[Soot-list] Another problem on Soot call graph
Ondrej Lhotak
olhotak at uwaterloo.ca
Wed Dec 6 09:27:57 EST 2006
On Wed, Dec 06, 2006 at 03:55:52PM +0800, 钱巨 wrote:
> Hi everyone,
> I've written another program to illustrate the problem of Soot
> context-insensitive call graph when
> handling threads. This time I use the Spark points-to analysis results
> to build the call graph.
>
> For the following program, EmptyThread.main() still call
> EmptyThread.run() in the call graph, but actually
> there is no such call. And I think with the Spark points-to information
> there should be no such call. Is is
> a bug of soot? I'm now using soot 2.2.3.
Although this causes the call graph to be less precise than it could be
for this particular case, it is sound. I would consider it very low
priority.
For the implicit call to Thread.run(), Soot creates a specially labelled
edge (with Kind THREAD) from the call site of start() to the run() method.
This is also a design choice that affects precision, and in this case,
the choice made in Soot significantly improves precision over what you
suggest. If, instead, the call edge went from the start() method to
the run() method, one would not be able to distinguish (in a
context-insensitive call graph) any threads: all threads would
start from the unique start() method in java.lang.Thread.
> public class EmptyThread extends Thread{
> public void start(){
> }
>
> public void run(){
> }
>
> public static void main(String[] args) {
> Thread t = new IndirectThreadStart();
> t.start();
> }
> }
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list