search

rohanpadhye / vasco

An inter-procedural data-flow analysis framework using value-based context sensitivity
GNU Lesser General Public License v2.1
88 stars 35 forks source link

Soot Version #9

Closed linghuiluo closed 7 years ago

linghuiluo commented 7 years ago

Hi,

can you tell me which version of soot is used in VASCO?

thanks and best regards, Linghui

rohanpadhye commented 7 years ago

Hi Linghui,

I have not seen Soot using version numbers since version 2.5.0, released back in 2012.

You should be able to use the nightly build, which I believe is synchronized with their develop branch and contains the latest version. Ideally, VASCO should work with this version, assuming the API is backward-compatible.

Please open an issue if you find that you are having trouble using VASCO with some specific newer version of Soot.

oparisy commented 7 years ago

I have indeed been able to use sootclasses-trunk.jar from a recent nightly build without issue.

linghuiluo commented 7 years ago

I used the nightly build from 02-Oct-2017 11:39 and got the following errors. I also tried an earlier version of nightly build and it only worked for SignTest but not for CopyConstantTest. vasco

rohanpadhye commented 7 years ago

@linghui2016: Thanks for the report. I'll look into it. Can you tell me for which class you got the NoClassDefError? There is a window blocking the class name in the screenshot that you attached.

rohanpadhye commented 7 years ago

Just tested with the latest nightly build of Soot (October 10, 2017) and it works fine for me. I used the fat JAR they provide that includes all dependencies.

I've updated the README to add instructions on downloading the nightly build. Let me know if you still have issues after following those steps.

linghuiluo commented 7 years ago

Hi Rohan,

Thank you for testing it. I just tested the latest nightly build and it worked for SignTest. But for CopyConstantTest I still got exceptions as shown in the following screenshot. vasco

rohanpadhye commented 7 years ago

@linghui2016 : Yes, I am getting the same error for CopyConstantTest. However, this appears to be an issue with Soot and not VASCO as you can get the same error when running only Soot without VASCO:

java -cp lib/soot.jar soot.Main -cp tests/ -pp vasco.tests.CopyConstantTestCase
# ERROR!

This appears to be a bug with their source-to-bytecode transformation. One solution is to not use the source directory (i.e. tests/) as the classpath but instead use bin/ as the classpath.

I'm pushing a change to the Ant build script and Eclipse launch files to do this instead.

Thanks for pointing this out!

rohanpadhye commented 7 years ago

@linghui2016 : Since you've opened the issue, I've also moved the test cases (i.e. sample classes to be analyzed) from the tests package to the vasco.tests package so that they can all be built using Ant without polluting the global namespace. Just be aware of this when you pull the latest commit.

linghuiluo commented 7 years ago

Hi Rohan, thanks for solving this issue. The problem is the java to jimple frontend in soot. soot.JastAddJ is the frontend(in stacktrace). This is outdated. Don't use soot to transform java to jimple but only bytecode to jimple. (I just have a soot expert in my office)

rohanpadhye commented 7 years ago

@linghui2016 Thanks for letting me know. I was not aware of this (I haven't been keeping track of Soot).