Comments (9)
I'm trying to figure out the root cause and found that since the rt.jar
is removed from version 9+, Soot throws the previous exception. I tried to add rt.jar
manually to the classpath, but this method is not working properly if the source code is not compatible with version 8.
from steady.
Hi @mayaba ,
thanks for reporting and for the investigation.
Could you also share which JDK you are using to run the analysis? If JDK 17 is used to run the analysis, could you also test it with JDK 11?
from steady.
Hi @serenaponta,
Thank you so much for the reply. I was using JDK 17 and changed to JDK 11. Now, I'm getting a different error. please note that I couldn't compile the project I'm analyzing with JDK 11. Only with JDK 17.
Exception in thread "vulas-reach-1" java.lang.IllegalArgumentException: Unsupported class file major version 61
at org.objectweb.asm.ClassReader.<init>(ClassReader.java:195)
at org.objectweb.asm.ClassReader.<init>(ClassReader.java:176)
at org.objectweb.asm.ClassReader.<init>(ClassReader.java:162)
at org.objectweb.asm.ClassReader.<init>(ClassReader.java:283)
at soot.asm.AsmClassSource.resolve(AsmClassSource.java:65)
at soot.SootResolver.bringToHierarchyUnchecked(SootResolver.java:253)
at soot.SootResolver.bringToHierarchy(SootResolver.java:221)
at soot.SootResolver.bringToSignatures(SootResolver.java:292)
at soot.SootResolver.bringToBodies(SootResolver.java:332)
at soot.SootResolver.processResolveWorklist(SootResolver.java:171)
at soot.SootResolver.resolveClass(SootResolver.java:141)
at soot.Scene.loadClass(Scene.java:1009)
at soot.Scene.loadClassAndSupport(Scene.java:994)
at soot.Scene.loadNecessaryClasses(Scene.java:1822)
at org.eclipse.steady.cg.soot.SootCallgraphConstructor.setEntrypoints(SootCallgraphConstructor.java:356)
at org.eclipse.steady.cg.ReachabilityAnalyzer.run(ReachabilityAnalyzer.java:398)
at java.base/java.lang.Thread.run(Thread.java:829)
from steady.
Hi @mayaba ,
the version of soot used within steady 3.2.5 does not support JDK 17. I updated soot in a new PR #589. Preliminary tests show that the exception you reported is not thrown any longer. It would be greatly appreciated if you can test the PR (steady 3.2.6-SNAPSHOT) on your java 17 project.
from steady.
Hi @serenaponta,
Great news. Thank you so much for your help. Will test it and let you know the result.
from steady.
Hi @serenaponta,
I wasn't able to locate this version steady 3.2.6-SNAPSHOT. Seems that the Jenkins pipeline has failed.
https://ci.eclipse.org/steady/job/Steady%20Pipeline/job/PR-589/1/console
from steady.
Hi @serenaponta,
I see that WALA recently released a version (v1.6.1) that supports JDK 17
https://github.com/wala/WALA/releases/tag/v1.6.1
I see that they changed the method AnalysisScopeReader.makeJavaBinaryAnalysisScope
to AnalysisScopeReader.instance.makeJavaBinaryAnalysisScope
, and they added an extra parameter for the method Util.makeZeroCFABuilder
which, apparently, should be Language.JAVA
.
from steady.
Hi @serenaponta,
I opened a PR to resolve this issue
PR: #593
from steady.
This problem is solved by the PR #593. Static reachability analysis is now supported with WALA option.
from steady.
Related Issues (20)
- Issues in installing Eclipse steady HOT 2
- Default JSON view breaks the mitigation tab HOT 2
- how can I see/get the AST of a vulnerability HOT 2
- Problems of steady 3.2.0, 3.2.1, 3.2.3 HOT 1
- Problem of steady 3.2.4 HOT 1
- Problems of 3.2.1 and 3.2.5 HOT 2
- eady.shared.util.MemoryMonitor - Memory consumption HOT 1
- Failed: Application context is required to execute goal [APP] HOT 4
- Steady maven plugin is throwing UnsupportedOperationException HOT 3
- how can I delete software item in Eclipse Steady Web Frontend HOT 2
- Some issues regarding the running mode of the Steady database HOT 1
- Steady's vulnerability reports for the com.fasterxml.jackson.core:jackson-databind 2.0.0, 2.6.5, and 2.8.0 projects are completely identical. HOT 3
- how to get potentially or actually executable of vuln. code when scan source code? HOT 3
- Where is the output result of Static Analysis: Potential execution of vulnerable code HOT 1
- How to run dynamic analysis successfully HOT 2
- Publish `rest-lib-utils` to mvn repository HOT 3
- Entry point a2c HOT 9
- The backend is in maintenance mode. Please come back later. HOT 2
- All constructs of an application are set as entry points in A2C goal HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from steady.