<html><body><div style="color:#000; background-color:#fff; font-family:Courier New, courier, monaco, monospace, sans-serif;font-size:13px"><div id="yiv1782236941"><div id="yui_3_16_0_1_1436416321149_43279"><div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" id="yui_3_16_0_1_1436416321149_43278"><div id="yiv1782236941yui_3_16_0_1_1436416321149_36818"><span id="yiv1782236941yui_3_16_0_1_1436416321149_37174"><font id="yui_3_16_0_1_1436416321149_49088" size="2">Dear Steven,</font></span></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_36818"><span><font size="2"><br clear="none"></font></span></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_36818"><span id="yui_3_16_0_1_1436416321149_47585"><font size="2">Thanks for your reply.</font></span></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_36818"><span><font size="2"><br></font></span></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_36818" dir="ltr"><font size="2"><span id="yiv1782236941yui_3_16_0_1_1436416321149_37175">Since the application that I want to analyze has</span><span class="" id="yui_3_16_0_1_1436416321149_43303"> </span><span class="" id="yui_3_16_0_1_1436416321149_43791">AsyncTasks, I have customized the entry points. I did not use </span><span class="" id="yui_3_16_0_1_1436416321149_45213">FlowDroid. So, I wanted to know without using </span><span class="" id="yui_3_16_0_1_1436416321149_47583">FlowDroid, dose </span><span class="" id="yui_3_16_0_1_1436416321149_46676">"JimpleBasedInterproceduralCFG"</span><span class="" id="yui_3_16_0_1_1436416321149_47121"> consider any order between methods to construct the CFG?</span></font></div><div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_37182"><font size="2"> </font></div><div class="yiv1782236941signature" id="yiv1782236941yui_3_16_0_1_1436416321149_37176"><div class="yiv1782236941" id="yiv1782236941yui_3_16_0_1_1426188032239_18320" style="background-color: rgb(255, 255, 255);"><div class="yiv1782236941" id="yiv1782236941yui_3_16_0_1_1426188032239_71660" style="margin: 0in 0in 0.0001pt;"><span id="yui_3_16_0_1_1436416321149_48932"><font size="2">Marjan,</font></span></div><div class="yiv1782236941" id="yiv1782236941yui_3_16_0_1_1426188032239_71660" style="margin: 0in 0in 0.0001pt;"><span id="yui_3_16_0_1_1436416321149_48483"><font size="2">Best Regards</font></span></div></div></div> <font size="2"><br clear="none"></font><div class="yiv1782236941qtdSeparateBR" id="yui_3_16_0_1_1436416321149_45223" style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"><br clear="none"><br clear="none"></div><div class="yiv1782236941yqt2174584755" id="yiv1782236941yqt14996" style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"></div></div></div></div><div class=".yiv1782236941yahoo_quoted" id="yui_3_16_0_1_1436416321149_45410"> <div style="font-family:Courier New, courier, monaco, monospace, sans-serif;font-size:13px;" id="yui_3_16_0_1_1436416321149_45409"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;" id="yui_3_16_0_1_1436416321149_45408"> <div dir="ltr" id="yui_3_16_0_1_1436416321149_45407"> <font size="2" face="Arial" id="yui_3_16_0_1_1436416321149_45406"> On Thursday, July 9, 2015 2:56 AM, Steven Arzt <Steven.Arzt@cased.de> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> <div class="yiv1782236941y_msg_container" id="yui_3_16_0_1_1436416321149_45646"><div id="yiv1782236941"><style>#yiv1782236941 --
filtered {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;}
#yiv1782236941 filtered {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;}
#yiv1782236941 filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
#yiv1782236941 filtered {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
#yiv1782236941
p.yiv1782236941MsoNormal, #yiv1782236941 li.yiv1782236941MsoNormal, #yiv1782236941 div.yiv1782236941MsoNormal
{margin:0cm;margin-bottom:.0001pt;font-size:12.0pt;}
#yiv1782236941 a:link, #yiv1782236941 span.yiv1782236941MsoHyperlink
{color:blue;text-decoration:underline;}
#yiv1782236941 a:visited, #yiv1782236941 span.yiv1782236941MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
#yiv1782236941 p.yiv1782236941MsoAcetate, #yiv1782236941 li.yiv1782236941MsoAcetate, #yiv1782236941 div.yiv1782236941MsoAcetate
{margin:0cm;margin-bottom:.0001pt;font-size:8.0pt;}
#yiv1782236941 p.yiv1782236941msonormal, #yiv1782236941 li.yiv1782236941msonormal, #yiv1782236941 div.yiv1782236941msonormal
{margin-right:0cm;margin-left:0cm;font-size:12.0pt;}
#yiv1782236941 p.yiv1782236941msochpdefault, #yiv1782236941 li.yiv1782236941msochpdefault, #yiv1782236941 div.yiv1782236941msochpdefault
{margin-right:0cm;margin-left:0cm;font-size:12.0pt;}
#yiv1782236941 span.yiv1782236941msohyperlink
{}
#yiv1782236941 span.yiv1782236941msohyperlinkfollowed
{}
#yiv1782236941 span.yiv1782236941e-mailformatvorlage17
{}
#yiv1782236941 p.yiv1782236941msonormal1, #yiv1782236941 li.yiv1782236941msonormal1, #yiv1782236941 div.yiv1782236941msonormal1
{margin:0cm;margin-bottom:.0001pt;font-size:12.0pt;}
#yiv1782236941 span.yiv1782236941msohyperlink1
{color:blue;text-decoration:underline;}
#yiv1782236941 span.yiv1782236941msohyperlinkfollowed1
{color:purple;text-decoration:underline;}
#yiv1782236941 span.yiv1782236941e-mailformatvorlage171
{color:#1F497D;}
#yiv1782236941 p.yiv1782236941msochpdefault1, #yiv1782236941 li.yiv1782236941msochpdefault1, #yiv1782236941 div.yiv1782236941msochpdefault1
{margin-right:0cm;margin-left:0cm;font-size:10.0pt;}
#yiv1782236941 span.yiv1782236941E-MailFormatvorlage27
{color:#1F497D;}
#yiv1782236941 span.yiv1782236941SprechblasentextZchn
{}
#yiv1782236941 .yiv1782236941MsoChpDefault
{font-size:10.0pt;}
#yiv1782236941 filtered {margin:70.85pt 70.85pt 2.0cm 70.85pt;}
#yiv1782236941 div.yiv1782236941WordSection1
{}
#yiv1782236941 </style><div id="yui_3_16_0_1_1436416321149_45645"><div class="yiv1782236941WordSection1" id="yui_3_16_0_1_1436416321149_45644"><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_46223"><span style="font-size:11.0pt;" id="yui_3_16_0_1_1436416321149_48480">Hi Marjan,</span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_46179"><span style="font-size:11.0pt;"> </span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_45643"><span lang="EN-US" style="font-size:11.0pt;" id="yui_3_16_0_1_1436416321149_45642">I think we first have to sort out what you actually need. For an Android app, tools like FlowDroid first construct a dummy main method which simulates the Android lifecycle. This method, for instance, first calls onCreate() on an activity and then onResume(), because this is what the Android OS would do if the app was run on an emulator or a real device. Therefore, it’s correct for the analysis to first run through onCreate() and then through onResume().</span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_45696"><span lang="EN-US" style="font-size:11.0pt;"> </span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_45699"><span lang="EN-US" style="font-size:11.0pt;" id="yui_3_16_0_1_1436416321149_45698">The concept of an “enty point” doesn’t really exist in Android; there is none. Instead, apps are much more tightly coupled with the OS. You might even consider an Android app to be a plugin to the OS. The app derives classes from OS classes and overrides methods which are then called by the OS at runtime. Since most program analysis frameworks, however, depend on an entry point such as the classical main() method, we fake one that emulates this plugin model.</span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_47578"><span lang="EN-US" style="font-size:11.0pt;"> </span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_46176"><span lang="EN-US" style="font-size:11.0pt;">Best regards,</span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_46221"><span lang="EN-US" style="font-size:11.0pt;"> Steven</span></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_46174"><span lang="EN-US" style="font-size:11.0pt;"> </span></div><div class="yiv1782236941yqt8013130992" id="yiv1782236941yqt50409"><div id="yui_3_16_0_1_1436416321149_46172"><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm;" id="yui_3_16_0_1_1436416321149_46171"><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_46170"><b><span style="font-size:10.0pt;">Von:</span></b><span style="font-size:10.0pt;"> soot-list-bounces@CS.McGill.CA [mailto:soot-list-bounces@CS.McGill.CA] <b>Im Auftrag von </b>Marjan Radi<br clear="none"><b>Gesendet:</b> Donnerstag, 9. Juli 2015 06:55<br clear="none"><b>An:</b> Steven Arzt; 'Soot List'<br clear="none"><b>Betreff:</b> Re: [Soot-list] application Control Flow Graph</span></div></div></div><div class="yiv1782236941MsoNormal" id="yui_3_16_0_1_1436416321149_45701"> </div><div id="yui_3_16_0_1_1436416321149_45705"><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46219"><span style="font-size:10.0pt;">Dear Steven,</span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;"> </span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;">Thank you for your reply. I have two questions:</span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_47569"><span style="font-size:10.0pt;"> </span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46168"><span style="font-size:10.0pt;" id="yui_3_16_0_1_1436416321149_46167">1- I have tried to use "JimpleBasedInterproceduralCFG", but it is not clear to me how can I use its methods, how can I use it to construct the application CFG and how to iterate through this graph. I looked at <a rel="nofollow" shape="rect" id="yiv1782236941yui_3_16_0_1_1436416321149_21661" target="_blank" href="https://github.com/Sable/soot/tree/develop/src/soot/jimple/toolkits/ide/exampleproblems"><span style="border:none windowtext 1.0pt;padding:0cm;text-decoration:none;">https://github.com/Sable/soot/tree/develop/src/soot/jimple/toolkits/ide/exampleproblems</span></a>, but it could not help me. Is there any example that uses this class which I can look at to do my implementation?</span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_47571"><span style="font-size:10.0pt;"> </span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_45704"><span style="font-size:10.0pt;" id="yui_3_16_0_1_1436416321149_45703">2- I want to construct the android applications' CFG and they have multiple entry points. I think "JimpleBasedInterproceduralCFG" combines the blocks of program entry points randomly and it dose not consider any specific order for the blocks of different methods in the program entry points. Am I correct? or is there any way that we can force "JimpleBasedInterproceduralCFG" to consider a specific order on the sequence of its blocks (based on the program entry points)? For example, it first considers the blocks of onCreate() method and it is followed by the blocks of onResume() method (</span><span style="" id="yui_3_16_0_1_1436416321149_46216">onCreate() and onResume() are both program entry points).</span><span style="font-size:10.0pt;"></span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_47576"><span style="font-size:10.0pt;"> </span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_47573"><span style="font-size:10.0pt;">Best Regards,</span></div></div><div id="yiv1782236941yui_3_16_0_1_1436416321149_19920"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_45708"><span style="font-size:10.0pt;">Marjan</span></div></div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;"> </span></div><div><div class="yiv1782236941MsoNormal" style="margin-bottom:12.0pt;background:white;"><span style="font-size:10.0pt;"> </span></div></div><div id="yui_3_16_0_1_1436416321149_46190"><div id="yui_3_16_0_1_1436416321149_46189"><div id="yui_3_16_0_1_1436416321149_46188"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;">On Wednesday, July 8, 2015 4:10 AM, Steven Arzt <<a rel="nofollow" shape="rect" ymailto="mailto:Steven.Arzt@cased.de" target="_blank" href="mailto:Steven.Arzt@cased.de">Steven.Arzt@cased.de</a>> wrote:</span><span style=""></span></div></div><div class="yiv1782236941MsoNormal" style="margin-bottom:12.0pt;background:white;"><span style=""> </span></div><div id="yui_3_16_0_1_1436416321149_46187"><div id="yiv1782236941"><div id="yui_3_16_0_1_1436416321149_46186"><div id="yui_3_16_0_1_1436416321149_46185"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:11.0pt;">Hi Marjan,</span><span style=""></span></div></div><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:11.0pt;"> </span><span style=""></span></div></div><div id="yui_3_16_0_1_1436416321149_46202"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46201"><span lang="EN-US" style="font-size:11.0pt;" id="yui_3_16_0_1_1436416321149_46210">There is a class called JimpleBasedInterproceduralCFG that combines the intra-procedural control flow graph with a callgraph. This class is used inside the IFDS implementation to propagate data flow facts through the whole program. You can essentially navigate through the graph using getSuccsOf(). If you arrive at a call site, you can dispatch your analysis into the callees returned by getCalleesOfCallAt().</span><span style=""></span></div></div><div id="yui_3_16_0_1_1436416321149_46205"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46204"><span lang="EN-US" style="font-size:11.0pt;"> </span><span style=""></span></div></div><div><div class="yiv1782236941MsoNormal" style="background:white;"><span lang="EN-US" style="font-size:11.0pt;">Best regards,</span><span style=""></span></div></div><div id="yui_3_16_0_1_1436416321149_46208"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46207"><span lang="EN-US" style="font-size:11.0pt;"> Steven</span><span style=""></span></div></div><div id="yui_3_16_0_1_1436416321149_46184"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46183"><span lang="EN-US" style="font-size:11.0pt;"> </span><span style=""></span></div></div><div id="yui_3_16_0_1_1436416321149_46199"><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm;" id="yui_3_16_0_1_1436416321149_46198"><div id="yui_3_16_0_1_1436416321149_46197"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46196"><b><span style="font-size:10.0pt;">Von:</span></b><span style="font-size:10.0pt;"> <a rel="nofollow" shape="rect" ymailto="mailto:soot-list-bounces@CS.McGill.CA" target="_blank" href="mailto:soot-list-bounces@CS.McGill.CA">soot-list-bounces@CS.McGill.CA</a> [<a rel="nofollow" shape="rect" ymailto="mailto:soot-list-bounces@CS.McGill.CA" target="_blank" href="mailto:soot-list-bounces@CS.McGill.CA">mailto:soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>Marjan Radi<br clear="none"><b>Gesendet:</b> Sonntag, 5. Juli 2015 21:31<br clear="none"><b>An:</b> Soot List<br clear="none"><b>Betreff:</b> [Soot-list] application Control Flow Graph</span><span style=""></span></div></div></div></div><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style=""> </span></div></div><div id="yui_3_16_0_1_1436416321149_46194"><div id="yiv1782236941yui_3_16_0_1_1435795709338_29196"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;">Hi,</span><span style=""></span></div></div></div><div id="yiv1782236941yui_3_16_0_1_1435795709338_29196"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;"> </span><span style=""></span></div></div></div><div id="yiv1782236941yui_3_16_0_1_1435795709338_29196"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;">I am using soot for analyzing android programs. I wanted to identify all the methods which have called between every two program point, and each program point is the beginning of a method of the program. I tried to use </span><span style="font-size:10.0pt;">intra procedural data flow analysis, but soot constructs Control Flow Graph of each method separately and I can not construct the whole application control flow graph. </span><span style=""></span></div></div></div><div id="yiv1782236941yui_3_16_0_1_1435795709338_29342"><div id="yui_3_16_0_1_1436416321149_46193"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46192"><span style="font-size:10.0pt;">I would be appreciated if you could give me an idea about how can I do this.</span><span style=""></span></div></div></div><div id="yiv1782236941yui_3_16_0_1_1435795709338_29263"><div id="yui_3_16_0_1_1436416321149_46213"><div class="yiv1782236941MsoNormal" style="background:white;" id="yui_3_16_0_1_1436416321149_46212"><span style="font-size:10.0pt;"> </span><span style=""></span></div></div></div><div id="yiv1782236941yui_3_16_0_1_1435795709338_29175"><div id="yiv1782236941yui_3_16_0_1_1426188032239_18320"><div id="yiv1782236941yui_3_16_0_1_1426188032239_71660"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;">Best Regards,</span><span style=""></span></div></div></div><div id="yiv1782236941yui_3_16_0_1_1426188032239_71660"><div><div class="yiv1782236941MsoNormal" style="background:white;"><span style="font-size:10.0pt;">Marjan</span><span style=""></span></div></div></div></div></div></div></div></div></div><div class="yiv1782236941MsoNormal" style="margin-bottom:12.0pt;background:white;"><span style=""> </span></div></div></div></div></div></div></div></div></div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div></body></html>