[Soot-list] IFDSReachingDefinitions
ochipara at gmail.com
ochipara at gmail.com
Sun Apr 12 14:44:07 EDT 2015
Eric,
Thanks for looking into this. It would be useful to have a “complete” example for an analysis such as reaching definition since it is a standard problem. I have submitted a bug report: https://github.com/Sable/soot/issues/389. I do not think I can assign you to the bug report:
Thanks,
— Octav
> On Apr 11, 2015, at 2:21 AM, Bodden, Eric <eric.bodden at sit.fraunhofer.de> wrote:
>
> Hi Octav.
>
> The example analysis you are looking at is really just that: a very cheap, simplistic example analysis that I coded up within half an hour or so. There might be many corner cases that it does not handle correctly. You hit one of those. A real analysis would have to handle such cases in a sensible way to be sound, but IFDSReachingDefinitions does not.
>
> Having said that, we should probably fix IFDSReachingDefinitions. If you fill an issue on Github and assign it to me I can look into this later.
>
> All the best,
> Eric
>
>> On 10.04.2015, at 19:56, Octav Chipara <ochipara at gmail.com> wrote:
>>
>> Dear Steve,
>>
>> I see. However, I thought that the additional edges are necessary to appropriately handle concurrency and the like. Will removing them or skipping them make the analysis unsound?
>>
>> -- Octav
>>
>> On Friday, April 10, 2015 at 12:12:07 PM UTC-5, Steven Arzt wrote:
>> This happens because Soot creates fake callgraph edges for certain methods such as Thread.run(). In this case, the assumption that the number of arguments inside the call site matches the number of formal parameters of the callee, does not hold. A client analysis must either take care of such cases or use a filter on the callgraph to not handle edges that have such special kinds. (There is actually a “kind” property on the edge that you can check).
>>
>>
>> The example analyses inside Soot presumably don’t handle this well.
>>
>>
>> Von: soot-lis... at CS.McGill.CA [mailto:soot-lis... at CS.McGill.CA] Im Auftrag von Octav Chipara
>> Gesendet: Freitag, 10. April 2015 19:02
>> An: soot... at googlegroups.com
>> Cc: soot... at CS.McGill.CA
>> Betreff: Re: [Soot-list] IFDSReachingDefinitions
>>
>>
>> Eric,
>>
>>
>> Thanks for the quick reply. The method is:
>>
>>
>> <sun.security.action.GetPropertyAction: java.lang.Object run()>
>>
>>
>> The exception is thrown in SootMethod:266 asking for argument 0 that does not exist.
>>
>>
>> -- Octav
>>
>>
>> PS: I modified my -cp path to explicitly include the rt.jar and jce.jar from jdk7. Should I use it with jdk6?
>>
>>
>>
>>
>> On Friday, April 10, 2015 at 11:57:30 AM UTC-5, Bodden, Eric wrote:
>>
>> Hmm, this is odd.
>>
>> This looks like you are processing a call site for which the call site itself has actually an argument while the resolved callee method does not. Can you set a breakpoint or add a println to see which method call Soot processes when throwing the exception?
>>
>> Cheers,
>> Eric
>>
>>> On 10.04.2015, at 18:37, ochi... at gmail.com wrote:
>>>
>>> Hi,
>>>
>>> I am trying to run the IFDSReachingDefinitions analysis on a trivial example. However, I am getting the exception included below. I suspect that this is an issue with how I configure soot. I have to apologize if the question is naive, I am just getting started with soot.
>>>
>>> Thanks,
>>> — Octav
>>>
>>> [Thread-1] ERROR heros.solver.IDESolver - Worker thread execution failed: Index: 0, Size: 0
>>> java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
>>> at java.util.ArrayList.rangeCheck(ArrayList.java:635)
>>> at java.util.ArrayList.get(ArrayList.java:411)
>>> at java.util.Collections$UnmodifiableList.get(Collections.java:1211)
>>> at soot.SootMethod.getParameterType(SootMethod.java:266)
>>> at soot.jimple.toolkits.ide.exampleproblems.IFDSReachingDefinitions$1$2.computeTargets(IFDSReachingDefinitions.java:111)
>>> at soot.jimple.toolkits.ide.exampleproblems.IFDSReachingDefinitions$1$2.computeTargets(IFDSReachingDefinitions.java:1)
>>> at heros.ZeroedFlowFunctions$ZeroedFlowFunction.computeTargets(ZeroedFlowFunctions.java:58)
>>> at heros.solver.IDESolver.computeCallFlowFunction(IDESolver.java:397)
>>> at heros.solver.IDESolver.processCall(IDESolver.java:330)
>>> at heros.solver.IDESolver.access$0(IDESolver.java:313)
>>> at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:856)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>> at java.lang.Thread.run(Thread.java:744)
>>> Exception in thread "Thread-1" java.lang.InterruptedException
>>> at java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireSharedInterruptibly(AbstractQueuedSynchronizer.java:996)
>>> at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireSharedInterruptibly(AbstractQueuedSynchronizer.java:1303)
>>> at heros.solver.CountLatch.awaitZero(CountLatch.java:75)
>>> at heros.solver.CountingThreadPoolExecutor.awaitCompletion(CountingThreadPoolExecutor.java:79)
>>> at heros.solver.IDESolver.runExecutorAndAwaitCompletion(IDESolver.java:258)
>>> at heros.solver.IDESolver.awaitCompletionComputeValuesAndShutdown(IDESolver.java:233)
>>> at heros.solver.IDESolver.solve(IDESolver.java:207)
>>> at soot.jimple.toolkits.ide.JimpleIFDSSolver.solve(JimpleIFDSSolver.java:54)
>>> at ReachingDefinitions$1.internalTransform(ReachingDefinitions.java:40)
>>> at soot.SceneTransformer.transform(SceneTransformer.java:39)
>>> at soot.Transform.apply(Transform.java:90)
>>> at soot.ScenePack.internalApply(ScenePack.java:40)
>>> at soot.Pack.apply(Pack.java:116)
>>> at soot.PackManager.runWholeProgramPacks(PackManager.java:564)
>>> at soot.PackManager.runPacksNormally(PackManager.java:456)
>>> at soot.PackManager.runPacks(PackManager.java:391)
>>> at soot.Main.run(Main.java:244)
>>> at soot.Main.main(Main.java:152)
>>> at ReachingDefinitions.main(ReachingDefinitions.java:46)
>>> java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
>>> at java.util.ArrayList.rangeCheck(ArrayList.java:635)
>>> at java.util.ArrayList.get(ArrayList.java:411)
>>> at java.util.Collections$UnmodifiableList.get(Collections.java:1211)
>>> at soot.SootMethod.getParameterType(SootMethod.java:266)
>>> at soot.jimple.toolkits.ide.exampleproblems.IFDSReachingDefinitions$1$2.computeTargets(IFDSReachingDefinitions.java:111)
>>> at soot.jimple.toolkits.ide.exampleproblems.IFDSReachingDefinitions$1$2.computeTargets(IFDSReachingDefinitions.java:1)
>>> at heros.ZeroedFlowFunctions$ZeroedFlowFunction.computeTargets(ZeroedFlowFunctions.java:58)
>>> at heros.solver.IDESolver.computeCallFlowFunction(IDESolver.java:397)
>>> at heros.solver.IDESolver.processCall(IDESolver.java:330)
>>> at heros.solver.IDESolver.access$0(IDESolver.java:313)
>>> at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:856)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>> at java.lang.Thread.run(Thread.java:744)
>>> java.lang.RuntimeException: There were exceptions during IDE analysis. Exiting.
>>> at heros.solver.IDESolver.runExecutorAndAwaitCompletion(IDESolver.java:264)
>>> at heros.solver.IDESolver.awaitCompletionComputeValuesAndShutdown(IDESolver.java:233)
>>> at heros.solver.IDESolver.solve(IDESolver.java:207)
>>> at soot.jimple.toolkits.ide.JimpleIFDSSolver.solve(JimpleIFDSSolver.java:54)
>>> at ReachingDefinitions$1.internalTransform(ReachingDefinitions.java:40)
>>> at soot.SceneTransformer.transform(SceneTransformer.java:39)
>>> at soot.Transform.apply(Transform.java:90)
>>> at soot.ScenePack.internalApply(ScenePack.java:40)
>>> at soot.Pack.apply(Pack.java:116)
>>> at soot.PackManager.runWholeProgramPacks(PackManager.java:564)
>>> at soot.PackManager.runPacksNormally(PackManager.java:456)
>>> at soot.PackManager.runPacks(PackManager.java:391)
>>> at soot.Main.run(Main.java:244)
>>> at soot.Main.main(Main.java:152)
>>> at ReachingDefinitions.main(ReachingDefinitions.java:46)
>>> Caused by: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
>>> at java.util.ArrayList.rangeCheck(ArrayList.java:635)
>>> at java.util.ArrayList.get(ArrayList.java:411)
>>> at java.util.Collections$UnmodifiableList.get(Collections.java:1211)
>>> at soot.SootMethod.getParameterType(SootMethod.java:266)
>>> at soot.jimple.toolkits.ide.exampleproblems.IFDSReachingDefinitions$1$2.computeTargets(IFDSReachingDefinitions.java:111)
>>> at soot.jimple.toolkits.ide.exampleproblems.IFDSReachingDefinitions$1$2.computeTargets(IFDSReachingDefinitions.java:1)
>>> at heros.ZeroedFlowFunctions$ZeroedFlowFunction.computeTargets(ZeroedFlowFunctions.java:58)
>>> at heros.solver.IDESolver.computeCallFlowFunction(IDESolver.java:397)
>>> at heros.solver.IDESolver.processCall(IDESolver.java:330)
>>> at heros.solver.IDESolver.access$0(IDESolver.java:313)
>>> at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:856)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>> at java.lang.Thread.run(Thread.java:744)
>>>
>>>
>>> _______________________________________________
>>> Soot-list mailing list
>>> Soot... at CS.McGill.CA
>>> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>>
>> --
>> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
>> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
>> Tel: +49 6151 16-75422 Fax: +49 6151 869-127
>> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
>>
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at CS.McGill.CA
>> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
> --
> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
> Tel: +49 6151 16-75422 Fax: +49 6151 869-127
> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
>
More information about the Soot-list
mailing list