Large program analysis with soot+paddle

StackOverflow https://stackoverflow.com/questions/14675438

  •  06-03-2022
  •  | 
  •  

Question

I am trying to use Soot's paddle framework to do context sensitive "points to" analysis for android apps having 20KLOC-50KLOC of Java code. I have modified soot to have multiple entry points as apps don't have a main method. When I run the analysis it throws following exception 

Exception in thread "main" java.lang.RuntimeException: Value 65543 was too large in      domain soot.jimple.paddle.bdddomains.MethodDomain!
at jedd.internal.Domain.setBits(Domain.java:62)
at jedd.internal.Jedd.literal(Jedd.java:158)

I increased the value 14 in SigDomain(14) in SigDomain.jedd file in paddle source code which caused the analysis to run much longer but still at the end it failed giving the same exception. (I have also increased the stack size and heap size of jvm to 1 and 4 GB). If I set this value SigDomain(14) too large like ~20000 the paddle analysis doesn't even start.

I have following options for paddle:

    opt.put("verbose","true");
    opt.put("bdd","true");
    opt.put("backend","javabdd");
    opt.put("context","kcfa");
    opt.put("k","2");
    opt.put("propagator","auto");
    opt.put("conf","ofcg");
    opt.put("order","32");
    opt.put("q","auto");
    opt.put("set-impl","double");
    opt.put("double-set-old","hybrid");
    opt.put("double-set-new","hybrid");
    opt.put("pre-jimplify","false");


    PaddleTransformer pt = new PaddleTransformer();
    PaddleOptions paddle_opt = new PaddleOptions(opt);
    pt.setup(paddle_opt);
    pt.solve(paddle_opt);
    soot.jimple.paddle.Results.v().makeStandardSootResults();
Was it helpful?

Solution

As one of the maintainers of Soot let me advise you that you'll usually get faster help on the Soot mailing list, as not all of us might be watching StackOverflow. Ondrej Lhotak might be able to help with this...

Context-sensitive analysis is generally very expensive. Possible solution are (1) to do a demand-driven context-sensitive analysis (which Soot supports too; check the command line options), (2) construct you own hand-crafted pointer abstraction, or (3) exclude some of the runtime library from analysis (which would be unsound). Hope that helps...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top