[Soot-list] Soot exception during call graph build phase

Heejong Lee heejong at gmail.com
Thu Oct 4 04:35:22 EDT 2012 

Thanks for your helps.

I found that there was a code that illegally modified invoke statement
in our code. It calls an abstract method with a special invoke statement.

Thank you again.

-- Heejong


On Wed, Sep 26, 2012 at 9:48 PM, Andrea Mattavelli
<andrea.mattavelli at usi.ch> wrote:
> Hi Heejong,
> as Eric pointed out the check is correct, since the method calls inside the call graph are always concrete.
>
> You (as I did) are encountering problems since you are not using Soot in the correct way: you have to invoke soot.main.Main(…) and then get the result by means of a SceneTransformer.
> Here it is a naive example that I used some time ago:
>
> public static void main(String args[]){
> soot.options.Options.v().set_soot_classpath(...);
> soot.options.Options.v().set_whole_program(true);
> soot.options.Options.v().allow_phantom_refs();
> soot.options.Options.v().setPhaseOption("jb","use-original-names:true");
>
> PackManager.v().getPack("wjtp").add(new Transform("wjtp.myTrans", new SceneTransformer() {
>
> @Override
> protected void internalTransform(String arg0, Map arg1) {
>> }
> }));
>
> soot.Main.main(new String[]{
> "-f", "none",
> "-main-class", "com.google.javascript.jscomp.CommandLineRunner",
> "-process-dir", ".../closure-compiler/build/classes"
> });
>
> soot.Scene.v().getCallGraph();
> }
>
>
> Hope this helps.
>
>
> _________________________
>
> Andrea Mattavelli
>
> PhD Student
> Faculty of Informatics
> University of Lugano
> via G. Buffi 13
> CH-6900 Lugano - Switzerland
>
> email:    andrea.mattavelli at usi.ch<mailto:andrea.mattavelli at usi.ch>
> phone:  +41 58 666 4312
> http://star.inf.usi.ch<http://star.inf.usi.ch/>
>
> On 26-set-2012, at 10:31, Heejong Lee <heejong at gmail.com<mailto:heejong at gmail.com>> wrote:
>
> Hi Eric and Andrea,
>
> I've encountered the same problem as yours:
>
> java.lang.RuntimeException: cannot set body for non-concrete method!
> <com.yahoo.mobile.client.share.receiver.TimedSingleBroadcastReceiver:
> void onReceiveBroadcast(android.content.Context,android.content.Intent)>
> at soot.SootMethod.setActiveBody(SootMethod.java:338)
> at soot.SootMethod.retrieveActiveBody(SootMethod.java:322)
> at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:531)
> at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:426)
> at soot.jimple.toolkits.callgraph.CallGraphBuilder.build(CallGraphBuilder.java:84)
> at soot.jimple.toolkits.callgraph.CHATransformer.internalTransform(CHATransformer.java:43)
> at soot.SceneTransformer.transform(SceneTransformer.java:39)
> at soot.Transform.apply(Transform.java:89)
> at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
> at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
> at soot.Pack.apply(Pack.java:114)
> at soot.PackManager.runWholeProgramPacks(PackManager.java:417)
> at soot.PackManager.runPacks(PackManager.java:336)
> at soot.Main.run(Main.java:198)
>
> And I used following options (it's Scala code but readable
> for Java programmers):
>    soot.G.reset()
>    soot.options.Options.v().set_allow_phantom_refs(true)
>    soot.options.Options.v().set_unfriendly_mode(true)
>    soot.options.Options.v().set_prepend_classpath(true)
>    soot.options.Options.v().set_output_format(10)
>    soot.options.Options.v().set_whole_program(true)
>    soot.options.Options.v().set_no_bodies_for_excluded(true)
>    classPath ++= List(jarFile, jars("android.jar"), jars("maps.jar"))
>    classPath.reduceLeftOption{_+":"+_}.foreach{
>      soot.options.Options.v().set_soot_classpath(_)
>    }
>    soot.options.Options.v().set_process_dir(List(jarFile))
>    Scene.v().loadNecessaryClasses()
>    soot.Main.v().run(emptyArray)
>
> Sorry for asking again, but OnFlyCallGraphBuilder.processNewMethod
> only checks for "m.isNative() || m.isPhantom()", not "m.isAbstract()".
> Is it okay to do that? I found that the method(onReceiveBroadcast) which
> throws an exception here is an abstract method.
>
> Andrea, could you tell me how you solved your problem?
>
> Thanks,
> -- Heejong
>
>
> On Wed, Jan 18, 2012 at 11:56 PM, Eric Bodden <eric.bodden at ec-spride.de<mailto:eric.bodden at ec-spride.de>> wrote:
> Hi Andrea.
>
> This may be a side-effect of the phantom-refs option, but I a not
> sure. Instead of writing your own driver class and calling
> CallGraphBuilder yourself, have you tried just calling
> soot.Main.main(..) and accessing the call graph from within a
> SceneTransformer? That should leave less room for error on your side.
>
> Eric
>
> On 18 January 2012 14:15, Andrea Mattavelli <andrea.mattavelli at usi.ch<mailto:andrea.mattavelli at usi.ch>> wrote:
> Hi Eric,
> thanks for your response, that's exactly what I think.
>
> org.omegat.gui.editor.IEditor is an interface and Soot recognize <java.lang.String getCurrentFile()> as a non concrete method correctly.
>
> I'm currently invoking Soot as follow (they are two pieces of non consecutive code):
>
>       Options.v().set_allow_phantom_refs(true);
>       Options.v().keep_line_number();
>       Options.v().set_whole_program(true);
>       Options.v().set_soot_classpath([…]);
>
> […]
>
>       ArrayList<SootMethod> applMethods = new ArrayList<SootMethod>();
>       Set<Entry<SootClass, ArrayList<SootMethod>>> entries = ClassRegistry.getInstance().getClasses().entrySet();
>       for (Entry<SootClass, ArrayList<SootMethod>> entry : entries) {
>               applMethods.addAll(entry.getValue());
>       }
>       Scene.v().setEntryPoints(applMethods);
>       Scene.v().loadNecessaryClasses();
>
>       // build call graph
>       CallGraphBuilder cgBuilder = new CallGraphBuilder();
>       cgBuilder.build();
>       CallGraph callGraph = Scene.v().getCallGraph();
>
>
> What am I doing wrong?
> Thank you very much for your help!
>
> Andrea
>
> On 18-gen-2012, at 13:00, Eric Bodden wrote:
>
> Hi Andreas.
>
> I checked the OnFlyCallGraphBuilder code and I found that into processReachables() and processNewMethod(SootMethod m) there are no checks to verify that the processed method is concrete.
> Is it the code "buggy" or am I invoking the call graph builder in the wrong way?
>
> I would be surprised if this code was buggy; we should have seen this
> issue long before then. What's the status of
> org.omegat.gui.editor.IEditor: java.lang.String getCurrentFile() ? Is
> it an abstract or native method or is it just a regular one?
>
> Also, how are you invoking the analysis?
>
> Eric
>
>
>
>
> --
> Eric Bodden, Ph.D., http://bodden.de/
> Head of Secure Software Engineering Group at EC SPRIDE
> Principal Investigator in Secure Services at CASED
> Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
> Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca<mailto:Soot-list at sable.mcgill.ca>
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
>
>
> --
> Heejong Lee
>
> Associate Research Engineer
> Program Analysis Division
> Fasoo.com<http://Fasoo.com>, Inc. (www.spa-arrow.com<http://www.spa-arrow.com>)
>



-- 
Heejong Lee

Associate Research Engineer
Program Analysis Division
Fasoo.com, Inc. (www.spa-arrow.com)

More information about the Soot-list mailing list