[Soot-list] Converting reflection code to static code

Thu Feb 7 16:22:40 EST 2013

Namaste Ashish,

Since I am not fully understanding your question, my answer could be 
missing the mark. Don't hesitate to ask point out if that is the case.

1) The phase
You 'cannot' modify the phase cg, so that one is out question. Of 
course, you can always do what you want with the source code, but lets 
just say it is not really recommended ;)

By default wjop is disabled, so that's not the best option.

So if you want to do something before the call graph is constructed, go 
for wjpp, otherwise use wjtp.

2)
The most tempting answer for me is to tell you to do two runs of soot. 
You can output the results of the first analysis in Jimple format, so 
the next run would be faster.

On the first run, you would take the spark output in wjtp and do your 
analysis and store results on the disk. (If you have any run-time 
information you want to put in, you could do that there, or in wjpp).

On the second run, you would do the transformations in wjpp and let 
Spark take it from there.

If the results are good, then a closer integration in soot (like in the 
cg phase) would make sense :)

3) Precise interprocedural analysis without CG
Well, yes and no. You can determine call targets locally, but your 
precision may not be super good. Java programs love to pass objects all 
over the place, so the type can be hard to guess intraprocedurally. You 
can try, and fall back on CHA if you don't have local information.

Tripp et al. published a paper on their Andromeda system that does away 
with a global call graph construction - it could be interesting for you.

I hope it helps.

Regards,

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 13-02-07 03:47 PM, ASHISH MISHRA wrote:
> Hi all,
>
> I understand how to use tamiflex to handle reflection using soot. i wish
> to solve the problem(To some extent , since, exact solution could not be
> computed.) using String analysis, pointer analysis and some other static
> ways. My main concerns is -
>
> Suppose I have  a code fragment say its original Program P
>
> //
> 4String str= "someclassname"
> 5Class clazz = Class.forNmae(str);
>
>   6Method mt=clazz.getMethod("execute", null);
> 7 mt.invoke(o , null);
>
> //some other code.
>
> I can analyze the argument passed to the dynamic class loading at line 5
> using the String analysis and if its is a Constant string or it can be
> tracked via some other means I can enrich this program P to some thing like
>
> 4String str= "someclassname"
> 5Class clazz = Class.forNmae(str);
>
>   6Method mt=clazz.getMethod("execute", null);
> 7 mt.invoke(o , null);
>
> someclass sc = new someclass();
> sc.execute();
>
> //some other code. say p'
>
> And finally run Call Graph construction algorithm on P'
>
> My first question is -
>
> I am confused about where to add my transformation-
> 1)wjop - looks most promising ,as I am optimizing the source
> 2)cg
> 3wjtp
>
> Secondly
>
> Do I need to add  two different transformations ,
> one to generate an On the fly Call graph with pointer analysis and
> String analysis
> and then apply the transformation from P to P' and then again generate a
> Call graph again. i need a precise Call graph of whole application with
> reflection information added by a side analysis like String , pointer
> and other static analysis.
>
> Is its possible to get a precise inter procedural dataflow analysis
> independent of Call graph construction. I feel its not possible as they
> both are interlinked.
>
> Please help me on this.
>
> --
> Regards,
> Ashish Mishra
> Graduate Student,
> Computer Science and Automation Department,IISc
> Cell : +91-9611194714
> Mailto : ashishmishra at csa.iisc.ernet.in
> <mailto:ashishmishra at csa.iisc.ernet.in>
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>