[Soot-list] Correct way of using SPARK points-to analysis

Eric Bodden eric.bodden at uni-paderborn.de
Tue Jun 25 10:57:39 EDT 2019 

Hi Shuyang.

I am not sure what is going on here but your code looks way too complicated. The recommended way to use Spark is to simply write a wrapper that call’s Soot’s main method with the “-w” argument and that’s it. Before this call to soot.Main.main(..) you can then add additional code that registers a SceneTransformer to the “wjtp” pack, for instance, which will then be called by Soot after Spark has completed.

Hope that helps,
Eric

> On 25. Jun 2019, at 11:05, Shuyang Liu <sliu44 at cs.ucla.edu> wrote:
> 
> Hello All,
> 
> Recently I'm using soot SPARK points-to analysis as part of a research project. I followed some online documentations and examples but the program seems to give a call graph that is much larger than the call graphs produced by other static analysis tools such as petablox and WALA. More specifically, when running it on a relatively large application, soot give a call graph consisting 395624 call graph edges whereas other tools such as WALA (with 0cfa and no reflection turned on) gives ~40000 edges. So I'm wondering if I am using soot correctly? The following is my code: 
> 
> ```
> public class SootCallgraph extends SceneTransformer {
> 
>    private void process(Chain<SootClass> app) throws IOException {
>        CallGraph cg = Scene.v().getCallGraph();
>        System.out.println("Found " + cg.size() + " edges");
>        // ... More code processing the call graph 
>    }
> 
>    @Override
>    protected void internalTransform(String phaseName, Map options) {
>        HashMap <String , String> opt = new HashMap <String , String> (options);
>        opt.put("enabled","true");
>        opt.put("verbose", "true");
>        opt.put("on-fly-cg","true");
>        opt.put("simple-edges-bidirectional", "false");
>        opt.put("vta", "false");
>        opt.put("rta", "false");
>        opt.put("propagator","worklist");
>        opt.put("ignore-types","false");
>        opt.put("field-based","false");
>        opt.put("pre-jimplify","false");
>        opt.put("class-method-var","true");
>        opt.put("dump-pag","false");
>        opt.put("force-gc","false");
>        opt.put("merge-stringbuffer","false");
>        opt.put("string-constants","false");
>        opt.put("simulate-natives","true");
>        opt.put("simplify-offline","false");
>        opt.put("simplify-sccs","true");
>        opt.put("ignore-types-for-sccs","false");
>        opt.put("set-impl","double");
>        opt.put("double-set-old","hybrid");
>        opt.put("double-set-new","hybrid");
>        opt.put("dump-html","false");
>        opt.put("dump-solution","false");
>        opt.put("topo-sort","false");
>        opt.put("dump-types","false");
>        opt.put("dump-answer","false");
>        opt.put("add-tags","false");
>        opt.put("set-mass","false");
> 
>        SparkTransformer.v().transform("", opt);
> 
>        Chain<SootClass> app = Scene.v().getClasses();
>        try { process(app);} catch (IOException ignored) {}
>    }
> 
>    public static void main(String[] args) {
> 
>        Options.v().parse(args);
>        SootClass entryClass = Scene.v().loadClassAndSupport(mainClass); // mainClass is the name of the main class
>        Scene.v().loadNecessaryClasses();
> 
>        // Set Entry Point
>        SootMethod method = entryClass.getMethodByName("main");
>        List <SootMethod> entryPoints = new ArrayList<>();
>        entryPoints.add(method);
>        Scene.v().setEntryPoints(entryPoints);
> 
>        PackManager.v().getPack("wjtp").add(new Transform("wjtp.myTrans", new SootCallgraph("output.txt"))); 
>        soot.Main.main(newargs);
>    }
> }
> ```
> 
> The command line options I used for running this piece of code are:
> ```
> -pp
> -w
> -f
> n
> -app
> -process-dir
> test/bin
> -allow-phantom-refs
> ```
> 
> In addition, I have tried specifying `-p cg.spark on` in the cmdline options without calling `SparkTransformer.transform()` inside my code, but it produces the same results. Interestingly, if I have both, the number of edges decreases drastically to 1709 edges, which is much less than what other tools produces. If I put `SparkTransformer.transform()` outside of `internalTransform()` method, the number of edges in the call graph would be different as well. 
> 
> I understand that it is hard to tell what is wrong without looking at the actual application program it is running on (especially in this case there is no error message but it just feels not right). Any suggestions on how to correctly use SPARK would be very much appreciated. 
> 
> Thank you!
> Shuyang Liu
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

More information about the Soot-list mailing list