[Soot-list] [Soot] [CallGraph] [FlowDroid] Spark calligraph incomplete

Miguel Velez mvelezce at cs.cmu.edu
Tue Oct 29 13:16:33 EDT 2019 

Thanks for the hint on the getOrMakeFastHierarychy(). However, using PackManager.v().runPacks() did not work either. Also, the Scene.v().forceResolve() is also used in FlowDroid to create a call graph. That is why I am using it.

Thanks,

Miguel

> On Oct 29, 2019, at 11:13 AM, David Diepenbrock <ddiepenbrock at pjrcorp.com> wrote:
> 
> I'm not an expert, but I think instead of applying specific packs you should use PackManager.v().runPacks();.  
> 
> Also, there's no need to invoke getOrMakeFastHierarchy(), unless you want to use the hierarchy.  The hierarchy will be built by the packs if needed.  Scene.v().forceResolve() probably isn't required either.
> 
> Best,
> David Diepenbrock
> From: Soot-list <soot-list-bounces at CS.McGill.CA <mailto:soot-list-bounces at CS.McGill.CA>> on behalf of Miguel Velez <mvelezce at cs.cmu.edu <mailto:mvelezce at cs.cmu.edu>>
> Sent: Monday, October 28, 2019 6:41 PM
> To: soot-list at cs.mcgill.ca <mailto:soot-list at cs.mcgill.ca> <soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>>
> Subject: [Soot-list] Spark calligraph incomplete
>  
> Hi everyone,
> 
> I am trying to build a CallGraph with Spark to called information about what methods call other methods. I am trying to replicated how a CallGraph is built using FlowDroid. However, the call graph that I generate for a program is incomplete. I know it is incomplete since I compared the number of ClassNodes using ASM (211) with the number of SootClasses from parsing the src and tat of the edges from callGraph.listener() (80). I have spent several hours trying to debug why some edges are missing, but I cannot understand why.
> 
> Here is how I am building a call graph programmatically:
> 
> ```
> public static CallGraph buildCallGraph(String entryPoint, String appPath) {
>   long startTime = System.nanoTime();
>   initializeSoot(entryPoint, appPath);
> 
>   PackManager.v().getPack("wjpp").apply();
>   PackManager.v().getPack("cg").apply();
> 
>   Scene.v().getOrMakeFastHierarchy();
> 
>   CallGraph callGraph = Scene.v().getCallGraph();
> 
>   long endTime = System.nanoTime();
>   System.out.println("Time to build call graph: " + ((endTime - startTime) / 1E9));
> 
>   return callGraph;
> }
> 
> private static void initializeSoot(String entryPoint, String appPath) {
>   soot.G.reset();
> 
>   Options.v().set_no_bodies_for_excluded(true);
>   Options.v().set_allow_phantom_refs(true);
>   Options.v().set_output_format(Options.output_format_none);
>   Options.v()
>       .set_soot_classpath(
>           appPath
>               + ":/Library/Java/JavaVirtualMachines/jdk1.8.0_202.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_202.jdk/Contents/Home/jre/lib/jce.jar");
> 
>   setSparkOptions();
> 
>   Options.v().set_whole_program(true);
>   Options.v().setPhaseOption("cg", "trim-clinit:false");
>   Options.v().setPhaseOption("jb.ulp", "off");
>   Options.v().set_src_prec(Options.src_prec_java);
> 
>   // User options
>   Options.v().setPhaseOption("jb", "use-original-names:true");
> 
>   // Options needed for instrumentation
>   Options.v().set_keep_line_number(true);
>   Options.v().set_keep_offset(true);
>   Options.v().set_coffi(true);
>   Options.v().set_ignore_classpath_errors(true);
> 
>   loadClassesAndBodies(entryPoint);
> }
> 
> private static void loadClassesAndBodies(String entryPoint) {
>   Scene.v().addBasicClass(entryPoint, SootClass.BODIES);
>   Scene.v().loadNecessaryClasses();
> 
>   boolean hasClasses = false;
> 
>   SootClass c = Scene.v().forceResolve(entryPoint, SootClass.BODIES);
>   if (c != null) {
>     c.setApplicationClass();
>     if (!c.isPhantomClass() && !c.isPhantom()) hasClasses = true;
>   }
> 
>   if (!hasClasses) {
>     throw new RuntimeException("Only phantom classes loaded, skipping analysis...");
>   }
> }
> 
> private static void setSparkOptions() {
>   Options.v().setPhaseOption("cg.spark", "on");
>   Options.v().setPhaseOption("cg.spark", "string-constants:true");
> }
> ```
> 
> Can anyone help me understand what am I doing wrong? 
> 
> For instance, this is a method that is part of the calligraphy:
> 
> ```
> public List<PngPixel> getMergedColors(PngImage image, List<PngPixel> colors, long start) {
>     for (PngPixel pa : colors) {
>       if (!pa.isDuplicate()) {
>          ...
>       }
>     }   
>  }       
> ```
> 
> but the `isDuplicate()` method is not part of the calligraphy (i.e., the `edgesOutOf(getMergedColors)` does not include `isDuplicate`). However, if I change the class method to:
> 
> ```
> public List<PngPixel> getMergedColors(PngImage image, List<PngPixel> colors, long start) {
>    PngPixel pa = new PngPixel();
>    pa.isDuplicate();
>  }       
> ```
> 
> The `isDuplicate()` method is part of the call graph. Why would creating a constructor include the method in the call graph?
> 
> Thanks,
> 
> Miguel
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA <mailto:Soot-list at CS.McGill.CA>
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list <https://mailman.cs.mcgill.ca/mailman/listinfo/soot-list>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20191029/8d5c9af8/attachment.html>

More information about the Soot-list mailing list