Merge pull request #837 from MarcMil/faster-sysclass

Search for callbacks in parallel & faster system class handling

Author: StevenArzt

soot-infoflow-android/src/soot/jimple/infoflow/android/SetupApplication.java

@@ -801,8 +801,9 @@ private void calculateCallbackMethods(LayoutFileParser lfp, SootClass component)
 				// Creating all callgraph takes time and memory. Check whether
 				// the solver has been aborted in the meantime
 				if (jimpleClass instanceof IMemoryBoundedSolver) {
-					if (((IMemoryBoundedSolver) jimpleClass).isKilled()) {
-						logger.warn("Aborted callback collection because of low memory");
+					IMemoryBoundedSolver imb = ((IMemoryBoundedSolver) jimpleClass);
+					if (imb.isKilled()) {
+						logger.warn("Aborted callback collection because of " + imb.getTerminationReason().toString());
 						break;
 					}
 				}

soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/AbstractCallbackAnalyzer.java

@@ -25,6 +25,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ExecutionException;
 
 import org.slf4j.Logger;
@@ -75,6 +76,7 @@
 import soot.toolkits.graph.ExceptionalUnitGraph;
 import soot.toolkits.graph.ExceptionalUnitGraphFactory;
 import soot.toolkits.scalar.SimpleLocalDefs;
+import soot.util.ConcurrentHashMultiMap;
 import soot.util.HashMultiMap;
 import soot.util.MultiMap;
 
@@ -127,10 +129,10 @@ public abstract class AbstractCallbackAnalyzer {
 
 	protected final MultiMap<SootClass, AndroidCallbackDefinition> callbackMethods = new HashMultiMap<>();
 	protected final MultiMap<SootClass, Integer> layoutClasses = new HashMultiMap<>();
-	protected final Set<SootClass> dynamicManifestComponents = new HashSet<>();
-	protected final MultiMap<SootClass, SootClass> fragmentClasses = new HashMultiMap<>();
-	protected final MultiMap<SootClass, SootClass> fragmentClassesRev = new HashMultiMap<>();
-	protected final Map<SootClass, Integer> fragmentIDs = new HashMap<>();
+	protected final Set<SootClass> dynamicManifestComponents = Collections.newSetFromMap(new ConcurrentHashMap<>());
+	protected final MultiMap<SootClass, SootClass> fragmentClasses = new ConcurrentHashMultiMap<>();
+	protected final MultiMap<SootClass, SootClass> fragmentClassesRev = new ConcurrentHashMultiMap<>();
+	protected final Map<SootClass, Integer> fragmentIDs = new ConcurrentHashMap<>();
 
 	protected final List<ICallbackFilter> callbackFilters = new ArrayList<>();
 	protected final Set<SootClass> excludedEntryPoints = new HashSet<>();
@@ -200,7 +202,7 @@ else if (arrayLocals.contains(lop))
 
 			});
 
-	private MultiMap<SootMethod, Stmt> javaScriptInterfaces = new HashMultiMap<SootMethod, Stmt>();
+	private MultiMap<SootMethod, Stmt> javaScriptInterfaces = new ConcurrentHashMultiMap<SootMethod, Stmt>();
 
 	public AbstractCallbackAnalyzer(InfoflowAndroidConfiguration config, Set<SootClass> entryPointClasses)
 			throws IOException {
@@ -381,7 +383,7 @@ protected void checkAndAddCallback(Set<SootClass> callbackClasses, Type argType)
 	 * @return True if all filters accept the given component-callback mapping,
 	 *         otherwise false
 	 */
-	private boolean filterAccepts(SootClass lifecycleElement, SootClass targetClass) {
+	protected boolean filterAccepts(SootClass lifecycleElement, SootClass targetClass) {
 		for (ICallbackFilter filter : callbackFilters)
 			if (!filter.accepts(lifecycleElement, targetClass))
 				return false;
@@ -397,7 +399,7 @@ private boolean filterAccepts(SootClass lifecycleElement, SootClass targetClass)
 	 * @return True if all filters accept the given component-callback mapping,
 	 *         otherwise false
 	 */
-	private boolean filterAccepts(SootClass lifecycleElement, SootMethod targetMethod) {
+	protected boolean filterAccepts(SootClass lifecycleElement, SootMethod targetMethod) {
 		for (ICallbackFilter filter : callbackFilters)
 			if (!filter.accepts(lifecycleElement, targetMethod))
 				return false;

soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/ComponentReachableMethods.java

@@ -1,22 +1,27 @@
 package soot.jimple.infoflow.android.callbacks;
 
 import java.util.Collection;
-import java.util.HashSet;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 
+import soot.FastHierarchy;
 import soot.Kind;
 import soot.MethodOrMethodContext;
 import soot.RefType;
 import soot.Scene;
 import soot.SootClass;
 import soot.SootMethod;
 import soot.jimple.InstanceInvokeExpr;
+import soot.jimple.InvokeExpr;
 import soot.jimple.infoflow.android.InfoflowAndroidConfiguration;
 import soot.jimple.infoflow.util.SystemClassHandler;
+import soot.jimple.toolkits.callgraph.CallGraph;
 import soot.jimple.toolkits.callgraph.Edge;
 import soot.jimple.toolkits.callgraph.EdgePredicate;
 import soot.jimple.toolkits.callgraph.Filter;
+import soot.jimple.toolkits.callgraph.ReachableMethods;
 import soot.jimple.toolkits.callgraph.Targets;
 import soot.util.queue.ChunkedQueue;
 import soot.util.queue.QueueReader;
@@ -37,10 +42,11 @@ public class ComponentReachableMethods {
 
 	private final InfoflowAndroidConfiguration config;
 	private final SootClass originalComponent;
-	private final Set<MethodOrMethodContext> set = new HashSet<MethodOrMethodContext>();
+	protected final Set<MethodOrMethodContext> set = Collections.newSetFromMap(new ConcurrentHashMap<>());
 	private final ChunkedQueue<MethodOrMethodContext> reachables = new ChunkedQueue<MethodOrMethodContext>();
 	private final QueueReader<MethodOrMethodContext> allReachables = reachables.reader();
 	private QueueReader<MethodOrMethodContext> unprocessedMethods;
+	private final SystemClassHandler systemClassHandler = SystemClassHandler.v();
 
 	/**
 	 * Creates a new instance of the {@link ComponentReachableMethods} class
@@ -67,67 +73,79 @@ private void addMethods(Iterator<MethodOrMethodContext> methods) {
 
 	private void addMethod(MethodOrMethodContext m) {
 		// Filter out methods in system classes
-		if (!SystemClassHandler.v().isClassInSystemPackage(m.method().getDeclaringClass())) {
+		if (!systemClassHandler.isClassInSystemPackage(m.method().getDeclaringClass())) {
 			if (set.add(m)) {
 				reachables.add(m);
 			}
 		}
 	}
 
 	public void update() {
-		while (unprocessedMethods.hasNext()) {
-			MethodOrMethodContext m = unprocessedMethods.next();
-			Filter filter = new Filter(new EdgePredicate() {
+		final Scene sc = Scene.v();
+		final FastHierarchy fh = Scene.v().getFastHierarchy();
+		final RefType runnable = RefType.v("java.lang.Runnable");
+		final EdgePredicate predicate = new EdgePredicate() {
+
+			@Override
+			public boolean want(Edge e) {
+				if (e.kind() == Kind.CLINIT)
+					return false;
+				else if (e.kind() == Kind.VIRTUAL) {
+					// We only filter calls to this.*
+					InvokeExpr inv = e.srcStmt().getInvokeExprUnsafe();
+					if (!e.src().isStatic() && inv instanceof InstanceInvokeExpr) {
+						SootMethod refMethod = inv.getMethod();
+						InstanceInvokeExpr iinv = (InstanceInvokeExpr) inv;
+						if (iinv.getBase() == e.src().getActiveBody().getThisLocal()) {
+
+							// If our parent class P has an abstract
+							// method foo() and the lifecycle
+							// class L overrides foo(), make sure that
+							// all calls to P.foo() in the
+							// context of L only go to L.foo().
+							SootClass calleeClass = refMethod.getDeclaringClass();
+							if (fh.isSubclass(originalComponent, calleeClass)) {
+								SootClass targetClass = e.getTgt().method().getDeclaringClass();
+								return targetClass == originalComponent
+										|| fh.isSubclass(targetClass, originalComponent);
+							}
+						}
 
-				@Override
-				public boolean want(Edge e) {
-					if (e.kind() == Kind.CLINIT)
+						// We do not expect callback registrations in
+						// any
+						// calls to system classes
+						if (systemClassHandler.isClassInSystemPackage(refMethod.getDeclaringClass()))
+							return false;
+					}
+				} else if (config.getCallbackConfig().getFilterThreadCallbacks()) {
+					// Check for thread call edges
+					if (e.kind() == Kind.THREAD || e.kind() == Kind.EXECUTOR)
 						return false;
-					else if (e.kind() == Kind.VIRTUAL) {
-						// We only filter calls to this.*
-						if (!e.src().isStatic() && e.srcStmt().getInvokeExpr() instanceof InstanceInvokeExpr) {
-							SootMethod refMethod = e.srcStmt().getInvokeExpr().getMethod();
-							InstanceInvokeExpr iinv = (InstanceInvokeExpr) e.srcStmt().getInvokeExpr();
-							if (iinv.getBase() == e.src().getActiveBody().getThisLocal()) {
-
-								// If our parent class P has an abstract
-								// method foo() and the lifecycle
-								// class L overrides foo(), make sure that
-								// all calls to P.foo() in the
-								// context of L only go to L.foo().
-								SootClass calleeClass = refMethod.getDeclaringClass();
-								if (Scene.v().getFastHierarchy().isSubclass(originalComponent, calleeClass)) {
-									SootClass targetClass = e.getTgt().method().getDeclaringClass();
-									return targetClass == originalComponent
-											|| Scene.v().getFastHierarchy().isSubclass(targetClass, originalComponent);
-								}
-							}
 
-							// We do not expect callback registrations in
-							// any
-							// calls to system classes
-							if (SystemClassHandler.v().isClassInSystemPackage(refMethod.getDeclaringClass()))
-								return false;
-						}
-					} else if (config.getCallbackConfig().getFilterThreadCallbacks()) {
-						// Check for thread call edges
-						if (e.kind() == Kind.THREAD || e.kind() == Kind.EXECUTOR)
+					// Some apps have a custom layer for managing
+					// threads,
+					// so we need a more generic model
+					if (e.tgt().getName().equals("run"))
+						if (sc.getFastHierarchy().canStoreType(e.tgt().getDeclaringClass().getType(), runnable))
 							return false;
+				}
+				return true;
+			}
 
-						// Some apps have a custom layer for managing
-						// threads,
-						// so we need a more generic model
-						if (e.tgt().getName().equals("run"))
-							if (Scene.v().getFastHierarchy().canStoreType(e.tgt().getDeclaringClass().getType(),
-									RefType.v("java.lang.Runnable")))
-								return false;
-					}
-					return true;
+		};
+		final CallGraph cg = sc.getCallGraph();
+
+		while (unprocessedMethods.hasNext()) {
+			MethodOrMethodContext m = unprocessedMethods.next();
+			Iterator<Edge> of = cg.edgesOutOf(m);
+			if (of != null && of.hasNext()) {
+				Filter filter = new Filter(predicate);
+				Iterator<Edge> targets = filter.wrap(of);
+				if (targets.hasNext()) {
+					addMethods(new Targets(targets));
 				}
+			}
 
-			});
-			Iterator<Edge> targets = filter.wrap(Scene.v().getCallGraph().edgesOutOf(m));
-			addMethods(new Targets(targets));
 		}
 	}
 
@@ -159,4 +177,4 @@ public int size() {
 		return set.size();
 	}
 
-}
+}