[Soot-list] Points-to analysis of instance field

Xinyu Liu xl3t at cs.virginia.edu
Thu Jul 20 14:36:55 EDT 2006 

I added your code to my analysis program. However, it shows that they do
point to the same node! Here's the information I got:

$r0 =3D new test9
t0 =3D $r0
pts.iterator:=20
type is: soot.jimple.spark.pag.AllocNode
AllocNode 1 new test9 in method <test9: void main(java.lang.String[])>

$r1 =3D new test9
t1 =3D $r1
pts.iterator:=20
type is: soot.jimple.spark.pag.AllocNode
AllocNode 2 new test9 in method <test9: void main(java.lang.String[])>

$r2 =3D t0.<test9: int[] a>
pts.iterator:=20
type is: soot.jimple.spark.pag.AllocNode
AllocNode 3865 newarray (int)[10] in method <test9: void <init>()>

$r3 =3D t1.<test9: int[] a>
pts.iterator:=20
type is: soot.jimple.spark.pag.AllocNode
AllocNode 3865 newarray (int)[10] in method <test9: void <init>()>

Could you please test the example I gave you and see what's wrong?=20

Thank you so much.
Xinyu

-----Original Message-----
From: Ahmer Ahmedani [mailto:aahmed12 at cs.mcgill.ca]=20
Sent: 2006=C4=EA7=D4=C220=C8=D5 8:57
To: Xinyu Liu
Cc: soot-list at sable.mcgill.ca
Subject: Re: [Soot-list] Points-to analysis of instance field

Hi,

The arrays will definitely point to different allocation sites/nodes. =
Try
the statements below after copying the two methods into your analysis.
Hopefully it will work then.

Ahmer

PointsToSetInternal pts =3D
         		    (PointsToSetInternal)
			    (pta.reachingObjects((Local)local));
Iterator it =3D  makePtsIterator(pts);

   private Iterator makePtsIterator(PointsToSetInternal pts){
        final HashSet ret =3D new HashSet();
        pts.forall(new P2SetVisitor(){
		public void visit(Node n){
		    ret.add((AllocNode)n);
		}
	    });
        testPtsIterator(ret.iterator());
        return ret.iterator();
    }

    private void testPtsIterator(Iterator it){
        System.out.println("pts.iterator: ");
        while (it.hasNext()){
	    Object temp =3D it.next();
	    System.out.println("type is: "+temp.getClass().getName());
            System.out.println(temp);
        }
    }



On Wed, July 19, 2006 11:34 pm, Xinyu Liu wrote:
> Hi,
>
>
>
>
> I am using SPARK to analyze the following little program:
>
>
>
>
> public class test
>
> {
>
>
> public int []a;
>
>
>
> public test() {
>
> a =3D new int[10];
>
> }
>
>
>
>
> public static void main(String[] args) {
>
> int x;
>
>
>
> test t0 =3D new test();
>
> test t1 =3D new test();
>
>
>
> t0.a[0] =3D 0;
>
>
>
> x =3D t1.a[0];
>
> }
>
>
> }
>
>
>
>
> I found that t0 and t1 point to different objects, which is what I =
want.
> However, t0.a and t1.a point to the same array. I guess the reason is =
that
>  there is only one "new" operation in the construction of class test. =
But
>  this causes deep trouble in my dependency analysis. In soot, t1.a is
> assigned to a temp var called $r3, while t0.a is assigned to $r2. So I
> got the result that they both point to the same object, and I don't =
know
> how to distinguish them because after the assignments I don't have the
> information of t0 and t1. Then the value 0 is flowed to x, which is
> certainly not correct. If I slice the program based on x in the last
> statement, the slice I got will be wrong. Could you please suggest me =
a
> way to solve this problem? Thank you very much!
>
>
>
> Xinyu
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
>

More information about the Soot-list mailing list