Skip to content

Call Graph Generation

Call Graph Generation Algorithm

  1. Class Hierarchy Analysis (CHA)
    • Definition: Creating multiple edges to all of the overriden methods
    • Advantages: Fast; Don't miss any explicit invocation.
    • Disadvantages: Not very accurate.
  2. SPARK
    • Definition: Finding the actual type of variables using PointTo Analysis, it removes many spurious edges compared to CHA.
    • Advantages: More Accurate.
    • Disadvantages: Slow; Mistakenly filter out some true edges.

Gall Graph in Android

More Difficult

  • Challenges: An Android app consists of components (Acitvity, Service, BroadcastReceiver and ContentProvider) with complex lifecycles. All lifecycle callback methods and GUI callbacks will be called implicitly by the Android framework.
  • Solutions: FlowDroid can accurately generate call graphs for Android apps.