[Soot-list] Re: questions about soot.jimple.toolkits.infoflow
package
jiangfan shi
jiangfan.shi at gmail.com
Wed Aug 13 14:29:47 EDT 2008
Thanks, Richard. From (2), I understand the infoFlowAnalysis is a
inter-procedure analysis. The reason is because the dataFlowGraph,
constructed by the infoFlowAnalysis, connects variables(static,
instance field, local variables) in a method m1 to parameters of the
method 2 when m1 calls m2 inside m1's body. From (3), I am going to
dig into the methodInfoFlowGraph to look for these connections between
methods.
Anyway I think I am going to look through your code more thoroughly
before I ask some other questions.
Thanks for your exellent explanations. That is really really helpful.
Best,
Jiangfan
On Wed, Aug 13, 2008 at 12:36 PM, Richard L. Halpert
<richardlhalpert at gmail.com> wrote:
> Jianfan,
> 1) Your classification is correct. I should mention that
> SimpleMethodInfoFlowAnalysis and SimpleMethodLocalObjectsAnalysis are both
> broken and should be deprecated.
>
> 2) Not exactly... the "InfoFlowSummary" for a method M is a directed graph
> whose nodes represent instance fields, static fields, parameters, and the
> return value of the method, and whose edges represent explicit data flow.
> This *includes* data flow that happens within methods that M calls. The
> InfoFlowAnalysis will create a SmartMethodInfoFlowAnalysis for M, which will
> create a SmartMethodInfoFlowAnalysis for every application method that M
> calls. This is the interprocedural part.
>
> ClassInfoFlowAnalysis is simply a container for a bunch of
> SmartMethodInfoFlowAnalyses. It's there to make the code more structured,
> and to make it more symmetrical to the LocalObjects classes. It also
> contains the methods for creating the conservative approximations of info
> flow for library classes.
>
> 3) The only object you need to create yourself is the InfoFlowAnalysis.
> Then you use it to get everything else. Try this:
>
> package mytransformer;
> import soot.*;
> import java.util.*;
> import soot.jimple.toolkits.
> callgraph.*;
> import soot.jimple.toolkits.infoflow.*;
>
> public class myInfoFlowAnalysis extends SceneTransformer {
> public static void main(String[] args) {
> if (args.length == 0)
> System.exit(-1);
> PackManager.v().getPack("wjtp").add(
> new Transform("wjtp.mytransform",
> myInfoFlowAnalysis.v()));
> soot.Main.main(args);
> }
>
> private static myInfoFlowAnalysis instance = null;
>
> public static myInfoFlowAnalysis v() {
> if (instance == null)
> return (instance = new myInfoFlowAnalysis());
> return instance;
> }
>
> protected void internalTransform(String phaseName, Map options) {
> InfoFlowAnalysis ifa= new InfoFlowAnalysis(false,false);
>
> CallGraph cg = Scene.v().getCallGraph();
> // Find every application class
> List heads = new LinkedList();
> Iterator getClassesIt =
> Scene.v().getApplicationClasses().iterator();
> while (getClassesIt.hasNext()) {
> SootClass appClass = (SootClass) getClassesIt.next();
> Iterator methodsIt =appClass.getMethods().iterator();
> while(methodsIt.hasNext()) {
> SootMethod method = (SootMethod)
> methodsIt.next();
> DirectedGraph flowSummary =
> ifa.getMethodInfoFlowSummary(method);
>
> InfoFlowAnalysis.printInfoFlowSummary(flowSummary);
> }
> }
> }
> }
>
> You can also get a graph showing the detailed flow within a method (like the
> flow summary but includes local variables and has not been collapsed down to
> single-hop relationships only). This graph will contain special "sourcesof"
> nodes that you'll need to be aware of... flow directed into a "sourcesof"
> node is meant to flow to the object that the "sourcesof" node's only
> out-edge's destination is a part of. If this is confusing (and reading it
> back, I think it is!), and it's something you need to use, just ask me for
> more details.
>
> SmartMethodInfoFlowAnalysis mFlow =
> InfoFlowAnalysis.getMethodInfoFlowAnalysis(method);
> mFlow.getMethodInfoFlowSummary(); // same as above
> mFlow.getMethodAbbreviatedInfoFlowGraph(); // includes local vars and full
> graph structure
>
> -Richard
>
> On Tue, Aug 12, 2008 at 7:44 PM, jiangfan shi <jiangfan.shi at gmail.com>
> wrote:
>>
>> Hi, Richard,
>>
>> I looked through soot.jimple.toolkits.infoflow package. There are 14
>> classes in this package. I wonder if I can classify them as following:
>>
>> 1. infoFlowAnalysis
>> ClassInfoFlowAnalysis
>> InfoFlowAnalysis
>> SimpleMethodInfoFlowAnalysis
>> SmartMethodInfoFlowAnalysis
>>
>> 2. objectAnalysis
>> ClassLocalObjectsAnalysis
>> LocalObjectsAnalysis
>> SimpleMethodLocalObjectsAnalysis
>> SmartMethodLocalObjectsAnalysis
>>
>> 3. supportive classes
>>
>> AbstractDataSource
>> CachedEquivalentValue
>> CallChain
>> CallLocalityContext
>> FakeJimpleLocal
>>
>> Then I have several understandings which maybe related to concepts of
>> infoFlowAnalysis and the code of infoFlowAnalysis. If you find
>> anything wrong, could you please correct me there? thanks.
>>
>> 1. About the data flow graph
>>
>> From looking at code, the data flow graph is not a call-graph, and
>> it is a complete graph for a class. Every node is a global static
>> field, parameter of a method or class field.
>>
>> 2. About the flow summary for each method
>>
>> Each entry in a flow summary records which static field, class field
>> or method parameter is used inside the method. If I understand this
>> correctly, the scope of the information flow analysis is only for a
>> class and not for inter-classes. For example, there is a situation
>> where a variable is defined in a method m1 in the class A, and it is
>> passed as a parameter for a method m2 in the class B. We only consider
>> m1 and m2 separately. When we consider m1 or m2, we only records which
>> method parameter is used inside the method, and we do not consider
>> further which variable is passed to the parameter.
>>
>> 3. About running the code
>>
>> I wrote down following piece of code to run the infoFlowAnalysis. Is
>> this roughly correct? Anyway I am going to run and see what happened.
>>
>> package mytransformer;
>> import soot.*;
>> import java.util.*;
>> import soot.jimple.toolkits.callgraph.*;
>> import soot.jimple.toolkits.infoflow.*;
>>
>> public class myInfoFlowAnalysis extends SceneTransformer {
>> public static void main(String[] args) {
>> if (args.length == 0)
>> System.exit(-1);
>> PackManager.v().getPack("wjtp").add(
>> new Transform("wjtp.mytransform",
>> myInfoFlowAnalysis.v()));
>> soot.Main.main(args);
>> }
>>
>> private static myInfoFlowAnalysis instance = null;
>>
>> public static myInfoFlowAnalysis v() {
>> if (instance == null)
>> return (instance = new myInfoFlowAnalysis());
>> return instance;
>> }
>>
>> protected void internalTransform(String phaseName, Map options) {
>> InfoFlowAnalysis ifa= new InfoFlowAnalysis(false,false);
>>
>> CallGraph cg = Scene.v().getCallGraph();
>> // Find every application class
>> List heads = new LinkedList();
>> Iterator getClassesIt =
>> Scene.v().getApplicationClasses().iterator();
>> while (getClassesIt.hasNext()) {
>> SootClass appClass = (SootClass)
>> getClassesIt.next();
>> //is this enough to begin a infoAnalysis?
>> ClassInfoFlowAnalysis cifa= new
>> ClassInfoFlowAnalysis(appClass,ifa);
>> }
>> }
>> }
>>
>> Thanks in advance.
>>
>> Jiangfan
>>
>>
>> > Also, I wrote the soot.jimple.toolkits.infoflow package which tracks
>> > explicit information flow (flow via assignments, but not via control
>> > decisions). The package is not very user friendly.
>>
>> You would have to
>> > invoke it manually by constructing an InfoFlowAnalysis object (no
>> > command
>> > line option).
>>
>> It works by generating a whole-program data flow graph (using
>> > a very conservative approximation for flow occuring within the class
>> > library).
>>
>> The analysis will then provide you with flow summaries for each
>> > method that describe what method parameters, class fields, and static
>> > fields
>> > flow to each other or to the method's return value.
>>
>> There are some
>> > granularity options for the results, and also the option to include or
>> > exclude primitive data flow (ie, you can do just objects if you want).
>> >
>> > -Richard
>> >
>> > On Tue, Aug 12, 2008 at 8:25 AM, jiangfan shi <jiangfan.shi at gmail.com>
>> > wrote:
>> >>
>> >> Hi, All,
>> >>
>> >> I am doing a project requiring a inter-procedure data dependency
>> >> analysis (def-use). Before I dig into the coding by myself for the
>> >> task, I wonder if there are some available data-flow analysis or
>> >> similar analysis in Soot?
>> >>
>> >> Thanks in advance.
>> >>
>> >> Jiangfan
>> >> _______________________________________________
>> >> Soot-list mailing list
>> >> Soot-list at sable.mcgill.ca
>> >> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >
>> >
>
>
More information about the Soot-list
mailing list