<div dir="ltr">Thank you!<div><br></div><div>I have a few other questions regarding entry points and call graph creation:</div><div><ol><li>If soot/SPARK cannot figure out the path does it stop and not generate any edges? I have a toy example (see below) for which the new'd object creates the appropriate graph, but the custom entry point creates a graph with no edges.</li><li>Which leads me to my next question: what specifically causes confusion for SPARK in the custom entry point?</li><ol><li>Is it the use of this.methodX() versus methodX()? (Does the simple use of "this" keyword kill the graph?</li></ol><li>Does subtype polymorphism have any affect on the call graph whether new'd or custom entry?</li></ol><div>I have tried answering these problems myself, but it is difficult when the custom entry point of the graph doesn't generate any edges for me to analyze. Thanks!</div></div><div><br></div><div>I am generating the callgraph with these two commands:</div><div><b>new'd object:</b></div><div><ul><li>-p cg.spark on -cp /path/to/classes/:. -trim-cfgs -allow-phantom-refs -w -verbose run main</li></ul></div><div><b>Custom Entry point:</b></div><div><ul><li>-p cg.spark on -cp /path/to/classes/:. -trim-cfgs -allow-phantom-refs -w -verbose Managers.OneManager closedAPI<br></li></ul></div><div><br></div><div>Toy example:</div><div><pre style="color:rgb(169,183,198);font-family:Menlo;font-size:12pt;background-color:rgb(43,43,43)"><span style="color:rgb(204,120,50)">OneManager.java</span></pre><blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex" class="gmail_quote"><span style="color:rgb(204,120,50)">public class </span>OneManager {<br> <span style="color:rgb(204,120,50)"> public </span>OneService <span style="color:rgb(152,118,170)">mService</span><span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> public </span>OneManager() {<br> <span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(152,118,170)">mService </span>= <span style="color:rgb(204,120,50)">new </span>OneService()<span style="color:rgb(204,120,50)">;</span></blockquote><blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex" class="gmail_quote"><span style="color:rgb(204,120,50)"></span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">openAPI</span>() {<br> <span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(152,118,170)">mService</span>.openAPI()<span style="color:rgb(204,120,50)">;</span></blockquote><blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex" class="gmail_quote"><span style="color:rgb(204,120,50)"></span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">closedAPI</span>() {<br> <span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(152,118,170)">mService</span>.closedAPI()<span style="color:rgb(204,120,50)">;</span></blockquote><blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex" class="gmail_quote"><span style="color:rgb(204,120,50)"></span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(204,120,50)"> </span>}<br>}</blockquote><pre style="color:rgb(169,183,198);font-family:Menlo;font-size:12pt;background-color:rgb(43,43,43)">OneService.java</pre><pre style="color:rgb(169,183,198);font-family:Menlo;font-size:12pt;background-color:rgb(43,43,43)"><blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex" class="gmail_quote"><span style="color:rgb(204,120,50)">public class </span>OneService <span style="color:rgb(204,120,50)">extends </span>MasterService {<br> <span style="color:rgb(204,120,50)">public boolean </span><span style="color:rgb(152,118,170)">mHasRights </span>= <span style="color:rgb(204,120,50)">false;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> public void </span><span style="color:rgb(255,198,109)">overridenMethod</span>() {<br> <span style="color:rgb(128,128,128)">//don't call super here<br></span><span style="color:rgb(128,128,128)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">notOverriddenMethod</span>() {<br> <span style="color:rgb(204,120,50)">super</span>.notOverriddenMethod()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">closedAPI</span>() {<br> callChainOne()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">openAPI</span>() {<br> <span style="color:rgb(204,120,50)">super</span>.callChainOne()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">callChainOne</span>(){<br> callChainTwo()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">callChainTwo</span>() {<br> callChainThree()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">callChainThree</span>() {<br> }<br>}<br>MasterService.java<br><span style="color:rgb(204,120,50)">public class </span>MasterService {<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">overriddenMethod</span>() {<br> }<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">notOverriddenMethod</span>() {<br> <br> }<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">callChainOne</span>() {<br> <span style="color:rgb(204,120,50)">this</span>.callChainTwo()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">callChainTwo</span>() {<br> <span style="color:rgb(204,120,50)">this</span>.callChainThree()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> <span style="color:rgb(204,120,50)">public void </span><span style="color:rgb(255,198,109)">callChainThree</span>() {<br> <span style="color:rgb(204,120,50)">return;<br></span><span style="color:rgb(204,120,50)"> </span>}<br>}</blockquote></pre></div><div> Run.java</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">public class run {<br> public static void main(String[] args) {<br> OneManager om = new OneManager();<br> om.closedAPI();<br> }<br>}</blockquote><div><br></div><div>My SootAnalyzer is super simple:</div><blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex" class="gmail_quote"> <span style="font-family:Menlo;font-size:12pt;color:rgb(204,120,50)">public class </span><span style="color:rgb(169,183,198);font-family:Menlo;font-size:12pt;background-color:rgb(43,43,43)">Main {</span><br> <span style="color:rgb(98,151,85);font-style:italic">/**<br></span><span style="color:rgb(98,151,85);font-style:italic"> * </span><span style="color:rgb(98,151,85);font-weight:bold;font-style:italic">@param </span><span style="color:rgb(138,101,59);font-style:italic">args<br></span><span style="color:rgb(138,101,59);font-style:italic"> </span><span style="color:rgb(98,151,85);font-style:italic">*/<br></span><span style="color:rgb(98,151,85);font-style:italic"> </span><span style="color:rgb(204,120,50)">public static void </span><span style="color:rgb(255,198,109)">main</span>(String[] args) {<br> String entryPointClass = args[args.<span style="color:rgb(152,118,170)">length</span>-<span style="color:rgb(104,151,187)">2</span>]<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>String entryPointMethod = args[args.<span style="color:rgb(152,118,170)">length</span>-<span style="color:rgb(104,151,187)">1</span>]<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span>System.<span style="color:rgb(152,118,170);font-style:italic">out</span>.println(entryPointClass + <span style="color:rgb(106,135,89)">"." </span>+ entryPointMethod)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span>args = Arrays.<span style="font-style:italic">copyOf</span>(args<span style="color:rgb(204,120,50)">, </span>args.<span style="color:rgb(152,118,170)">length</span>-<span style="color:rgb(104,151,187)">2</span>)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> for</span>(String s : args) {<br> <span style="color:rgb(128,128,128)">//System.out.println(s);<br></span><span style="color:rgb(128,128,128)"> </span>}<br> <span style="color:rgb(204,120,50)">long </span>start = System.<span style="font-style:italic">currentTimeMillis</span>()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>Options.<span style="font-style:italic">v</span>().parse(args)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(128,128,128)">//SootClass c = Scene.v().forceResolve("android.hardware.usb.UsbManager", SootClass.BODIES);<br></span><span style="color:rgb(128,128,128)"> </span>SootClass c = Scene.<span style="font-style:italic">v</span>().forceResolve(entryPointClass<span style="color:rgb(204,120,50)">, </span>SootClass.<span style="color:rgb(152,118,170);font-style:italic">BODIES</span>)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>c.setApplicationClass()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>Scene.<span style="font-style:italic">v</span>().loadNecessaryClasses()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>SootMethod method = c.getMethodByName(entryPointMethod)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span>List entryPoints = <span style="color:rgb(204,120,50)">new </span>ArrayList()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>entryPoints.add(method)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span>Scene.<span style="font-style:italic">v</span>().setEntryPoints(entryPoints)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>PackManager.<span style="font-style:italic">v</span>().runPacks()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span><span style="color:rgb(128,128,128)">//soot.Main.main(args);<br></span><span style="color:rgb(128,128,128)"> </span>soot.jimple.toolkits.callgraph.CallGraph callgraph = Scene.<span style="font-style:italic">v</span>().getCallGraph()<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span>FileHandler fh = <span style="color:rgb(204,120,50)">new </span>FileHandler(entryPointClass + <span style="color:rgb(106,135,89)">"-" </span>+ entryPointMethod)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> for</span>(Edge e : callgraph) {<br> fh.write(e.toString())<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>fh.write(<span style="color:rgb(106,135,89)">"</span><span style="color:rgb(204,120,50)">\n</span><span style="color:rgb(106,135,89)">"</span>)<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br> fh.close()<span style="color:rgb(204,120,50)">;</span><span style="color:rgb(128,128,128)"><br></span><span style="color:rgb(128,128,128)"> </span>System.<span style="color:rgb(152,118,170);font-style:italic">out</span>.println(<span style="color:rgb(106,135,89)">"[TestSpark] Call graph size " </span>+ callgraph.size())<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"><br></span><span style="color:rgb(204,120,50)"> </span>System.<span style="color:rgb(152,118,170);font-style:italic">out</span>.println(String.<span style="font-style:italic">format</span>(<span style="color:rgb(106,135,89)">"It took: %d seconds to generate a callgraph for: %s"</span><span style="color:rgb(204,120,50)">,<br></span><span style="color:rgb(204,120,50)"> </span>TimeUnit.<span style="color:rgb(152,118,170);font-style:italic">MILLISECONDS</span>.toSeconds(System.<span style="font-style:italic">currentTimeMillis</span>() - start)<span style="color:rgb(204,120,50)">,<br></span><span style="color:rgb(204,120,50)"> </span>entryPointClass +<span style="color:rgb(106,135,89)">"."</span>+ entryPointMethod))<span style="color:rgb(204,120,50)">;<br></span><span style="color:rgb(204,120,50)"> </span>}<br>}</blockquote><div><br></div><div>FileHandler is simple a wrapper class for handling I/O, it works just fine. </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 2, 2015 at 11:15 AM, Jason Ott <span dir="ltr"><<a href="mailto:jott002@ucr.edu" target="_blank">jott002@ucr.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>So I'm trying to run soot with spark on the Android Framework using a custom entry point.</div><div><br></div><div>Here is my the code that runs soot:</div><div> </div><div> public class Main {</div><div> public static void main(String[] args) {</div><div><br></div><div> String entryPointClass = args[args.length-2];</div><div> String entryPointMethod = args[args.length-1];</div><div><br></div><div> System.out.println(entryPointClass + "." + entryPointMethod);</div><div><br></div><div> args = Arrays.copyOf(args, args.length-2);</div><div><br></div><div> long start = System.currentTimeMillis();</div><div> Options.v().parse(args);</div><div> SootClass c = Scene.v().forceResolve(entryPointClass, SootClass.BODIES);</div><div> c.setApplicationClass();</div><div> Scene.v().loadNecessaryClasses();</div><div> SootMethod method = c.getMethodByName(entryPointMethod);</div><div> List entryPoints = new ArrayList();</div><div> entryPoints.add(method);</div><div> Scene.v().setEntryPoints(entryPoints);</div><div> PackManager.v().runPacks();</div><div><br></div><div> soot.jimple.toolkits.callgraph.CallGraph callgraph = Scene.v().getCallGraph();</div><div> System.out.println("[TestSpark] Call graph size " + callgraph.size());</div><div><br></div><div> System.out.println(String.format("It took: %d seconds to generate a callgraph for: %s",</div><div> TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - start),</div><div> entryPointClass +"."+ entryPointMethod));</div><div> }</div><div>}</div><div><br></div><div>I would run this as follows:</div><div>java -Xmx:1024mb -jar mySpark.jar -p cg.spark on -process-dir /Users/jason/Desktop/android/pscout/android_source_dir/ -cp /Users/jason/Desktop/android/pscout/android_source_dir:. -allow-phantom-refs android.content.ClipboardManager hasText</div><div><br></div><div>The last two args end up being the api class and the api method that I want to start the graph at. </div><div><br></div><div>When I run this jar I get a "java.lang.OutOfMemoryError: GC overhead limit exceeded" error. I've given the JVM as mucha s 8gb and it still exhausts memory.</div><div><br></div><div>Now I must admit that to even get this to work I had to tweak the Soot source code a bit. I had to alter the following:</div><div><ul><li>Line 99 in soot/src//soot/asm/SootClassBuilder.java will not throw an exception with my code. The line now prints an error and moves on. As I was reading the code and reading other examples, this is tolerable because Soot still finds the methods in those classes (presumably, as it doesn't throw any errors about not finding methods)<br></li></ul><div>Can soot handle the entire android framework?</div></div><div>Is my method and approach proper?</div><div>Are there any indications as to why I'm running into a GC Memory error and how to fix it?</div><div>Is my change to soot source code the root of this problem?</div><div><br></div><div>Thank you for any assistance you may provide.</div></div>
</blockquote></div><br></div>