<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"DejaVu Sans Mono";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Shaila,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Can you double-check your list of sources and sinks to make sure that getDeviceId() and Log.d() are actually marked a source or sink respectively? Furthermore,
where did you put your test code? The code must be reachable inside the app. In other words, you cannot place your code, e.g., into a function that is never called. Lastly, to make sure that your local FlowDroid installation works, you can try to analyze apps
from the DroidBench benchmark suite. Those example apps contain descriptions of the leaks that shall be found in their source code. We regularly test DroidBench with FlowDroid as part of our regular build and test cycle.,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Concerning the exit statement: The behavior of FlowDroid is correct. Note that FlowDroid runs two instances of the IFDS solver. One instance performs the forward
taint propagation. The second one performs a backwards alias propagation. For this backwards alias propagation, the interprocedural control flow graph is reversed, i.e., an exit statement becomes an entry statement and vice versa.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> Steven<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Soot-list [mailto:soot-list-bounces@cs.mcgill.ca]
<b>On Behalf Of </b>Sri Shaila G<br>
<b>Sent:</b> Friday, February 9, 2018 5:00 PM<br>
<b>To:</b> soot-list@cs.mcgill.ca<br>
<b>Subject:</b> [Soot-list] Doubts about flowdroid<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-family:"Arial",sans-serif">Hi Steven,</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-family:"Arial",sans-serif">I have 2 doubts regarding how flowdroid works.</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-family:"Arial",sans-serif">Firstly, I created a simple android application that makes a function call to get the deviceID from the phone and passes the value as a string to another function
which will write the value into a logfile. The code snippet is as follows</span><o:p></o:p></p>
<pre style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">TelephonyManager manager = (TelephonyManager) getSystemService(Context.</span><b><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#660E7A">TELEPHONY_SERVICE</span></i></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">);<br>String deviceid = manager.getDeviceId();<br></span><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:gray">//Device Id is IMEI number<br></span></i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Log.<i>d</i>(</span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"msg"</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">, </span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"Device id" </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">+ deviceid);<br>System.</span><b><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#660E7A">out</span></i></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">.println(</span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"msg Device id" </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">+ deviceid);<br></span><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:gray">//callFunc<br></span></i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">myFunc(deviceid);</span><span style="font-size:9.0pt;color:black"><o:p></o:p></span></pre>
<pre style="background:white"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:navy">public boolean </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">myFunc(String info) {<br> Log.<i>d</i>(</span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"msg"</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">, </span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"Device id" </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">+ info);<br> System.</span><b><i><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#660E7A">out</span></i></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">.<span style="background:#E4E4FF">println</span>(</span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"msg Device id++++" </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">);<br> </span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:navy">return true</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">;<br>}</span><span style="font-size:9.0pt;color:black"><o:p></o:p></span></pre>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><br>
However, it looks like flowdroid is not able to find the flow from the source function,
</span><o:p></o:p></p>
<pre style="margin-bottom:12.0pt;background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">getDeviceId() to the sink function, <i>d</i>(</span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"msg"</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">, </span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:green">"Device id" </span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">+ info). I am wondering why this might be the reason.<br><br></span><span style="font-size:9.0pt;color:black"><o:p></o:p></span></pre>
<pre style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Secondly, I had inserted some print statements under the run function in the IFDSSolver.java file as shown below.<br><br>if(icfg.isExitStmt(edge.getTarget())<br>{<br> System.out.println("run(): ExitStmt: "+"edge: factAtSrc: " + edge.factAtSource()+" getTgt: "+edge.getTarget()+" factAtTgt: "+edge.factAtTarget());<br> processExit(edge);<br>}</span><span style="font-size:9.0pt;color:black"><o:p></o:p></span></pre>
<pre style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">When I look at the output, I saw some statements like the following statements.</span><span style="font-size:9.0pt;color:black"><o:p></o:p></span></pre>
<pre style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">run(): ExitStmt: edge: factAtSrc: zero(null_type) <+length> | >> getTgt: $r0 := @this: com.android.tools.fd.runtime.BootstrapApplication factAtTgt: _$r1(android.app.Application$OnProvideAssistDataListener) * <+length> | $r1 := @parameter0: android.app.Application$OnProvideAssistDataListener>></span><span style="font-size:9.0pt;color:black"><o:p></o:p></span></pre>
<pre style="margin-bottom:12.0pt;background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">This statement does not look like an exit statement. I am wondering why it is considered as an exit statement. An exit statement is usually a return statement right?</span><span style="font-size:9.0pt;font-family:"DejaVu Sans Mono",serif;color:black"><o:p></o:p></span></pre>
<pre style="margin-bottom:12.0pt;background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Thank you so much for any clarifications.</span><span style="font-size:9.0pt;font-family:"DejaVu Sans Mono",serif;color:black"><o:p></o:p></span></pre>
<pre style="background:white"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">Regards<br>Shaila</span><span style="font-size:9.0pt;font-family:"DejaVu Sans Mono",serif;color:black"><o:p></o:p></span></pre>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>