Solution for sheet 4

Moderator: Automated Code Analysis for Large Software Systems

Benutzeravatar
ericbodden
Moderator
Moderator
Beiträge: 243
Registriert: 5. Apr 2010 19:06

Solution for sheet 4

Beitrag von ericbodden »

... is now online.
-- Eric

pSub
Mausschubser
Mausschubser
Beiträge: 61
Registriert: 21. Sep 2009 22:56

Re: Solution for sheet 4

Beitrag von pSub »

We had trouble to handle the problem in task 1f), thus I copied our test into the sample solution. But the sample solution does not pass the test, too, and from glancing over the code I do not see how this case is handled in the code.

I use the following test:

Code: Alles auswählen

public class TargetClass4 {
	private class Data { Bar x; }
	private class Bar { String c; }
	private void foo(Data d, String taint) {
		Bar b = d.x;
		b.c = taint;
	}
	private void bar() {
		Data d = new Data();
		String secret = getSecret();
		foo(d, secret);
		leak(d.x.c);
	}
}
with

Code: Alles auswählen

	@Test
	public void barTest() {
		MainClass.runAnalysis(new IReporter() {
			
			@Override
			public void report(SootMethod method, Unit source, Unit sink) {
				if (method.getName().equals("bar"))
					Assert.fail();
			}
			
		});
	}
This test should fail, as the given code leaks the secret. Any ideas whats wrong?

Benutzeravatar
ericbodden
Moderator
Moderator
Beiträge: 243
Registriert: 5. Apr 2010 19:06

Re: Solution for sheet 4

Beitrag von ericbodden »

Hello.

Maybe a stupid question but is TargetClass4 your test entire class? If there is no main method then Soot will have trouble conducting a points-to and call-graph analysis.

Cheers,
Eric
-- Eric

Benutzeravatar
ericbodden
Moderator
Moderator
Beiträge: 243
Registriert: 5. Apr 2010 19:06

Re: Solution for sheet 4

Beitrag von ericbodden »

I think I have found a problem with your code. You need to replace...

private class Data { Bar x; }

... by:

private class Data { Bar x = new Bar(); }

Otherwise the points-to set for the field x will be empty. At runtime, for this code you would get a NullPointerException. With this change it should work.

I will explain tomorrow how the solution solves this test case.
-- Eric

pSub
Mausschubser
Mausschubser
Beiträge: 61
Registriert: 21. Sep 2009 22:56

Re: Solution for sheet 4

Beitrag von pSub »

Ah, that fixed it! Now that you mention it, it is obvious what was wrong... Thank you for your time!

Antworten

Zurück zu „Automated Code Analysis for Large Software Systems“