Re: [Soot-list] Soot not finding class without a main for call graph
Eric Ortega
Hi Fogo,
You may want to try running through the rest of your classes and calling Scene.v().loadClass(…) for each one.
Regards,
Eric Ortega
From: Soot-list <soot-lis...@CS.McGill.CA> on behalf of Fogo Tunde-Onadele <oatu...@ncsu.edu>
Date: Monday, February 1, 2021 at 5:06 AM
To: "soot...@cs.mcgill.ca" <soot...@cs.mcgill.ca>
Subject: [Soot-list] Soot not finding class without a main for call graph
Good day,
I have been trying to get Soot working on analyzing the call graph of external libraries/apps. Specifically, I want to get the call graph of a class, ‘DefaultServlet’, within a Tomcat jar file, ‘catalina.jar’. First, I followed tutorials that analyze a simple class/file with a main method. However, the classes I want to analyze don’t typically have main methods. So I found and followed examples that utilize entrypoints but Soot is still unable to find the class. Please, I would appreciate some help. Here is the latest main piece of code I have tried.
```
public class IFDSDataFlowTransformer extends SceneTransformer {
static LinkedList<String> excludeList;
static String mainclass = "DefaultServlet";
static String mainmethod = "doGet"; // "doPut";
public static void main(String[] args) {
// Set Soot's internal classpath
String javapath = System.getProperty("java.class.path");
String jredir = System.getProperty("java.home")+"/lib/rt.jar";
String path = javapath+File.pathSeparator+jredir;
Options.v().set_soot_classpath(path);
// Enable whole-program mode
Options.v().set_whole_program(true);
Options.v().set_app(true);
// Call-graph options
Options.v().setPhaseOption("cg", "safe-newinstance:true");
Options.v().setPhaseOption("cg.cha","enabled:false");
// Enable SPARK call-graph construction
Options.v().setPhaseOption("cg.spark","enabled:true");
Options.v().setPhaseOption("cg.spark","verbose:true");
Options.v().setPhaseOption("cg.spark","on-fly-cg:true");
Options.v().set_allow_phantom_refs(true);
// Set the main class of the application to be analysed
Options.v().set_main_class(mainclass);
// Load the main class
SootClass c = Scene.v().loadClass(mainclass, SootClass.BODIES);
c.setApplicationClass();
// Load the "main" method of the main class and set it as a Soot entry point
// SootMethod entryPoint = c.getMethodByName("main");
SootMethod entryPoint = c.getMethodByName(mainmethod);
List<SootMethod> entryPoints = new ArrayList<SootMethod>();
entryPoints.add(entryPoint);
Scene.v().setEntryPoints(entryPoints);
PackManager.v().getPack("wjtp").add(new Transform("wjtp.herosifds", new IFDSDataFlowTransformer()));
// soot.Main.main();
//start working
PackManager.v().runPacks();
}
```
I am using Soot 3.3.1, Java 1.8 and I have exported my eclipse project in a zip below (project structure in photo). The files, IFDSDataFlowTransformer and TestSootCallGraph, start two separate trials.
Do I have to create a new class with a main that would start a request (e.g. http or curl request) to the Tomcat application? If so, that would require including more Tomcat jars/files in the project. However, I figured that Soot did not need specific inputs or all files in an application to statically analyze code.
Thank you,
Fogo
--
Fogo Tunde-Onadele
PhD student
Computer Science
North Carolina State University
Fogo Tunde-Onadele
Eric Ortega
Hi Fogo,
Yes, I meant the rest of the classes in the .jar.
It sounds like Dr. Bodden was driving to a better point, in that there likely needs to be some sort of hook into the library. If you didn’t want to create a sample app with a driver, you might have success programmatically setting a method that you’re curious about as an entrypoint through the soot API. You can likely just use setEntryPoint() as you’ve already done. It takes a list anyway so just pick some other methods in your libraries and tack them onto your main.
Regards,
Eric Ortega
--
Fogo Tunde-Onadele
PhD student
Computer Science
North Carolina State University
Fogo Tunde-Onadele
SootClass appclass = Scene.v().loadClassAndSupport(mainclass);
Scene.v().setMainClass(appclass);
Scene.v().loadNecessaryClasses();
- However, I am now running into this error during the statement "solver.solve();" which I would appreciate help with:
[Thread-11] ERROR heros.solver.CountingThreadPoolExecutor - Worker thread execution failed: null java.lang.NullPointerException - The reason I want to use Heros is because it will be able to follow/filter the call path based on the inputs from the driver class (interprocedural control flow graph). I also wanted to clarify this because I can run without runtime errors with Soot and SPARK alone but it will give all the call edges it can find, rather than the path visited by the input.
- Finally, I searched for examples that use Heros (since the wiki example does not include code to work with the IFDS solution) but did not have much luck. Any pointers to such examples will be much appreciated.
Eric Ortega
Hi Fogo,
Progress is good. Unfortunately, I’m not using soot for the same functionality that you are so I’m afraid you and I would be in the same boat there. Best of luck!
Error! Filename not specified.
--
Fogo Tunde-Onadele
PhD student
Computer Science
North Carolina State University
--
Fogo Tunde-Onadele
PhD student
Computer Science
North Carolina State University