[Soot-list] Extract Call Graph from Jar but got nothing from EdgesInto

Nemo chenfsd at gmail.com
Thu Sep 21 22:40:03 EDT 2017 

Dear Team,

Good day. Thanks for all the efforts in developing and maintaining the Soot
framework. I am a researcher trying to leverage Soot API to generate call
graphs from Jar files (not from an Android app). In particular, given a
method foo, I would like to know what are the methods that might call foo.
For example:

In Class A, method1 invokes b.method2, b is an instance of Class B. When I
am extracting the functions which might call method2, I hope it can give me
method1.

The problem I currently have is, the methods I am studying are from library
class (which means it does not have a main class) and it is not a static
method as well. I have been using the tutorial from
https://github.com/Sable/soot/wiki/Using-Soot-with-custom-entry-points to
set entry points. The setup code is like: (due to security reasons, i have
to hide the real name of the method/class)

argsList.addAll(Arrays.asList(new String[]{

   "-w",

   "-cp",

   "D:\\lib\\study-class.jar"

   "-pp",

   "-allow-phantom-refs",

   "-process-dir",

   "D:\\lib\\study-class.jar",

   }));

argsList.add("-p"); argsList.add("cg"); argsList.add("all-reachable:true");

args = argsList.toArray(new String[0]);

Options.v().parse(args);
SootClass c = Scene.v().forceResolve("com.company.StudyClass",
SootClass.BODIES);
c.setApplicationClass();
Scene.v().loadNecessaryClasses();
SootMethod method = c.getMethodByName("studyMethod");
List entryPoints = new ArrayList<>();
entryPoints.add(method);

Scene.v().setEntryPoints(entryPoints);


The studied code snippets are like:


In file* StudyClass.java* it contains the method *studyMethod *(which is
the function i want to extract info from)


In file *SomeService.java* it is like:

public class *SomeService *extends *AbstractService*<Service> {
...

  private ReturnClass someMethod() {

  ...

    if (...) {

      a = sc.studymethod();  *// sc is a field (instance of StudyClass) in
SomeService, but not declared, should be a field extended from
AbstractService*

    }

  }

}



*Then I have used different ways to try to get the call graph, but return
nothing from edgesInto. (But there will be outputs from edgesOut)*

PackManager.v().getPack("wjtp").add(new Transform("wjtp.myTrans", new
SceneTransformer() {

@Override

protected void internalTransform(String phase, Map<String, String> options)
{

                CHATransformer.v().transform(); // also tried
SparkTransformer.v().transform() when spark enabled, not working, will
throw exception

                CallGraph cg = Scene.v().getCallGraph();

                SootClass sootClass= Scene.v().getSootClass("com.company.
StudyClass");

                for(SootMethod sm : sootClass.getMethods()) {

                      if(sm.getName().contains("studyMethod")){

                           // this loop is in, just iterator has nothing to
iterate, also, there is only one method in the class called studyMethod

                           Iterator<MethodOrMethodContext> iterator = new
Sources(cg.edgesInto(sm)); // or directly use cg.edgesInto(sm) to iterate
Edge, I tried that

   while (iterator.hasNext()) {

System.out.println(iterator.next());

   }

                      }

                }

        }


...

PackManager.v().runPacks();

I have also tried to use JimpleBasedInterproceduralCFG icfg = new
JimpleBasedInterproceduralCFG(); icfg.getCallersof(sm); to extract info, no
luck as well.

The other thing i noticed is that , when I tried to extract* CFG *from
method *someMethod*, i can get the info saying *virtualinvoke *on studymethod.
But when I was doing Call graph analysis, the edge will show up. Could it
be possible that it is because the class *SomeService *extends an abstract
class and make it notwork? (in addition, both SomeService.class and
StudyClass.class are in the jar file).

I have read a lot of threads from the mailing list about generation of Call
graphs , still not be able to solve this problem.
some related posts:
https://groups.google.com/forum/#!searchin/soot-list/call$20graph|sort:relevance/soot-list/hCvZrJOedAg/hACfq6iQ2tQJ
https://groups.google.com/forum/#!searchin/soot-list/issues$20using$20call$20graph$20api%7Csort:relevance/soot-list/NseVWw94NVc/rdzQ9PLcaWoJ

Any help given will be highly appreciated.

Best regards,
Nemo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20170922/e8879eeb/attachment-0001.html>

More information about the Soot-list mailing list