[Soot-list] Identify virtual-call targets and library callee
Haipeng Cai
hcai at nd.edu
Sat Jul 26 00:39:53 EDT 2014
Thank you for your reply, Marc-Andre.
Yes I am using Spark with option "-p cg.spark verbose:false,
on-fly-cg:true,rta:true", and I am providing all the jars in the Soot
classpath except for Soot itself and I did have option "-allowphantom".
Also, when constructing the call graph, I used the default p2 analysis
(Scene.v().getPointsToAnalysis()) for the CallgraphBuilder.
Is there something wrong in my settings that caused missing outgoing edges
for a call site in the graph?
Best,
On Fri, Jul 25, 2014 at 11:31 AM, Marc-André Laverdière <
marc-andre.laverdiere-papineau at polymtl.ca> wrote:
> Hi Haipeng,
>
> Call graph construction is a difficult beast. Soot has a lot of options
> that may also impact the call graph construction algorithm. It also
> affects the class hierarchy, which is also going to affect the call graph.
>
> First, are you using Spark? Which settings?
> Everything besides CHA relies on 'new' statements in the program to
> determine which type could a given variable have. So if your application
> has things like dependency injection, then your life is even harder.
>
> Are you using phantom classes? No bodies for excluded? Are you providing
> all the jars in the Soot classpath? These things will affect the outcome.
>
> I've been working on JEE applications and I resort to a lot of tricks to
> try to make the call graph smaller. This results in a lot of missing
> edges, which need to be compensated somehow. I've generally compensated
> by using the declared SootMethod in the InvokeExpr but that's not
> perfect. Flowdroid is doing the same BTW.
>
> Regards,
>
> Marc-André Laverdière-Papineau
> Doctorant - PhD Candidate
>
> On 07/24/2014 08:14 PM, Haipeng Cai wrote:
> > Hi All,
> >
> > I am doing a static interprocedural dependence analysis with Soot for
> > Java programs and having two difficulties:
> >
> > 1. How do I safely identify all possible callees at a call site,
> > especially virtual call site?
> >
> > 2. How should I discern, among all the callees identified above, library
> > callees from application callees?
> >
> > I have tried the CallGraph class, which seems to be quite incomplete; I
> > also noticed that there is a method "IsJDKLibraryCall" in SootMethod
> > class, which only tells JDK library calls from others, though.
> >
> > Any thoughts and advises are appreciated.
> > Thanks,
> >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> > <https://mailman.cs.mcgill.ca/mailman/listinfo/soot-list>
> >
> >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140726/1965614e/attachment.html
More information about the Soot-list
mailing list