[Soot-list] [Beginnger] A few questions about cfg and Soot
Eric Bodden
eric.bodden at mail.mcgill.ca
Thu Jul 9 12:50:39 EDT 2009
> I don't want to analyze all libraries ;) just the program. So there is no
> way to create an intraprocedural cfg and go through it with Soot? With the
> intra cfg i can construct an inter cfg, i think.
That's right. There is no built-in way. You would have to implement
your traversal "manually", as a combination of traversing
intra-procedural control-flow graphs and the whole-program call-graph.
> I want to analyze Android programs. It's a kind of SOA. So there are methods
> for start, stop, pause, resume an activity (window/program) and the user
> interaction works with adapters. Then there could be several methods which
> receives messages and do something with it. So there are many entry points
> i've to analyze...
Oh, I see. That makes things more complicated. Well, I guess you can
always construct a simple (i.e imprecise) call graph using just a
simple Class Hierarchy Analysis (CHA) or Rapid Type Analysis (RTA).
For those, you don't really need to know the entry points. CHA simply
considers that any virtual method call could call any matching method
in the type hierarchy of the callee variable's declared type. RTA
reduces the set of possible callee classes by only considering the
classes that your program may actually instantiate. See here:
Sundaresan, V., Hendren, L., Razafimahefa, C., Vallée-Rai, R., Lam,
P., Gagnon, E., and Godin, C. 2000. Practical virtual method call
resolution for Java. In Proceedings of the 15th ACM SIGPLAN Conference
on Object-Oriented Programming, Systems, Languages, and Applications
(Minneapolis, Minnesota, United States). OOPSLA '00. ACM, New York,
NY, 264-280. DOI= http://doi.acm.org/10.1145/353171.353189
Eric
--
Eric Bodden
Sable Research Group, McGill University
Montréal, Québec, Canada
More information about the Soot-list
mailing list