[Soot-list] Points-to options
Ondrej Lhotak
olhotak at uwaterloo.ca
Fri Jul 21 11:40:46 EDT 2006
On Tue, Jul 18, 2006 at 03:24:20PM -0400, Eric Bodden wrote:
> Hi.
>
> I have the following problems with the built-in points-to analyses:
>
> When I do not enable any command-line options regarding PTA, I get the
> FullObjectSet for any possible variable, which is presumably the dumm
> but correct default answer.
>
> When I set "cg.spark:enabled" only, I get an empty points-to set where
> paddle used to give me some decent result. That sounds unsound, doesn't
> it? The problem seems that in the PAG, there seems to be no mapping for
> the local I pass in. When can that be the case?
This can happen if:
- the method containing the local is unreachable in the call graph
starting from your entry points
or
- the local has a non-reference type
> Apart from that, when I set SPARK to use RTA, my flow analysis seems to
> behave very random: I get fewer iterations (too few apparently) that
> usual and have not yet found any explanation, why.
RTA in Spark only works correctly when on-fly-cg is false (and it's true
by default). This is a design limitation of Spark, and "fixing" it
would essentially be turning Spark into Paddle (and this is how Paddle
actually started out...) I suppose Soot should give you an error if you
try to do rta and on-fly-cg in Spark. Do you have any suggestions on how
best to do that?
> Any thoughts about those weirdness?
>
> Thanks a lot,
> Eric
>
> --
> Eric Bodden
> Sable Research Group, McGill University
> Montreal, Canada
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list