[Soot-list] Re: questions about soot.jimple.toolkits.infoflow package

jiangfan shi jiangfan.shi at gmail.com
Wed Aug 13 14:29:47 EDT 2008 

Thanks, Richard. From (2), I understand the infoFlowAnalysis is a
inter-procedure analysis. The reason is because the dataFlowGraph,
constructed by the infoFlowAnalysis, connects variables(static,
instance field, local variables) in a method m1 to parameters of the
method 2 when m1 calls m2 inside m1's body.  From (3), I am going to
dig into the methodInfoFlowGraph to look for these connections between
methods.

Anyway I think I am going to look through your code more thoroughly
before I ask some other questions.

Thanks for your exellent explanations. That is really really helpful.

Best,
Jiangfan

On Wed, Aug 13, 2008 at 12:36 PM, Richard L. Halpert
<richardlhalpert at gmail.com> wrote:
> Jianfan,
> 1) Your classification is correct.  I should mention that
> SimpleMethodInfoFlowAnalysis and SimpleMethodLocalObjectsAnalysis are both
> broken and should be deprecated.
>
> 2) Not exactly... the "InfoFlowSummary" for a method M is a directed graph
> whose nodes represent instance fields, static fields, parameters, and the
> return value of the method, and whose edges represent explicit data flow.
> This *includes* data flow that happens within methods that M calls.  The
> InfoFlowAnalysis will create a SmartMethodInfoFlowAnalysis for M, which will
> create a SmartMethodInfoFlowAnalysis for every application method that M
> calls.  This is the interprocedural part.
>
> ClassInfoFlowAnalysis is simply a container for a bunch of
> SmartMethodInfoFlowAnalyses.  It's there to make the code more structured,
> and to make it more symmetrical to the LocalObjects classes.  It also
> contains the methods for creating the conservative approximations of info
> flow for library classes.
>
> 3) The only object you need to create yourself is the InfoFlowAnalysis.
> Then you use it to get everything else.  Try this:
>
> package mytransformer;
> import soot.*;
> import java.util.*;
> import soot.jimple.toolkits.
> callgraph.*;
> import soot.jimple.toolkits.infoflow.*;
>
> public class myInfoFlowAnalysis extends SceneTransformer {
>        public static void main(String[] args) {
>                if (args.length == 0)
>                        System.exit(-1);
>                PackManager.v().getPack("wjtp").add(
>                                new Transform("wjtp.mytransform",
> myInfoFlowAnalysis.v()));
>                soot.Main.main(args);
>        }
>
>        private static myInfoFlowAnalysis instance = null;
>
>        public static myInfoFlowAnalysis v() {
>                if (instance == null)
>                        return (instance = new myInfoFlowAnalysis());
>                return instance;
>        }
>
>        protected void internalTransform(String phaseName, Map options) {
>                InfoFlowAnalysis ifa= new InfoFlowAnalysis(false,false);
>
>                CallGraph cg = Scene.v().getCallGraph();
>                // Find every application  class
>                List heads = new LinkedList();
>                Iterator getClassesIt =
> Scene.v().getApplicationClasses().iterator();
>                while (getClassesIt.hasNext()) {
>                        SootClass appClass = (SootClass) getClassesIt.next();
>                        Iterator methodsIt =appClass.getMethods().iterator();
>                        while(methodsIt.hasNext()) {
>                                SootMethod method = (SootMethod)
> methodsIt.next();
>                                DirectedGraph flowSummary =
> ifa.getMethodInfoFlowSummary(method);
>
> InfoFlowAnalysis.printInfoFlowSummary(flowSummary);
>                        }
>                }
>        }
> }
>
> You can also get a graph showing the detailed flow within a method (like the
> flow summary but includes local variables and has not been collapsed down to
> single-hop relationships only).  This graph will contain special "sourcesof"
> nodes that you'll need to be aware of... flow directed into a "sourcesof"
> node is meant to flow to the object that the "sourcesof" node's only
> out-edge's destination is a part of.  If this is confusing (and reading it
> back, I think it is!), and it's something you need to use, just ask me for
> more details.
>
> SmartMethodInfoFlowAnalysis mFlow =
> InfoFlowAnalysis.getMethodInfoFlowAnalysis(method);
> mFlow.getMethodInfoFlowSummary(); // same as above
> mFlow.getMethodAbbreviatedInfoFlowGraph(); // includes local vars and full
> graph structure
>
> -Richard
>
> On Tue, Aug 12, 2008 at 7:44 PM, jiangfan shi <jiangfan.shi at gmail.com>
> wrote:
>>
>> Hi, Richard,
>>
>> I looked through soot.jimple.toolkits.infoflow package. There are 14
>> classes in this package. I wonder if I can classify them as following:
>>
>> 1. infoFlowAnalysis
>> ClassInfoFlowAnalysis
>> InfoFlowAnalysis
>> SimpleMethodInfoFlowAnalysis
>> SmartMethodInfoFlowAnalysis
>>
>> 2. objectAnalysis
>> ClassLocalObjectsAnalysis
>> LocalObjectsAnalysis
>> SimpleMethodLocalObjectsAnalysis
>> SmartMethodLocalObjectsAnalysis
>>
>> 3. supportive classes
>>
>> AbstractDataSource
>> CachedEquivalentValue
>> CallChain
>> CallLocalityContext
>> FakeJimpleLocal
>>
>> Then I have several understandings which maybe related to concepts of
>> infoFlowAnalysis and the code of infoFlowAnalysis.  If you find
>> anything wrong, could you please correct me there? thanks.
>>
>> 1. About the data flow graph
>>
>>   From looking at code, the data flow graph is not a call-graph, and
>> it is a complete graph for a class.  Every node is a global static
>> field, parameter of a method or class field.
>>
>> 2. About the flow summary for each method
>>
>> Each entry in a flow summary records which static field, class field
>> or method parameter is used inside the method. If I understand this
>> correctly, the scope of the information flow analysis is only for a
>> class and not for inter-classes. For example, there is a situation
>> where a variable is defined in a method m1 in the class A, and it is
>> passed as a parameter for a method m2 in the class B. We only consider
>> m1 and m2 separately. When we consider m1 or m2, we only records which
>> method parameter is used inside the method, and we do not consider
>> further which variable is passed to the parameter.
>>
>> 3. About running the code
>>
>> I wrote down following piece of code to run the infoFlowAnalysis. Is
>> this roughly correct? Anyway I am going to run and see what happened.
>>
>> package mytransformer;
>> import soot.*;
>> import java.util.*;
>> import soot.jimple.toolkits.callgraph.*;
>> import soot.jimple.toolkits.infoflow.*;
>>
>> public class myInfoFlowAnalysis extends SceneTransformer {
>>        public static void main(String[] args) {
>>                if (args.length == 0)
>>                        System.exit(-1);
>>                PackManager.v().getPack("wjtp").add(
>>                                new Transform("wjtp.mytransform",
>> myInfoFlowAnalysis.v()));
>>                soot.Main.main(args);
>>        }
>>
>>        private static myInfoFlowAnalysis instance = null;
>>
>>        public static myInfoFlowAnalysis v() {
>>                if (instance == null)
>>                        return (instance = new myInfoFlowAnalysis());
>>                return instance;
>>        }
>>
>>        protected void internalTransform(String phaseName, Map options) {
>>                InfoFlowAnalysis ifa= new InfoFlowAnalysis(false,false);
>>
>>                CallGraph cg = Scene.v().getCallGraph();
>>                // Find every application  class
>>                List heads = new LinkedList();
>>                Iterator getClassesIt =
>> Scene.v().getApplicationClasses().iterator();
>>                while (getClassesIt.hasNext()) {
>>                        SootClass appClass = (SootClass)
>> getClassesIt.next();
>>                        //is this enough to begin a infoAnalysis?
>>                        ClassInfoFlowAnalysis   cifa= new
>> ClassInfoFlowAnalysis(appClass,ifa);
>>                }
>>        }
>> }
>>
>> Thanks in advance.
>>
>> Jiangfan
>>
>>
>> > Also, I wrote the soot.jimple.toolkits.infoflow package which tracks
>> > explicit information flow (flow via assignments, but not via control
>> > decisions).  The package is not very user friendly.
>>
>> You would have to
>> > invoke it manually by constructing an InfoFlowAnalysis object (no
>> > command
>> > line option).
>>
>> It works by generating a whole-program data flow graph (using
>> > a very conservative approximation for flow occuring within the class
>> > library).
>>
>> The analysis will then provide you with flow summaries for each
>> > method that describe what method parameters, class fields, and static
>> > fields
>> > flow to each other or to the method's return value.
>>
>> There are some
>> > granularity options for the results, and also the option to include or
>> > exclude primitive data flow (ie, you can do just objects if you want).
>> >
>> > -Richard
>> >
>> > On Tue, Aug 12, 2008 at 8:25 AM, jiangfan shi <jiangfan.shi at gmail.com>
>> > wrote:
>> >>
>> >> Hi, All,
>> >>
>> >> I am doing a project requiring a inter-procedure data dependency
>> >> analysis (def-use). Before I dig into the coding by myself for the
>> >> task, I wonder if  there are some available data-flow analysis  or
>> >> similar analysis in Soot?
>> >>
>> >> Thanks in advance.
>> >>
>> >> Jiangfan
>> >> _______________________________________________
>> >> Soot-list mailing list
>> >> Soot-list at sable.mcgill.ca
>> >> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >
>> >
>
>

More information about the Soot-list mailing list