[Soot-list] how does infoFlowAnalysis handle interfaceinvoke ?
li xin
li-xin at jaist.ac.jp
Tue Aug 19 12:17:57 EDT 2008
Hi,
Though CHA does not use points-to sets, I suppose the following occasion can
be possible if CHA only takes into account subtype of the declared type of
the method receiver which have instantiated instances in the program.
please try
helloworld3 hw33=new helloworld3();
helloworld hw=new helloworld(hw33);
new myinter1();
hw33.setup();
hw.start();
I suppose the interfaceInvoke edges will appear in the call graph generated
by CHA
--
Thanks and Best Regards, LI
On Wed, Aug 20, 2008 at 12:26 AM, Eric Bodden <eric.bodden at mail.mcgill.ca>wrote:
> I am not sure how exactly CHA is implemented in Soot and why it does
> not show these edges for you, but I know for sure that it does not
> use points-to sets. Why would you insist on having an imprecise
> analysis, though, if you can get a more precise one?
>
> Eric
>
> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
> >> report the edge. A less precise analysis like CHA may give you
> >> "spurious" call edges like the one from start() to open3().
> >
> > Thanks Eric. I used the CHA as the call graph constructor in my
> > example, but I still did not see these edges.
> >
> > My options are the following:
> > -w -main-class hello.helloworld -p cg.cha on -f jimple --app
> hello.helloworld
> >
> > Just curious. Maybe CHA in soot integrate the point-to analysis by
> > default? If so, are there some options to turn this off?
> >
> > Jiangfan
> >
> >>
> >> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
> >>> Thanks Eric for the explanation. There is one extra question.
> >>>
> >>>> uses no points-to sets. That makes it faster but much less precise as
> >>>> you can see in your example.
> >>>
> >>> Should the "less precise" mean that these edges should appear in the
> >>> produced call graph?
> >>> That is, the start() to open3() should appear in the call graph?
> >>>
> >>> Jiangfan
> >>>
> >>>
> >>>
> >>>
> >>>>>>>
> >>>>>>> In case we can not attach a file to the mail list. I put all source
> >>>>>>> files in the following:
> >>>>>>>
> >>>>>>>
> >>>>>>> ============cg exploration===============
> >>>>>>> package mytransformer;
> >>>>>>>
> >>>>>>> import soot.*;
> >>>>>>>
> >>>>>>> import java.io.BufferedWriter;
> >>>>>>> import java.io.FileWriter;
> >>>>>>> import java.util.*;
> >>>>>>>
> >>>>>>> import soot.jimple.toolkits.callgraph.*;
> >>>>>>>
> >>>>>>> public class TestMyTransformer extends SceneTransformer {
> >>>>>>>
> >>>>>>> public static void main(String[] args) {
> >>>>>>> if (args.length == 0)
> >>>>>>> System.exit(-1);
> >>>>>>> PackManager.v().getPack("wjtp").add(
> >>>>>>> new Transform("wjtp.mytransform",
> TestMyTransformer.v()));
> >>>>>>> soot.Main.main(args);
> >>>>>>> }
> >>>>>>>
> >>>>>>> private static TestMyTransformer instance = null;
> >>>>>>>
> >>>>>>> public static TestMyTransformer v() {
> >>>>>>> if (instance == null)
> >>>>>>> return (instance = new TestMyTransformer());
> >>>>>>> return instance;
> >>>>>>> }
> >>>>>>>
> >>>>>>> protected void internalTransform(String phaseName, Map
> options) {
> >>>>>>> CallGraph cg = Scene.v().getCallGraph();
> >>>>>>> System.out.println("Call graph + " + cg);
> >>>>>>> }
> >>>>>>>
> >>>>>>> public void writetofile(CallGraph cg) {
> >>>>>>> try {
> >>>>>>> // Create file
> >>>>>>> FileWriter fstream = new
> FileWriter("out22.txt");
> >>>>>>> BufferedWriter out = new
> BufferedWriter(fstream);
> >>>>>>> out.write(cg.toString());
> >>>>>>> // Close the output stream
> >>>>>>> out.close();
> >>>>>>> } catch (Exception e) {// Catch exception if any
> >>>>>>> System.err.println("Error: " +
> e.getMessage());
> >>>>>>> }
> >>>>>>> }
> >>>>>>>
> >>>>>>> }
> >>>>>>>
> >>>>>>> =======main class helloworld ====
> >>>>>>> package hello;
> >>>>>>> public class helloworld {
> >>>>>>> helloworld3 tmp;
> >>>>>>>
> >>>>>>> helloworld(helloworld3 hw3){
> >>>>>>> tmp=hw3;
> >>>>>>> }
> >>>>>>>
> >>>>>>> public void start(){
> >>>>>>> System.out.println("start");
> >>>>>>>
> >>>>>>> if(tmp.hw3tmp!=null)
> >>>>>>> tmp.hw3tmp.open3();
> >>>>>>> }
> >>>>>>>
> >>>>>>> public static void main(String[] args){
> >>>>>>>
> >>>>>>> helloworld3 hw33=new helloworld3();
> >>>>>>> helloworld hw=new helloworld(hw33);
> >>>>>>> hw.start();
> >>>>>>> }
> >>>>>>> }
> >>>>>>>
> >>>>>>> class helloworld3 {
> >>>>>>> myInter hw3tmp;
> >>>>>>>
> >>>>>>> helloworld3(){
> >>>>>>> hw3tmp=null;
> >>>>>>> }
> >>>>>>>
> >>>>>>> void setup(myInter mi){
> >>>>>>> hw3tmp=mi;
> >>>>>>> }
> >>>>>>> }
> >>>>>>>
> >>>>>>> =======Interface myInter ====
> >>>>>>> package hello;
> >>>>>>> public interface myInter {
> >>>>>>> public void open3();
> >>>>>>>
> >>>>>>> }
> >>>>>>> ==========One implementation impl1========
> >>>>>>> package hello;
> >>>>>>> public class myinter1 implements myInter{
> >>>>>>> public void open3(){
> >>>>>>> System.out.println("myinter1");
> >>>>>>>
> >>>>>>> }
> >>>>>>> }
> >>>>>>> ==========One implementation impl2========
> >>>>>>> package hello;
> >>>>>>> public class myinter2 implements myInter {
> >>>>>>>
> >>>>>>> public void open3() {
> >>>>>>> // TODO Auto-generated method stub
> >>>>>>> System.out.println("myinter2");
> >>>>>>> }
> >>>>>>>
> >>>>>>> }
> >>>>>>>
> >>>>>>> ==============source code over===================
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On Tue, Aug 19, 2008 at 7:50 AM, Eric Bodden <
> eric.bodden at mail.mcgill.ca> wrote:
> >>>>>>>> Hi.
> >>>>>>>>
> >>>>>>>> Which call edge exactly do you find missing from the example
> below? I
> >>>>>>>> need a concrete and complete runnable example to be able to decide
> if
> >>>>>>>> this is or is not a bug.
> >>>>>>>>
> >>>>>>>> Eric
> >>>>>>>>
> >>>>>>>> 2008/8/18 jiangfan shi <jiangfan.shi at gmail.com>:
> >>>>>>>>> Thanks, Li xin.
> >>>>>>>>>
> >>>>>>>>> I have tried to use spark and cha (default option) to construct
> the
> >>>>>>>>> call graph. As you said, the generated call graph does not have
> >>>>>>>>> related interfaceInvoke edges. That is, there is not edge which
> >>>>>>>>> connects the main function to impl1.open() or impl2.open(). And
> even,
> >>>>>>>>> there is no edge between the main function and the interface
> >>>>>>>>> Inter1.open().
> >>>>>>>>>
> >>>>>>>>> My options are following:
> >>>>>>>>>
> >>>>>>>>> spark:
> >>>>>>>>>
> >>>>>>>>> -w -main-class helloworld -p cg.spark rta:true;on-fly-cg:true -f
> >>>>>>>>> jimple --app helloworld
> >>>>>>>>>
> >>>>>>>>> cha:
> >>>>>>>>>
> >>>>>>>>> -w -main-class helloworld -p cg.cha on -f jimple --app helloworld
> >>>>>>>>>
> >>>>>>>>> The following is my simplifiedcode.
> >>>>>>>>>
> >>>>>>>>> =======main class helloworld ====
> >>>>>>>>>
> >>>>>>>>> public class helloworld {
> >>>>>>>>> helloworld3 tmp;
> >>>>>>>>>
> >>>>>>>>> helloworld(helloworld3 hw3){
> >>>>>>>>> tmp=hw3;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> public void start(){
> >>>>>>>>> System.out.println("start");
> >>>>>>>>>
> >>>>>>>>> if(tmp.hw3tmp!=null)
> >>>>>>>>> tmp.hw3tmp.open3();
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> public static void main(String[] args){
> >>>>>>>>>
> >>>>>>>>> helloworld3 hw33=new helloworld3();
> >>>>>>>>> helloworld hw=new helloworld(hw33);
> >>>>>>>>> hw.start();
> >>>>>>>>> }
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> =============Another Class helloworld3============
> >>>>>>>>> class helloworld3 {
> >>>>>>>>> myInter hw3tmp;
> >>>>>>>>>
> >>>>>>>>> helloworld3(){
> >>>>>>>>> hw3tmp=null;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> void setup(myInter mi){
> >>>>>>>>> hw3tmp=mi;
> >>>>>>>>> }
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> =======Interface myInter ====
> >>>>>>>>> public interface myInter {
> >>>>>>>>> public void open3();
> >>>>>>>>>
> >>>>>>>>> }
> >>>>>>>>> ==========One implementation impl1========
> >>>>>>>>>
> >>>>>>>>> public class myinter1 implements myInter{
> >>>>>>>>> public void open3(){
> >>>>>>>>> System.out.println("myinter1");
> >>>>>>>>>
> >>>>>>>>> }
> >>>>>>>>> }
> >>>>>>>>> ==========One implementation impl2========
> >>>>>>>>>
> >>>>>>>>> public class myinter2 implements myInter {
> >>>>>>>>>
> >>>>>>>>> public void open3() {
> >>>>>>>>> // TODO Auto-generated method stub
> >>>>>>>>> System.out.println("myinter2");
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> Any ideas? Thanks.
> >>>>>>>>> Jiangfan
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On Mon, Aug 18, 2008 at 9:35 AM, li xin <li-xin at jaist.ac.jp>
> wrote:
> >>>>>>>>>> Hello,
> >>>>>>>>>>
> >>>>>>>>>> I am wondering it is the issue of whether the underlying
> points-to analysis
> >>>>>>>>>> properly handle InterfaceInvoke.
> >>>>>>>>>>
> >>>>>>>>>> FYI:
> >>>>>>>>>> This question reminds me a related problem I ever encountered. I
> run
> >>>>>>>>>> cg.spark (with default options on mind) on some package, but
> edges of
> >>>>>>>>>> InterfaceInvoke are lost in the generated call graph (while CHA
> handles them
> >>>>>>>>>> properly).
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Thanks and Best Regards, LI
> >>>>>>>>>>
> >>>>>>>>>> On Mon, Aug 18, 2008 at 10:45 PM, jiangfan shi <
> jiangfan.shi at gmail.com>
> >>>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> Hi,
> >>>>>>>>>>>
> >>>>>>>>>>> I found the infoFlowAnalysis does not do dynamic bindings for
> the
> >>>>>>>>>>> interfaceinvoke statement. Am I right?
> >>>>>>>>>>>
> >>>>>>>>>>> For exmaple, I have an interface Interf1, which defines a
> method
> >>>>>>>>>>> open(). Two implementations impl1 and impl2 implement the
> Interf1.
> >>>>>>>>>>> Then I have following simplified statements;
> >>>>>>>>>>>
> >>>>>>>>>>> ==============
> >>>>>>>>>>> Interf1 tmp1;
> >>>>>>>>>>>
> >>>>>>>>>>> if(tmp1!=null){
> >>>>>>>>>>> tmp1.open().
> >>>>>>>>>>> }
> >>>>>>>>>>>
> >>>>>>>>>>> ==============
> >>>>>>>>>>>
> >>>>>>>>>>> For this piece of code, the infoFlowAnalysis does not give two
> >>>>>>>>>>> possible method invocations, impl1.open() and impl2.open().
> >>>>>>>>>>> Furthermore the infoFlowAnalysis does not compute flow Summary
> for
> >>>>>>>>>>> these two methods.
> >>>>>>>>>>>
> >>>>>>>>>>> For the following piece of code, the infoFlowAnalysis does work
> >>>>>>>>>>> because there are explicitly assignments from impl1 or impl2 to
> the
> >>>>>>>>>>> Interf1.
> >>>>>>>>>>>
> >>>>>>>>>>> ==============
> >>>>>>>>>>> Interf1 tmp1;
> >>>>>>>>>>> if(args[0]=1){
> >>>>>>>>>>> tmp1=new impl1();
> >>>>>>>>>>> else
> >>>>>>>>>>> tmp1=new impl2();
> >>>>>>>>>>>
> >>>>>>>>>>> tmp1.open().
> >>>>>>>>>>> }
> >>>>>>>>>>>
> >>>>>>>>>>> ==============
> >>>>>>>>>>> In this case, the infoFlowAnalysis will compute summaries for
> the two
> >>>>>>>>>>> methods, impl1.open() and impl2.open().
> >>>>>>>>>>>
> >>>>>>>>>>> So my question is that if the infoFlowAnalysis handle the
> >>>>>>>>>>> interfaceinvoke statement. Maybe I did not find some
> configurations of
> >>>>>>>>>>> the infoFlowAnalsysis, or I miss some other options.
> >>>>>>>>>>>
> >>>>>>>>>>> Thanks you in advance!
> >>>>>>>>>>>
> >>>>>>>>>>> Jiangfan
> >>>>>>>>>>> _______________________________________________
> >>>>>>>>>>> Soot-list mailing list
> >>>>>>>>>>> Soot-list at sable.mcgill.ca
> >>>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>> _______________________________________________
> >>>>>>>>> Soot-list mailing list
> >>>>>>>>> Soot-list at sable.mcgill.ca
> >>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Eric Bodden
> >>>>>>>> Sable Research Group
> >>>>>>>> McGill University, Montréal, Canada
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Eric Bodden
> >>>>>> Sable Research Group
> >>>>>> McGill University, Montréal, Canada
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Eric Bodden
> >>>> Sable Research Group
> >>>> McGill University, Montréal, Canada
> >>>>
> >>>
> >>
> >>
> >>
> >> --
> >> Eric Bodden
> >> Sable Research Group
> >> McGill University, Montréal, Canada
> >>
> >
>
>
>
> --
> Eric Bodden
> Sable Research Group
> McGill University, Montréal, Canada
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20080820/dc595294/attachment-0001.htm
More information about the Soot-list
mailing list