[Soot-list] Points-to analysis of instance field
Xinyu Liu
xl3t at cs.virginia.edu
Wed Jul 19 23:34:24 EDT 2006
Hi,
I am using SPARK to analyze the following little program:
public class test
{
public int []a;
public test() {
a = new int[10];
}
public static void main(String[] args) {
int x;
test t0 = new test();
test t1 = new test();
t0.a[0] = 0;
x = t1.a[0];
}
}
I found that t0 and t1 point to different objects, which is what I want.
However, t0.a and t1.a point to the same array. I guess the reason is that
there is only one "new" operation in the construction of class test. But
this causes deep trouble in my dependency analysis. In soot, t1.a is
assigned to a temp var called $r3, while t0.a is assigned to $r2. So I got
the result that they both point to the same object, and I don't know how to
distinguish them because after the assignments I don't have the information
of t0 and t1. Then the value 0 is flowed to x, which is certainly not
correct. If I slice the program based on x in the last statement, the slice
I got will be wrong. Could you please suggest me a way to solve this
problem? Thank you very much!
Xinyu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20060719/9226225c/attachment.htm
More information about the Soot-list
mailing list