[Soot-list] soot

Eric Bodden eric.bodden at mail.mcgill.ca
Sun Sep 24 23:33:39 EDT 2006 

Well, System.getProperty("java.home") is a dynamic property that depends
on the system it is running. So again, there is no way to statically
determine that value.

 

Regarding the rest (combining the return values with the conditions) it
sounds to me like you want to do a branched forward flow-analysis. See
http://www.sable.mcgill.ca/soot/doc/soot/toolkits/scalar/ForwardBranched
FlowAnalysis.html

 

An example of such an analysis is:

http://www.sable.mcgill.ca/soot/doc/soot/jimple/toolkits/pointer/CastChe
ckEliminator.html

 

 

Eric

 

From: Peng Li [mailto:lipeng360 at gmail.com] 
Sent: Sunday, September 24, 2006 11:21 PM
To: Eric Bodden
Subject: Re: [Soot-list] soot

 

HI Eric, 

Thank you for your reply, but I think I should be more specific. I would
like to know all the returned values of the program, for your example,
I would like to use soot to get the two returned value "bar" and
System.getProperty("java.home") instead of the Jimple-internal name  for
"bar" and System.getProperty("java.home ") (By combining the returned
values with the conditions of the if stmt, I can generate the flow of
the program, so this is why I need to know the returned values). Could
you give me some suggestions? 

 

Cheers

Peng


 


 

2006/9/25, Eric Bodden <eric.bodden at mail.mcgill.ca>: 

Hi.

 

What you see (r0) is the Jimple-internal name for the local variable x.
Because this is what is returned. In general there is no way (!) to
predict what the return value should be. Assume the function looked like
this: 

 

void foo() {

                if(System.currentTimeMillis()%2==1)

                                return "bar";

                else

                                return System.getProperty("java.home");

}

 

You cannot possibly predict any return value there.

What you *can* do is the following: Do a constant-propagation before you
do your analysis. (code is in Soot) That way you assure that  everywhere
where there can be something predicted you will find a constant value.
This you should then be able to access. 

 

 

Eric

 

From: soot-list-bounces at sable.mcgill.ca
[mailto:soot-list-bounces at sable.mcgill.ca] On Behalf Of Peng Li
Sent: Saturday, September 23, 2006 11:03 PM 
To: soot-list at sable.mcgill.ca
Subject: [Soot-list] soot

 

Hi buddies

I am using soot to obtain the return value, I can do dynamic analysis by
inserting codes to class file(Thanks to Richard for your clear
explanation abt how to make my first soot program and Thanks to Eric abt
how to set path for soot class). However, I need to do the analysis
statically. For example, I have a simple program as following, 

 

public class helloworld {
 public static void main(String[] args) {
  String y=foo();
  System.out.println(y);
 }
    public static String foo()
    {   String x="hello world";
  return x; 
    }
}
 

I would like to get he return value of foo() statically. So I used soot
to find the return statement (ReturnStmt) and print out the operand. I
found the value is not "hello world " but a "r0". It looks like the
program just prints out the stack position. Could anyone give me some
help? Any suggestion is appreciated. 

 

Cheers

Peng 

I attached the source of my program and the generated jimple file for
helloworld.class.

 

import soot.*;
import soot.jimple.*;
import soot.util.*;
import java.util.*;

public class ReturnInstrumenter extends BodyTransformer{
    private static ReturnInstrumenter instance = new
ReturnInstrumenter();
    private ReturnInstrumenter() {}

    public static ReturnInstrumenter v() { return instance; }

    public static void main(String[] args) 
    {
     String[] a={"helloworld"};
 
Scene.v().setSootClassPath("C:/workspace/Hello;C:/j2sdk1.4.2_12/jre/lib/
rt.jar");
     PackManager.v ().getPack("jtp").add(new
Transform("jtp.instrumenter", ReturnInstrumenter.v()));
 
Scene.v().addBasicClass("java.io.PrintStream",SootClass.SIGNATURES);
        soot.Main.main(a); 
    }
    
 protected void internalTransform(Body body, String phase, Map options)
{
  SootMethod method = body.getMethod();
  System.out.println("instrumenting method : " + method.getSignature());

  Chain units = body.getUnits();
  Iterator stmtIt = units.snapshotIterator();
  while(stmtIt.hasNext())
  {
   Stmt stmt = (Stmt) stmtIt.next();
   if(stmt instanceof ReturnStmt)
   {

    System.out.println (((ReturnStmt) stmt).getOp().toString());
   
   }}}}

Jimple for helloworld.class

public class helloworld extends java.lang.Object
{

    public static void main(java.lang.String[])
    {
        java.lang.String[] args;
        java.lang.String y;
        java.io.PrintStream $r0;

        args := @parameter0: java.lang.String[];
        y = staticinvoke <helloworld: java.lang.String foo()>();
        $r0 = <java.lang.System: java.io.PrintStream out>;
        virtualinvoke $r0.< java.io.PrintStream: void
println(java.lang.String)>(y);
        return;
    }

    public static java.lang.String foo()
    {
        java.lang.String x;

        x = "hello world";
        return x;
    }

    public void <init>()
    {
        helloworld this;

        this := @this: helloworld;
        specialinvoke this.<java.lang.Object: void <init>()>();
        return;
    }
}

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20060924/6c3673bd/attachment-0001.htm

More information about the Soot-list mailing list