Open RichardHoOoOo opened 1 year ago
StevenArzt
commented
1 year ago This looks like a bug. I guess the pointer analysis is released at some point. If someone requests a pointer analysis after it has been released, Soot dishes out a a DumbPointerAnalysis. The interesting question would be where and why the release happens.
RichardHoOoOo
commented
1 year ago Yes, I have searched for the call sites of Scene.v().releasePointsToAnalysis(), but seems they are called at the right place.
StevenArzt
commented
1 year ago I'd expect that from a static point of view. Set a breakpoint. My guess is that FlowDroid optimizes the code and thereby looses the points-to information. Depending on the type of change, we might be able to back it up before and then restore it later.
RichardHoOoOo
commented
1 year ago I see, thanks for your idea. BTW, if we use the default aliasing algorithm (i.e., FlowSensitive), the release of pointer analysis will not have any side effects, right?
StevenArzt
commented
1 year ago Mostly. The PtS infoirmation is still used, e.g., for some typing checks. Those should then assume that all casts are valid, I guess.
Hi @StevenArzt
It seems PointsToAnalysis becomes a DumbPointerAnalysis after
SetupApplication.runInfoflow(). As a result, some post-processing tasks that rely on points-to information cannot be done after taint analysis.May I ask is it an intended behavior of FlowDroid or did I forget to config something? If it is intended, maybe I can grab a snapshot of PointsToAnalysis right after
SetupApplication.constructCallgraph.