[Soot-list] Why Spark can't obtain the call graph on this snippet? But CHA can work.

Eric Bodden eric.bodden at uni-paderborn.de
Fri Jun 19 05:07:55 EDT 2020 

Hi Yuan.

I am afraid things are not that simple. The problem is likely the following: Soot will use the method you configured as entry point, but thus is a non-static instance method, which calls other instance methods on “this”. That “this”-object however, has never been initialized by your entry point, thus Spark assumes it to be null - leading to an empty call graph.

Thus, what we and many others have done in the past is the following: manually create a static mock-up method that properly initializes the object in question (and required helper objects) and then calls parseWithoutValidation. As entry point you then choose this new static mock-up method.

Sometimes it may make sense to generate such methods automatically. FlowDroid, for instance, does this for Android apps.

Cheers
Eric

> On 19. Jun 2020, at 00:16, liuyuan at fastmail.com wrote:
> 
> Hi all,
> 
> I customizd an entry point for a library (i.e. JCommander, a command interface tool for java) and used the Spark to build its CG. But The callgraph is empty. If I use the CHA, it works. 
> 
> The code snippet is as follows and the parseWithoutValidation is selected as the entry point.
> public void parseWithoutValidation(String... args) { // the customized entry point
>      parse(false /* no validation */, args); // I think this method could be found easily by Spark~
> }
> 
> private void parse(boolean validate, String... args) {
>     StringBuilder sb = new StringBuilder("Parsing \"");
>     sb.append(join(args).append("\"\n  with:").append(join(objects.toArray())));
>     p(sb.toString());
> 
>     if (descriptions == null) createDescriptions();
>     initializeDefaultValues();
>     parseValues(expandArgs(args), validate);
>     if (validate) validateOptions();
> }
> 
> private StringBuilder join(Object[] args) {
>     StringBuilder result = new StringBuilder();
>     for (int i = 0; i < args.length; i++) {
>         if (i > 0) result.append(" ");
>         result.append(args[i]);
>     }
>     return result;
> }
> ...
> 
> My core code is as follows.
> Options.v().set_process_dir(Arrays.asList(classesDir));
> Options.v().set_whole_program(true);
> Options.v().set_no_bodies_for_excluded(true);
> Options.v().set_allow_phantom_refs(true);
> 
> // set an entry point
> SootClass c = Scene.v().forceResolve(entryClass, SootClass.BODIES);
> c.setApplicationClass();
> Scene.v().loadNecessaryClasses();
> SootMethod method = c.getMethodByName(entryMethod);
> List entryPoints = new ArrayList();
> entryPoints.add(method);
> Scene.v().setEntryPoints(entryPoints);
> 
> //set Spark 
> HashMap<String, String> opt = new HashMap<String, String>();
> opt.put("on-fly-cg", "true");
> SparkTransformer.v().transform("", opt);
> PhaseOptions.v().setPhaseOption("cg.spark", "enabled:true");
> 
> PackManager.v().runPacks();
> 
> The target java file is attached.
> 
> Any suggestions are welcome.
> 
> Best regards,
> Yuan
> <JCommander.java>_______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

More information about the Soot-list mailing list