[Soot-list] call graph for apk is incomplete

Mon Jun 15 23:14:16 EDT 2015

Hi all,
I used soot as a eclipse plugin,and I catched the call graph for apk files,but my result was incomplete.
The following code is that how I generated the dummymainmethod:
<snip>
soot.G.reset();
Options.v().set_src_prec(Options.src_prec_apk);

Options.v()
.set_process_dir(
Collections
.singletonList("D:/Program Files/soot/eclipse-soot/workspace/Test/bin/test5-29.apk"));

Options.v().set_force_android_jar("D:/Program Files/soot/android-17/android--1/android.jar");
Options.v().set_output_format(0);

Options.v().set_whole_program(true);

Options.v().set_allow_phantom_refs(true);

Options.v().set_output_format(Options.output_format_none);
PhaseOptions.v().setPhaseOption("cg", "enabled:true");
PhaseOptions.v().setPhaseOption("cg", "implicit-entry:false");
PhaseOptions.v().setPhaseOption("cg", "verbose:true");
PhaseOptions.v().setPhaseOption("cg", "jdkver:7");
PhaseOptions.v().setPhaseOption("cg", "all-reachable:true");
Scene.v().loadNecessaryClasses();

SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();

Options.v().set_main_class(entryPoint.getSignature());

Scene.v().setEntryPoints(Collections.singletonList(entryPoint));

PackManager.v().runPacks();

System.out.println(Scene.v().getCallGraph().size());
CallGraph cg = Scene.v().getCallGraph();
</snip>

The following is my call graph result for one apk:

<dummyMainClass: void dummyMainMethod()>---invoke---<com.example.test.DisplayContactActivity1: void <init>()>

<com.example.test.DisplayContactActivity1: void <init>()>---invoke---<android.telephony.SmsManager: android.telephony.SmsManager getDefault()>

<com.example.test.DisplayContactActivity1: void <init>()>---invoke---<android.app.Activity: void <init>()>

<com.example.test.MainActivity: void <init>()>---invoke---<android.app.Activity: void <init>()>

<dummyMainClass: void dummyMainMethod()>---invoke---<com.example.test.MainActivity: void onCreate(android.os.Bundle)>

<com.example.test.MainActivity: void onCreate(android.os.Bundle)>---invoke---<android.app.Activity: void onCreate(android.os.Bundle)>

<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>---invoke---<java.lang.String: java.lang.String valueOf(int)>

<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>---invoke---<java.lang.StringBuilder: void <init>(java.lang.String)>

<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>---invoke---<android.widget.TextView: void <init>(android.content.Context)>

<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>---invoke---<com.example.test.DisplayContactActivity1: int add(int,int)>

<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>---invoke---<android.app.Activity: void onCreate(android.os.Bundle)>

<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>---invoke---<java.lang.String: java.lang.String valueOf(java.lang.Object)>

<dummyMainClass: void dummyMainMethod()>---invoke---<com.example.test.MainActivity: void <init>()>

<dummyMainClass: void dummyMainMethod()>---invoke---<com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>

I have two problems about the incomplete call graph:
1.   The call graph can just present the reachable method from the dummyMainMethod.But I want to catch the call graph from other mehod.I think I should change the entrypoint,but I don't know how to do it.For example,the following is the sourse code ship of the executed apk:
<snip>
public void onClick(View a) {
    String name=DisplayContactActivity1.catchContactNameByNumber(MainActivity.this);
    Intent intent = new Intent(MainActivity.this,DisplayContactActivity1.class);  
    startActivity(intent);
    }
</snip>
The "onClick" method will execute when you click the corresponding button.So,I don't know how to generate the call graph from the "onClick" method. 

2.   As presented in the result, targets of  the method <com.example.test.DisplayContactActivity1: void onCreate(android.os.Bundle)>is not complete.The following is jimple code for the "onClick" method:
<snip>

protected void onCreate(android.os.Bundle){

        com.example.test.DisplayContactActivity1 $r0;

        android.os.Bundle $r1;

        android.widget.TextView $r2, r7;

        int $i0;

        java.lang.String $r3, $r5;

        android.telephony.SmsManager $r4;

        java.lang.StringBuilder $r6, r8;

        android.content.Context r9;

        $r0 := @this: com.example.test.DisplayContactActivity1;

        $r1 := @parameter0: android.os.Bundle;

        specialinvoke $r0.<android.app.Activity: void onCreate(android.os.Bundle)>($r1);

        $i0 = virtualinvoke $r0.<com.example.test.DisplayContactActivity1: int add(int,int)>(1, 2);

        $r3 = staticinvoke <java.lang.String: java.lang.String valueOf(int)>($i0);

        r7 = new android.widget.TextView;

        $r2 = r7;

        r9 = (android.content.Context) $r0;

        specialinvoke r7.<android.widget.TextView: void <init>(android.content.Context)>(r9);

        virtualinvoke $r2.<android.widget.TextView: void setTextSize(float)>(40.0F);

        virtualinvoke $r2.<android.widget.TextView: void setText(java.lang.CharSequence)>($r3);

        virtualinvoke $r0.<com.example.test.DisplayContactActivity1: void setContentView(android.view.View)>($r2);

        $r4 = $r0.<com.example.test.DisplayContactActivity1: android.telephony.SmsManager smsManager>;

        $r5 = $r0.<com.example.test.DisplayContactActivity1: java.lang.String phoneNumber>;

        r8 = new java.lang.StringBuilder;

        $r3 = staticinvoke <java.lang.String: java.lang.String valueOf(java.lang.Object)>($r3);

        specialinvoke r8.<java.lang.StringBuilder: void <init>(java.lang.String)>($r3);

        $r6 = virtualinvoke r8.<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>("heoo");

        $r3 = virtualinvoke $r6.<java.lang.StringBuilder: java.lang.String toString()>();

        virtualinvoke $r4.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r5, null, $r3, null, null);

        return;

    }

</snip>
Where the code of red color was presented in my result,but the others was not. I  don't know how to deal with it.

Please help me!I am so appreciated!!

Best regards!!
ConlyXia

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150616/0a6220c9/attachment-0001.html 