MsoNormal">Hi guys,<u></u><u></u></p></div><p class="MsoNormal">    this is a example:<u></u><u></u></p><p class="MsoNormal">    public void test(){<br>        String sourceOne = sourceOne(10); // source<br>        foo(sourceOne);<br>        foo(sourceOne);<br>    }<br><br>    public String sourceOne(int number){<br>        return number&gt;0 ? &quot;positive&quot; : &quot;negative&quot;;<br>    }<br>    <br>    public void foo(String s){<br>        System.out.println(s); // sink<br>    }<u></u><u></u></p><p class="MsoNormal">  <u></u><u></u></p></div><p class="MsoNormal" style="margin-bottom:12.0pt">  the method sourceOne is a source and System.out.println() is a sink.<u></u><u></u></p></div><p class="MsoNormal">  After analysis, I get the following result:<u></u><u></u></p><p class="MsoNormal">[main] INFO soot.jimple.infoflow.Infoflow - Source lookup done, found 1 sources and 1 sinks.<br>[main] INFO soot.jimple.infoflow.Infoflow - IFDS problem with 14 forward and 0 backward edges solved, processing 1 results...<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Context-sensitive path reconstructor started<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Obtainted 1 connections between sources and sinks<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Building path 1<br>[main] INFO soot.jimple.infoflow.data.pathBuilders.ContextSensitivePathBuilder - Path processing took 0.008987293 seconds in total<br>[main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke $r2.&lt;java.io.PrintStream: void println(java.lang.String)&gt;(r1) in method &lt;TestCode: void foo(java.lang.String)&gt; was called with values from the following sources:<br>[main] INFO soot.jimple.infoflow.Infoflow - - r1 = virtualinvoke r0.&lt;TestCode: java.lang.String sourceOne(int)&gt;(10) in method &lt;TestCode: void test()&gt;<br>[main] INFO soot.jimple.infoflow.Infoflow -     on Path: <br>[main] INFO soot.jimple.infoflow.Infoflow -      -&gt; &lt;TestCode: void foo(java.lang.String)&gt;<br>[main] INFO soot.jimple.infoflow.Infoflow -          -&gt; virtualinvoke $r2.&lt;java.io.PrintStream: void println(java.lang.String)&gt;(r1)<u></u><u></u></p><div><p class="MsoNormal"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"> I want to know how to get a context-sensitive result, in which  sourceOne() will point to 2 different system.out.println()<u></u><u></u></p></div><div><p class="MsoNormal">Thx,<u></u><u></u></p></div><div><p class="MsoNormal">Rainkin<u></u><u></u></p></div></div></div></div></div></div></div><p class="MsoNormal"> <u></u><u></u></p></div></div></div></div></div></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div></blockquote></div><br></div>