<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.E-MailFormatvorlage19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:879171603;
mso-list-type:hybrid;
mso-list-template-ids:-1477035510 -1 68157443 68157445 68157441 68157443 68157445 68157441 68157443 68157445;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:53.55pt;
text-indent:-18.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:89.55pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:125.55pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:161.55pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:197.55pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:233.55pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:269.55pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:305.55pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:341.55pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1300189650;
mso-list-template-ids:2070694134;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:EN-US">Hi Darius,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US">For performing anm IFDS analysis, you need a callgraph. Traditionally, callgraphs are built iteratively from a set of entry points. Since you did not specify any entry
points, there is nowhere to start for SPARK, Soot’s callgraph generator, and consequently, you do not have a callgraph. Without one, there is no interprocedural control flow graph (ICFG). IFDS, however, propagates data flow abstractions over an ICFG. To cut
a long story short, you need to get a callgraph.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US">You have several options how to proceed here. One is to over-approximate the callgraph by treating all public methods as entry points for a CHA callgraph. That is the easiest
option, but as imprecise as it can be. If you nevertheless want to go down that (dark) road, look up Soot’s “all-reachables” CG option. A better alternative is to create a dummy main method as an entry point that calls the various library method in an order
that makes sense for your library. With that concept, you can model API restrictions such as “foo() is always called before bar()”. Look at FlowDroid’s various entry point creators such as the SequentialEntryPointCreator class for that option. The third option
is to use SPARK’s library mode, which has a quite particular semantics. Have a look at “Library mode” in the Soot command-line documentation [1].<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US"> Steven<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:EN-US">[1] https://soot-build.cs.uni-paderborn.de/public/origin/develop/soot/soot-develop/options/soot_options.htm<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">Von:</span></b><span lang="EN-US"> Soot-list [mailto:soot-list-bounces@cs.mcgill.ca]
<b>Im Auftrag von </b>D</span>arius<br>
<b>Gesendet:</b> Montag, 20. November 2017 11:03<br>
<b>An:</b> soot-list@CS.McGill.CA<br>
<b>Betreff:</b> [Soot-list] Inter-procedural info-flow analysis for Java libraries<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My name is Darius and I’m currently working on my M.Sc. thesis.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I need to perform inter-procedural info-flow analysis for a given Java library and I hope you can help me getting on the right track.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For my analysis I need to compute inter-procedural info-flow analysis for a given method of the given library, to see how the data from the method’s parameters flows in the library. Specifically I need to see which sensible
sinks it reaches.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">So far I’ve tried using HEROS in combination with Soot, specifically using the following code:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span><span lang="EN-US" style="font-family:Consolas">SootMethod sm = [the starting point of my analysis]</span><span lang="IT" style="font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:53.55pt"><span lang="IT" style="font-family:Consolas">IFDSTabulationProblem<Unit, ?, SootMethod, InterproceduralCFG<Unit,SootMethod>> lif = lif = new IFDSLocalInfoFlow(new OnTheFlyJimpleBasedICFG(sm));<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:53.55pt"><span lang="IT" style="font-family:Consolas">JimpleIFDSSolver<?, InterproceduralCFG<Unit, SootMethod>> solver = new JimpleIFDSSolver(lif);<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:53.55pt"><span lang="IT" style="font-family:Consolas"> solver.solve();<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:53.55pt"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">But it throws this exception:<br>
</span><span lang="EN-US" style="font-family:Consolas"> Exception in thread "main" java.lang.RuntimeException: There is no main class set!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">from the IFDSLocalInfoFlow.initialSeeds() methods.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Even if I overload the initialSeeds() method to return the initial seeds I want it gives me the same Exception (no main class set).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">So my questions are:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:53.55pt;text-indent:-18.0pt;mso-list:l0 level1 lfo3">
<![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">Since I want to analyze libraries, is there a way to avoid Soot asking for main class/method?<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:53.55pt;text-indent:-18.0pt;mso-list:l0 level1 lfo3">
<![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">Is my approach the correct approach?<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:53.55pt;text-indent:-18.0pt;mso-list:l0 level1 lfo3">
<![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">Is there a better way to do this?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thank you for your time.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Darius<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="margin-left:53.55pt"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="margin-left:53.55pt"><span lang="IT"><o:p> </o:p></span></p>
</div>
</body>
</html>