[Soot-list] [Soot][FlowDroid] Running FlowDroid in whole-program mode (-w)

[Umar Farooq]

Hi All,

I want to run FlowDroid in whole program mode, I have tried to call "soot.options.Options.v().set_whole_program(true);" it can work for soot but not for FlowDroid. I need to load all the bodies level classes but I am getting this message. 

"The data flow analysis has failed. Error message: This operation requires resolving level BODIES but android.support.v7.app.AppCompatActivity is at resolving level SIGNATURES

If you are extending Soot, try to add the following call before calling soot.Main.main(..):

Scene.v().addBasicClass(android.support.v7.app.AppCompatActivity,BODIES);

Otherwise, try whole-program mode (-w)."

Thanks,

Umar

[Arzt, Steven]

Hi Umar,

 

How do you attempt to run FlowDroid? Do you use the FlowDroid API or the command-line program? Please show your command line or your code with which you invoke FlowDroid.

 

Best regards,

  Steven

[Umar Farooq]

Hello Steven, 

I am using FlowDroid API, The "SetupApplication" class has method "initializeSoot" that is responsible to initialize soot, I have tried to set the flag for whole program but it seems it is not working. Please, see the code below.

 

private void initializeSoot(boolean constructCallgraph) {
        logger.info("Initializing Soot...");

        final String androidJar = config.getAnalysisFileConfig().getAndroidPlatformDir();
        final String apkFileLocation = config.getAnalysisFileConfig().getTargetAPKFile();

        // Clean up any old Soot instance we may have
        G.reset();

        Options.v().set_no_bodies_for_excluded(true);
        Options.v().set_allow_phantom_refs(true);
        if (config.getWriteOutputFiles())
            Options.v().set_output_format(Options.output_format_jimple);
        else
            Options.v().set_output_format(Options.output_format_none);
        Options.v().set_whole_program(constructCallgraph);
        Options.v().set_process_dir(Collections.singletonList(apkFileLocation));
        if (forceAndroidJar)
            Options.v().set_force_android_jar(androidJar);
        else
            Options.v().set_android_jars(androidJar);
        Options.v().set_src_prec(Options.src_prec_apk_class_jimple);
        Options.v().set_keep_line_number(false);
        Options.v().set_keep_offset(false);
        Options.v().set_throw_analysis(Options.throw_analysis_dalvik);
        Options.v().set_process_multiple_dex(config.getMergeDexFiles());
        Options.v().set_whole_program(true);
        System.out.println("Soot Initialization called");

Thanks,

Umar

On Wed, Feb 28, 2018 at 11:58 AM, Umar Farooq <ufar...@ucr.edu> wrote:

Hello Steven, 

I am using FlowDroid API, The "SetupApplication" class has method "initializeSoot" that is responsible to initialize soot, I have tried to set the flag for whole program but it seems it is not working. Please, see my code in attachment. 

Thanks,

Umar

[Arzt, Steven]

Hi Umar,

 

How do you use the FlowDroid API? Do you call constructCallgraph() on SetupApplication? Which options do you set in the InfoflowAndroidConfiguration object? What is the stack trace of the exception? I need your code, not what is in FlowDroid. There are many ways to configure FlowDroid, so it’s hard to tell anything without knowing how you use the API.

 

Best regards,

  Steven

[Umar Farooq]

Hello Steven, 

I am using FlowDroid API, The "SetupApplication" class has method "initializeSoot" that is responsible to initialize soot, I have tried to set the flag for whole program but it seems it is not working. Please, see my code in attachment. 

Thanks,

Umar

On Wed, Feb 28, 2018 at 1:48 AM, Arzt, Steven <steve...@sit.fraunhofer.de> wrote:

[Umar Farooq]

Hi Steven,

Yes, I am calling on constructCallgraph() SetupApplication. Basically, I am using almost same code as in MainClass except minor changes. Please, have a look at the code and stack trace. 

 

This run() being invoked exactly as that exists in FlowDroid original code.

------------------------------

private void run(String[] args) throws Exception {
    // We need proper parameters
    final HelpFormatter formatter = new HelpFormatter();
    if (args.length == 0) {
        formatter.printHelp("soot-infoflow-cmd [OPTIONS]", options);
        return;
    }

    // Parse the command-line parameters
    CommandLineParser parser = new DefaultParser();
    try {
        CommandLine cmd = parser.parse(options, args);

        // Do we need to display the user manual?
        if (cmd.hasOption("?") || cmd.hasOption("help")) {
            formatter.printHelp("soot-infoflow-cmd [OPTIONS]", options);
            return;
        }

        // Do we have a configuration file?
        String configFile = cmd.getOptionValue(OPTION_CONFIG_FILE);
        final InfoflowAndroidConfiguration config = configFile == null || configFile.isEmpty()
                ? new InfoflowAndroidConfiguration() : loadConfigurationFile(configFile);
        if (config == null)
            return;

        // Parse the other options
        parseCommandLineOptions(cmd, config);
        config.setSootIntegrationMode(InfoflowAndroidConfiguration.SootIntegrationMode.CreateNewInstace);
        soot.options.Options.v().set_allow_phantom_refs(true);
        soot.options.Options.v().set_output_format(soot.options.Options.output_format_none);
        soot.options.Options.v().set_process_dir(Collections.singletonList("apk path"));
        soot.options.Options.v().set_force_android_jar("/Users/umarfarooq/Library/Android/sdk/platforms");
        soot.options.Options.v().set_src_prec(soot.options.Options.src_prec_apk_class_jimple);
        soot.options.Options.v().set_keep_line_number(false);
        soot.options.Options.v().set_keep_offset(false);
        soot.options.Options.v().set_throw_analysis(soot.options.Options.throw_analysis_dalvik);
        soot.options.Options.v().set_process_multiple_dex(config.getMergeDexFiles());
        soot.options.Options.v().set_whole_program(true);
        IInfoflowConfig sootConfig = new SootConfigForAndroid();
        sootConfig.setSootOptions(soot.options.Options.v(), config);
        // Create the data flow analyzer
        analyzer = new SetupApplication(config);
        analyzer.setSootConfig(sootConfig);
        analyzer.constructCallgraph();

        ReachableMethods methods = Scene.v().getReachableMethods();
        System.out.println("Reachable Size: " + methods.size());
        QueueReader<MethodOrMethodContext> reader = methods.listener();
        while (reader.hasNext()) {
            MethodOrMethodContext method = reader.next();
            method.method().retrieveActiveBody();    // This statement cause exception 
            System.out.println("Reachable: " + method);

        }

     }

Stack Trace of Exception:

-----------------------------------------------

The data flow analysis has failed. Error message: This operation requires resolving level BODIES but android.support.v7.app.AppCompatActivity is at resolving level SIGNATURES
If you are extending Soot, try to add the following call before calling soot.Main.main(..):
Scene.v().addBasicClass(android.support.v7.app.AppCompatActivity,BODIES);
Otherwise, try whole-program mode (-w).
java.lang.RuntimeException: This operation requires resolving level BODIES but android.support.v7.app.AppCompatActivity is at resolving level SIGNATURES
If you are extending Soot, try to add the following call before calling soot.Main.main(..): 

------------------------------------------------

Thanks,

Umar