search

soot-oss / SootUp

A new version of Soot with a completely overhauled architecture
https://soot-oss.github.io/SootUp/
GNU Lesser General Public License v2.1
546 stars 66 forks source link

[Bug]: A runtime crash when analyzing Lucence library #953

Open tisble opened 3 weeks ago

tisble commented 3 weeks ago

What happened?

I used SootUp to analyze a jar library Lucene Link and it crashed when constructed call graph. After an initial investigation, I found the crash is caused by the method unmapHackImpl Link.

Version

Latest develop branch

Relevant log output

java.lang.IllegalStateException: Failed to apply sootup.java.core.interceptors.NopEliminator@2e40ea48 to <org.example.Test: java.lang.Object foo()>
        at sootup.java.bytecode.frontend.AsmMethodSource.resolveBody(AsmMethodSource.java:240)
        at sootup.core.model.SootMethod.lazyBodyInitializer(SootMethod.java:98)
        at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:186)
        at sootup.core.model.SootMethod.getBody(SootMethod.java:177)
        at sootup.callgraph.RapidTypeAnalysisAlgorithm.collectInstantiatedClassesInMethod(RapidTypeAnalysisAlgorithm.java:106)
        at sootup.callgraph.RapidTypeAnalysisAlgorithm.preProcessingMethod(RapidTypeAnalysisAlgorithm.java:233)
        at sootup.callgraph.AbstractCallGraphAlgorithm.processWorkList(AbstractCallGraphAlgorithm.java:164)
        at sootup.callgraph.AbstractCallGraphAlgorithm.constructCompleteCallGraph(AbstractCallGraphAlgorithm.java:85)
        at sootup.callgraph.RapidTypeAnalysisAlgorithm.initialize(RapidTypeAnalysisAlgorithm.java:88)
        at edu.ssrlab.analysis.SootUpExecutor.runRTA(SootUpExecutor.java:197)
        at edu.ssrlab.TestMutiFolder.testSootUpCHA(TestMutiFolder.java:104)
        at java.base/java.lang.reflect.Method.invoke(Method.java:568)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
Caused by: java.lang.IllegalStateException: visualize invalid StmtGraph: <URL>
        at sootup.core.graph.StmtGraph.validateStmtConnectionsInGraph(StmtGraph.java:244)
        at sootup.java.bytecode.frontend.AsmMethodSource.resolveBody(AsmMethodSource.java:237)
        ... 13 more
Caused by: java.lang.IllegalArgumentException: Invalid StmtGraph. A Trap is not created as a traps endStmt was not visited during the iteration of all Stmts.
        at sootup.core.graph.StmtGraph$BlockGraphIteratorAndTrapAggregator.getTraps(StmtGraph.java:490)
        at sootup.core.graph.MutableBlockStmtGraph.getTraps(MutableBlockStmtGraph.java:1495)
        at sootup.core.graph.StmtGraph.validateStmtConnectionsInGraph(StmtGraph.java:187)
        ... 14 more