[Soot-list] Android application call graph

Wed Oct 29 06:12:07 EDT 2014

Hi all,

I am now constructing the cll graph of an Android app, a game app. The main code in as below:

public static void main(String[] args) {

// TODO Auto-generated method stub

SetupApplication app = new SetupApplication("/Users/xueliang/Documents/tools/sootpackages/android-4.0.3_r1.jar","/Users/xueliang/Documents/tools/AndroidInstrument/cocos2d_android.apk");
try {

app.calculateSourcesSinksEntrypoints("/Users/xueliang/Documents/workspace/soot-infoflow-android/SourcesAndSinks.txt");

} catch (IOException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (XmlPullParserException e) {

// TODO Auto-generated catch block

e.printStackTrace();

       }

        soot.G.reset();

Options.v().set_src_prec(Options.src_prec_apk);

Options.v().set_process_dir(Collections.singletonList("/Users/xueliang/Documents/tools/AndroidInstrument/cocos2d_android.apk"));

Options.v().set_android_jars("/Users/xueliang/Documents/tools/sootpackages");

Options.v().set_whole_program(true);

Options.v().set_allow_phantom_refs(true);

Options.v().set_output_format(Options.output_format_none);

Options.v().setPhaseOption("cg.spark", "on");

        Scene.v().loadNecessaryClasses();

        SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();

        Options.v().set_main_class(entryPoint.getSignature());

         Scene.v().setEntryPoints(Collections.singletonList(entryPoint));

 System.out.println(entryPoint.getActiveBody());

         PackManager.v().runPacks();

System.out.println(Scene.v().getCallGraph().size());

        }

However,  I still cannot get the expected result, a call graph.  The information shown in console is a large amount, I summarise it as the steps below:

1. The message is

  “[Call Graph] For information on where the call graph may be incomplete, use the verbose option to the cg phase.
   [Spark] Pointer Assignment Graph in 0.4 seconds.
   [Spark] Type masks in 0.1 seconds.
   [Spark] Pointer Graph simplified in 0.0 seconds.
   [Spark] Propagation in 5.1 seconds.
   [Spark] Solution found in 5.1 seconds.
   Callback analysis done.
   Found 0 layout controls
   Using '/Users/xueliang/Documents/tools/sootpackages/android-4.0.3_r1.jar' as android.jar"

2. A large list of warnings displays all the phantom classes, like

    Warning: java.lang.NoClassDefFoundError is a phantom class!
    Warning: java.lang.StringBuffer is a phantom class!
    Warning: java.lang.Boolean is a phantom class!
    Warning: java.lang.Long is a phantom class!
    Warning: java.lang.Integer is a phantom class!
    Warning: java.lang.Short is a phantom class!
    …………………………….

3. The generated main method, like

     public static void dummyMainMethod()
    {
        int $i0;
        org.cocos2d.tests.SoundEngineTest $r0;
        ……………………………………

4. Repeat steps 1 to 3 for three times, exactly the same message.

5. Transform all the classes in the app, like

   Transforming org.cocos2d.tests.ActionsTest$ActionProperty...
   Transforming com.badlogic.gdx.physics.box2d.joints.MouseJointDef...
   Transforming org.cocos2d.nodes.CCLabel...
   Transforming org.cocos2d.utils.collections.ConcNodeCachingLinkedQueue...
   Transforming org.cocos2d.transitions.CCRadialCCWTransition…
   ………………………..
6. End with a number “30606” in the last line.

Could anyone tell me what happened? And how to fix it to get the desired call graph? Thank you!!

Best wishes
Xueliang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141029/160ca5d1/attachment.html 