[Soot-list] Converting reflection code to static code

Eric Bodden eric.bodden at ec-spride.de
Thu Feb 7 17:24:06 EST 2013 

Hello.

I was just wondering... have you looked at the related work section of
the TamiFlex paper? Actually the static inlining has already been done
by others and you may want to look at their work.

Also JSA should be quite interesting to you:
http://www.brics.dk/JSA/

Eric

On 7 February 2013 23:05, ASHISH MISHRA <ashish123.mishragkp at gmail.com> wrote:
> Namaste Marc-Andre,
>
> Thanks a lot,
> I think you clearly got my problem, :)
>
>
> "The most tempting answer.... " Thanks for the insight , I was thinking on
> similar lines  and your suggestion looks really promising. I will try this
> out and will come to the group if in some trouble or with some new findings.
>
> regards
> Ashish
>
>
> On Fri, Feb 8, 2013 at 2:52 AM, Marc-Andre Laverdiere-Papineau
> <marc-andre.laverdiere-papineau at polymtl.ca> wrote:
>>
>> Namaste Ashish,
>>
>>
>> Since I am not fully understanding your question, my answer could be
>> missing the mark. Don't hesitate to ask point out if that is the case.
>>
>> 1) The phase
>> You 'cannot' modify the phase cg, so that one is out question. Of
>> course, you can always do what you want with the source code, but lets
>> just say it is not really recommended ;)
>>
>> By default wjop is disabled, so that's not the best option.
>>
>> So if you want to do something before the call graph is constructed, go
>> for wjpp, otherwise use wjtp.
>>
>> 2)
>> The most tempting answer for me is to tell you to do two runs of soot.
>> You can output the results of the first analysis in Jimple format, so
>> the next run would be faster.
>>
>> On the first run, you would take the spark output in wjtp and do your
>> analysis and store results on the disk. (If you have any run-time
>> information you want to put in, you could do that there, or in wjpp).
>>
>> On the second run, you would do the transformations in wjpp and let
>> Spark take it from there.
>>
>> If the results are good, then a closer integration in soot (like in the
>> cg phase) would make sense :)
>>
>> 3) Precise interprocedural analysis without CG
>> Well, yes and no. You can determine call targets locally, but your
>> precision may not be super good. Java programs love to pass objects all
>> over the place, so the type can be hard to guess intraprocedurally. You
>> can try, and fall back on CHA if you don't have local information.
>>
>> Tripp et al. published a paper on their Andromeda system that does away
>> with a global call graph construction - it could be interesting for you.
>>
>> I hope it helps.
>>
>> Regards,
>>
>> Marc-André Laverdière-Papineau
>> Doctorant - PhD Candidate
>>
>> On 13-02-07 03:47 PM, ASHISH MISHRA wrote:
>> > Hi all,
>> >
>> > I understand how to use tamiflex to handle reflection using soot. i wish
>> > to solve the problem(To some extent , since, exact solution could not be
>> > computed.) using String analysis, pointer analysis and some other static
>> > ways. My main concerns is -
>> >
>> > Suppose I have  a code fragment say its original Program P
>> >
>> > //
>> > 4String str= "someclassname"
>> > 5Class clazz = Class.forNmae(str);
>> >
>> >   6Method mt=clazz.getMethod("execute", null);
>> > 7 mt.invoke(o , null);
>> >
>> > //some other code.
>> >
>> > I can analyze the argument passed to the dynamic class loading at line 5
>> > using the String analysis and if its is a Constant string or it can be
>> > tracked via some other means I can enrich this program P to some thing
>> > like
>> >
>> > 4String str= "someclassname"
>> > 5Class clazz = Class.forNmae(str);
>> >
>> >   6Method mt=clazz.getMethod("execute", null);
>> > 7 mt.invoke(o , null);
>> >
>> > someclass sc = new someclass();
>> > sc.execute();
>> >
>> > //some other code. say p'
>> >
>> > And finally run Call Graph construction algorithm on P'
>> >
>> > My first question is -
>> >
>> > I am confused about where to add my transformation-
>> > 1)wjop - looks most promising ,as I am optimizing the source
>> > 2)cg
>> > 3wjtp
>> >
>> > Secondly
>> >
>> > Do I need to add  two different transformations ,
>> > one to generate an On the fly Call graph with pointer analysis and
>> > String analysis
>> > and then apply the transformation from P to P' and then again generate a
>> > Call graph again. i need a precise Call graph of whole application with
>> > reflection information added by a side analysis like String , pointer
>> > and other static analysis.
>> >
>> > Is its possible to get a precise inter procedural dataflow analysis
>> > independent of Call graph construction. I feel its not possible as they
>> > both are interlinked.
>> >
>> > Please help me on this.
>> >
>> > --
>> > Regards,
>> > Ashish Mishra
>> > Graduate Student,
>> > Computer Science and Automation Department,IISc
>> > Cell : +91-9611194714
>> > Mailto : ashishmishra at csa.iisc.ernet.in
>> > <mailto:ashishmishra at csa.iisc.ernet.in>
>> >
>> >
>> >
>> > _______________________________________________
>> > Soot-list mailing list
>> > Soot-list at sable.mcgill.ca
>> > http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>> >
>> _______________________________________________
>> Soot-list mailing list
>> Soot-list at sable.mcgill.ca
>> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
>
>
>
> --
> Regards,
> Ashish Mishra
> Graduate Student,
> Computer Science and Automation Department,IISc
> Cell : +91-9611194714
> Mailto : ashishmishra at csa.iisc.ernet.in
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>



-- 
Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt

More information about the Soot-list mailing list