[Soot-list] Soot not finding class without a main for call graph

Fogo Tunde-Onadele oatundeo at ncsu.edu
Fri Feb 5 08:47:36 EST 2021 

Hi Eric and all,

Thanks for the feedback. I got some success using a driver class although I
encountered issues on the way. These issues stemmed from my improper use of
java packages. This github issue
<https://github.com/soot-oss/soot/issues/1346> was helpful as a reference
(to ensure the package location was included in the classpath and the
proper class naming was used).

I also found better progress using the basic way of setting the main class
below, instead of using setApplicationClass and entrypoints in my prior
excerpt (from the Soot Heros wiki
<https://github.com/Sable/heros/wiki/Example%3A-Using-Heros-with-Soot>)

> SootClass appclass = Scene.v().loadClassAndSupport(mainclass);
> Scene.v().setMainClass(appclass);
> Scene.v().loadNecessaryClasses();


   1. However,  I am now running into this error during the statement
   "solver.solve();" which I would appreciate help with:
   [Thread-11] ERROR heros.solver.CountingThreadPoolExecutor - Worker
   thread execution failed: null java.lang.NullPointerException

   2. The reason I want to use Heros is because it will be able to
   follow/filter the call path based on the inputs from the driver class
   (interprocedural control flow graph). I also wanted to clarify
   this because I can run without runtime errors with Soot and SPARK alone but
   it will give all the call edges it can find, rather than the path visited
   by the input.

   3. Finally, I searched for examples that use Heros (since the wiki
   example does not include code to work with the IFDS solution) but did not
   have much luck. Any pointers to such examples will be much appreciated.

Thanks,
Fogo


On Tue, Feb 2, 2021 at 11:26 AM Eric Ortega <eortega at pjrcorp.com> wrote:

> Hi Fogo,
>
>
>
> Yes, I meant the rest of the classes in the .jar.
>
>
>
> It sounds like Dr. Bodden was driving to a better point, in that there
> likely needs to be some sort of hook into the library.  If you didn’t want
> to create a sample app with a driver, you might have success
> programmatically setting a method that you’re curious about as an
> entrypoint through the soot API.  You can likely just use setEntryPoint()
> as you’ve already done.  It takes a list anyway so just pick some other
> methods in your libraries and tack them onto your main.
>
>
>
> Regards,
>
> Eric Ortega
>
>
>
> *From: *Fogo Tunde-Onadele <oatundeo at ncsu.edu>
> *Date: *Tuesday, February 2, 2021 at 5:15 AM
> *To: *Eric Ortega <eortega at pjrcorp.com>
> *Cc: *"soot-list at cs.mcgill.ca" <soot-list at cs.mcgill.ca>
> *Subject: *Re: [Soot-list] Soot not finding class without a main for call
> graph
>
>
>
> Hi Eric.
>
>
>
> Thanks, you mean the rest of the classes contained in the jar? I also
> received a response from Dr. Bodden about having a driver class that
> instantiates my target class. I'll work on trying these out.
>
>
>
> Thank you,
>
> Fogo
>
>
>
> On Mon, Feb 1, 2021 at 2:13 PM Eric Ortega <eortega at pjrcorp.com> wrote:
>
> Hi Fogo,
>
>
>
> You may want to try running through the rest of your classes and calling
> Scene.v().loadClass(…) for each one.
>
>
>
> Regards,
>
> Eric Ortega
>
>
>
> *From: *Soot-list <soot-list-bounces at CS.McGill.CA> on behalf of Fogo
> Tunde-Onadele <oatundeo at ncsu.edu>
> *Date: *Monday, February 1, 2021 at 5:06 AM
> *To: *"soot-list at cs.mcgill.ca" <soot-list at cs.mcgill.ca>
> *Subject: *[Soot-list] Soot not finding class without a main for call
> graph
>
>
>
> Good day,
>
>
>
> I have been trying to get Soot working on analyzing the call graph of
> external libraries/apps. Specifically, I want to get the call graph of a
> class, ‘DefaultServlet’, within a Tomcat jar file, ‘catalina.jar’. First, I
> followed tutorials that analyze a simple class/file with a main method.
> However, the classes I want to analyze don’t typically have main methods.
> So I found and followed examples that utilize entrypoints but Soot is still
> unable to find the class. Please, I would appreciate some help. Here is the
> latest main piece of code I have tried.
>
>
>
> ```
>
> public class IFDSDataFlowTransformer extends SceneTransformer {
>
> static LinkedList<String> excludeList;
> static String mainclass = "DefaultServlet";
> static String mainmethod = "doGet"; // "doPut";
>
> public static void main(String[] args) {
>
> // Set Soot's internal classpath
>    String javapath = System.getProperty("java.class.path");
>    String jredir = System.getProperty("java.home")+"/lib/rt.jar";
>    String path = javapath+File.pathSeparator+jredir;
>    Options.v().set_soot_classpath(path);
>
>         // Enable whole-program mode
>         Options.v().set_whole_program(true);
>         Options.v().set_app(true);
>
>         // Call-graph options
>         Options.v().setPhaseOption("cg", "safe-newinstance:true");
>         Options.v().setPhaseOption("cg.cha","enabled:false");
>
>         // Enable SPARK call-graph construction
>         Options.v().setPhaseOption("cg.spark","enabled:true");
>         Options.v().setPhaseOption("cg.spark","verbose:true");
>         Options.v().setPhaseOption("cg.spark","on-fly-cg:true");
>
>         Options.v().set_allow_phantom_refs(true);
>
>         // Set the main class of the application to be analysed
>         Options.v().set_main_class(mainclass);
>
>         // Load the main class
>         SootClass c = Scene.v().loadClass(mainclass, SootClass.BODIES);
>         c.setApplicationClass();
>
>         // Load the "main" method of the main class and set it as a Soot
> entry point
> //        SootMethod entryPoint = c.getMethodByName("main");
>         SootMethod entryPoint = c.getMethodByName(mainmethod);
>         List<SootMethod> entryPoints = new ArrayList<SootMethod>();
>         entryPoints.add(entryPoint);
>         Scene.v().setEntryPoints(entryPoints);
>
>         PackManager.v().getPack("wjtp").add(new
> Transform("wjtp.herosifds", new IFDSDataFlowTransformer()));
>
> //        soot.Main.main();
>         //start working
>    PackManager.v().runPacks();
> }
>
>
>
> ```
>
>
>
> I am using Soot 3.3.1, Java 1.8 and I have exported my eclipse project in
> a zip below (project structure in photo). The files,
> IFDSDataFlowTransformer and TestSootCallGraph, start two separate trials.
>
> Do I have to create a new class with a main that would start a request
> (e.g. http or curl request) to the Tomcat application? If so, that would
> require including more Tomcat jars/files in the project. However, I figured
> that Soot did not need specific inputs or all files in an application to
> statically analyze code.
>
>
>
> Thank you,
>
> Fogo
>
>
>
> [image: Image removed by sender.]
>
>
>
>
>
> --
>
> Fogo Tunde-Onadele
>
> PhD student
>
> Computer Science
>
> North Carolina State University
>
>
>
>
> --
>
>
>
> Fogo Tunde-Onadele
>
> PhD student
>
> Computer Science
>
> North Carolina State University
>


-- 

Fogo Tunde-Onadele
PhD student
Computer Science
North Carolina State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20210205/a734cbcd/attachment-0001.html>

More information about the Soot-list mailing list