Describe the bug
I am currently updating/extending the Soot TaintAnalysis framework.
When I try to run the analysis, i encounter an error where it says that a unit is missing from the statement to owner list in the icfg, even though that unit should be part of the owner list, as Heros manages to load the active body of the method later in the analysis. This does not happen in the version 4.2.1 of soot.
I added the compiled and to-be-analyzed class files.
I am interested in a taint analysis starting from target.taint.Assignment 's main method, which uses a class from another package.
The missing unit is the statement this := @this: target.taint.internal.SourceClass from the target.taint.internal.SourceClass <init> method.
Soot 4.5.0-SNAPSHOT
SootOptions when loading the file into the scene:
private void setupSoot(String targetTestClassName) {
// <----- in this case targetTestClassName == "target.taint.Assignment"----->
G.reset();
String userdir = System.getProperty("user.dir");
String sootCp = userdir + File.separator + "target" + File.separator + "test-classes"+ ":VIRTUAL_FS_FOR_JDK";
Options.v().set_soot_classpath(sootCp);
// We want to perform a whole program, i.e. an interprocedural analysis.
// We construct a basic CHA call graph for the program
Options.v().set_whole_program(true);
Options.v().setPhaseOption("cg.cha", "on");
Options.v().setPhaseOption("cg", "all-reachable:true");
Options.v().set_no_bodies_for_excluded(true);
Options.v().set_allow_phantom_refs(true);
Options.v().setPhaseOption("jb", "use-original-names:true");
Options.v().setPhaseOption("jb.ls", "enabled:false");
Options.v().set_prepend_classpath(false);
Scene.v().addBasicClass("java.lang.StringBuilder");
SootClass c = Scene.v().forceResolve(targetTestClassName, SootClass.BODIES);
if (c != null) {
c.setApplicationClass();
}
Scene.v().loadNecessaryClasses();
}
Then I register the transformer
Transform transform = new Transform("wjtp.ifds", createAnalysisTransformer());
PackManager.v().getPack("wjtp").add(transform);
Within the createAnalysisTransformer() the icfg is constructed:
JimpleBasedInterproceduralCFG icfg = new JimpleBasedInterproceduralCFG(false);
Expected behavior
As heros is able to load the method body of the target.taint.internal.SourceClass methods, i expect a unit-to-owner mapping to exist in the icfg.
Stacktrace
Exception in thread "Thread-8" Exception in thread "Thread-9" java.lang.AssertionError: Statement this := @this: target.taint.internal.SourceClass not in unit-to-owner mapping
at soot.jimple.toolkits.ide.icfg.AbstractJimpleBasedICFG.getBodyOf(AbstractJimpleBasedICFG.java:103)
at soot.jimple.toolkits.ide.icfg.AbstractJimpleBasedICFG.isExitStmt(AbstractJimpleBasedICFG.java:152)
at soot.jimple.toolkits.ide.icfg.AbstractJimpleBasedICFG.isExitStmt(AbstractJimpleBasedICFG.java:51)
at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:897)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
java.util.concurrent.RejectedExecutionException: Task heros.solver.IDESolver$PathEdgeProcessingTask@58c67daa rejected from heros.solver.CountingThreadPoolExecutor@412414b2[Shutting down, pool size = 11, active threads = 2, queued tasks = 0, completed tasks = 9]
at java.base/java.util.concurrent.ThreadPoolExecutor$AbortPolicy.rejectedExecution(ThreadPoolExecutor.java:2065)
at java.base/java.util.concurrent.ThreadPoolExecutor.reject(ThreadPoolExecutor.java:833)
at java.base/java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1365)
at heros.solver.CountingThreadPoolExecutor.execute(CountingThreadPoolExecutor.java:51)
at heros.solver.IDESolver.scheduleEdgeProcessing(IDESolver.java:286)
at heros.solver.IDESolver.propagate(IDESolver.java:651)
at heros.solver.IDESolver.processCall(IDESolver.java:362)
at heros.solver.IDESolver.access$000(IDESolver.java:68)
at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:893)
Describe the bug I am currently updating/extending the Soot TaintAnalysis framework. When I try to run the analysis, i encounter an error where it says that a unit is missing from the statement to owner list in the icfg, even though that unit should be part of the owner list, as Heros manages to load the active body of the method later in the analysis. This does not happen in the version 4.2.1 of soot.
I added the compiled and to-be-analyzed class files. I am interested in a taint analysis starting from
target.taint.Assignment's main method, which uses a class from another package. The missing unit is the statementthis := @this: target.taint.internal.SourceClassfrom thetarget.taint.internal.SourceClass <init>method.Input file target.zip
To reproduce I am using:
Soot 4.5.0-SNAPSHOT SootOptions when loading the file into the scene:
Then I register the transformer
Within the
createAnalysisTransformer()the icfg is constructed:Expected behavior As heros is able to load the method body of the target.taint.internal.SourceClass methods, i expect a unit-to-owner mapping to exist in the icfg.
Stacktrace