[Soot-list] Soot/Spark GC overhead limit exceeded and the Android Framework
Steven Arzt
Steven.Arzt at cased.de
Thu Apr 2 15:19:21 EDT 2015
Hi Jason,
You put a directory “android_source_dir“ as the Soot process directory. This means that all classes in there will be read in, including all associated method bodies. What exactly are the contents of this directory? Is this the full implementation of the Android OS? If so, you will most likely need a lot of memory. Why don’t you just put that directory on the Soot classpath alone and leave it out from the process directory? As long as you don’t want to instrument these classes, it’s fine to just have them “in the back” so that Soot can load those classes which are actually required, instead of pro-actively loading them all.
Secondly, I see that you use a non-static method as your entry point. This will not give you a complete callgraph. SPARK, the Soot pointer-analysis and callgraph framework, works by propagating allocation nodes. If you jump into an instance method, SPARK will never see an allocation site for the “this” local inside this method and will thus miss out on all edges from this local.
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Jason Ott
Gesendet: Donnerstag, 2. April 2015 20:15
An: soot-list at CS.McGill.CA
Betreff: [Soot-list] Soot/Spark GC overhead limit exceeded and the Android Framework
So I'm trying to run soot with spark on the Android Framework using a custom entry point.
Here is my the code that runs soot:
public class Main {
public static void main(String[] args) {
String entryPointClass = args[args.length-2];
String entryPointMethod = args[args.length-1];
System.out.println(entryPointClass + "." + entryPointMethod);
args = Arrays.copyOf(args, args.length-2);
long start = System.currentTimeMillis();
Options.v().parse(args);
SootClass c = Scene.v().forceResolve(entryPointClass, SootClass.BODIES);
c.setApplicationClass();
Scene.v().loadNecessaryClasses();
SootMethod method = c.getMethodByName(entryPointMethod);
List entryPoints = new ArrayList();
entryPoints.add(method);
Scene.v().setEntryPoints(entryPoints);
PackManager.v().runPacks();
soot.jimple.toolkits.callgraph.CallGraph callgraph = Scene.v().getCallGraph();
System.out.println("[TestSpark] Call graph size " + callgraph.size());
System.out.println(String.format("It took: %d seconds to generate a callgraph for: %s",
TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - start),
entryPointClass +"."+ entryPointMethod));
}
}
I would run this as follows:
java -Xmx:1024mb -jar mySpark.jar -p cg.spark on -process-dir /Users/jason/Desktop/android/pscout/android_source_dir/ -cp /Users/jason/Desktop/android/pscout/android_source_dir:. -allow-phantom-refs android.content.ClipboardManager hasText
The last two args end up being the api class and the api method that I want to start the graph at.
When I run this jar I get a "java.lang.OutOfMemoryError: GC overhead limit exceeded" error. I've given the JVM as mucha s 8gb and it still exhausts memory.
Now I must admit that to even get this to work I had to tweak the Soot source code a bit. I had to alter the following:
* Line 99 in soot/src//soot/asm/SootClassBuilder.java will not throw an exception with my code. The line now prints an error and moves on. As I was reading the code and reading other examples, this is tolerable because Soot still finds the methods in those classes (presumably, as it doesn't throw any errors about not finding methods)
Can soot handle the entire android framework?
Is my method and approach proper?
Are there any indications as to why I'm running into a GC Memory error and how to fix it?
Is my change to soot source code the root of this problem?
Thank you for any assistance you may provide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150402/4ae50a7d/attachment-0001.html
More information about the Soot-list
mailing list