Using Soot and TamiFlex to analyze DaCapo - VictoryWangCN/soot GitHub Wiki

In this tutorial we will explain how to use TamiFlex, a tool which tracks reflective calls of a Java program at runtime. With this information TamiFlex is then able to transform the original program such that the reflective calls are replace by normal Java calls.

1. Downloading the necessary components

DaCapo is a benchmark suite with real world Java applications. To analyze DaCapo benchmarks with Soot, first download the following:

After downloading the JAR files, your setup should look roughly like follows:

$ls -1
dacapo-9.12-bach.jar
pia-x.y.z.jar
poa-x.y.z.jar
soot-2.5.0.jar

2. Dumping classes and creating log files

Next we use the Play-Out Agent to dump for each of the DaCapo benchmark configurations all class files that the JVM loads when executing this configuration and a reflection trace file that contains information about reflective calls.

Let us first consider a single run on dacapo, on avrora-small, one program of the benchmark suite. Normally, we run avrora simply by stating java -jar dacapo-9.12-bach.jar avrora -s small. To activate the Play-Out Agent, we instead use the following command:

java -javaagent:poa-x.y.z.jar -jar dacapo-9.12-bach.jar avrora -s small
===== DaCapo 9.12 avrora starting =====
===== DaCapo 9.12 avrora PASSED in 5065 msec =====
=============================================
TamiFlex Play-Out Agent Version 1.0
Found 36 new log entries.

The part -javaagent:poa-x.y.z.jar instructs the VM to use the Play-Out Agent. Note the additional output Found 36 new entries.... The agent reports that it found 36 new entries for the reflection-log file.

You can inspect the log file (And dumped class files) if you want:

$ ls out
avrora  cck  Harness.class  java  org  refl.log  sun
$ head out/refl.log 
Class.forName;avrora.Main;org.dacapo.harness.Avrora.<init>;26;
Class.forName;java.security.MessageDigestSpi;java.security.Security.getSpiClass;640;
Class.forName;java.util.CurrencyData;java.util.Currency$1.run;128
...

As you can see, by default, the agent dumps its log file and class files into the out directory. The directory can be modified using a ConfigurationFile.

NOTE: The Play-Out Agent requires additional heap space. We therefore advise you to provide the JVM with additional space using the -Xmx flag.

For your convenience, we provide a script that allows you to dump class files and reflection traces for all dacapo benchmarks and all input sizes. (You will also need the settings script.) Those scripts will only work with TamiFlex versions smaller than 2.0. In this tutorial we only analysis the program avrora of the suite.

3. Running soot

We next want to use Soot to analyze (and potentially transform) the dumped class files, constructing a call graph based on the information from the reflection trace file.

To apply Soot to avrora-small, we can use the following command:

java -Xmx10G -cp soot-2.5.0.jar soot.Main -w -app -p cg.spark enabled -cp JAVA_HOME/lib/rt.jar:JAVA_HOME/lib/jce.jar:out:dacapo-9.12-bach.jar -include org.apache. -include org.w3c. -main-class Harness -d sootified/avrora-small Harness

Soot started on Wed Aug 27 17:16:14 CEST 2014
[Call Graph] For information on where the call graph may be incomplete, use the verbose option to the cg phase.
[Spark] Pointer Assignment Graph in 2.5 seconds.
[Spark] Type masks in 4.6 seconds.
[Spark] Pointer Graph simplified in 0.0 seconds.
[Spark] Propagation in 33.7 seconds.
[Spark] Solution found in 33.7 seconds.
Transforming org.w3c.dom.Document... 
Transforming org.w3c.dom.Element... 
Transforming org.w3c.dom.Node... 
...
Writing to sootified/avrora/org/w3c/dom/Document.class
Writing to sootified/avrora/org/w3c/dom/Element.class
Writing to sootified/avrora/org/w3c/dom/Node.class
...
Soot finished on Wed Aug 27 17:17:05 CEST 2014
Soot has run for 0 min. 50 sec.

The parameters -include org.apache. -include org.w3c. are not really necessary for avrora but we recommend using them for DaCapo in general. The problem is that, by default, Soot does not analyze any classes residing in the following packages:

  • java.
  • sun.
  • javax.
  • com.sun.
  • com.ibm.
  • ...

But some of the DaCapo benchmarks, e.g. batik consist mostly of classes in org.apache. Therefore we must instruct Soot explicitly to include these packages.

After running Soot you will find the transformed class files on disk:

$ ls sootified/avrora-small/
avrora  cck  Harness.class  org

(In default mode Soot applies virtually no transformations on the given classes but we could, of course, have enabled some whole-program optimizations at this point.)

Again, for your convenience we provide a script to process all DaCapo benchmarks with Soot. (You will also need the settings script.)

4. Running DaCapo with the transformed class files

Next we use the Play-In Agent to run DaCapo with the transformed class files. First, modify the pia.properties ConfigurationFile such that inDir points to sootified/avrora-small. Then issue those commands:

java -javaagent:pia-x.y.z.jar -jar dacapo-9.12-bach.jar avrora -s small

===== DaCapo 9.12 avrora starting =====
===== DaCapo 9.12 avrora PASSED in 5534 msec =====
=============================================
TamiFlex Play-In Agent Version 1.0
Replaced 1060 out of 1066 classes.

The agent reports that it replaced X out of Y loaded classes by those taken from the directory. (Note that there are some classes that it may not be able to replace because, by default, Soot does not transform, nor output, classes in java.lang.* etc. See our comment on the -include flag above for details.) The agent caused the VM to load avrora's class files from sootified/avrora-small instead of dacapo-9.12-bach.jar.

⚠️ **GitHub.com Fallback** ⚠️