[Soot-list] Extract Call Graph from Jar but got nothing from EdgesInto
Nemo
chenfsd at gmail.com
Thu Sep 21 22:40:03 EDT 2017
Dear Team,
Good day. Thanks for all the efforts in developing and maintaining the Soot
framework. I am a researcher trying to leverage Soot API to generate call
graphs from Jar files (not from an Android app). In particular, given a
method foo, I would like to know what are the methods that might call foo.
For example:
In Class A, method1 invokes b.method2, b is an instance of Class B. When I
am extracting the functions which might call method2, I hope it can give me
method1.
The problem I currently have is, the methods I am studying are from library
class (which means it does not have a main class) and it is not a static
method as well. I have been using the tutorial from
https://github.com/Sable/soot/wiki/Using-Soot-with-custom-entry-points to
set entry points. The setup code is like: (due to security reasons, i have
to hide the real name of the method/class)
argsList.addAll(Arrays.asList(new String[]{
"-w",
"-cp",
"D:\\lib\\study-class.jar"
"-pp",
"-allow-phantom-refs",
"-process-dir",
"D:\\lib\\study-class.jar",
}));
argsList.add("-p"); argsList.add("cg"); argsList.add("all-reachable:true");
args = argsList.toArray(new String[0]);
Options.v().parse(args);
SootClass c = Scene.v().forceResolve("com.company.StudyClass",
SootClass.BODIES);
c.setApplicationClass();
Scene.v().loadNecessaryClasses();
SootMethod method = c.getMethodByName("studyMethod");
List entryPoints = new ArrayList<>();
entryPoints.add(method);
Scene.v().setEntryPoints(entryPoints);
The studied code snippets are like:
In file* StudyClass.java* it contains the method *studyMethod *(which is
the function i want to extract info from)
In file *SomeService.java* it is like:
public class *SomeService *extends *AbstractService*<Service> {
...
private ReturnClass someMethod() {
...
if (...) {
a = sc.studymethod(); *// sc is a field (instance of StudyClass) in
SomeService, but not declared, should be a field extended from
AbstractService*
}
}
}
*Then I have used different ways to try to get the call graph, but return
nothing from edgesInto. (But there will be outputs from edgesOut)*
PackManager.v().getPack("wjtp").add(new Transform("wjtp.myTrans", new
SceneTransformer() {
@Override
protected void internalTransform(String phase, Map<String, String> options)
{
CHATransformer.v().transform(); // also tried
SparkTransformer.v().transform() when spark enabled, not working, will
throw exception
CallGraph cg = Scene.v().getCallGraph();
SootClass sootClass= Scene.v().getSootClass("com.company.
StudyClass");
for(SootMethod sm : sootClass.getMethods()) {
if(sm.getName().contains("studyMethod")){
// this loop is in, just iterator has nothing to
iterate, also, there is only one method in the class called studyMethod
Iterator<MethodOrMethodContext> iterator = new
Sources(cg.edgesInto(sm)); // or directly use cg.edgesInto(sm) to iterate
Edge, I tried that
while (iterator.hasNext()) {
System.out.println(iterator.next());
}
}
}
}
...
PackManager.v().runPacks();
I have also tried to use JimpleBasedInterproceduralCFG icfg = new
JimpleBasedInterproceduralCFG(); icfg.getCallersof(sm); to extract info, no
luck as well.
The other thing i noticed is that , when I tried to extract* CFG *from
method *someMethod*, i can get the info saying *virtualinvoke *on studymethod.
But when I was doing Call graph analysis, the edge will show up. Could it
be possible that it is because the class *SomeService *extends an abstract
class and make it notwork? (in addition, both SomeService.class and
StudyClass.class are in the jar file).
I have read a lot of threads from the mailing list about generation of Call
graphs , still not be able to solve this problem.
some related posts:
https://groups.google.com/forum/#!searchin/soot-list/call$20graph|sort:relevance/soot-list/hCvZrJOedAg/hACfq6iQ2tQJ
https://groups.google.com/forum/#!searchin/soot-list/issues$20using$20call$20graph$20api%7Csort:relevance/soot-list/NseVWw94NVc/rdzQ9PLcaWoJ
Any help given will be highly appreciated.
Best regards,
Nemo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170922/e8879eeb/attachment-0001.html>
More information about the Soot-list
mailing list