[abc-users] tracematches on local variables

From: Kazunori Kawauchi <kazu_at_graco.c.u-tokyo.ac.jp>
Date: Sun, 23 Nov 2008 19:31:03 +0900


I'm a Kazunori Kawauchi and a doctoral student supervised by Dr. Hidehiko
Masuhara at University of Tokyo.

I attempt to implement "dataflow pointcut" which is analogous to "taint mode" in
perl by using tracematch (included in abc 1.3.0) to implement "taint bit
propagation". But, Some propagations on local variables doesn't work.

I define the following tracematch:

  tracematch (Data from, Data to) {
    sym input after returning (from) :
        call(Data DataFactory.makeData(String)) && call(* *.markAsTainted(..));
    sym propagation after returning (to) :
        call(Data Data.filter()) && target(from);

    input propagation+ {
        System.out.println(" DEBUG: propagation from " + from + " to " + to);
        markAsTainted(to) // (Identity function)

Then I define an application program too (I'll show the excerpt of the program):

  Data d = DataFactory.makeData("Tainted");
  d = d.filter(); // I would like to propagate a 'taint bit'

But, the above tracematch body(i.e., taint bit propagation) isn't executed.

I found suspicious instructions in the weaved bytecode:
   61: aload_0
   62: invokevirtual #43; //Method app/Data.filter:()Lapp/Data;
   65: astore_0
   66: goto 84
   84: aload_1
   85: invokevirtual #34; //Method tracematches/SampleTM.beforeafter$3:()V
   88: aload_1
   89: aload_0
   90: aload_0
   91: invokevirtual #14; //Method
local variable "d" is allocated to #0, and an aspect instance to #1.
Instruction 65 ("astore_0") overwrites a old value of 'd'(i.e., 'from') by a
filtered value of 'd'(i.e., 'to'), and Instruction 91 ("invokevirtual") takes
the filtered value as a value bound to 'from' in the tracematch body, doesn't it?
Is it a correct behavior in terms of tracematches semantics?

I also found taint bit propagation occurs with the following modification:
  Data d = DataFactory.makeData("Tainted");
  Data new_d = d.filter()
in this case, the value bound to 'new_d' is marked as tainted.

Thank you for your help in this matter.


Kazunori Kawauchi
Received on Sun Nov 23 2008 - 10:31:21 GMT

This archive was generated by hypermail 2.2.0 : Sun Nov 23 2008 - 16:10:11 GMT