[Soot-list] problems with Paddle's precision

Ondrej Lhotak olhotak at uwaterloo.ca
Wed Jan 17 14:23:07 EST 2007 

On Tue, Jan 16, 2007 at 07:30:20PM -0500, Raul Santelices wrote:
>    Hi,
>      In the following program, Soot with Paddle tells me that 'foo' has three
>    elements in its points-to set, when it should be only one. To collect the
>    points to set for the 'foo' local, I am using (PointsToSetReadOnly)
>    Scene.v().getPointsToAnalysis().reachingObjects(<local for foo>), and then
>    I am calling 'forall' on this PointsToSetReadOnly object.
>      It seems to me that Paddle shouldn't produce this result, since the
>    second and third Test object instantiation sites do not interact with
>    'foo' at all...  So what's the problem?
> 
>    import java.util.Properties;
> 
>    public class Test {
> 
>        private Properties conversionTable;
>       
>        static void main(String[] args) {
>            Properties p = new Properties();
>            Test foo = new Test(p);
>            new Test(p);
>            Properties p2 = foo.conversionTable;
>            new Test(p);
>        }
>       
>        protected Test(Properties p)
>        {
>            this.conversionTable = p;
>        }
>    }

I tried running Paddle on this example, and I couldn't reproduce the
problem.

Attached is the points-to analysis result dumper that I use to display
the analysis results. It attaches a tag to each statement that shows
the points-to sets of the variable being written in that statement.
I ran this with the command line:
java olhotak.PTADumper -f J -print-tags -w -p cg.paddle verbose Test

I've also attached the Jimple that it produces. In that output,
the points-to set for each of the temporary variables contains only
one allocation site.

> 
>    Thanks,
>    Raul

> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list

-------------- next part --------------
package olhotak;
import soot.*;
import soot.tagkit.*;
import soot.jimple.*;
import java.util.*;
import java.io.*;

public class PTADumper extends BodyTransformer {
    public static void main(String[] args) 
    {
	PackManager.v().getPack("jap").add(
	    new Transform("jap.ptadump", new PTADumper()));

	soot.Main.main(args);
    }

    PointsToAnalysis pa;
    protected void internalTransform(Body b, String phaseName, Map options)
    {
        if(pa == null) pa = Scene.v().getPointsToAnalysis();
        Iterator it = b.getUnits().iterator();
        while(it.hasNext()) {
            final Stmt s = (Stmt) it.next();
            if( s instanceof DefinitionStmt ) {
                Value lhs = ((DefinitionStmt) s).getLeftOp();
                if( lhs instanceof Local ) {
                    addTag(s, pa.reachingObjects((Local)lhs));
                } else if(lhs instanceof FieldRef) {
                    FieldRef fr = (FieldRef) lhs;
                    if(fr instanceof StaticFieldRef) {
                        addTag(s, pa.reachingObjects(fr.getField()));
                    } else {
                        InstanceFieldRef ifr = (InstanceFieldRef) fr;
                        addTag(s, pa.reachingObjects(
                                    (Local)ifr.getBase(), ifr.getField()));
                    }
                }
            }
        }
    }
    private void addTag(Stmt s, PointsToSet p) {
        s.addTag(new StringTag(p.toString()));
    }
}

-------------- next part --------------
public class Test extends java.lang.Object
{
/*Test.java*/
    private java.util.Properties conversionTable;

    static void main(java.lang.String[])
    {
        java.lang.String[] r0;
        java.util.Properties $r1, r2, r4;
        Test r3, $r5, $r6, $r7;

        r0 := @parameter0: java.lang.String[];
/*GlobalAllocNode 5 STRING_ARRAY_NODE in null in context null,*/
        $r1 = new java.util.Properties;
/*LocalAllocNode 1 new java.util.Properties <Test: void main(java.lang.String[])> type java.util.Properties in context null,*/
        specialinvoke $r1.<java.util.Properties: void <init>()>();
        r2 = $r1;
/*LocalAllocNode 1 new java.util.Properties <Test: void main(java.lang.String[])> type java.util.Properties in context null,*/
        $r5 = new Test;
/*LocalAllocNode 2 new Test <Test: void main(java.lang.String[])> type Test in context null,*/
        specialinvoke $r5.<Test: void <init>(java.util.Properties)>(r2);
        r3 = $r5;
/*LocalAllocNode 2 new Test <Test: void main(java.lang.String[])> type Test in context null,*/
        $r6 = new Test;
/*LocalAllocNode 3 new Test <Test: void main(java.lang.String[])> type Test in context null,*/
        specialinvoke $r6.<Test: void <init>(java.util.Properties)>(r2);
        r4 = r3.<Test: java.util.Properties conversionTable>;
/*LocalAllocNode 1 new java.util.Properties <Test: void main(java.lang.String[])> type java.util.Properties in context null,*/
        $r7 = new Test;
/*LocalAllocNode 4 new Test <Test: void main(java.lang.String[])> type Test in context null,*/
        specialinvoke $r7.<Test: void <init>(java.util.Properties)>(r2);
        return;
    }

    protected void <init>(java.util.Properties)
    {
        Test r0;
        java.util.Properties r1;

        r0 := @this: Test;
/*LocalAllocNode 2 new Test <Test: void main(java.lang.String[])> type Test in context null,LocalAllocNode 3 new Test <Test: void main(java.lang.String[])> type Test in context null,LocalAllocNode 4 new Test <Test: void main(java.lang.String[])> type Test in context null,*/
        r1 := @parameter0: java.util.Properties;
/*LocalAllocNode 1 new java.util.Properties <Test: void main(java.lang.String[])> type java.util.Properties in context null,*/
        specialinvoke r0.<java.lang.Object: void <init>()>();
        r0.<Test: java.util.Properties conversionTable> = r1;
/*LocalAllocNode 1 new java.util.Properties <Test: void main(java.lang.String[])> type java.util.Properties in context null,*/
        return;
    }
}

More information about the Soot-list mailing list