search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.05k stars 297 forks source link

How to give an existing call graph to FlowDroid for analysis? #439

Open zhouyuhao1018 opened 2 years ago

zhouyuhao1018 commented 2 years ago

Dear, After setupApplication.constructCallgraph(); , I get a call graph by cg = Scene.v().getCallGraph();. Then I add some new edges to this call graph cg and call Scene.v().setCallGraph(cg); .
Then, I call runInfoflow() with a custom implementation of an ISourceSinkDefinitionProvider . How can I make FlowDroid use the existing and improved call graph for data flow analysis? Could you give me some advice? Thanks a lot.

Best Zhou

StevenArzt commented 2 years ago

Have a look at InfoflowConfiguration.sootIntegrationMode. There is an option UseExistingCallgraph.

zhouyuhao1018 commented 2 years ago

Have a look at InfoflowConfiguration.sootIntegrationMode. There is an option UseExistingCallgraph.

Thanks for your reply !
After receiving your suggestion, I looked back the source code again.

The first time I setupApplication=new SetupApplication(androidJar, apkFilePath), the SetupApplication constructor will call InfoflowAndroidConfiguration constructor, which extends InfoflowConfiguration and also calls InfoflowConfiguration constructor. As a result, InfoflowConfiguration.SootIntegrationMode is CreateNewInstance by default, right? So, after setupApplication.constructCallgraph() and Scene.v().setCallGraph(cg) with an improved callgraph, I only need to setupApplication.getConfig().setSootIntegrationMode() with the option UseExistingCallgraph before I call runInfoflow(). Am I right ?

PS: I notice that the three options‘ explanations in SootIntegrationMode mention the word 'FlowDroid its own Soot instance'. So I am confused about that can there exist two Soot instance in my project? Because I use Soot and initialize it to get jimple codes where I try to find some stmts and locals for constructing StatementSourceSinkDefinition. So, the Soot instance I used myself and the Soot instance when I new SetupApplication(androidJar, apkFilePath) , are they two independent instances?Or, the initializeSoot() in SetupApplication will overwrite the previous one that I used?

StevenArzt commented 2 years ago

Your sequence of calls is correct. You set the correct flag before calling runInfoflow.

There is only one Soot instance. The wording is misleading. Essentially, FlowDroid can create a new Soot instance (and throw away what might have existed before), use the existing Soot instance and create a callgraph (and throw away any potential previous callgraph), or don't touch scene and callgraph and just run the data flow analysis.

zhouyuhao1018 commented 2 years ago

Thanks a lot ! Your reply answered my question so clearly!

Best wishes