[Soot-list] how does infoFlowAnalysis handle interfaceinvoke ?
jiangfan shi
jiangfan.shi at gmail.com
Tue Aug 19 10:56:46 EDT 2008
> report the edge. A less precise analysis like CHA may give you
> "spurious" call edges like the one from start() to open3().
Thanks Eric. I used the CHA as the call graph constructor in my
example, but I still did not see these edges.
My options are the following:
-w -main-class hello.helloworld -p cg.cha on -f jimple --app hello.helloworld
Just curious. Maybe CHA in soot integrate the point-to analysis by
default? If so, are there some options to turn this off?
Jiangfan
>
> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>> Thanks Eric for the explanation. There is one extra question.
>>
>>> uses no points-to sets. That makes it faster but much less precise as
>>> you can see in your example.
>>
>> Should the "less precise" mean that these edges should appear in the
>> produced call graph?
>> That is, the start() to open3() should appear in the call graph?
>>
>> Jiangfan
>>
>>
>>
>>
>>>>>>
>>>>>> In case we can not attach a file to the mail list. I put all source
>>>>>> files in the following:
>>>>>>
>>>>>>
>>>>>> ============cg exploration===============
>>>>>> package mytransformer;
>>>>>>
>>>>>> import soot.*;
>>>>>>
>>>>>> import java.io.BufferedWriter;
>>>>>> import java.io.FileWriter;
>>>>>> import java.util.*;
>>>>>>
>>>>>> import soot.jimple.toolkits.callgraph.*;
>>>>>>
>>>>>> public class TestMyTransformer extends SceneTransformer {
>>>>>>
>>>>>> public static void main(String[] args) {
>>>>>> if (args.length == 0)
>>>>>> System.exit(-1);
>>>>>> PackManager.v().getPack("wjtp").add(
>>>>>> new Transform("wjtp.mytransform", TestMyTransformer.v()));
>>>>>> soot.Main.main(args);
>>>>>> }
>>>>>>
>>>>>> private static TestMyTransformer instance = null;
>>>>>>
>>>>>> public static TestMyTransformer v() {
>>>>>> if (instance == null)
>>>>>> return (instance = new TestMyTransformer());
>>>>>> return instance;
>>>>>> }
>>>>>>
>>>>>> protected void internalTransform(String phaseName, Map options) {
>>>>>> CallGraph cg = Scene.v().getCallGraph();
>>>>>> System.out.println("Call graph + " + cg);
>>>>>> }
>>>>>>
>>>>>> public void writetofile(CallGraph cg) {
>>>>>> try {
>>>>>> // Create file
>>>>>> FileWriter fstream = new FileWriter("out22.txt");
>>>>>> BufferedWriter out = new BufferedWriter(fstream);
>>>>>> out.write(cg.toString());
>>>>>> // Close the output stream
>>>>>> out.close();
>>>>>> } catch (Exception e) {// Catch exception if any
>>>>>> System.err.println("Error: " + e.getMessage());
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> =======main class helloworld ====
>>>>>> package hello;
>>>>>> public class helloworld {
>>>>>> helloworld3 tmp;
>>>>>>
>>>>>> helloworld(helloworld3 hw3){
>>>>>> tmp=hw3;
>>>>>> }
>>>>>>
>>>>>> public void start(){
>>>>>> System.out.println("start");
>>>>>>
>>>>>> if(tmp.hw3tmp!=null)
>>>>>> tmp.hw3tmp.open3();
>>>>>> }
>>>>>>
>>>>>> public static void main(String[] args){
>>>>>>
>>>>>> helloworld3 hw33=new helloworld3();
>>>>>> helloworld hw=new helloworld(hw33);
>>>>>> hw.start();
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> class helloworld3 {
>>>>>> myInter hw3tmp;
>>>>>>
>>>>>> helloworld3(){
>>>>>> hw3tmp=null;
>>>>>> }
>>>>>>
>>>>>> void setup(myInter mi){
>>>>>> hw3tmp=mi;
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> =======Interface myInter ====
>>>>>> package hello;
>>>>>> public interface myInter {
>>>>>> public void open3();
>>>>>>
>>>>>> }
>>>>>> ==========One implementation impl1========
>>>>>> package hello;
>>>>>> public class myinter1 implements myInter{
>>>>>> public void open3(){
>>>>>> System.out.println("myinter1");
>>>>>>
>>>>>> }
>>>>>> }
>>>>>> ==========One implementation impl2========
>>>>>> package hello;
>>>>>> public class myinter2 implements myInter {
>>>>>>
>>>>>> public void open3() {
>>>>>> // TODO Auto-generated method stub
>>>>>> System.out.println("myinter2");
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> ==============source code over===================
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 19, 2008 at 7:50 AM, Eric Bodden <eric.bodden at mail.mcgill.ca> wrote:
>>>>>>> Hi.
>>>>>>>
>>>>>>> Which call edge exactly do you find missing from the example below? I
>>>>>>> need a concrete and complete runnable example to be able to decide if
>>>>>>> this is or is not a bug.
>>>>>>>
>>>>>>> Eric
>>>>>>>
>>>>>>> 2008/8/18 jiangfan shi <jiangfan.shi at gmail.com>:
>>>>>>>> Thanks, Li xin.
>>>>>>>>
>>>>>>>> I have tried to use spark and cha (default option) to construct the
>>>>>>>> call graph. As you said, the generated call graph does not have
>>>>>>>> related interfaceInvoke edges. That is, there is not edge which
>>>>>>>> connects the main function to impl1.open() or impl2.open(). And even,
>>>>>>>> there is no edge between the main function and the interface
>>>>>>>> Inter1.open().
>>>>>>>>
>>>>>>>> My options are following:
>>>>>>>>
>>>>>>>> spark:
>>>>>>>>
>>>>>>>> -w -main-class helloworld -p cg.spark rta:true;on-fly-cg:true -f
>>>>>>>> jimple --app helloworld
>>>>>>>>
>>>>>>>> cha:
>>>>>>>>
>>>>>>>> -w -main-class helloworld -p cg.cha on -f jimple --app helloworld
>>>>>>>>
>>>>>>>> The following is my simplifiedcode.
>>>>>>>>
>>>>>>>> =======main class helloworld ====
>>>>>>>>
>>>>>>>> public class helloworld {
>>>>>>>> helloworld3 tmp;
>>>>>>>>
>>>>>>>> helloworld(helloworld3 hw3){
>>>>>>>> tmp=hw3;
>>>>>>>> }
>>>>>>>>
>>>>>>>> public void start(){
>>>>>>>> System.out.println("start");
>>>>>>>>
>>>>>>>> if(tmp.hw3tmp!=null)
>>>>>>>> tmp.hw3tmp.open3();
>>>>>>>> }
>>>>>>>>
>>>>>>>> public static void main(String[] args){
>>>>>>>>
>>>>>>>> helloworld3 hw33=new helloworld3();
>>>>>>>> helloworld hw=new helloworld(hw33);
>>>>>>>> hw.start();
>>>>>>>> }
>>>>>>>> }
>>>>>>>>
>>>>>>>> =============Another Class helloworld3============
>>>>>>>> class helloworld3 {
>>>>>>>> myInter hw3tmp;
>>>>>>>>
>>>>>>>> helloworld3(){
>>>>>>>> hw3tmp=null;
>>>>>>>> }
>>>>>>>>
>>>>>>>> void setup(myInter mi){
>>>>>>>> hw3tmp=mi;
>>>>>>>> }
>>>>>>>> }
>>>>>>>>
>>>>>>>> =======Interface myInter ====
>>>>>>>> public interface myInter {
>>>>>>>> public void open3();
>>>>>>>>
>>>>>>>> }
>>>>>>>> ==========One implementation impl1========
>>>>>>>>
>>>>>>>> public class myinter1 implements myInter{
>>>>>>>> public void open3(){
>>>>>>>> System.out.println("myinter1");
>>>>>>>>
>>>>>>>> }
>>>>>>>> }
>>>>>>>> ==========One implementation impl2========
>>>>>>>>
>>>>>>>> public class myinter2 implements myInter {
>>>>>>>>
>>>>>>>> public void open3() {
>>>>>>>> // TODO Auto-generated method stub
>>>>>>>> System.out.println("myinter2");
>>>>>>>> }
>>>>>>>>
>>>>>>>> }
>>>>>>>>
>>>>>>>> Any ideas? Thanks.
>>>>>>>> Jiangfan
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Aug 18, 2008 at 9:35 AM, li xin <li-xin at jaist.ac.jp> wrote:
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I am wondering it is the issue of whether the underlying points-to analysis
>>>>>>>>> properly handle InterfaceInvoke.
>>>>>>>>>
>>>>>>>>> FYI:
>>>>>>>>> This question reminds me a related problem I ever encountered. I run
>>>>>>>>> cg.spark (with default options on mind) on some package, but edges of
>>>>>>>>> InterfaceInvoke are lost in the generated call graph (while CHA handles them
>>>>>>>>> properly).
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Thanks and Best Regards, LI
>>>>>>>>>
>>>>>>>>> On Mon, Aug 18, 2008 at 10:45 PM, jiangfan shi <jiangfan.shi at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I found the infoFlowAnalysis does not do dynamic bindings for the
>>>>>>>>>> interfaceinvoke statement. Am I right?
>>>>>>>>>>
>>>>>>>>>> For exmaple, I have an interface Interf1, which defines a method
>>>>>>>>>> open(). Two implementations impl1 and impl2 implement the Interf1.
>>>>>>>>>> Then I have following simplified statements;
>>>>>>>>>>
>>>>>>>>>> ==============
>>>>>>>>>> Interf1 tmp1;
>>>>>>>>>>
>>>>>>>>>> if(tmp1!=null){
>>>>>>>>>> tmp1.open().
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> ==============
>>>>>>>>>>
>>>>>>>>>> For this piece of code, the infoFlowAnalysis does not give two
>>>>>>>>>> possible method invocations, impl1.open() and impl2.open().
>>>>>>>>>> Furthermore the infoFlowAnalysis does not compute flow Summary for
>>>>>>>>>> these two methods.
>>>>>>>>>>
>>>>>>>>>> For the following piece of code, the infoFlowAnalysis does work
>>>>>>>>>> because there are explicitly assignments from impl1 or impl2 to the
>>>>>>>>>> Interf1.
>>>>>>>>>>
>>>>>>>>>> ==============
>>>>>>>>>> Interf1 tmp1;
>>>>>>>>>> if(args[0]=1){
>>>>>>>>>> tmp1=new impl1();
>>>>>>>>>> else
>>>>>>>>>> tmp1=new impl2();
>>>>>>>>>>
>>>>>>>>>> tmp1.open().
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> ==============
>>>>>>>>>> In this case, the infoFlowAnalysis will compute summaries for the two
>>>>>>>>>> methods, impl1.open() and impl2.open().
>>>>>>>>>>
>>>>>>>>>> So my question is that if the infoFlowAnalysis handle the
>>>>>>>>>> interfaceinvoke statement. Maybe I did not find some configurations of
>>>>>>>>>> the infoFlowAnalsysis, or I miss some other options.
>>>>>>>>>>
>>>>>>>>>> Thanks you in advance!
>>>>>>>>>>
>>>>>>>>>> Jiangfan
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Soot-list mailing list
>>>>>>>>>> Soot-list at sable.mcgill.ca
>>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Soot-list mailing list
>>>>>>>> Soot-list at sable.mcgill.ca
>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Eric Bodden
>>>>>>> Sable Research Group
>>>>>>> McGill University, Montréal, Canada
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Eric Bodden
>>>>> Sable Research Group
>>>>> McGill University, Montréal, Canada
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Eric Bodden
>>> Sable Research Group
>>> McGill University, Montréal, Canada
>>>
>>
>
>
>
> --
> Eric Bodden
> Sable Research Group
> McGill University, Montréal, Canada
>
More information about the Soot-list
mailing list