[Soot-list] Missing Nodes in CFG

Marc-André Laverdière marc-andre.laverdiere-papineau at polymtl.ca
Thu Mar 6 09:50:21 EST 2014 

Hallo Dennis,

Disclaimer: I haven't tried on Android yet.

Have you tried with plain Spark settings? Is there a difference?

IIRC, VTA relies on new XYZ statements. If you use an Android jar stub
that lacks the object creation statements, then you will have some parts
missing for sure. That being said, I'd have expected Spark to default to
CHA.

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 03/06/2014 03:02 AM, Dennis Titze wrote:
> Hi,
> 
> I stumbled over the following problem, but I am not sure if I am doing
> something wrong:
> 
> After running an Android-Infoflow Analysis, I want to look at the
> generated CFG (using VTA). But it seems as if some nodes are missing.
> E.g. for the following jimple:
> 
> private java.lang.String get_phone()
> {
>     com.example.android.skeletonapp.SkeletonActivity $r0;
>     java.lang.Object $r1;
>     java.lang.String $r2;
>     android.telephony.TelephonyManager $r3;
> 
>     $r0 := @this: com.example.android.skeletonapp.SkeletonActivity;
>     $r1 = virtualinvoke
> $r0.<com.example.android.skeletonapp.SkeletonActivity:
> java.lang.Object getSystemService(java.lang.String)>("phone");
>     $r3 = (android.telephony.TelephonyManager) $r1;
>     $r2 = virtualinvoke $r3.<android.telephony.TelephonyManager:
> java.lang.String getLine1Number()>();
>     return $r2;
> }
> 
> the call to getLine1Number does not appear in the CFG.
> 
> When looking at the Sparktransformer, the CFG looks quite fine after
>     final PAG pag = b.setup( opts );
>     b.build();
> 
> But once the CFG is built again using the pag
>     CallGraphBuilder cgb = new CallGraphBuilder( pag );
>     cgb.build();
> 
> the mentioned node is not in the CFG anymore.
> 
> Problem seems to be, that p2set for this line in public void build()
> is empty. If I add something like
> if (p2set.isEmpty()) {
>     ofcgb.addType( receiver, momc.context(), receiver.getType(), null );
> }
> 
> the node appears in the CFG.
> 
> 
> Could you explain a bit, what the PointsToSet is in that context, and
> why it is needed?
> 
> Can you think of some configuration I missed, which results in this problem?
> 
> 
> Thank you very much in advance!
> 
> Dennis Titze
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>

More information about the Soot-list mailing list