[Soot-list] bug with makeAllocNode?

lpxz lpxz at ust.hk
Mon Dec 7 10:38:43 EST 2009 

Hello All:
   I find a little problem during my usage, it is related to making 
AllocNode, LocalvarNode, GlobalNode.
   In PAG.java, (*bold characters are added for logging:*), I am not 
quite sure this is a real bug.

    public AllocNode makeAllocNode(Object newExpr, Type type, SootMethod 
m) {
        if (opts.types_for_sites() || opts.vta())
            newExpr = type;
        AllocNode ret = valToAllocNode.get(newExpr);
        if (ret == null) {
            valToAllocNode.put(newExpr, ret = new AllocNode(this, newExpr,
                    type, m));
            newAllocNodes.add(ret);
            addNodeTag(ret, m);

        } else if (!(ret.getType().equals(type))) {
*            String newexprString = newExpr.toString() + " "
                    + newExpr.hashCode() + " " + type.toString();
            String retString = ret.toString() + " " + ret.hashCode()
                    + ret.getType().toString();
            logger.info("expr:" + newexprString + "----find--->" + 
"allocNode "
                    + retString);
            Object realHusband = null;*
            Iterator it = valToAllocNode.entrySet().iterator();
            while (it.hasNext()) {
                Entry entry = (Entry) it.next();
                realHusband = entry.getKey();

                if (entry.getValue().hashCode() == ret.hashCode()) {

*                    logger.info("which keys correpond to this value? 
::::::"
                            + realHusband.toString() + ""
                            + realHusband.hashCode());*
                  
                }

            }

            throw new RuntimeException("NewExpr " + newExpr + " of type "
                    + type + " previously had type " + ret.getType());
        }
        return ret;
    }
the logged result is:
* expr:new java.io.DataInputStream 145892892 
java.io.DataInputStream----find--->allocNode AllocNode 2445 new 
java.lang.StringBuilder in method <sun.security.jca.ProviderList: void 
<init>()> 2445java.lang.StringBuilder*
* which keys correpond to this value? ::::::new 
java.lang.StringBuilder145892892


we can see that two JNewExpr objects have the same hashcode although 
they are of different types.
I can not quite explain why two different objects have the same 
hashcode. as native hashCode() are calculated from the memory address.
But here we can not use this "bad" hashcode to retrieve information.we 
must make sure two NewExpr with different types have different hashCode().

Solution:
We can give a different hashCode() here(just make use of 
*this.equivHashCode() in soot. It can distinguish different types 
smoothly.*)
*public abstract class AbstractNewExpr implements NewExpr
{

    public AbstractNewExpr() {
   
        //@lpxz
        //actually not used at all.
        // TODO Auto-generated constructor stub
    }

    RefType type;
    @Override
    public int hashCode() { return this.equivHashCode(); }// 
31*(31*a+b)+c for abc.class
   
    @Override
    public boolean equals(Object o)
    {
        return this.equivTo(o);
    }
....
}

Then JNewExpr would inherits the good hashCode() which can tell the 
hashmap to retrieve the value.
Then there would not be that exception. I have met with such exceptions 
when I tried to analysis aspectJ progream too.
*
Similarly:*
we need to assign hashCode() for "class 
soot.jimple.internal.JimpleLocal" to avoid problem in 
soot.jimple.spark.pag.PAG.*makeLocalVarNode(*PAG.java:544)


java.lang.RuntimeException: Value Pair 
(javax.swing.event.MenuKeyListener) $r2,CAST_NODE of type 
javax.swing.event.MenuKeyListener previously had type 
javax.swing.JTabbedPane$Page
    at soot.jimple.spark.pag.PAG.*makeLocalVarNode(*PAG.java:544)
    at 
soot.jimple.spark.builder.MethodNodeFactory.caseCastExpr(MethodNodeFactory.java:193)
    at 
soot.jimple.internal.AbstractCastExpr.apply(AbstractCastExpr.java:129)
    at 
soot.jimple.spark.builder.MethodNodeFactory$1.caseAssignStmt(MethodNodeFactory.java:75)
    at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:236)
    at 
soot.jimple.spark.builder.MethodNodeFactory.handleStmt(MethodNodeFactory.java:67)
    at soot.jimple.spark.pag.MethodPAG.buildNormal(MethodPAG.java:167)
    at soot.jimple.spark.pag.MethodPAG.build(MethodPAG.java:133)
    at 
soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:64)
    at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:56)
    at 
soot.jimple.spark.solver.PropWorklist.handleVarNode(PropWorklist.java:125)
    at soot.jimple.spark.solver.PropWorklist.propagate(PropWorklist.java:54)
    at 
soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:153)
    at soot.SceneTransformer.transform(SceneTransformer.java:39)
    at soot.Transform.apply(Transform.java:89)
    at soot.RadioScenePack.internalApply(RadioScenePack.java:58)
    at 
soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:48)
    at soot.Pack.apply(Pack.java:114)
    at soot.PackManager.runWholeProgramPacks_cp(PackManager.java:517)
    at soot.PackManager.runPacks_cp(PackManager.java:335)
    at aBunchOfTests.CallGraphDumper_cp.setUp(CallGraphDumper_cp.java:236)

*Also:*
we need to assign hashCode() for SootField.java to avoid problem with 
soot.jimple.spark.pag.PAG.*makeGlobalVarNode*(PAG.java:532)

java.lang.RuntimeException: Value 
<sun.security.x509.ExtendedKeyUsageExtension: int[] 
anyExtendedKeyUsageOidData> of type int[] previously had type 
java.util.HashMap
    at soot.jimple.spark.pag.PAG.*makeGlobalVarNode*(PAG.java:532)
    at 
soot.jimple.spark.builder.MethodNodeFactory.caseStaticFieldRef(MethodNodeFactory.java:259)
    at soot.jimple.StaticFieldRef.apply(StaticFieldRef.java:92)
    at 
soot.jimple.spark.builder.MethodNodeFactory$1.caseAssignStmt(MethodNodeFactory.java:73)
    at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:236)
    at 
soot.jimple.spark.builder.MethodNodeFactory.handleStmt(MethodNodeFactory.java:67)
    at soot.jimple.spark.pag.MethodPAG.buildNormal(MethodPAG.java:167)
    at soot.jimple.spark.pag.MethodPAG.build(MethodPAG.java:133)
    at 
soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:64)
    at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:56)
    at 
soot.jimple.spark.solver.PropWorklist.handleVarNode(PropWorklist.java:125)
    at soot.jimple.spark.solver.PropWorklist.propagate(PropWorklist.java:54)
    at 
soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:153)
    at soot.SceneTransformer.transform(SceneTransformer.java:39)
    at soot.Transform.apply(Transform.java:89)
    at soot.RadioScenePack.internalApply(RadioScenePack.java:58)
    at 
soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:48)
    at soot.Pack.apply(Pack.java:114)
    at soot.PackManager.runWholeProgramPacks_cp(PackManager.java:517)
    at soot.PackManager.runPacks_cp(PackManager.java:335)


Regards
Peng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20091207/bfb633d4/attachment.html

More information about the Soot-list mailing list