[Soot-list] Identify virtual-call targets and library callee
Haipeng Cai
hcai at nd.edu
Sat Jul 26 15:32:51 EDT 2014
Thanks again, Marc-Andre.
Actually I am calling soot.Main.main after a customized transformation
(extending SceneTransformer and implementing its abstract method
internalTranform) during the whole-jimple transformation pack (wjtp).
Right now I already started using a makeshift to temporarily meet my
analysis needs regardless of the incomplete callgraph problem I had. Later,
I guess I would try something further along the other possibility you
mentioned.
I assume that you mean Java EE by JEE, which I am not working on. I
appreciate your inputs.
Regards,
On Sat, Jul 26, 2014 at 11:17 AM, Marc-André Laverdière <
marc-andre.laverdiere-papineau at polymtl.ca> wrote:
> Hello Haipen,
>
> RTA is a more conservative analysis than Spark's own analysis, so I
> don't think this is an issue.
>
> Are you using the soot main? Normally, you don't get to specify the PTA
> for the call graph builder - so I'm guessing that you decided without.
> I'd encourage you to try again using the Soot main and see if that
> solves your problem.
>
> Another possibility is that the missing edges are targets to methods
> that are phantom. I suggest that you create a simple SceneTransformer to
> put in the WJTP phase and that goes through the reachable methods and
> checks for missing edges. Then, for each missing edge, check the phantom
> flag in the declaring class.
>
> By the way, are you working on JEE?
>
> Regards,
>
> Marc-André Laverdière-Papineau
> Doctorant - PhD Candidate
>
> On 07/26/2014 12:39 AM, Haipeng Cai wrote:
> > Thank you for your reply, Marc-Andre.
> >
> > Yes I am using Spark with option "-p cg.spark verbose:false,
> > on-fly-cg:true,rta:true", and I am providing all the jars in the Soot
> > classpath except for Soot itself and I did have option "-allowphantom".
> >
> > Also, when constructing the call graph, I used the default p2 analysis
> > (Scene.v().getPointsToAnalysis()) for the CallgraphBuilder.
> >
> > Is there something wrong in my settings that caused missing outgoing
> > edges for a call site in the graph?
> >
> > Best,
> >
> >
> > On Fri, Jul 25, 2014 at 11:31 AM, Marc-André Laverdière
> > <marc-andre.laverdiere-papineau at polymtl.ca
> > <mailto:marc-andre.laverdiere-papineau at polymtl.ca>> wrote:
> >
> > Hi Haipeng,
> >
> > Call graph construction is a difficult beast. Soot has a lot of
> options
> > that may also impact the call graph construction algorithm. It also
> > affects the class hierarchy, which is also going to affect the call
> > graph.
> >
> > First, are you using Spark? Which settings?
> > Everything besides CHA relies on 'new' statements in the program to
> > determine which type could a given variable have. So if your
> application
> > has things like dependency injection, then your life is even harder.
> >
> > Are you using phantom classes? No bodies for excluded? Are you
> providing
> > all the jars in the Soot classpath? These things will affect the
> > outcome.
> >
> > I've been working on JEE applications and I resort to a lot of
> tricks to
> > try to make the call graph smaller. This results in a lot of missing
> > edges, which need to be compensated somehow. I've generally
> compensated
> > by using the declared SootMethod in the InvokeExpr but that's not
> > perfect. Flowdroid is doing the same BTW.
> >
> > Regards,
> >
> > Marc-André Laverdière-Papineau
> > Doctorant - PhD Candidate
> >
> > On 07/24/2014 08:14 PM, Haipeng Cai wrote:
> > > Hi All,
> > >
> > > I am doing a static interprocedural dependence analysis with Soot
> for
> > > Java programs and having two difficulties:
> > >
> > > 1. How do I safely identify all possible callees at a call site,
> > > especially virtual call site?
> > >
> > > 2. How should I discern, among all the callees identified above,
> > library
> > > callees from application callees?
> > >
> > > I have tried the CallGraph class, which seems to be quite
> > incomplete; I
> > > also noticed that there is a method "IsJDKLibraryCall" in
> SootMethod
> > > class, which only tells JDK library calls from others, though.
> > >
> > > Any thoughts and advises are appreciated.
> > > Thanks,
> > >
> > > _______________________________________________
> > > Soot-list mailing list
> > > Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> > <mailto:Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>>
> > > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> > > <https://mailman.cs.mcgill.ca/mailman/listinfo/soot-list>
> > >
> > >
> > > _______________________________________________
> > > Soot-list mailing list
> > > Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> > > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> > >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
> >
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140726/ec81d2c4/attachment.html
More information about the Soot-list
mailing list