0.6.1-SNAPSHOT

CITATION.cff

@@ -18,6 +18,6 @@ authors:
   given-names: "Eric"
   orcid: "https://orcid.org/0000-0003-3470-3647"
 title: "SVFA-Scala: an implementation of SVFA for Java"
-version: 0.6.0
+version: 0.6.1-SNAPSHOT
 date-released: 2025-09-06
 url: "https://github.com/PAMunb/svfa"

build.sbt

@@ -3,7 +3,7 @@
 
 ThisBuild / scalaVersion := "2.12.20"
 ThisBuild / organization := "br.unb.cic"
-ThisBuild / version := "0.6.0"
+ThisBuild / version := "0.6.1-SNAPSHOT"
 
 // Global settings
 ThisBuild / publishConfiguration := publishConfiguration.value.withOverwrite(true)

modules/core/src/main/scala/br/unb/cic/soot/graph/Graph.scala

@@ -523,6 +523,12 @@ class Graph() {
 
     val csOpenAndClose = csOpen ++ csClose
 
+    /**
+    TO-DO: Implement a better way to calculate the right csOpen and Close
+    because the right one can lead to a bug in some edges cases. 
+    */
+
+
     csOpenAndClose.foreach(open => {
       if (open.value.context.nonEmpty) {
         cs = cs + open.value.context.head
@@ -568,21 +574,7 @@ class Graph() {
       f(stmt)
     )
 
-  def reportConflicts(
-      useUniquePaths: Boolean = false
-  ): scala.collection.Set[String] = {
-    val conflicts = findConflictingPaths()
-
-    if (useUniquePaths) {
-      var conflictsByUniquePaths: Set[String] = Set.empty[String]
-      conflicts.foreach(path => {
-        conflictsByUniquePaths += s"source: ${path.head.show()} - sink: ${path.last.show()}"
-      })
-      conflictsByUniquePaths
-    } else {
-      conflicts.map(p => p.toString)
-    }
-  }
+  def reportConflicts(): scala.collection.Set[List[GraphNode]] = findConflictingPaths()
 
   def findConflictingPaths(): scala.collection.Set[List[GraphNode]] = {
     if (fullGraph) {

modules/core/src/main/scala/br/unb/cic/soot/svfa/SVFA.scala

@@ -27,10 +27,8 @@ abstract class SVFA extends SootConfiguration {
     svg.toDotModel()
   }
 
-  def reportConflictsSVG(
-      useUniquePaths: Boolean = false
-  ): collection.Set[String] = {
-    svg.reportConflicts(useUniquePaths)
+  def reportConflictsSVG(): scala.collection.Set[List[GraphNode]] = {
+    svg.reportConflicts()
   }
 
   def executionTime(): Double = {

modules/core/src/main/scala/br/unb/cic/soot/svfa/jimple/JSVFA.scala

@@ -317,7 +317,7 @@ abstract class JSVFA
       case (p: Local, q: ArrayRef) => // p = q[i]
         loadArrayRule(assignStmt.stmt, q, method, defs)
       case (p: Local, q: InvokeExpr) =>
-        invokeRule(assignStmt, q, method, defs) // call a method
+        invokeRule(assignStmt, q, method, defs) // p = myObject.method() : call a method and assign its return value to a local variable
       case (p: Local, q: Local) => copyRule(assignStmt.stmt, q, method, defs)
       case (p: Local, _) =>
         copyRuleInvolvingExpressions(assignStmt.stmt, method, defs)
@@ -367,10 +367,18 @@ abstract class JSVFA
     })
   }
 
-  /** Handles invocation rules for a call statement by traversing the call
-    * graph. This method avoids infinite recursion and limits the traversal
-    * depth for performance.
-    */
+  /**
+   * Handles invocation rules for a call statement by traversing the call
+   * graph. This method avoids infinite recursion and limits the traversal
+   * depth for performance.
+   *
+   * i.e:
+   *
+   * myObject.method()
+   * myObject.method(q)
+   * this.method()
+   * this.method(q)
+   */
   private def invokeRule(
       callStmt: Statement,
       exp: InvokeExpr,
@@ -1039,22 +1047,36 @@ abstract class JSVFA
       case v              => v
     }
 
-  /** CASE 1: UPDATE EDGE(S) "FROM" each stmt where the variable, passed as an
-    * argument, is defined. "TO" stmt where the method is called (call-site
-    * stmt).
-    *
-    * CASE 2: ???
-    *
-    * CASE 2: ???
-    */
+  /** CASE #1: UPDATE EDGE(S) "FROM" each stmt where the variable, passed as an
+   * argument, is defined. "TO" stmt where the method is called (call-site
+   * stmt). i.e: [s1 -> s2]
+   *
+   * -------------------
+   *  s1: p = ...
+   *  s2: myObj.method(p)
+   * -------------------
+   *
+   * CASE #2:
+   * TO-DO
+   *
+   * CASE #3: UPDATE EDGE(S) "FROM" from definition of base object "TO" where it
+   * calls any of its methods. The expression must be type (invoke).
+   * i.e: [s1 -> s2]
+   *
+   * -------------------
+   *  s1: myObj = new Object()
+   *  s2: myObj.method()
+   * -------------------
+   *
+   */
   private def defsToCallOfSinkMethod(
       stmt: Statement,
       exp: InvokeExpr,
       caller: SootMethod,
       defs: SimpleLocalDefs
   ) = {
 
-    // CASE 1
+    // CASE #1
     exp.getArgs
       .stream()
       .filter(a => a.isInstanceOf[Local])
@@ -1069,22 +1091,21 @@ abstract class JSVFA
             updateGraph(
               source,
               target
-            ) // update 'edge(s)' FROM "declaration stmt(s) for args" TO "call-site stmt" (current stmt)
+            )
           })
 
-        // CASE 2
+        // CASE #2
         if (local.getType.isInstanceOf[ArrayType]) {
           val stores = arrayStores.getOrElseUpdate(local, List())
           stores.foreach(sourceStmt => {
             val source = createNode(caller, sourceStmt)
             val target = createNode(caller, targetStmt)
-            updateGraph(source, target) // add comment
+            updateGraph(source, target)
           })
         }
       })
 
-    // CASE 3
-    // edges from definition to base object of an invoke expression
+    // CASE #3
     if (isFieldSensitiveAnalysis() && exp.isInstanceOf[InstanceInvokeExpr]) {
       if (exp.asInstanceOf[InstanceInvokeExpr].getBase.isInstanceOf[Local]) {
         val local =
@@ -1095,7 +1116,7 @@ abstract class JSVFA
           .forEach(sourceStmt => {
             val source = createNode(caller, sourceStmt)
             val target = createNode(caller, targetStmt)
-            updateGraph(source, target) // add comment
+            updateGraph(source, target)
           })
       }
     }

modules/core/src/test/scala/br/unb/cic/metrics/TestResult.scala

@@ -191,9 +191,9 @@ trait TestResult {
     )
 
     val header =
-      "|      Test      | Found | Expected | Status | TP | FP | FN | Precision | Recall | F-score | Execution Time |"
+      "|      Test      | Found | Expected | Status | TP | FP | FN | Precision | Recall | F-score |"
     val sep =
-      "|:--------------:|:-----:|:--------:|:------:|:--:|:--:|:---|:---------:|:------:|:-------:|:--------------:|"
+      "|:--------------:|:-----:|:--------:|:------:|:--:|:--:|:---|:---------:|:------:|:-------:|"
     println(header)
     println(sep)
     var totalFound = 0
@@ -229,7 +229,7 @@ trait TestResult {
     val totalF1 = f1Score()
     val totalStatus = s"${totalPassed}/${totalTests}"
     println(
-      f"| TOTAL         | ${totalFound}%5d | ${totalExpected}%8d | ${totalStatus}%6s | ${totalTP}%2d | ${totalFP}%2d | ${totalFN}%3d | ${totalPrec}%9.2f | ${totalRec}%6.2f | ${totalF1}%7.2f | ${totalExecutionTime}%9.2f ms |"
+      f"| TOTAL         | ${totalFound}%5d | ${totalExpected}%8d | ${totalStatus}%6s | ${totalTP}%2d | ${totalFP}%2d | ${totalFN}%3d | ${totalPrec}%9.2f | ${totalRec}%6.2f | ${totalF1}%7.2f |"
     )
   }
 }

modules/securibench/src/docs-metrics/flowdroid/flowdroid-metrics.md

@@ -1,21 +1,24 @@
 #### FLOWDROID metrics
 
-### SUMMARY
+### SUMMARY (*computed in November 2025.*)
 
 > failed: 36, passed: 67 of 103 tests. `(65.05%)`
 
-| Test           | Found | Expected | Status | TP | FP | FN | Precision | Recall | F1   |
-|----------------|-------|----------|--------|----|----|----|-----------|--------|------|
-| Aliasing       | 11    | 11       | 4/6    | 9  | 1  | 1  | 0.90      | 0.90   | 0.90 |
-| Arrays         | 14    | 9        | 6/10   | 6  | 5  | 0  | 0.55      | 1.00   | 0.71 |
-| Basic          | 38    | 61       | 26/42  | 33 | 1  | 24 | 0.97      | 0.58   | 0.73 |
-| Collections    | 14    | 15       | 11/14  | 12 | 1  | 2  | 0.92      | 0.86   | 0.89 |
-| Datastructures | 5     | 5        | 4/6    | 3  | 1  | 1  | 0.75      | 0.75   | 0.75 |
-| Factories      | 1     | 3        | 1/3    | 1  | 0  | 2  | 1.00      | 0.33   | 0.50 |
-| Inter          | 15    | 18       | 11/14  | 13 | 0  | 3  | 1.00      | 0.81   | 0.90 |
-| Session        | 0     | 3        | 0/3    | 0  | 0  | 3  | 0.00      | 0.00   | 0.00 |
-| StrongUpdates  | 0     | 1        | 4/5    | 0  | 0  | 1  | 0.00      | 0.00   | 0.00 |
-| TOTAL          | 98    | 126      | 67/103 | 77 | 9  | 37 | 0.90      | 0.68   | 0.77 |
+| Test           | Found | Expected | Status | TP | FP | FN | Precision | Recall | F1   | Pass Rate |
+|----------------|-------|----------|--------|----|----|----|-----------|--------|------|-----------|
+| Aliasing       | 11    | 11       | 4/6    | 9  | 1  | 1  | 0.90      | 0.90   | 0.90 | 66.67%    |
+| Arrays         | 14    | 9        | 6/10   | 6  | 5  | 0  | 0.55      | 1.00   | 0.71 | 60%       |
+| Basic          | 38    | 61       | 26/42  | 33 | 1  | 24 | 0.97      | 0.58   | 0.73 | 61.90%    |
+| Collections    | 14    | 15       | 11/14  | 12 | 1  | 2  | 0.92      | 0.86   | 0.89 | 78.57%    |
+| Datastructures | 5     | 5        | 4/6    | 3  | 1  | 1  | 0.75      | 0.75   | 0.75 | 66.67%    |
+| Factories      | 1     | 3        | 1/3    | 1  | 0  | 2  | 1.00      | 0.33   | 0.50 | 33.33%    |
+| Inter          | 15    | 18       | 11/14  | 13 | 0  | 3  | 1.00      | 0.81   | 0.90 | 78.57%    |
+| Session        | 0     | 3        | 0/3    | 0  | 0  | 3  | 0.00      | 0.00   | 0.00 | 0%        |
+| StrongUpdates  | 0     | 1        | 4/5    | 0  | 0  | 1  | 0.00      | 0.00   | 0.00 | 80%       |
+| Pred           | -     | -        | -      | -  | -  | -  | -         | -      | -    | -         |
+| Reflection     | -     | -        | -      | -  | -  | -  | -         | -      | -    | -         |
+| Sanitizers     | -     | -        | -      | -  | -  | -  | -         | -      | -    | -         |
+| **TOTAL**      | 98    | 126      | 67/103 | 77 | 9  | 37 | 0.90      | 0.68   | 0.77 | 65.05%    |
 
 
 According to Flowdroid Paper (https://www.bodden.de/pubs/far+14flowdroid.pdf), they computed the next values.
@@ -38,7 +41,7 @@ According to Flowdroid Paper (https://www.bodden.de/pubs/far+14flowdroid.pdf), t
 |  StrongUpdate  |   0/0   | 0  |
 |   **TOTAL**    | 117/121 | 9  |
 
-### Details
+### DETAILS
 
 - ✅ : PASSED; ❌ : FAIL
 
@@ -55,7 +58,7 @@ According to Flowdroid Paper (https://www.bodden.de/pubs/far+14flowdroid.pdf), t
 | TOTAL     | 11    | 11       | 4/6    | 9  | 1  | 1  | 0.90      | 0.90   | 0.90 |
 
 
-- **ArraysTest** - failed: 4, passed: 6 of 10 tests. `(60.00%)`
+- **ArraysTest** - failed: 4, passed: 6 of 10 tests. `(60%)`
 
 | Test     | Found | Expected | Status | TP | FP | FN | Precision | Recall | F1   |
 |----------|-------|----------|--------|----|----|----|-----------|--------|------|
@@ -197,7 +200,7 @@ According to Flowdroid Paper (https://www.bodden.de/pubs/far+14flowdroid.pdf), t
 | TOTAL    | 0     | 3        | 0/3    | 0  | 0  | 3  | 0.00      | 0.00   | 0.00 |
 
 
-- **StrongUpdateTest** - failed: 1, passed: 4 of 5 tests. `(80.00%)`
+- **StrongUpdateTest** - failed: 1, passed: 4 of 5 tests. `(80%)`
 
 | Test           | Found | Expected | Status | TP | FP | FN | Precision | Recall | F1   |
 |----------------|-------|----------|--------|----|----|----|-----------|--------|------|