search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.02k stars 292 forks source link

Generating CallGraph for android #676

Open Jennie2hang opened 7 months ago

Jennie2hang commented 7 months ago

when I analysis android code like:

protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        int a =5,b=7;
        int result = addNumbers(a, b);
        subNumbers(7,5);
        int result1 =subNumbers1(7,5);
        printResult(result);
    }

    private int subNumbers(int a, int b) {
        return a - b;
    }
    private int subNumbers1(int a, int b) {
        return a - b;
    }

    private int addNumbers(int a, int b) {
        subNumbers(7,5);
        return a + b;
    }

    private void printResult(int result) {
        System.out.println("Result: " + result);
    }

the method addNumbers(a, b) is not resolved in the call graph, why this situation happened?

timll commented 7 months ago

Are you certain that the int result = addNumbers(a,b) call site still exists in the app? Either ProGuard or FlowDroid's inter-procedural constant propagation might have eliminated the call here. You can dump the jimple IR used by FlowDroid to the disk with the -wj command line flag or with config.setWriteOutputFiles(true);.

Jennie2hang commented 7 months ago

Are you certain that the int result = addNumbers(a,b) call site still exists in the app? Either ProGuard or FlowDroid's inter-procedural constant propagation might have eliminated the call here. You can dump the jimple IR used by FlowDroid to the disk with the -wj command line flag or with config.setWriteOutputFiles(true);.

Thanks a bunch for your advice! It is indeed that FlowDroid's inter-procedural constant propagation has done away with the addNumbers(a, b) call site in the app.