[Soot-list] Cannot Get a Correct Point-to Set for Fields

Tue Apr 2 10:03:23 EDT 2013

Hello,

Do you mean that following two statements are not running? 

 soot.PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
 PointsToSet pst = pta.reachingObjects(sf);
I also tried to get the points-to set of local '$r1', which stored in a variable named 'vlocal'. Following are the codes for this running:

 soot.PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
 PointsToSet pst = pta.reachingObjects(vlocal);

And I got the result 'LocalAllocNode new demo.state.Context <demo.state.Client: void create()> type demo.state.Context in context null,' for '$r1'. Does that mean the soot has executed? I'm a little confused about it.

I need to do some flow-sensitive and context-sensitive points-to analysis to get a more precise result, and I found that Paddle provides a object-sensitive analysis, that's right? That's the reason why I'm using Paddle instead of Spark.

Thanks for your reply.
Peng Yang,
Southeast University, China

At 2013-04-02 21:02:09,"Marc-André Laverdière-Papineau" <marc-andre.laverdiere-papineau at polymtl.ca> wrote:
>Hello,
>
>It looks like you are not running the last two lines in a transformer, 
>so soot hasn't executed yet. I suggest putting it in a SceneTransformer 
>in the wjtp phase. You will need to enable wjtp as well.
>
>Also, is there a reason that you are using Paddle? Most people in the 
>list use Spark - but you may have specific requirements.
>
>Marc-André Laverdière-Papineau
>Doctorant - PhD Candidate
>
>On 13-04-02 08:37 AM, 杨鹏 wrote:
>> Hello,
>>
>> I'm trying to do a point-to analysis using Paddle. Here's a piece of
>> test code as follows, 'context'  is a field of one class:
>>
>> public void create(){
>> context = new Context();
>> }
>>
>> And then, here's the jimple code for it:
>>
>> r0 := @this: demo.state.Client
>> $r1 = new demo.state.Context
>> specialinvoke $r1.<demo.state.Context: void <init>()>()
>> r0.<demo.state.Client: demo.state.Context context> = $r1
>> return
>>
>> The problem is, when I was trying to get the points-to set of field
>> context, I can't get any result. I restored the
>> field <demo.state.Client: demo.state.Context context> in a SootField
>> named 'sf', and run cod e as follows:
>>
>> HashMap opt = new HashMap();
>> opt.put("enabled","true");
>> opt.put("verbose","false");
>> opt.put("bdd","true");
>> opt.put("backend","buddy");
>> opt.put("context","kcfa");
>> opt.put("k","2");
>> opt.put("propagator","auto");
>> opt.put("conf","ofcg");
>> o pt.put("order","32");
>> opt.put("q","auto");
>> opt.put("set-impl","double");
>> opt.put("double-set-old","hybrid");
>> opt.put("double-set-new","hybrid");
>> opt.put("pre-jimplify","false");
>> PaddleTransformer pt = new PaddleTransformer();
>> PaddleOptions paddle_opt = new PaddleOptions(opt);
>> pt.solve(paddle_opt);
>> soot.jimple.paddle.Results.v().makeStandardSootResults();
>>
>> soot.PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
>> PointsToSet pst = pta.reachingObjects(sf);
>>
>> As the result, the pst set has no element, which I suppose that it
>> should contain '$r1' and 'new demo.state.Context' for they must point to
>> the same object according to the jimple code.
>>
>> How to explain this result and how to get a correct one? Any help is
>> greatly appreciated.
>>
>> Peng Yang,
>> Southeast University, China
>>
>>
>>
>>
>>
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at sable.mcgill.ca
>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>>
>_______________________________________________
>Soot-list mailing list
>Soot-list at sable.mcgill.ca
>http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20130402/82f95846/attachment-0001.html 