Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Unit in unit-to-owner Mapping #2042

Open
lbettels opened this issue Jan 16, 2024 · 0 comments
Open

Missing Unit in unit-to-owner Mapping #2042

lbettels opened this issue Jan 16, 2024 · 0 comments

Comments

@lbettels
Copy link

Describe the bug
I am currently updating/extending the Soot TaintAnalysis framework.
When I try to run the analysis, i encounter an error where it says that a unit is missing from the statement to owner list in the icfg, even though that unit should be part of the owner list, as Heros manages to load the active body of the method later in the analysis. This does not happen in the version 4.2.1 of soot.

I added the compiled and to-be-analyzed class files.
I am interested in a taint analysis starting from target.taint.Assignment 's main method, which uses a class from another package.
The missing unit is the statement this := @this: target.taint.internal.SourceClass from the target.taint.internal.SourceClass <init> method.

Input file
target.zip

To reproduce
I am using:

  • JDK 17
  • Soot 4.5.0-SNAPSHOT
    SootOptions when loading the file into the scene:
private void setupSoot(String targetTestClassName) {
        // <----- in this case targetTestClassName == "target.taint.Assignment"----->
        G.reset();
        String userdir = System.getProperty("user.dir");

	String sootCp = userdir + File.separator + "target" + File.separator + "test-classes"+ ":VIRTUAL_FS_FOR_JDK";
	Options.v().set_soot_classpath(sootCp);

        // We want to perform a whole program, i.e. an interprocedural analysis.
        // We construct a basic CHA call graph for the program
        Options.v().set_whole_program(true);
        Options.v().setPhaseOption("cg.cha", "on");
        Options.v().setPhaseOption("cg", "all-reachable:true");

        Options.v().set_no_bodies_for_excluded(true);
        Options.v().set_allow_phantom_refs(true);
        Options.v().setPhaseOption("jb", "use-original-names:true");
        Options.v().setPhaseOption("jb.ls", "enabled:false");
		Options.v().set_prepend_classpath(false);

        Scene.v().addBasicClass("java.lang.StringBuilder");
        SootClass c = Scene.v().forceResolve(targetTestClassName, SootClass.BODIES);
        if (c != null) {
            c.setApplicationClass();
        }
        Scene.v().loadNecessaryClasses();
    }

Then I register the transformer

Transform transform = new Transform("wjtp.ifds", createAnalysisTransformer());
PackManager.v().getPack("wjtp").add(transform);

Within the createAnalysisTransformer() the icfg is constructed:

JimpleBasedInterproceduralCFG icfg = new JimpleBasedInterproceduralCFG(false);

Expected behavior
As heros is able to load the method body of the target.taint.internal.SourceClass methods, i expect a unit-to-owner mapping to exist in the icfg.

Stacktrace

Exception in thread "Thread-8" Exception in thread "Thread-9" java.lang.AssertionError: Statement this := @this: target.taint.internal.SourceClass not in unit-to-owner mapping
	at soot.jimple.toolkits.ide.icfg.AbstractJimpleBasedICFG.getBodyOf(AbstractJimpleBasedICFG.java:103)
	at soot.jimple.toolkits.ide.icfg.AbstractJimpleBasedICFG.isExitStmt(AbstractJimpleBasedICFG.java:152)
	at soot.jimple.toolkits.ide.icfg.AbstractJimpleBasedICFG.isExitStmt(AbstractJimpleBasedICFG.java:51)
	at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:897)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:840)
java.util.concurrent.RejectedExecutionException: Task heros.solver.IDESolver$PathEdgeProcessingTask@58c67daa rejected from heros.solver.CountingThreadPoolExecutor@412414b2[Shutting down, pool size = 11, active threads = 2, queued tasks = 0, completed tasks = 9]
	at java.base/java.util.concurrent.ThreadPoolExecutor$AbortPolicy.rejectedExecution(ThreadPoolExecutor.java:2065)
	at java.base/java.util.concurrent.ThreadPoolExecutor.reject(ThreadPoolExecutor.java:833)
	at java.base/java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1365)
	at heros.solver.CountingThreadPoolExecutor.execute(CountingThreadPoolExecutor.java:51)
	at heros.solver.IDESolver.scheduleEdgeProcessing(IDESolver.java:286)
	at heros.solver.IDESolver.propagate(IDESolver.java:651)
	at heros.solver.IDESolver.processCall(IDESolver.java:362)
	at heros.solver.IDESolver.access$000(IDESolver.java:68)
	at heros.solver.IDESolver$PathEdgeProcessingTask.run(IDESolver.java:893)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lbettels