[Soot-list] Sideeffectanalysis

Eric Bodden bodden at st.informatik.tu-darmstadt.de
Fri Mar 4 11:05:03 EST 2011 

So are you trying to use Spark and Paddle at the same time? That won't work.

I have not used Paddle in a while but I think that paddle implements
its own CallGraph subclass that accepts paddle AllocNode instances as
input.

As an alternative to using paddle you can also use the demand-driven
context-sensitive points-to analysis "DemandCSPointsTo".

Eric

On 4 March 2011 16:54, Jochen Huck <jochen.huck at student.kit.edu> wrote:
> Thanks! This is what I thought too.
> I've got a question according the ContextSensitiveCallGraph (cg): I will
> need to know the call graph edges that go out of f1.inc().
> Given the declaringMethod(main) and the unit(f1.inc()) I have to ask
> cg.edgesOutOf(context, method, unit). But where do I get the context from?
> The description of the interface Context says that context is a Spark
> AllocNode in the case of an object-sensitive call graph. Using Paddle I
> would only have access to a Paddle AllocNode, right? Where do I get the
> AllocNode from? I am a little confused...
>
> Jochen
>
>
> Am 04.03.2011 16:38, schrieb Eric Bodden:
>>
>> Hi Jochen.
>>
>>
>> If I am not mistaken then you are looking for a 1-object-sensitive
>> analysis. I think Ondrej wrote a paper a while ago in which he found
>> out that object-sensitivity usually works best and a context length of
>> 1 is often sufficient - at least that's what I remember.
>>
>> Eric
>>
>> On 4 March 2011 14:42, Jochen Huck<jochen.huck at student.kit.edu>  wrote:
>>>
>>> Hi,
>>>
>>> the current implementation of the sideeffectanalysis
>>> (soot.jimple.toolkits.pointer.SideEffectAnalysis) is context-insensitive
>>> and therefore really imprecise. For
>>>
>>> class Foo {
>>>     int i;
>>>     public static void main(String[] args) {
>>>         Foo f1 = new Foo();
>>>         Foo f2 = new Foo();
>>>         f1.inc();
>>>         f2.inc();
>>>     }
>>>     public void inc() {
>>>         i++;
>>>     }
>>> }
>>>
>>> it reports that f1.inc() and f2.inc() have the same dependencies, since
>>> the analysis is context-insensitive.
>>>
>>> I would like to improve the precisson using Paddle. Which option (1cfg,
>>> object-sensitive) would I need, that it is possible to infer that the
>>> calls to inc() have no dependencies?
>>> I will have to rewrite some methods of SideEffectAnalysis and
>>> SideEffectTagger. Any suggestions how difficult that would be?
>>>
>>> Thanks,
>>> Jochen
>>>
>>>
>>> _______________________________________________
>>> Soot-list mailing list
>>> Soot-list at sable.mcgill.ca
>>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>>
>>
>>
>
>



-- 
Dr. Eric Bodden, http://bodden.de/
Principal Investigator in Secure Services at CASED
Coordinator of the CASED Advisory Board of Study Affairs
PostDoc at Software Technology Group, Technische Universität Darmstadt
Tel: +49 6151 16-5478    Fax: +49 6151 16-5410
Mailing Address: S2|02 A209, Hochschulstraße 10, 64289 Darmstadt

More information about the Soot-list mailing list