[Soot-list] Missing edges in call graph generated by Spark
Cheng Zhang
cheng.zhang.stap at gmail.com
Mon Feb 8 06:03:32 EST 2010
Hi, Eric,
Thanks for your reply.
I've traced the program execution via manual instrumentation, and
found that the method "render" will be executed from the entry
org.apache.fop.apps.Fop.main(String[]).
Then I changed the -main-class argument, and reran Soot with Spark enabled.
But the edges are still missing.
By browsing the source code of fop, I found that the object for "parser"
(whose type is org.xml.sax.XMLReader) is
created in method "createParser()" (in class
org.apache.fop.apps.InputHandler). Its source code is shown as below:
protected static XMLReader createParser() throws FOPException {
try {
SAXParserFactory spf =
javax.xml.parsers.SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
XMLReader xmlReader = spf.newSAXParser().getXMLReader();
MessageHandler.logln("Using " + xmlReader.getClass().getName() +
" as SAX2 Parser");
return xmlReader;
} catch (javax.xml.parsers.ParserConfigurationException e) {
throw new FOPException(e);
} catch (org.xml.sax.SAXException e) {
throw new FOPException( e);
}
}
By further exploring the source code (of javax.xml.parsers.SAXParserFactory,
javax.xml.parsers.FactoryFinder, etc.),
I found that the object for "spf" is created in
javax.xml.parsers.FactoryFinder via dynamic class loading and a call to
newInstance():
...
Class providerClass;
if (cl == null) {
providerClass = Class.forName(className);
} else {
try {
providerClass = cl.loadClass(className);
} catch (ClassNotFoundException JavaDoc x) {
...
}
}
Object JavaDoc instance = providerClass.newInstance();
return instance;
...
The actual class of the created object for "spf" is
org.apache.xerces.jaxp.SAXParserFactoryImpl.
Afterwards things seem to be straight. The call "spf.newSAXParser()" creates
an object of org.apache.xerces.jaxp.SAXParserImpl
by calling its constructor, and SAXParserImpl() in turn calls the
constructor of org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser
which is the actual class of variable "parser" used in method "render".
In order to try -dynamic-class option, I also read the warnings like:
"Warning: Class sun.nio.cs.ext.ExtendedCharsets is a dynamic class, and you
did not specify it as such; graph will be incomplete!",
But failed to find any clue...
I am still wondering whether it is possible that the dynamic loading causes
the missing edges? If so, are there any Spark options I could use to find
these edges? If I should use -dynamic-class option, which classes shall I
try to specify as dynamic?
Thanks,
Cheng
On Mon, Feb 8, 2010 at 4:38 PM, Eric Bodden <
bodden at st.informatik.tu-darmstadt.de> wrote:
> Hi Cheng.
>
> From your description it sounds like the method "render" is actually
> not executed through your main class. The fact that there are no "blue
> nodes" for "parser" means that no object is ever assigned to this
> variable, at least not when executing the particular main class with
> respect to which Soot analyzes the program.
>
> Eric
>
> --
> Eric Bodden
> Software Technology Group, Technische Universität Darmstadt, Germany
> Tel: +49 6151 16-5478 Fax: +49 6151 16-5410
> Mailing Address: S2|02 A209, Hochschulstraße 10, 64289 Darmstadt
>
>
>
> On 8 February 2010 05:00, Cheng Zhang <cheng.zhang.stap at gmail.com> wrote:
> > Hi,
> > I am trying to use Spark (without VTA or RTA enabled) to generate a
> static
> > call graph for fop-0.20.5 from DaCapo-2006-10-MR2.
> > But I find that some edges are missing in the generated call graph. The
> > caller is method render (in class org.apache.fop.apps.Driver) whose
> source
> > code is shown as below:
> > public synchronized void render(XMLReader parser, InputSource source)
> > throws FOPException {
> > parser.setContentHandler(getContentHandler());
> > try {
> > parser.parse(source);
> > } catch (SAXException e) {
> > if (e.getException() instanceof FOPException) {
> > throw (FOPException)e.getException();
> > } else {
> > throw new FOPException(e);
> > }
> > }
> > catch (IOException e) {
> > throw new FOPException(e);
> > }
> > }
> > The call graph contains all the possible method calls except for
> > "parser.parse(source)" and
> "parser.setContentHandler(getContentHandler())".
> > By exploring the dumped pag.jar, I found that there are no "reaching blue
> > nodes" for the corresponding variables.
> > Here is the command line I use (I also tried -include-all):
> > -keep-line-number -w -p cg
> > safe-forname:true,safe-newinstance:true,verbose:true -p cg.spark
> > enabled:true,verbose:true,dump-html:true -pp -cp
> >
> /home/chengzhang/dacapo-2006-10-MR2/for_Soot/fop/:/home/chengzhang/dacapo-2006-10-MR2/for_Soot/fop-deps.jar
> > -i org. -process-dir /home/chengzhang/dacapo-2006-10-MR2/for_Soot/fop/
> > -main-class dacapo.fop.Main
> > Since I am new to Spark, I can't quite understand all the cg.spark
> options.
> > Shall I try some other options? Does anyone have some similar experience?
> > Any comments or hints will be highly appreciated.
> > Thank you.
> > Cheng
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at sable.mcgill.ca
> > http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20100208/563d184f/attachment.html
More information about the Soot-list
mailing list