[Soot-list] Soot exception during call graph build phase

Heejong Lee heejong at gmail.com
Wed Sep 26 04:31:04 EDT 2012 

Hi Eric and Andrea,

I've encountered the same problem as yours:

java.lang.RuntimeException: cannot set body for non-concrete method!
<com.yahoo.mobile.client.share.receiver.TimedSingleBroadcastReceiver:
void onReceiveBroadcast(android.content.Context,android.content.Intent)>
	at soot.SootMethod.setActiveBody(SootMethod.java:338)
	at soot.SootMethod.retrieveActiveBody(SootMethod.java:322)
	at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:531)
	at soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:426)
	at soot.jimple.toolkits.callgraph.CallGraphBuilder.build(CallGraphBuilder.java:84)
	at soot.jimple.toolkits.callgraph.CHATransformer.internalTransform(CHATransformer.java:43)
	at soot.SceneTransformer.transform(SceneTransformer.java:39)
	at soot.Transform.apply(Transform.java:89)
	at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
	at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
	at soot.Pack.apply(Pack.java:114)
	at soot.PackManager.runWholeProgramPacks(PackManager.java:417)
	at soot.PackManager.runPacks(PackManager.java:336)
	at soot.Main.run(Main.java:198)

And I used following options (it's Scala code but readable
for Java programmers):
    soot.G.reset()
    soot.options.Options.v().set_allow_phantom_refs(true)
    soot.options.Options.v().set_unfriendly_mode(true)
    soot.options.Options.v().set_prepend_classpath(true)
    soot.options.Options.v().set_output_format(10)
    soot.options.Options.v().set_whole_program(true)
    soot.options.Options.v().set_no_bodies_for_excluded(true)
    classPath ++= List(jarFile, jars("android.jar"), jars("maps.jar"))
    classPath.reduceLeftOption{_+":"+_}.foreach{
      soot.options.Options.v().set_soot_classpath(_)
    }
    soot.options.Options.v().set_process_dir(List(jarFile))
    Scene.v().loadNecessaryClasses()
    soot.Main.v().run(emptyArray)

Sorry for asking again, but OnFlyCallGraphBuilder.processNewMethod
only checks for "m.isNative() || m.isPhantom()", not "m.isAbstract()".
Is it okay to do that? I found that the method(onReceiveBroadcast) which
throws an exception here is an abstract method.

Andrea, could you tell me how you solved your problem?

Thanks,
-- Heejong


On Wed, Jan 18, 2012 at 11:56 PM, Eric Bodden <eric.bodden at ec-spride.de> wrote:
> Hi Andrea.
>
> This may be a side-effect of the phantom-refs option, but I a not
> sure. Instead of writing your own driver class and calling
> CallGraphBuilder yourself, have you tried just calling
> soot.Main.main(..) and accessing the call graph from within a
> SceneTransformer? That should leave less room for error on your side.
>
> Eric
>
> On 18 January 2012 14:15, Andrea Mattavelli <andrea.mattavelli at usi.ch> wrote:
>> Hi Eric,
>> thanks for your response, that's exactly what I think.
>>
>> org.omegat.gui.editor.IEditor is an interface and Soot recognize <java.lang.String getCurrentFile()> as a non concrete method correctly.
>>
>> I'm currently invoking Soot as follow (they are two pieces of non consecutive code):
>>
>>        Options.v().set_allow_phantom_refs(true);
>>        Options.v().keep_line_number();
>>        Options.v().set_whole_program(true);
>>        Options.v().set_soot_classpath([…]);
>>
>> […]
>>
>>        ArrayList<SootMethod> applMethods = new ArrayList<SootMethod>();
>>        Set<Entry<SootClass, ArrayList<SootMethod>>> entries = ClassRegistry.getInstance().getClasses().entrySet();
>>        for (Entry<SootClass, ArrayList<SootMethod>> entry : entries) {
>>                applMethods.addAll(entry.getValue());
>>        }
>>        Scene.v().setEntryPoints(applMethods);
>>        Scene.v().loadNecessaryClasses();
>>
>>        // build call graph
>>        CallGraphBuilder cgBuilder = new CallGraphBuilder();
>>        cgBuilder.build();
>>        CallGraph callGraph = Scene.v().getCallGraph();
>>
>>
>> What am I doing wrong?
>> Thank you very much for your help!
>>
>> Andrea
>>
>> On 18-gen-2012, at 13:00, Eric Bodden wrote:
>>
>>> Hi Andreas.
>>>
>>>> I checked the OnFlyCallGraphBuilder code and I found that into processReachables() and processNewMethod(SootMethod m) there are no checks to verify that the processed method is concrete.
>>>> Is it the code "buggy" or am I invoking the call graph builder in the wrong way?
>>>
>>> I would be surprised if this code was buggy; we should have seen this
>>> issue long before then. What's the status of
>>> org.omegat.gui.editor.IEditor: java.lang.String getCurrentFile() ? Is
>>> it an abstract or native method or is it just a regular one?
>>>
>>> Also, how are you invoking the analysis?
>>>
>>> Eric
>>
>
>
>
> --
> Eric Bodden, Ph.D., http://bodden.de/
> Head of Secure Software Engineering Group at EC SPRIDE
> Principal Investigator in Secure Services at CASED
> Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
> Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list



-- 
Heejong Lee

Associate Research Engineer
Program Analysis Division
Fasoo.com, Inc. (www.spa-arrow.com)

More information about the Soot-list mailing list