[Soot-list] Potential bug in BDD-based part of Paddle

Severin Heiniger severinheiniger at gmail.com
Wed Apr 20 10:41:05 EDT 2011 

Hi again,

after having inspected the source code and the content of
NodeManager.contextMap at runtime, it became clear that the
ContextAllocDotFields of interest are not materialized at all from the
BDD data at the time of calling ContextAllocNode.fields().

In order to get the desired information (equal to the one provided by
the traditional Paddle variant), it's necessary to force Paddle to
materialize the ContextAllocDotFields using ContextAllocDotField.make.
In order to do so, one needs the fields of the SootClass manually
derived from the ContextAllocNode under inspection.

I suspect that this is not the intended behavior of Paddle and can
thus be considered as a defect. Does anyone know a better work-around?

Kind regards,
Severin


On Wed, Apr 20, 2011 at 11:26 AM, Severin Heiniger
<severinheiniger at gmail.com> wrote:
> Hi,
>
> a central step in my context-sensitive analysis performed using Paddle
> is to get the points-to sets of all fields given a ContextAllocNode as
> the base. With BDD support disabled, this works as expected, but when
> enabling BDD support, the iterator returned by
> ContextAllocNode.fields() doesn't provide any ContextAllocDotFields
> whatsoever. I was able to reproduce the problem with multiple versions
> of Soot and types of JVMs. You can find a simple test-case here: [1]
> It's ready to be run using a Sun-JRE on a 32-bit system (64-bit
> version is also included).
>
> public class MainSubject {
>       public Object field;
>       public static void main(String[] args) {
>               MainSubject main = new MainSubject();
>               main.field = new Object();
>       }
> }
>
> Without BDD support, the analysis reports that 'new Object()' is in
> the points-to set of the field 'new MainSubject().field', while with
> BDD support, this is not the case. The detailed output:
>
> Without BDD support:
> LocalAllocNode 1 new MainSubject ... in context null:
>       AllocDotField <MainSubject: java.lang.Object field>:
>               LocalAllocNode 2 new java.lang.Object ... in context null
> LocalAllocNode 2 new java.lang.Object ... in context null:
>
> With BDD support:
> LocalAllocNode 1 new MainSubject ... in context null:
> LocalAllocNode 2 new java.lang.Object ... in context null:
>
> I would be extremely grateful if anyone could shed some light on this
> matter. The success of my current work heavily depends on retrieving
> the mentioned information efficiently (thus the BDD support).
>
> Kind regards,
> Severin
>
> [1] http://dl.dropbox.com/u/232786/paddle-bug.tar.gz
>  - BDD support can be enabled and disabled in the file 'run'.
>  - Using Results.v().reachableMethods().contextMethods() instead has
> no influence on the problem
>

More information about the Soot-list mailing list