[Soot-list] Potential bug in BDD-based part of Paddle
Severin Heiniger
severinheiniger at gmail.com
Wed Apr 20 05:26:19 EDT 2011
Hi,
a central step in my context-sensitive analysis performed using Paddle
is to get the points-to sets of all fields given a ContextAllocNode as
the base. With BDD support disabled, this works as expected, but when
enabling BDD support, the iterator returned by
ContextAllocNode.fields() doesn't provide any ContextAllocDotFields
whatsoever. I was able to reproduce the problem with multiple versions
of Soot and types of JVMs. You can find a simple test-case here: [1]
It's ready to be run using a Sun-JRE on a 32-bit system (64-bit
version is also included).
public class MainSubject {
public Object field;
public static void main(String[] args) {
MainSubject main = new MainSubject();
main.field = new Object();
}
}
Without BDD support, the analysis reports that 'new Object()' is in
the points-to set of the field 'new MainSubject().field', while with
BDD support, this is not the case. The detailed output:
Without BDD support:
LocalAllocNode 1 new MainSubject ... in context null:
AllocDotField <MainSubject: java.lang.Object field>:
LocalAllocNode 2 new java.lang.Object ... in context null
LocalAllocNode 2 new java.lang.Object ... in context null:
With BDD support:
LocalAllocNode 1 new MainSubject ... in context null:
LocalAllocNode 2 new java.lang.Object ... in context null:
I would be extremely grateful if anyone could shed some light on this
matter. The success of my current work heavily depends on retrieving
the mentioned information efficiently (thus the BDD support).
Kind regards,
Severin
[1] http://dl.dropbox.com/u/232786/paddle-bug.tar.gz
- BDD support can be enabled and disabled in the file 'run'.
- Using Results.v().reachableMethods().contextMethods() instead has
no influence on the problem
More information about the Soot-list
mailing list