[Soot-list] how does infoFlowAnalysis handle interfaceinvoke ?
Eric Bodden
eric.bodden at mail.mcgill.ca
Tue Aug 19 11:26:53 EDT 2008
I am not sure how exactly CHA is implemented in Soot and why it does
not show these edges for you, but I know for sure that it does not
use points-to sets. Why would you insist on having an imprecise
analysis, though, if you can get a more precise one?
Eric
2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>> report the edge. A less precise analysis like CHA may give you
>> "spurious" call edges like the one from start() to open3().
>
> Thanks Eric. I used the CHA as the call graph constructor in my
> example, but I still did not see these edges.
>
> My options are the following:
> -w -main-class hello.helloworld -p cg.cha on -f jimple --app hello.helloworld
>
> Just curious. Maybe CHA in soot integrate the point-to analysis by
> default? If so, are there some options to turn this off?
>
> Jiangfan
>
>>
>> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>>> Thanks Eric for the explanation. There is one extra question.
>>>
>>>> uses no points-to sets. That makes it faster but much less precise as
>>>> you can see in your example.
>>>
>>> Should the "less precise" mean that these edges should appear in the
>>> produced call graph?
>>> That is, the start() to open3() should appear in the call graph?
>>>
>>> Jiangfan
>>>
>>>
>>>
>>>
>>>>>>>
>>>>>>> In case we can not attach a file to the mail list. I put all source
>>>>>>> files in the following:
>>>>>>>
>>>>>>>
>>>>>>> ============cg exploration===============
>>>>>>> package mytransformer;
>>>>>>>
>>>>>>> import soot.*;
>>>>>>>
>>>>>>> import java.io.BufferedWriter;
>>>>>>> import java.io.FileWriter;
>>>>>>> import java.util.*;
>>>>>>>
>>>>>>> import soot.jimple.toolkits.callgraph.*;
>>>>>>>
>>>>>>> public class TestMyTransformer extends SceneTransformer {
>>>>>>>
>>>>>>> public static void main(String[] args) {
>>>>>>> if (args.length == 0)
>>>>>>> System.exit(-1);
>>>>>>> PackManager.v().getPack("wjtp").add(
>>>>>>> new Transform("wjtp.mytransform", TestMyTransformer.v()));
>>>>>>> soot.Main.main(args);
>>>>>>> }
>>>>>>>
>>>>>>> private static TestMyTransformer instance = null;
>>>>>>>
>>>>>>> public static TestMyTransformer v() {
>>>>>>> if (instance == null)
>>>>>>> return (instance = new TestMyTransformer());
>>>>>>> return instance;
>>>>>>> }
>>>>>>>
>>>>>>> protected void internalTransform(String phaseName, Map options) {
>>>>>>> CallGraph cg = Scene.v().getCallGraph();
>>>>>>> System.out.println("Call graph + " + cg);
>>>>>>> }
>>>>>>>
>>>>>>> public void writetofile(CallGraph cg) {
>>>>>>> try {
>>>>>>> // Create file
>>>>>>> FileWriter fstream = new FileWriter("out22.txt");
>>>>>>> BufferedWriter out = new BufferedWriter(fstream);
>>>>>>> out.write(cg.toString());
>>>>>>> // Close the output stream
>>>>>>> out.close();
>>>>>>> } catch (Exception e) {// Catch exception if any
>>>>>>> System.err.println("Error: " + e.getMessage());
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> =======main class helloworld ====
>>>>>>> package hello;
>>>>>>> public class helloworld {
>>>>>>> helloworld3 tmp;
>>>>>>>
>>>>>>> helloworld(helloworld3 hw3){
>>>>>>> tmp=hw3;
>>>>>>> }
>>>>>>>
>>>>>>> public void start(){
>>>>>>> System.out.println("start");
>>>>>>>
>>>>>>> if(tmp.hw3tmp!=null)
>>>>>>> tmp.hw3tmp.open3();
>>>>>>> }
>>>>>>>
>>>>>>> public static void main(String[] args){
>>>>>>>
>>>>>>> helloworld3 hw33=new helloworld3();
>>>>>>> helloworld hw=new helloworld(hw33);
>>>>>>> hw.start();
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> class helloworld3 {
>>>>>>> myInter hw3tmp;
>>>>>>>
>>>>>>> helloworld3(){
>>>>>>> hw3tmp=null;
>>>>>>> }
>>>>>>>
>>>>>>> void setup(myInter mi){
>>>>>>> hw3tmp=mi;
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> =======Interface myInter ====
>>>>>>> package hello;
>>>>>>> public interface myInter {
>>>>>>> public void open3();
>>>>>>>
>>>>>>> }
>>>>>>> ==========One implementation impl1========
>>>>>>> package hello;
>>>>>>> public class myinter1 implements myInter{
>>>>>>> public void open3(){
>>>>>>> System.out.println("myinter1");
>>>>>>>
>>>>>>> }
>>>>>>> }
>>>>>>> ==========One implementation impl2========
>>>>>>> package hello;
>>>>>>> public class myinter2 implements myInter {
>>>>>>>
>>>>>>> public void open3() {
>>>>>>> // TODO Auto-generated method stub
>>>>>>> System.out.println("myinter2");
>>>>>>> }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> ==============source code over===================
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 19, 2008 at 7:50 AM, Eric Bodden <eric.bodden at mail.mcgill.ca> wrote:
>>>>>>>> Hi.
>>>>>>>>
>>>>>>>> Which call edge exactly do you find missing from the example below? I
>>>>>>>> need a concrete and complete runnable example to be able to decide if
>>>>>>>> this is or is not a bug.
>>>>>>>>
>>>>>>>> Eric
>>>>>>>>
>>>>>>>> 2008/8/18 jiangfan shi <jiangfan.shi at gmail.com>:
>>>>>>>>> Thanks, Li xin.
>>>>>>>>>
>>>>>>>>> I have tried to use spark and cha (default option) to construct the
>>>>>>>>> call graph. As you said, the generated call graph does not have
>>>>>>>>> related interfaceInvoke edges. That is, there is not edge which
>>>>>>>>> connects the main function to impl1.open() or impl2.open(). And even,
>>>>>>>>> there is no edge between the main function and the interface
>>>>>>>>> Inter1.open().
>>>>>>>>>
>>>>>>>>> My options are following:
>>>>>>>>>
>>>>>>>>> spark:
>>>>>>>>>
>>>>>>>>> -w -main-class helloworld -p cg.spark rta:true;on-fly-cg:true -f
>>>>>>>>> jimple --app helloworld
>>>>>>>>>
>>>>>>>>> cha:
>>>>>>>>>
>>>>>>>>> -w -main-class helloworld -p cg.cha on -f jimple --app helloworld
>>>>>>>>>
>>>>>>>>> The following is my simplifiedcode.
>>>>>>>>>
>>>>>>>>> =======main class helloworld ====
>>>>>>>>>
>>>>>>>>> public class helloworld {
>>>>>>>>> helloworld3 tmp;
>>>>>>>>>
>>>>>>>>> helloworld(helloworld3 hw3){
>>>>>>>>> tmp=hw3;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> public void start(){
>>>>>>>>> System.out.println("start");
>>>>>>>>>
>>>>>>>>> if(tmp.hw3tmp!=null)
>>>>>>>>> tmp.hw3tmp.open3();
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> public static void main(String[] args){
>>>>>>>>>
>>>>>>>>> helloworld3 hw33=new helloworld3();
>>>>>>>>> helloworld hw=new helloworld(hw33);
>>>>>>>>> hw.start();
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> =============Another Class helloworld3============
>>>>>>>>> class helloworld3 {
>>>>>>>>> myInter hw3tmp;
>>>>>>>>>
>>>>>>>>> helloworld3(){
>>>>>>>>> hw3tmp=null;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> void setup(myInter mi){
>>>>>>>>> hw3tmp=mi;
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> =======Interface myInter ====
>>>>>>>>> public interface myInter {
>>>>>>>>> public void open3();
>>>>>>>>>
>>>>>>>>> }
>>>>>>>>> ==========One implementation impl1========
>>>>>>>>>
>>>>>>>>> public class myinter1 implements myInter{
>>>>>>>>> public void open3(){
>>>>>>>>> System.out.println("myinter1");
>>>>>>>>>
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> ==========One implementation impl2========
>>>>>>>>>
>>>>>>>>> public class myinter2 implements myInter {
>>>>>>>>>
>>>>>>>>> public void open3() {
>>>>>>>>> // TODO Auto-generated method stub
>>>>>>>>> System.out.println("myinter2");
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> Any ideas? Thanks.
>>>>>>>>> Jiangfan
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Aug 18, 2008 at 9:35 AM, li xin <li-xin at jaist.ac.jp> wrote:
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I am wondering it is the issue of whether the underlying points-to analysis
>>>>>>>>>> properly handle InterfaceInvoke.
>>>>>>>>>>
>>>>>>>>>> FYI:
>>>>>>>>>> This question reminds me a related problem I ever encountered. I run
>>>>>>>>>> cg.spark (with default options on mind) on some package, but edges of
>>>>>>>>>> InterfaceInvoke are lost in the generated call graph (while CHA handles them
>>>>>>>>>> properly).
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Thanks and Best Regards, LI
>>>>>>>>>>
>>>>>>>>>> On Mon, Aug 18, 2008 at 10:45 PM, jiangfan shi <jiangfan.shi at gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I found the infoFlowAnalysis does not do dynamic bindings for the
>>>>>>>>>>> interfaceinvoke statement. Am I right?
>>>>>>>>>>>
>>>>>>>>>>> For exmaple, I have an interface Interf1, which defines a method
>>>>>>>>>>> open(). Two implementations impl1 and impl2 implement the Interf1.
>>>>>>>>>>> Then I have following simplified statements;
>>>>>>>>>>>
>>>>>>>>>>> ==============
>>>>>>>>>>> Interf1 tmp1;
>>>>>>>>>>>
>>>>>>>>>>> if(tmp1!=null){
>>>>>>>>>>> tmp1.open().
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> ==============
>>>>>>>>>>>
>>>>>>>>>>> For this piece of code, the infoFlowAnalysis does not give two
>>>>>>>>>>> possible method invocations, impl1.open() and impl2.open().
>>>>>>>>>>> Furthermore the infoFlowAnalysis does not compute flow Summary for
>>>>>>>>>>> these two methods.
>>>>>>>>>>>
>>>>>>>>>>> For the following piece of code, the infoFlowAnalysis does work
>>>>>>>>>>> because there are explicitly assignments from impl1 or impl2 to the
>>>>>>>>>>> Interf1.
>>>>>>>>>>>
>>>>>>>>>>> ==============
>>>>>>>>>>> Interf1 tmp1;
>>>>>>>>>>> if(args[0]=1){
>>>>>>>>>>> tmp1=new impl1();
>>>>>>>>>>> else
>>>>>>>>>>> tmp1=new impl2();
>>>>>>>>>>>
>>>>>>>>>>> tmp1.open().
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> ==============
>>>>>>>>>>> In this case, the infoFlowAnalysis will compute summaries for the two
>>>>>>>>>>> methods, impl1.open() and impl2.open().
>>>>>>>>>>>
>>>>>>>>>>> So my question is that if the infoFlowAnalysis handle the
>>>>>>>>>>> interfaceinvoke statement. Maybe I did not find some configurations of
>>>>>>>>>>> the infoFlowAnalsysis, or I miss some other options.
>>>>>>>>>>>
>>>>>>>>>>> Thanks you in advance!
>>>>>>>>>>>
>>>>>>>>>>> Jiangfan
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Soot-list mailing list
>>>>>>>>>>> Soot-list at sable.mcgill.ca
>>>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Soot-list mailing list
>>>>>>>>> Soot-list at sable.mcgill.ca
>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Eric Bodden
>>>>>>>> Sable Research Group
>>>>>>>> McGill University, Montréal, Canada
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Eric Bodden
>>>>>> Sable Research Group
>>>>>> McGill University, Montréal, Canada
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Eric Bodden
>>>> Sable Research Group
>>>> McGill University, Montréal, Canada
>>>>
>>>
>>
>>
>>
>> --
>> Eric Bodden
>> Sable Research Group
>> McGill University, Montréal, Canada
>>
>
--
Eric Bodden
Sable Research Group
McGill University, Montréal, Canada
More information about the Soot-list
mailing list