I want to do a static analysis of an Android app with Androguard. Particularly, I am interested to identify whether a particular library method is called. However, as the method call could be in a part of the code that is never reached, would the static analysis with Androguard account for that? If not, is there a different tool that I can use? (On a side note, as I need to do a large-scale analysis of many apps, the tool should be automatable, which I understand is the case for Androguard.)
Asked
Active
Viewed 369 times
0
Marcin Orlowski
- 72,056
- 11
- 123
- 141
You_got_it
- 331
- 3
- 12
-
Determining whether a particular line of code is executed is Undecidable, so any implementation of this wouldn't be perfect. I'm not familiar with Androguard, though, so I don't know if it takes care of this in obviously unreachable code blocks. – IanPudney Jul 12 '15 at 21:43
-
Your question is Androguard specific. Dead code can be detected at compile time and this is what even your IDE would do, not to mention tools like ProGuard – Marcin Orlowski Jul 12 '15 at 21:52
1 Answers
1
You can use JArchitect and create your custom CQLinq queries to query the codebase and check if a method is callable or not, many other possibilities are provided by CQLinq to create advanced queries.
James from CppDepend Team
- 1,365
- 8
- 9