[Soot-list] how does infoFlowAnalysis handle interfaceinvoke ?
li xin
li-xin at jaist.ac.jp
Tue Aug 19 12:54:02 EDT 2008
Sorry, I mean
helloworld3 hw33=new helloworld3();
helloworld hw=new helloworld(hw33);
new myinter1(); //or new myinter2();
hw33.setup(null);
hw.start();
Only to test how the underlying CHA works, since the analysis seems beyond
what CHA does from your running results.
I just now tried the above test with your code snippet. It does work as I
expect, say only takes into account the instantiated type. But as Eric just
kindly reminded me, this kind of analysis is exactly what RTA does.
--
Thanks and Best Regards, LI
On Wed, Aug 20, 2008 at 1:38 AM, jiangfan shi <jiangfan.shi at gmail.com>wrote:
> > helloworld3 hw33=new helloworld3();
> > helloworld hw=new helloworld(hw33);
> > new myinter1();
> > hw33.setup();
> > hw.start();
>
> You mean
>
> helloworld3 hw33=new helloworld3();
> helloworld hw=new helloworld(hw33);
> myInter mi1=new myinter1();
> hw33.setup(mi1);
> hw.start();
>
> I just ran the call graph analysis, and there is only one edge between
> start() and myinter1.open3(). There is no edge between start() and
> myinter2.open3().
>
> Thanks, Lixin.
>
> Jiangfan
> >
> > On Wed, Aug 20, 2008 at 12:26 AM, Eric Bodden <
> eric.bodden at mail.mcgill.ca>
> > wrote:
> >>
> >> I am not sure how exactly CHA is implemented in Soot and why it does
> >> not show these edges for you, but I know for sure that it does not
> >> use points-to sets. Why would you insist on having an imprecise
> >> analysis, though, if you can get a more precise one?
> >>
> >> Eric
> >>
> >> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
> >> >> report the edge. A less precise analysis like CHA may give you
> >> >> "spurious" call edges like the one from start() to open3().
> >> >
> >> > Thanks Eric. I used the CHA as the call graph constructor in my
> >> > example, but I still did not see these edges.
> >> >
> >> > My options are the following:
> >> > -w -main-class hello.helloworld -p cg.cha on -f jimple --app
> >> > hello.helloworld
> >> >
> >> > Just curious. Maybe CHA in soot integrate the point-to analysis by
> >> > default? If so, are there some options to turn this off?
> >> >
> >> > Jiangfan
> >> >
> >> >>
> >> >> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
> >> >>> Thanks Eric for the explanation. There is one extra question.
> >> >>>
> >> >>>> uses no points-to sets. That makes it faster but much less precise
> as
> >> >>>> you can see in your example.
> >> >>>
> >> >>> Should the "less precise" mean that these edges should appear in the
> >> >>> produced call graph?
> >> >>> That is, the start() to open3() should appear in the call graph?
> >> >>>
> >> >>> Jiangfan
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>>>>>
> >> >>>>>>> In case we can not attach a file to the mail list. I put all
> >> >>>>>>> source
> >> >>>>>>> files in the following:
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>> ============cg exploration===============
> >> >>>>>>> package mytransformer;
> >> >>>>>>>
> >> >>>>>>> import soot.*;
> >> >>>>>>>
> >> >>>>>>> import java.io.BufferedWriter;
> >> >>>>>>> import java.io.FileWriter;
> >> >>>>>>> import java.util.*;
> >> >>>>>>>
> >> >>>>>>> import soot.jimple.toolkits.callgraph.*;
> >> >>>>>>>
> >> >>>>>>> public class TestMyTransformer extends SceneTransformer {
> >> >>>>>>>
> >> >>>>>>> public static void main(String[] args) {
> >> >>>>>>> if (args.length == 0)
> >> >>>>>>> System.exit(-1);
> >> >>>>>>> PackManager.v().getPack("wjtp").add(
> >> >>>>>>> new Transform("wjtp.mytransform",
> >> >>>>>>> TestMyTransformer.v()));
> >> >>>>>>> soot.Main.main(args);
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> private static TestMyTransformer instance = null;
> >> >>>>>>>
> >> >>>>>>> public static TestMyTransformer v() {
> >> >>>>>>> if (instance == null)
> >> >>>>>>> return (instance = new
> >> >>>>>>> TestMyTransformer());
> >> >>>>>>> return instance;
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> protected void internalTransform(String phaseName, Map
> >> >>>>>>> options) {
> >> >>>>>>> CallGraph cg = Scene.v().getCallGraph();
> >> >>>>>>> System.out.println("Call graph + " + cg);
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> public void writetofile(CallGraph cg) {
> >> >>>>>>> try {
> >> >>>>>>> // Create file
> >> >>>>>>> FileWriter fstream = new
> >> >>>>>>> FileWriter("out22.txt");
> >> >>>>>>> BufferedWriter out = new
> >> >>>>>>> BufferedWriter(fstream);
> >> >>>>>>> out.write(cg.toString());
> >> >>>>>>> // Close the output stream
> >> >>>>>>> out.close();
> >> >>>>>>> } catch (Exception e) {// Catch exception if any
> >> >>>>>>> System.err.println("Error: " +
> >> >>>>>>> e.getMessage());
> >> >>>>>>> }
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> =======main class helloworld ====
> >> >>>>>>> package hello;
> >> >>>>>>> public class helloworld {
> >> >>>>>>> helloworld3 tmp;
> >> >>>>>>>
> >> >>>>>>> helloworld(helloworld3 hw3){
> >> >>>>>>> tmp=hw3;
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> public void start(){
> >> >>>>>>> System.out.println("start");
> >> >>>>>>>
> >> >>>>>>> if(tmp.hw3tmp!=null)
> >> >>>>>>> tmp.hw3tmp.open3();
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> public static void main(String[] args){
> >> >>>>>>>
> >> >>>>>>> helloworld3 hw33=new helloworld3();
> >> >>>>>>> helloworld hw=new helloworld(hw33);
> >> >>>>>>> hw.start();
> >> >>>>>>> }
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> class helloworld3 {
> >> >>>>>>> myInter hw3tmp;
> >> >>>>>>>
> >> >>>>>>> helloworld3(){
> >> >>>>>>> hw3tmp=null;
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> void setup(myInter mi){
> >> >>>>>>> hw3tmp=mi;
> >> >>>>>>> }
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> =======Interface myInter ====
> >> >>>>>>> package hello;
> >> >>>>>>> public interface myInter {
> >> >>>>>>> public void open3();
> >> >>>>>>>
> >> >>>>>>> }
> >> >>>>>>> ==========One implementation impl1========
> >> >>>>>>> package hello;
> >> >>>>>>> public class myinter1 implements myInter{
> >> >>>>>>> public void open3(){
> >> >>>>>>> System.out.println("myinter1");
> >> >>>>>>>
> >> >>>>>>> }
> >> >>>>>>> }
> >> >>>>>>> ==========One implementation impl2========
> >> >>>>>>> package hello;
> >> >>>>>>> public class myinter2 implements myInter {
> >> >>>>>>>
> >> >>>>>>> public void open3() {
> >> >>>>>>> // TODO Auto-generated method stub
> >> >>>>>>> System.out.println("myinter2");
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> }
> >> >>>>>>>
> >> >>>>>>> ==============source code over===================
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>> On Tue, Aug 19, 2008 at 7:50 AM, Eric Bodden
> >> >>>>>>> <eric.bodden at mail.mcgill.ca> wrote:
> >> >>>>>>>> Hi.
> >> >>>>>>>>
> >> >>>>>>>> Which call edge exactly do you find missing from the example
> >> >>>>>>>> below? I
> >> >>>>>>>> need a concrete and complete runnable example to be able to
> >> >>>>>>>> decide if
> >> >>>>>>>> this is or is not a bug.
> >> >>>>>>>>
> >> >>>>>>>> Eric
> >> >>>>>>>>
> >> >>>>>>>> 2008/8/18 jiangfan shi <jiangfan.shi at gmail.com>:
> >> >>>>>>>>> Thanks, Li xin.
> >> >>>>>>>>>
> >> >>>>>>>>> I have tried to use spark and cha (default option) to
> construct
> >> >>>>>>>>> the
> >> >>>>>>>>> call graph. As you said, the generated call graph does not
> have
> >> >>>>>>>>> related interfaceInvoke edges. That is, there is not edge
> which
> >> >>>>>>>>> connects the main function to impl1.open() or impl2.open().
> And
> >> >>>>>>>>> even,
> >> >>>>>>>>> there is no edge between the main function and the interface
> >> >>>>>>>>> Inter1.open().
> >> >>>>>>>>>
> >> >>>>>>>>> My options are following:
> >> >>>>>>>>>
> >> >>>>>>>>> spark:
> >> >>>>>>>>>
> >> >>>>>>>>> -w -main-class helloworld -p cg.spark rta:true;on-fly-cg:true
> -f
> >> >>>>>>>>> jimple --app helloworld
> >> >>>>>>>>>
> >> >>>>>>>>> cha:
> >> >>>>>>>>>
> >> >>>>>>>>> -w -main-class helloworld -p cg.cha on -f jimple --app
> >> >>>>>>>>> helloworld
> >> >>>>>>>>>
> >> >>>>>>>>> The following is my simplifiedcode.
> >> >>>>>>>>>
> >> >>>>>>>>> =======main class helloworld ====
> >> >>>>>>>>>
> >> >>>>>>>>> public class helloworld {
> >> >>>>>>>>> helloworld3 tmp;
> >> >>>>>>>>>
> >> >>>>>>>>> helloworld(helloworld3 hw3){
> >> >>>>>>>>> tmp=hw3;
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> public void start(){
> >> >>>>>>>>> System.out.println("start");
> >> >>>>>>>>>
> >> >>>>>>>>> if(tmp.hw3tmp!=null)
> >> >>>>>>>>> tmp.hw3tmp.open3();
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> public static void main(String[] args){
> >> >>>>>>>>>
> >> >>>>>>>>> helloworld3 hw33=new helloworld3();
> >> >>>>>>>>> helloworld hw=new helloworld(hw33);
> >> >>>>>>>>> hw.start();
> >> >>>>>>>>> }
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> =============Another Class helloworld3============
> >> >>>>>>>>> class helloworld3 {
> >> >>>>>>>>> myInter hw3tmp;
> >> >>>>>>>>>
> >> >>>>>>>>> helloworld3(){
> >> >>>>>>>>> hw3tmp=null;
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> void setup(myInter mi){
> >> >>>>>>>>> hw3tmp=mi;
> >> >>>>>>>>> }
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> =======Interface myInter ====
> >> >>>>>>>>> public interface myInter {
> >> >>>>>>>>> public void open3();
> >> >>>>>>>>>
> >> >>>>>>>>> }
> >> >>>>>>>>> ==========One implementation impl1========
> >> >>>>>>>>>
> >> >>>>>>>>> public class myinter1 implements myInter{
> >> >>>>>>>>> public void open3(){
> >> >>>>>>>>> System.out.println("myinter1");
> >> >>>>>>>>>
> >> >>>>>>>>> }
> >> >>>>>>>>> }
> >> >>>>>>>>> ==========One implementation impl2========
> >> >>>>>>>>>
> >> >>>>>>>>> public class myinter2 implements myInter {
> >> >>>>>>>>>
> >> >>>>>>>>> public void open3() {
> >> >>>>>>>>> // TODO Auto-generated method stub
> >> >>>>>>>>> System.out.println("myinter2");
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> }
> >> >>>>>>>>>
> >> >>>>>>>>> Any ideas? Thanks.
> >> >>>>>>>>> Jiangfan
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>> On Mon, Aug 18, 2008 at 9:35 AM, li xin <li-xin at jaist.ac.jp>
> >> >>>>>>>>> wrote:
> >> >>>>>>>>>> Hello,
> >> >>>>>>>>>>
> >> >>>>>>>>>> I am wondering it is the issue of whether the underlying
> >> >>>>>>>>>> points-to analysis
> >> >>>>>>>>>> properly handle InterfaceInvoke.
> >> >>>>>>>>>>
> >> >>>>>>>>>> FYI:
> >> >>>>>>>>>> This question reminds me a related problem I ever
> encountered.
> >> >>>>>>>>>> I run
> >> >>>>>>>>>> cg.spark (with default options on mind) on some package, but
> >> >>>>>>>>>> edges of
> >> >>>>>>>>>> InterfaceInvoke are lost in the generated call graph (while
> CHA
> >> >>>>>>>>>> handles them
> >> >>>>>>>>>> properly).
> >> >>>>>>>>>>
> >> >>>>>>>>>>
> >> >>>>>>>>>> --
> >> >>>>>>>>>> Thanks and Best Regards, LI
> >> >>>>>>>>>>
> >> >>>>>>>>>> On Mon, Aug 18, 2008 at 10:45 PM, jiangfan shi
> >> >>>>>>>>>> <jiangfan.shi at gmail.com>
> >> >>>>>>>>>> wrote:
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> Hi,
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> I found the infoFlowAnalysis does not do dynamic bindings
> for
> >> >>>>>>>>>>> the
> >> >>>>>>>>>>> interfaceinvoke statement. Am I right?
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> For exmaple, I have an interface Interf1, which defines a
> >> >>>>>>>>>>> method
> >> >>>>>>>>>>> open(). Two implementations impl1 and impl2 implement the
> >> >>>>>>>>>>> Interf1.
> >> >>>>>>>>>>> Then I have following simplified statements;
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> ==============
> >> >>>>>>>>>>> Interf1 tmp1;
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> if(tmp1!=null){
> >> >>>>>>>>>>> tmp1.open().
> >> >>>>>>>>>>> }
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> ==============
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> For this piece of code, the infoFlowAnalysis does not give
> two
> >> >>>>>>>>>>> possible method invocations, impl1.open() and impl2.open().
> >> >>>>>>>>>>> Furthermore the infoFlowAnalysis does not compute flow
> Summary
> >> >>>>>>>>>>> for
> >> >>>>>>>>>>> these two methods.
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> For the following piece of code, the infoFlowAnalysis does
> >> >>>>>>>>>>> work
> >> >>>>>>>>>>> because there are explicitly assignments from impl1 or impl2
> >> >>>>>>>>>>> to the
> >> >>>>>>>>>>> Interf1.
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> ==============
> >> >>>>>>>>>>> Interf1 tmp1;
> >> >>>>>>>>>>> if(args[0]=1){
> >> >>>>>>>>>>> tmp1=new impl1();
> >> >>>>>>>>>>> else
> >> >>>>>>>>>>> tmp1=new impl2();
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> tmp1.open().
> >> >>>>>>>>>>> }
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> ==============
> >> >>>>>>>>>>> In this case, the infoFlowAnalysis will compute summaries
> for
> >> >>>>>>>>>>> the two
> >> >>>>>>>>>>> methods, impl1.open() and impl2.open().
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> So my question is that if the infoFlowAnalysis handle the
> >> >>>>>>>>>>> interfaceinvoke statement. Maybe I did not find some
> >> >>>>>>>>>>> configurations of
> >> >>>>>>>>>>> the infoFlowAnalsysis, or I miss some other options.
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> Thanks you in advance!
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> Jiangfan
> >> >>>>>>>>>>> _______________________________________________
> >> >>>>>>>>>>> Soot-list mailing list
> >> >>>>>>>>>>> Soot-list at sable.mcgill.ca
> >> >>>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> >> >>>>>>>>>>
> >> >>>>>>>>>>
> >> >>>>>>>>>>
> >> >>>>>>>>> _______________________________________________
> >> >>>>>>>>> Soot-list mailing list
> >> >>>>>>>>> Soot-list at sable.mcgill.ca
> >> >>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
> >> >>>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>> --
> >> >>>>>>>> Eric Bodden
> >> >>>>>>>> Sable Research Group
> >> >>>>>>>> McGill University, Montréal, Canada
> >> >>>>>>>>
> >> >>>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> --
> >> >>>>>> Eric Bodden
> >> >>>>>> Sable Research Group
> >> >>>>>> McGill University, Montréal, Canada
> >> >>>>>>
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> --
> >> >>>> Eric Bodden
> >> >>>> Sable Research Group
> >> >>>> McGill University, Montréal, Canada
> >> >>>>
> >> >>>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Eric Bodden
> >> >> Sable Research Group
> >> >> McGill University, Montréal, Canada
> >> >>
> >> >
> >>
> >>
> >>
> >> --
> >> Eric Bodden
> >> Sable Research Group
> >> McGill University, Montréal, Canada
> >
> >
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20080820/128fcaee/attachment-0001.htm
More information about the Soot-list
mailing list