From 689da71157672f87636b936da1e9b8984b62047c Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 19 Oct 2022 11:42:52 +0100 Subject: [PATCH 1/6] Fix testcases Signed-off-by: Arthur Chan --- tests/java/test1/TestFuzzer.java | 5 +++++ tests/java/test2/TestFuzzer.java | 5 +++++ tests/java/test3/TestFuzzer.java | 5 +++++ tests/java/test4/Fuzz/TestFuzzer.java | 5 +++++ tests/java/test5/Fuzz/TestFuzzer.java | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/tests/java/test1/TestFuzzer.java b/tests/java/test1/TestFuzzer.java index b68503363..a61ff4713 100644 --- a/tests/java/test1/TestFuzzer.java +++ b/tests/java/test1/TestFuzzer.java @@ -14,9 +14,14 @@ /////////////////////////////////////////////////////////////////////////// import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.code_intelligence.jazzer.api.CannedFuzzedDataProvider; public class TestFuzzer { public static void fuzzerTestOneInput(FuzzedDataProvider data) { System.out.println("TF"); } + + public static void main(String[] args) { + TestFuzzer.fuzzerTestOneInput(new CannedFuzzedDataProvider("RANDOM")); + } } diff --git a/tests/java/test2/TestFuzzer.java b/tests/java/test2/TestFuzzer.java index 51a640536..e198ec68b 100644 --- a/tests/java/test2/TestFuzzer.java +++ b/tests/java/test2/TestFuzzer.java @@ -14,6 +14,7 @@ /////////////////////////////////////////////////////////////////////////// import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.code_intelligence.jazzer.api.CannedFuzzedDataProvider; public class TestFuzzer { private void function1() { @@ -41,4 +42,8 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) { TestFuzzer.function2(); } } + + public static void main(String[] args) { + TestFuzzer.fuzzerTestOneInput(new CannedFuzzedDataProvider("RANDOM")); + } } diff --git a/tests/java/test3/TestFuzzer.java b/tests/java/test3/TestFuzzer.java index 2c3e9e85b..76242cb19 100644 --- a/tests/java/test3/TestFuzzer.java +++ b/tests/java/test3/TestFuzzer.java @@ -14,6 +14,7 @@ /////////////////////////////////////////////////////////////////////////// import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.code_intelligence.jazzer.api.CannedFuzzedDataProvider; class FunctionTest { protected void function1() { @@ -45,4 +46,8 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) { FunctionTest.function2(); } } + + public static void main(String[] args) { + TestFuzzer.fuzzerTestOneInput(new CannedFuzzedDataProvider("RANDOM")); + } } diff --git a/tests/java/test4/Fuzz/TestFuzzer.java b/tests/java/test4/Fuzz/TestFuzzer.java index 865b83ab5..125463810 100644 --- a/tests/java/test4/Fuzz/TestFuzzer.java +++ b/tests/java/test4/Fuzz/TestFuzzer.java @@ -16,6 +16,7 @@ package Fuzz; import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.code_intelligence.jazzer.api.CannedFuzzedDataProvider; public class TestFuzzer { public static void fuzzerTestOneInput(FuzzedDataProvider data) { @@ -28,4 +29,8 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) { FunctionTest.function2(); } } + + public static void main(String[] args) { + TestFuzzer.fuzzerTestOneInput(new CannedFuzzedDataProvider("RANDOM")); + } } diff --git a/tests/java/test5/Fuzz/TestFuzzer.java b/tests/java/test5/Fuzz/TestFuzzer.java index aba9fd9da..6d99b6872 100644 --- a/tests/java/test5/Fuzz/TestFuzzer.java +++ b/tests/java/test5/Fuzz/TestFuzzer.java @@ -17,6 +17,7 @@ import Function.FunctionTest; import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.code_intelligence.jazzer.api.CannedFuzzedDataProvider; public class TestFuzzer { public static void fuzzerTestOneInput(FuzzedDataProvider data) { @@ -29,4 +30,8 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) { FunctionTest.function2(); } } + + public static void main(String[] args) { + TestFuzzer.fuzzerTestOneInput(new CannedFuzzedDataProvider("RANDOM")); + } } From 9497cbfb062519a9e5b50bb1ded9884249b16743 Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 19 Oct 2022 11:44:13 +0100 Subject: [PATCH 2/6] Fix build script Signed-off-by: Arthur Chan --- frontends/java/soot/pom.xml | 20 +++++++++++++++----- frontends/java/wala/run.sh | 4 ++-- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/frontends/java/soot/pom.xml b/frontends/java/soot/pom.xml index fa307952b..b2a15a1a6 100644 --- a/frontends/java/soot/pom.xml +++ b/frontends/java/soot/pom.xml @@ -16,11 +16,21 @@ - - org.soot-oss - soot - 4.3.0 - + + org.slf4j + slf4j-api + 2.0.3 + + + org.soot-oss + soot + 4.3.0 + + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + 2.14.0-rc2 + junit junit diff --git a/frontends/java/wala/run.sh b/frontends/java/wala/run.sh index c33b65081..9074a68bb 100755 --- a/frontends/java/wala/run.sh +++ b/frontends/java/wala/run.sh @@ -10,7 +10,7 @@ while [[ $# -gt 0 ]]; do shift shift ;; - -e|--entryclass) + -c|--entryclass) ENTRYCLASS="$2" shift shift @@ -29,7 +29,7 @@ then fi if [ -z $ENTRYCLASS ] then - echo "You need to specify entry class with -e or --entryclass ." + echo "You need to specify entry class with -c or --entryclass ." exit 1 fi From 19af6b58c82e4e3da55c0f540e69a4f77918569c Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 19 Oct 2022 11:47:07 +0100 Subject: [PATCH 3/6] Fix readme Signed-off-by: Arthur Chan --- frontends/java/README.md | 198 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 195 insertions(+), 3 deletions(-) diff --git a/frontends/java/README.md b/frontends/java/README.md index 866e6f815..6a898e6c9 100644 --- a/frontends/java/README.md +++ b/frontends/java/README.md @@ -7,6 +7,32 @@ Download and install java / maven in ubuntu sudo apt-get install -y openjdk-8-jdk-headless maven +Prepare your java application for the static analysis +----------------------------------------- +You need to pack your java application (your compiled java bytecode in *.class to jar files in order to use the static analysis. + +After you have compiled your *.java source code into *.class bytecode. You could use the following commands to pack them into a jar file + +Command: `jar cvf ` + +The sample command below will generate an app.jar file which contains main.class sub1.class and sub.class + +Sample command: `jar cvf app.jar main.class sub1.class sub2.class` + + +Sample application for testing +----------------------------------------- +In fuzz-introspector/tests/java directory, there are 5 sample testcases. Each of them contains a sample java application and a build script. + +Just go into one of the testcases directories (test1 to test5) and execute the build script, it will automatically generate a jar file for testing. + +You could then use the generated file for the static analysis by specifying its full path or move it to the necessary locations. + +Example for compiling and packing jar file for testcase test1: `cd path/to/fuzz-introspector/tests/java/test1; ./build.sh` + +Example for compiling and packing jar file for testcase test5: `cd path/to/fuzz-introspector/tests/java/test5; ./build.sh` + + Using java-callgraph ----------------------------------------- Depends on OpenJDK+JRE 8 or later @@ -17,7 +43,11 @@ It requires the target source code compiled and packed into jar file. The resulting call tree are shown in stdout. -Example of running: `java -jar javacg-0.1-SNAPSHOT-static.jar ` +Command: `java -jar javacg-0.1-SNAPSHOT-static.jar ` + +Example for execution using testcase test1: `java -jar javacg-0.1-SNAPSHOT-static.jar path/to/fuzz-introspector/tests/java/test1/test1.jar` + +Example for execution using testcase test5: `java -jar javacg-0.1-SNAPSHOT-static.jar path/to/fuzz-introspector/tests/java/test5/test5.jar` Using IBM's WALA @@ -30,7 +60,13 @@ Depends on IBM's WALA https://github.com/wala/WALA, the maven build process will The resulting call tree are shown in stdout. -Example of running: `./run.sh <-j | --jarFile> <-e | --entryclass> ` +**Current limitation, the entryclass must contains the main method to build the callgraph.** + +Example of running: `./run.sh <-j | --jarfile> <-c | --entryclass> ` + +Example for execution using testcase test1: `./run.sh --jarfile path/to/fuzz-introspector/tests/java/test1/test1.jar --entryclass TestFuzzer` + +Example for execution using testcase test5: `./run.sh --jarfile path/to/fuzz-introspector/tests/java/test5/test5.jar --entryclass Fuzz.TestFuzzer` Using Soot @@ -43,5 +79,161 @@ Depends on IBM's WALA https://github.com/soot-oss/soot, the maven build process The resulting call tree are shown in stdout. -Example of running: `./run.sh <-j | --jarFile> <-c | --entryclass> <-m | --entrymethod ` +Example of running: `./run.sh <-j | --jarfile> <-c | --entryclass> <-m | --entrymethod ` + +Example for execution using testcase test1: `./run.sh -j path/to/fuzz-introspector/tests/java/test1/test1.jar -c TestFuzzer -m fuzzerTestOneInput` + +Example for execution using testcase test5: `./run.sh -j path/to/fuzz-introspector/tests/java/test5/test5.jar -c Fuzz.TestFuzzer -m fuzzerTestOneInput` + + +Sample output for testcase test1 +------------------------------------------ +**java-callgraph** +``` +C:TestFuzzer com.code_intelligence.jazzer.api.CannedFuzzedDataProvider +C:TestFuzzer TestFuzzer +C:TestFuzzer java.lang.Object +C:TestFuzzer java.lang.System +C:TestFuzzer java.io.PrintStream +M:TestFuzzer:() (O)java.lang.Object:() +M:TestFuzzer:fuzzerTestOneInput(com.code_intelligence.jazzer.api.FuzzedDataProvider) (M)java.io.PrintStream:println(java.lang.String) +M:TestFuzzer:main(java.lang.String[]) (O)com.code_intelligence.jazzer.api.CannedFuzzedDataProvider:(java.lang.String) +M:TestFuzzer:main(java.lang.String[]) (S)TestFuzzer:fuzzerTestOneInput(com.code_intelligence.jazzer.api.FuzzedDataProvider) +``` + +**Wala** +``` +Node: synthetic < Primordial, Lcom/ibm/wala/FakeRootClass, fakeRootMethod()V > Context: Everywhere + - invokestatic < Primordial, Lcom/ibm/wala/FakeRootClass, fakeWorldClinit()V >@0 + -> Node: synthetic < Primordial, Lcom/ibm/wala/FakeRootClass, fakeWorldClinit()V > Context: Everywhere + - invokespecial < Primordial, Ljava/lang/Object, ()V >@4 + -> Node: < Primordial, Ljava/lang/Object, ()V > Context: Everywhere + - invokestatic < Application, LTestFuzzer, main([Ljava/lang/String;)V >@5 + -> Node: < Application, LTestFuzzer, main([Ljava/lang/String;)V > Context: Everywhere +Node: synthetic < Primordial, Lcom/ibm/wala/FakeRootClass, fakeWorldClinit()V > Context: Everywhere + - invokestatic < Primordial, Ljava/lang/Object, ()V >@0 + -> Node: < Primordial, Ljava/lang/Object, ()V > Context: Everywhere + - invokestatic < Primordial, Ljava/lang/String, ()V >@1 + -> Node: < Primordial, Ljava/lang/String, ()V > Context: Everywhere +Node: < Primordial, Ljava/lang/Object, ()V > Context: Everywhere + - invokestatic < Primordial, Ljava/lang/Object, registerNatives()V >@0 + -> Node: < Primordial, Ljava/lang/Object, registerNatives()V > Context: Everywhere +Node: < Primordial, Ljava/lang/Object, registerNatives()V > Context: Everywhere +Node: < Primordial, Ljava/lang/String, ()V > Context: Everywhere + - invokespecial < Primordial, Ljava/lang/String$CaseInsensitiveComparator, (Ljava/lang/String$1;)V >@12 + -> Node: < Primordial, Ljava/lang/String$CaseInsensitiveComparator, (Ljava/lang/String$1;)V > Context: Everywhere +Node: < Primordial, Ljava/lang/String$CaseInsensitiveComparator, (Ljava/lang/String$1;)V > Context: Everywhere + - invokespecial < Primordial, Ljava/lang/String$CaseInsensitiveComparator, ()V >@1 + -> Node: < Primordial, Ljava/lang/String$CaseInsensitiveComparator, ()V > Context: Everywhere +Node: < Primordial, Ljava/lang/String$CaseInsensitiveComparator, ()V > Context: Everywhere + - invokespecial < Primordial, Ljava/lang/Object, ()V >@1 + -> Node: < Primordial, Ljava/lang/Object, ()V > Context: Everywhere +Node: < Primordial, Ljava/lang/Object, ()V > Context: Everywhere +Node: < Application, LTestFuzzer, main([Ljava/lang/String;)V > Context: Everywhere + - invokestatic < Application, LTestFuzzer, fuzzerTestOneInput(Lcom/code_intelligence/jazzer/api/FuzzedDataProvider;)V >@9 + -> Node: < Application, LTestFuzzer, fuzzerTestOneInput(Lcom/code_intelligence/jazzer/api/FuzzedDataProvider;)V > Context: Everywhere +Node: < Application, LTestFuzzer, fuzzerTestOneInput(Lcom/code_intelligence/jazzer/api/FuzzedDataProvider;)V > Context: Everywhere +``` + +**Soot** +``` +SLF4J: No SLF4J providers were found. +SLF4J: Defaulting to no-operation (NOP) logger implementation +SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details. +-------------------------------------------------- +Class #1: TestFuzzer +Class #1 Method #1: ()> + > No calls to this method. + + Total: 0 internal calls. + + > No calls from this method. + + Total: 0 external calls. + +Class #1 Method #2: + > No calls to this method. + + Total: 0 internal calls. + + > calls ()> on Line 21 + > calls on Line 21 + > calls ()> on Line 21 + + Total: 3 external calls. + +Class #1 Method #3: + > No calls to this method. + + Total: 0 internal calls. + + > No calls from this method. + + Total: 0 external calls. + +-------------------------------------------------- +Total Edges:3 +-------------------------------------------------- +--- +filename: "TestFuzzer" +functionConfig: + listName: "All functions" + functionElements: + - functionName: "" + functionSourceFile: "TestFuzzer" + linkageType: null + functionLinenumber: 18 + functionDepth: null + returnType: "void" + argCount: 0 + argTypes: [] + constantsTouched: [] + argNames: [] + iCount: null + edgeCount: 0 + functionReached: [] + functionUses: 0 + branchProfiles: null + bbcount: null + cyclomaticComplexity: null + - functionName: "fuzzerTestOneInput" + functionSourceFile: "TestFuzzer" + linkageType: null + functionLinenumber: 20 + functionDepth: null + returnType: "void" + argCount: 1 + argTypes: + - "com.code_intelligence.jazzer.api.FuzzedDataProvider" + constantsTouched: [] + argNames: [] + iCount: null + edgeCount: 3 + functionReached: + - "()>; Line: 21" + - "; Line: 21" + - "()>; Line: 21" + functionUses: 0 + branchProfiles: null + bbcount: null + cyclomaticComplexity: null + - functionName: "main" + functionSourceFile: "TestFuzzer" + linkageType: null + functionLinenumber: 24 + functionDepth: null + returnType: "void" + argCount: 1 + argTypes: + - "java.lang.String[]" + constantsTouched: [] + argNames: [] + iCount: null + edgeCount: 0 + functionReached: [] + functionUses: 0 + branchProfiles: null + bbcount: null + cyclomaticComplexity: null +``` From c11b3b217aca1ab3a4ac3ef26f81002e8d35333d Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 19 Oct 2022 11:57:27 +0100 Subject: [PATCH 4/6] Fix build script Signed-off-by: Arthur Chan --- frontends/java/README.md | 3 --- frontends/java/soot/pom.xml | 6 ++++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/frontends/java/README.md b/frontends/java/README.md index 6a898e6c9..3a29e593d 100644 --- a/frontends/java/README.md +++ b/frontends/java/README.md @@ -137,9 +137,6 @@ Node: < Application, LTestFuzzer, fuzzerTestOneInput(Lcom/code_intelligence/jazz **Soot** ``` -SLF4J: No SLF4J providers were found. -SLF4J: Defaulting to no-operation (NOP) logger implementation -SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details. -------------------------------------------------- Class #1: TestFuzzer Class #1 Method #1: ()> diff --git a/frontends/java/soot/pom.xml b/frontends/java/soot/pom.xml index b2a15a1a6..05d14365a 100644 --- a/frontends/java/soot/pom.xml +++ b/frontends/java/soot/pom.xml @@ -21,6 +21,12 @@ slf4j-api 2.0.3 + + org.slf4j + slf4j-simple + 2.0.3 + runtime + org.soot-oss soot From 0f73d9adaca437aeb8ce159452a8a802a27122b4 Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 19 Oct 2022 12:57:28 +0100 Subject: [PATCH 5/6] Fix readme Signed-off-by: Arthur Chan --- frontends/java/README.md | 75 ++++++++++++++++++++++++++++++++-------- 1 file changed, 60 insertions(+), 15 deletions(-) diff --git a/frontends/java/README.md b/frontends/java/README.md index 3a29e593d..a0651909b 100644 --- a/frontends/java/README.md +++ b/frontends/java/README.md @@ -4,7 +4,7 @@ This is work in progress. Download and install java / maven in ubuntu ----------------------------------------- -sudo apt-get install -y openjdk-8-jdk-headless maven +`sudo apt-get install -y openjdk-8-jdk-headless maven` Prepare your java application for the static analysis @@ -39,20 +39,40 @@ Depends on OpenJDK+JRE 8 or later Depends on https://github.com/gousiosg/java-callgraph, which has compiled and packed as a jar file (javacg-0.1-SNAPSHOT-static.jar) -It requires the target source code compiled and packed into jar file. +To compile your own javacg-0.1-SNAPSHOT-static.jar, follows the steps below. + +>``` + git clone https://github.com/gousiosg/java-callgraph + cd java-callgraph + mvn install +``` + +After compiling the java-callgraph, the needed javacg-0.1-SNAPSHOT-static.jar is in the target directory. The resulting call tree are shown in stdout. -Command: `java -jar javacg-0.1-SNAPSHOT-static.jar ` +Command: +>``` + cd frontends/java/java-callgraph + java -jar javacg-0.1-SNAPSHOT-static.jar +``` -Example for execution using testcase test1: `java -jar javacg-0.1-SNAPSHOT-static.jar path/to/fuzz-introspector/tests/java/test1/test1.jar` +Example for execution using testcase test1: +>``` + cd frontends/java/java-callgraph + java -jar javacg-0.1-SNAPSHOT-static.jar path/to/fuzz-introspector/tests/java/test1/test1.jar +``` -Example for execution using testcase test5: `java -jar javacg-0.1-SNAPSHOT-static.jar path/to/fuzz-introspector/tests/java/test5/test5.jar` +Example for execution using testcase test5: +>``` + cd frontends/java/java-callgraph + java -jar javacg-0.1-SNAPSHOT-static.jar path/to/fuzz-introspector/tests/java/test5/test5.jar +``` Using IBM's WALA ------------------------------------------ -Depends on OpenJDK+JRE 8 or later +Depends on OpenJDK+JRE 8 (will fail if using Java9 or later because of the switch of rt.jar to jmod) Depends on Maven 3.3 or later @@ -62,28 +82,53 @@ The resulting call tree are shown in stdout. **Current limitation, the entryclass must contains the main method to build the callgraph.** -Example of running: `./run.sh <-j | --jarfile> <-c | --entryclass> ` - -Example for execution using testcase test1: `./run.sh --jarfile path/to/fuzz-introspector/tests/java/test1/test1.jar --entryclass TestFuzzer` +Example of running: +>``` + cd frontends/java/wala + ./run.sh <-j | --jarfile> <-c | --entryclass> +``` -Example for execution using testcase test5: `./run.sh --jarfile path/to/fuzz-introspector/tests/java/test5/test5.jar --entryclass Fuzz.TestFuzzer` +Example for execution using testcase test1: +>``` + cd frontends/java/wala + ./run.sh --jarfile path/to/fuzz-introspector/tests/java/test1/test1.jar --entryclass TestFuzzer +``` +Example for execution using testcase test5: +>``` + cd frontends/java/wala + ./run.sh --jarfile path/to/fuzz-introspector/tests/java/test5/test5.jar --entryclass Fuzz.TestFuzzer` +``` Using Soot ------------------------------------------ -Depends on OpenJDK+JRE 8 or later +Depends on OpenJDK+JRE 8 (will fail if using Java9 or later because of the switch of rt.jar to jmod) + Depends on Maven 3.3 or later -Depends on IBM's WALA https://github.com/soot-oss/soot, the maven build process will automatically download and pack the Soot jar libraries. +Depends on Soot https://github.com/soot-oss/soot, the maven build process will automatically download and pack the Soot jar libraries. The resulting call tree are shown in stdout. -Example of running: `./run.sh <-j | --jarfile> <-c | --entryclass> <-m | --entrymethod ` +Example of running: -Example for execution using testcase test1: `./run.sh -j path/to/fuzz-introspector/tests/java/test1/test1.jar -c TestFuzzer -m fuzzerTestOneInput` +>``` + cd frontends/java/soot + ./run.sh <-j | --jarfile> <-c | --entryclass> <-m | --entrymethod +``` + +Example for execution using testcase test1: +>``` + cd frontends/java/soot + ./run.sh -j path/to/fuzz-introspector/tests/java/test1/test1.jar -c TestFuzzer -m fuzzerTestOneInput +``` -Example for execution using testcase test5: `./run.sh -j path/to/fuzz-introspector/tests/java/test5/test5.jar -c Fuzz.TestFuzzer -m fuzzerTestOneInput` +Example for execution using testcase test5: +>``` + cd frontends/java/soot + ./run.sh -j path/to/fuzz-introspector/tests/java/test5/test5.jar -c Fuzz.TestFuzzer -m fuzzerTestOneInput +``` Sample output for testcase test1 From f83eded1fa88e09d128225d805cec1e54484e01c Mon Sep 17 00:00:00 2001 From: Arthur Chan Date: Wed, 19 Oct 2022 16:23:04 +0100 Subject: [PATCH 6/6] Fix logic to allow JDK8+ Signed-off-by: Arthur Chan --- frontends/java/README.md | 10 ++++-- frontends/java/soot/run.sh | 2 +- .../introspector/soot/CallGraphGenerator.java | 31 ++++++++++--------- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/frontends/java/README.md b/frontends/java/README.md index a0651909b..f9d1e2e21 100644 --- a/frontends/java/README.md +++ b/frontends/java/README.md @@ -5,6 +5,11 @@ This is work in progress. Download and install java / maven in ubuntu ----------------------------------------- `sudo apt-get install -y openjdk-8-jdk-headless maven` +or +`sudo apt-get install -y openjdk-11-jdk-headless maven` +depends on the application you want to run. + +java-callgraph and soot approach could run with OpenJDK+JRE 8 or later, while WALA can only run with OpenJDK+JRE 11 or later. Prepare your java application for the static analysis @@ -72,7 +77,7 @@ Example for execution using testcase test5: Using IBM's WALA ------------------------------------------ -Depends on OpenJDK+JRE 8 (will fail if using Java9 or later because of the switch of rt.jar to jmod) +Depends on OpenJDK+JRE 11 or later Depends on Maven 3.3 or later @@ -102,8 +107,7 @@ Example for execution using testcase test5: Using Soot ------------------------------------------ -Depends on OpenJDK+JRE 8 (will fail if using Java9 or later because of the switch of rt.jar to jmod) - +Depends on OpenJDK+JRE 8 or later Depends on Maven 3.3 or later diff --git a/frontends/java/soot/run.sh b/frontends/java/soot/run.sh index fc3f4e83d..2cb03108f 100755 --- a/frontends/java/soot/run.sh +++ b/frontends/java/soot/run.sh @@ -46,4 +46,4 @@ fi # Build and execute the call graph generator mvn clean package -java -Xmx6144M -cp "target/ossf.fuzz.introspector.soot-1.0.jar:$JARFILE" ossf.fuzz.introspector.soot.CallGraphGenerator $ENTRYCLASS $ENTRYMETHOD +java -Xmx6144M -cp "target/ossf.fuzz.introspector.soot-1.0.jar" ossf.fuzz.introspector.soot.CallGraphGenerator $JARFILE $ENTRYCLASS $ENTRYMETHOD diff --git a/frontends/java/soot/src/main/java/ossf/fuzz/introspector/soot/CallGraphGenerator.java b/frontends/java/soot/src/main/java/ossf/fuzz/introspector/soot/CallGraphGenerator.java index 2dddfa038..360a2ffc4 100644 --- a/frontends/java/soot/src/main/java/ossf/fuzz/introspector/soot/CallGraphGenerator.java +++ b/frontends/java/soot/src/main/java/ossf/fuzz/introspector/soot/CallGraphGenerator.java @@ -15,8 +15,8 @@ package ossf.fuzz.introspector.soot; -import java.io.File; import java.util.ArrayList; +import java.util.Arrays; import java.util.Iterator; import java.util.LinkedList; import java.util.List; @@ -42,29 +42,32 @@ public class CallGraphGenerator { public static void main(String[] args) { - if (args.length != 2) { - System.err.println("No entryClass or entryMethod."); + if (args.length != 3) { + System.err.println("No jarFiles, entryClass or entryMethod."); return; } - String entryClass = args[0]; - String entryMethod = args[1]; + List jarFiles = Arrays.asList(args[0].split(":")); + String entryClass = args[1]; + String entryMethod = args[2]; - // Set basic Java class path - String javapath = System.getProperty("java.class.path"); - String jredir = System.getProperty("java.home")+"/lib/rt.jar"; - String path = javapath+File.pathSeparator+jredir; - Scene.v().setSootClassPath(path); + if (jarFiles.size() < 1) { + System.err.println("Invalid jarFiles"); + } + + soot.G.reset(); // Add an custom analysis phase to Soot CustomSenceTransformer custom = new CustomSenceTransformer(); PackManager.v().getPack("wjtp").add(new Transform("wjtp.custom", custom)); // Set basic settings for the call graph generation + Options.v().set_process_dir(jarFiles); + Options.v().set_prepend_classpath(true); + Options.v().set_src_prec(Options.src_prec_java); Options.v().set_exclude(custom.getExcludeList()); Options.v().set_no_bodies_for_excluded(true); Options.v().set_allow_phantom_refs(true); Options.v().set_whole_program(true); - Options.v().set_app(true); Options.v().set_keep_line_number(true); // Load and set main class @@ -162,6 +165,7 @@ protected void internalTransform(String phaseName, Map options) System.out.println("\n\t Total: " + methodEdges + " internal calls.\n"); element.setFunctionUses(methodEdges); + methodEdges = 0; if (!outEdges.hasNext()) { @@ -173,8 +177,8 @@ protected void internalTransform(String phaseName, Map options) SootMethod tgt = (SootMethod) edge.getTgt(); System.out.println("\t > calls " + tgt + " on Line " + edge.srcStmt().getJavaSourceStartLineNumber()); - element.addFunctionReached(tgt.toString() + "; Line: " + - edge.srcStmt().getJavaSourceStartLineNumber()); + element.addFunctionReached(tgt.toString() + "; Line: " + + edge.srcStmt().getJavaSourceStartLineNumber()); } System.out.println("\n\t Total: " + methodEdges + " external calls.\n"); numOfEdges += methodEdges; @@ -203,4 +207,3 @@ public List getExcludeList() { return excludeList; } } -