search

AppThreat / atom

Atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
https://appthreat.com
Apache License 2.0
52 stars 2 forks source link

Error messages when building mixed project (>80% C++) not verbose enough for troubleshooting #151

Closed jonhall54 closed 3 months ago

jonhall54 commented 3 months ago

atom runs for a while (>20 mins) and creates app.atom file, and sometime usages.json. However the process comes back as "killed" with no further information. Command used based on cdxgen documentation for a large project. ./atom -J-Xmx16g usages -o app.atom -v --slice-outfile usages.json -l c++ <PATH TO CLONED REPO>

Any way I can get further information out of atom?

prabhu commented 3 months ago

@jonhall54 How big is the project? Currently we run all the frontends with the logging disabled, so running a profiler is the only option as of now.

jonhall54 commented 3 months ago

@prabhu Including dependencies in full it's approx 4GB - running over SSH so not sure if a graphical frontend is missing and throwing an error?

prabhu commented 3 months ago

Can you try creating just the atom with -l h? Remove the word usages from your commands.

jonhall54 commented 3 months ago

@prabhu I am attempting this, and thanks for the advice - how long would you expect atom to complete? Running overnight last night it didn't get killed, but seems to hang after an error Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "scala-execution-context-global-20" I will increase the memory in the command and see what happens

prabhu commented 3 months ago

Time taken is based on memory available. Best to try with smaller projects to get a feel before trying with larger projects

jonhall54 commented 3 months ago

@prabhu I've had some improved results making use of cmake CMAKE_EXPORT_COMPILE_COMMANDS based on: https://github.com/CycloneDX/cdxgen/issues/1115. I now get an app.atom and slices.json files which are not corrupted and work having run cmake.

However, the output does not include many of the 3rd party dependencies I know are present, and running cdxgen does not provide additional insight. Seems my best working method right now is to extract the dependencies into a conanfile.txt (not using conan for build) and then run cdxgen to get dependency info.

prabhu commented 3 months ago

Could you share an example code snippet for a dependency that was not captured in the slices?