search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.05k stars 297 forks source link

Error during analysis execution in certain apks #151

Open ezamorab opened 5 years ago

ezamorab commented 5 years ago

Hi, @StevenArzt

I'm analyzing a set of applications, all great, but with 5 of them I get the following errors, even though I'm using the latest Flowdroid-master version.

[main] ERROR soot.jimple.infoflow.android.SetupApplication - Could not calculate callback methods java.lang.ClassCastException: soot.ArrayType cannot be cast to soot.RefType at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.resolveStaticTypes(OnFlyCallGraphBuilder.java:432) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.resolveInvoke(OnFlyCallGraphBuilder.java:372) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.addBaseType(OnFlyCallGraphBuilder.java:284) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.addType(OnFlyCallGraphBuilder.java:615) at soot.jimple.spark.solver.OnFlyCallGraph$2.visit(OnFlyCallGraph.java:139) at soot.jimple.spark.sets.HybridPointsToSet.forall(HybridPointsToSet.java:108) at soot.jimple.spark.solver.OnFlyCallGraph.updatedNode(OnFlyCallGraph.java:136) at soot.jimple.spark.solver.PropWorklist.handleVarNode(PropWorklist.java:158) at soot.jimple.spark.solver.PropWorklist.propagate(PropWorklist.java:81) at soot.jimple.spark.SparkTransformer.propagatePAG(SparkTransformer.java:238) at soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:155) at soot.SceneTransformer.transform(SceneTransformer.java:36) at soot.Transform.apply(Transform.java:102) at soot.RadioScenePack.internalApply(RadioScenePack.java:68) at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:58) at soot.Pack.apply(Pack.java:117) at soot.jimple.infoflow.android.SetupApplication.constructCallgraphInternal(SetupApplication.java:564) at soot.jimple.infoflow.android.SetupApplication.calculateCallbackMethods(SetupApplication.java:682) at soot.jimple.infoflow.android.SetupApplication.calculateCallbacks(SetupApplication.java:476) at soot.jimple.infoflow.android.SetupApplication.calculateCallbacks(SetupApplication.java:446) at soot.jimple.infoflow.android.SetupApplication.processEntryPoint(SetupApplication.java:1393) at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1359) at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1306) at soot.jimple.infoflow.cmd.MainClass.run(MainClass.java:333) at soot.jimple.infoflow.cmd.MainClass.main(MainClass.java:231)

I get this error (java.lang.ClassCastException: soot.ArrayType cannot be cast to soot.RefType) with three apks. With two apksI get the same traces and with the third the problem occurs at different points.

And that is the last error:

[main] ERROR soot.jimple.infoflow.android.SetupApplication - Could not calculate callback methods java.lang.ArrayIndexOutOfBoundsException: 5 at soot.jimple.toolkits.callgraph.ConstantArrayAnalysis$ArrayState.deepCloneLocalValueSlot(ConstantArrayAnalysis.java:107) at soot.jimple.toolkits.callgraph.ConstantArrayAnalysis.flowThrough(ConstantArrayAnalysis.java:229) at soot.jimple.toolkits.callgraph.ConstantArrayAnalysis.flowThrough(ConstantArrayAnalysis.java:1) at soot.toolkits.scalar.FlowAnalysis.flowThrough(FlowAnalysis.java:592) at soot.toolkits.scalar.FlowAnalysis.doAnalysis(FlowAnalysis.java:556) at soot.toolkits.scalar.ForwardFlowAnalysis.doAnalysis(ForwardFlowAnalysis.java:46) at soot.jimple.toolkits.callgraph.ConstantArrayAnalysis.(ConstantArrayAnalysis.java:149) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.addInvokeCallSite(OnFlyCallGraphBuilder.java:711) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.access$5(OnFlyCallGraphBuilder.java:701) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder$TypeBasedReflectionModel.methodInvoke(OnFlyCallGraphBuilder.java:1071) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.getImplicitTargets(OnFlyCallGraphBuilder.java:840) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:756) at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:269) at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:83) at soot.jimple.spark.solver.PropWorklist.handleVarNode(PropWorklist.java:159) at soot.jimple.spark.solver.PropWorklist.propagate(PropWorklist.java:81) at soot.jimple.spark.SparkTransformer.propagatePAG(SparkTransformer.java:238) at soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:155) at soot.SceneTransformer.transform(SceneTransformer.java:36) at soot.Transform.apply(Transform.java:102) at soot.RadioScenePack.internalApply(RadioScenePack.java:68) at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:58) at soot.Pack.apply(Pack.java:117) at soot.jimple.infoflow.android.SetupApplication.constructCallgraphInternal(SetupApplication.java:564) at soot.jimple.infoflow.android.SetupApplication.calculateCallbackMethods(SetupApplication.java:682) at soot.jimple.infoflow.android.SetupApplication.calculateCallbacks(SetupApplication.java:476) at soot.jimple.infoflow.android.SetupApplication.calculateCallbacks(SetupApplication.java:446) at soot.jimple.infoflow.android.SetupApplication.processEntryPoint(SetupApplication.java:1393) at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1359) at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1306) at soot.jimple.infoflow.cmd.MainClass.run(MainClass.java:333) at soot.jimple.infoflow.cmd.MainClass.main(MainClass.java:231) With other apk I also get another java.lang.ArrayIndexOutOfBoundsException: 1.

Is there any way to solve these problems? I understand that they are bugs that are due to the tool.

Thanks in advanced.

StevenArzt commented 5 years ago

FlowDroid relies on Soot' SPARK callgraph algorithm. Your stack traces look as if something inside SPARK is going horribly wrong. Can you please provide a download link to the APKs?

ezamorab commented 5 years ago

Yes, of course. But I'd rather send it to you by mail and not with a public link here, is that possible? My email is in my github profile.

Thanks for the answer.

StevenArzt commented 5 years ago

I'm looking into it and will keep you updated once I know what happens with your APKs.

StevenArzt commented 5 years ago

I have now checked all of the apps. Aside from one NPE during layout file parsing, they work fine with the most recent versions of Soot and FlowDroid. I guess the original bug has already been fixed in the meantime. I have committed my fix for the NPE. In case you still encounter problems, please let me know.

ezamorab commented 5 years ago

Hi, Steven. Thanks a lot for your help.

I'm still having problems. I've tried with the latest soot-master and the latest flowdroid-develop (with your fix commited), but the same problems persist. I've also tried with the latest soot-develop. Do you have any suggestions?

Thanks again.

StevenArzt commented 5 years ago

Please use the develop branch from Soot. I'm not sure how old the mater branch is at the moment. For my tests, I have used the current development version. Can you provide the full command line you have used to run FlowDroid? Maybe you're using different options.

ezamorab commented 5 years ago

Hi again, Steven.

I run FlowDroid with these arguments: *-a -c -o

* I attach the flowDroidConfig.xml file*.* Thank you so much. El lun., 13 may. 2019 a las 15:18, Steven Arzt () escribió: > Please use the develop branch from Soot. I'm not sure how old the mater > branch is at the moment. For my tests, I have used the current development > version. Can you provide the full command line you have used to run > FlowDroid? Maybe you're using different options. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > , > or mute the thread > > . >
ezamorab commented 5 years ago

Hi, Steven.

Did you get a chance to take a look at it?

Thank you very much. Sorry for troubling.

El vie., 17 may. 2019 a las 11:23, Esperanza Zamora (espezb@gmail.com) escribió:

Hi again, Steven.

I run FlowDroid with these arguments: *-a -c -o

* I attach the flowDroidConfig.xml file*.* Thank you so much. El lun., 13 may. 2019 a las 15:18, Steven Arzt () escribió: > Please use the develop branch from Soot. I'm not sure how old the mater > branch is at the moment. For my tests, I have used the current development > version. Can you provide the full command line you have used to run > FlowDroid? Maybe you're using different options. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > , > or mute the thread > > . >
StevenArzt commented 5 years ago

I did not receive the configuration file. Can you please copy&paste it into this Github issue (formatted as a code snippet to make sure it doesn't get messed up)?

ezamorab commented 5 years ago

Here it is:

`<?xml version="1.0" encoding="utf-8"?>

****SourcesAndSinks.txt ****androidplatforms true true 100 -1 NoMatch true NoParametersAsSources 0 false true 10 75 NoImplicitFlows true true true true true true true Fast true 30 75 15 0 0 5 true

`

Thanks.