[Soot-list] Re: questions about soot.jimple.toolkits.infoflow
package
Richard L. Halpert
richardlhalpert at gmail.com
Wed Aug 13 13:36:42 EDT 2008
Jianfan,
1) Your classification is correct. I should mention that
SimpleMethodInfoFlowAnalysis and SimpleMethodLocalObjectsAnalysis are both
broken and should be deprecated.
2) Not exactly... the "InfoFlowSummary" for a method M is a directed graph
whose nodes represent instance fields, static fields, parameters, and the
return value of the method, and whose edges represent explicit data flow.
This *includes* data flow that happens within methods that M calls. The
InfoFlowAnalysis will create a SmartMethodInfoFlowAnalysis for M, which will
create a SmartMethodInfoFlowAnalysis for every application method that M
calls. This is the interprocedural part.
ClassInfoFlowAnalysis is simply a container for a bunch of
SmartMethodInfoFlowAnalyses. It's there to make the code more structured,
and to make it more symmetrical to the LocalObjects classes. It also
contains the methods for creating the conservative approximations of info
flow for library classes.
3) The only object you need to create yourself is the InfoFlowAnalysis.
Then you use it to get everything else. Try this:
package mytransformer;
import soot.*;
import java.util.*;
import soot.jimple.toolkits.callgraph.*;
import soot.jimple.toolkits.infoflow.*;
public class myInfoFlowAnalysis extends SceneTransformer {
public static void main(String[] args) {
if (args.length == 0)
System.exit(-1);
PackManager.v().getPack("wjtp").add(
new Transform("wjtp.mytransform",
myInfoFlowAnalysis.v()));
soot.Main.main(args);
}
private static myInfoFlowAnalysis instance = null;
public static myInfoFlowAnalysis v() {
if (instance == null)
return (instance = new myInfoFlowAnalysis());
return instance;
}
protected void internalTransform(String phaseName, Map options) {
InfoFlowAnalysis ifa= new InfoFlowAnalysis(false,false);
CallGraph cg = Scene.v().getCallGraph();
// Find every application class
List heads = new LinkedList();
Iterator getClassesIt =
Scene.v().getApplicationClasses().iterator();
while (getClassesIt.hasNext()) {
SootClass appClass = (SootClass) getClassesIt.next();
Iterator methodsIt =appClass.getMethods().iterator();
while(methodsIt.hasNext()) {
SootMethod method = (SootMethod)
methodsIt.next();
DirectedGraph flowSummary =
ifa.getMethodInfoFlowSummary(method);
InfoFlowAnalysis.printInfoFlowSummary(flowSummary);
}
}
}
}
You can also get a graph showing the detailed flow within a method (like the
flow summary but includes local variables and has not been collapsed down to
single-hop relationships only). This graph will contain special "sourcesof"
nodes that you'll need to be aware of... flow directed into a "sourcesof"
node is meant to flow to the object that the "sourcesof" node's only
out-edge's destination is a part of. If this is confusing (and reading it
back, I think it is!), and it's something you need to use, just ask me for
more details.
SmartMethodInfoFlowAnalysis mFlow =
InfoFlowAnalysis.getMethodInfoFlowAnalysis(method);
mFlow.getMethodInfoFlowSummary(); // same as above
mFlow.getMethodAbbreviatedInfoFlowGraph(); // includes local vars and full
graph structure
-Richard
On Tue, Aug 12, 2008 at 7:44 PM, jiangfan shi <jiangfan.shi at gmail.com>wrote:
> Hi, Richard,
>
> I looked through soot.jimple.toolkits.infoflow package. There are 14
> classes in this package. I wonder if I can classify them as following:
>
> 1. infoFlowAnalysis
> ClassInfoFlowAnalysis
> InfoFlowAnalysis
> SimpleMethodInfoFlowAnalysis
> SmartMethodInfoFlowAnalysis
>
> 2. objectAnalysis
> ClassLocalObjectsAnalysis
> LocalObjectsAnalysis
> SimpleMethodLocalObjectsAnalysis
> SmartMethodLocalObjectsAnalysis
>
> 3. supportive classes
>
> AbstractDataSource
> CachedEquivalentValue
> CallChain
> CallLocalityContext
> FakeJimpleLocal
>
> Then I have several understandings which maybe related to concepts of
> infoFlowAnalysis and the code of infoFlowAnalysis. If you find
> anything wrong, could you please correct me there? thanks.
>
> 1. About the data flow graph
>
> From looking at code, the data flow graph is not a call-graph, and
> it is a complete graph for a class. Every node is a global static
> field, parameter of a method or class field.
>
> 2. About the flow summary for each method
>
> Each entry in a flow summary records which static field, class field
> or method parameter is used inside the method. If I understand this
> correctly, the scope of the information flow analysis is only for a
> class and not for inter-classes. For example, there is a situation
> where a variable is defined in a method m1 in the class A, and it is
> passed as a parameter for a method m2 in the class B. We only consider
> m1 and m2 separately. When we consider m1 or m2, we only records which
> method parameter is used inside the method, and we do not consider
> further which variable is passed to the parameter.
>
> 3. About running the code
>
> I wrote down following piece of code to run the infoFlowAnalysis. Is
> this roughly correct? Anyway I am going to run and see what happened.
>
> package mytransformer;
> import soot.*;
> import java.util.*;
> import soot.jimple.toolkits.callgraph.*;
> import soot.jimple.toolkits.infoflow.*;
>
> public class myInfoFlowAnalysis extends SceneTransformer {
> public static void main(String[] args) {
> if (args.length == 0)
> System.exit(-1);
> PackManager.v().getPack("wjtp").add(
> new Transform("wjtp.mytransform",
> myInfoFlowAnalysis.v()));
> soot.Main.main(args);
> }
>
> private static myInfoFlowAnalysis instance = null;
>
> public static myInfoFlowAnalysis v() {
> if (instance == null)
> return (instance = new myInfoFlowAnalysis());
> return instance;
> }
>
> protected void internalTransform(String phaseName, Map options) {
> InfoFlowAnalysis ifa= new InfoFlowAnalysis(false,false);
>
> CallGraph cg = Scene.v().getCallGraph();
> // Find every application class
> List heads = new LinkedList();
> Iterator getClassesIt =
> Scene.v().getApplicationClasses().iterator();
> while (getClassesIt.hasNext()) {
> SootClass appClass = (SootClass)
> getClassesIt.next();
> //is this enough to begin a infoAnalysis?
> ClassInfoFlowAnalysis cifa= new
> ClassInfoFlowAnalysis(appClass,ifa);
> }
> }
> }
>
> Thanks in advance.
>
> Jiangfan
>
>
> > Also, I wrote the soot.jimple.toolkits.infoflow package which tracks
> > explicit information flow (flow via assignments, but not via control
> > decisions). The package is not very user friendly.
>
> You would have to
> > invoke it manually by constructing an InfoFlowAnalysis object (no command
> > line option).
>
> It works by generating a whole-program data flow graph (using
> > a very conservative approximation for flow occuring within the class
> > library).
>
> The analysis will then provide you with flow summaries for each
> > method that describe what method parameters, class fields, and static
> fields
> > flow to each other or to the method's return value.
>
> There are some
> > granularity options for the results, and also the option to include or
> > exclude primitive data flow (ie, you can do just objects if you want).
> >
> > -Richard
> >
> > On Tue, Aug 12, 2008 at 8:25 AM, jiangfan shi <jiangfan.shi at gmail.com>
> > wrote:
> >>
> >> Hi, All,
> >>
> >> I am doing a project requiring a inter-procedure data dependency
> >> analysis (def-use). Before I dig into the coding by myself for the
> >> task, I wonder if there are some available data-flow analysis or
> >> similar analysis in Soot?
> >>
> >> Thanks in advance.
> >>
> >> Jiangfan
> >> _______________________________________________
> >> Soot-list mailing list
> >> Soot-list at sable.mcgill.ca
> >> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20080813/94e45baa/attachment.htm
More information about the Soot-list
mailing list