ICCBot icon indicating copy to clipboard operation
ICCBot copied to clipboard
Published 1 year ago verified publisher icon SQUARE-RG

[Bug]: Question about thread-safety issues in the addEdgesByOurAnalyze method

Open Noname0519 opened this issue 1 year ago • 0 comments

Contact Details

No response

ICCBot Command Line

myConfig.setJimple(true); // apk_name, app_path, sdk_platforms_path, outputDir 
// ...
myConfig.setTimeLimit(timeLimit); // 90
// ...
myConfig.setCallGraphAlgorithm("SPARK");

String analyzeConfigPath = "D://MyProject/dependencies/ICCBot/config/config.json";
Path fPath = Paths.get(analyzeConfigPath);
// ...
analyzeConfig = JSON.parseObject(String.join("\n", Files.readAllLines(fPath)));
myConfig.setAnalyzeConfig(analyzeConfig);
// ...
JSONArray excArr = MyConfig.getInstance().getAnalyzeConfig().getJSONArray("SootAnalyzer.excludePackages");
// ...
SootUtils.setExcludePackages(excPkgList);
CallGraphClient client = new CallGraphClient();
TimeUtilsofProject.setTotalTimer(client);
long startTime = System.currentTimeMillis();
client.start();
CallGraph callGraph = Global.v().getAppModel().getCg();

Technical Details

When I used ICCBot as a dependency in my project, specifically while constructing and modifying the call graph, I noticed discrepancies in the generated call graph, with some critical methods (identified through manual analysis) being missed intermittently. After a module-by-module analysis, I found that the addEdgesByOurAnalyze (in the cgModify stage) correctly gets the edges related to these critical methods, but the final result still doesn't contain them.

In the addEdgesByOurAnalyze method, the callGraph.addEdge(e) operation does not seem properly synchronized in the multi-threaded environment. This lack of synchronization may result in the callGraph not being updated correctly, causing certain edges to be missed or not added at all.

Currently, I try to use synchronized to ensure that only one thread can update the callGraph at a time. This approach has yielded some positive results, as the final outcome includes the edges I hope to see.

synchronized (callGraph){ 
  callGraph.addEdge(e);
}

I would greatly appreciate it if you have any better suggestions.

APK File

No response

Version of ICCBot

1.1-SNAPSHOT

Version of Java

OpenJDK 11.0.24

Relevant log output

No response

Noname0519 avatar Dec 09 '24 07:12 Noname0519