[Soot-list] information returned from DemandCS pointto analysis misses context

LIU Peng lpxz at ust.hk
Tue Aug 4 13:57:10 EDT 2009 

Dear Eric:
     As mentioned in last email, I tried DemandCS pointto analysis. But I
found in the AllocAndContext returned using reachingObjects(iBase),
the contexts are empty but alloc is not empty.
To be more detailed:


1 subject class:
public class TestMethods {
  public static void A()
  {
	  Run1 run1 = new Run1();
	  D(run1);
  }
  public static void B()
  {
	  Run2 run2 = new Run2();
	  D(run2);
  }
  public static void  C()
  {
	  Run3 run3 = new Run3();
	//  D(run3);
  }
  public static void D(Runit r)
  {
	  r.run();
  }
	public static void main(String[] args) // to be analyzed.
       {
		A();
		B();
		C();
        }
}



2 trace:
//the analysis start from main body, and  when meet with an invoking stmt,
analyze the corresponding method immediately.


This is part of my console information :
[Call Graph] For information on where the call graph may be incomplete,
use the verbose option to the cg phase.
[Spark] Pointer Assignment Graph in 2.4 seconds.
[Spark] Type masks in 1.0 seconds.
[Spark] Pointer Graph simplified in 0.0 seconds.
[Spark] Propagation in 157.3 seconds.
[Spark] Solution found in 157.4 seconds.
[Spark] Initialized on-demand refinement-based context-sensitive analysis
in 18.2 seconds.


     ==>method:<TestMethods: void main(java.lang.String[])>
     args := @parameter0: java.lang.String[]
     staticinvoke <TestMethods: void A()>()
     { =====================================
          ==>method:<TestMethods: void A()>
          $r0 = new Run1
          specialinvoke $r0.<Run1: void <init>()>()
AllocNode 32 new Run1 in method <TestMethods: void A()><--> ibase:$r0
          { =====================================
               ==>method:<Run1: void <init>()>
               this := @this: Run1
               specialinvoke this.<java.lang.Object: void <init>()>()
AllocNode 32 new Run1 in method <TestMethods: void A()><--> ibase:this
               return
               <==method:<Run1: void <init>()>
          ===================================== }
          run1 = $r0
          staticinvoke <TestMethods: void D(Runit)>(run1)
          { =====================================
               ==>method:<TestMethods: void D(Runit)>
               r := @parameter0: Runit
               interfaceinvoke r.<Runit: void run()>()
(I hope to get context information here.)!!!!!!!!!!!!!!!!!!!!!!!!!
AllocNode 32 new Run1 in method <TestMethods: void A()><--> ibase:r
AllocNode 31 new Run2 in method <TestMethods: void B()><--> ibase:r
               { =====================================
                    ==>method:<Run2: void run()>
                    this := @this: Run2
                    $r0 = <java.lang.System: java.io.PrintStream out>
                    virtualinvoke $r0.<java.io.PrintStream: void
println(java.lang.String)>("B is runnning")
AllocNode 8 new java.io.PrintStream in method <java.lang.System: void
initializeSystemClass()><--> ibase:$r0
                    return
                    <==method:<Run2: void run()>
                    ==>method:<Run1: void run()>
                    this := @this: Run1
                    $r0 = <java.lang.System: java.io.PrintStream out>
                    virtualinvoke $r0.<java.io.PrintStream: void
println(java.lang.String)>("A is runnning")
AllocNode 8 new java.io.PrintStream in method <java.lang.System: void
initializeSystemClass()><--> ibase:$r0
                    return
                    <==method:<Run1: void run()>
               ===================================== }
               return
               <==method:<TestMethods: void D(Runit)>
          ===================================== }




3 problem:
The problem is      for interfaceinvoke r.<Runit: void run()>(), I want
its pointTo set of r is context-sensitive, to be concrete, I
want:
 r  points to "AllocNode 32 new Run1 in method <TestMethods: void A()>"
when r.<Runit: void run()>() is called under context "A()"
 r  points to "AllocNode 31 new Run2 in method <TestMethods: void B()>"
when r.<Runit: void run()>() is called under context "B()"
but when I use the following code to query.

 PointsToSet p2base=  MyAnalysis.paDemand.reachingObjects(iBase);
 if(base instanceof AllocAndContextSet) // spark use this way, can use
forall implementation
{//

  for (AllocAndContext allocAndContext : ((AllocAndContextSet)base)) {
	  System.out.println(""+allocAndContext.alloc+"");
	  filter2.add(allocAndContext);// type
}
}

I find that alloc is right. but the integer stack of context is empty
during debug mode. so I can get no assistant information about context
-sensitive.

Do you know what is wrong with my analysis?
Thanks

Regards
Peng

More information about the Soot-list mailing list