[Soot-list] Cannot Get a Correct Point-to Set for Fields

[杨鹏]

Hello, 


I'm trying to do a point-to analysis using Paddle. Here's a piece of test code as follows, 'context'  is a field of one class:


public void create(){
context = new Context();
}


And then, here's the jimple code for it:


r0 := @this: demo.state.Client
$r1 = new demo.state.Context
specialinvoke $r1.<demo.state.Context: void <init>()>()
r0.<demo.state.Client: demo.state.Context context> = $r1
return


The problem is, when I was trying to get the points-to set of field context, I can't get any result. I restored the field <demo.state.Client: demo.state.Context context> in a SootField named 'sf', and run code as follows:


HashMap opt = new HashMap();
opt.put("enabled","true");
opt.put("verbose","false");
opt.put("bdd","true");
opt.put("backend","buddy");
opt.put("context","kcfa");
opt.put("k","2");
opt.put("propagator","auto");
opt.put("conf","ofcg");
opt.put("order","32");
opt.put("q","auto");
opt.put("set-impl","double");
opt.put("double-set-old","hybrid");
opt.put("double-set-new","hybrid");
opt.put("pre-jimplify","false");
PaddleTransformer pt = new PaddleTransformer();
PaddleOptions paddle_opt = new PaddleOptions(opt);
pt.solve(paddle_opt);
soot.jimple.paddle.Results.v().makeStandardSootResults();


soot.PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
PointsToSet pst = pta.reachingObjects(sf);


As the result, the pst set has no element, which I suppose that it should contain '$r1' and 'new demo.state.Context' for they must point to the same object according to the jimple code.


How to explain this result and how to get a correct one? Any help is greatly appreciated.


Peng Yang,
Southeast University, China

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20130402/ec58bad9/attachment.html