[Soot-list] Points-to analysis of instance field
Ondrej Lhotak
olhotak at uwaterloo.ca
Fri Jul 21 11:53:43 EDT 2006
On Wed, Jul 19, 2006 at 11:34:24PM -0400, Xinyu Liu wrote:
> I found that t0 and t1 point to different objects, which is what I want.
> However, t0.a and t1.a point to the same array. I guess the reason is that
> there is only one "new" operation in the construction of class test. But
> this causes deep trouble in my dependency analysis. In soot, t1.a is
> assigned to a temp var called $r3, while t0.a is assigned to $r2. So I got
> the result that they both point to the same object, and I don't know how
> to distinguish them because after the assignments I don't have the
> information of t0 and t1. Then the value 0 is flowed to x, which is
> certainly not correct. If I slice the program based on x in the last
> statement, the slice I got will be wrong. Could you please suggest me a
> way to solve this problem? Thank you very much!
It sounds like you're looking for a context-sensitive points-to
analysis. Spark only includes context-insensitive analyses, but Paddle
includes both. For more information:
http://www.sable.mcgill.ca/paddle/
http://plg.uwaterloo.ca/~olhotak/pubs/thesis-olhotak-phd.ps
Ondrej
>
>
>
> Xinyu
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
More information about the Soot-list
mailing list