[Soot-list] Creating n-custom entry point call graphs

Jason Ott jott002 at ucr.edu
Tue Apr 28 13:06:54 EDT 2015 

I have 1,000+ methods that will be used as custom entry points to generate
a call graph.  They have different classes and what not.  I've tried a few
different things which I will list below, after I discuss my general
approach and shed some more light on exactly what I'm trying to do.

As I said I have N-number of methods that I want to generate a call graph
for.  They are in the following format:

android.accessibilityservice.IAccessibilityServiceClient$Stub$Proxy.onAccessibilityEvent,
android.accounts.IAccountAuthenticator$Stub.confirmCredentials,
android.app.admin.IDevicePolicyManager$Stub.setMaximumFailedPasswordsForWipe,
etc.

The class is actually an interface that contains a static inner class
(`$Stub`) that contains an inner class (`$Proxy`, which implements said
interface).  So `android.accessibilityservice.IAccessibilityServiceClient`
is an interface, `$Stub` is a static inner class to
`android.accessibilityservice.IAccessibilityServiceClient` and `$Proxy` is
an inner class to `$Stub`.

My logic for solving this is as follows:
// get records from disk...
while(records.hasNextRecord()) {

// get records from disk
while(records.hasNextRecord()) {
if(!setArgs) {
    Options.v().parse(args);
    setArgs = true;
}

SootClass sootClass = Scene.v().forceResolve(record.getClassName(),
SootClass.BODIES);
sootClass.setApplicationClass();
Scene.v().loadNecessaryClasses();
SootMethod sootMethod = sootClass.getMethodByName(record.getMethodName());
List<SootMethod> entryPoints = new ArrayList<SootMethod>();
entryPoints.add(sootMethod);
Scene.v().setEntryPoints(entryPoints);
PackManager.v().runPacks();

soot.jimple.toolkits.callgraph.CallGraph callgraph = Scene.v().getCallGraph();
System.out.println("[TestSpark] Call graph size " + callgraph.size());

System.out.println(String.format("It took: %d seconds to generate a
callgraph for: %s",
        TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - start),
        record.getClassName() + "." + record.getMethodName()));

System.out.println("=====================================");}

This allows me to generate the callgraph from the custom entry point.
After the second iteration I get the following exception:

Exception in thread "main" java.lang.ClassCastException:
soot.baf.internal.BIdentityInst cannot be cast to soot.jimple.Stmt
at
soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.getImplicitTargets(OnFlyCallGraphBuilder.java:604)
at
soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:530)
at
soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:420)
at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:55)
at
soot.jimple.spark.builder.ContextInsensitiveBuilder.build(ContextInsensitiveBuilder.java:76)
at
soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:84)
at soot.SceneTransformer.transform(SceneTransformer.java:39)
at soot.Transform.apply(Transform.java:90)
at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
at
soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
at soot.Pack.apply(Pack.java:116)
at soot.PackManager.runWholeProgramPacks(PackManager.java:563)
at soot.PackManager.runPacksNormally(PackManager.java:456)
at soot.PackManager.runPacks(PackManager.java:391)
at Main.main(Main.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)

I've tried adding all the methods per class to a the entry points and run
the callgraph when the class changes, obviously the above method,
one-by-one resolution, etc.  But the exception continues to persist.

Any ideas on how to build a callgraph for >50 different classes that
contain n-number of custom entry points that don't produce the exception
would be very helpful.  Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150428/05846f95/attachment.html

More information about the Soot-list mailing list