[prev in list] [next in list] [prev in thread] [next in thread] 

List:       soot-list
Subject:    Re: [Soot-list] Creating n-custom entry point call graphs
From:       Cheng Zhang <cheng.zhang.stap () gmail ! com>
Date:       2015-04-28 17:36:59
Message-ID: CAC9QkdVrVUZ0nGJcGBCbjkkKk_6KoCDZShOki0vDoQ56ack4Ow () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Jason,

Did the "-f J" option resolve your previous problem (i.e., the
ClassCastException)?

As for you follow-up question, I have no specific ideas, as there can be
many causes. For example, the second entry method actually calls only eight
methods. You may find useful hints by searching for discussions about
incomplete call graphs in this mailing list.

-- Cheng

On Tue, Apr 28, 2015 at 1:29 PM, Jason Ott <jott002@ucr.edu> wrote:

> Force it to Jimple, great idea.
> 
> The next problem I have is that subsequent callgraphs are super small
> (size of 8)  and the first one has a size of (14,000+).  Any ideas why that
> is the case?
> 
> On Tue, Apr 28, 2015 at 1:26 PM, Cheng Zhang <cheng.zhang.stap@gmail.com>
> wrote:
> 
> > Hi Jason,
> > 
> > Can you try to add "-f J" to your Soot arguments?
> > Sorry that I do not know exactly how it may be related to the problem,
> > but it might be a workaround.
> > 
> > -- Cheng
> > 
> > On Tue, Apr 28, 2015 at 1:06 PM, Jason Ott <jott002@ucr.edu> wrote:
> > 
> > > I have 1,000+ methods that will be used as custom entry points to
> > > generate a call graph.  They have different classes and what not.  I've
> > > tried a few different things which I will list below, after I discuss my
> > > general approach and shed some more light on exactly what I'm trying to do.
> > > 
> > > As I said I have N-number of methods that I want to generate a call
> > > graph for.  They are in the following format:
> > > 
> > > 
> > > android.accessibilityservice.IAccessibilityServiceClient$Stub$Proxy.onAccessibilityEvent,
> > >  android.accounts.IAccountAuthenticator$Stub.confirmCredentials,
> > > android.app.admin.IDevicePolicyManager$Stub.setMaximumFailedPasswordsForWipe,
> > > etc.
> > > 
> > > The class is actually an interface that contains a static inner class
> > > (`$Stub`) that contains an inner class (`$Proxy`, which implements said
> > > interface).  So `android.accessibilityservice.IAccessibilityServiceClient`
> > > is an interface, `$Stub` is a static inner class to
> > > `android.accessibilityservice.IAccessibilityServiceClient` and `$Proxy` is
> > > an inner class to `$Stub`.
> > > 
> > > My logic for solving this is as follows:
> > > // get records from disk...
> > > while(records.hasNextRecord()) {
> > > 
> > > // get records from disk
> > > while(records.hasNextRecord()) {
> > > if(!setArgs) {
> > > Options.v().parse(args);
> > > setArgs = true;
> > > }
> > > 
> > > SootClass sootClass = Scene.v().forceResolve(record.getClassName(), \
> > > SootClass.BODIES); sootClass.setApplicationClass();
> > > Scene.v().loadNecessaryClasses();
> > > SootMethod sootMethod = sootClass.getMethodByName(record.getMethodName());
> > > List<SootMethod> entryPoints = new ArrayList<SootMethod>();
> > > entryPoints.add(sootMethod);
> > > Scene.v().setEntryPoints(entryPoints);
> > > PackManager.v().runPacks();
> > > 
> > > soot.jimple.toolkits.callgraph.CallGraph callgraph = Scene.v().getCallGraph();
> > > System.out.println("[TestSpark] Call graph size " + callgraph.size());
> > > 
> > > System.out.println(String.format("It took: %d seconds to generate a callgraph \
> > > for: %s", TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - start),
> > > record.getClassName() + "." + record.getMethodName()));
> > > 
> > > System.out.println("=====================================");}
> > > 
> > > This allows me to generate the callgraph from the custom entry point.
> > > After the second iteration I get the following exception:
> > > 
> > > Exception in thread "main" java.lang.ClassCastException:
> > > soot.baf.internal.BIdentityInst cannot be cast to soot.jimple.Stmt
> > > at
> > > soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.getImplicitTargets(OnFlyCallGraphBuilder.java:604)
> > >  at
> > > soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:530)
> > >  at
> > > soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:420)
> > >  at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:55)
> > > at
> > > soot.jimple.spark.builder.ContextInsensitiveBuilder.build(ContextInsensitiveBuilder.java:76)
> > >  at
> > > soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:84)
> > > at soot.SceneTransformer.transform(SceneTransformer.java:39)
> > > at soot.Transform.apply(Transform.java:90)
> > > at soot.RadioScenePack.internalApply(RadioScenePack.java:57)
> > > at
> > > soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)
> > >  at soot.Pack.apply(Pack.java:116)
> > > at soot.PackManager.runWholeProgramPacks(PackManager.java:563)
> > > at soot.PackManager.runPacksNormally(PackManager.java:456)
> > > at soot.PackManager.runPacks(PackManager.java:391)
> > > at Main.main(Main.java:39)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at
> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > at
> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > >  at java.lang.reflect.Method.invoke(Method.java:483)
> > > at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
> > > 
> > > I've tried adding all the methods per class to a the entry points and
> > > run the callgraph when the class changes, obviously the above method,
> > > one-by-one resolution, etc.  But the exception continues to persist.
> > > 
> > > Any ideas on how to build a callgraph for >50 different classes that
> > > contain n-number of custom entry points that don't produce the exception
> > > would be very helpful.  Thanks.
> > > 
> > > _______________________________________________
> > > Soot-list mailing list
> > > Soot-list@CS.McGill.CA
> > > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> > > 
> > > 
> > 
> 


[Attachment #5 (text/html)]

<div dir="ltr">Hi Jason,<div><br></div><div>Did the &quot;-f J&quot; option resolve \
your previous problem (i.e., the ClassCastException)?</div><div><br></div><div>As for \
you follow-up question, I have no specific ideas, as there can be many causes. For \
example, the second entry method actually calls only eight methods. You may find \
useful hints by searching for discussions about incomplete call graphs in this \
mailing list.</div><div><br></div><div>-- Cheng</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 28, 2015 at 1:29 PM, \
Jason Ott <span dir="ltr">&lt;<a href="mailto:jott002@ucr.edu" \
target="_blank">jott002@ucr.edu</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Force it to Jimple, great \
idea.<div><br></div><div>The next problem I have is that subsequent callgraphs are \
super small (size of 8)   and the first one has a size of (14,000+).   Any ideas why \
that is the case?</div></div><div class="HOEnZb"><div class="h5"><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 28, 2015 at 1:26 PM, \
Cheng Zhang <span dir="ltr">&lt;<a href="mailto:cheng.zhang.stap@gmail.com" \
target="_blank">cheng.zhang.stap@gmail.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi Jason,<div><br></div><div>Can you try to \
add &quot;-f J&quot; to your Soot arguments?</div><div>Sorry that I do not know \
exactly how it may be related to the problem, but it might be a \
workaround.</div><div><br></div><div>-- Cheng</div></div><div \
class="gmail_extra"><br><div class="gmail_quote"><div><div>On Tue, Apr 28, 2015 at \
1:06 PM, Jason Ott <span dir="ltr">&lt;<a href="mailto:jott002@ucr.edu" \
target="_blank">jott002@ucr.edu</a>&gt;</span> wrote:<br></div></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div><div><div dir="ltr">I have 1,000+ methods that will be \
used as custom entry points to generate a call graph.   They have different classes \
and what not.   I&#39;ve tried a few different things which I will list below, after \
I discuss my general approach and shed some more light on exactly what I&#39;m trying \
to do.<div><br></div><div>As I said I have N-number of methods that I want to \
generate a call graph for.   They are in the following \
format:</div><div><br></div><div>android.accessibilityservice.IAccessibilityServiceCli \
ent$Stub$Proxy.onAccessibilityEvent,<br></div><div>android.accounts.IAccountAuthentica \
tor$Stub.confirmCredentials,<br></div><div>android.app.admin.IDevicePolicyManager$Stub.setMaximumFailedPasswordsForWipe, \
etc.<br></div><div><br></div><div>The class is actually an interface that contains a \
static inner class (`$Stub`) that contains an inner class (`$Proxy`, which implements \
said interface).   So `android.accessibilityservice.IAccessibilityServiceClient` is \
an interface, `$Stub` is a static inner class to \
`android.accessibilityservice.IAccessibilityServiceClient` and `$Proxy` is an inner \
class to `$Stub`.</div><div><br></div><div>My logic for solving this is as \
follows:</div><div>// get records from \
disk...</div><div>while(records.hasNextRecord()) {</div><div><pre \
style="color:rgb(169,183,198);font-family:Menlo;font-size:12pt;background-color:rgb(43,43,43)"><span \
style="color:rgb(204,120,50)">// get records from disk while(records.hasNextRecord()) \
{ if</span>(!setArgs) {<br>    Options.<span \
style="font-style:italic">v</span>().parse(args)<span \
style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)">    \
</span>setArgs = <span \
style="color:rgb(204,120,50)">true;<br></span>}<br><br>SootClass sootClass = \
Scene.<span style="font-style:italic">v</span>().forceResolve(record.getClassName()<span \
style="color:rgb(204,120,50)">, </span>SootClass.<span \
style="color:rgb(152,118,170);font-style:italic">BODIES</span>)<span \
style="color:rgb(204,120,50)">;<br></span>sootClass.setApplicationClass()<span \
style="color:rgb(204,120,50)">;<br></span>Scene.<span \
style="font-style:italic">v</span>().loadNecessaryClasses()<span \
style="color:rgb(204,120,50)">;<br></span>SootMethod sootMethod = \
sootClass.getMethodByName(record.getMethodName())<span \
style="color:rgb(204,120,50)">;<br></span>List&lt;SootMethod&gt; entryPoints = <span \
style="color:rgb(204,120,50)">new </span>ArrayList&lt;SootMethod&gt;()<span \
style="color:rgb(204,120,50)">;<br></span>entryPoints.add(sootMethod)<span \
style="color:rgb(204,120,50)">;<br></span>Scene.<span \
style="font-style:italic">v</span>().setEntryPoints(entryPoints)<span \
style="color:rgb(204,120,50)">;<br></span>PackManager.<span \
style="font-style:italic">v</span>().runPacks()<span \
style="color:rgb(204,120,50)">;<br></span><span \
style="color:rgb(204,120,50)"><br></span>soot.jimple.toolkits.callgraph.CallGraph \
callgraph = Scene.<span style="font-style:italic">v</span>().getCallGraph()<span \
style="color:rgb(204,120,50)">;<br></span>System.<span \
style="color:rgb(152,118,170);font-style:italic">out</span>.println(<span \
style="color:rgb(106,135,89)">&quot;[TestSpark] Call graph size &quot; </span>+ \
callgraph.size())<span style="color:rgb(204,120,50)">;<br></span><span \
style="color:rgb(204,120,50)"><br></span>System.<span \
style="color:rgb(152,118,170);font-style:italic">out</span>.println(String.<span \
style="font-style:italic">format</span>(<span style="color:rgb(106,135,89)">&quot;It \
took: %d seconds to generate a callgraph for: %s&quot;</span><span \
style="color:rgb(204,120,50)">,<br></span><span style="color:rgb(204,120,50)">        \
</span>TimeUnit.<span \
style="color:rgb(152,118,170);font-style:italic">MILLISECONDS</span>.toSeconds(System.<span \
style="font-style:italic">currentTimeMillis</span>() - start)<span \
style="color:rgb(204,120,50)">,<br></span><span style="color:rgb(204,120,50)">        \
</span>record.getClassName() + <span style="color:rgb(106,135,89)">&quot;.&quot; \
</span>+ record.getMethodName()))<span \
style="color:rgb(204,120,50)">;<br></span><span \
style="color:rgb(204,120,50)"><br></span>System.<span \
style="color:rgb(152,118,170);font-style:italic">out</span>.println(<span \
style="color:rgb(106,135,89)">&quot;=====================================&quot;</span>);
 <span style="font-size:12pt">}</span></pre>This allows me to generate the callgraph \
from the custom entry point.   After the second iteration I get the following \
exception:</div><div><div><br></div><div>Exception in thread &quot;main&quot; \
java.lang.ClassCastException: soot.baf.internal.BIdentityInst cannot be cast to \
soot.jimple.Stmt</div><div><span style="white-space:pre-wrap">	</span>at \
soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.getImplicitTargets(OnFlyCallGraphBuilder.java:604)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processNewMethod(OnFlyCallGraphBuilder.java:530)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.jimple.toolkits.callgraph.OnFlyCallGraphBuilder.processReachables(OnFlyCallGraphBuilder.java:420)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:55)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.jimple.spark.builder.ContextInsensitiveBuilder.build(ContextInsensitiveBuilder.java:76)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:84)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.SceneTransformer.transform(SceneTransformer.java:39)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.Transform.apply(Transform.java:90)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.RadioScenePack.internalApply(RadioScenePack.java:57)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:49)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.Pack.apply(Pack.java:116)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.PackManager.runWholeProgramPacks(PackManager.java:563)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.PackManager.runPacksNormally(PackManager.java:456)</div><div><span \
style="white-space:pre-wrap">	</span>at \
soot.PackManager.runPacks(PackManager.java:391)</div><div><span \
style="white-space:pre-wrap">	</span>at Main.main(Main.java:39)</div><div><span \
style="white-space:pre-wrap">	</span>at \
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</div><div><span \
style="white-space:pre-wrap">	</span>at \
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)</div><div><span \
style="white-space:pre-wrap">	</span>at \
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span \
style="white-space:pre-wrap">	</span>at \
java.lang.reflect.Method.invoke(Method.java:483)</div><div><span \
style="white-space:pre-wrap">	</span>at \
com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)</div></div><div><br></div><div>I&#39;ve \
tried adding all the methods per class to a the entry points and run the callgraph \
when the class changes, obviously the above method, one-by-one resolution, etc.   But \
the exception continues to persist.</div><div><br></div><div>Any ideas on how to \
build a callgraph for &gt;50 different classes that contain n-number of custom entry \
points that don&#39;t produce the exception would be very helpful.   \
Thanks.</div></div> <br></div></div>_______________________________________________<br>
 Soot-list mailing list<br>
<a href="mailto:Soot-list@CS.McGill.CA" \
target="_blank">Soot-list@CS.McGill.CA</a><br> <a \
href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" \
target="_blank">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br> \
<br></blockquote></div><br></div> </blockquote></div><br></div>
</div></div></blockquote></div><br></div>



_______________________________________________
Soot-list mailing list
Soot-list@CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic