[Soot-list] Missing callgraph edges with Spark
Faridah Akinotcho
faridath.akinotcho at yahoo.fr
Mon May 9 15:11:20 EDT 2022
Hi Prof. Dr. Bodden,
Thank you for the reply! I am using bare Soot because I am trying to add a wjtp subphase and I couldn't figure out how to do with Flowdroid without having to extend it and override constructCallgraph. Would there be a way for me to this with Flowdroid?
Best regards,Faridah Akinotcho
Le lundi 9 mai 2022, 05:20:22 UTC−7, Eric Bodden <eric.bodden at uni-paderborn.de> a écrit :
Hi Faridah.
When creating callgraphs for Android you should be using our Soot-extension FlowDroid because it models Android’s lifecycle. When you use bare Soot then the callgraph will be very incomplete. Are you using FlowDroid already?
CheersEric
On 9. May 2022, at 00:11, Faridah Akinotcho <faridath.akinotcho at yahoo.fr> wrote:
Hi,
I am using Soot (org.soot.oss 4.2.1) to perform an interprocedural analysis on Android methods (in the wjtp phase). To this end, I am extracting reachable methods from Android lifecycles using Scene.v().getCallgraph().edgesOutOf(method). However, I noticed that some virtual and special edges seem to always be missing from the returned set. For e.g, given:
class B extends A{
void onCreate(...){
setContentView(C0027R.layout.merge);
super.onCreate(bundle);
setNextActivity(C.class);
}
}
class A{
public void setNextActivity(){
...
}
}
When computing the reachable methods for B.onCreate(), neither setContentView, super.onCreate or setNextActivity are included as targets for the outgoing edges (only clinit is returned). However, when using CHA instead of Spark, these are part of the returned set (along other overapproximations), so I am assuming there might be some issue when performing the points-to analysis. Here are the options I am using:
Options.v().set_src_prec(Options.src_prec_apk);Options.v().set_output_format(Options.output_format_none);
Options.v().set_no_bodies_for_excluded(true);Options.v().set_allow_phantom_refs(true);Options.v().set_android_jars(androidJar);
Options.v().set_process_dir(Collections.singletonList(apkPath));Options.v().set_soot_classpath(androidJar);Options.v().set_process_multiple_dex(true);
Options.v().set_whole_program(true);Options.v().setPhaseOption("cg", "all-reachable:true");Options.v().setPhaseOption("cg.spark", "on");Options.v().setPhaseOption("cg.spark", "verbose:true");Options.v().setPhaseOption("cg.spark", "string-constants:true");
Options.v().setPhaseOption("jb.ulp", "off"); Main.v().autoSetOptions();Scene.v().loadNecessaryClasses();
I would greatly appreciate any pointers about what I might be missing (maybe an option that wasn't set properly) or what the problem could be.
Best regards,Faridah Akinotcho
_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20220509/90b4512b/attachment.html>
More information about the Soot-list
mailing list