[Soot-list] how does infoFlowAnalysis handle interfaceinvoke ?
jiangfan shi
jiangfan.shi at gmail.com
Tue Aug 19 13:25:00 EDT 2008
Thanks for your pattern. This gives me another way to add these edges
into the call graph by using CHA.
I did three small experiments as following:
1. I use CHA option
-w -main-class hello.helloworld -p cg.cha on -f jimple --app hello.helloworld
The core source code is the following:
helloworld3 hw33=new helloworld3();
helloworld hw=new helloworld(hw33);
new myinter1();
hw33.setup(null);
hw.start();
>From the main() method, the reachable methods include only the open3()
from myinter1.
2. I use CHA option
-w -main-class hello.helloworld -p cg.cha on -f jimple --app hello.helloworld
The core source code is the following:
helloworld3 hw33=new helloworld3();
helloworld hw=new helloworld(hw33);
new myinter1();
new myinter2(); // one more instantiations
hw33.setup(null);
hw.start();
>From the main() method, the reachable methods include the open3() from
myinter1 and the open3() from myinter2.
3. I use spark rta options as
-w -main-class hello.helloworld -p cg.spark rta:true -f jimple --app
hello.helloworld
The core source code is the following:
helloworld3 hw33=new helloworld3();
helloworld hw=new helloworld(hw33);
new myinter1();
hw33.setup(null);
hw.start();
>From the main() method,the reachable methods does not include open3().
Jiangfan
On Tue, Aug 19, 2008 at 11:54 AM, li xin <li-xin at jaist.ac.jp> wrote:
> Sorry, I mean
>
> helloworld3 hw33=new helloworld3();
> helloworld hw=new helloworld(hw33);
> new myinter1(); //or new myinter2();
> hw33.setup(null);
> hw.start();
>
> Only to test how the underlying CHA works, since the analysis seems beyond
> what CHA does from your running results.
>
> I just now tried the above test with your code snippet. It does work as I
> expect, say only takes into account the instantiated type. But as Eric just
> kindly reminded me, this kind of analysis is exactly what RTA does.
>
> --
> Thanks and Best Regards, LI
>
>
> On Wed, Aug 20, 2008 at 1:38 AM, jiangfan shi <jiangfan.shi at gmail.com>
> wrote:
>>
>> > helloworld3 hw33=new helloworld3();
>> > helloworld hw=new helloworld(hw33);
>> > new myinter1();
>> > hw33.setup();
>> > hw.start();
>>
>> You mean
>>
>> helloworld3 hw33=new helloworld3();
>> helloworld hw=new helloworld(hw33);
>> myInter mi1=new myinter1();
>> hw33.setup(mi1);
>> hw.start();
>>
>> I just ran the call graph analysis, and there is only one edge between
>> start() and myinter1.open3(). There is no edge between start() and
>> myinter2.open3().
>>
>> Thanks, Lixin.
>>
>> Jiangfan
>> >
>> > On Wed, Aug 20, 2008 at 12:26 AM, Eric Bodden
>> > <eric.bodden at mail.mcgill.ca>
>> > wrote:
>> >>
>> >> I am not sure how exactly CHA is implemented in Soot and why it does
>> >> not show these edges for you, but I know for sure that it does not
>> >> use points-to sets. Why would you insist on having an imprecise
>> >> analysis, though, if you can get a more precise one?
>> >>
>> >> Eric
>> >>
>> >> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>> >> >> report the edge. A less precise analysis like CHA may give you
>> >> >> "spurious" call edges like the one from start() to open3().
>> >> >
>> >> > Thanks Eric. I used the CHA as the call graph constructor in my
>> >> > example, but I still did not see these edges.
>> >> >
>> >> > My options are the following:
>> >> > -w -main-class hello.helloworld -p cg.cha on -f jimple --app
>> >> > hello.helloworld
>> >> >
>> >> > Just curious. Maybe CHA in soot integrate the point-to analysis by
>> >> > default? If so, are there some options to turn this off?
>> >> >
>> >> > Jiangfan
>> >> >
>> >> >>
>> >> >> 2008/8/19 jiangfan shi <jiangfan.shi at gmail.com>:
>> >> >>> Thanks Eric for the explanation. There is one extra question.
>> >> >>>
>> >> >>>> uses no points-to sets. That makes it faster but much less precise
>> >> >>>> as
>> >> >>>> you can see in your example.
>> >> >>>
>> >> >>> Should the "less precise" mean that these edges should appear in
>> >> >>> the
>> >> >>> produced call graph?
>> >> >>> That is, the start() to open3() should appear in the call graph?
>> >> >>>
>> >> >>> Jiangfan
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>>>>>
>> >> >>>>>>> In case we can not attach a file to the mail list. I put all
>> >> >>>>>>> source
>> >> >>>>>>> files in the following:
>> >> >>>>>>>
>> >> >>>>>>>
>> >> >>>>>>> ============cg exploration===============
>> >> >>>>>>> package mytransformer;
>> >> >>>>>>>
>> >> >>>>>>> import soot.*;
>> >> >>>>>>>
>> >> >>>>>>> import java.io.BufferedWriter;
>> >> >>>>>>> import java.io.FileWriter;
>> >> >>>>>>> import java.util.*;
>> >> >>>>>>>
>> >> >>>>>>> import soot.jimple.toolkits.callgraph.*;
>> >> >>>>>>>
>> >> >>>>>>> public class TestMyTransformer extends SceneTransformer {
>> >> >>>>>>>
>> >> >>>>>>> public static void main(String[] args) {
>> >> >>>>>>> if (args.length == 0)
>> >> >>>>>>> System.exit(-1);
>> >> >>>>>>> PackManager.v().getPack("wjtp").add(
>> >> >>>>>>> new
>> >> >>>>>>> Transform("wjtp.mytransform",
>> >> >>>>>>> TestMyTransformer.v()));
>> >> >>>>>>> soot.Main.main(args);
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> private static TestMyTransformer instance = null;
>> >> >>>>>>>
>> >> >>>>>>> public static TestMyTransformer v() {
>> >> >>>>>>> if (instance == null)
>> >> >>>>>>> return (instance = new
>> >> >>>>>>> TestMyTransformer());
>> >> >>>>>>> return instance;
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> protected void internalTransform(String phaseName, Map
>> >> >>>>>>> options) {
>> >> >>>>>>> CallGraph cg = Scene.v().getCallGraph();
>> >> >>>>>>> System.out.println("Call graph + " + cg);
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> public void writetofile(CallGraph cg) {
>> >> >>>>>>> try {
>> >> >>>>>>> // Create file
>> >> >>>>>>> FileWriter fstream = new
>> >> >>>>>>> FileWriter("out22.txt");
>> >> >>>>>>> BufferedWriter out = new
>> >> >>>>>>> BufferedWriter(fstream);
>> >> >>>>>>> out.write(cg.toString());
>> >> >>>>>>> // Close the output stream
>> >> >>>>>>> out.close();
>> >> >>>>>>> } catch (Exception e) {// Catch exception if any
>> >> >>>>>>> System.err.println("Error: " +
>> >> >>>>>>> e.getMessage());
>> >> >>>>>>> }
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> =======main class helloworld ====
>> >> >>>>>>> package hello;
>> >> >>>>>>> public class helloworld {
>> >> >>>>>>> helloworld3 tmp;
>> >> >>>>>>>
>> >> >>>>>>> helloworld(helloworld3 hw3){
>> >> >>>>>>> tmp=hw3;
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> public void start(){
>> >> >>>>>>> System.out.println("start");
>> >> >>>>>>>
>> >> >>>>>>> if(tmp.hw3tmp!=null)
>> >> >>>>>>> tmp.hw3tmp.open3();
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> public static void main(String[] args){
>> >> >>>>>>>
>> >> >>>>>>> helloworld3 hw33=new helloworld3();
>> >> >>>>>>> helloworld hw=new helloworld(hw33);
>> >> >>>>>>> hw.start();
>> >> >>>>>>> }
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> class helloworld3 {
>> >> >>>>>>> myInter hw3tmp;
>> >> >>>>>>>
>> >> >>>>>>> helloworld3(){
>> >> >>>>>>> hw3tmp=null;
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> void setup(myInter mi){
>> >> >>>>>>> hw3tmp=mi;
>> >> >>>>>>> }
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> =======Interface myInter ====
>> >> >>>>>>> package hello;
>> >> >>>>>>> public interface myInter {
>> >> >>>>>>> public void open3();
>> >> >>>>>>>
>> >> >>>>>>> }
>> >> >>>>>>> ==========One implementation impl1========
>> >> >>>>>>> package hello;
>> >> >>>>>>> public class myinter1 implements myInter{
>> >> >>>>>>> public void open3(){
>> >> >>>>>>> System.out.println("myinter1");
>> >> >>>>>>>
>> >> >>>>>>> }
>> >> >>>>>>> }
>> >> >>>>>>> ==========One implementation impl2========
>> >> >>>>>>> package hello;
>> >> >>>>>>> public class myinter2 implements myInter {
>> >> >>>>>>>
>> >> >>>>>>> public void open3() {
>> >> >>>>>>> // TODO Auto-generated method stub
>> >> >>>>>>> System.out.println("myinter2");
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> }
>> >> >>>>>>>
>> >> >>>>>>> ==============source code over===================
>> >> >>>>>>>
>> >> >>>>>>>
>> >> >>>>>>>
>> >> >>>>>>> On Tue, Aug 19, 2008 at 7:50 AM, Eric Bodden
>> >> >>>>>>> <eric.bodden at mail.mcgill.ca> wrote:
>> >> >>>>>>>> Hi.
>> >> >>>>>>>>
>> >> >>>>>>>> Which call edge exactly do you find missing from the example
>> >> >>>>>>>> below? I
>> >> >>>>>>>> need a concrete and complete runnable example to be able to
>> >> >>>>>>>> decide if
>> >> >>>>>>>> this is or is not a bug.
>> >> >>>>>>>>
>> >> >>>>>>>> Eric
>> >> >>>>>>>>
>> >> >>>>>>>> 2008/8/18 jiangfan shi <jiangfan.shi at gmail.com>:
>> >> >>>>>>>>> Thanks, Li xin.
>> >> >>>>>>>>>
>> >> >>>>>>>>> I have tried to use spark and cha (default option) to
>> >> >>>>>>>>> construct
>> >> >>>>>>>>> the
>> >> >>>>>>>>> call graph. As you said, the generated call graph does not
>> >> >>>>>>>>> have
>> >> >>>>>>>>> related interfaceInvoke edges. That is, there is not edge
>> >> >>>>>>>>> which
>> >> >>>>>>>>> connects the main function to impl1.open() or impl2.open().
>> >> >>>>>>>>> And
>> >> >>>>>>>>> even,
>> >> >>>>>>>>> there is no edge between the main function and the interface
>> >> >>>>>>>>> Inter1.open().
>> >> >>>>>>>>>
>> >> >>>>>>>>> My options are following:
>> >> >>>>>>>>>
>> >> >>>>>>>>> spark:
>> >> >>>>>>>>>
>> >> >>>>>>>>> -w -main-class helloworld -p cg.spark rta:true;on-fly-cg:true
>> >> >>>>>>>>> -f
>> >> >>>>>>>>> jimple --app helloworld
>> >> >>>>>>>>>
>> >> >>>>>>>>> cha:
>> >> >>>>>>>>>
>> >> >>>>>>>>> -w -main-class helloworld -p cg.cha on -f jimple --app
>> >> >>>>>>>>> helloworld
>> >> >>>>>>>>>
>> >> >>>>>>>>> The following is my simplifiedcode.
>> >> >>>>>>>>>
>> >> >>>>>>>>> =======main class helloworld ====
>> >> >>>>>>>>>
>> >> >>>>>>>>> public class helloworld {
>> >> >>>>>>>>> helloworld3 tmp;
>> >> >>>>>>>>>
>> >> >>>>>>>>> helloworld(helloworld3 hw3){
>> >> >>>>>>>>> tmp=hw3;
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> public void start(){
>> >> >>>>>>>>> System.out.println("start");
>> >> >>>>>>>>>
>> >> >>>>>>>>> if(tmp.hw3tmp!=null)
>> >> >>>>>>>>> tmp.hw3tmp.open3();
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> public static void main(String[] args){
>> >> >>>>>>>>>
>> >> >>>>>>>>> helloworld3 hw33=new helloworld3();
>> >> >>>>>>>>> helloworld hw=new helloworld(hw33);
>> >> >>>>>>>>> hw.start();
>> >> >>>>>>>>> }
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> =============Another Class helloworld3============
>> >> >>>>>>>>> class helloworld3 {
>> >> >>>>>>>>> myInter hw3tmp;
>> >> >>>>>>>>>
>> >> >>>>>>>>> helloworld3(){
>> >> >>>>>>>>> hw3tmp=null;
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> void setup(myInter mi){
>> >> >>>>>>>>> hw3tmp=mi;
>> >> >>>>>>>>> }
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> =======Interface myInter ====
>> >> >>>>>>>>> public interface myInter {
>> >> >>>>>>>>> public void open3();
>> >> >>>>>>>>>
>> >> >>>>>>>>> }
>> >> >>>>>>>>> ==========One implementation impl1========
>> >> >>>>>>>>>
>> >> >>>>>>>>> public class myinter1 implements myInter{
>> >> >>>>>>>>> public void open3(){
>> >> >>>>>>>>> System.out.println("myinter1");
>> >> >>>>>>>>>
>> >> >>>>>>>>> }
>> >> >>>>>>>>> }
>> >> >>>>>>>>> ==========One implementation impl2========
>> >> >>>>>>>>>
>> >> >>>>>>>>> public class myinter2 implements myInter {
>> >> >>>>>>>>>
>> >> >>>>>>>>> public void open3() {
>> >> >>>>>>>>> // TODO Auto-generated method stub
>> >> >>>>>>>>> System.out.println("myinter2");
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> }
>> >> >>>>>>>>>
>> >> >>>>>>>>> Any ideas? Thanks.
>> >> >>>>>>>>> Jiangfan
>> >> >>>>>>>>>
>> >> >>>>>>>>>
>> >> >>>>>>>>>
>> >> >>>>>>>>> On Mon, Aug 18, 2008 at 9:35 AM, li xin <li-xin at jaist.ac.jp>
>> >> >>>>>>>>> wrote:
>> >> >>>>>>>>>> Hello,
>> >> >>>>>>>>>>
>> >> >>>>>>>>>> I am wondering it is the issue of whether the underlying
>> >> >>>>>>>>>> points-to analysis
>> >> >>>>>>>>>> properly handle InterfaceInvoke.
>> >> >>>>>>>>>>
>> >> >>>>>>>>>> FYI:
>> >> >>>>>>>>>> This question reminds me a related problem I ever
>> >> >>>>>>>>>> encountered.
>> >> >>>>>>>>>> I run
>> >> >>>>>>>>>> cg.spark (with default options on mind) on some package, but
>> >> >>>>>>>>>> edges of
>> >> >>>>>>>>>> InterfaceInvoke are lost in the generated call graph (while
>> >> >>>>>>>>>> CHA
>> >> >>>>>>>>>> handles them
>> >> >>>>>>>>>> properly).
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>
>> >> >>>>>>>>>> --
>> >> >>>>>>>>>> Thanks and Best Regards, LI
>> >> >>>>>>>>>>
>> >> >>>>>>>>>> On Mon, Aug 18, 2008 at 10:45 PM, jiangfan shi
>> >> >>>>>>>>>> <jiangfan.shi at gmail.com>
>> >> >>>>>>>>>> wrote:
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> Hi,
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> I found the infoFlowAnalysis does not do dynamic bindings
>> >> >>>>>>>>>>> for
>> >> >>>>>>>>>>> the
>> >> >>>>>>>>>>> interfaceinvoke statement. Am I right?
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> For exmaple, I have an interface Interf1, which defines a
>> >> >>>>>>>>>>> method
>> >> >>>>>>>>>>> open(). Two implementations impl1 and impl2 implement the
>> >> >>>>>>>>>>> Interf1.
>> >> >>>>>>>>>>> Then I have following simplified statements;
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> ==============
>> >> >>>>>>>>>>> Interf1 tmp1;
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> if(tmp1!=null){
>> >> >>>>>>>>>>> tmp1.open().
>> >> >>>>>>>>>>> }
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> ==============
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> For this piece of code, the infoFlowAnalysis does not give
>> >> >>>>>>>>>>> two
>> >> >>>>>>>>>>> possible method invocations, impl1.open() and impl2.open().
>> >> >>>>>>>>>>> Furthermore the infoFlowAnalysis does not compute flow
>> >> >>>>>>>>>>> Summary
>> >> >>>>>>>>>>> for
>> >> >>>>>>>>>>> these two methods.
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> For the following piece of code, the infoFlowAnalysis does
>> >> >>>>>>>>>>> work
>> >> >>>>>>>>>>> because there are explicitly assignments from impl1 or
>> >> >>>>>>>>>>> impl2
>> >> >>>>>>>>>>> to the
>> >> >>>>>>>>>>> Interf1.
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> ==============
>> >> >>>>>>>>>>> Interf1 tmp1;
>> >> >>>>>>>>>>> if(args[0]=1){
>> >> >>>>>>>>>>> tmp1=new impl1();
>> >> >>>>>>>>>>> else
>> >> >>>>>>>>>>> tmp1=new impl2();
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> tmp1.open().
>> >> >>>>>>>>>>> }
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> ==============
>> >> >>>>>>>>>>> In this case, the infoFlowAnalysis will compute summaries
>> >> >>>>>>>>>>> for
>> >> >>>>>>>>>>> the two
>> >> >>>>>>>>>>> methods, impl1.open() and impl2.open().
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> So my question is that if the infoFlowAnalysis handle the
>> >> >>>>>>>>>>> interfaceinvoke statement. Maybe I did not find some
>> >> >>>>>>>>>>> configurations of
>> >> >>>>>>>>>>> the infoFlowAnalsysis, or I miss some other options.
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> Thanks you in advance!
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>> Jiangfan
>> >> >>>>>>>>>>> _______________________________________________
>> >> >>>>>>>>>>> Soot-list mailing list
>> >> >>>>>>>>>>> Soot-list at sable.mcgill.ca
>> >> >>>>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>
>> >> >>>>>>>>> _______________________________________________
>> >> >>>>>>>>> Soot-list mailing list
>> >> >>>>>>>>> Soot-list at sable.mcgill.ca
>> >> >>>>>>>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >> >>>>>>>>>
>> >> >>>>>>>>
>> >> >>>>>>>>
>> >> >>>>>>>>
>> >> >>>>>>>> --
>> >> >>>>>>>> Eric Bodden
>> >> >>>>>>>> Sable Research Group
>> >> >>>>>>>> McGill University, Montréal, Canada
>> >> >>>>>>>>
>> >> >>>>>>>
>> >> >>>>>>
>> >> >>>>>>
>> >> >>>>>>
>> >> >>>>>> --
>> >> >>>>>> Eric Bodden
>> >> >>>>>> Sable Research Group
>> >> >>>>>> McGill University, Montréal, Canada
>> >> >>>>>>
>> >> >>>>>
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> --
>> >> >>>> Eric Bodden
>> >> >>>> Sable Research Group
>> >> >>>> McGill University, Montréal, Canada
>> >> >>>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Eric Bodden
>> >> >> Sable Research Group
>> >> >> McGill University, Montréal, Canada
>> >> >>
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Eric Bodden
>> >> Sable Research Group
>> >> McGill University, Montréal, Canada
>> >
>> >
>> >
>> >
>> >
>
>
More information about the Soot-list
mailing list