Open RichardHoOoOo opened 1 year ago
This looks like a bug. I guess the pointer analysis is released at some point. If someone requests a pointer analysis after it has been released, Soot dishes out a a DumbPointerAnalysis
. The interesting question would be where and why the release happens.
Yes, I have searched for the call sites of Scene.v().releasePointsToAnalysis()
, but seems they are called at the right place.
I'd expect that from a static point of view. Set a breakpoint. My guess is that FlowDroid optimizes the code and thereby looses the points-to information. Depending on the type of change, we might be able to back it up before and then restore it later.
I see, thanks for your idea. BTW, if we use the default aliasing algorithm (i.e., FlowSensitive), the release of pointer analysis will not have any side effects, right?
Mostly. The PtS infoirmation is still used, e.g., for some typing checks. Those should then assume that all casts are valid, I guess.
Hi @StevenArzt
It seems PointsToAnalysis becomes a DumbPointerAnalysis after
SetupApplication.runInfoflow()
. As a result, some post-processing tasks that rely on points-to information cannot be done after taint analysis.May I ask is it an intended behavior of FlowDroid or did I forget to config something? If it is intended, maybe I can grab a snapshot of PointsToAnalysis right after
SetupApplication.constructCallgraph
.