[Soot-list] Missing Nodes in CFG
Steven Arzt
Steven.Arzt at cased.de
Thu Mar 6 12:15:09 EST 2014
Hi Dennis and Marc-André,
I don't think the stub JAR is a problem here. If you cann getLine1Number(),
this is an existing method in the Android stub JAR and thus there will be a
call edge in the CFG. We always tell people to use FlowDroid with the stub
JARs since it's quite a lot faster and consumes way less memory - and our
call edges to API functions are all there. Maybe your Android JAR file is
not only a stub, but incomplete (i.e., broken)? Which one do you use and
where did you get it from?
It would also be good to look at the Android classes such as
TelephonyManager? Do they look ok or are these phantom classes that Soot
could not resolve at all? If the latter is the case, there's something wrong
with your classpath. If you have set a custom classpath, be sure to add your
Android JAR file on the new classpath - otherwise you'll exactly see the
issues you have described.
Best regards,
Steven
-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at sable.mcgill.ca
[mailto:soot-list-bounces at sable.mcgill.ca] Im Auftrag von Marc-André
Laverdière
Gesendet: Donnerstag, 6. März 2014 15:50
An: soot-list at sable.mcgill.ca
Betreff: Re: [Soot-list] Missing Nodes in CFG
Hallo Dennis,
Disclaimer: I haven't tried on Android yet.
Have you tried with plain Spark settings? Is there a difference?
IIRC, VTA relies on new XYZ statements. If you use an Android jar stub that
lacks the object creation statements, then you will have some parts missing
for sure. That being said, I'd have expected Spark to default to CHA.
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 03/06/2014 03:02 AM, Dennis Titze wrote:
> Hi,
>
> I stumbled over the following problem, but I am not sure if I am doing
> something wrong:
>
> After running an Android-Infoflow Analysis, I want to look at the
> generated CFG (using VTA). But it seems as if some nodes are missing.
> E.g. for the following jimple:
>
> private java.lang.String get_phone()
> {
> com.example.android.skeletonapp.SkeletonActivity $r0;
> java.lang.Object $r1;
> java.lang.String $r2;
> android.telephony.TelephonyManager $r3;
>
> $r0 := @this: com.example.android.skeletonapp.SkeletonActivity;
> $r1 = virtualinvoke
> $r0.<com.example.android.skeletonapp.SkeletonActivity:
> java.lang.Object getSystemService(java.lang.String)>("phone");
> $r3 = (android.telephony.TelephonyManager) $r1;
> $r2 = virtualinvoke $r3.<android.telephony.TelephonyManager:
> java.lang.String getLine1Number()>();
> return $r2;
> }
>
> the call to getLine1Number does not appear in the CFG.
>
> When looking at the Sparktransformer, the CFG looks quite fine after
> final PAG pag = b.setup( opts );
> b.build();
>
> But once the CFG is built again using the pag
> CallGraphBuilder cgb = new CallGraphBuilder( pag );
> cgb.build();
>
> the mentioned node is not in the CFG anymore.
>
> Problem seems to be, that p2set for this line in public void build()
> is empty. If I add something like if (p2set.isEmpty()) {
> ofcgb.addType( receiver, momc.context(), receiver.getType(), null
> ); }
>
> the node appears in the CFG.
>
>
> Could you explain a bit, what the PointsToSet is in that context, and
> why it is needed?
>
> Can you think of some configuration I missed, which results in this
problem?
>
>
> Thank you very much in advance!
>
> Dennis Titze
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
_______________________________________________
Soot-list mailing list
Soot-list at sable.mcgill.ca
http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
More information about the Soot-list
mailing list