[Soot-list] how does infoFlowAnalysis handle interfaceinvoke ?
jiangfan shi
jiangfan.shi at gmail.com
Tue Aug 19 12:38:59 EDT 2008
> helloworld3 hw33=new helloworld3();
> helloworld hw=new helloworld(hw33);
> new myinter1();
> hw33.setup();
> hw.start();
You mean
helloworld3 hw33=new helloworld3();
helloworld hw=new helloworld(hw33);
myInter mi1=new myinter1();
hw33.setup(mi1);
hw.start();
I just ran the call graph analysis, and there is only one edge between
start() and myinter1.open3(). There is no edge between start() and
myinter2.open3().
Thanks, Lixin.
Jiangfan
>
> On Wed, Aug 20, 2008 at 12:26 AM, Eric Bodden <eric.bodden at mail.mcgill.ca>
> wrote:
>>
>> I am not sure how exactly CHA is implemented in Soot and why it does
>> not show these edges for you, but I know for sure that it does not
>> use points-to sets. Why would you insist on having an imprecise
>> analysis, though, if you can get a more precise one?
>>
>> Eric
>>
>> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>> >> report the edge. A less precise analysis like CHA may give you
>> >> "spurious" call edges like the one from start() to open3().
>> >
>> > Thanks Eric. I used the CHA as the call graph constructor in my
>> > example, but I still did not see these edges.
>> >
>> > My options are the following:
>> > -w -main-class hello.helloworld -p cg.cha on -f jimple --app
>> > hello.helloworld
>> >
>> > Just curious. Maybe CHA in soot integrate the point-to analysis by
>> > default? If so, are there some options to turn this off?
>> >
>> > Jiangfan
>> >
>> >>
>> >> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>> >>> Thanks Eric for the explanation. There is one extra question.
>> >>>
>> >>>> uses no points-to sets. That makes it faster but much less precise as
>> >>>> you can see in your example.
>> >>>
>> >>> Should the "less precise" mean that these edges should appear in the
>> >>> produced call graph?
>> >>> That is, the start() to open3() should appear in the call graph?
>> >>>
>> >>> Jiangfan
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>>>>>
>> >>>>>>> In case we can not attach a file to the mail list. I put all
>> >>>>>>> source
>> >>>>>>> files in the following:
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> ============cg exploration===============
>> >>>>>>> package mytransformer;
>> >>>>>>>
>> >>>>>>> import soot.*;
>> >>>>>>>
>> >>>>>>> import java.io.BufferedWriter;
>> >>>>>>> import java.io.FileWriter;
>> >>>>>>> import java.util.*;
>> >>>>>>>
>> >>>>>>> import soot.jimple.toolkits.callgraph.*;
>> >>>>>>>
>> >>>>>>> public class TestMyTransformer extends SceneTransformer {
>> >>>>>>>
>> >>>>>>> public static void main(String[] args) {
>> >>>>>>> if (args.length == 0)
>> >>>>>>> System.exit(-1);
>> >>>>>>> PackManager.v().getPack("wjtp").add(
>> >>>>>>> new Transform("wjtp.mytransform",
>> >>>>>>> TestMyTransformer.v()));
>> >>>>>>> soot.Main.main(args);
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> private static TestMyTransformer instance = null;
>> >>>>>>>
>> >>>>>>> public static TestMyTransformer v() {
>> >>>>>>> if (instance == null)
>> >>>>>>> return (instance = new
>> >>>>>>> TestMyTransformer());
>> >>>>>>> return instance;
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> protected void internalTransform(String phaseName, Map
>> >>>>>>> options) {
>> >>>>>>> CallGraph cg = Scene.v().getCallGraph();
>> >>>>>>> System.out.println("Call graph + " + cg);
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> public void writetofile(CallGraph cg) {
>> >>>>>>> try {
>> >>>>>>> // Create file
>> >>>>>>> FileWriter fstream = new
>> >>>>>>> FileWriter("out22.txt");
>> >>>>>>> BufferedWriter out = new
>> >>>>>>> BufferedWriter(fstream);
>> >>>>>>> out.write(cg.toString());
>> >>>>>>> // Close the output stream
>> >>>>>>> out.close();
>> >>>>>>> } catch (Exception e) {// Catch exception if any
>> >>>>>>> System.err.println("Error: " +
>> >>>>>>> e.getMessage());
>> >>>>>>> }
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> =======main class helloworld ====
>> >>>>>>> package hello;
>> >>>>>>> public class helloworld {
>> >>>>>>> helloworld3 tmp;
>> >>>>>>>
>> >>>>>>> helloworld(helloworld3 hw3){
>> >>>>>>> tmp=hw3;
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> public void start(){
>> >>>>>>> System.out.println("start");
>> >>>>>>>
>> >>>>>>> if(tmp.hw3tmp!=null)
>> >>>>>>> tmp.hw3tmp.open3();
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> public static void main(String[] args){
>> >>>>>>>
>> >>>>>>> helloworld3 hw33=new helloworld3();
>> >>>>>>> helloworld hw=new helloworld(hw33);
>> >>>>>>> hw.start();
>> >>>>>>> }
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> class helloworld3 {
>> >>>>>>> myInter hw3tmp;
>> >>>>>>>
>> >>>>>>> helloworld3(){
>> >>>>>>> hw3tmp=null;
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> void setup(myInter mi){
>> >>>>>>> hw3tmp=mi;
>> >>>>>>> }
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> =======Interface myInter ====
>> >>>>>>> package hello;
>> >>>>>>> public interface myInter {
>> >>>>>>> public void open3();
>> >>>>>>>
>> >>>>>>> }
>> >>>>>>> ==========One implementation impl1========
>> >>>>>>> package hello;
>> >>>>>>> public class myinter1 implements myInter{
>> >>>>>>> public void open3(){
>> >>>>>>> System.out.println("myinter1");
>> >>>>>>>
>> >>>>>>> }
>> >>>>>>> }
>> >>>>>>> ==========One implementation impl2========
>> >>>>>>> package hello;
>> >>>>>>> public class myinter2 implements myInter {
>> >>>>>>>
>> >>>>>>> public void open3() {
>> >>>>>>> // TODO Auto-generated method stub
>> >>>>>>> System.out.println("myinter2");
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> }
>> >>>>>>>
>> >>>>>>> ==============source code over===================
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> On Tue, Aug 19, 2008 at 7:50 AM, Eric Bodden
>> >>>>>>> <eric.bodden at mail.mcgill.ca> wrote:
>> >>>>>>>> Hi.
>> >>>>>>>>
>> >>>>>>>> Which call edge exactly do you find missing from the example
>> >>>>>>>> below? I
>> >>>>>>>> need a concrete and complete runnable example to be able to
>> >>>>>>>> decide if
>> >>>>>>>> this is or is not a bug.
>> >>>>>>>>
>> >>>>>>>> Eric
>> >>>>>>>>
>> >>>>>>>> 2008/8/18 jiangfan shi <jiangfan.shi at gmail.com>:
>> >>>>>>>>> Thanks, Li xin.
>> >>>>>>>>>
>> >>>>>>>>> I have tried to use spark and cha (default option) to construct
>> >>>>>>>>> the
>> >>>>>>>>> call graph. As you said, the generated call graph does not have
>> >>>>>>>>> related interfaceInvoke edges. That is, there is not edge which
>> >>>>>>>>> connects the main function to impl1.open() or impl2.open(). And
>> >>>>>>>>> even,
>> >>>>>>>>> there is no edge between the main function and the interface
>> >>>>>>>>> Inter1.open().
>> >>>>>>>>>
>> >>>>>>>>> My options are following:
>> >>>>>>>>>
>> >>>>>>>>> spark:
>> >>>>>>>>>
>> >>>>>>>>> -w -main-class helloworld -p cg.spark rta:true;on-fly-cg:true -f
>> >>>>>>>>> jimple --app helloworld
>> >>>>>>>>>
>> >>>>>>>>> cha:
>> >>>>>>>>>
>> >>>>>>>>> -w -main-class helloworld -p cg.cha on -f jimple --app
>> >>>>>>>>> helloworld
>> >>>>>>>>>
>> >>>>>>>>> The following is my simplifiedcode.
>> >>>>>>>>>
>> >>>>>>>>> =======main class helloworld ====
>> >>>>>>>>>
>> >>>>>>>>> public class helloworld {
>> >>>>>>>>> helloworld3 tmp;
>> >>>>>>>>>
>> >>>>>>>>> helloworld(helloworld3 hw3){
>> >>>>>>>>> tmp=hw3;
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> public void start(){
>> >>>>>>>>> System.out.println("start");
>> >>>>>>>>>
>> >>>>>>>>> if(tmp.hw3tmp!=null)
>> >>>>>>>>> tmp.hw3tmp.open3();
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> public static void main(String[] args){
>> >>>>>>>>>
>> >>>>>>>>> helloworld3 hw33=new helloworld3();
>> >>>>>>>>> helloworld hw=new helloworld(hw33);
>> >>>>>>>>> hw.start();
>> >>>>>>>>> }
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> =============Another Class helloworld3============
>> >>>>>>>>> class helloworld3 {
>> >>>>>>>>> myInter hw3tmp;
>> >>>>>>>>>
>> >>>>>>>>> helloworld3(){
>> >>>>>>>>> hw3tmp=null;
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> void setup(myInter mi){
>> >>>>>>>>> hw3tmp=mi;
>> >>>>>>>>> }
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> =======Interface myInter ====
>> >>>>>>>>> public interface myInter {
>> >>>>>>>>> public void open3();
>> >>>>>>>>>
>> >>>>>>>>> }
>> >>>>>>>>> ==========One implementation impl1========
>> >>>>>>>>>
>> >>>>>>>>> public class myinter1 implements myInter{
>> >>>>>>>>> public void open3(){
>> >>>>>>>>> System.out.println("myinter1");
>> >>>>>>>>>
>> >>>>>>>>> }
>> >>>>>>>>> }
>> >>>>>>>>> ==========One implementation impl2========
>> >>>>>>>>>
>> >>>>>>>>> public class myinter2 implements myInter {
>> >>>>>>>>>
>> >>>>>>>>> public void open3() {
>> >>>>>>>>> // TODO Auto-generated method stub
>> >>>>>>>>> System.out.println("myinter2");
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> }
>> >>>>>>>>>
>> >>>>>>>>> Any ideas? Thanks.
>> >>>>>>>>> Jiangfan
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> On Mon, Aug 18, 2008 at 9:35 AM, li xin <li-xin at jaist.ac.jp>
>> >>>>>>>>> wrote:
>> >>>>>>>>>> Hello,
>> >>>>>>>>>>
>> >>>>>>>>>> I am wondering it is the issue of whether the underlying
>> >>>>>>>>>> points-to analysis
>> >>>>>>>>>> properly handle InterfaceInvoke.
>> >>>>>>>>>>
>> >>>>>>>>>> FYI:
>> >>>>>>>>>> This question reminds me a related problem I ever encountered.
>> >>>>>>>>>> I run
>> >>>>>>>>>> cg.spark (with default options on mind) on some package, but
>> >>>>>>>>>> edges of
>> >>>>>>>>>> InterfaceInvoke are lost in the generated call graph (while CHA
>> >>>>>>>>>> handles them
>> >>>>>>>>>> properly).
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> --
>> >>>>>>>>>> Thanks and Best Regards, LI
>> >>>>>>>>>>
>> >>>>>>>>>> On Mon, Aug 18, 2008 at 10:45 PM, jiangfan shi
>> >>>>>>>>>> <jiangfan.shi at gmail.com>
>> >>>>>>>>>> wrote:
>> >>>>>>>>>>>
>> >>>>>>>>>>> Hi,
>> >>>>>>>>>>>
>> >>>>>>>>>>> I found the infoFlowAnalysis does not do dynamic bindings for
>> >>>>>>>>>>> the
>> >>>>>>>>>>> interfaceinvoke statement. Am I right?
>> >>>>>>>>>>>
>> >>>>>>>>>>> For exmaple, I have an interface Interf1, which defines a
>> >>>>>>>>>>> method
>> >>>>>>>>>>> open(). Two implementations impl1 and impl2 implement the
>> >>>>>>>>>>> Interf1.
>> >>>>>>>>>>> Then I have following simplified statements;
>> >>>>>>>>>>>
>> >>>>>>>>>>> ==============
>> >>>>>>>>>>> Interf1 tmp1;
>> >>>>>>>>>>>
>> >>>>>>>>>>> if(tmp1!=null){
>> >>>>>>>>>>> tmp1.open().
>> >>>>>>>>>>> }
>> >>>>>>>>>>>
>> >>>>>>>>>>> ==============
>> >>>>>>>>>>>
>> >>>>>>>>>>> For this piece of code, the infoFlowAnalysis does not give two
>> >>>>>>>>>>> possible method invocations, impl1.open() and impl2.open().
>> >>>>>>>>>>> Furthermore the infoFlowAnalysis does not compute flow Summary
>> >>>>>>>>>>> for
>> >>>>>>>>>>> these two methods.
>> >>>>>>>>>>>
>> >>>>>>>>>>> For the following piece of code, the infoFlowAnalysis does
>> >>>>>>>>>>> work
>> >>>>>>>>>>> because there are explicitly assignments from impl1 or impl2
>> >>>>>>>>>>> to the
>> >>>>>>>>>>> Interf1.
>> >>>>>>>>>>>
>> >>>>>>>>>>> ==============
>> >>>>>>>>>>> Interf1 tmp1;
>> >>>>>>>>>>> if(args[0]=1){
>> >>>>>>>>>>> tmp1=new impl1();
>> >>>>>>>>>>> else
>> >>>>>>>>>>> tmp1=new impl2();
>> >>>>>>>>>>>
>> >>>>>>>>>>> tmp1.open().
>> >>>>>>>>>>> }
>> >>>>>>>>>>>
>> >>>>>>>>>>> ==============
>> >>>>>>>>>>> In this case, the infoFlowAnalysis will compute summaries for
>> >>>>>>>>>>> the two
>> >>>>>>>>>>> methods, impl1.open() and impl2.open().
>> >>>>>>>>>>>
>> >>>>>>>>>>> So my question is that if the infoFlowAnalysis handle the
>> >>>>>>>>>>> interfaceinvoke statement. Maybe I did not find some
>> >>>>>>>>>>> configurations of
>> >>>>>>>>>>> the infoFlowAnalsysis, or I miss some other options.
>> >>>>>>>>>>>
>> >>>>>>>>>>> Thanks you in advance!
>> >>>>>>>>>>>
>> >>>>>>>>>>> Jiangfan
>> >>>>>>>>>>> _______________________________________________
>> >>>>>>>>>>> Soot-list mailing list
>> >>>>>>>>>>> Soot-list at sable.mcgill.ca
>> >>>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>> _______________________________________________
>> >>>>>>>>> Soot-list mailing list
>> >>>>>>>>> Soot-list at sable.mcgill.ca
>> >>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> --
>> >>>>>>>> Eric Bodden
>> >>>>>>>> Sable Research Group
>> >>>>>>>> McGill University, Montréal, Canada
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> Eric Bodden
>> >>>>>> Sable Research Group
>> >>>>>> McGill University, Montréal, Canada
>> >>>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> Eric Bodden
>> >>>> Sable Research Group
>> >>>> McGill University, Montréal, Canada
>> >>>>
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Eric Bodden
>> >> Sable Research Group
>> >> McGill University, Montréal, Canada
>> >>
>> >
>>
>>
>>
>> --
>> Eric Bodden
>> Sable Research Group
>> McGill University, Montréal, Canada
>
>
>
>
>
More information about the Soot-list
mailing list